Type-checked (and modern C compliant) OBJ_bsearch.

23 files changed, 351 insertions, 286 deletions

diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index ecf1d6004e..f0d5416660 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
 			const ASN1_STRING_TABLE * const *b);
-static int table_cmp(const void *a, const void *b);
 
 
 /* This is the global mask for the mbstring functions: this is use to
@@ -186,22 +185,25 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
 	return (*a)->nid - (*b)->nid;
 }
 
-static int table_cmp(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp);
+
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
 {
-	const ASN1_STRING_TABLE *sa = a, *sb = b;
-	return sa->nid - sb->nid;
+	return a->nid - b->nid;
 }
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table_cmp);
+
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
 	int idx;
 	ASN1_STRING_TABLE *ttmp;
 	ASN1_STRING_TABLE fnd;
 	fnd.nid = nid;
-	ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
-					(char *)tbl_standard, 
-			sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-			sizeof(ASN1_STRING_TABLE), table_cmp);
+	ttmp = OBJ_bsearch(ASN1_STRING_TABLE, &fnd,
+			   ASN1_STRING_TABLE, tbl_standard, 
+			   sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+			   table_cmp);
 	if(ttmp) return ttmp;
 	if(!stable) return NULL;
 	idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 47cbdd28d0..300195bf95 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -112,12 +112,18 @@ void main()
 	}
 #endif
 
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *,
+			   const EVP_PKEY_ASN1_METHOD *, ameth_cmp);
+
 static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
-                const EVP_PKEY_ASN1_METHOD * const *b)
+		     const EVP_PKEY_ASN1_METHOD * const *b)
 	{
         return ((*a)->pkey_id - (*b)->pkey_id);
 	}
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_ASN1_METHOD *,
+			     const EVP_PKEY_ASN1_METHOD *, ameth_cmp);
+
 int EVP_PKEY_asn1_get_count(void)
 	{
 	int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
@@ -139,7 +145,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
 
 static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
 	{
-	EVP_PKEY_ASN1_METHOD tmp, *t = &tmp, **ret;
+	EVP_PKEY_ASN1_METHOD tmp, *t = &tmp;
+	const EVP_PKEY_ASN1_METHOD **ret;
 	tmp.pkey_id = type;
 	if (app_methods)
 		{
@@ -148,11 +155,11 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
 		if (idx >= 0)
 			return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
 		}
-	ret = (EVP_PKEY_ASN1_METHOD **) OBJ_bsearch((char *)&t,
-        		(char *)standard_methods,
-			sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *),
-        		sizeof(EVP_PKEY_ASN1_METHOD *),
-			(int (*)(const void *, const void *))ameth_cmp);
+	ret = OBJ_bsearch(EVP_PKEY_ASN1_METHOD *, &t,
+			  const EVP_PKEY_ASN1_METHOD *, standard_methods,
+			  sizeof(standard_methods)
+			  /sizeof(EVP_PKEY_ASN1_METHOD *),
+			  ameth_cmp);
 	if (!ret || !*ret)
 		return NULL;
 	return *ret;
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 8fecd34221..7d6a50266a 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -189,10 +189,10 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 	return 1;	
 }
 
-static int pbe_cmp2(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2);
+
+static int pbe_cmp2(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
 	{
-	const EVP_PBE_CTL *pbe1 = a;
-	const EVP_PBE_CTL *pbe2 = b;
 	int ret = pbe1->pbe_type - pbe2->pbe_type;
 	if (ret)
 		return ret;
@@ -200,6 +200,8 @@ static int pbe_cmp2(const void *a, const void *b)
 		return pbe1->pbe_nid - pbe2->pbe_nid;
 	}
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe_cmp2);
+
 static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
 	{
 	int ret = (*a)->pbe_type - (*b)->pbe_type;
@@ -269,11 +271,10 @@ int EVP_PBE_find(int type, int pbe_nid,
 		}
 	if (pbetmp == NULL)
 		{
-		pbetmp = (EVP_PBE_CTL *) OBJ_bsearch((char *)&pbelu,
-        		(char *)builtin_pbe,
-			sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
-        		sizeof(EVP_PBE_CTL),
-			pbe_cmp2);
+		pbetmp = OBJ_bsearch(EVP_PBE_CTL, &pbelu,
+				     EVP_PBE_CTL, builtin_pbe,
+				     sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
+				     pbe_cmp2);
 		}
 	if (pbetmp == NULL)
 		return 0;
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 765a6c07db..3fd11cbb5a 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -84,15 +84,22 @@ static const EVP_PKEY_METHOD *standard_methods[] =
 	&hmac_pkey_meth,
 	};
 
