From 89dd87e1e86ee23a1582ec558abd2eb27d68505d Mon Sep 17 00:00:00 2001 From: Hugo Landau Date: Thu, 1 Feb 2024 07:45:15 +0000 Subject: [PATCH] libssl: Make some global mutable structures constant x Reviewed-by: Matt Caswell Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/23450) --- ssl/d1_srtp.c | 14 ++++++++------ ssl/record/methods/recmethod_local.h | 14 +++++++------- ssl/record/methods/ssl3_meth.c | 2 +- ssl/record/methods/tls13_meth.c | 2 +- ssl/record/methods/tls1_meth.c | 4 ++-- ssl/record/methods/tlsany_meth.c | 4 ++-- ssl/s3_enc.c | 2 +- ssl/ssl_ciph.c | 2 +- ssl/ssl_lib.c | 2 +- ssl/ssl_local.h | 2 +- 10 files changed, 25 insertions(+), 23 deletions(-) diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 5ca135d970..f21d12b872 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -20,7 +20,7 @@ #ifndef OPENSSL_NO_SRTP -static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { +static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { "SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80, @@ -73,9 +73,9 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { }; static int find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, size_t len) + const SRTP_PROTECTION_PROFILE **pptr, size_t len) { - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; p = srtp_known_profiles; while (p->name) { @@ -98,7 +98,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string, char *col; char *ptr = (char *)profiles_string; - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); @@ -110,12 +110,14 @@ static int ssl_ctx_make_profiles(const char *profiles_string, if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) : strlen(ptr))) { - if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { + if (sk_SRTP_PROTECTION_PROFILE_find(profiles, + (SRTP_PROTECTION_PROFILE *)p) >= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); goto err; } - if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) { + if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, + (SRTP_PROTECTION_PROFILE *)p)) { ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); goto err; } diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 300b146a7b..37bde3fe16 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -367,7 +367,7 @@ struct ossl_record_layer_st size_t max_pipelines; /* Function pointers for version specific functions */ - struct record_functions_st *funcs; + const struct record_functions_st *funcs; }; typedef struct dtls_rlayer_record_data_st { @@ -377,12 +377,12 @@ typedef struct dtls_rlayer_record_data_st { TLS_RL_RECORD rrec; } DTLS_RLAYER_RECORD_DATA; -extern struct record_functions_st ssl_3_0_funcs; -extern struct record_functions_st tls_1_funcs; -extern struct record_functions_st tls_1_3_funcs; -extern struct record_functions_st tls_any_funcs; -extern struct record_functions_st dtls_1_funcs; -extern struct record_functions_st dtls_any_funcs; +extern const struct record_functions_st ssl_3_0_funcs; +extern const struct record_functions_st tls_1_funcs; +extern const struct record_functions_st tls_1_3_funcs; +extern const struct record_functions_st tls_any_funcs; +extern const struct record_functions_st dtls_1_funcs; +extern const struct record_functions_st dtls_any_funcs; void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason, const char *fmt, ...); diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c index 145dccf0d9..6a41469f93 100644 --- a/ssl/record/methods/ssl3_meth.c +++ b/ssl/record/methods/ssl3_meth.c @@ -311,7 +311,7 @@ static int ssl3_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md return 1; } -struct record_functions_st ssl_3_0_funcs = { +const struct record_functions_st ssl_3_0_funcs = { ssl3_set_crypto_state, ssl3_cipher, ssl3_mac, diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c index ec22f1ee49..fff81d3d08 100644 --- a/ssl/record/methods/tls13_meth.c +++ b/ssl/record/methods/tls13_meth.c @@ -303,7 +303,7 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl, return 1; } -struct record_functions_st tls_1_3_funcs = { +const struct record_functions_st tls_1_3_funcs = { tls13_set_crypto_state, tls13_cipher, NULL, diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index f820803b8d..e522b81231 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -651,7 +651,7 @@ int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl, } /* TLSv1.0, TLSv1.1 and TLSv1.2 all use the same funcs */ -struct record_functions_st tls_1_funcs = { +const struct record_functions_st tls_1_funcs = { tls1_set_crypto_state, tls1_cipher, tls1_mac, @@ -672,7 +672,7 @@ struct record_functions_st tls_1_funcs = { NULL }; -struct record_functions_st dtls_1_funcs = { +const struct record_functions_st dtls_1_funcs = { tls1_set_crypto_state, tls1_cipher, tls1_mac, diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c index 42bbbee8aa..4ca818f191 100644 --- a/ssl/record/methods/tlsany_meth.c +++ b/ssl/record/methods/tlsany_meth.c @@ -145,7 +145,7 @@ static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl, return 1; } -struct record_functions_st tls_any_funcs = { +const struct record_functions_st tls_any_funcs = { tls_any_set_crypto_state, tls_any_cipher, NULL, @@ -175,7 +175,7 @@ static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers) return 1; } -struct record_functions_st dtls_any_funcs = { +const struct record_functions_st dtls_any_funcs = { tls_any_set_crypto_state, tls_any_cipher, NULL, diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index d63ea56c33..9d4e16b0ac 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -375,7 +375,7 @@ int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, unsigned char *p, size_t len, size_t *secret_size) { - static const unsigned char *salt[3] = { + static const unsigned char *const salt[3] = { #ifndef CHARSET_EBCDIC (const unsigned char *)"A", (const unsigned char *)"BB", diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 6e49d6b400..f92feeebae 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1708,7 +1708,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) const char *ver; const char *kx, *au, *enc, *mac; uint32_t alg_mkey, alg_auth, alg_enc, alg_mac; - static const char *format = "%-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s\n"; + static const char *const format = "%-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s\n"; if (buf == NULL) { len = 128; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 818d5d11a1..71a39a1005 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -62,7 +62,7 @@ static int ssl_undefined_function_8(SSL_CONNECTION *sc) return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); } -SSL3_ENC_METHOD ssl3_undef_enc_method = { +const SSL3_ENC_METHOD ssl3_undef_enc_method = { ssl_undefined_function_8, ssl_undefined_function_3, ssl_undefined_function_4, diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 8e69760b60..211b72c6fe 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2233,7 +2233,7 @@ typedef enum downgrade_en { extern const unsigned char tls11downgrade[8]; extern const unsigned char tls12downgrade[8]; -extern SSL3_ENC_METHOD ssl3_undef_enc_method; +extern const SSL3_ENC_METHOD ssl3_undef_enc_method; __owur const SSL_METHOD *sslv3_method(void); __owur const SSL_METHOD *sslv3_server_method(void); -- 2.34.1