From: Hugo Landau Date: Thu, 1 Feb 2024 07:45:15 +0000 (+0000) Subject: libssl: Make some global mutable structures constant X-Git-Tag: openssl-3.3.0-alpha1~235 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=89dd87e1e86ee23a1582ec558abd2eb27d68505d;p=thirdparty%2Fopenssl.git libssl: Make some global mutable structures constant x Reviewed-by: Matt Caswell Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/23450) --- diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 5ca135d9703..f21d12b8727 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -20,7 +20,7 @@ #ifndef OPENSSL_NO_SRTP -static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { +static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { "SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80, @@ -73,9 +73,9 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { }; static int find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, size_t len) + const SRTP_PROTECTION_PROFILE **pptr, size_t len) { - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; p = srtp_known_profiles; while (p->name) { @@ -98,7 +98,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string, char *col; char *ptr = (char *)profiles_string; - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); @@ -110,12 +110,14 @@ static int ssl_ctx_make_profiles(const char *profiles_string, if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) : strlen(ptr))) { - if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { + if (sk_SRTP_PROTECTION_PROFILE_find(profiles, + (SRTP_PROTECTION_PROFILE *)p) >= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); goto err; } - if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) { + if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, + (SRTP_PROTECTION_PROFILE *)p)) { ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); goto err; } diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 300b146a7b0..37bde3fe16d 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -367,7 +367,7 @@ struct ossl_record_layer_st size_t max_pipelines; /* Function pointers for version specific functions */ - struct record_functions_st *funcs; + const struct record_functions_st *funcs; }; typedef struct dtls_rlayer_record_data_st { @@ -377,12 +377,12 @@ typedef struct dtls_rlayer_record_data_st { TLS_RL_RECORD rrec; } DTLS_RLAYER_RECORD_DATA; -extern struct record_functions_st ssl_3_0_funcs; -extern struct record_functions_st tls_1_funcs; -extern struct record_functions_st tls_1_3_funcs; -extern struct record_functions_st tls_any_funcs; -extern struct record_functions_st dtls_1_funcs; -extern struct record_functions_st dtls_any_funcs; +extern const struct record_functions_st ssl_3_0_funcs; +extern const struct record_functions_st tls_1_funcs; +extern const struct record_functions_st tls_1_3_funcs; +extern const struct record_functions_st tls_any_funcs; +extern const struct record_functions_st dtls_1_funcs; +extern const struct record_functions_st dtls_any_funcs; void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason, const char *fmt, ...); diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c index 145dccf0d91..6a41469f934 100644 --- a/ssl/record/methods/ssl3_meth.c +++ b/ssl/record/methods/ssl3_meth.c @@ -311,7 +311,7 @@ static int ssl3_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md return 1; } -struct record_functions_st ssl_3_0_funcs = { +const struct record_functions_st ssl_3_0_funcs = { ssl3_set_crypto_state, ssl3_cipher, ssl3_mac, diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c index ec22f1ee49e..fff81d3d08a 100644 --- a/ssl/record/methods/tls13_meth.c +++ b/ssl/record/methods/tls13_meth.c @@ -303,7 +303,7 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl, return 1; } -struct record_functions_st tls_1_3_funcs = { +const struct record_functions_st tls_1_3_funcs = { tls13_set_crypto_state, tls13_cipher, NULL, diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index f820803b8da..e522b812319 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -651,7 +651,7 @@ int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl, } /* TLSv1.0, TLSv1.1 and TLSv1.2 all use the same funcs */ -struct record_functions_st tls_1_funcs = { +const struct record_functions_st tls_1_funcs = { tls1_set_crypto_state, tls1_cipher, tls1_mac, @@ -672,7 +672,7 @@ struct record_functions_st tls_1_funcs = { NULL }; -struct record_functions_st dtls_1_funcs = { +const struct record_functions_st dtls_1_funcs = { tls1_set_crypto_state, tls1_cipher, tls1_mac, diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c index 42bbbee8aa2..4ca818f1918 100644 --- a/ssl/record/methods/tlsany_meth.c +++ b/ssl/record/methods/tlsany_meth.c @@ -145,7 +145,7 @@ static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl, return 1; } -struct record_functions_st tls_any_funcs = { +const struct record_functions_st tls_any_funcs = { tls_any_set_crypto_state, tls_any_cipher, NULL, @@ -175,7 +175,7 @@ static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers) return 1; } -struct record_functions_st dtls_any_funcs = { +const struct record_functions_st dtls_any_funcs = { tls_any_set_crypto_state, tls_any_cipher, NULL, diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index d63ea56c331..9d4e16b0acb 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -375,7 +375,7 @@ int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, unsigned char *p, size_t len, size_t *secret_size) { - static const unsigned char *salt[3] = { + static const unsigned char *const salt[3] = { #ifndef CHARSET_EBCDIC (const unsigned char *)"A", (const unsigned char *)"BB", diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 6e49d6b4007..f92feeebaec 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1708,7 +1708,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) const char *ver; const char *kx, *au, *enc, *mac; uint32_t alg_mkey, alg_auth, alg_enc, alg_mac; - static const char *format = "%-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s\n"; + static const char *const format = "%-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s\n"; if (buf == NULL) { len = 128; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 818d5d11a1e..71a39a10056 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -62,7 +62,7 @@ static int ssl_undefined_function_8(SSL_CONNECTION *sc) return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } -SSL3_ENC_METHOD ssl3_undef_enc_method = { +const SSL3_ENC_METHOD ssl3_undef_enc_method = { ssl_undefined_function_8, ssl_undefined_function_3, ssl_undefined_function_4, diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 8e69760b601..211b72c6fe6 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2233,7 +2233,7 @@ typedef enum downgrade_en { extern const unsigned char tls11downgrade[8]; extern const unsigned char tls12downgrade[8]; -extern SSL3_ENC_METHOD ssl3_undef_enc_method; +extern const SSL3_ENC_METHOD ssl3_undef_enc_method; __owur const SSL_METHOD *sslv3_method(void); __owur const SSL_METHOD *sslv3_server_method(void);