Massive constification.

CHANGES

@@ -5,6 +5,10 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+     return a const string when you are expecting an allocated buffer.
+     [Ben Laurie]
+
   *) Add support for ASN1 types UTF8String and VISIBLESTRING.
      [Steve Henson]
 

Configure

@@ -83,7 +83,7 @@ my %table=(
 "purify",	"purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
 "debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -O2 -Wall -Wshadow -Werror -pipe:::::",
-"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe:::::",
+"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe:::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 "dist",		"cc:-O -DNOPROTO::::",
 

apps/ca.c

@@ -168,17 +168,20 @@ static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days, int batch, char *ext_sect, LHASH *conf,int verbose);
+		   const EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,
+		   char *startdate,int days,int batch,char *ext_sect,
+		   LHASH *conf,int verbose);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,int batch,char *ext_sect, LHASH *conf,int verbose);
+			const EVP_MD *dgst,STACK *policy,TXT_DB *db,
+			BIGNUM *serial,char *startdate,int days,int batch,
+			char *ext_sect, LHASH *conf,int verbose);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,char *ext_sect,LHASH *conf,int verbose);
+			 const EVP_MD *dgst,STACK *policy,TXT_DB *db,
+			 BIGNUM *serial,char *startdate,int days,
+			 char *ext_sect,LHASH *conf,int verbose);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
 	int days, int batch, int verbose, X509_REQ *req, char *ext_sect,
 	LHASH *conf);
@@ -257,7 +260,7 @@ char **argv;
 	char **pp,*p,*f;
 	int i,j;
 	long l;
-	EVP_MD *dgst=NULL;
+	const EVP_MD *dgst=NULL;
 	STACK *attribs=NULL;
 	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
@@ -1303,7 +1306,7 @@ X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
 X509 *x509;
-EVP_MD *dgst;
+const EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
@@ -1374,7 +1377,7 @@ X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
 X509 *x509;
-EVP_MD *dgst;
+const EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
@@ -1448,7 +1451,7 @@ static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
 X509 **xret;
 EVP_PKEY *pkey;
 X509 *x509;
-EVP_MD *dgst;
+const EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;
@@ -1921,7 +1924,7 @@ X509 **xret;
 char *infile;
 EVP_PKEY *pkey;
 X509 *x509;
-EVP_MD *dgst;
+const EVP_MD *dgst;
 STACK *policy;
 TXT_DB *db;
 BIGNUM *serial;

apps/ciphers.c

@@ -83,7 +83,8 @@ char **argv;
 	{
 	int ret=1,i;
 	int verbose=0;
-	char **pp,*p;
+	char **pp;
+	const char *p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
 	SSL *ssl=NULL;

apps/dgst.c

@@ -85,10 +85,10 @@ char **argv;
 	{
 	unsigned char *buf=NULL;
 	int i,err=0;
-	EVP_MD *md=NULL,*m;
+	const EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
-	char *name;
+	const char *name;
 #define PROG_NAME_SIZE  16
         char pname[PROG_NAME_SIZE];
 	int separator=0;

apps/dsa.c

@@ -89,7 +89,7 @@ char **argv;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;

apps/enc.c

@@ -97,7 +97,7 @@ char **argv;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0;
-	EVP_CIPHER *cipher=NULL,*c;
+	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16

apps/req.c

@@ -157,7 +157,7 @@ char **argv;
 	EVP_CIPHER *cipher=NULL;
 	int modulus=0;
 	char *p;
-	EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
 	MS_STATIC char config_name[256];
 #endif

apps/rsa.c

@@ -89,7 +89,7 @@ char **argv;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;

apps/s_apps.h

@@ -86,7 +86,7 @@ int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
 int host_ip(char *str, unsigned char ip[4]);
 
