Constipate ssl3_ciphers and tls1[23]_sigalgs*, pushing them into

.data.rel.ro and .rodata respectively. ok tb@ jsing@
author: guenther <> 2020-10-11 01:13:04 +0000
committer: guenther <> 2020-10-11 01:13:04 +0000
commit: 870191bc3951d25a5d6cffb38ec639299bcd3f10 (patch)
tree: a1700996b0869b46d3eedf854b33f08067fc7923 /src
parent: f1cd34c34dcd89aa470c2819614fd1a16c30b58a (diff)
download: openbsd-870191bc3951d25a5d6cffb38ec639299bcd3f10.tar.gz
openbsd-870191bc3951d25a5d6cffb38ec639299bcd3f10.tar.bz2
openbsd-870191bc3951d25a5d6cffb38ec639299bcd3f10.zip
6 files changed, 32 insertions, 32 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 91bfb5f3b6..01afc72ebd 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.199 2020/10/11 01:13:04 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -170,7 +170,7 @@
 #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
 /* list of available SSLv3 ciphers (sorted by id) */
-SSL_CIPHER ssl3_ciphers[] = {
+const SSL_CIPHER ssl3_ciphers[] = {
        /* The RSA ciphers */
        /* Cipher 01 */
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b207dc65e9..a5027a92e0 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.299 2020/10/07 08:43:34 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.300 2020/10/11 01:13:04 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1105,7 +1105,7 @@ struct ssl_aead_ctx_st {
        char variable_nonce_in_record;
 };
-extern SSL_CIPHER ssl3_ciphers[];
+extern const SSL_CIPHER ssl3_ciphers[];
 const char *ssl_version_string(int ver);
 int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 6378ec8c07..1b5aad72f7 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.21 2020/05/09 16:52:15 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.22 2020/10/11 01:13:04 guenther Exp $ */
 /*
 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
 *
@@ -144,7 +144,7 @@ const struct ssl_sigalg sigalgs[] = {
 };
 /* Sigalgs for tls 1.3, in preference order, */
-uint16_t tls13_sigalgs[] = {
+const uint16_t tls13_sigalgs[] = {
        SIGALG_RSA_PSS_RSAE_SHA512,
        SIGALG_RSA_PKCS1_SHA512,
        SIGALG_ECDSA_SECP521R1_SHA512,
@@ -155,10 +155,10 @@ uint16_t tls13_sigalgs[] = {
        SIGALG_RSA_PKCS1_SHA256,
        SIGALG_ECDSA_SECP256R1_SHA256,
 };
-size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));
+const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));
 /* Sigalgs for tls 1.2, in preference order, */
-uint16_t tls12_sigalgs[] = {
+const uint16_t tls12_sigalgs[] = {
        SIGALG_RSA_PSS_RSAE_SHA512,
        SIGALG_RSA_PKCS1_SHA512,
        SIGALG_ECDSA_SECP521R1_SHA512,
@@ -171,7 +171,7 @@ uint16_t tls12_sigalgs[] = {
        SIGALG_RSA_PKCS1_SHA1, /* XXX */
        SIGALG_ECDSA_SHA1,     /* XXX */
 };
-size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0]));
+const size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0]));
 const struct ssl_sigalg *
 ssl_sigalg_lookup(uint16_t sigalg)
@@ -187,7 +187,7 @@ ssl_sigalg_lookup(uint16_t sigalg)
 }
 const struct ssl_sigalg *
-ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
+ssl_sigalg(uint16_t sigalg, const uint16_t *values, size_t len)
 {
        int i;
@@ -200,7 +200,7 @@ ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
 }
 int
-ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len)
+ssl_sigalgs_build(CBB *cbb, const uint16_t *values, size_t len)
 {
        size_t i;
@@ -260,7 +260,7 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
 const struct ssl_sigalg *
 ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 {
-        uint16_t *tls_sigalgs = tls12_sigalgs;
+        const uint16_t *tls_sigalgs = tls12_sigalgs;
        size_t tls_sigalgs_len = tls12_sigalgs_len;
        int check_curve = 0;
        CBS cbs;
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index 13a3597fb5..80674baed9 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.14 2019/03/25 17:33:26 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.15 2020/10/11 01:13:04 guenther Exp $ */