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+			   pmeth_cmp);
+
 static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
-                const EVP_PKEY_METHOD * const *b)
+		     const EVP_PKEY_METHOD * const *b)
 	{
         return ((*a)->pkey_id - (*b)->pkey_id);
 	}
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+			     pmeth_cmp);
+
 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
 	{
-	EVP_PKEY_METHOD tmp, *t = &tmp, **ret;
+	EVP_PKEY_METHOD tmp, *t = &tmp;
+	const EVP_PKEY_METHOD **ret;
 	tmp.pkey_id = type;
 	if (app_pkey_methods)
 		{
@@ -101,11 +108,10 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
 		if (idx >= 0)
 			return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
 		}
-	ret = (EVP_PKEY_METHOD **) OBJ_bsearch((char *)&t,
-        		(char *)standard_methods,
-			sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *),
-        		sizeof(EVP_PKEY_METHOD *),
-			(int (*)(const void *, const void *))pmeth_cmp);
+	ret = OBJ_bsearch(EVP_PKEY_METHOD *, &t,
+			  const EVP_PKEY_METHOD *, standard_methods,
+			  sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *),
+			  pmeth_cmp);
 	if (!ret || !*ret)
 		return NULL;
 	return *ret;
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index db88f5f980..acb6bcfb06 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -81,9 +81,10 @@ static const unsigned int ln_objs[1];
 static const unsigned int obj_objs[1];
 #endif
 
-static int sn_cmp(const void *a, const void *b);
-static int ln_cmp(const void *a, const void *b);
-static int obj_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp);
+
 #define ADDED_DATA	0
 #define ADDED_SNAME	1
 #define ADDED_LNAME	2
@@ -99,19 +100,15 @@ DECLARE_LHASH_OF(ADDED_OBJ);
 static int new_nid=NUM_NID;
 static LHASH_OF(ADDED_OBJ) *added=NULL;
 
-static int sn_cmp(const void *a, const void *b)
-	{
-	const ASN1_OBJECT * const *ap = a;
-	const unsigned int *bp = b;
-	return(strcmp((*ap)->sn,nid_objs[*bp].sn));
-	}
+static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
+	{ return(strcmp((*a)->sn,nid_objs[*b].sn)); }
 
-static int ln_cmp(const void *a, const void *b)
-	{ 
-	const ASN1_OBJECT * const *ap = a;
-	const unsigned int *bp = b;
-	return(strcmp((*ap)->ln,nid_objs[*bp].ln));
-	}
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, sn_cmp)
+
+static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
+	{ return(strcmp((*a)->ln,nid_objs[*b].ln)); }
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, ln_cmp)
 
 static unsigned long added_obj_hash(const ADDED_OBJ *ca)
 	{
@@ -385,6 +382,19 @@ const char *OBJ_nid2ln(int n)
 		}
 	}
 
+static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
+	{
+	int j;
+	const ASN1_OBJECT *a= *ap;
+	const ASN1_OBJECT *b= &nid_objs[*bp];
+
+	j=(a->length - b->length);
+        if (j) return(j);
+	return(memcmp(a->data,b->data,a->length));
+	}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, const unsigned int, obj_cmp)
+
 int OBJ_obj2nid(const ASN1_OBJECT *a)
 	{
 	const unsigned int *op;
@@ -402,8 +412,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
 		adp=lh_ADDED_OBJ_retrieve(added,&ad);
 		if (adp != NULL) return (adp->obj->nid);
 		}
-	op=(const unsigned int *)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
-		NUM_OBJ, sizeof(obj_objs[0]),obj_cmp);
+	op=OBJ_bsearch(const ASN1_OBJECT *, &a, const unsigned int, obj_objs,
+		       NUM_OBJ, obj_cmp);
 	if (op == NULL)
 		return(NID_undef);
 	return(nid_objs[*op].nid);
@@ -625,7 +635,8 @@ int OBJ_txt2nid(const char *s)
 
 int OBJ_ln2nid(const char *s)
 	{
-	ASN1_OBJECT o,*oo= &o;
+	ASN1_OBJECT o;
+	const ASN1_OBJECT *oo= &o;
 	ADDED_OBJ ad,*adp;
 	const unsigned int *op;
 