-long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
 
 #ifdef HEADER_SSL_H

apps/s_cb.c

@@ -184,7 +184,7 @@ char *key_file;
 long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
 BIO *bio;
 int cmd;
-char *argp;
+const char *argp;
 int argi;
 long argl;
 long ret;

apps/s_server.c

@@ -792,7 +792,7 @@ static int init_ssl_connection(con)
 SSL *con;
 	{
 	int i;
-	char *str;
+	const char *str;
 	X509 *peer;
 	long verify_error;
 	MS_STATIC char buf[BUFSIZ];

apps/x509.c

@@ -121,9 +121,10 @@ NULL
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
 static EVP_PKEY *load_key(char *file, int format);
 static X509 *load_cert(char *file, int format);
-static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest);
-static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x,
-	X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days);
+static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest);
+static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
+			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
+			 int create,int days);
 #else
 static int MS_CALLBACK callb();
 static EVP_PKEY *load_key();
@@ -157,7 +158,7 @@ char **argv;
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest=EVP_md5();
 
 	reqfile=0;
 
@@ -706,7 +707,7 @@ end:
 static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days)
 X509_STORE *ctx;
 char *CAfile;
-EVP_MD *digest;
+const EVP_MD *digest;
 X509 *x;
 X509 *xca;
 EVP_PKEY *pkey;
@@ -1041,7 +1042,7 @@ static int sign(x, pkey, days, digest)
 X509 *x;
 EVP_PKEY *pkey;
 int days;
-EVP_MD *digest;
+const EVP_MD *digest;
 	{
 
 	EVP_PKEY *pktmp;

crypto/asn1/a_object.c

@@ -90,11 +90,12 @@ unsigned char **pp;
 int a2d_ASN1_OBJECT(out,olen,buf,num)
 unsigned char *out;
 int olen;
-char *buf;
+const char *buf;
 int num;
 	{
 	int i,first,len=0,c;
-	char tmp[24],*p;
+	char tmp[24];
+	const char *p;
 	unsigned long l;
 
 	if (num == 0)
@@ -188,7 +189,7 @@ ASN1_OBJECT *a;
 	int i,idx=0,n=0,len,nid;
 	unsigned long l;
 	unsigned char *p;
-	char *s;
+	const char *s;
 	char tbuf[32];
 
 	if (buf_len <= 0) return(0);
@@ -246,9 +247,9 @@ ASN1_OBJECT *a;
 		}
 	else
 		{
-		s=(char *)OBJ_nid2ln(nid);
+		s=OBJ_nid2ln(nid);
 		if (s == NULL)
-			s=(char *)OBJ_nid2sn(nid);
+			s=OBJ_nid2sn(nid);
 		strncpy(buf,s,buf_len);
 		n=strlen(s);
 		}
@@ -355,8 +356,10 @@ ASN1_OBJECT *a;
 	if (a == NULL) return;
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
 		{
-		if (a->sn != NULL) Free(a->sn);
-		if (a->ln != NULL) Free(a->ln);
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause mempory leaks */
+		if (a->sn != NULL) Free((void *)a->sn);
+		if (a->ln != NULL) Free((void *)a->ln);
+#endif
 		a->sn=a->ln=NULL;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
@@ -366,7 +369,7 @@ ASN1_OBJECT *a;
 		a->length=0;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-		Free((char *)a);
+		Free(a);
 	}
 
 ASN1_OBJECT *ASN1_OBJECT_create(nid,data,len,sn,ln)

crypto/asn1/a_set.c

@@ -73,8 +73,8 @@ typedef struct
  */
 static int SetBlobCmp(const void *elem1, const void *elem2 )
     {
-    MYBLOB *b1 = (MYBLOB *)elem1;
-    MYBLOB *b2 = (MYBLOB *)elem2;
+    const MYBLOB *b1 = (const MYBLOB *)elem1;
+    const MYBLOB *b2 = (const MYBLOB *)elem2;
     int r;
 
