--- a/cmd/lib/basicutil.c
+++ b/cmd/lib/basicutil.c
@@ -21,17 +21,17 @@
#include <errno.h>
#ifdef XP_UNIX
#include <unistd.h>
#endif
#include "secoid.h"
-extern long DER_GetInteger(SECItem *src);
+extern long DER_GetInteger(const SECItem *src);
static PRBool wrapEnabled = PR_TRUE;
void
SECU_EnableWrap(PRBool enable)
{
wrapEnabled = enable;
}
@@ -226,17 +226,17 @@ SECU_Indent(FILE *out, int level)
}
void SECU_Newline(FILE *out)
{
fprintf(out, "\n");
}
void
-SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level)
+SECU_PrintAsHex(FILE *out, const SECItem *data, const char *m, int level)
{
unsigned i;
int column;
PRBool isString = PR_TRUE;
PRBool isWhiteSpace = PR_TRUE;
PRBool printedHex = PR_FALSE;
unsigned int limit = 15;
@@ -372,17 +372,17 @@ SECU_PrintBuf(FILE *out, const char *msg
}
/* This expents i->data[0] to be the MSB of the integer.
** if you want to print a DER-encoded integer (with the tag and length)
** call SECU_PrintEncodedInteger();
*/
void
-SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level)
+SECU_PrintInteger(FILE *out, const SECItem *i, const char *m, int level)
{
int iv;
if (!i || !i->len || !i->data) {
SECU_Indent(out, level);
if (m) {
fprintf(out, "%s: (null)\n", m);
} else {
--- a/cmd/lib/basicutil.h
+++ b/cmd/lib/basicutil.h
@@ -37,38 +37,41 @@ extern SECStatus SECU_TextFileToItem(SEC
/* Indent based on "level" */
extern void SECU_Indent(FILE *out, int level);
/* Print a newline to out */
extern void SECU_Newline(FILE *out);
/* Print integer value and hex */
-extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level);
+extern void SECU_PrintInteger(FILE *out, const SECItem *i, const char *m,
+ int level);
/* Print SECItem as hex */
-extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);
+extern void SECU_PrintAsHex(FILE *out, const SECItem *i, const char *m,
+ int level);
/* dump a buffer in hex and ASCII */
extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len);
#ifdef HAVE_EPV_TEMPLATE
/* Dump contents of private key */
extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
#endif
/* Init PKCS11 stuff */
extern SECStatus SECU_PKCS11Init(PRBool readOnly);
/* Dump contents of signed data */
extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
int level, SECU_PPFunc inner);
-extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level);
-extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level);
+extern void SECU_PrintString(FILE *out, const SECItem *si, const char *m,
+ int level);
+extern void SECU_PrintAny(FILE *out, const SECItem *i, const char *m, int level);
extern void SECU_PrintPRandOSError(char *progName);
/* Caller ensures that dst is at least item->len*2+1 bytes long */
void
SECU_SECItemToHex(const SECItem * item, char * dst);
/* Requires 0x prefix. Case-insensitive. Will do in-place replacement if
--- a/cmd/lib/derprint.c
+++ b/cmd/lib/derprint.c
@@ -10,17 +10,17 @@ extern int fflush(FILE *stream);
#endif
#define RIGHT_MARGIN 24
/*#define RAW_BYTES 1 */
static int prettyColumn = 0;
static int
-getInteger256(unsigned char *data, unsigned int nb)
+getInteger256(const unsigned char *data, unsigned int nb)
{
int val;
switch (nb) {
case 1:
val = data[0];
break;
case 2:
@@ -95,32 +95,32 @@ prettyPrintByte(FILE *out, unsigned char
if (prettyColumn >= RIGHT_MARGIN) {
return prettyNewline(out);
}
return 0;
}
static int
-prettyPrintLeaf(FILE *out, unsigned char *data,
+prettyPrintLeaf(FILE *out, const unsigned char *data,
unsigned int len, unsigned int lv)
{
unsigned int i;
int rv;
for (i = 0; i < len; i++) {
rv = prettyPrintByte(out, *data++, lv);
if (rv < 0)
return rv;
}
return prettyNewline(out);
}
static int
-prettyPrintStringStart(FILE *out, unsigned char *str,
+prettyPrintStringStart(FILE *out, const unsigned char *str,
unsigned int len, unsigned int level)
{
#define BUF_SIZE 100
unsigned char buf[BUF_SIZE];
int rv;
if (len >= BUF_SIZE)
len = BUF_SIZE - 1;
@@ -142,17 +142,17 @@ prettyPrintStringStart(FILE *out, unsign
return rv;
}
return 0;
#undef BUF_SIZE
}
static int
-prettyPrintString(FILE *out, unsigned char *str,
+prettyPrintString(FILE *out, const unsigned char *str,
unsigned int len, unsigned int level, PRBool raw)
{
int rv;
rv = prettyPrintStringStart(out, str, len, level);
if (rv < 0)
return rv;
@@ -165,27 +165,27 @@ prettyPrintString(FILE *out, unsigned ch
if (rv < 0)
return rv;
}
return 0;
}
static int
-prettyPrintTime(FILE *out, unsigned char *str,
+prettyPrintTime(FILE *out, const unsigned char *str,
unsigned int len, unsigned int level, PRBool raw, PRBool utc)
{
SECItem time_item;
int rv;
rv = prettyPrintStringStart(out, str, len, level);
if (rv < 0)
return rv;
- time_item.data = str;
+ time_item.data = (unsigned char *)str;
time_item.len = len;
rv = fprintf(out, " (");
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
@@ -209,17 +209,17 @@ prettyPrintTime(FILE *out, unsigned char
if (rv < 0)
return rv;
}
return 0;
}
static int
-prettyPrintObjectID(FILE *out, unsigned char *data,
+prettyPrintObjectID(FILE *out, const unsigned char *data,
unsigned int len, unsigned int level, PRBool raw)
{
SECOidData *oiddata;
SECItem oiditem;
unsigned int i;
unsigned long val;
int rv;
@@ -255,17 +255,17 @@ prettyPrintObjectID(FILE *out, unsigned
return rv;
}
val = 0;
}
/*
* Now try to look it up and print a symbolic version.