@@ -637,15 +648,16 @@ int OBJ_ln2nid(const char *s)
 		adp=lh_ADDED_OBJ_retrieve(added,&ad);
 		if (adp != NULL) return (adp->obj->nid);
 		}
-	op=(const unsigned int*)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
-		sizeof(ln_objs[0]),ln_cmp);
+	op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, ln_objs,
+				   NUM_LN, ln_cmp);
 	if (op == NULL) return(NID_undef);
 	return(nid_objs[*op].nid);
 	}
 
 int OBJ_sn2nid(const char *s)
 	{
-	ASN1_OBJECT o,*oo= &o;
+	ASN1_OBJECT o;
+	const ASN1_OBJECT *oo= &o;
 	ADDED_OBJ ad,*adp;
 	const unsigned int *op;
 
@@ -657,32 +669,22 @@ int OBJ_sn2nid(const char *s)
 		adp=lh_ADDED_OBJ_retrieve(added,&ad);
 		if (adp != NULL) return (adp->obj->nid);
 		}
-	op=(const unsigned int *)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
-		sizeof(sn_objs[0]),sn_cmp);
+	op=OBJ_bsearch(const ASN1_OBJECT *, &oo, const unsigned int, sn_objs,
+				   NUM_SN, sn_cmp);
 	if (op == NULL) return(NID_undef);
 	return(nid_objs[*op].nid);
 	}
 
-static int obj_cmp(const void *ap, const void *bp)
-	{
-	int j;
-	const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
-	const ASN1_OBJECT *b= &nid_objs[*((const unsigned int *)bp)];
-
-	j=(a->length - b->length);
-        if (j) return(j);
-	return(memcmp(a->data,b->data,a->length));
-        }
-
-const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
-	int (*cmp)(const void *, const void *))
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+			 int (*cmp)(const void *, const void *))
 	{
 	return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
 	}
 
-const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
+const void *OBJ_bsearch_ex(const void *key, const void *base_, int num,
 	int size, int (*cmp)(const void *, const void *), int flags)
 	{
+	const char *base=base_;
 	int l,h,i=0,c=0;
 	const char *p = NULL;
 
diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c
index 4ebaa1cc6a..3e85e7a576 100644
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
@@ -64,28 +64,35 @@ STACK_OF(nid_triple) *sig_app, *sigx_app;
 
 static int cmp_sig(const nid_triple *a, const nid_triple *b)
 	{
-	return **a - **b;
+	return a->sign_id - b->sign_id;
 	}
 
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple, const nid_triple, cmp_sig)
+
 static int cmp_sig_sk(const nid_triple * const *a, const nid_triple * const *b)
 	{
-	return ***a - ***b;
+	return (*a)->sign_id - (*b)->sign_id;
 	}
 
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx);
+
 static int cmp_sigx(const nid_triple * const *a, const nid_triple * const *b)
 	{
 	int ret;
-	ret = (**a)[1] - (**b)[1];
+	ret = (*a)->hash_id - (*b)->hash_id;
 	if (ret)
 		return ret;
-	return (**a)[2] - (**b)[2];
+	return (*a)->pkey_id - (*b)->pkey_id;
 	}
 
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, cmp_sigx)
 
 int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
 	{
-	nid_triple tmp, *rv = NULL;
-	tmp[0] = signid;
+	nid_triple tmp;
+	const nid_triple *rv = NULL;
+	tmp.sign_id = signid;
 
 	if (sig_app)
 		{
@@ -97,25 +104,27 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
 #ifndef OBJ_XREF_TEST2
 	if (rv == NULL)
 		{
-		rv = (nid_triple *)OBJ_bsearch((char *)&tmp,
-				(char *)sigoid_srt,
-				sizeof(sigoid_srt) / sizeof(nid_triple),
-				sizeof(nid_triple),
-				(int (*)(const void *, const void *))cmp_sig);
+		rv = OBJ_bsearch(const nid_triple,&tmp,
+				 const nid_triple,sigoid_srt,
+				 sizeof(sigoid_srt) / sizeof(nid_triple),
+				 cmp_sig);
 		}
 #endif
 	if (rv == NULL)
 		return 0;
-	*pdig_nid = (*rv)[1];
-	*ppkey_nid = (*rv)[2];
+	*pdig_nid = rv->hash_id;
+	*ppkey_nid = rv->pkey_id;
 	return 1;
 	}
 