     r = memcmp(b1->pbData, b2->pbData,

crypto/asn1/a_sign.c

@@ -75,7 +75,7 @@ X509_ALGOR *algor2;
 ASN1_BIT_STRING *signature;
 char *data;
 EVP_PKEY *pkey;
-EVP_MD *type;
+const EVP_MD *type;
 	{
 	EVP_MD_CTX ctx;
 	unsigned char *p,*buf_in=NULL,*buf_out=NULL;

crypto/asn1/a_verify.c

@@ -76,7 +76,7 @@ char *data;
 EVP_PKEY *pkey;
 	{
 	EVP_MD_CTX ctx;
-	EVP_MD *type;
+	const EVP_MD *type;
 	unsigned char *p,*buf_in=NULL;
 	int ret= -1,i,inl;
 
@@ -89,7 +89,7 @@ EVP_PKEY *pkey;
 		}
 	
 	inl=i2d(data,NULL);
-	buf_in=(unsigned char *)Malloc((unsigned int)inl);
+	buf_in=Malloc((unsigned int)inl);
 	if (buf_in == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);

crypto/asn1/asn1.h

@@ -150,7 +150,7 @@ typedef struct asn1_ctx_st
 #define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */
 typedef struct asn1_object_st
 	{
-	char *sn,*ln;
+	const char *sn,*ln;
 	int nid;
 	int length;
 	unsigned char *data;
@@ -561,7 +561,7 @@ int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
 #endif
 int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
 
-int a2d_ASN1_OBJECT(unsigned char *out,int olen, char *buf, int num);
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
 	char *sn, char *ln);
 

crypto/asn1/asn1_lib.c

@@ -69,7 +69,7 @@ static int asn1_get_length();
 static void asn1_put_length();
 #endif
 
-char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
+const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
 
 int ASN1_check_infinite_end(p,len)
 unsigned char **p;

crypto/asn1/asn1_par.c

@@ -79,9 +79,10 @@ int xclass;
 int constructed;
 int indent;
 	{
-	static char *fmt="%-18s";
-	static char *fmt2="%2d %-15s";
-	char *p,str[128],*p2=NULL;
+	static const char fmt[]="%-18s";
+	static const char fmt2[]="%2d %-15s";
+	char str[128];
+	const char *p,*p2=NULL;
 
 	if (constructed & V_ASN1_CONSTRUCTED)
 		p="cons: ";

crypto/asn1/f_enum.c

@@ -68,7 +68,7 @@ BIO *bp;
 ASN1_ENUMERATED *a;
 	{
 	int i,n=0;
-	static char *h="0123456789ABCDEF";
+	static const char *h="0123456789ABCDEF";
 	char buf[2];
 
 	if (a == NULL) return(0);

crypto/asn1/f_int.c

@@ -66,7 +66,7 @@ BIO *bp;
 ASN1_INTEGER *a;
 	{
 	int i,n=0;
-	static char *h="0123456789ABCDEF";
+	static const char *h="0123456789ABCDEF";
 	char buf[2];
 
 	if (a == NULL) return(0);

crypto/asn1/f_string.c

@@ -67,7 +67,7 @@ ASN1_STRING *a;
 int type;
 	{
 	int i,n=0;
-	static char *h="0123456789ABCDEF";
+	static const char *h="0123456789ABCDEF";
 	char buf[2];
 
 	if (a == NULL) return(0);

crypto/asn1/n_pkey.c

@@ -138,7 +138,9 @@ int (*cb)();
 	l[2]=i2d_X509_ALGOR(alg,NULL);
 	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
 
+#ifndef CONST_STRICT
 	os.data=(unsigned char *)"private-key";
+#endif
 	os.length=11;
 	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
 