*/
- oiditem.data = data;
+ oiditem.data = (unsigned char *)data;
oiditem.len = len;
oiddata = SECOID_FindOID(&oiditem);
if (oiddata != NULL) {
i = PORT_Strlen(oiddata->desc);
if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) {
rv = prettyNewline(out);
if (rv < 0)
return rv;
@@ -333,17 +333,17 @@ static char *prettyTagType [32] = {
"0x1B",
"Universal String",
"0x1D",
"BMP String",
"High-Tag-Number"
};
static int
-prettyPrintTag(FILE *out, unsigned char *src, unsigned char *end,
+prettyPrintTag(FILE *out, const unsigned char *src, const unsigned char *end,
unsigned char *codep, unsigned int level, PRBool raw)
{
int rv;
unsigned char code, tagnum;
if (src >= end) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
@@ -397,17 +397,17 @@ prettyPrintTag(FILE *out, unsigned char
}
*codep = code;
return 1;
}
static int
-prettyPrintLength(FILE *out, unsigned char *data, unsigned char *end,
+prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end,
int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw)
{
unsigned char lbyte;
int lenLen;
int rv;
if (data >= end) {
PORT_SetError(SEC_ERROR_BAD_DER);
@@ -475,22 +475,22 @@ prettyPrintLength(FILE *out, unsigned ch
return rv;
}
prettyColumn = -1;
return lenLen;
}
static int
-prettyPrintItem(FILE *out, unsigned char *data, unsigned char *end,
+prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end,
unsigned int lv, PRBool raw)
{
int slen;
int lenLen;
- unsigned char *orig = data;
+ const unsigned char *orig = data;
int rv;
while (data < end) {
unsigned char code;
PRBool indefinite;
slen = prettyPrintTag(out, data, end, &code, lv, raw);
if (slen < 0)
@@ -572,17 +572,17 @@ prettyPrintItem(FILE *out, unsigned char
rv = prettyNewline(out);
if (rv < 0)
return rv;
return data - orig;
}
SECStatus
-DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw)
+DER_PrettyPrint(FILE *out, const SECItem *it, PRBool raw)
{
int rv;
prettyColumn = -1;
rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw);
if (rv < 0)
return SECFailure;
--- a/cmd/lib/secutil.c
+++ b/cmd/lib/secutil.c
@@ -613,17 +613,17 @@ secu_PrintRawStringQuotesOptional(FILE *
static void
secu_PrintRawString(FILE *out, SECItem *si, const char *m, int level)
{
secu_PrintRawStringQuotesOptional(out, si, m, level, PR_TRUE);
}
void
-SECU_PrintString(FILE *out, SECItem *si, char *m, int level)
+SECU_PrintString(FILE *out, const SECItem *si, const char *m, int level)
{
SECItem my = *si;
if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
return;
secu_PrintRawString(out, &my, m, level);
}
@@ -645,17 +645,17 @@ secu_PrintBoolean(FILE *out, SECItem *i,
}
/*
* Format and print "time". If the tag message "m" is not NULL,
* do indent formatting based on "level" and add a newline afterward;
* otherwise just print the formatted time string only.
*/
static void
-secu_PrintTime(FILE *out, int64 time, char *m, int level)
+secu_PrintTime(FILE *out, const PRTime time, const char *m, int level)
{
PRExplodedTime printableTime;
char *timeString;
/* Convert to local time */
PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
timeString = PORT_Alloc(256);
@@ -678,17 +678,17 @@ secu_PrintTime(FILE *out, int64 time, ch
}
/*
* Format and print the UTC Time "t". If the tag message "m" is not NULL,
* do indent formatting based on "level" and add a newline afterward;
* otherwise just print the formatted time string only.
*/
void
-SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level)
+SECU_PrintUTCTime(FILE *out, const SECItem *t, const char *m, int level)
{
int64 time;
SECStatus rv;
rv = DER_UTCTimeToTime(&time, t);
if (rv != SECSuccess)
return;
@@ -696,17 +696,17 @@ SECU_PrintUTCTime(FILE *out, SECItem *t,
}
/*
* Format and print the Generalized Time "t". If the tag message "m"
* is not NULL, * do indent formatting based on "level" and add a newline
* afterward; otherwise just print the formatted time string only.
*/
void
-SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level)
+SECU_PrintGeneralizedTime(FILE *out, const SECItem *t, const char *m, int level)
{
int64 time;
SECStatus rv;
rv = DER_GeneralizedTimeToTime(&time, t);
if (rv != SECSuccess)
return;
@@ -715,17 +715,17 @@ SECU_PrintGeneralizedTime(FILE *out, SEC
}
/*
* Format and print the UTC or Generalized Time "t". If the tag message
* "m" is not NULL, do indent formatting based on "level" and add a newline
* afterward; otherwise just print the formatted time string only.
*/
void
-SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level)
+SECU_PrintTimeChoice(FILE *out, const SECItem *t, const char *m, int level)
{
switch (t->type) {
case siUTCTime:
SECU_PrintUTCTime(out, t, m, level);
break;
case siGeneralizedTime:
SECU_PrintGeneralizedTime(out, t, m, level);
@@ -734,18 +734,18 @@ SECU_PrintTimeChoice(FILE *out, SECItem
default:
PORT_Assert(0);
break;
}
}
/* This prints a SET or SEQUENCE */
-void
-SECU_PrintSet(FILE *out, SECItem *t, char *m, int level)
+static void
+SECU_PrintSet(FILE *out, const SECItem *t, const char *m, int level)
{
int type = t->data[0] & SEC_ASN1_TAGNUM_MASK;
int constructed = t->data[0] & SEC_ASN1_CONSTRUCTED;
const char * label;
SECItem my = *t;
if (!constructed) {
SECU_PrintAsHex(out, t, m, level);
@@ -789,17 +789,17 @@ SECU_PrintSet(FILE *out, SECItem *t, cha
my.data += tmp.len;
my.len -= tmp.len;
SECU_PrintAny(out, &tmp, NULL, level + 1);
}
SECU_Indent(out, level); fprintf(out, /* { */ "}\n");
}
static void
-secu_PrintContextSpecific(FILE *out, SECItem *i, char *m, int level)
+secu_PrintContextSpecific(FILE *out, const SECItem *i, const char *m, int level)
{
int type = i->data[0] & SEC_ASN1_TAGNUM_MASK;
int constructed = i->data[0] & SEC_ASN1_CONSTRUCTED;
SECItem tmp;
if (constructed) {
char * m2;
if (!m)
@@ -820,25 +820,25 @@ secu_PrintContextSpecific(FILE *out, SEC
fprintf(out,"[%d]\n", type);
tmp = *i;
if (SECSuccess == SECU_StripTagAndLength(&tmp))
SECU_PrintAsHex(out, &tmp, m, level+1);
}
static void
-secu_PrintOctetString(FILE *out, SECItem *i, char *m, int level)
+secu_PrintOctetString(FILE *out, const SECItem *i, const char *m, int level)
{
SECItem tmp = *i;
if (SECSuccess == SECU_StripTagAndLength(&tmp))
SECU_PrintAsHex(out, &tmp, m, level);
}
static void
-secu_PrintBitString(FILE *out, SECItem *i, char *m, int level)
+secu_PrintBitString(FILE *out, const SECItem *i, const char *m, int level)
