summaryrefslogtreecommitdiffstats
path: root/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/s3_lib.c4
-rw-r--r--lib/libssl/ssl_locl.h4
-rw-r--r--lib/libssl/ssl_sigalgs.c16
-rw-r--r--lib/libssl/ssl_sigalgs.h14
-rw-r--r--lib/libssl/ssl_tlsext.c22
-rw-r--r--lib/libssl/ssl_tlsext.h4
6 files changed, 32 insertions, 32 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 91bfb5f3b62..01afc72ebd3 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.199 2020/10/11 01:13:04 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -170,7 +170,7 @@
#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
/* list of available SSLv3 ciphers (sorted by id) */
-SSL_CIPHER ssl3_ciphers[] = {
+const SSL_CIPHER ssl3_ciphers[] = {
/* The RSA ciphers */
/* Cipher 01 */
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index b207dc65e92..a5027a92e08 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.299 2020/10/07 08:43:34 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.300 2020/10/11 01:13:04 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1105,7 +1105,7 @@ struct ssl_aead_ctx_st {
char variable_nonce_in_record;
};
-extern SSL_CIPHER ssl3_ciphers[];
+extern const SSL_CIPHER ssl3_ciphers[];
const char *ssl_version_string(int ver);
int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index 6378ec8c07f..1b5aad72f7b 100644
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.21 2020/05/09 16:52:15 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.22 2020/10/11 01:13:04 guenther Exp $ */
/*
* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
*
@@ -144,7 +144,7 @@ const struct ssl_sigalg sigalgs[] = {
};
/* Sigalgs for tls 1.3, in preference order, */
-uint16_t tls13_sigalgs[] = {
+const uint16_t tls13_sigalgs[] = {
SIGALG_RSA_PSS_RSAE_SHA512,
SIGALG_RSA_PKCS1_SHA512,
SIGALG_ECDSA_SECP521R1_SHA512,
@@ -155,10 +155,10 @@ uint16_t tls13_sigalgs[] = {
SIGALG_RSA_PKCS1_SHA256,
SIGALG_ECDSA_SECP256R1_SHA256,
};
-size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));
+const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));
/* Sigalgs for tls 1.2, in preference order, */
-uint16_t tls12_sigalgs[] = {
+const uint16_t tls12_sigalgs[] = {
SIGALG_RSA_PSS_RSAE_SHA512,
SIGALG_RSA_PKCS1_SHA512,
SIGALG_ECDSA_SECP521R1_SHA512,
@@ -171,7 +171,7 @@ uint16_t tls12_sigalgs[] = {
SIGALG_RSA_PKCS1_SHA1, /* XXX */
SIGALG_ECDSA_SHA1, /* XXX */
};
-size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0]));
+const size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0]));
const struct ssl_sigalg *
ssl_sigalg_lookup(uint16_t sigalg)
@@ -187,7 +187,7 @@ ssl_sigalg_lookup(uint16_t sigalg)
}
const struct ssl_sigalg *
-ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
+ssl_sigalg(uint16_t sigalg, const uint16_t *values, size_t len)
{
int i;
@@ -200,7 +200,7 @@ ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len)
}
int
-ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len)
+ssl_sigalgs_build(CBB *cbb, const uint16_t *values, size_t len)
{
size_t i;
@@ -260,7 +260,7 @@ ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
const struct ssl_sigalg *
ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
{
- uint16_t *tls_sigalgs = tls12_sigalgs;
+ const uint16_t *tls_sigalgs = tls12_sigalgs;
size_t tls_sigalgs_len = tls12_sigalgs_len;
int check_curve = 0;
CBS cbs;
diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h
index 13a3597fb5a..80674baed9c 100644
--- a/lib/libssl/ssl_sigalgs.h
+++ b/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.14 2019/03/25 17:33:26 jsing Exp $ */
+/* $OpenBSD: ssl_sigalgs.h,v 1.15 2020/10/11 01:13:04 guenther Exp $ */
/*
* Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
*
@@ -68,14 +68,14 @@ struct ssl_sigalg{
int flags;
};
-extern uint16_t tls12_sigalgs[];
-extern size_t tls12_sigalgs_len;
-extern uint16_t tls13_sigalgs[];
-extern size_t tls13_sigalgs_len;