@@ -195,7 +197,7 @@ int (*cb)();
 	i2d_ASN1_OCTET_STRING(&os2,&p);
 	ret=l[5];
 err:
-	if (os2.data != NULL) Free((char *)os2.data);
+	if (os2.data != NULL) Free(os2.data);
 	if (alg != NULL) X509_ALGOR_free(alg);
 	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
 	r=r;

crypto/asn1/t_pkey.c

@@ -75,7 +75,7 @@
  */
 
 #ifndef NOPROTO
-static int print(BIO *fp,char *str,BIGNUM *num,
+static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
 #else
 static int print();
@@ -108,7 +108,8 @@ BIO *bp;
 RSA *x;
 int off;
 	{
-	char str[128],*s;
+	char str[128];
+	const char *s;
 	unsigned char *m=NULL;
 	int i,ret=0;
 
@@ -231,13 +232,14 @@ err:
 
 static int print(bp,number,num,buf,off)
 BIO *bp;
-char *number;
+const char *number;
 BIGNUM *num;
 unsigned char *buf;
 int off;
 	{
 	int n,i;
-	char str[128],*neg;
+	char str[128];
+	const char *neg;
 
 	if (num == NULL) return(1);
 	neg=(num->neg)?"-":"";

crypto/asn1/t_req.c

@@ -89,7 +89,8 @@ X509_REQ *x;
 	{
 	unsigned long l;
 	int i,n;
-	char *s,*neg;
+	char *s;
+	const char *neg;
 	X509_REQ_INFO *ri;
 	EVP_PKEY *pkey;
 	STACK *sk;

crypto/asn1/t_x509.c

@@ -100,7 +100,7 @@ X509 *x;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
-	char *neg;
+	const char *neg;
 	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;
 
@@ -275,6 +275,11 @@ ASN1_TIME *tm;
 	return(0);
 }
 
+static const char *mon[12]=
+    {
+    "Jan","Feb","Mar","Apr","May","Jun",
+    "Jul","Aug","Sep","Oct","Nov","Dec"
+    };
 
 int ASN1_GENERALIZEDTIME_print(bp,tm)
 BIO *bp;
@@ -282,9 +287,6 @@ ASN1_GENERALIZEDTIME *tm;
 	{
 	char *v;
 	int gmt=0;
-	static char *mon[12]={
-		"Jan","Feb","Mar","Apr","May","Jun",
-		"Jul","Aug","Sep","Oct","Nov","Dec"};
 	int i;
 	int y=0,M=0,d=0,h=0,m=0,s=0;
 
@@ -321,9 +323,6 @@ ASN1_UTCTIME *tm;
 	{
 	char *v;
 	int gmt=0;
-	static char *mon[12]={
-		"Jan","Feb","Mar","Apr","May","Jun",
-		"Jul","Aug","Sep","Oct","Nov","Dec"};
 	int i;
 	int y=0,M=0,d=0,h=0,m=0,s=0;
 

crypto/asn1/x_x509.c

@@ -108,8 +108,8 @@ long length;
 	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
 	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
 	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-if (ret->name != NULL) Free(ret->name);
-ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+	if (ret->name != NULL) Free(ret->name);
+	ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
 
 	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
 	}

crypto/bf/bf_ecb.c

@@ -65,9 +65,9 @@
  * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
-char *BF_version="BlowFish" OPENSSL_VERSION_PTEXT;
+const char *BF_version="BlowFish" OPENSSL_VERSION_PTEXT;
 
-char *BF_options()
+const char *BF_options()
 	{
 #ifdef BF_PTR
 	return("blowfish(ptr)");

crypto/bf/blowfish.h

@@ -102,7 +102,7 @@ void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
 	BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
 void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
 	BF_KEY *schedule, unsigned char *ivec, int *num);
-char *BF_options(void);
+const char *BF_options(void);
 
 #else
 
@@ -113,7 +113,7 @@ void BF_decrypt();
 void BF_cbc_encrypt();
 void BF_cfb64_encrypt();
 void BF_ofb64_encrypt();
-char *BF_options();
+const char *BF_options();
 
