libssl: Make some global mutable structures constant

author Hugo Landau <hlandau@openssl.org>

Thu, 1 Feb 2024 07:45:15 +0000 (07:45 +0000)

committer Hugo Landau <hlandau@openssl.org>

Fri, 2 Feb 2024 09:10:12 +0000 (09:10 +0000)
author Hugo Landau <hlandau@openssl.org>
Thu, 1 Feb 2024 07:45:15 +0000 (07:45 +0000)
committer Hugo Landau <hlandau@openssl.org>
Fri, 2 Feb 2024 09:10:12 +0000 (09:10 +0000)
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c

index 5ca135d9703700bc358f5d4bce850f8b92b6e3ef..f21d12b87277fd7a85fb9ffce43d810b8a5cd499 100644 (file)
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -20,7 +20,7 @@
  
  #ifndef OPENSSL_NO_SRTP
  
-static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
+static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
      {
       "SRTP_AES128_CM_SHA1_80",
       SRTP_AES128_CM_SHA1_80,
@@ -73,9 +73,9 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
  };
  
  static int find_profile_by_name(char *profile_name,
-                                SRTP_PROTECTION_PROFILE **pptr, size_t len)
+                                const SRTP_PROTECTION_PROFILE **pptr, size_t len)
  {
-    SRTP_PROTECTION_PROFILE *p;
+    const SRTP_PROTECTION_PROFILE *p;
  
      p = srtp_known_profiles;
      while (p->name) {
@@ -98,7 +98,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
  
      char *col;
      char *ptr = (char *)profiles_string;
-    SRTP_PROTECTION_PROFILE *p;
+    const SRTP_PROTECTION_PROFILE *p;
  
      if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
          ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
@@ -110,12 +110,14 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
  
          if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
                                                 : strlen(ptr))) {
-            if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
+            if (sk_SRTP_PROTECTION_PROFILE_find(profiles,
+                                                (SRTP_PROTECTION_PROFILE *)p) >= 0) {
                  ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                  goto err;
              }
  
-            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
+            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles,
+                                                 (SRTP_PROTECTION_PROFILE *)p)) {
                  ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
                  goto err;
              }
diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h

index 300b146a7b07f4d95adf8a5be7002d4be23604cf..37bde3fe16d009dec6e67574a26033a040ea7ad9 100644 (file)
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -367,7 +367,7 @@ struct ossl_record_layer_st
      size_t max_pipelines;
  
      /* Function pointers for version specific functions */
-    struct record_functions_st *funcs;
+    const struct record_functions_st *funcs;
  };
  
  typedef struct dtls_rlayer_record_data_st {
@@ -377,12 +377,12 @@ typedef struct dtls_rlayer_record_data_st {
      TLS_RL_RECORD rrec;
  } DTLS_RLAYER_RECORD_DATA;
  
-extern struct record_functions_st ssl_3_0_funcs;
-extern struct record_functions_st tls_1_funcs;
-extern struct record_functions_st tls_1_3_funcs;
-extern struct record_functions_st tls_any_funcs;
-extern struct record_functions_st dtls_1_funcs;
-extern struct record_functions_st dtls_any_funcs;
+extern const struct record_functions_st ssl_3_0_funcs;
+extern const struct record_functions_st tls_1_funcs;
+extern const struct record_functions_st tls_1_3_funcs;
+extern const struct record_functions_st tls_any_funcs;
+extern const struct record_functions_st dtls_1_funcs;
+extern const struct record_functions_st dtls_any_funcs;
  
  void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
                         const char *fmt, ...);
diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c

index 145dccf0d911b6482e4804a686bca9c5753d4fea..6a41469f9342a0140afa9f1be6624652870390ea 100644 (file)
--- a/ssl/record/methods/ssl3_meth.c
+++ b/ssl/record/methods/ssl3_meth.c
@@ -311,7 +311,7 @@ static int ssl3_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md
      return 1;
  }
  
-struct record_functions_st ssl_3_0_funcs = {
+const struct record_functions_st ssl_3_0_funcs = {
      ssl3_set_crypto_state,
      ssl3_cipher,
      ssl3_mac,
diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c

index ec22f1ee49e40014a6c5fa0017dc77914bf54d92..fff81d3d08a762e6cfd0b23a633941ba10bb3794 100644 (file)
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -303,7 +303,7 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl,
      return 1;
  }
  
