rpki-client: sprinkle some const

EVP_PKEY_get0_* were made const correct in OpenSSL 3 and now cause the
build of rpki-client to emit warnings. Of course no one is able to see
these warnings because they are hidden in all the deprecation vomit.

Makes rpki-client build cleanly against OpenSSL 3 when configured with
--with-openssl-cflags=-DOPENSSL_SUPPRESS_DEPRECATED.

ok claudio deraadt job

diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c
index bcbf9cb..56b3fe5 100644 (file)
--- a/usr.sbin/rpki-client/validate.c
+++ b/usr.sbin/rpki-client/validate.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: validate.c,v 1.76 2024/06/17 18:52:50 tb Exp $ */
+/*     $OpenBSD: validate.c,v 1.77 2024/10/16 06:09:45 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -587,7 +587,7 @@ valid_uuid(const char *s)
 static int
 valid_ca_pkey_rsa(const char *fn, EVP_PKEY *pkey)
 {
-       RSA             *rsa;
+       const RSA       *rsa;
        const BIGNUM    *rsa_e;
        int              key_bits;
 
@@ -618,7 +618,7 @@ valid_ca_pkey_rsa(const char *fn, EVP_PKEY *pkey)
 static int
 valid_ca_pkey_ec(const char *fn, EVP_PKEY *pkey)
 {
-       EC_KEY          *ec;
+       const EC_KEY    *ec;
        const EC_GROUP  *group;
        int              nid;
        const char      *cname;

diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index 0ef858d..f8dadf4 100644 (file)
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509.c,v 1.103 2024/10/07 14:45:33 tb Exp $ */
+/*     $OpenBSD: x509.c,v 1.104 2024/10/16 06:09:45 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -413,7 +413,7 @@ char *
 x509_get_pubkey(X509 *x, const char *fn)
 {
        EVP_PKEY        *pkey;
-       EC_KEY          *eckey;
+       const EC_KEY    *eckey;
        int              nid;
        const char      *cname;
        uint8_t         *pubkey = NULL;