RT1815: More const'ness improvements

Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

crypto/asn1/a_bitstr.c

@@ -212,7 +212,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	return(1);
 	}
 
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 	{
 	int w,v;
 
@@ -229,8 +229,8 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
  * which is not specified in 'flags', 1 otherwise.
  * 'len' is the length of 'flags'.
  */
-int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
-			  unsigned char *flags, int flags_len)
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+			  const unsigned char *flags, int flags_len)
 	{
 	int i, ok;
 	/* Check if there is one bit set at all. */

crypto/asn1/asn1.h

@@ -819,9 +819,9 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **p
 int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
 			int length );
 int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
-int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-int            ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
-                                     unsigned char *flags, int flags_len);
+int		ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
+int            ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                                     const unsigned char *flags, int flags_len);
 
 #ifndef OPENSSL_NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,

crypto/asn1/charmap.pl

@@ -71,7 +71,7 @@ print <<EOF;
  * Mask of various character properties
  */
 
-static unsigned char char_type[] = {
+static const unsigned char char_type[] = {
 EOF
 
 for($i = 0; $i < 128; $i++) {

crypto/asn1/tasn_prn.c

@@ -401,8 +401,8 @@ static int asn1_print_fsname(BIO *out, int indent,
 			const char *fname, const char *sname,
 			const ASN1_PCTX *pctx)
 	{
-	static char spaces[] = "                    ";
-	const int nspaces = sizeof(spaces) - 1;
+	static const char spaces[] = "                    ";
+	static const int nspaces = sizeof(spaces) - 1;
 
 #if 0
 	if (!sname && !fname)

crypto/conf/conf_def.h

@@ -77,7 +77,7 @@
 #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
 					CONF_PUNCTUATION)
 
-#define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+#define KEYTYPES(c)		((const unsigned short *)((c)->meth_data))
 #ifndef CHARSET_EBCDIC
 #define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
 #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
@@ -108,7 +108,7 @@
 #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
 #endif /*CHARSET_EBCDIC*/
 
-static unsigned short CONF_type_default[256]={
+static const unsigned short CONF_type_default[256]={
 	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
 	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
 	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
@@ -143,7 +143,7 @@ static unsigned short CONF_type_default[256]={
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	};
 
-static unsigned short CONF_type_win32[256]={
+static const unsigned short CONF_type_win32[256]={
 	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
 	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
 	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,

crypto/conf/keysets.pl

@@ -131,7 +131,7 @@ print <<"EOF";
 #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
 					CONF_PUNCTUATION)
 
-#define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+#define KEYTYPES(c)		((const unsigned short *)((c)->meth_data))
 #ifndef CHARSET_EBCDIC
 #define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
 #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
@@ -164,7 +164,7 @@ print <<"EOF";
 
 EOF
 
-print "static unsigned short CONF_type_default[256]={";
+print "static const unsigned short CONF_type_default[256]={";
 
 for ($i=0; $i<256; $i++)
 	{
@@ -174,7 +174,7 @@ for ($i=0; $i<256; $i++)
 
 print "\n\t};\n\n";
 
-print "static unsigned short CONF_type_win32[256]={";
+print "static const unsigned short CONF_type_win32[256]={";
 
 for ($i=0; $i<256; $i++)
 	{

crypto/engine/eng_openssl.c

@@ -234,8 +234,8 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
  */
 #include <openssl/rc4.h>
 #define TEST_RC4_KEY_SIZE		16
-static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
-static int test_cipher_nids_number = 2;
+static const int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
+static const int test_cipher_nids_number = 2;
 typedef struct {
 	unsigned char key[TEST_RC4_KEY_SIZE];
 	RC4_KEY ks;
@@ -319,8 +319,8 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
 #ifdef TEST_ENG_OPENSSL_SHA
 /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
 #include <openssl/sha.h>
-static int test_digest_nids[] = {NID_sha1};
-static int test_digest_nids_number = 1;
+static const int test_digest_nids[] = {NID_sha1};
+static const int test_digest_nids_number = 1;
 static int test_sha1_init(EVP_MD_CTX *ctx)
 	{
 #ifdef TEST_ENG_OPENSSL_SHA_P_INIT