 /*
 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
 *
@@ -68,14 +68,14 @@ struct ssl_sigalg{
        int flags;
 };
-extern uint16_t tls12_sigalgs[];
+extern const uint16_t tls12_sigalgs[];
-extern size_t tls12_sigalgs_len;
+extern const size_t tls12_sigalgs_len;
-extern uint16_t tls13_sigalgs[];
+extern const uint16_t tls13_sigalgs[];
-extern size_t tls13_sigalgs_len;
+extern const size_t tls13_sigalgs_len;
 const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
-const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len);
+const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, const uint16_t *values, size_t len);
-int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len);
+int ssl_sigalgs_build(CBB *cbb, const uint16_t *values, size_t len);
 int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);
 int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
    int check_curve);
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index a039d0b10a..2f6860b6f9 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.82 2020/09/09 12:31:23 inoguchi Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.83 2020/10/11 01:13:04 guenther Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -563,7 +563,7 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        uint16_t *tls_sigalgs = tls12_sigalgs;
+        const uint16_t *tls_sigalgs = tls12_sigalgs;
        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
@@ -609,7 +609,7 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        uint16_t *tls_sigalgs = tls12_sigalgs;
+        const uint16_t *tls_sigalgs = tls12_sigalgs;
        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
@@ -1815,7 +1815,7 @@ struct tls_extension {
        struct tls_extension_funcs server;
 };
-static struct tls_extension tls_extensions[] = {
+static const struct tls_extension tls_extensions[] = {
        {
                .type = TLSEXT_TYPE_supported_versions,
                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH |
@@ -1997,7 +1997,7 @@ static struct tls_extension tls_extensions[] = {
 /* Ensure that extensions fit in a uint32_t bitmask. */
 CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));
-struct tls_extension *
+const struct tls_extension *
 tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
 {
        size_t i;
@@ -2022,8 +2022,8 @@ tlsext_extension_seen(SSL *s, uint16_t type)
        return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
 }
-static struct tls_extension_funcs *
+static const struct tls_extension_funcs *
-tlsext_funcs(struct tls_extension *tlsext, int is_server)
+tlsext_funcs(const struct tls_extension *tlsext, int is_server)
 {
        if (is_server)
                return &tlsext->server;
@@ -2034,8 +2034,8 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
 static int
 tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb)
 {
-        struct tls_extension_funcs *ext;
+        const struct tls_extension_funcs *ext;
-        struct tls_extension *tlsext;
+        const struct tls_extension *tlsext;
        CBB extensions, extension_data;
        int extensions_present = 0;
        size_t i;
@@ -2112,8 +2112,8 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
 static int
 tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
 {
-        struct tls_extension_funcs *ext;
+        const struct tls_extension_funcs *ext;
-        struct tls_extension *tlsext;
+        const struct tls_extension *tlsext;
        CBS extensions, extension_data;
        uint16_t type;
        size_t idx;
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index d98b387c5f..8e0742aa2c 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.25 2020/07/03 04:51:59 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.26 2020/10/11 01:13:04 guenther Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -134,7 +134,7 @@ int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
