From aa3f6daa863dbd476f1cf1009a61621e8bbccd97 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Thu, 1 Jan 2015 16:24:36 -0500
Subject: [PATCH] Tag a number of globals as const.

Change-Id: I6f334911f153395a2e5e26adfd08912a1d8c558b
Reviewed-on: https://boringssl-review.googlesource.com/2847
Reviewed-by: Adam Langley <agl@google.com>
---
 crypto/asn1/bio_asn1.c   |  4 ++--
 crypto/asn1/charmap.pl   |  2 +-
 crypto/asn1/x_bignum.c   |  2 +-
 crypto/asn1/x_long.c     |  2 +-
 crypto/bio/buffer.c      |  2 +-
 crypto/conf/conf_def.h   |  2 +-
 crypto/err/err.c         |  2 +-
 crypto/evp/evp_ctx.c     |  2 +-
 crypto/x509/t_x509.c     |  2 +-
 crypto/x509/x509_req.c   | 11 ++++++-----
 crypto/x509/x509_vpm.c   |  2 +-
 crypto/x509/x_crl.c      |  2 +-
 crypto/x509v3/ext_dat.h  |  2 +-
 crypto/x509v3/tabtest.c  |  2 +-
 crypto/x509v3/v3_bitst.c |  8 ++++----
 crypto/x509v3/v3_conf.c  |  4 ++--
 crypto/x509v3/v3_enum.c  |  6 +++---
 include/openssl/asn1.h   |  2 +-
 include/openssl/x509.h   |  4 ++--
 include/openssl/x509v3.h |  4 ++--
 ssl/ssl_sess.c           |  2 +-
 21 files changed, 35 insertions(+), 34 deletions(-)

diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index 38787a8f..faea304b 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -124,7 +124,7 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
 				asn1_bio_state_t ex_state,
 				asn1_bio_state_t other_state);
 
-static BIO_METHOD methods_asn1=
+static const BIO_METHOD methods_asn1=
 	{
 	BIO_TYPE_ASN1,
 	"asn1",
@@ -138,7 +138,7 @@ static BIO_METHOD methods_asn1=
 	asn1_bio_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_asn1(void)
+const BIO_METHOD *BIO_f_asn1(void)
 	{
 	return(&methods_asn1);
 	}
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
index cc800cc2..71bc7b8b 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -123,7 +123,7 @@ print <<EOF;
  * Mask of various character properties
  */
 
-static unsigned char char_type[] = {
+static const unsigned char char_type[] = {
 EOF
 
 for($i = 0; $i < 128; $i++) {
diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
index 7985235e..f8c62fd8 100644
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
@@ -74,7 +74,7 @@ static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
 static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
 
-static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+static const ASN1_PRIMITIVE_FUNCS bignum_pf = {
 	NULL, 0,
 	bn_new,
 	bn_free,
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index cb0dad18..a3f80abb 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -74,7 +74,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
 static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
 
-static ASN1_PRIMITIVE_FUNCS long_pf = {
+static const ASN1_PRIMITIVE_FUNCS long_pf = {
 	NULL, 0,
 	long_new,
 	long_free,
diff --git a/crypto/bio/buffer.c b/crypto/bio/buffer.c
index 144afd28..415a4713 100644
--- a/crypto/bio/buffer.c
+++ b/crypto/bio/buffer.c
@@ -480,7 +480,7 @@ static int buffer_puts(BIO *b, const char *str) {
   return buffer_write(b, str, strlen(str));
 }
 
-static BIO_METHOD methods_buffer = {
+static const BIO_METHOD methods_buffer = {
     BIO_TYPE_BUFFER, "buffer",             buffer_write, buffer_read,
     buffer_puts,     buffer_gets,          buffer_ctrl,  buffer_new,
     buffer_free,     buffer_callback_ctrl,
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 2fc035b3..b1e6ba63 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -91,7 +91,7 @@
 #define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
 #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
 
-static unsigned short CONF_type_default[256]={
+static const unsigned short CONF_type_default[256]={
 	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
 	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
 	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 4e63e213..8b8094f5 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -688,7 +688,7 @@ static const char *const kLibraryNames[ERR_NUM_LIBS] = {
  * allocated on the heap. */
 static ERR_STRING_DATA kStaticErrors[ERR_NUM_LIBS * 2 + NUM_SYS_ERRNOS];
 
