4 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 650131a779..062c6dcbb9 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.245 2024/10/23 01:57:19 jsg Exp $ */
+/* $OpenBSD: ssl.h,v 1.246 2025/03/09 15:53:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -364,7 +364,7 @@ DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
 typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
    int len, void *arg);
 typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
-    STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
+    STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg);
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 593ed553d3..0d3dcf78af 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.168 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.169 2025/03/09 15:53:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -926,7 +926,7 @@ ssl3_get_server_hello(SSL *s)
         * pre-shared secret.
         */
        if (s->tls_session_secret_cb != NULL) {
-                SSL_CIPHER *pref_cipher = NULL;
+                const SSL_CIPHER *pref_cipher = NULL;
                int master_key_length = sizeof(s->session->master_key);
                if (!s->tls_session_secret_cb(s,
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 5aea990278..a5cfc33c04 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.128 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.129 2025/03/09 15:53:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1057,7 +1057,7 @@ LSSL_ALIAS(SSL_CTX_get_timeout);
 int
 SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
    void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,
-    SSL_CIPHER **cipher, void *arg), void *arg)
+    const SSL_CIPHER **cipher, void *arg), void *arg)
 {
        if (s == NULL)
                return (0);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 302b6bdf0f..db4ba38b51 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.165 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.166 2025/03/09 15:53:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1058,7 +1058,7 @@ ssl3_get_client_hello(SSL *s)
        }
        if (!s->hit && s->tls_session_secret_cb != NULL) {
-                SSL_CIPHER *pref_cipher = NULL;
+                const SSL_CIPHER *pref_cipher = NULL;
                int master_key_length = sizeof(s->session->master_key);
                if (!s->tls_session_secret_cb(s,

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 650131a779..062c6dcbb9 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.245 2024/10/23 01:57:19 jsg Exp $ */	1	/* $OpenBSD: ssl.h,v 1.246 2025/03/09 15:53:36 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -364,7 +364,7 @@ DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
364	typedef int (tls_session_ticket_ext_cb_fn)(SSL s, const unsigned char *data,	364	typedef int (tls_session_ticket_ext_cb_fn)(SSL s, const unsigned char *data,
365	int len, void *arg);	365	int len, void *arg);
366	typedef int (tls_session_secret_cb_fn)(SSL s, void secret, int secret_len,	366	typedef int (tls_session_secret_cb_fn)(SSL s, void secret, int secret_len,
367	STACK_OF(SSL_CIPHER) peer_ciphers, SSL_CIPHER cipher, void arg);	367	STACK_OF(SSL_CIPHER) peer_ciphers, const SSL_CIPHER cipher, void arg);
368		368
369	/* Allow initial connection to servers that don't support RI */	369	/* Allow initial connection to servers that don't support RI */
370	#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L	370	#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L


diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 593ed553d3..0d3dcf78af 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.168 2024/07/22 14:47:15 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.169 2025/03/09 15:53:36 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -926,7 +926,7 @@ ssl3_get_server_hello(SSL *s)
926	* pre-shared secret.	926	* pre-shared secret.
927	*/	927	*/
928	if (s->tls_session_secret_cb != NULL) {	928	if (s->tls_session_secret_cb != NULL) {
929	SSL_CIPHER *pref_cipher = NULL;	929	const SSL_CIPHER *pref_cipher = NULL;
930	int master_key_length = sizeof(s->session->master_key);	930	int master_key_length = sizeof(s->session->master_key);
931		931
932	if (!s->tls_session_secret_cb(s,	932	if (!s->tls_session_secret_cb(s,


diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 5aea990278..a5cfc33c04 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sess.c,v 1.128 2024/07/22 14:47:15 jsing Exp $ */	1	/* $OpenBSD: ssl_sess.c,v 1.129 2025/03/09 15:53:36 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1057,7 +1057,7 @@ LSSL_ALIAS(SSL_CTX_get_timeout);
1057	int	1057	int
1058	SSL_set_session_secret_cb(SSL s, int (tls_session_secret_cb)(SSL *s,	1058	SSL_set_session_secret_cb(SSL s, int (tls_session_secret_cb)(SSL *s,
1059	void secret, int secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,	1059	void secret, int secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,
1060	SSL_CIPHER *cipher, void arg), void *arg)	1060	const SSL_CIPHER *cipher, void arg), void *arg)
1061	{	1061	{
1062	if (s == NULL)	1062	if (s == NULL)
1063	return (0);	1063	return (0);


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 302b6bdf0f..db4ba38b51 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.165 2024/07/22 14:47:15 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.166 2025/03/09 15:53:36 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1058,7 +1058,7 @@ ssl3_get_client_hello(SSL *s)
1058	}	1058	}
1059		1059
1060	if (!s->hit && s->tls_session_secret_cb != NULL) {	1060	if (!s->hit && s->tls_session_secret_cb != NULL) {
1061	SSL_CIPHER *pref_cipher = NULL;	1061	const SSL_CIPHER *pref_cipher = NULL;
1062	int master_key_length = sizeof(s->session->master_key);	1062	int master_key_length = sizeof(s->session->master_key);
1063		1063
1064	if (!s->tls_session_secret_cb(s,	1064	if (!s->tls_session_secret_cb(s,