 int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
 	{
-	nid_triple tmp, *t=&tmp, **rv = NULL;
-	tmp[1] = dig_nid;
-	tmp[2] = pkey_nid;
+	nid_triple tmp;
+	const nid_triple const *t=&tmp;
+	const nid_triple **rv = NULL;
+
+	tmp.hash_id = dig_nid;
+	tmp.pkey_id = pkey_nid;
 
 	if (sigx_app)
 		{
@@ -130,16 +139,15 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
 #ifndef OBJ_XREF_TEST2
 	if (rv == NULL)
 		{
-		rv = (nid_triple **)OBJ_bsearch((char *)&t,
-				(char *)sigoid_srt_xref,
-				sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
-				sizeof(nid_triple *),
-				(int (*)(const void *, const void *))cmp_sigx);
+		rv = OBJ_bsearch(const nid_triple *,&t,
+				 const nid_triple *,sigoid_srt_xref,
+				 sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
+				 cmp_sigx);
 		}
 #endif
 	if (rv == NULL)
 		return 0;
-	*psignid = (**rv)[0];
+	*psignid = (*rv)->sign_id;
 	return 1;
 	}
 
@@ -157,9 +165,9 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
 	ntr = OPENSSL_malloc(sizeof(int) * 3);
 	if (!ntr)
 		return 0;
-	(*ntr)[0] = signid;
-	(*ntr)[1] = dig_id;
-	(*ntr)[2] = pkey_id;
+	ntr->sign_id = signid;
+	ntr->hash_id = dig_id;
+	ntr->pkey_id = pkey_id;
 
 	if (!sk_nid_triple_push(sig_app, ntr))
 		{
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
deleted file mode 100644
index c139d3a8e2..0000000000
--- a/crypto/objects/obj_xref.h
+++ /dev/null
@@ -1,69 +0,0 @@
-
-typedef int nid_triple[3];
-
-static const nid_triple sigoid_srt[] =
-	{
-	{NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
-	{NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
-	{NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
-	{NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
-	{NID_dsaWithSHA, NID_sha, NID_dsa},
-	{NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
-	{NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
-	{NID_md5WithRSA, NID_md5, NID_rsa},
-	{NID_dsaWithSHA1, NID_sha1, NID_dsa},
-	{NID_sha1WithRSA, NID_sha1, NID_rsa},
-	{NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
-	{NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
-	{NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
-	{NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
-	{NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
-	{NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
-	{NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
-	{NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
-	{NID_dsa_with_SHA224, NID_sha224, NID_dsa},
-	{NID_dsa_with_SHA256, NID_sha256, NID_dsa},
-	{NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
-	{NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
-	{NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
-	{NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
-	};
-
-static const nid_triple * const sigoid_srt_xref[] =
-	{
-	&sigoid_srt[17],
-	&sigoid_srt[18],
-	&sigoid_srt[0],
-	&sigoid_srt[1],
-	&sigoid_srt[7],
-	&sigoid_srt[2],
-	&sigoid_srt[4],
-	&sigoid_srt[3],
-	&sigoid_srt[9],
-	&sigoid_srt[5],
-	&sigoid_srt[8],
-	&sigoid_srt[12],
-	&sigoid_srt[6],
-	&sigoid_srt[10],
-	&sigoid_srt[11],
-	&sigoid_srt[13],
-	&sigoid_srt[24],
-	&sigoid_srt[20],
-	&sigoid_srt[14],
-	&sigoid_srt[21],
-	&sigoid_srt[15],
-	&sigoid_srt[22],
-	&sigoid_srt[16],
-	&sigoid_srt[23],
-	&sigoid_srt[19],
-	&sigoid_srt[25],
-	&sigoid_srt[26],
-	&sigoid_srt[27],
-	&sigoid_srt[28],
-	};
-
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h
index 7d8cdc97c3..7dc1bf5f00 100644
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -1011,10 +1011,68 @@ int		OBJ_txt2nid(const char *s);
 int		OBJ_ln2nid(const char *s);
 int		OBJ_sn2nid(const char *s);
 int		OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const char *	OBJ_bsearch(const char *key,const char *base,int num,int size,
-	int (*cmp)(const void *, const void *));
-const char *	OBJ_bsearch_ex(const char *key,const char *base,int num,
-	int size, int (*cmp)(const void *, const void *), int flags);
+const void *	OBJ_bsearch_(const void *key,const void *base,int num,int size,
+			     int (*cmp)(const void *, const void *));
+const void *	OBJ_bsearch_ex(const void *key,const void *base,int num,
+			       int size, int (*cmp)(const void *, const void *),
+			       int flags);
+
+#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp)	\
+  scope type1 *cmp##_type_1; \
+  scope type2 *cmp##_type_2;					\
+  scope int cmp##_BSEARCH_CMP_FN(const void *, const void *);		\
+  scope int cmp(const type1 const *, const type2 const *);
+
+#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)	\
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp)	\
+  _DECLARE_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
+
+/*
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignement discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, delcare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+#define _IMPLEMENT_OBJ_BSEARCH_CMP_FN(scope, type1, type2, cmp)	\
+  scope int cmp##_BSEARCH_CMP_FN(const void *a_, const void *b_)	\
+      { \
+      const type1 const *a = a_; \
+      const type2 const *b = b_; \
+      return cmp(a,b); \
+      }
+
+#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
+  _IMPLEMENT_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp)	\
+  _IMPLEMENT_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
+
+#define OBJ_bsearch(type1,key,type2,base,num,cmp)			       \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+			 num,sizeof(type2),				\
+			 (cmp##_type_1=CHECKED_PTR_OF(type1,cmp##_type_1), \
+			  cmp##_type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+			  cmp##_BSEARCH_CMP_FN)))
 