+extern const uint16_t tls12_sigalgs[];
+extern const size_t tls12_sigalgs_len;
+extern const uint16_t tls13_sigalgs[];
+extern const size_t tls13_sigalgs_len;
const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
-const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, uint16_t *values, size_t len);
-int ssl_sigalgs_build(CBB *cbb, uint16_t *values, size_t len);
+const struct ssl_sigalg *ssl_sigalg(uint16_t sigalg, const uint16_t *values, size_t len);
+int ssl_sigalgs_build(CBB *cbb, const uint16_t *values, size_t len);
int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);
int ssl_sigalg_pkey_ok(const struct ssl_sigalg *sigalg, EVP_PKEY *pkey,
int check_curve);
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index a039d0b10a4..2f6860b6f97 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.82 2020/09/09 12:31:23 inoguchi Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.83 2020/10/11 01:13:04 guenther Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -563,7 +563,7 @@ tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
int
tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
- uint16_t *tls_sigalgs = tls12_sigalgs;
+ const uint16_t *tls_sigalgs = tls12_sigalgs;
size_t tls_sigalgs_len = tls12_sigalgs_len;
CBB sigalgs;
@@ -609,7 +609,7 @@ tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
int
tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
- uint16_t *tls_sigalgs = tls12_sigalgs;
+ const uint16_t *tls_sigalgs = tls12_sigalgs;
size_t tls_sigalgs_len = tls12_sigalgs_len;
CBB sigalgs;
@@ -1815,7 +1815,7 @@ struct tls_extension {
struct tls_extension_funcs server;
};
-static struct tls_extension tls_extensions[] = {
+static const struct tls_extension tls_extensions[] = {
{
.type = TLSEXT_TYPE_supported_versions,
.messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH |
@@ -1997,7 +1997,7 @@ static struct tls_extension tls_extensions[] = {
/* Ensure that extensions fit in a uint32_t bitmask. */
CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));
-struct tls_extension *
+const struct tls_extension *
tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
{
size_t i;
@@ -2022,8 +2022,8 @@ tlsext_extension_seen(SSL *s, uint16_t type)
return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
}
-static struct tls_extension_funcs *
-tlsext_funcs(struct tls_extension *tlsext, int is_server)
+static const struct tls_extension_funcs *
+tlsext_funcs(const struct tls_extension *tlsext, int is_server)
{
if (is_server)
return &tlsext->server;
@@ -2034,8 +2034,8 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
static int
tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb)
{
- struct tls_extension_funcs *ext;
- struct tls_extension *tlsext;
+ const struct tls_extension_funcs *ext;
+ const struct tls_extension *tlsext;
CBB extensions, extension_data;
int extensions_present = 0;
size_t i;
@@ -2112,8 +2112,8 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
static int
tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
{
- struct tls_extension_funcs *ext;
- struct tls_extension *tlsext;
+ const struct tls_extension_funcs *ext;
+ const struct tls_extension *tlsext;
CBS extensions, extension_data;
uint16_t type;
size_t idx;
diff --git a/lib/libssl/ssl_tlsext.h b/lib/libssl/ssl_tlsext.h
index d98b387c5f0..8e0742aa2ca 100644
--- a/lib/libssl/ssl_tlsext.h
+++ b/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.25 2020/07/03 04:51:59 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.26 2020/10/11 01:13:04 guenther Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -134,7 +134,7 @@ int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-struct tls_extension *tls_extension_find(uint16_t, size_t *);
+const struct tls_extension *tls_extension_find(uint16_t, size_t *);
int tlsext_extension_seen(SSL *s, uint16_t);
__END_HIDDEN_DECLS
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.