-struct record_functions_st tls_1_3_funcs = {
+const struct record_functions_st tls_1_3_funcs = {
      tls13_set_crypto_state,
      tls13_cipher,
      NULL,
diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c

index f820803b8dab27c8f072ff866627d9f4c4015d17..e522b812319caa778b6ee7ad0c2858ca1501a90e 100644 (file)
--- a/ssl/record/methods/tls1_meth.c
+++ b/ssl/record/methods/tls1_meth.c
@@ -651,7 +651,7 @@ int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
  }
  
  /* TLSv1.0, TLSv1.1 and TLSv1.2 all use the same funcs */
-struct record_functions_st tls_1_funcs = {
+const struct record_functions_st tls_1_funcs = {
      tls1_set_crypto_state,
      tls1_cipher,
      tls1_mac,
@@ -672,7 +672,7 @@ struct record_functions_st tls_1_funcs = {
      NULL
  };
  
-struct record_functions_st dtls_1_funcs = {
+const struct record_functions_st dtls_1_funcs = {
      tls1_set_crypto_state,
      tls1_cipher,
      tls1_mac,
diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c

index 42bbbee8aa2b3433299d62dda8b94ec1abdec454..4ca818f1918b72428f54fb2cf5bf7466f4e593ce 100644 (file)
--- a/ssl/record/methods/tlsany_meth.c
+++ b/ssl/record/methods/tlsany_meth.c
@@ -145,7 +145,7 @@ static int tls_any_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
      return 1;
  }
  
-struct record_functions_st tls_any_funcs = {
+const struct record_functions_st tls_any_funcs = {
      tls_any_set_crypto_state,
      tls_any_cipher,
      NULL,
@@ -175,7 +175,7 @@ static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
      return 1;
  }
  
-struct record_functions_st dtls_any_funcs = {
+const struct record_functions_st dtls_any_funcs = {
      tls_any_set_crypto_state,
      tls_any_cipher,
      NULL,
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c

index d63ea56c3316fe77a0f4df4296f24153961b44e2..9d4e16b0acb3bcf130b2aa5699c9af202817a202 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -375,7 +375,7 @@ int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
                                  unsigned char *p,
                                  size_t len, size_t *secret_size)
  {
-    static const unsigned char *salt[3] = {
+    static const unsigned char *const salt[3] = {
  #ifndef CHARSET_EBCDIC
          (const unsigned char *)"A",
          (const unsigned char *)"BB",
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 6e49d6b40079a0cba81d3b546217e33cc40e7235..f92feeebaec8fdb43abf5c4accfb6ee2d98cba7a 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1708,7 +1708,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
      const char *ver;
      const char *kx, *au, *enc, *mac;
      uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
-    static const char *format = "%-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s\n";
+    static const char *const format = "%-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s\n";
  
      if (buf == NULL) {
          len = 128;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 818d5d11a1e97a35c75c9d00a043d5f767feb814..71a39a10056c326886d59a7a9134f33ac73265c5 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -62,7 +62,7 @@ static int ssl_undefined_function_8(SSL_CONNECTION *sc)
      return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc));
  }
  
-SSL3_ENC_METHOD ssl3_undef_enc_method = {
+const SSL3_ENC_METHOD ssl3_undef_enc_method = {
      ssl_undefined_function_8,
      ssl_undefined_function_3,
      ssl_undefined_function_4,
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h

index 8e69760b601269ab6e75eb792bc6e66b21d2b768..211b72c6fe6eda9c1326b0f37e6230106d43fdba 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2233,7 +2233,7 @@ typedef enum downgrade_en {
  extern const unsigned char tls11downgrade[8];
  extern const unsigned char tls12downgrade[8];
  
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+extern const SSL3_ENC_METHOD ssl3_undef_enc_method;
  
  __owur const SSL_METHOD *sslv3_method(void);
  __owur const SSL_METHOD *sslv3_server_method(void);
author	Hugo Landau <hlandau@openssl.org>
	Thu, 1 Feb 2024 07:45:15 +0000 (07:45 +0000)
committer	Hugo Landau <hlandau@openssl.org>
	Fri, 2 Feb 2024 09:10:12 +0000 (09:10 +0000)
ssl/d1_srtp.c		patch \| blob \| history
ssl/record/methods/recmethod_local.h		patch \| blob \| history
ssl/record/methods/ssl3_meth.c		patch \| blob \| history
ssl/record/methods/tls13_meth.c		patch \| blob \| history
ssl/record/methods/tls1_meth.c		patch \| blob \| history
ssl/record/methods/tlsany_meth.c		patch \| blob \| history
ssl/s3_enc.c		patch \| blob \| history
ssl/ssl_ciph.c		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
ssl/ssl_local.h		patch \| blob \| history