 int		OBJ_new_nid(int num);
 int		OBJ_add_object(const ASN1_OBJECT *obj);
diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl
index 0dd360b5b0..4a42924c56 100644
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
@@ -50,8 +50,14 @@ my @srt2 = sort
 	
 
 print <<EOF;
+/* AUTOGENERATED BY $0, DO NOT EDIT */
 
-typedef int nid_triple[3];
+typedef struct
+	{
+	int sign_id;
+	int hash_id;
+	int pkey_id;
+	} nid_triple;
 
 static const nid_triple sigoid_srt[] =
 	{
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index e9db6d62a7..9c37c4ded3 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -356,12 +356,17 @@ static const X509_VERIFY_PARAM default_table[] = {
 
 static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
 
-static int table_cmp(const void *pa, const void *pb)
+static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
+
 	{
-	const X509_VERIFY_PARAM *a = pa, *b = pb;
 	return strcmp(a->name, b->name);
 	}
 
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
+			   table_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
+			     table_cmp);
+
 static int param_cmp(const X509_VERIFY_PARAM * const *a,
 			const X509_VERIFY_PARAM * const *b)
 	{
@@ -397,6 +402,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
 	{
 	int idx;
 	X509_VERIFY_PARAM pm;
+
 	pm.name = (char *)name;
 	if (param_table)
 		{
@@ -404,11 +410,10 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
 		if (idx != -1)
 			return sk_X509_VERIFY_PARAM_value(param_table, idx);
 		}
-	return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
-				(char *)&default_table,
-				sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
-				sizeof(X509_VERIFY_PARAM),
-				table_cmp);
+	return OBJ_bsearch(const X509_VERIFY_PARAM, &pm,
+			   const X509_VERIFY_PARAM, default_table,
+			   sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
+			   table_cmp);
 	}
 
 void X509_VERIFY_PARAM_table_cleanup(void)
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index 59837a44be..22a390ab46 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -73,7 +73,7 @@ extern X509V3_EXT_METHOD v3_addr, v3_asid;
  * order of the ext_nid values.
  */
 
-static X509V3_EXT_METHOD *standard_exts[] = {
+static const X509V3_EXT_METHOD *standard_exts[] = {
 &v3_nscert,
 &v3_ns_ia5_list[0],
 &v3_ns_ia5_list[1],
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 2c2d6c4442..55b44848cd 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -392,8 +392,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
 	
 }
 
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	GENERAL_NAME *gen;
 	GENERAL_NAMES *gens = NULL;
@@ -414,15 +414,15 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 	return NULL;
 }
 
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-							 CONF_VALUE *cnf)
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+			       CONF_VALUE *cnf)
 	{
 	return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
 	}
 
