summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2025-03-09 15:53:36 +0000
committertb <>2025-03-09 15:53:36 +0000
commit35761752f2bfb222979aa98610559dcfa73b3b57 (patch)
treefdf63c3e86200e85b3faaf385839c00af061ba8b /src
parent38cf98dc69b5872f5a59ded35918c72a565982cf (diff)
downloadopenbsd-35761752f2bfb222979aa98610559dcfa73b3b57.tar.gz
openbsd-35761752f2bfb222979aa98610559dcfa73b3b57.tar.bz2
openbsd-35761752f2bfb222979aa98610559dcfa73b3b57.zip
const correct tls_session_secret_cb_fn()
Various ports throw a warning since their tls_session_secret_cb's signature doesn't match what we expect. Aligns us with OpenSSL 1.1. This is only useful for RFC 4851 EAP-FAST implementations and surprisingly it's undocumented. ok jsing
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/ssl.h4
-rw-r--r--src/lib/libssl/ssl_clnt.c4
-rw-r--r--src/lib/libssl/ssl_sess.c4
-rw-r--r--src/lib/libssl/ssl_srvr.c4
4 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 650131a779..062c6dcbb9 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.245 2024/10/23 01:57:19 jsg Exp $ */ 1/* $OpenBSD: ssl.h,v 1.246 2025/03/09 15:53:36 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -364,7 +364,7 @@ DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
364typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, 364typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
365 int len, void *arg); 365 int len, void *arg);
366typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, 366typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
367 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); 367 STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg);
368 368
369/* Allow initial connection to servers that don't support RI */ 369/* Allow initial connection to servers that don't support RI */
370#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 370#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 593ed553d3..0d3dcf78af 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.168 2024/07/22 14:47:15 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.169 2025/03/09 15:53:36 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -926,7 +926,7 @@ ssl3_get_server_hello(SSL *s)
926 * pre-shared secret. 926 * pre-shared secret.
927 */ 927 */
928 if (s->tls_session_secret_cb != NULL) { 928 if (s->tls_session_secret_cb != NULL) {
929 SSL_CIPHER *pref_cipher = NULL; 929 const SSL_CIPHER *pref_cipher = NULL;
930 int master_key_length = sizeof(s->session->master_key); 930 int master_key_length = sizeof(s->session->master_key);
931 931
932 if (!s->tls_session_secret_cb(s, 932 if (!s->tls_session_secret_cb(s,
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 5aea990278..a5cfc33c04 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.128 2024/07/22 14:47:15 jsing Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.129 2025/03/09 15:53:36 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1057,7 +1057,7 @@ LSSL_ALIAS(SSL_CTX_get_timeout);
1057int 1057int
1058SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, 1058SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
1059 void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, 1059 void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,
1060 SSL_CIPHER **cipher, void *arg), void *arg) 1060 const SSL_CIPHER **cipher, void *arg), void *arg)
1061{ 1061{
1062 if (s == NULL) 1062 if (s == NULL)
1063 return (0); 1063 return (0);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 302b6bdf0f..db4ba38b51 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.165 2024/07/22 14:47:15 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.166 2025/03/09 15:53:36 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1058,7 +1058,7 @@ ssl3_get_client_hello(SSL *s)
1058 } 1058 }
1059 1059
1060 if (!s->hit && s->tls_session_secret_cb != NULL) { 1060 if (!s->hit && s->tls_session_secret_cb != NULL) {
1061 SSL_CIPHER *pref_cipher = NULL; 1061 const SSL_CIPHER *pref_cipher = NULL;
1062 int master_key_length = sizeof(s->session->master_key); 1062 int master_key_length = sizeof(s->session->master_key);
1063 1063
1064 if (!s->tls_session_secret_cb(s, 1064 if (!s->tls_session_secret_cb(s,