 #endif
 

crypto/bio/b_dump.c

@@ -69,7 +69,7 @@
 
 int BIO_dump(bio,s,len)
 BIO *bio;
-char *s;
+const char *s;
 int len;
 {
   int ret=0;

crypto/bio/b_sock.c

@@ -97,7 +97,7 @@ static struct ghbn_cache_st
 	} ghbn_cache[GHBN_NUM];
 
 #ifndef NOPROTO
-static int get_ip(char *str,unsigned char *ip);
+static int get_ip(const char *str,unsigned char *ip);
 static void ghbn_free(struct hostent *a);
 static struct hostent *ghbn_dup(struct hostent *a);
 #else
@@ -107,7 +107,7 @@ static struct hostent *ghbn_dup();
 #endif
 
 int BIO_get_host_ip(str,ip)
-char *str;
+const char *str;
 unsigned char *ip;
 	{
 	int i;
@@ -147,7 +147,7 @@ unsigned char *ip;
 	}
 
 int BIO_get_port(str,port_ptr)
-char *str;
+const char *str;
 unsigned short *port_ptr;
 	{
 	int i;
@@ -330,7 +330,7 @@ struct hostent *a;
 	}
 
 struct hostent *BIO_gethostbyname(name)
-char *name;
+const char *name;
 	{
 	struct hostent *ret;
 	int i,lowi=0,j;
@@ -439,7 +439,7 @@ unsigned long *arg;
 /* The reason I have implemented this instead of using sscanf is because
  * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
 static int get_ip(str,ip)
-char *str;
+const char *str;
 unsigned char ip[4];
 	{
 	unsigned int tmp[4];
@@ -484,7 +484,8 @@ int bind_mode;
 	int s= -1,cs;
 	unsigned char ip[4];
 	unsigned short port;
-	char *str,*h,*p,*e;
+	char *str,*e;
+	const char *h,*p;
 	unsigned long l;
 	int err_num;
 

crypto/bio/bio.h

@@ -203,7 +203,7 @@ extern "C" {
 typedef struct bio_method_st
 	{
 	int type;
-	char *name;
+	const char *name;
 	int (*bwrite)();
 	int (*bread)();
 	int (*bputs)();
@@ -216,7 +216,7 @@ typedef struct bio_method_st
 typedef struct bio_method_st
 	{
 	int type;
-	char *name;
+	const char *name;
 	int (_far *bwrite)();
 	int (_far *bread)();
 	int (_far *bputs)();
@@ -232,7 +232,7 @@ typedef struct bio_st
 	BIO_METHOD *method;
 #ifndef NOPROTO
 	/* bio, mode, argp, argi, argl, ret */
-	long (*callback)(struct bio_st *,int,char *,int, long,long);
+	long (*callback)(struct bio_st *,int,const char *,int, long,long);
 #else
 	long (*callback)();
 #endif
@@ -378,8 +378,15 @@ typedef struct bio_f_buffer_ctx_struct
 
 /* name is cast to lose const, but might be better to route through a function
    so we can do it safely */
+#ifdef CONST_STRICT
+/* If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b,const char *name);
+#else
 #define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
 		BIO_CLOSE|BIO_FP_READ,(char *)name)
+#endif
 #define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
 		BIO_CLOSE|BIO_FP_WRITE,name)
 #define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
@@ -493,8 +500,8 @@ int	BIO_set(BIO *a,BIO_METHOD *type);
 int	BIO_free(BIO *a);
 int	BIO_read(BIO *b, char *data, int len);
 int	BIO_gets(BIO *bp,char *buf, int size);
-int	BIO_write(BIO *b, char *data, int len);
-int	BIO_puts(BIO *bp,char *buf);
+int	BIO_write(BIO *b, const char *data, int len);
+int	BIO_puts(BIO *bp,const char *buf);
 long	BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);
 char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
 long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
@@ -507,10 +514,10 @@ int	BIO_get_retry_reason(BIO *bio);
 BIO *	BIO_dup_chain(BIO *in);
 
