diff options
| author | Hugo Landau <hlandau@openssl.org> | 2023-11-27 07:51:33 +0000 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2023-11-27 07:51:33 +0000 |
| commit | 5fb443360603069396e081d36330fcd44d3945a0 (patch) | |
| tree | 0ef3bbdfac5798b86a02c27971d69a62ed316db1 /ssl | |
| parent | b0e9d0370262ade64c55f2385fbb09ec6aa81e76 (diff) | |
Make ssl_cert_info read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_cert.c | 6 | ||||
| -rw-r--r-- | ssl/ssl_cert_table.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_local.h | 8 |
4 files changed, 9 insertions, 9 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 126be668fd..f11eb75827 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1240,13 +1240,13 @@ int ssl_cert_lookup_by_nid(int nid, size_t *pidx, SSL_CTX *ctx) return 0; } -SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_CTX *ctx) +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_CTX *ctx) { size_t i; /* check classic pk types */ for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) { - SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i]; + const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i]; if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid)) || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) { @@ -1270,7 +1270,7 @@ SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, SSL_C return NULL; } -SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx) +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx) { if (idx >= (OSSL_NELEM(ssl_cert_info) + ctx->sigalg_list_len)) return NULL; diff --git a/ssl/ssl_cert_table.h b/ssl/ssl_cert_table.h index 28918b9767..e4dc8063b1 100644 --- a/ssl/ssl_cert_table.h +++ b/ssl/ssl_cert_table.h @@ -10,7 +10,7 @@ /* * Certificate table information. NB: table entries must match SSL_PKEY indices */ -static SSL_CERT_LOOKUP ssl_cert_info [] = { +static const SSL_CERT_LOOKUP ssl_cert_info [] = { {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */ {EVP_PKEY_RSA_PSS, SSL_aRSA}, /* SSL_PKEY_RSA_PSS_SIGN */ {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */ diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 8360991ce4..31c0d5af1d 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -2234,7 +2234,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx) { - SSL_CERT_LOOKUP *cl; + const SSL_CERT_LOOKUP *cl; /* A provider-loaded key type is always enabled */ if (idx >= SSL_PKEY_NUM) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index d1ef358932..ed9f54b06f 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2531,10 +2531,10 @@ __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp); __owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx, SSL_CTX *ctx); -__owur SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, - size_t *pidx, - SSL_CTX *ctx); -__owur SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx); +__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, + size_t *pidx, + SSL_CTX *ctx); +__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx, SSL_CTX *ctx); int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); |