{
int unused_bits;
SECItem tmp = *i;
if (SECSuccess != SECU_StripTagAndLength(&tmp) || tmp.len < 2)
return;
unused_bits = *tmp.data++;
@@ -848,17 +848,17 @@ secu_PrintBitString(FILE *out, SECItem *
if (unused_bits) {
SECU_Indent(out, level + 1);
fprintf(out, "(%d least significant bits unused)\n", unused_bits);
}
}
/* in a decoded bit string, the len member is a bit length. */
static void
-secu_PrintDecodedBitString(FILE *out, SECItem *i, char *m, int level)
+secu_PrintDecodedBitString(FILE *out, const SECItem *i, const char *m, int level)
{
int unused_bits;
SECItem tmp = *i;
unused_bits = (tmp.len & 0x7) ? 8 - (tmp.len & 7) : 0;
DER_ConvertBitString(&tmp); /* convert length to byte length */
@@ -867,43 +867,43 @@ secu_PrintDecodedBitString(FILE *out, SE
SECU_Indent(out, level + 1);
fprintf(out, "(%d least significant bits unused)\n", unused_bits);
}
}
/* Print a DER encoded Boolean */
void
-SECU_PrintEncodedBoolean(FILE *out, SECItem *i, char *m, int level)
+SECU_PrintEncodedBoolean(FILE *out, const SECItem *i, const char *m, int level)
{
SECItem my = *i;
if (SECSuccess == SECU_StripTagAndLength(&my))
secu_PrintBoolean(out, &my, m, level);
}
/* Print a DER encoded integer */
void
-SECU_PrintEncodedInteger(FILE *out, SECItem *i, char *m, int level)
+SECU_PrintEncodedInteger(FILE *out, const SECItem *i, const char *m, int level)
{
SECItem my = *i;
if (SECSuccess == SECU_StripTagAndLength(&my))
SECU_PrintInteger(out, &my, m, level);
}
/* Print a DER encoded OID */
void
-SECU_PrintEncodedObjectID(FILE *out, SECItem *i, char *m, int level)
+SECU_PrintEncodedObjectID(FILE *out, const SECItem *i, const char *m, int level)
{
SECItem my = *i;
if (SECSuccess == SECU_StripTagAndLength(&my))
SECU_PrintObjectID(out, &my, m, level);
}
static void
-secu_PrintBMPString(FILE *out, SECItem *i, char *m, int level)
+secu_PrintBMPString(FILE *out, const SECItem *i, const char *m, int level)
{
unsigned char * s;
unsigned char * d;
int len;
SECItem tmp = {0, 0, 0};
SECItem my = *i;
if (SECSuccess != SECU_StripTagAndLength(&my))
@@ -927,17 +927,17 @@ secu_PrintBMPString(FILE *out, SECItem *
loser:
SECU_PrintAsHex(out, i, m, level);
if (tmp.data)
PORT_Free(tmp.data);
}
static void
-secu_PrintUniversalString(FILE *out, SECItem *i, char *m, int level)
+secu_PrintUniversalString(FILE *out, const SECItem *i, const char *m, int level)
{
unsigned char * s;
unsigned char * d;
int len;
SECItem tmp = {0, 0, 0};
SECItem my = *i;
if (SECSuccess != SECU_StripTagAndLength(&my))
@@ -962,17 +962,17 @@ secu_PrintUniversalString(FILE *out, SEC
loser:
SECU_PrintAsHex(out, i, m, level);
if (tmp.data)
PORT_Free(tmp.data);
}
static void
-secu_PrintUniversal(FILE *out, SECItem *i, char *m, int level)
+secu_PrintUniversal(FILE *out, const SECItem *i, const char *m, int level)
{
switch (i->data[0] & SEC_ASN1_TAGNUM_MASK) {
case SEC_ASN1_ENUMERATED:
case SEC_ASN1_INTEGER:
SECU_PrintEncodedInteger(out, i, m, level);
break;
case SEC_ASN1_OBJECT_ID:
SECU_PrintEncodedObjectID(out, i, m, level);
@@ -1018,17 +1018,17 @@ secu_PrintUniversal(FILE *out, SECItem *
break;
default:
SECU_PrintAsHex(out, i, m, level);
break;
}
}
void
-SECU_PrintAny(FILE *out, SECItem *i, char *m, int level)
+SECU_PrintAny(FILE *out, const SECItem *i, const char *m, int level)
{
if ( i && i->len && i->data ) {
switch (i->data[0] & SEC_ASN1_CLASS_MASK) {
case SEC_ASN1_CONTEXT_SPECIFIC:
secu_PrintContextSpecific(out, i, m, level);
break;
case SEC_ASN1_UNIVERSAL:
secu_PrintUniversal(out, i, m, level);
@@ -1046,17 +1046,17 @@ secu_PrintValidity(FILE *out, CERTValidi
SECU_Indent(out, level); fprintf(out, "%s:\n", m);
SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level+1);
SECU_PrintTimeChoice(out, &v->notAfter, "Not After ", level+1);
return 0;
}
/* This function does NOT expect a DER type and length. */
SECOidTag
-SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
+SECU_PrintObjectID(FILE *out, const SECItem *oid, const char *m, int level)
{
SECOidData *oiddata;
char * oidString = NULL;
oiddata = SECOID_FindOID(oid);
if (oiddata != NULL) {
const char *name = oiddata->desc;
SECU_Indent(out, level);
@@ -2284,17 +2284,17 @@ SECU_PrintCertificateRequest(FILE *out,
SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1);
rv = 0;
loser:
PORT_FreeArena(arena, PR_FALSE);
return rv;
}
int
-SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
+SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m, int level)
{
PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTCertificate *c;
int rv = SEC_ERROR_NO_MEMORY;
int iv;
if (!arena)
return rv;
--- a/cmd/lib/secutil.h
+++ b/cmd/lib/secutil.h
@@ -158,46 +158,50 @@ extern void
SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
PRBool verbose);
/* Read in a DER from a file, may be ascii */
extern SECStatus
SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii);
/* Print integer value and hex */
-extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level);
+extern void SECU_PrintInteger(FILE *out, const SECItem *i, const char *m,
+ int level);
/* Print ObjectIdentifier symbolically */
-extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
+extern SECOidTag SECU_PrintObjectID(FILE *out, const SECItem *oid,
+ const char *m, int level);
/* Print AlgorithmIdentifier symbolically */
extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
int level);
/*
* Format and print the UTC Time "t". If the tag message "m" is not NULL,
* do indent formatting based on "level" and add a newline afterward;
* otherwise just print the formatted time string only.
*/
-extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
+extern void SECU_PrintUTCTime(FILE *out, const SECItem *t, const char *m,
+ int level);
/*
* Format and print the Generalized Time "t". If the tag message "m"
* is not NULL, * do indent formatting based on "level" and add a newline
* afterward; otherwise just print the formatted time string only.
*/
-extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
- int level);
+extern void SECU_PrintGeneralizedTime(FILE *out, const SECItem *t,
+ const char *m, int level);
/*
* Format and print the UTC or Generalized Time "t". If the tag message
* "m" is not NULL, do indent formatting based on "level" and add a newline
* afterward; otherwise just print the formatted time string only.