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-				X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-				int gen_type, char *value, int is_nc)
+			       const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+			       int gen_type, char *value, int is_nc)
 	{
 	char is_string = 0;
 	GENERAL_NAME *gen = NULL;
@@ -518,8 +518,8 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
 	}
 
 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-				X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-						 CONF_VALUE *cnf, int is_nc)
+				  const X509V3_EXT_METHOD *method,
+				  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
 	{
 	int type;
 
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index e654ae7e1e..df3b991fe5 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -72,8 +72,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
-						 int crit, void *ext_struc);
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
+				  int crit, void *ext_struc);
 static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
 /* CONF *conf:  Config file    */
 /* char *name:  Name    */
@@ -115,7 +115,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 				    int crit, char *value)
 	{
-	X509V3_EXT_METHOD *method;
+	const X509V3_EXT_METHOD *method;
 	X509_EXTENSION *ext;
 	STACK_OF(CONF_VALUE) *nval;
 	void *ext_struc;
@@ -172,7 +172,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 
 	}
 
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
 				  int crit, void *ext_struc)
 	{
 	unsigned char *ext_der;
@@ -214,7 +214,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
 	{
-	X509V3_EXT_METHOD *method;
+	const X509V3_EXT_METHOD *method;
 	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
 		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
 		return NULL;
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index 17a1fbf62c..c5e616cacc 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -63,10 +63,10 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_crld(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-								int indent);
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+		      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+		     int indent);
 
 const X509V3_EXT_METHOD v3_crld =
 	{
@@ -308,8 +308,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
 	return NULL;
 	}
 
-static void *v2i_crld(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+		      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 	{
 	STACK_OF(DIST_POINT) *crld = NULL;
 	GENERAL_NAMES *gens = NULL;
@@ -426,10 +426,10 @@ ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
 
-static int i2r_idp(X509V3_EXT_METHOD *method,
-	     void *pidp, BIO *out, int indent);
-static void *v2i_idp(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+		   int indent);
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+		     STACK_OF(CONF_VALUE) *nval);
 
 const X509V3_EXT_METHOD v3_idp =
 	{
@@ -443,8 +443,8 @@ const X509V3_EXT_METHOD v3_idp =
 	NULL
 	};
 
-static void *v2i_idp(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+		     STACK_OF(CONF_VALUE) *nval)
 	{
 	ISSUING_DIST_POINT *idp = NULL;
 	CONF_VALUE *cnf;
@@ -535,7 +535,8 @@ static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
 	return 1;
 	}
 
-static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+		   int indent)
 	{
 	ISSUING_DIST_POINT *idp = pidp;
 	if (idp->distpoint)
@@ -559,8 +560,8 @@ static int i2r_idp(X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent)
 	return 1;
 	}
 
-static int i2r_crldp(X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-								int indent)
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+		     int indent)
 	{
 	STACK_OF(DIST_POINT) *crld = pcrldp;
 	DIST_POINT *point;
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
index a4efe0031e..4e968b9e1d 100644
--- a/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
@@ -63,9 +63,10 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+				    X509V3_CTX *ctx,
+				    STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
 		void *eku, STACK_OF(CONF_VALUE) *extlist);
 
 const X509V3_EXT_METHOD v3_ext_ku = {
@@ -97,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
 
 IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
 
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-		void *a, STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *
+  i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a,
+			 STACK_OF(CONF_VALUE) *ext_list)
 {
 	EXTENDED_KEY_USAGE *eku = a;
 	int i;
@@ -112,8 +114,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
 	return ext_list;
 }
 
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+				    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	EXTENDED_KEY_USAGE *extku;
 	char *extval;
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index f3015ea610..3ad5b29afc 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -84,20 +84,26 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 }
 
 static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-		const X509V3_EXT_METHOD * const *b)
+		   const X509V3_EXT_METHOD * const *b)
 {
 	return ((*a)->ext_nid - (*b)->ext_nid);
 }
 
