From b6bb75f4585006b28ebc729355536e9e77226c3d Mon Sep 17 00:00:00 2001 From: guenther <> Date: Sun, 11 Oct 2020 01:16:31 +0000 Subject: Constipate srtp_known_profiles, pushing it into .data.rel.ro ok tb@ jsing@ --- src/lib/libssl/d1_srtp.c | 19 ++++++++++--------- src/lib/libssl/ssl_locl.h | 8 ++++---- src/lib/libssl/ssl_tlsext.c | 8 ++++---- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c index 70e9a4f127..6d4a1661e1 100644 --- a/src/lib/libssl/d1_srtp.c +++ b/src/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.24 2020/03/16 15:25:13 tb Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.25 2020/10/11 01:16:31 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -126,7 +126,7 @@ #include "bytestring.h" #include "srtp.h" -static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { +static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { "SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80, @@ -139,10 +139,10 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { }; int -srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr, - unsigned int len) +srtp_find_profile_by_name(char *profile_name, + const SRTP_PROTECTION_PROFILE **pptr, unsigned int len) { - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; p = srtp_known_profiles; while (p->name) { @@ -160,9 +160,9 @@ srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr, int srtp_find_profile_by_num(unsigned int profile_num, - SRTP_PROTECTION_PROFILE **pptr) + const SRTP_PROTECTION_PROFILE **pptr) { - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; p = srtp_known_profiles; while (p->name) { @@ -185,7 +185,7 @@ ssl_ctx_make_profiles(const char *profiles_string, char *col; char *ptr = (char *)profiles_string; - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); @@ -245,7 +245,8 @@ SSL_get_srtp_profiles(SSL *s) SRTP_PROTECTION_PROFILE * SSL_get_selected_srtp_profile(SSL *s) { - return s->internal->srtp_profile; + /* XXX cast away the const */ + return (SRTP_PROTECTION_PROFILE *)s->internal->srtp_profile; } #endif diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index a5027a92e0..e47f6191c2 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.300 2020/10/11 01:13:04 guenther Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.301 2020/10/11 01:16:31 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -797,7 +797,7 @@ typedef struct ssl_internal_st { TLS_SESSION_TICKET_EXT *tlsext_session_ticket; STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ - SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ + const SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ int renegotiate;/* 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -1418,9 +1418,9 @@ void SSL_error_internal(const SSL *s, int r, char *f, int l); #ifndef OPENSSL_NO_SRTP int srtp_find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, unsigned int len); + const SRTP_PROTECTION_PROFILE **pptr, unsigned int len); int srtp_find_profile_by_num(unsigned int profile_num, - SRTP_PROTECTION_PROFILE **pptr); + const SRTP_PROTECTION_PROFILE **pptr); #endif /* OPENSSL_NO_SRTP */ diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 2f6860b6f9..1767104963 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.83 2020/10/11 01:13:04 guenther Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.84 2020/10/11 01:16:31 guenther Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1213,7 +1213,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) CBB profiles, mki; int ct, i; STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL; - SRTP_PROTECTION_PROFILE *prof; + const SRTP_PROTECTION_PROFILE *prof; if ((clnt = SSL_get_srtp_profiles(s)) == NULL) { SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); @@ -1247,7 +1247,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { - SRTP_PROTECTION_PROFILE *cprof, *sprof; + const SRTP_PROTECTION_PROFILE *cprof, *sprof; STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr; int i, j; int ret; @@ -1358,7 +1358,7 @@ int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; - SRTP_PROTECTION_PROFILE *prof; + const SRTP_PROTECTION_PROFILE *prof; int i; uint16_t id; CBS profile_ids, mki; -- cgit v1.2.3-55-g6feb