 int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-struct tls_extension *tls_extension_find(uint16_t, size_t *);
+const struct tls_extension *tls_extension_find(uint16_t, size_t *);
 int tlsext_extension_seen(SSL *s, uint16_t);
 __END_HIDDEN_DECLS
author	guenther <>	2020-10-11 01:13:04 +0000
committer	guenther <>	2020-10-11 01:13:04 +0000
commit	870191bc3951d25a5d6cffb38ec639299bcd3f10 (patch)
tree	a1700996b0869b46d3eedf854b33f08067fc7923 /src
parent	f1cd34c34dcd89aa470c2819614fd1a16c30b58a (diff)
download	openbsd-870191bc3951d25a5d6cffb38ec639299bcd3f10.tar.gz openbsd-870191bc3951d25a5d6cffb38ec639299bcd3f10.tar.bz2 openbsd-870191bc3951d25a5d6cffb38ec639299bcd3f10.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 91bfb5f3b6..01afc72ebd 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.199 2020/10/11 01:13:04 guenther Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -170,7 +170,7 @@
170	#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)	170	#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
171		171
172	/* list of available SSLv3 ciphers (sorted by id) */	172	/* list of available SSLv3 ciphers (sorted by id) */
173	SSL_CIPHER ssl3_ciphers[] = {	173	const SSL_CIPHER ssl3_ciphers[] = {
174		174
175	/* The RSA ciphers */	175	/* The RSA ciphers */
176	/* Cipher 01 */	176	/* Cipher 01 */


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index b207dc65e9..a5027a92e0 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.299 2020/10/07 08:43:34 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.300 2020/10/11 01:13:04 guenther Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1105,7 +1105,7 @@ struct ssl_aead_ctx_st {
1105	char variable_nonce_in_record;	1105	char variable_nonce_in_record;
1106	};	1106	};
1107		1107
1108	extern SSL_CIPHER ssl3_ciphers[];	1108	extern const SSL_CIPHER ssl3_ciphers[];
1109		1109
1110	const char *ssl_version_string(int ver);	1110	const char *ssl_version_string(int ver);
1111	int ssl_enabled_version_range(SSL s, uint16_t min_ver, uint16_t *max_ver);	1111	int ssl_enabled_version_range(SSL s, uint16_t min_ver, uint16_t *max_ver);


diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 6378ec8c07..1b5aad72f7 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sigalgs.c,v 1.21 2020/05/09 16:52:15 beck Exp $ */	1	/* $OpenBSD: ssl_sigalgs.c,v 1.22 2020/10/11 01:13:04 guenther Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -144,7 +144,7 @@ const struct ssl_sigalg sigalgs[] = {
144	};	144	};
145		145
146	/* Sigalgs for tls 1.3, in preference order, */	146	/* Sigalgs for tls 1.3, in preference order, */
147	uint16_t tls13_sigalgs[] = {	147	const uint16_t tls13_sigalgs[] = {
148	SIGALG_RSA_PSS_RSAE_SHA512,	148	SIGALG_RSA_PSS_RSAE_SHA512,
149	SIGALG_RSA_PKCS1_SHA512,	149	SIGALG_RSA_PKCS1_SHA512,
150	SIGALG_ECDSA_SECP521R1_SHA512,	150	SIGALG_ECDSA_SECP521R1_SHA512,
@@ -155,10 +155,10 @@ uint16_t tls13_sigalgs[] = {
155	SIGALG_RSA_PKCS1_SHA256,	155	SIGALG_RSA_PKCS1_SHA256,
156	SIGALG_ECDSA_SECP256R1_SHA256,	156	SIGALG_ECDSA_SECP256R1_SHA256,
157	};	157	};
158	size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));	158	const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));
159		159
160	/* Sigalgs for tls 1.2, in preference order, */	160	/* Sigalgs for tls 1.2, in preference order, */
161	uint16_t tls12_sigalgs[] = {	161	const uint16_t tls12_sigalgs[] = {
162	SIGALG_RSA_PSS_RSAE_SHA512,	162	SIGALG_RSA_PSS_RSAE_SHA512,
163	SIGALG_RSA_PKCS1_SHA512,	163	SIGALG_RSA_PKCS1_SHA512,
164	SIGALG_ECDSA_SECP521R1_SHA512,	164	SIGALG_ECDSA_SECP521R1_SHA512,
@@ -171,7 +171,7 @@ uint16_t tls12_sigalgs[] = {
171	SIGALG_RSA_PKCS1_SHA1, /* XXX */	171	SIGALG_RSA_PKCS1_SHA1, /* XXX */
172	SIGALG_ECDSA_SHA1, /* XXX */	172	SIGALG_ECDSA_SHA1, /* XXX */
173	};	173	};