 #ifndef WIN16
-long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
 	long argl,long ret);
 #else
-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
 	long argl,long ret);
 #endif
 
@@ -530,14 +537,14 @@ int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int error);
-int BIO_dump(BIO *b,char *bytes,int len);
+int BIO_dump(BIO *b,const char *bytes,int len);
 
-struct hostent *BIO_gethostbyname(char *name);
+struct hostent *BIO_gethostbyname(const char *name);
 int BIO_sock_error(int sock);
 int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
 int BIO_socket_nbio(int fd,int mode);
-int BIO_get_port(char *str, unsigned short *port_ptr);
-int BIO_get_host_ip(char *str, unsigned char *ip);
+int BIO_get_port(const char *str, unsigned short *port_ptr);
+int BIO_get_host_ip(const char *str, unsigned char *ip);
 int BIO_get_accept_socket(char *host_port,int mode);
 int BIO_accept(int sock,char **ip_port);
 int BIO_sock_init(void );

crypto/bio/bio_cb.c

@@ -66,7 +66,7 @@
 long MS_CALLBACK BIO_debug_callback(bio,cmd,argp,argi,argl,ret)
 BIO *bio;
 int cmd;
-char *argp;
+const char *argp;
 int argi;
 long argl;
 long ret;

crypto/bio/bio_lib.c

@@ -178,7 +178,7 @@ int outl;
 
 int BIO_write(b,in,inl)
 BIO *b;
-char *in;
+const char *in;
 int inl;
 	{
 	int i;
@@ -222,7 +222,7 @@ int inl;
 
 int BIO_puts(b,in)
 BIO *b;
-char *in;
+const char *in;
 	{
 	int i;
 	long (*cb)();

crypto/bio/bss_conn.c

@@ -483,7 +483,7 @@ char *ptr;
 	{
 	BIO *dbio;
 	int *ip;
-	char **pptr;
+	const char **pptr;
 	long ret=1;
 	BIO_CONNECT *data;
 
@@ -507,7 +507,7 @@ char *ptr;
 	case BIO_C_GET_CONNECT:
 		if (ptr != NULL)
 			{
-			pptr=(char **)ptr;
+			pptr=(const char **)ptr;
 			if (num == 0)
 				{
 				*pptr=data->param_hostname;

crypto/bio/bss_log.c

@@ -90,7 +90,7 @@ static int MS_CALLBACK slg_new();
 static int MS_CALLBACK slg_free();
 #endif
 
-static int xopenlog(BIO* bp, char* name, int level);
+static int xopenlog(BIO* bp, const char* name, int level);
 static int xcloselog(BIO* bp);
 
 static BIO_METHOD methods_slg=
@@ -221,7 +221,7 @@ char *str;
 	return(ret);
 	}
 
-static int xopenlog(BIO* bp, char* name, int level)
+static int xopenlog(BIO* bp, const char* name, int level)
 {
 #if defined(WIN32)
 	if((bp->ptr= (char *)RegisterEventSource(NULL, name)) == NULL){

crypto/bn/bn_lib.c

@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
+const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
 
 /* For a 32 bit machine
  * 2 -   4 ==  128

crypto/bn/bn_print.c

@@ -62,7 +62,7 @@
 #include "buffer.h"
 #include "bn_lcl.h"
 
-static char *Hex="0123456789ABCDEF";
+const static char *Hex="0123456789ABCDEF";
 