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *,
+			   ext_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+			     const X509V3_EXT_METHOD *, ext_cmp);
+
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 {
-	X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+	X509V3_EXT_METHOD tmp;
+	const X509V3_EXT_METHOD *t = &tmp, * const *ret;
 	int idx;
 	if(nid < 0) return NULL;
 	tmp.ext_nid = nid;
-	ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
-			(char *)standard_exts, STANDARD_EXTENSION_COUNT,
-			sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
+	ret = OBJ_bsearch(const X509V3_EXT_METHOD *, &t,
+			  const X509V3_EXT_METHOD *, standard_exts,
+			  STANDARD_EXTENSION_COUNT, ext_cmp);
 	if(ret) return *ret;
 	if(!ext_list) return NULL;
 	idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
@@ -105,7 +111,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 	return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
 {
 	int nid;
 	if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
@@ -122,7 +128,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
 
 int X509V3_EXT_add_alias(int nid_to, int nid_from)
 {
-	X509V3_EXT_METHOD *ext, *tmpext;
+	const X509V3_EXT_METHOD *ext;
+	X509V3_EXT_METHOD *tmpext;
+
 	if(!(ext = X509V3_EXT_get_nid(nid_from))) {
 		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
 		return 0;
@@ -161,7 +169,7 @@ int X509V3_add_standard_extensions(void)
 
 void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
-	X509V3_EXT_METHOD *method;
+	const X509V3_EXT_METHOD *method;
 	const unsigned char *p;
 
 	if(!(method = X509V3_EXT_get(ext))) return NULL;
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 9a99cb2fa0..452437da48 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -63,13 +63,13 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, 
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+				  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, 
 				void *a, BIO *bp, int ind);
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-				STACK_OF(GENERAL_SUBTREE) *trees,
-					BIO *bp, int ind, char *name);
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+				   STACK_OF(GENERAL_SUBTREE) *trees,
+				   BIO *bp, int ind, char *name);
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
 
 static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
@@ -106,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+				  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 	{
 	int i;
 	CONF_VALUE tval, *val;
@@ -162,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
 
 	
 
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				void *a, BIO *bp, int ind)
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+				BIO *bp, int ind)
 	{
 	NAME_CONSTRAINTS *ncons = a;
 	do_i2r_name_constraints(method, ncons->permittedSubtrees,
@@ -173,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
 	return 1;
 	}
 
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-				STACK_OF(GENERAL_SUBTREE) *trees,
-					BIO *bp, int ind, char *name)
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+				   STACK_OF(GENERAL_SUBTREE) *trees,
+				   BIO *bp, int ind, char *name)
 	{
 	GENERAL_SUBTREE *tree;
 	int i;
diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
index 62aac06335..ac1fee6987 100644
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -68,19 +68,26 @@
 /* OCSP extensions and a couple of CRL entry extensions
  */
 
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
+			  BIO *out, int indent);
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
+			    BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+		      int indent);
 
 static void *ocsp_nonce_new(void);
 static int i2d_ocsp_nonce(void *a, unsigned char **pp);
 static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+			  BIO *out, int indent);
 
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+			    void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+			      const char *str);
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+			       BIO *bp, int ind);
 
 const X509V3_EXT_METHOD v3_ocsp_crlid = {
 	NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
@@ -148,7 +155,8 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
 	NULL
 };
 
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
+			  int ind)
 {
 	OCSP_CRLID *a = in;
 	if (a->crlUrl)
@@ -174,7 +182,8 @@ static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
 	return 0;
 }
 
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
+			    BIO *bp, int ind)
 {
 	if (!BIO_printf(bp, "%*s", ind, "")) return 0;
 	if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
@@ -182,7 +191,8 @@ static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, in
 }
 
 
-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+		      int ind)
 {
 	if (!BIO_printf(bp, "%*s", ind, "")) return 0;
 	if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
@@ -232,7 +242,8 @@ static void ocsp_nonce_free(void *a)
 	M_ASN1_OCTET_STRING_free(a);
 }
 
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+			  BIO *out, int indent)
 {
 	if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
 	if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
@@ -241,17 +252,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
 
 /* Nocheck is just a single NULL. Don't print anything and always set it */
 
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
+			    BIO *out, int indent)
 {
 	return 1;
 }
 
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+			      const char *str)
 {
 	return ASN1_NULL_new();
 }
 
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+			       BIO *bp, int ind)
         {
 	int i;
 	OCSP_SERVICELOC *a = in;
diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c
index 13248c2ada..a14aa306ec 100644
--- a/crypto/x509v3/v3_pcons.c
+++ b/crypto/x509v3/v3_pcons.c
@@ -64,10 +64,12 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				void *bcons, STACK_OF(CONF_VALUE) *extlist);
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
+		       STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+				    X509V3_CTX *ctx,
+				    STACK_OF(CONF_VALUE) *values);
 
 const X509V3_EXT_METHOD v3_policy_constraints = {
 NID_policy_constraints, 0,
@@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     void *a, STACK_OF(CONF_VALUE) *extlist)
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+		       STACK_OF(CONF_VALUE) *extlist)
 {
 	POLICY_CONSTRAINTS *pcons = a;
 	X509V3_add_value_int("Require Explicit Policy",
@@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
 	return extlist;
 }
 