*/
-extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level);
+extern void SECU_PrintTimeChoice(FILE *out, const SECItem *t, const char *m,
+ int level);
/* callback for listing certs through pkcs11 */
extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data);
/* Dump all certificate nicknames in a database */
extern SECStatus
SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out,
PRBool sortByName, PRBool sortByTrust);
@@ -205,17 +209,18 @@ SECU_PrintCertificateNames(CERTCertDBHan
/* See if nickname already in database. Return 1 true, 0 false, -1 error */
int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
/* Dump contents of cert req */
extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
int level);
/* Dump contents of certificate */
-extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level);
+extern int SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m,
+ int level);
extern int SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
int level);
/* Dump contents of a DER certificate name (issuer or subject) */
extern int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level);
/* print trust flags on a cert */
@@ -260,18 +265,19 @@ extern SECStatus SEC_PrintCertificateAnd
const char *label,
CERTCertTrust *trust);
extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level);
extern void
SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level);
-extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level);
-extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level);
+extern void SECU_PrintString(FILE *out, const SECItem *si, const char *m,
+ int level);
+extern void SECU_PrintAny(FILE *out, const SECItem *i, const char *m, int level);
extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level);
extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
char *msg, int level);
extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
char *msg, int level);
@@ -284,17 +290,17 @@ extern void SECU_PrintRDN(FILE *out, CER
#ifdef SECU_GetPassword
/* Convert a High public Key to a Low public Key */
extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey);
#endif
extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
-extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
+extern SECStatus DER_PrettyPrint(FILE *out, const SECItem *it, PRBool raw);
extern char *SECU_SECModDBName(void);
/* Fetch and register an oid if it hasn't been done already */
extern void SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src);
extern SECStatus SECU_RegisterDynamicOids(void);
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -470,17 +470,17 @@ myBadCertHandler( void *arg, PRFileDesc
* Only uses one server name but verifies that the names match. */
PRInt32
mySSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr,
PRUint32 sniNameArrSize, void *arg)
{
PRInt32 i = 0;
const SECItem *current = sniNameArr;
const char **nameArr = (const char**)arg;
- const secuPWData *pwdata;
+ secuPWData *pwdata;
CERTCertificate * cert = NULL;
SECKEYPrivateKey * privKey = NULL;
PORT_Assert(fd && sniNameArr);
if (!fd || !sniNameArr) {
return SSL_SNI_SEND_ALERT;
}
@@ -1113,17 +1113,17 @@ makeSignedOCSPResponse(PRArenaPool *aren
SECItemArray *result = NULL;
SECItem *ocspResponse = NULL;
CERTOCSPSingleResponse **singleResponses;
CERTOCSPSingleResponse *sr;
CERTOCSPCertID *cid = NULL;
CERTCertificate *ca;
PRTime now = PR_Now();
PRTime nextUpdate;
- const secuPWData *pwdata;
+ secuPWData *pwdata;
PORT_Assert(model_sock != NULL && cert != NULL);
ca = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), ocspStaplingCA);
if (!ca)
errExit("cannot find CA");
cid = CERT_CreateOCSPCertID(cert, now);
--- a/cmd/signtool/verify.c
+++ b/cmd/signtool/verify.c
@@ -42,17 +42,17 @@ VerifyJar(char *filename)
status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
if (status < 0 || jar->valid < 0) {
failed = 1;
PR_fprintf(outputFD,
"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
filename);
if (status < 0) {
- char *errtext;
+ const char *errtext;
if (status >= JAR_BASE && status <= JAR_BASE_END) {
errtext = JAR_get_error (status);
} else {
errtext = SECU_Strerror(PORT_GetError());
}
PR_fprintf(outputFD, " (reported reason: %s)\n\n",
@@ -273,17 +273,17 @@ JarWho(char *filename)
status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
if (status < 0 || jar->valid < 0) {
PR_fprintf(outputFD,
"NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
filename);
retval = -1;
if (jar->valid < 0 || status != -1) {
- char *errtext;
+ const char *errtext;
if (status >= JAR_BASE && status <= JAR_BASE_END) {
errtext = JAR_get_error (status);
} else {
errtext = SECU_Strerror(PORT_GetError());
}
PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
--- a/coreconf/WIN32.mk
+++ b/coreconf/WIN32.mk
@@ -165,17 +165,17 @@ endif
endif
# Purify requires /FIXED:NO when linking EXEs.
LDFLAGS += /FIXED:NO
endif
ifneq ($(_MSC_VER),$(_MSC_VER_6))
# Convert certain deadly warnings to errors (see list at end of file)
OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 -we4013 \
-we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \
- -we4064 -we4078 -we4087 -we4098 -we4390 -we4551 -we4553 -we4715
+ -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715
endif # !MSVC6
endif # NS_USE_GCC
ifdef USE_64
DEFINES += -DWIN64
else
DEFINES += -DWIN32
endif
@@ -343,16 +343,17 @@ endif
# 4047: 'function' : 'type 1' differs in levels of indirection from 'type 2'
# 4053: one void operand for '?:'
# 4054: 'conversion' : from function pointer 'type1' to data pointer 'type2'
# 4059: pascal string too big, length byte is length % 256
# 4063: case 'identifier' is not a valid value for switch of enum 'identifier'
# 4064: switch of incomplete enum 'identifier'
# 4078: case constant 'value' too big for the type of the switch expression
# 4087: 'function' : declared with 'void' parameter list
+# 4090: 'function' : different 'const' qualifiers
# 4098: 'function' : void function returning a value
# 4390: ';' : empty controlled statement found; is this the intent?
# 4541: RTTI train wreck
# 4715: not all control paths return a value
# 4013: function undefined; assuming extern returning int
# 4553: '==' : operator has no effect; did you intend '='?
# 4551: function call missing argument list
--- a/lib/certdb/alg1485.c
+++ b/lib/certdb/alg1485.c
@@ -1214,17 +1214,17 @@ CERT_GetNameElement(PRArenaPool *arena,
return ava ? avaToString(arena, ava) : NULL;
}
/* RDNs are sorted from most general to most specific.
* This code returns the LAST one found, the most specific one found.
* This is particularly appropriate for Common Name. See RFC 2818.
*/
static char *
-CERT_GetLastNameElement(PRArenaPool *arena, CERTName *name, int wantedTag)
+CERT_GetLastNameElement(PRArenaPool *arena, const CERTName *name, int wantedTag)
{
CERTRDN** rdns = name->rdns;
CERTRDN* rdn;
CERTAVA* lastAva = NULL;
while (rdns && (rdn = *rdns++) != 0) {
CERTAVA** avas = rdn->avas;
CERTAVA* ava;
@@ -1495,17 +1495,17 @@ CERT_GetCertEmailAddress(CERTName *name)
if ( rawEmailAddr ) {
PORT_Free(rawEmailAddr);
}
return(emailAddr);
}
/* The return value must be freed with PORT_Free. */
char *
-CERT_GetCommonName(CERTName *name)
+CERT_GetCommonName(const CERTName *name)
{
return(CERT_GetLastNameElement(NULL, name, SEC_OID_AVA_COMMON_NAME));
}
char *
CERT_GetCountryName(CERTName *name)
{
return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_COUNTRY_NAME));
--- a/lib/certdb/cert.h
+++ b/lib/certdb/cert.h
@@ -105,17 +105,18 @@ extern SECComparison CERT_CompareRDN(con
extern CERTName *CERT_CreateName(CERTRDN *rdn, ...);
/*
** Make a copy of "src" storing it in "dest". Memory is allocated in
** "dest" for each of the appropriate sub objects. Memory is not freed in
** "dest" before allocation is done (use CERT_DestroyName(dest, PR_FALSE) to
** do that).
*/
-extern SECStatus CERT_CopyName(PLArenaPool *arena, CERTName *dest, CERTName *src);
+extern SECStatus CERT_CopyName(PLArenaPool *arena, CERTName *dest,
+ const CERTName *src);
/*
** Destroy a Name object.
** "name" the CERTName to destroy
** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void CERT_DestroyName(CERTName *name);
@@ -387,17 +388,18 @@ extern SECStatus CERT_OpenVolatileCertDB
*/
extern CERTCertNicknames *
CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert);
/*
** Check the hostname to make sure that it matches the shexp that
** is given in the common name of the certificate.
*/
-extern SECStatus CERT_VerifyCertName(CERTCertificate *cert, const char *hostname);
+extern SECStatus CERT_VerifyCertName(const CERTCertificate *cert,
+ const char *hostname);
/*
** Add a domain name to the list of names that the user has explicitly
** allowed (despite cert name mismatches) for use with a server cert.
*/
extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert, const char *hostname);
/*
@@ -587,17 +589,17 @@ CERT_FindCertIssuer(CERTCertificate *cer
/*
** Check the validity times of a certificate vs. time 't', allowing
** some slop for broken clocks and stuff.
** "cert" is the certificate to be checked
** "t" is the time to check against
** "allowOverride" if true then check to see if the invalidity has
** been overridden by the user.
*/
-extern SECCertTimeValidity CERT_CheckCertValidTimes(CERTCertificate *cert,
+extern SECCertTimeValidity CERT_CheckCertValidTimes(const CERTCertificate *cert,
PRTime t,
PRBool allowOverride);