 /* Must 'Free' the returned data */
 char *BN_bn2hex(a)

crypto/buffer/buffer.c

@@ -128,7 +128,7 @@ int len;
 	}
 
 char *BUF_strdup(str)
-char *str;
+const char *str;
 	{
 	char *ret;
 	int n;

crypto/buffer/buffer.h

@@ -74,7 +74,7 @@ typedef struct buf_mem_st
 BUF_MEM *BUF_MEM_new(void);
 void	BUF_MEM_free(BUF_MEM *a);
 int	BUF_MEM_grow(BUF_MEM *str, int len);
-char *	BUF_strdup(char *str);
+char *	BUF_strdup(const char *str);
 
 void ERR_load_BUF_strings(void );
 

crypto/comp/comp.h

@@ -11,7 +11,7 @@ extern "C" {
 typedef struct comp_method_st
 	{
 	int type;		/* NID for compression library */
-	char *name;		/* A text string to identify the library */
+	const char *name;	/* A text string to identify the library */
 	int (*init)();
 	void (*finish)();
 	int (*compress)();

crypto/conf/conf.c

@@ -95,7 +95,7 @@ static CONF_VALUE *get_section();
 
 #define scan_esc(p)	((((p)[1] == '\0')?(p++):(p+=2)),p)
 
-char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
 
 LHASH *CONF_load(h,file,line)
 LHASH *h;
@@ -375,7 +375,7 @@ char *name;
 				if (p != NULL) return(p);
 				}
 			}
-		vv.section="default";
+		vv.section=BUF_strdup("default");
 		vv.name=name;
 		v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
 		if (v != NULL)

crypto/cryptlib.c

@@ -67,7 +67,7 @@ static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
 
 /* real #defines in crypto.h, keep these upto date */
-static char* lock_names[CRYPTO_NUM_LOCKS] =
+static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	{
 	"<<ERROR>>",
 	"err",
@@ -96,9 +96,9 @@ static STACK *app_locks=NULL;
 
 #ifndef NOPROTO
 static void (MS_FAR *locking_callback)(int mode,int type,
-	char *file,int line)=NULL;
+	const char *file,int line)=NULL;
 static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-	int type,char *file,int line)=NULL;
+	int type,const char *file,int line)=NULL;
 static unsigned long (MS_FAR *id_callback)(void)=NULL;
 #else
 static void (MS_FAR *locking_callback)()=NULL;
@@ -135,24 +135,26 @@ char *name;
 	return(i);
 	}
 
-void (*CRYPTO_get_locking_callback(P_V))(P_I_I_P_I)
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
+		int line)
 	{
 	return(locking_callback);
 	}
 
-int (*CRYPTO_get_add_lock_callback(P_V))(P_IP_I_I_P_I)
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+					  const char *file,int line)
 	{
 	return(add_lock_callback);
 	}
 
-void CRYPTO_set_locking_callback(func)
-void (*func)(P_I_I_P_I);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+					      const char *file,int line))
 	{
 	locking_callback=func;
 	}
 
-void CRYPTO_set_add_lock_callback(func)
-int (*func)(P_IP_I_I_P_I);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+					      const char *file,int line))
 	{
 	add_lock_callback=func;
 	}
@@ -192,7 +194,7 @@ unsigned long CRYPTO_thread_id()
 void CRYPTO_lock(mode,type,file,line)
 int mode;
 int type;
-char *file;
+const char *file;
 int line;
 	{
 #ifdef LOCK_DEBUG
@@ -226,7 +228,7 @@ int CRYPTO_add_lock(pointer,amount,type,file,line)
 int *pointer;
 int amount;
 int type;
-char *file;
+const char *file;
 int line;
 	{
 	int ret;
@@ -265,7 +267,7 @@ int line;
 	return(ret);
 	}
 
