replace 'unsigned const char' with 'const unsigned char'

The openssl code base has only a few occurrences of 'unsigned const char'
(15 occurrences), compared to the more common 'const unsigned char' (4420
occurrences).

While the former is not illegal C, mixing the 'const' keyword (a 'type
qualifier') in between 'unsigned' and 'char' (both 'type specifiers') is a
bit odd.

The background for writing this patch is not to be pedantic, but because
the 'opmock' program (used to mock headers for unit tests) does not accept
the 'unsigned const char' construct. While this definitely is a bug in
opmock or one of its dependencies, openssl is the only piece of software we
are using in combination with opmock that has this construct.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13722)

5 files changed, 15 insertions, 15 deletions

diff --git a/apps/passwd.c b/apps/passwd.c
index c39254460d..6673040273 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -22,7 +22,7 @@
 #include <openssl/md5.h>
 #include <openssl/sha.h>
 
-static unsigned const char cov_2char[64] = {
+static const unsigned char cov_2char[64] = {
     /* from crypto/des/fcrypt.c */
     0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
     0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
@@ -413,7 +413,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
         if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
             goto err;
         if (!EVP_DigestUpdate(md2,
-                              (i & 1) ? (unsigned const char *)passwd : buf,
+                              (i & 1) ? (const unsigned char *)passwd : buf,
                               (i & 1) ? passwd_len : sizeof(buf)))
             goto err;
         if (i % 3) {
@@ -425,7 +425,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
                 goto err;
         }
         if (!EVP_DigestUpdate(md2,
-                              (i & 1) ? buf : (unsigned const char *)passwd,
+                              (i & 1) ? buf : (const unsigned char *)passwd,
                               (i & 1) ? sizeof(buf) : passwd_len))
                 goto err;
         if (!EVP_DigestFinal_ex(md2, buf, NULL))
@@ -627,7 +627,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
     n = passwd_len;
     while (n) {
         if (!EVP_DigestUpdate(md,
-                              (n & 1) ? buf : (unsigned const char *)passwd,
+                              (n & 1) ? buf : (const unsigned char *)passwd,
                               (n & 1) ? buf_size : passwd_len))
             goto err;
         n >>= 1;
@@ -673,7 +673,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
         if (!EVP_DigestInit_ex(md2, sha, NULL))
             goto err;
         if (!EVP_DigestUpdate(md2,
-                              (n & 1) ? (unsigned const char *)p_bytes : buf,
+                              (n & 1) ? (const unsigned char *)p_bytes : buf,
                               (n & 1) ? passwd_len : buf_size))
             goto err;
         if (n % 3) {
@@ -685,7 +685,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
                 goto err;
         }
         if (!EVP_DigestUpdate(md2,
-                              (n & 1) ? buf : (unsigned const char *)p_bytes,
+                              (n & 1) ? buf : (const unsigned char *)p_bytes,
                               (n & 1) ? buf_size : passwd_len))
                 goto err;
         if (!EVP_DigestFinal_ex(md2, buf, NULL))
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
index 0b181fda3b..190a44dbdf 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -31,7 +31,7 @@
  * Added more values to handle illegal salt values the way normal crypt()
  * implementations do.
  */
-static unsigned const char con_salt[128] = {
+static const unsigned char con_salt[128] = {
     0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
     0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1,
     0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9,
@@ -50,7 +50,7 @@ static unsigned const char con_salt[128] = {
     0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
 };
 
-static unsigned const char cov_2char[64] = {
+static const unsigned char cov_2char[64] = {
     0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
     0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
     0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod
index e886325191..72fd1bf883 100644
--- a/doc/man3/SSL_CTX_dane_enable.pod
+++ b/doc/man3/SSL_CTX_dane_enable.pod
@@ -18,10 +18,10 @@ TLS client
                             uint8_t mtype, uint8_t ord);
  int SSL_dane_enable(SSL *s, const char *basedomain);
  int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
-                       uint8_t mtype, unsigned const char *data, size_t dlen);
+                       uint8_t mtype, const unsigned char *data, size_t dlen);
  int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
  int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
-                        uint8_t *mtype, unsigned const char **data,
+                        uint8_t *mtype, const unsigned char **data,
                         size_t *dlen);
  unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
  unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 4e5d50bd6d..0025a2a8cd 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1810,10 +1810,10 @@ __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
                                   uint8_t mtype, uint8_t ord);
 __owur int SSL_dane_enable(SSL *s, const char *basedomain);
 __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
-                             uint8_t mtype, unsigned const char *data, size_t dlen);
+                             uint8_t mtype, const unsigned char *data, size_t dlen);
 __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
 __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
-                              uint8_t *mtype, unsigned const char **data,
+                              uint8_t *mtype, const unsigned char **data,
                               size_t *dlen);
 /*
  * Bridge opacity barrier between libcrypt and libssl, also needed to support
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d14d5819ba..a8a1416073 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -269,7 +269,7 @@ static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
 static int dane_tlsa_add(SSL_DANE *dane,
                          uint8_t usage,
                          uint8_t selector,
-                         uint8_t mtype, unsigned const char *data, size_t dlen)
+                         uint8_t mtype, const unsigned char *data, size_t dlen)
 {
     danetls_record *t;
     const EVP_MD *md = NULL;
@@ -1099,7 +1099,7 @@ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
 }
 
 int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
-                       uint8_t *mtype, unsigned const char **data, size_t *dlen)
+                       uint8_t *mtype, const unsigned char **data, size_t *dlen)
 {
     SSL_DANE *dane = &s->dane;
 
@@ -1126,7 +1126,7 @@ SSL_DANE *SSL_get0_dane(SSL *s)
 }
 
 int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
-                      uint8_t mtype, unsigned const char *data, size_t dlen)
+                      uint8_t mtype, const unsigned char *data, size_t dlen)
 {
     return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
 }