/*
** WARNING - this function is deprecated, and will either go away or have
** a new API in the near future.
**
** Check the validity times of a certificate vs. the current time, allowing
@@ -608,17 +610,18 @@ extern SECStatus CERT_CertTimesValid(CER
/*
** Extract the validity times from a certificate
** "c" is the certificate
** "notBefore" is the start of the validity period
** "notAfter" is the end of the validity period
*/
extern SECStatus
-CERT_GetCertTimes (CERTCertificate *c, PRTime *notBefore, PRTime *notAfter);
+CERT_GetCertTimes (const CERTCertificate *c, PRTime *notBefore,
+ PRTime *notAfter);
/*
** Extract the issuer and serial number from a certificate
*/
extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PLArenaPool *,
CERTCertificate *);
/*
@@ -637,17 +640,17 @@ extern SECStatus
CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd,
CERTSubjectPublicKeyInfo *pubKeyInfo,
void *wincx);
/*
** verify the signature of a signed data object with a SECKEYPublicKey.
*/
extern SECStatus
-CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd,
+CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
SECKEYPublicKey *pubKey, void *wincx);
/*
** NEW FUNCTIONS with new bit-field-FIELD SECCertificateUsage - please use
** verify a certificate by checking validity times against a certain time,
** that we trust the issuer, and that the signature on the certificate is
** valid.
** "cert" the certificate to verify
@@ -758,17 +761,17 @@ extern char *CERT_GetCertificateEmailAdd
extern char *CERT_GetCertEmailAddress(CERTName *name);
extern const char * CERT_GetFirstEmailAddress(CERTCertificate * cert);
extern const char * CERT_GetNextEmailAddress(CERTCertificate * cert,
const char * prev);
/* The return value must be freed with PORT_Free. */
-extern char *CERT_GetCommonName(CERTName *name);
+extern char *CERT_GetCommonName(const CERTName *name);
extern char *CERT_GetCountryName(CERTName *name);
extern char *CERT_GetLocalityName(CERTName *name);
extern char *CERT_GetStateName(CERTName *name);
extern char *CERT_GetOrgName(CERTName *name);
@@ -776,17 +779,18 @@ extern char *CERT_GetOrgName(CERTName *n
extern char *CERT_GetOrgUnitName(CERTName *name);
extern char *CERT_GetDomainComponentName(CERTName *name);
extern char *CERT_GetCertUid(CERTName *name);
/* manipulate the trust parameters of a certificate */
-extern SECStatus CERT_GetCertTrust(CERTCertificate *cert, CERTCertTrust *trust);
+extern SECStatus CERT_GetCertTrust(const CERTCertificate *cert,
+ CERTCertTrust *trust);
extern SECStatus
CERT_ChangeCertTrust (CERTCertDBHandle *handle, CERTCertificate *cert,
CERTCertTrust *trust);
extern SECStatus
CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb, CERTCertificate *cert,
SECCertUsage usage);
@@ -883,27 +887,26 @@ extern SECStatus CERT_EncodeCRLDistribut
(PLArenaPool *arena, CERTCrlDistributionPoints *value,SECItem *derValue);
/*
** Decodes a DER encoded basicConstaint extension value into a readable format
** value - decoded value
** encodedValue - value to decoded
*/
extern SECStatus CERT_DecodeBasicConstraintValue
- (CERTBasicConstraints *value, SECItem *encodedValue);
+ (CERTBasicConstraints *value, const SECItem *encodedValue);
/* Decodes a DER encoded authorityKeyIdentifier extension value into a
** readable format.
** arena - where to allocate memory for the decoded value
** encodedValue - value to be decoded
** Returns a CERTAuthKeyID structure which contains the decoded value
*/
extern CERTAuthKeyID *CERT_DecodeAuthKeyID
- (PLArenaPool *arena, SECItem *encodedValue);
-
+ (PLArenaPool *arena, const SECItem *encodedValue);
/* Decodes a DER encoded crlDistributionPoints extension value into a
** readable format.
** arena - where to allocate memory for the decoded value
** der - value to be decoded
** Returns a CERTCrlDistributionPoints structure which contains the
** decoded value
*/
@@ -911,29 +914,29 @@ extern CERTCrlDistributionPoints * CERT_
(PLArenaPool *arena, SECItem *der);
/* Extract certain name type from a generalName */
extern void *CERT_GetGeneralNameByType
(CERTGeneralName *genNames, CERTGeneralNameType type, PRBool derFormat);
extern CERTOidSequence *
-CERT_DecodeOidSequence(SECItem *seqItem);
+CERT_DecodeOidSequence(const SECItem *seqItem);
/****************************************************************************
*
* Find extension values of a certificate
*
***************************************************************************/
extern SECStatus CERT_FindCertExtension
- (CERTCertificate *cert, int tag, SECItem *value);
+ (const CERTCertificate *cert, int tag, SECItem *value);
extern SECStatus CERT_FindNSCertTypeExtension
(CERTCertificate *cert, SECItem *value);
extern char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag);
extern SECStatus CERT_FindIssuerCertExtension
(CERTCertificate *cert, int tag, SECItem *value);
@@ -1024,17 +1027,18 @@ extern CERTCertNicknames *CERT_GetCertNi
extern SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl,
SECItem *value);
extern SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry,
CERTCRLEntryReasonCode *value);
extern void CERT_FreeNicknames(CERTCertNicknames *nicknames);
-extern PRBool CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2);
+extern PRBool CERT_CompareCerts(const CERTCertificate *c1,
+ const CERTCertificate *c2);
extern PRBool CERT_CompareCertsForRedirection(CERTCertificate *c1,
CERTCertificate *c2);
/*
** Generate an array of the Distinguished Names that the given cert database
** "trusts"
*/
@@ -1135,43 +1139,44 @@ CERT_SaveSMimeProfile(CERTCertificate *c
*/
SECItem *
CERT_FindSMimeProfile(CERTCertificate *cert);
SECStatus
CERT_AddNewCerts(CERTCertDBHandle *handle);
CERTCertificatePolicies *
-CERT_DecodeCertificatePoliciesExtension(SECItem *extnValue);
+CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue);
void
CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies);
CERTCertificatePolicyMappings *
CERT_DecodePolicyMappingsExtension(SECItem *encodedCertPolicyMaps);
SECStatus
CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings);
SECStatus
CERT_DecodePolicyConstraintsExtension(
- CERTCertificatePolicyConstraints *decodedValue, SECItem *encodedValue);
+ CERTCertificatePolicyConstraints *decodedValue,
+ const SECItem *encodedValue);
SECStatus CERT_DecodeInhibitAnyExtension
(CERTCertificateInhibitAny *decodedValue, SECItem *extnValue);
CERTUserNotice *
CERT_DecodeUserNotice(SECItem *noticeItem);
extern CERTGeneralName *
CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName);
extern CERTNameConstraints *
CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
- SECItem *encodedConstraints);
+ const SECItem *encodedConstraints);
/* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */
extern CERTAuthInfoAccess **
CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
SECItem *encodedExtension);
extern CERTPrivKeyUsagePeriod *
CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue);
@@ -1253,27 +1258,29 @@ CERT_SortCBValidity(CERTCertificate *cer
SECStatus
CERT_CheckForEvilCert(CERTCertificate *cert);
CERTGeneralName *
CERT_GetCertificateNames(CERTCertificate *cert, PLArenaPool *arena);
CERTGeneralName *
-CERT_GetConstrainedCertificateNames(CERTCertificate *cert, PLArenaPool *arena,
+CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
+ PLArenaPool *arena,
PRBool includeSubjectCommonName);
/*
* Creates or adds to a list of all certs with a give subject name, sorted by
* validity time, newest first. Invalid certs are considered older than
* valid certs. If validOnly is set, do not include invalid certs on list.