crypto/evp/openbsd_hw.c

@@ -326,7 +326,7 @@ static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
 static int do_digest(int ses,unsigned char *md,const void *data,int len)
     {
     struct crypt_op cryp;
-    static unsigned char md5zero[16]=
+    static const unsigned char md5zero[16]=
 	{
 	0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
 	0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e

crypto/ts/ts_rsp_print.c

@@ -71,8 +71,8 @@ struct status_map_st
 
 /* Local function declarations. */
 
-static int TS_status_map_print(BIO *bio, struct status_map_st *a,
-			       ASN1_BIT_STRING *v);
+static int TS_status_map_print(BIO *bio, const struct status_map_st *a,
+			       const ASN1_BIT_STRING *v);
 static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
 
 /* Function definitions. */
@@ -105,7 +105,7 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
 		"Revocation warning.",
 		"Revoked."
 		};
-	static struct status_map_st failure_map[] =
+	static const struct status_map_st failure_map[] =
 		{
 		{ TS_INFO_BAD_ALG,
 		"unrecognized or unsupported algorithm identifier" },
@@ -162,8 +162,8 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
 	return 1;
 	}
 
-static int TS_status_map_print(BIO *bio, struct status_map_st *a,
-			       ASN1_BIT_STRING *v)
+static int TS_status_map_print(BIO *bio, const struct status_map_st *a,
+			       const ASN1_BIT_STRING *v)
 	{
 	int lines = 0;
 

engines/e_padlock.c

@@ -333,7 +333,7 @@ padlock_available(void)
 #endif
 
 /* List of supported ciphers. */
-static int padlock_cipher_nids[] = {
+static const int padlock_cipher_nids[] = {
 	NID_aes_128_ecb,
 	NID_aes_128_cbc,
 	NID_aes_128_cfb,

ssl/d1_both.c

@@ -156,7 +156,7 @@ static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe
 static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
 /* XDTLS:  figure out the right values */
-static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
+static const unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
 
 static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
 static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 

ssl/s3_enc.c

@@ -140,7 +140,7 @@
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 
-static unsigned char ssl3_pad_1[48]={
+static const unsigned char ssl3_pad_1[48]={
 	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
 	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
 	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
@@ -148,7 +148,7 @@ static unsigned char ssl3_pad_1[48]={
 	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
 	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
 
-static unsigned char ssl3_pad_2[48]={
+static const unsigned char ssl3_pad_2[48]={
 	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
 	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
 	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,

ssl/ssl_ciph.c

@@ -203,7 +203,7 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
 	0,0,0,0,0,0
 	};
 
-static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
+static const int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
 	SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
 	SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
 	SSL_HANDSHAKE_MAC_SHA384

ssl/t1_lib.c

@@ -232,7 +232,7 @@ typedef struct
 #define TLS_CURVE_CHAR2		0x1
 #define TLS_CURVE_PRIME		0x0
 
-static tls_curve_info nid_list[] =
+static const tls_curve_info nid_list[] =
 	{
 		{NID_sect163k1, 80, TLS_CURVE_CHAR2},/* sect163k1 (1) */
 		{NID_sect163r1, 80, TLS_CURVE_CHAR2},/* sect163r1 (2) */
@@ -428,7 +428,7 @@ static void tls1_get_curvelist(SSL *s, int sess,
 /* See if curve is allowed by security callback */
 static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op)
 	{
-	tls_curve_info *cinfo;
+	const tls_curve_info *cinfo;
 	if (curve[0])
 		return 1;
 	if ((curve[1] < 1) || ((size_t)curve[1] >