Constipate srtp_known_profiles, pushing it into .data.rel.ro

ok tb@ jsing@
author: guenther <> 2020-10-11 01:16:31 +0000
committer: guenther <> 2020-10-11 01:16:31 +0000
commit: b6bb75f4585006b28ebc729355536e9e77226c3d (patch)
tree: 081ebd6053829d1d9d7bf9bb60beb046b604b46b
parent: 777484b19e29edc6126b0347b81a5d02728eeda2 (diff)
download: openbsd-b6bb75f4585006b28ebc729355536e9e77226c3d.tar.gz
openbsd-b6bb75f4585006b28ebc729355536e9e77226c3d.tar.bz2
openbsd-b6bb75f4585006b28ebc729355536e9e77226c3d.zip
3 files changed, 18 insertions, 17 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 70e9a4f127..6d4a1661e1 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srtp.c,v 1.24 2020/03/16 15:25:13 tb Exp $ */
+/* $OpenBSD: d1_srtp.c,v 1.25 2020/10/11 01:16:31 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -126,7 +126,7 @@
 #include "bytestring.h"
 #include "srtp.h"
-static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
+static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
        {
                "SRTP_AES128_CM_SHA1_80",
                SRTP_AES128_CM_SHA1_80,
@@ -139,10 +139,10 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
 };
 int
-srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
+srtp_find_profile_by_name(char *profile_name,
-    unsigned int len)
+    const SRTP_PROTECTION_PROFILE **pptr, unsigned int len)
 {
-        SRTP_PROTECTION_PROFILE *p;
+        const SRTP_PROTECTION_PROFILE *p;
        p = srtp_known_profiles;
        while (p->name) {
@@ -160,9 +160,9 @@ srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
 int
 srtp_find_profile_by_num(unsigned int profile_num,
-    SRTP_PROTECTION_PROFILE **pptr)
+    const SRTP_PROTECTION_PROFILE **pptr)
 {
-        SRTP_PROTECTION_PROFILE *p;
+        const SRTP_PROTECTION_PROFILE *p;
        p = srtp_known_profiles;
        while (p->name) {
@@ -185,7 +185,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
        char *col;
        char *ptr = (char *)profiles_string;
-        SRTP_PROTECTION_PROFILE *p;
+        const SRTP_PROTECTION_PROFILE *p;
        if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
                SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
@@ -245,7 +245,8 @@ SSL_get_srtp_profiles(SSL *s)
 SRTP_PROTECTION_PROFILE *
 SSL_get_selected_srtp_profile(SSL *s)
 {
-        return s->internal->srtp_profile;
+        /* XXX cast away the const */
+        return (SRTP_PROTECTION_PROFILE *)s->internal->srtp_profile;
 }
 #endif
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index a5027a92e0..e47f6191c2 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.300 2020/10/11 01:13:04 guenther Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.301 2020/10/11 01:16:31 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -797,7 +797,7 @@ typedef struct ssl_internal_st {
        TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
-        SRTP_PROTECTION_PROFILE *srtp_profile;                  /* What's been chosen */
+        const SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
        int renegotiate;/* 1 if we are renegotiating.
                         * 2 if we are a server and are inside a handshake
@@ -1418,9 +1418,9 @@ void SSL_error_internal(const SSL *s, int r, char *f, int l);
 #ifndef OPENSSL_NO_SRTP
 int srtp_find_profile_by_name(char *profile_name,
-    SRTP_PROTECTION_PROFILE **pptr, unsigned int len);
+    const SRTP_PROTECTION_PROFILE **pptr, unsigned int len);
 int srtp_find_profile_by_num(unsigned int profile_num,
-    SRTP_PROTECTION_PROFILE **pptr);
+    const SRTP_PROTECTION_PROFILE **pptr);
 #endif /* OPENSSL_NO_SRTP */
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 2f6860b6f9..1767104963 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.83 2020/10/11 01:13:04 guenther Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.84 2020/10/11 01:16:31 guenther Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1213,7 +1213,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        CBB profiles, mki;
        int ct, i;
        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL;
-        SRTP_PROTECTION_PROFILE *prof;
+        const SRTP_PROTECTION_PROFILE *prof;
        if ((clnt = SSL_get_srtp_profiles(s)) == NULL) {
                SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
@@ -1247,7 +1247,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 int
 tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
-        SRTP_PROTECTION_PROFILE *cprof, *sprof;
+        const SRTP_PROTECTION_PROFILE *cprof, *sprof;
        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr;
        int i, j;
        int ret;
@@ -1358,7 +1358,7 @@ int
 tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
-        SRTP_PROTECTION_PROFILE *prof;
+        const SRTP_PROTECTION_PROFILE *prof;
        int i;
        uint16_t id;
        CBS profile_ids, mki;
author	guenther <>	2020-10-11 01:16:31 +0000
committer	guenther <>	2020-10-11 01:16:31 +0000
commit	b6bb75f4585006b28ebc729355536e9e77226c3d (patch)
tree	081ebd6053829d1d9d7bf9bb60beb046b604b46b
parent	777484b19e29edc6126b0347b81a5d02728eeda2 (diff)
download	openbsd-b6bb75f4585006b28ebc729355536e9e77226c3d.tar.gz openbsd-b6bb75f4585006b28ebc729355536e9e77226c3d.tar.bz2 openbsd-b6bb75f4585006b28ebc729355536e9e77226c3d.zip