*/
CERTCertList *
CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- SECItem *name, PRTime sorttime, PRBool validOnly);
+ const SECItem *name, PRTime sorttime,
+ PRBool validOnly);
/*
* remove certs from a list that don't have keyUsage and certType
* that match the given usage.
*/
SECStatus
CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
PRBool ca);
@@ -1473,23 +1480,23 @@ CERT_UnlockCertRefCount(CERTCertificate
/*
* Acquire the cert trust lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
void
-CERT_LockCertTrust(CERTCertificate *cert);
+CERT_LockCertTrust(const CERTCertificate *cert);
/*
* Free the cert trust lock
*/
void
-CERT_UnlockCertTrust(CERTCertificate *cert);
+CERT_UnlockCertTrust(const CERTCertificate *cert);
/*
* Digest the cert's subject public key using the specified algorithm.
* The necessary storage for the digest data is allocated. If "fill" is
* non-null, the data is put there, otherwise a SECItem is allocated.
* Allocation from "arena" if it is non-null, heap otherwise. Any problem
* results in a NULL being returned (and an appropriate error set).
*/
@@ -1520,18 +1527,18 @@ CERT_CopyNameConstraint(PLArenaPool
CERTNameConstraint *src);
/*
* Verify name against all the constraints relevant to that type of
* the name.
*/
extern SECStatus
CERT_CheckNameSpace(PLArenaPool *arena,
- CERTNameConstraints *constraints,
- CERTGeneralName *currentName);
+ const CERTNameConstraints *constraints,
+ const CERTGeneralName *currentName);
/*
* Extract and allocate the name constraints extension from the CA cert.
*/
extern SECStatus
CERT_FindNameConstraintsExten(PLArenaPool *arena,
CERTCertificate *cert,
CERTNameConstraints **constraints);
--- a/lib/certdb/certdb.c
+++ b/lib/certdb/certdb.c
@@ -950,17 +950,17 @@ CERT_SetSlopTime(PRInt32 slop) /* secon
{
if (slop < 0)
return SECFailure;
pendingSlop = slop;
return SECSuccess;
}
SECStatus
-CERT_GetCertTimes(CERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
+CERT_GetCertTimes(const CERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
{
SECStatus rv;
if (!c || !notBefore || !notAfter) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -978,17 +978,18 @@ CERT_GetCertTimes(CERTCertificate *c, PR
return(SECSuccess);
}
/*
* Check the validity times of a certificate
*/
SECCertTimeValidity
-CERT_CheckCertValidTimes(CERTCertificate *c, PRTime t, PRBool allowOverride)
+CERT_CheckCertValidTimes(const CERTCertificate *c, PRTime t,
+ PRBool allowOverride)
{
PRTime notBefore, notAfter, llPendingSlop, tmp1;
SECStatus rv;
if (!c) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return(secCertTimeUndetermined);
}
@@ -1411,17 +1412,17 @@ cert_TestHostName(char * cn, const char
}
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
return SECFailure;
}
SECStatus
-cert_VerifySubjectAltName(CERTCertificate *cert, const char *hn)
+cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
{
PRArenaPool * arena = NULL;
CERTGeneralName * nameList = NULL;
CERTGeneralName * current;
char * cn;
int cnBufLen;
unsigned int hnLen;
int DNSextCount = 0;
@@ -1548,17 +1549,17 @@ finish:
/*
* If found:
* - subAltName contains the extension (caller must free)
* - return value is the decoded namelist (allocated off arena)
* if not found, or if failure to decode:
* - return value is NULL
*/
CERTGeneralName *
-cert_GetSubjectAltNameList(CERTCertificate *cert, PRArenaPool *arena)
+cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena)
{
CERTGeneralName * nameList = NULL;
SECStatus rv = SECFailure;
SECItem subAltName;
if (!cert || !arena)
return NULL;
@@ -1755,17 +1756,17 @@ CERT_GetValidDNSPatternsFromCert(CERTCer
return NULL;
}
/* Make sure that the name of the host we are connecting to matches the
* name that is incoded in the common-name component of the certificate
* that they are using.
*/
SECStatus
-CERT_VerifyCertName(CERTCertificate *cert, const char *hn)
+CERT_VerifyCertName(const CERTCertificate *cert, const char *hn)
{
char * cn;
SECStatus rv;
CERTOKDomainName *domainOK;
if (!hn || !strlen(hn)) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -1800,17 +1801,17 @@ CERT_VerifyCertName(CERTCertificate *cer
}
PORT_Free(cn);
} else
PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
return rv;
}
PRBool
-CERT_CompareCerts(CERTCertificate *c1, CERTCertificate *c2)
+CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2)
{
SECComparison comp;
comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
if ( comp == SECEqual ) { /* certs are the same */
return(PR_TRUE);
} else {
return(PR_FALSE);
@@ -2900,17 +2901,17 @@ static PZLock *certTrustLock = NULL;
/*
* Acquire the cert trust lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
void
-CERT_LockCertTrust(CERTCertificate *cert)
+CERT_LockCertTrust(const CERTCertificate *cert)
{
PORT_Assert(certTrustLock != NULL);
PZ_Lock(certTrustLock);
return;
}
SECStatus
cert_InitLocks(void)
@@ -2958,17 +2959,17 @@ cert_DestroyLocks(void)
}
return rv;
}
/*
* Free the cert trust lock
*/
void
-CERT_UnlockCertTrust(CERTCertificate *cert)
+CERT_UnlockCertTrust(const CERTCertificate *cert)
{
PRStatus prstat;
PORT_Assert(certTrustLock != NULL);
prstat = PZ_Unlock(certTrustLock);
PORT_Assert(prstat == PR_SUCCESS);
--- a/lib/certdb/certi.h
+++ b/lib/certdb/certi.h
@@ -245,17 +245,17 @@ extern CERTAVA * CERT_CreateAVAFromSECIt
* get a DPCache object for the given issuer subject and dp
* Automatically creates the cache object if it doesn't exist yet.
*/
SECStatus AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
const SECItem* dp, int64 t, void* wincx,
CRLDPCache** dpcache, PRBool* writeLocked);
/* check if a particular SN is in the CRL cache and return its entry */
-dpcacheStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
+dpcacheStatus DPCache_Lookup(CRLDPCache* cache, const SECItem* sn,
CERTCrlEntry** returned);
/* release a DPCache object that was previously acquired */
void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked);
/*
* map Stan errors into NSS errors
* This function examines the stan error stack and automatically sets
@@ -354,17 +354,17 @@ SECStatus cert_AcquireNamedCRLCache(Name
SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc,
const SECItem* canonicalizedName,
NamedCRLCacheEntry** retEntry);
SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc);
/* This is private for now. Maybe shoule be public. */
CERTGeneralName *
-cert_GetSubjectAltNameList(CERTCertificate *cert, PRArenaPool *arena);
+cert_GetSubjectAltNameList(const CERTCertificate *cert, PRArenaPool *arena);
/* Count DNS names and IP addresses in a list of GeneralNames */
PRUint32
cert_CountDNSPatterns(CERTGeneralName *firstName);
/*
* returns the trust status of the leaf certificate based on usage.
