1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index a039d0b10a..2f6860b6f9 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.82 2020/09/09 12:31:23 inoguchi Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.83 2020/10/11 01:13:04 guenther Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -563,7 +563,7 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        uint16_t *tls_sigalgs = tls12_sigalgs;
+        const uint16_t *tls_sigalgs = tls12_sigalgs;
        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
@@ -609,7 +609,7 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
 int
 tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        uint16_t *tls_sigalgs = tls12_sigalgs;
+        const uint16_t *tls_sigalgs = tls12_sigalgs;
        size_t tls_sigalgs_len = tls12_sigalgs_len;
        CBB sigalgs;
@@ -1815,7 +1815,7 @@ struct tls_extension {
        struct tls_extension_funcs server;
 };
-static struct tls_extension tls_extensions[] = {
+static const struct tls_extension tls_extensions[] = {
        {
                .type = TLSEXT_TYPE_supported_versions,
                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH |
@@ -1997,7 +1997,7 @@ static struct tls_extension tls_extensions[] = {
 /* Ensure that extensions fit in a uint32_t bitmask. */
 CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));
-struct tls_extension *
+const struct tls_extension *
 tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
 {
        size_t i;
@@ -2022,8 +2022,8 @@ tlsext_extension_seen(SSL *s, uint16_t type)
        return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
 }
-static struct tls_extension_funcs *
+static const struct tls_extension_funcs *
-tlsext_funcs(struct tls_extension *tlsext, int is_server)
+tlsext_funcs(const struct tls_extension *tlsext, int is_server)
 {
        if (is_server)
                return &tlsext->server;
@@ -2034,8 +2034,8 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
 static int
 tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb)
 {
-        struct tls_extension_funcs *ext;
+        const struct tls_extension_funcs *ext;
-        struct tls_extension *tlsext;
+        const struct tls_extension *tlsext;
        CBB extensions, extension_data;
        int extensions_present = 0;
        size_t i;
@@ -2112,8 +2112,8 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
 static int
 tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
 {
-        struct tls_extension_funcs *ext;
+        const struct tls_extension_funcs *ext;
-        struct tls_extension *tlsext;
+        const struct tls_extension *tlsext;
        CBS extensions, extension_data;
        uint16_t type;
        size_t idx;

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index a039d0b10a..2f6860b6f9 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.82 2020/09/09 12:31:23 inoguchi Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.83 2020/10/11 01:13:04 guenther Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -563,7 +563,7 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
563	int	563	int
564	tlsext_sigalgs_client_build(SSL s, uint16_t msg_type, CBB cbb)	564	tlsext_sigalgs_client_build(SSL s, uint16_t msg_type, CBB cbb)
565	{	565	{
566	uint16_t *tls_sigalgs = tls12_sigalgs;	566	const uint16_t *tls_sigalgs = tls12_sigalgs;
567	size_t tls_sigalgs_len = tls12_sigalgs_len;	567	size_t tls_sigalgs_len = tls12_sigalgs_len;
568	CBB sigalgs;	568	CBB sigalgs;
569		569
@@ -609,7 +609,7 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
609	int	609	int
610	tlsext_sigalgs_server_build(SSL s, uint16_t msg_type, CBB cbb)	610	tlsext_sigalgs_server_build(SSL s, uint16_t msg_type, CBB cbb)
611	{	611	{
612	uint16_t *tls_sigalgs = tls12_sigalgs;	612	const uint16_t *tls_sigalgs = tls12_sigalgs;
613	size_t tls_sigalgs_len = tls12_sigalgs_len;	613	size_t tls_sigalgs_len = tls12_sigalgs_len;
614	CBB sigalgs;	614	CBB sigalgs;
615		615
@@ -1815,7 +1815,7 @@ struct tls_extension {
1815	struct tls_extension_funcs server;	1815	struct tls_extension_funcs server;
1816	};	1816	};
1817		1817
1818	static struct tls_extension tls_extensions[] = {	1818	static const struct tls_extension tls_extensions[] = {
1819	{	1819	{
1820	.type = TLSEXT_TYPE_supported_versions,	1820	.type = TLSEXT_TYPE_supported_versions,
1821	.messages = SSL_TLSEXT_MSG_CH \| SSL_TLSEXT_MSG_SH \|	1821	.messages = SSL_TLSEXT_MSG_CH \| SSL_TLSEXT_MSG_SH \|
@@ -1997,7 +1997,7 @@ static struct tls_extension tls_extensions[] = {
1997	/* Ensure that extensions fit in a uint32_t bitmask. */	1997	/* Ensure that extensions fit in a uint32_t bitmask. */
1998	CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));	1998	CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));
1999		1999
2000	struct tls_extension *	2000	const struct tls_extension *
2001	tls_extension_find(uint16_t type, size_t *tls_extensions_idx)	2001	tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
2002	{	2002	{
2003	size_t i;	2003	size_t i;
@@ -2022,8 +2022,8 @@ tlsext_extension_seen(SSL *s, uint16_t type)
2022	return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);	2022	return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
2023	}	2023	}
2024		2024
2025	static struct tls_extension_funcs *	2025	static const struct tls_extension_funcs *
2026	tlsext_funcs(struct tls_extension *tlsext, int is_server)	2026	tlsext_funcs(const struct tls_extension *tlsext, int is_server)
2027	{	2027	{
2028	if (is_server)	2028	if (is_server)
2029	return &tlsext->server;	2029	return &tlsext->server;
@@ -2034,8 +2034,8 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
2034	static int	2034	static int
2035	tlsext_build(SSL s, int is_server, uint16_t msg_type, CBB cbb)	2035	tlsext_build(SSL s, int is_server, uint16_t msg_type, CBB cbb)
2036	{	2036	{
2037	struct tls_extension_funcs *ext;	2037	const struct tls_extension_funcs *ext;
2038	struct tls_extension *tlsext;	2038	const struct tls_extension *tlsext;
2039	CBB extensions, extension_data;	2039	CBB extensions, extension_data;
2040	int extensions_present = 0;	2040	int extensions_present = 0;
2041	size_t i;	2041	size_t i;
@@ -2112,8 +2112,8 @@ tlsext_clienthello_hash_extension(SSL s, uint16_t type, CBS cbs)
2112	static int	2112	static int
2113	tlsext_parse(SSL s, int is_server, uint16_t msg_type, CBS cbs, int *alert)	2113	tlsext_parse(SSL s, int is_server, uint16_t msg_type, CBS cbs, int *alert)
2114	{	2114	{
2115	struct tls_extension_funcs *ext;	2115	const struct tls_extension_funcs *ext;
2116	struct tls_extension *tlsext;	2116	const struct tls_extension *tlsext;
2117	CBS extensions, extension_data;	2117	CBS extensions, extension_data;
2118	uint16_t type;	2118	uint16_t type;
2119	size_t idx;	2119	size_t idx;