174	size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0]));	174	const size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0]));
175		175
176	const struct ssl_sigalg *	176	const struct ssl_sigalg *
177	ssl_sigalg_lookup(uint16_t sigalg)	177	ssl_sigalg_lookup(uint16_t sigalg)
@@ -187,7 +187,7 @@ ssl_sigalg_lookup(uint16_t sigalg)
187	}	187	}
188		188
189	const struct ssl_sigalg *	189	const struct ssl_sigalg *
190	ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)	190	ssl_sigalg(uint16_t sigalg, const uint16_t *values, size_t len)
191	{	191	{
192	int i;	192	int i;
193		193
@@ -200,7 +200,7 @@ ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
200	}	200	}
201		201
202	int	202	int
203	ssl_sigalgs_build(CBB cbb, uint16_t values, size_t len)	203	ssl_sigalgs_build(CBB cbb, const uint16_t values, size_t len)
204	{	204	{
205	size_t i;	205	size_t i;
206		206
@@ -260,7 +260,7 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg sigalg, EVP_PKEY pkey,
260	const struct ssl_sigalg *	260	const struct ssl_sigalg *
261	ssl_sigalg_select(SSL s, EVP_PKEY pkey)	261	ssl_sigalg_select(SSL s, EVP_PKEY pkey)
262	{	262	{
263	uint16_t *tls_sigalgs = tls12_sigalgs;	263	const uint16_t *tls_sigalgs = tls12_sigalgs;
264	size_t tls_sigalgs_len = tls12_sigalgs_len;	264	size_t tls_sigalgs_len = tls12_sigalgs_len;
265	int check_curve = 0;	265	int check_curve = 0;
266	CBS cbs;	266	CBS cbs;


diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h index 13a3597fb5..80674baed9 100644 --- a/src/lib/libssl/ssl_sigalgs.h +++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sigalgs.h,v 1.14 2019/03/25 17:33:26 jsing Exp $ */	1	/* $OpenBSD: ssl_sigalgs.h,v 1.15 2020/10/11 01:13:04 guenther Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -68,14 +68,14 @@ struct ssl_sigalg{
68	int flags;	68	int flags;
69	};	69	};
70		70
71	extern uint16_t tls12_sigalgs[];	71	extern const uint16_t tls12_sigalgs[];
72	extern size_t tls12_sigalgs_len;	72	extern const size_t tls12_sigalgs_len;
73	extern uint16_t tls13_sigalgs[];	73	extern const uint16_t tls13_sigalgs[];
74	extern size_t tls13_sigalgs_len;	74	extern const size_t tls13_sigalgs_len;
75		75
76	const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);	76	const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
77	const struct ssl_sigalg ssl_sigalg(uint16_t sigalg, uint16_t values, size_t len);	77	const struct ssl_sigalg ssl_sigalg(uint16_t sigalg, const uint16_t values, size_t len);
78	int ssl_sigalgs_build(CBB cbb, uint16_t values, size_t len);	78	int ssl_sigalgs_build(CBB cbb, const uint16_t values, size_t len);
79	int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);	79	int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);
80	int ssl_sigalg_pkey_ok(const struct ssl_sigalg sigalg, EVP_PKEY pkey,	80	int ssl_sigalg_pkey_ok(const struct ssl_sigalg sigalg, EVP_PKEY pkey,
81	int check_curve);	81	int check_curve);


diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index a039d0b10a..2f6860b6f9 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.82 2020/09/09 12:31:23 inoguchi Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.83 2020/10/11 01:13:04 guenther Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -563,7 +563,7 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
563	int	563	int
564	tlsext_sigalgs_client_build(SSL s, uint16_t msg_type, CBB cbb)	564	tlsext_sigalgs_client_build(SSL s, uint16_t msg_type, CBB cbb)
565	{	565	{
566	uint16_t *tls_sigalgs = tls12_sigalgs;	566	const uint16_t *tls_sigalgs = tls12_sigalgs;
567	size_t tls_sigalgs_len = tls12_sigalgs_len;	567	size_t tls_sigalgs_len = tls12_sigalgs_len;
568	CBB sigalgs;	568	CBB sigalgs;
569		569
@@ -609,7 +609,7 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
609	int	609	int
610	tlsext_sigalgs_server_build(SSL s, uint16_t msg_type, CBB cbb)	610	tlsext_sigalgs_server_build(SSL s, uint16_t msg_type, CBB cbb)
611	{	611	{
612	uint16_t *tls_sigalgs = tls12_sigalgs;	612	const uint16_t *tls_sigalgs = tls12_sigalgs;