-char *CRYPTO_get_lock_name(type)
+const char *CRYPTO_get_lock_name(type)
 int type;
 	{
 	if (type < 0)

crypto/crypto.h

@@ -233,7 +233,7 @@ typedef struct crypto_ex_data_func_st
 
 #ifndef NOPROTO
 
-char *SSLeay_version(int type);
+const char *SSLeay_version(int type);
 unsigned long SSLeay(void);
 
 int CRYPTO_get_ex_new_index(int idx,STACK **sk,long argl,char *argp,
@@ -246,20 +246,21 @@ void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad);
 
 int CRYPTO_mem_ctrl(int mode);
 int CRYPTO_get_new_lockid(char *name);
-void CRYPTO_lock(int mode, int type,char *file,int line);
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
-		int line));
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,char *file,
+void CRYPTO_lock(int mode, int type,const char *file,int line);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+					      const char *file,int line));
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
 		int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
-		int type,char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,
-		int type,char *file,int line);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+					      const char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+					  const char *file,int line);
 void CRYPTO_set_id_callback(unsigned long (*func)(void));
 unsigned long (*CRYPTO_get_id_callback(void))(void);
 unsigned long CRYPTO_thread_id(void);
-char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer,int amount,int type, char *file,int line);
+const char *CRYPTO_get_lock_name(int type);
+int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
+		    int line);
 
 void CRYPTO_set_mem_functions(char *(*m)(),char *(*r)(), void (*free_func)());
 void CRYPTO_get_mem_functions(char *(**m)(),char *(**r)(), void (**f)());
@@ -273,10 +274,10 @@ void CRYPTO_free(void *);
 void *CRYPTO_realloc(void *addr,int num);
 void *CRYPTO_remalloc(void *addr,int num);
 
-void *CRYPTO_dbg_malloc(int num,char *file,int line);
-void *CRYPTO_dbg_realloc(void *addr,int num,char *file,int line);
+void *CRYPTO_dbg_malloc(int num,const char *file,int line);
+void *CRYPTO_dbg_realloc(void *addr,int num,const char *file,int line);
 void CRYPTO_dbg_free(void *);
-void *CRYPTO_dbg_remalloc(void *addr,int num,char *file,int line);
+void *CRYPTO_dbg_remalloc(void *addr,int num,const char *file,int line);
 #ifndef NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
 #endif
@@ -308,7 +309,7 @@ int (*CRYPTO_get_add_lock_callback())();
 void CRYPTO_set_id_callback();
 unsigned long (*CRYPTO_get_id_callback())();
 unsigned long CRYPTO_thread_id();
-char *CRYPTO_get_lock_name();
+const char *CRYPTO_get_lock_name();
 int CRYPTO_add_lock();
 
 void CRYPTO_set_mem_functions();

crypto/cversion.c

@@ -62,7 +62,7 @@
 #include "crypto.h"
 #include "date.h"
 
-char *SSLeay_version(t)
+const char *SSLeay_version(t)
 int t;
 	{
 	if (t == SSLEAY_VERSION)

crypto/des/des.org

@@ -152,7 +152,7 @@ extern int des_set_weak_key_flag; /* set the weak key flag */
 #undef NOPROTO
 #endif
 #ifndef NOPROTO
-char *des_options(void);
+const char *des_options(void);
 void des_ecb3_encrypt(const unsigned char *input,unsigned char *output,
 		      des_key_schedule ks1,des_key_schedule ks2,
 		      des_key_schedule ks3, int enc);

crypto/des/des_enc.c

@@ -65,7 +65,7 @@ int enc;
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
 #endif
 #ifndef DES_UNROLL
 	register int i;
@@ -166,7 +166,7 @@ int enc;
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
 #endif
 #ifndef DES_UNROLL
 	register int i;
@@ -392,14 +392,15 @@ int enc;
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
+	register const unsigned char *in;
+	unsigned char *out;
 	register long l=length;
 	DES_LONG tin[2];
 	unsigned char *iv;
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	in=input;
+	out=output;
+	iv=ivec;
 
 	if (enc)
 		{
@@ -436,7 +437,7 @@ int enc;
 			l2c(tout0,out);
 			l2c(tout1,out);
 			}
-		iv=(unsigned char *)ivec;
+		iv=ivec;
 		l2c(tout0,iv);