-static ERR_STRING_DATA kGlobalErrors[] = {
+static const ERR_STRING_DATA kGlobalErrors[] = {
     {ERR_R_MALLOC_FAILURE, "malloc failure"},
     {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, "function should not be called"},
     {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.c
index 66160382..e1c2886c 100644
--- a/crypto/evp/evp_ctx.c
+++ b/crypto/evp/evp_ctx.c
@@ -69,7 +69,7 @@ extern const EVP_PKEY_METHOD rsa_pkey_meth;
 extern const EVP_PKEY_METHOD hmac_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth;
 
-static const EVP_PKEY_METHOD *evp_methods[] = {
+static const EVP_PKEY_METHOD *const evp_methods[] = {
   &rsa_pkey_meth,
   &hmac_pkey_meth,
   &ec_pkey_meth,
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 3a28e333..75034b75 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -365,7 +365,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 	return(0);
 }
 
-static const char *mon[12]=
+static const char *const mon[12]=
     {
     "Jan","Feb","Mar","Apr","May","Jun",
     "Jul","Aug","Sep","Oct","Nov","Dec"
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 64f2c37f..daaedb69 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -155,9 +155,9 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
  * used and there may be more: so the list is configurable.
  */
 
-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
+static const int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
 
-static int *ext_nids = ext_nid_list;
+static const int *ext_nids = ext_nid_list;
 
 int X509_REQ_extension_nid(int req_nid)
 {
@@ -169,12 +169,12 @@ int X509_REQ_extension_nid(int req_nid)
 	}
 }
 
-int *X509_REQ_get_extension_nids(void)
+const int *X509_REQ_get_extension_nids(void)
 {
 	return ext_nids;
 }
 	
-void X509_REQ_set_extension_nids(int *nids)
+void X509_REQ_set_extension_nids(const int *nids)
 {
 	ext_nids = nids;
 }
@@ -183,7 +183,8 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
 	{
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *ext = NULL;
-	int idx, *pnid;
+	int idx;
+	const int *pnid;
 	const unsigned char *p;
 
 	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 4699d054..442e070b 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -438,7 +438,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
 	return param->name;
 	}
 
-static X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0};
+static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0, 0U, NULL, 0, NULL, 0};
 
 #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
 
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 8e64f76b..bb23b57e 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -97,7 +97,7 @@ static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
 static int def_crl_lookup(X509_CRL *crl,
 		X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
 
-static X509_CRL_METHOD int_crl_meth =
+static const X509_CRL_METHOD int_crl_meth =
 	{
 	0,
 	0,0,
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index e7d00521..8b2c123b 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -74,7 +74,7 @@ extern X509V3_EXT_METHOD v3_addr, v3_asid;
 /* TODO(fork): OCSP support */
 #define OPENSSL_NO_OCSP
 
-static const X509V3_EXT_METHOD *standard_exts[] = {
+static const X509V3_EXT_METHOD *const standard_exts[] = {
 &v3_nscert,
 &v3_ns_ia5_list[0],
 &v3_ns_ia5_list[1],
diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c
index f7839388..26ecc6cc 100644
--- a/crypto/x509v3/tabtest.c
+++ b/crypto/x509v3/tabtest.c
@@ -70,7 +70,7 @@
 int main(void)
 {
 	int i, prev = -1, bad = 0;
-	const X509V3_EXT_METHOD **tmp;
+	const X509V3_EXT_METHOD *const *tmp;
         CRYPTO_library_init();
 	i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
 	if(i != STANDARD_EXTENSION_COUNT)
diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
index dd389f0c..a4c3186a 100644
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@@ -62,7 +62,7 @@
 #include <openssl/x509v3.h>
 
 
-static BIT_STRING_BITNAME ns_cert_type_table[] = {
+static const BIT_STRING_BITNAME ns_cert_type_table[] = {
 {0, "SSL Client", "client"},
 {1, "SSL Server", "server"},
 {2, "S/MIME", "email"},
@@ -74,7 +74,7 @@ static BIT_STRING_BITNAME ns_cert_type_table[] = {
 {-1, NULL, NULL}
 };
 