613	size_t tls_sigalgs_len = tls12_sigalgs_len;	613	size_t tls_sigalgs_len = tls12_sigalgs_len;
614	CBB sigalgs;	614	CBB sigalgs;
615		615
@@ -1815,7 +1815,7 @@ struct tls_extension {
1815	struct tls_extension_funcs server;	1815	struct tls_extension_funcs server;
1816	};	1816	};
1817		1817
1818	static struct tls_extension tls_extensions[] = {	1818	static const struct tls_extension tls_extensions[] = {
1819	{	1819	{
1820	.type = TLSEXT_TYPE_supported_versions,	1820	.type = TLSEXT_TYPE_supported_versions,
1821	.messages = SSL_TLSEXT_MSG_CH \| SSL_TLSEXT_MSG_SH \|	1821	.messages = SSL_TLSEXT_MSG_CH \| SSL_TLSEXT_MSG_SH \|
@@ -1997,7 +1997,7 @@ static struct tls_extension tls_extensions[] = {
1997	/* Ensure that extensions fit in a uint32_t bitmask. */	1997	/* Ensure that extensions fit in a uint32_t bitmask. */
1998	CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));	1998	CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));
1999		1999
2000	struct tls_extension *	2000	const struct tls_extension *
2001	tls_extension_find(uint16_t type, size_t *tls_extensions_idx)	2001	tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
2002	{	2002	{
2003	size_t i;	2003	size_t i;
@@ -2022,8 +2022,8 @@ tlsext_extension_seen(SSL *s, uint16_t type)
2022	return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);	2022	return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
2023	}	2023	}
2024		2024
2025	static struct tls_extension_funcs *	2025	static const struct tls_extension_funcs *
2026	tlsext_funcs(struct tls_extension *tlsext, int is_server)	2026	tlsext_funcs(const struct tls_extension *tlsext, int is_server)
2027	{	2027	{
2028	if (is_server)	2028	if (is_server)
2029	return &tlsext->server;	2029	return &tlsext->server;
@@ -2034,8 +2034,8 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
2034	static int	2034	static int
2035	tlsext_build(SSL s, int is_server, uint16_t msg_type, CBB cbb)	2035	tlsext_build(SSL s, int is_server, uint16_t msg_type, CBB cbb)
2036	{	2036	{
2037	struct tls_extension_funcs *ext;	2037	const struct tls_extension_funcs *ext;
2038	struct tls_extension *tlsext;	2038	const struct tls_extension *tlsext;
2039	CBB extensions, extension_data;	2039	CBB extensions, extension_data;
2040	int extensions_present = 0;	2040	int extensions_present = 0;
2041	size_t i;	2041	size_t i;
@@ -2112,8 +2112,8 @@ tlsext_clienthello_hash_extension(SSL s, uint16_t type, CBS cbs)
2112	static int	2112	static int
2113	tlsext_parse(SSL s, int is_server, uint16_t msg_type, CBS cbs, int *alert)	2113	tlsext_parse(SSL s, int is_server, uint16_t msg_type, CBS cbs, int *alert)
2114	{	2114	{
2115	struct tls_extension_funcs *ext;	2115	const struct tls_extension_funcs *ext;
2116	struct tls_extension *tlsext;	2116	const struct tls_extension *tlsext;
2117	CBS extensions, extension_data;	2117	CBS extensions, extension_data;
2118	uint16_t type;	2118	uint16_t type;
2119	size_t idx;	2119	size_t idx;


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index d98b387c5f..8e0742aa2c 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.25 2020/07/03 04:51:59 tb Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.26 2020/10/11 01:13:04 guenther Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -134,7 +134,7 @@ int tlsext_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
134	int tlsext_server_build(SSL s, uint16_t msg_type, CBB cbb);	134	int tlsext_server_build(SSL s, uint16_t msg_type, CBB cbb);
135	int tlsext_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);	135	int tlsext_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
136		136
137	struct tls_extension tls_extension_find(uint16_t, size_t );	137	const struct tls_extension tls_extension_find(uint16_t, size_t );
138	int tlsext_extension_seen(SSL *s, uint16_t);	138	int tlsext_extension_seen(SSL *s, uint16_t);
139	__END_HIDDEN_DECLS	139	__END_HIDDEN_DECLS
140		140