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+				    X509V3_CTX *ctx,
+				    STACK_OF(CONF_VALUE) *values)
 {
 	POLICY_CONSTRAINTS *pcons=NULL;
 	CONF_VALUE *val;
diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c
index 626303264f..bac5a5071d 100644
--- a/crypto/x509v3/v3_pmaps.c
+++ b/crypto/x509v3/v3_pmaps.c
@@ -63,10 +63,11 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-				void *pmps, STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps,
+		    STACK_OF(CONF_VALUE) *extlist);
 
 const X509V3_EXT_METHOD v3_policy_mappings = {
 	NID_policy_mappings, 0,
@@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
 
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-		void *a, STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a,
+		    STACK_OF(CONF_VALUE) *ext_list)
 {
 	POLICY_MAPPINGS *pmaps = a;
 	POLICY_MAPPING *pmap;
@@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
 	return ext_list;
 }
 
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	POLICY_MAPPINGS *pmaps;
 	POLICY_MAPPING *pmap;
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 20bd9bda19..feb57684f2 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -110,7 +110,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 	void *ext_str = NULL;
 	char *value = NULL;
 	const unsigned char *p;
-	X509V3_EXT_METHOD *method;	
+	const X509V3_EXT_METHOD *method;	
 	STACK_OF(CONF_VALUE) *nval = NULL;
 	int ok = 1;
 
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 1ca370dc0b..a5d9805ce4 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -267,11 +267,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
 	return xp->trust;
 }
 
-static int nid_cmp(int *a, int *b)
+static int nid_cmp(const int *a, const int *b)
 	{
 	return *a - *b;
 	}
 
+DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid_cmp);
+
 int X509_supported_extension(X509_EXTENSION *ex)
 	{
 	/* This table is a list of the NIDs of supported extensions:
@@ -282,7 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
 	 * searched using bsearch.
 	 */
 
-	static int supported_nids[] = {
+	static const int supported_nids[] = {
 		NID_netscape_cert_type, /* 71 */
         	NID_key_usage,		/* 83 */
 		NID_subject_alt_name,	/* 85 */
@@ -300,16 +303,13 @@ int X509_supported_extension(X509_EXTENSION *ex)
 		NID_inhibit_any_policy	/* 748 */
 	};
 
-	int ex_nid;
-
-	ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+	const int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
 
 	if (ex_nid == NID_undef) 
 		return 0;
 
-	if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
-		sizeof(supported_nids)/sizeof(int), sizeof(int),
-		(int (*)(const void *, const void *))nid_cmp))
+	if (OBJ_bsearch(int, &ex_nid, int, supported_nids,
+			sizeof(supported_nids)/sizeof(int), nid_cmp))
 		return 1;
 	return 0;
 	}
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 22b1b7fe39..460a04077c 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -76,12 +76,19 @@ typedef void * (*X509V3_EXT_NEW)(void);
 typedef void (*X509V3_EXT_FREE)(void *);
 typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
 typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+typedef STACK_OF(CONF_VALUE) *
+  (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
+		    STACK_OF(CONF_VALUE) *extlist);
+typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
+				 struct v3_ext_ctx *ctx,
+				 STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
+				 struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
+			      BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
+				 struct v3_ext_ctx *ctx, const char *str);
 
 /* V3 extension structure */
 
@@ -533,8 +540,8 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
 
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
 DECLARE_ASN1_FUNCTIONS(OTHERNAME)
 DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
@@ -584,14 +591,15 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
 
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-				X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-				int gen_type, char *value, int is_nc);
+			       const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+			       int gen_type, char *value, int is_nc);
 
 #ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-							CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+			       CONF_VALUE *cnf);
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+				  const X509V3_EXT_METHOD *method,
+				  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
 void X509V3_conf_free(CONF_VALUE *val);
 
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
@@ -644,8 +652,8 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
 void X509V3_EXT_cleanup(void);
 
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);