* If the leaf is explicitly untrusted, this function will fail and
--- a/lib/certdb/certv3.c
+++ b/lib/certdb/certv3.c
@@ -20,17 +20,17 @@ SECStatus
CERT_FindCertExtensionByOID(CERTCertificate *cert, SECItem *oid,
SECItem *value)
{
return (cert_FindExtensionByOID (cert->extensions, oid, value));
}
SECStatus
-CERT_FindCertExtension(CERTCertificate *cert, int tag, SECItem *value)
+CERT_FindCertExtension(const CERTCertificate *cert, int tag, SECItem *value)
{
return (cert_FindExtension (cert->extensions, tag, value));
}
static void
SetExts(void *object, CERTCertExtension **exts)
{
CERTCertificate *cert = (CERTCertificate *)object;
--- a/lib/certdb/crl.c
+++ b/lib/certdb/crl.c
@@ -1690,17 +1690,17 @@ static SECStatus DPCache_FetchFromTokens
}
}
PORT_FreeArena(head.arena, PR_FALSE); /* destroy CRL list */
}
return rv;
}
-static SECStatus CachedCrl_GetEntry(CachedCrl* crl, SECItem* sn,
+static SECStatus CachedCrl_GetEntry(CachedCrl* crl, const SECItem* sn,
CERTCrlEntry** returned)
{
CERTCrlEntry* acrlEntry;
PORT_Assert(crl);
PORT_Assert(crl->entries);
PORT_Assert(sn);
PORT_Assert(returned);
@@ -1717,17 +1717,17 @@ static SECStatus CachedCrl_GetEntry(Cach
else
{
*returned = NULL;
}
return SECSuccess;
}
/* check if a particular SN is in the CRL cache and return its entry */
-dpcacheStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
+dpcacheStatus DPCache_Lookup(CRLDPCache* cache, const SECItem* sn,
CERTCrlEntry** returned)
{
SECStatus rv;
if (!cache || !sn || !returned)
{
PORT_SetError(SEC_ERROR_INVALID_ARGS);
/* no cache or SN to look up, or no way to return entry */
return dpcacheCallerError;
--- a/lib/certdb/genname.c
+++ b/lib/certdb/genname.c
@@ -681,17 +681,17 @@ cert_DecodeNameConstraintSubTree(PRArena
return first;
loser:
/* TODO: release arena back to mark */
return NULL;
}
CERTNameConstraints *
cert_DecodeNameConstraints(PRArenaPool *reqArena,
- SECItem *encodedConstraints)
+ const SECItem *encodedConstraints)
{
CERTNameConstraints *constraints;
SECStatus rv;
SECItem* newEncodedConstraints;
if (!reqArena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
@@ -1059,17 +1059,18 @@ CERT_GetCertificateNames(CERTCertificate
{
return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE);
}
/* This function is called by CERT_VerifyCertChain to extract all
** names from a cert in preparation for a name constraints test.
*/
CERTGeneralName *
-CERT_GetConstrainedCertificateNames(CERTCertificate *cert, PRArenaPool *arena,
+CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
+ PRArenaPool *arena,
PRBool includeSubjectCommonName)
{
CERTGeneralName *DN;
CERTGeneralName *SAN;
PRUint32 numDNSNames = 0;
SECStatus rv;
if (!arena) {
@@ -1335,23 +1336,23 @@ parseUriHostname(SECItem * item)
** It searches the constraints looking for a match.
** It returns SECSuccess if the name satisfies the constraints, i.e.,
** if excluded, then the name does not match any constraint,
** if permitted, then the name matches at least one constraint.
** It returns SECFailure if the name fails to satisfy the constraints,
** or if some code fails (e.g. out of memory, or invalid constraint)
*/
SECStatus
-cert_CompareNameWithConstraints(CERTGeneralName *name,
- CERTNameConstraint *constraints,
+cert_CompareNameWithConstraints(const CERTGeneralName *name,
+ const CERTNameConstraint *constraints,
PRBool excluded)
{
SECStatus rv = SECSuccess;
SECStatus matched = SECFailure;
- CERTNameConstraint *current;
+ const CERTNameConstraint *current;
PORT_Assert(constraints); /* caller should not call with NULL */
if (!constraints) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
current = constraints;
@@ -1459,17 +1460,17 @@ cert_CompareNameWithConstraints(CERTGene
break;
default: /* non-standard types are not supported */
rv = SECFailure;
break;
}
if (matched == SECSuccess || rv != SECSuccess)
break;
- current = CERT_GetNextNameConstraint(current);
+ current = CERT_GetNextNameConstraint((CERTNameConstraint*)current);
} while (current != constraints);
if (rv == SECSuccess) {
if (matched == SECSuccess)
rv = excluded ? SECFailure : SECSuccess;
else
rv = excluded ? SECSuccess : SECFailure;
return rv;
}
@@ -1560,18 +1561,18 @@ CERT_FindNameConstraintsExten(PRArenaPoo
return rv;
}
/* Verify name against all the constraints relevant to that type of
** the name.
*/
SECStatus
CERT_CheckNameSpace(PRArenaPool *arena,
- CERTNameConstraints *constraints,
- CERTGeneralName *currentName)
+ const CERTNameConstraints *constraints,
+ const CERTGeneralName *currentName)
{
CERTNameConstraint *matchingConstraints;
SECStatus rv = SECSuccess;
if (constraints->excluded != NULL) {
rv = CERT_GetNameConstraintByType(constraints->excluded,
currentName->type,
&matchingConstraints, arena);
--- a/lib/certdb/genname.h
+++ b/lib/certdb/genname.h
@@ -26,17 +26,17 @@ cert_DecodeGeneralNames(PRArenaPool *are
extern SECStatus
cert_DestroyGeneralNames(CERTGeneralName *name);
extern SECStatus
cert_EncodeNameConstraints(CERTNameConstraints *constraints, PRArenaPool *arena,
SECItem *dest);
extern CERTNameConstraints *
-cert_DecodeNameConstraints(PRArenaPool *arena, SECItem *encodedConstraints);
+cert_DecodeNameConstraints(PRArenaPool *arena, const SECItem *encodedConstraints);
extern CERTGeneralName *
cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2);
extern CERTNameConstraint *
cert_CombineConstraintsLists(CERTNameConstraint *list1, CERTNameConstraint *list2);
/*********************************************************************/
--- a/lib/certdb/polcyxtn.c
+++ b/lib/certdb/polcyxtn.c
@@ -143,17 +143,17 @@ breakLines(char *string)
curlen++;
tmpstr++;
}
return;
}
CERTCertificatePolicies *
-CERT_DecodeCertificatePoliciesExtension(SECItem *extnValue)
+CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue)
{
PRArenaPool *arena = NULL;
SECStatus rv;
CERTCertificatePolicies *policies;
CERTPolicyInfo **policyInfos, *policyInfo;
CERTPolicyQualifier **policyQualifiers, *policyQualifier;
SECItem newExtnValue;
@@ -276,17 +276,17 @@ CERT_DestroyPolicyMappingsExtension(CERT
PORT_FreeArena(mappings->arena, PR_FALSE);
}
return SECSuccess;
}
SECStatus
CERT_DecodePolicyConstraintsExtension
(CERTCertificatePolicyConstraints *decodedValue,
- SECItem *encodedValue)
+ const SECItem *encodedValue)
{
CERTCertificatePolicyConstraints decodeContext;
PRArenaPool *arena = NULL;
SECStatus rv = SECSuccess;
/* initialize so we can tell when an optional component is omitted */
PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
@@ -599,17 +599,17 @@ nopolicy:
const SEC_ASN1Template CERT_OidSeqTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
offsetof(CERTOidSequence, oids),
SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
};
CERTOidSequence *
-CERT_DecodeOidSequence(SECItem *seqItem)
+CERT_DecodeOidSequence(const SECItem *seqItem)
{
PRArenaPool *arena = NULL;
SECStatus rv;
CERTOidSequence *oidSeq;
SECItem newSeqItem;
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--- a/lib/certdb/secname.c
+++ b/lib/certdb/secname.c
@@ -405,17 +405,17 @@ CERT_DestroyName(CERTName *name)
SECStatus
CERT_AddRDN(CERTName *name, CERTRDN *rdn)
{
name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
return name->rdns ? SECSuccess : SECFailure;
}
SECStatus
-CERT_CopyName(PRArenaPool *arena, CERTName *to, CERTName *from)
+CERT_CopyName(PRArenaPool *arena, CERTName *to, const CERTName *from)
{
CERTRDN **rdns, *frdn, *trdn;
SECStatus rv = SECSuccess;
if (!to || !from) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
--- a/lib/certdb/stanpcertdb.c
+++ b/lib/certdb/stanpcertdb.c
@@ -82,17 +82,17 @@ SEC_DeletePermCertificate(CERTCertificat
nssTrustDomain_LockCertCache(td);
nssTrustDomain_RemoveCertFromCacheLOCKED(td, c);
nssTrustDomain_UnlockCertCache(td);
return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
}
SECStatus
-CERT_GetCertTrust(CERTCertificate *cert, CERTCertTrust *trust)
+CERT_GetCertTrust(const CERTCertificate *cert, CERTCertTrust *trust)
{
SECStatus rv;
CERT_LockCertTrust(cert);
if ( cert->trust == NULL ) {
rv = SECFailure;
} else {
*trust = *cert->trust;
rv = SECSuccess;
@@ -707,17 +707,18 @@ add_to_subject_list(CERTCertList *certLi
}
} else {
CERT_DestroyCertificate(cert);
}
}
CERTCertList *
CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
- SECItem *name, int64 sorttime, PRBool validOnly)
+ const SECItem *name, PRTime sorttime,
+ PRBool validOnly)
{
NSSCryptoContext *cc;
NSSCertificate **tSubjectCerts, **pSubjectCerts;
NSSCertificate **ci;
CERTCertificate *cert;
NSSDER subject;
PRBool myList = PR_FALSE;
cc = STAN_GetDefaultCryptoContext();
--- a/lib/certdb/xauthkid.c
+++ b/lib/certdb/xauthkid.c
@@ -73,17 +73,17 @@ SECStatus CERT_EncodeAuthKeyID (PRArenaP
break;
rv = SECSuccess;
} while (0);
return(rv);
}
CERTAuthKeyID *
-CERT_DecodeAuthKeyID (PRArenaPool *arena, SECItem *encodedValue)
+CERT_DecodeAuthKeyID (PRArenaPool *arena, const SECItem *encodedValue)
{
CERTAuthKeyID * value = NULL;
SECStatus rv = SECFailure;
void * mark;
SECItem newEncodedValue;
PORT_Assert (arena);
--- a/lib/certdb/xbsconst.c
+++ b/lib/certdb/xbsconst.c
@@ -83,17 +83,17 @@ SECStatus CERT_EncodeBasicConstraintValu
} while (0);
if (our_pool)
PORT_FreeArena (our_pool, PR_FALSE);
return(rv);
}
SECStatus CERT_DecodeBasicConstraintValue
- (CERTBasicConstraints *value, SECItem *encodedValue)
+ (CERTBasicConstraints *value, const SECItem *encodedValue)
{
EncodedContext decodeContext;
PRArenaPool *our_pool;
SECStatus rv = SECSuccess;
do {
PORT_Memset (&decodeContext, 0, sizeof (decodeContext));
/* initialize the value just in case we got "0x30 00", or when the
--- a/lib/certdb/xconst.c
+++ b/lib/certdb/xconst.c
@@ -213,17 +213,17 @@ CERT_EncodeNameConstraintsExtension(PRAr
rv = cert_EncodeNameConstraints(value, arena, encodedValue);
return rv;
}
CERTNameConstraints *
CERT_DecodeNameConstraintsExtension(PRArenaPool *arena,
- SECItem *encodedConstraints)
+ const SECItem *encodedConstraints)
{
return cert_DecodeNameConstraints(arena, encodedConstraints);
}
CERTAuthInfoAccess **
CERT_DecodeAuthInfoAccessExtension(PRArenaPool *reqArena,
SECItem *encodedExtension)
--- a/lib/certhigh/certvfy.c
+++ b/lib/certhigh/certvfy.c
@@ -33,17 +33,17 @@ CERT_CertTimesValid(CERTCertificate *c)
SECCertTimeValidity valid = CERT_CheckCertValidTimes(c, PR_Now(), PR_TRUE);
return (valid == secCertTimeValid) ? SECSuccess : SECFailure;
}
/*
* verify the signature of a signed data object with the given DER publickey
*/
SECStatus
-CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd,
+CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
SECKEYPublicKey *pubKey,
void *wincx)
{
SECStatus rv;
SECItem sig;
SECOidTag hashAlg = SEC_OID_UNKNOWN;
if ( !pubKey || !sd ) {
--- a/lib/nss/utilwrap.c
+++ b/lib/nss/utilwrap.c
@@ -397,17 +397,17 @@ SECStatus DER_Encode(PRArenaPool *arena,
}
SECStatus DER_Lengths(SECItem *item, int *header_len_p,
PRUint32 *contents_len_p)
{
return DER_Lengths_Util(item, header_len_p, contents_len_p);
}
-long DER_GetInteger(SECItem *src)
+long DER_GetInteger(const SECItem *src)
{
return DER_GetInteger_Util(src);
}
SECStatus DER_TimeToUTCTime(SECItem *result, int64 time)
{
return DER_TimeToUTCTime_Util(result, time);
}
--- a/lib/util/dersubr.c
+++ b/lib/util/dersubr.c
@@ -171,17 +171,17 @@ DER_SetUInteger(PRArenaPool *arena, SECI
return SECSuccess;
}
/*
** Convert a der encoded *signed* integer into a machine integral value.
** If an underflow/overflow occurs, sets error code and returns min/max.
*/
long
-DER_GetInteger(SECItem *it)
+DER_GetInteger(const SECItem *it)
{
long ival = 0;
unsigned len = it->len;
unsigned char *cp = it->data;
unsigned long overflow = 0x1ffUL << (((sizeof(ival) - 1) * 8) - 1);
unsigned long ofloinit;
PORT_Assert(len);
--- a/lib/util/hasht.h
+++ b/lib/util/hasht.h
@@ -1,16 +1,18 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id$ */
#ifndef _HASHT_H_
#define _HASHT_H_
+#include "prtypes.h"
+
/* Opaque objects */
typedef struct SECHashObjectStr SECHashObject;
typedef struct HASHContextStr HASHContext;
/*
* The hash functions the security library supports
* NOTE the order must match the definition of SECHashObjects[]!
*/
--- a/lib/util/secder.h
+++ b/lib/util/secder.h
@@ -68,17 +68,17 @@ extern SECStatus DER_SetInteger(PLArenaP
*/
extern SECStatus DER_SetUInteger(PLArenaPool *arena, SECItem *dst, PRUint32 src);
/*
** Decode a der encoded *signed* integer that is stored in "src".
** If "-1" is returned, then the caller should check the error in
** XP_GetError() to see if an overflow occurred (SEC_ERROR_BAD_DER).
*/
-extern long DER_GetInteger(SECItem *src);
+extern long DER_GetInteger(const SECItem *src);
/*
** Decode a der encoded *unsigned* integer that is stored in "src".
** If the ULONG_MAX is returned, then the caller should check the error
** in XP_GetError() to see if an overflow occurred (SEC_ERROR_BAD_DER).
*/
extern unsigned long DER_GetUInteger(SECItem *src);
