From eae09db9e57b7a342ea15bf57c5c1439c59a2e50 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 6 Jun 2013 12:35:54 +0200 Subject: [PATCH] Fixed const correctness issues that have no impact on the ABI --- ChangeLog | 1 + include/polarssl/error.h | 2 ++ library/arc4.c | 2 +- library/base64.c | 9 +++++---- library/des.c | 24 ++++++++++++------------ library/error.c | 2 ++ library/gcm.c | 11 ++++------- library/md5.c | 8 +++----- library/pem.c | 4 ++-- library/sha1.c | 10 +++------- library/sha2.c | 10 +++------- library/sha4.c | 10 +++------- library/ssl_tls.c | 36 ++++++++++++++++++------------------ library/x509parse.c | 12 ++++++------ 14 files changed, 65 insertions(+), 76 deletions(-) diff --git a/ChangeLog b/ChangeLog index 28a7bbee3..ce8f1d9aa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ Bugfix * Secure renegotiation extension should only be sent in case client supports secure renegotiation * Fixed offset for cert_type list in ssl_parse_certificate_request() + * Fixed const correctness issues that have no impact on the ABI = Version 1.2.7 released 2013-04-13 Features diff --git a/include/polarssl/error.h b/include/polarssl/error.h index 96815a73a..093bec148 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -27,6 +27,8 @@ #ifndef POLARSSL_ERROR_H #define POLARSSL_ERROR_H +#include + /** * Error code layout. * diff --git a/library/arc4.c b/library/arc4.c index 07665ad62..488ddf770 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -143,7 +143,7 @@ int arc4_self_test( int verbose ) memcpy( ibuf, arc4_test_pt[i], 8 ); - arc4_setup( &ctx, (unsigned char *) arc4_test_key[i], 8 ); + arc4_setup( &ctx, arc4_test_key[i], 8 ); arc4_crypt( &ctx, 8, ibuf, obuf ); if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 ) diff --git a/library/base64.c b/library/base64.c index 8cd279c12..06305bb5e 100644 --- a/library/base64.c +++ b/library/base64.c @@ -218,16 +218,17 @@ static const unsigned char base64_test_enc[] = int base64_self_test( int verbose ) { size_t len; - unsigned char *src, buffer[128]; + const unsigned char *src; + unsigned char buffer[128]; if( verbose != 0 ) printf( " Base64 encoding test: " ); len = sizeof( buffer ); - src = (unsigned char *) base64_test_dec; + src = base64_test_dec; if( base64_encode( buffer, &len, src, 64 ) != 0 || - memcmp( base64_test_enc, buffer, 88 ) != 0 ) + memcmp( base64_test_enc, buffer, 88 ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); @@ -239,7 +240,7 @@ int base64_self_test( int verbose ) printf( "passed\n Base64 decoding test: " ); len = sizeof( buffer ); - src = (unsigned char *) base64_test_enc; + src = base64_test_enc; if( base64_decode( buffer, &len, src, 88 ) != 0 || memcmp( base64_test_dec, buffer, 64 ) != 0 ) diff --git a/library/des.c b/library/des.c index 338d2738c..8ae5894e1 100644 --- a/library/des.c +++ b/library/des.c @@ -838,27 +838,27 @@ int des_self_test( int verbose ) switch( i ) { case 0: - des_setkey_dec( &ctx, (unsigned char *) des3_test_keys ); + des_setkey_dec( &ctx, des3_test_keys ); break; case 1: - des_setkey_enc( &ctx, (unsigned char *) des3_test_keys ); + des_setkey_enc( &ctx, des3_test_keys ); break; case 2: - des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys ); + des3_set2key_dec( &ctx3, des3_test_keys ); break; case 3: - des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys ); + des3_set2key_enc( &ctx3, des3_test_keys ); break; case 4: - des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys ); + des3_set3key_dec( &ctx3, des3_test_keys ); break; case 5: - des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys ); + des3_set3key_enc( &ctx3, des3_test_keys ); break; default: @@ -911,27 +911,27 @@ int des_self_test( int verbose ) switch( i ) { case 0: - des_setkey_dec( &ctx, (unsigned char *) des3_test_keys ); + des_setkey_dec( &ctx, des3_test_keys ); break; case 1: - des_setkey_enc( &ctx, (unsigned char *) des3_test_keys ); + des_setkey_enc( &ctx, des3_test_keys ); break; case 2: - des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys ); + des3_set2key_dec( &ctx3, des3_test_keys ); break; case 3: - des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys ); + des3_set2key_enc( &ctx3, des3_test_keys ); break; case 4: - des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys ); + des3_set3key_dec( &ctx3, des3_test_keys ); break; case 5: - des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys ); + des3_set3key_enc( &ctx3, des3_test_keys ); break; default: diff --git a/library/error.c b/library/error.c index d4bc27762..3f717481a 100644 --- a/library/error.c +++ b/library/error.c @@ -27,6 +27,8 @@ #if defined(POLARSSL_ERROR_C) +#include "polarssl/error.h" + #if defined(POLARSSL_AES_C) #include "polarssl/aes.h" #endif diff --git a/library/gcm.c b/library/gcm.c index ed7572dc5..60dc0cd0a 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -191,7 +191,6 @@ int gcm_crypt_and_tag( gcm_context *ctx, size_t use_len; uint64_t orig_len = length * 8; uint64_t orig_add_len = add_len * 8; - unsigned char **xor_p; memset( y, 0x00, 16 ); memset( work_buf, 0x00, 16 ); @@ -204,11 +203,6 @@ int gcm_crypt_and_tag( gcm_context *ctx, return( POLARSSL_ERR_GCM_BAD_INPUT ); } - if( mode == GCM_ENCRYPT ) - xor_p = (unsigned char **) &out_p; - else - xor_p = (unsigned char **) &p; - if( iv_len == 12 ) { memcpy( y, iv, iv_len ); @@ -270,7 +264,10 @@ int gcm_crypt_and_tag( gcm_context *ctx, for( i = 0; i < use_len; i++ ) { out_p[i] = ectr[i] ^ p[i]; - buf[i] ^= (*xor_p)[i]; + if( mode == GCM_ENCRYPT ) + buf[i] ^= out_p[i]; + else + buf[i] ^= p[i]; } gcm_mult( ctx, buf, buf ); diff --git a/library/md5.c b/library/md5.c index b2ee10bb2..3097aeb5c 100644 --- a/library/md5.c +++ b/library/md5.c @@ -220,8 +220,7 @@ void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen ) if( left && ilen >= fill ) { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); + memcpy( (void *) (ctx->buffer + left), input, fill ); md5_process( ctx, ctx->buffer ); input += fill; ilen -= fill; @@ -237,8 +236,7 @@ void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen ) if( ilen > 0 ) { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); + memcpy( (void *) (ctx->buffer + left), input, ilen ); } } @@ -269,7 +267,7 @@ void md5_finish( md5_context *ctx, unsigned char output[16] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - md5_update( ctx, (unsigned char *) md5_padding, padn ); + md5_update( ctx, md5_padding, padn ); md5_update( ctx, msglen, 8 ); PUT_UINT32_LE( ctx->state[0], output, 0 ); diff --git a/library/pem.c b/library/pem.c index 33e74ab78..70706810e 100644 --- a/library/pem.c +++ b/library/pem.c @@ -195,12 +195,12 @@ int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigne if( ctx == NULL ) return( POLARSSL_ERR_PEM_INVALID_DATA ); - s1 = (unsigned char *) strstr( (char *) data, header ); + s1 = (unsigned char *) strstr( (const char *) data, header ); if( s1 == NULL ) return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT ); - s2 = (unsigned char *) strstr( (char *) data, footer ); + s2 = (unsigned char *) strstr( (const char *) data, footer ); if( s2 == NULL || s2 <= s1 ) return( POLARSSL_ERR_PEM_INVALID_DATA ); diff --git a/library/sha1.c b/library/sha1.c index 1e8258062..372c0c1cb 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -254,8 +254,7 @@ void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ) if( left && ilen >= fill ) { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); + memcpy( (void *) (ctx->buffer + left), input, fill ); sha1_process( ctx, ctx->buffer ); input += fill; ilen -= fill; @@ -270,10 +269,7 @@ void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ) } if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); - } + memcpy( (void *) (ctx->buffer + left), input, ilen ); } static const unsigned char sha1_padding[64] = @@ -303,7 +299,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - sha1_update( ctx, (unsigned char *) sha1_padding, padn ); + sha1_update( ctx, sha1_padding, padn ); sha1_update( ctx, msglen, 8 ); PUT_UINT32_BE( ctx->state[0], output, 0 ); diff --git a/library/sha2.c b/library/sha2.c index af3a6eed9..7b375ff49 100644 --- a/library/sha2.c +++ b/library/sha2.c @@ -250,8 +250,7 @@ void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen ) if( left && ilen >= fill ) { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); + memcpy( (void *) (ctx->buffer + left), input, fill ); sha2_process( ctx, ctx->buffer ); input += fill; ilen -= fill; @@ -266,10 +265,7 @@ void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen ) } if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); - } + memcpy( (void *) (ctx->buffer + left), input, ilen ); } static const unsigned char sha2_padding[64] = @@ -299,7 +295,7 @@ void sha2_finish( sha2_context *ctx, unsigned char output[32] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - sha2_update( ctx, (unsigned char *) sha2_padding, padn ); + sha2_update( ctx, sha2_padding, padn ); sha2_update( ctx, msglen, 8 ); PUT_UINT32_BE( ctx->state[0], output, 0 ); diff --git a/library/sha4.c b/library/sha4.c index 6361a542c..383b4d2ad 100644 --- a/library/sha4.c +++ b/library/sha4.c @@ -242,8 +242,7 @@ void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen ) if( left && ilen >= fill ) { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); + memcpy( (void *) (ctx->buffer + left), input, fill ); sha4_process( ctx, ctx->buffer ); input += fill; ilen -= fill; @@ -258,10 +257,7 @@ void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen ) } if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); - } + memcpy( (void *) (ctx->buffer + left), input, ilen ); } static const unsigned char sha4_padding[128] = @@ -295,7 +291,7 @@ void sha4_finish( sha4_context *ctx, unsigned char output[64] ) last = (size_t)( ctx->total[0] & 0x7F ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - sha4_update( ctx, (unsigned char *) sha4_padding, padn ); + sha4_update( ctx, sha4_padding, padn ); sha4_update( ctx, msglen, 16 ); PUT_UINT64_BE( ctx->state[0], output, 0 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9455ae2ec..9087ab4fa 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2521,7 +2521,7 @@ static void ssl_update_checksum_sha384( ssl_context *ssl, unsigned char *buf, static void ssl_calc_finished_ssl( ssl_context *ssl, unsigned char *buf, int from ) { - char *sender; + const char *sender; md5_context md5; sha1_context sha1; @@ -2553,17 +2553,17 @@ static void ssl_calc_finished_ssl( SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) sha1.state, sizeof( sha1.state ) ); - sender = ( from == SSL_IS_CLIENT ) ? (char *) "CLNT" - : (char *) "SRVR"; + sender = ( from == SSL_IS_CLIENT ) ? "CLNT" + : "SRVR"; memset( padbuf, 0x36, 48 ); - md5_update( &md5, (unsigned char *) sender, 4 ); + md5_update( &md5, (const unsigned char *) sender, 4 ); md5_update( &md5, session->master, 48 ); md5_update( &md5, padbuf, 48 ); md5_finish( &md5, md5sum ); - sha1_update( &sha1, (unsigned char *) sender, 4 ); + sha1_update( &sha1, (const unsigned char *) sender, 4 ); sha1_update( &sha1, session->master, 48 ); sha1_update( &sha1, padbuf, 40 ); sha1_finish( &sha1, sha1sum ); @@ -2598,7 +2598,7 @@ static void ssl_calc_finished_tls( ssl_context *ssl, unsigned char *buf, int from ) { int len = 12; - char *sender; + const char *sender; md5_context md5; sha1_context sha1; unsigned char padbuf[36]; @@ -2625,13 +2625,13 @@ static void