-static BIT_STRING_BITNAME key_usage_type_table[] = {
+static const BIT_STRING_BITNAME key_usage_type_table[] = {
 {0, "Digital Signature", "digitalSignature"},
 {1, "Non Repudiation", "nonRepudiation"},
 {2, "Key Encipherment", "keyEncipherment"},
@@ -95,7 +95,7 @@ const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_ty
 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
 {
-	BIT_STRING_BITNAME *bnam;
+	const BIT_STRING_BITNAME *bnam;
 	for(bnam =method->usr_data; bnam->lname; bnam++) {
 		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
 			X509V3_add_value(bnam->lname, NULL, &ret);
@@ -109,7 +109,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 	CONF_VALUE *val;
 	ASN1_BIT_STRING *bs;
 	size_t i;
-	BIT_STRING_BITNAME *bnam;
+	const BIT_STRING_BITNAME *bnam;
 	if(!(bs = M_ASN1_BIT_STRING_new())) {
 		OPENSSL_PUT_ERROR(X509V3, v2i_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
 		return NULL;
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 9ee4809e..48654cb0 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -430,7 +430,7 @@ static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
 	return NCONF_get_section(db, section);
 	}
 
-static X509V3_CONF_METHOD nconf_method = {
+static const X509V3_CONF_METHOD nconf_method = {
 nconf_get_string,
 nconf_get_section,
 NULL,
@@ -485,7 +485,7 @@ static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
 	return CONF_get_section(db, section);
 	}
 
-static X509V3_CONF_METHOD conf_lhash_method = {
+static const X509V3_CONF_METHOD conf_lhash_method = {
 conf_lhash_get_string,
 conf_lhash_get_section,
 NULL,
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
index d6a1b8b0..0fe6bb63 100644
--- a/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
@@ -61,7 +61,7 @@
 #include <openssl/x509v3.h>
 
 
-static ENUMERATED_NAMES crl_reasons[] = {
+static const ENUMERATED_NAMES crl_reasons[] = {
 {CRL_REASON_UNSPECIFIED, 	 "Unspecified", "unspecified"},
 {CRL_REASON_KEY_COMPROMISE,	 "Key Compromise", "keyCompromise"},
 {CRL_REASON_CA_COMPROMISE,	 "CA Compromise", "CACompromise"},
@@ -82,13 +82,13 @@ NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
 (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
 0,
 0,0,0,0,
-crl_reasons};
+(void *)crl_reasons};
 
 
 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
 	     ASN1_ENUMERATED *e)
 {
-	ENUMERATED_NAMES *enam;
+	const ENUMERATED_NAMES *enam;
 	long strval;
 	strval = ASN1_ENUMERATED_get(e);
 	for(enam = method->usr_data; enam->lname; enam++) {
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index a9864bc5..941b156f 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -1052,7 +1052,7 @@ OPENSSL_EXPORT void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
 OPENSSL_EXPORT unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
 OPENSSL_EXPORT void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
 
-OPENSSL_EXPORT BIO_METHOD *BIO_f_asn1(void);
+OPENSSL_EXPORT const BIO_METHOD *BIO_f_asn1(void);
 
 OPENSSL_EXPORT BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
 
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 475f7473..1ee63a1a 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -871,8 +871,8 @@ OPENSSL_EXPORT int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
 OPENSSL_EXPORT int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 OPENSSL_EXPORT EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);
 OPENSSL_EXPORT int		X509_REQ_extension_nid(int nid);
-OPENSSL_EXPORT int *		X509_REQ_get_extension_nids(void);
-OPENSSL_EXPORT void		X509_REQ_set_extension_nids(int *nids);
+OPENSSL_EXPORT const int *	X509_REQ_get_extension_nids(void);
+OPENSSL_EXPORT void		X509_REQ_set_extension_nids(const int *nids);
 OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
 OPENSSL_EXPORT int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
 				int nid);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 9aa91d67..c8910221 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -130,7 +130,7 @@ X509 *issuer_cert;
 X509 *subject_cert;
 X509_REQ *subject_req;
 X509_CRL *crl;
-X509V3_CONF_METHOD *db_meth;
+const X509V3_CONF_METHOD *db_meth;
 void *db;
 /* Maybe more here */
 };
@@ -389,7 +389,7 @@ struct ISSUING_DIST_POINT_st
 			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
 			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
 			NULL, NULL, \
-			table}
+			(void *)table}
 
 #define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
 			0,0,0,0, \
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 367b0f42..28d30512 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -146,7 +146,7 @@
 /* The address of this is a magic value, a pointer to which is returned by
  * SSL_magic_pending_session_ptr(). It allows a session callback to indicate
  * that it needs to asynchronously fetch session information. */
-static char g_pending_session_magic;
+static const char g_pending_session_magic;
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);