ssl_calc_finished_tls( sha1.state, sizeof( sha1.state ) ); sender = ( from == SSL_IS_CLIENT ) - ? (char *) "client finished" - : (char *) "server finished"; + ? "client finished" + : "server finished"; md5_finish( &md5, padbuf ); sha1_finish( &sha1, padbuf + 16 ); - ssl->handshake->tls_prf( session->master, 48, sender, + ssl->handshake->tls_prf( session->master, 48, (char *) sender, padbuf, 36, buf, len ); SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); @@ -2648,7 +2648,7 @@ static void ssl_calc_finished_tls_sha256( ssl_context *ssl, unsigned char *buf, int from ) { int len = 12; - char *sender; + const char *sender; sha2_context sha2; unsigned char padbuf[32]; @@ -2670,12 +2670,12 @@ static void ssl_calc_finished_tls_sha256( sha2.state, sizeof( sha2.state ) ); sender = ( from == SSL_IS_CLIENT ) - ? (char *) "client finished" - : (char *) "server finished"; + ? "client finished" + : "server finished"; sha2_finish( &sha2, padbuf ); - ssl->handshake->tls_prf( session->master, 48, sender, + ssl->handshake->tls_prf( session->master, 48, (char *) sender, padbuf, 32, buf, len ); SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); @@ -2692,7 +2692,7 @@ static void ssl_calc_finished_tls_sha384( ssl_context *ssl, unsigned char *buf, int from ) { int len = 12; - char *sender; + const char *sender; sha4_context sha4; unsigned char padbuf[48]; @@ -2714,12 +2714,12 @@ static void ssl_calc_finished_tls_sha384( sha4.state, sizeof( sha4.state ) ); sender = ( from == SSL_IS_CLIENT ) - ? (char *) "client finished" - : (char *) "server finished"; + ? "client finished" + : "server finished"; sha4_finish( &sha4, padbuf ); - ssl->handshake->tls_prf( session->master, 48, sender, + ssl->handshake->tls_prf( session->master, 48, (char *) sender, padbuf, 48, buf, len ); SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); @@ -3232,7 +3232,7 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname ) if( ssl->hostname == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); - memcpy( ssl->hostname, (unsigned char *) hostname, + memcpy( ssl->hostname, (const unsigned char *) hostname, ssl->hostname_len ); ssl->hostname[ssl->hostname_len] = '\0'; diff --git a/library/x509parse.c b/library/x509parse.c index bac0e93e5..131fccfd3 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -1433,7 +1433,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen ) * one or more PEM certificates. */ #if defined(POLARSSL_PEM_C) - if( strstr( (char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) + if( strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) buf_format = X509_FORMAT_PEM; #endif @@ -3563,7 +3563,7 @@ int x509_self_test( int verbose ) memset( &clicert, 0, sizeof( x509_cert ) ); - ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt, + ret = x509parse_crt( &clicert, (const unsigned char *) test_cli_crt, strlen( test_cli_crt ) ); if( ret != 0 ) { @@ -3575,7 +3575,7 @@ int x509_self_test( int verbose ) memset( &cacert, 0, sizeof( x509_cert ) ); - ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt, + ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt, strlen( test_ca_crt ) ); if( ret != 0 ) { @@ -3594,8 +3594,8 @@ int x509_self_test( int verbose ) rsa_init( &rsa, RSA_PKCS_V15, 0 ); if( ( ret = x509parse_key( &rsa, - (unsigned char *) test_ca_key, i, - (unsigned char *) test_ca_pwd, j ) ) != 0 ) + (const unsigned char *) test_ca_key, i, + (const unsigned char *) test_ca_pwd, j ) ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); @@ -3623,7 +3623,7 @@ int x509_self_test( int verbose ) i = strlen( test_dhm_params ); j = strlen( test_ca_pwd ); - if( ( ret = x509parse_dhm( &dhm, (unsigned char *) test_dhm_params, i ) ) != 0 ) + if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params, i ) ) != 0 ) { if( verbose != 0 ) printf( "failed\n" );