diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_lib.c | 4 | ||||
| -rw-r--r-- | ssl/s23_lib.c | 7 | ||||
| -rw-r--r-- | ssl/s2_lib.c | 18 | ||||
| -rw-r--r-- | ssl/s2_meth.c | 6 | ||||
| -rw-r--r-- | ssl/s2_srvr.c | 2 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 2 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 13 | ||||
| -rw-r--r-- | ssl/s3_meth.c | 6 | ||||
| -rw-r--r-- | ssl/ssl.h | 8 | ||||
| -rw-r--r-- | ssl/ssl3.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 19 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 10 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 24 | ||||
| -rw-r--r-- | ssl/ssltest.c | 4 |
14 files changed, 64 insertions, 61 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d9486916f2..bd28b75e84 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -175,9 +175,9 @@ void dtls1_clear(SSL *s) * to explicitly list their SSL_* codes. Currently RC4 is the only one * available, but if new ones emerge, they will have to be added... */ -SSL_CIPHER *dtls1_get_cipher(unsigned int u) +const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { - SSL_CIPHER *ciph = ssl3_get_cipher(u); + const SSL_CIPHER *ciph = ssl3_get_cipher(u); if (ciph != NULL) { diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 88fb564a2b..e3fce53430 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -74,7 +74,7 @@ int ssl23_num_ciphers(void) ); } -SSL_CIPHER *ssl23_get_cipher(unsigned int u) +const SSL_CIPHER *ssl23_get_cipher(unsigned int u) { unsigned int uu=ssl3_num_ciphers(); @@ -90,9 +90,10 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u) /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; int n; diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 25148d3397..d93a2c797f 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -121,7 +121,7 @@ const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) /* list of available SSLv2 ciphers (sorted by id) */ -OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ +OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={ #if 0 /* NULL_WITH_MD5 v3 */ { @@ -303,7 +303,7 @@ int ssl2_num_ciphers(void) return(SSL2_NUM_CIPHERS); } -SSL_CIPHER *ssl2_get_cipher(unsigned int u) +const SSL_CIPHER *ssl2_get_cipher(unsigned int u) { if (u < SSL2_NUM_CIPHERS) return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u])); @@ -412,20 +412,22 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return(0); } +IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER, + ssl_cipher_id_cmp); + /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; id=0x02000000L|((unsigned long)p[0]<<16L)| ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; c.id=id; - cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, - (char *)ssl2_ciphers, - SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER), - FP_ICC ssl_cipher_id_cmp); + cp = OBJ_bsearch(const SSL_CIPHER, &c, const SSL_CIPHER, ssl2_ciphers, + SSL2_NUM_CIPHERS, ssl_cipher_id_cmp); if ((cp == NULL) || (cp->valid == 0)) return NULL; else diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index 2bffa78ff4..f0e8ca593d 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c @@ -71,9 +71,9 @@ static const SSL_METHOD *ssl2_get_method(int ver) } IMPLEMENT_ssl2_meth_func(SSLv2_method, - ssl2_accept, - ssl2_connect, - ssl2_get_method) + ssl2_accept, + ssl2_connect, + ssl2_get_method) #else /* !OPENSSL_NO_SSL2 */ diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 6490d0bf1b..b43a046aa6 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -366,7 +366,7 @@ static int get_client_master_key(SSL *s) int is_export,i,n,keya,ek; unsigned long len; unsigned char *p; - SSL_CIPHER *cp; + const SSL_CIPHER *cp; const EVP_CIPHER *c; const EVP_MD *md; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e339dbc431..aae133429c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -719,7 +719,7 @@ err: int ssl3_get_server_hello(SSL *s) { STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; + const SSL_CIPHER *c; unsigned char *p,*d; int i,al,ok; unsigned int j; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f09238f187..7e896997b2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2101,7 +2101,7 @@ int ssl3_num_ciphers(void) return(SSL3_NUM_CIPHERS); } -SSL_CIPHER *ssl3_get_cipher(unsigned int u) +const SSL_CIPHER *ssl3_get_cipher(unsigned int u) { if (u < SSL3_NUM_CIPHERS) return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); @@ -2786,17 +2786,16 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) /* This function needs to check if the ciphers required are actually * available */ -SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; + SSL_CIPHER c; + const SSL_CIPHER *cp; unsigned long id; id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; c.id=id; - cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, - (char *)ssl3_ciphers, - SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), - FP_ICC ssl_cipher_id_cmp); + cp = OBJ_bsearch(SSL_CIPHER, &c, SSL_CIPHER, ssl3_ciphers, + SSL3_NUM_CIPHERS, ssl_cipher_id_cmp); if (cp == NULL || cp->valid == 0) return NULL; else diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c index 6b39ce89f6..cdddb17b62 100644 --- a/ssl/s3_meth.c +++ b/ssl/s3_meth.c @@ -70,8 +70,8 @@ static const SSL_METHOD *ssl3_get_method(int ver) } IMPLEMENT_ssl3_meth_func(SSLv3_method, - ssl3_accept, - ssl3_connect, - ssl3_get_method) + ssl3_accept, + ssl3_connect, + ssl3_get_method) @@ -401,11 +401,11 @@ typedef struct ssl_method_st int (*ssl_dispatch_alert)(SSL *s); long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); - SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); + const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); int (*ssl_pending)(const SSL *s); int (*num_ciphers)(void); - SSL_CIPHER *(*get_cipher)(unsigned ncipher); + const SSL_CIPHER *(*get_cipher)(unsigned ncipher); const struct ssl_method_st *(*get_ssl_method)(int version); long (*get_timeout)(void); struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ @@ -483,7 +483,7 @@ typedef struct ssl_session_st int compress_meth; /* Need to lookup the method */ - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this * needs to be used to load * the 'cipher' structure */ @@ -1431,7 +1431,7 @@ int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); -SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 646a8e6cce..56f17f66d3 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -465,7 +465,7 @@ typedef struct ssl3_state_st int message_type; /* used to hold the new cipher we are going to use */ - SSL_CIPHER *new_cipher; + const SSL_CIPHER *new_cipher; #ifndef OPENSSL_NO_DH DH *dh; #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c31d6e0c78..e60a490a52 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -207,7 +207,7 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ typedef struct cipher_order_st { - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; int active; int dead; struct cipher_order_st *next,*prev; @@ -437,7 +437,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) { int i; - SSL_CIPHER *c; + const SSL_CIPHER *c; c=s->cipher; if (c == NULL) return(0); @@ -682,7 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { int i, co_list_num; - SSL_CIPHER *c; + const SSL_CIPHER *c; /* * We have num_of_ciphers descriptions compiled in, depending on the @@ -745,7 +745,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, } } -static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, +static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, unsigned long disabled_mkey, unsigned long disabled_auth, unsigned long disabled_enc, unsigned long disabled_mac, @@ -753,7 +753,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, CIPHER_ORDER *head) { CIPHER_ORDER *ciph_curr; - SSL_CIPHER **ca_curr; + const SSL_CIPHER **ca_curr; int i; unsigned long mask_mkey = ~disabled_mkey; unsigned long mask_auth = ~disabled_auth; @@ -823,7 +823,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *curr2, *last; - SSL_CIPHER *cp; + const SSL_CIPHER *cp; int reverse = 0; #ifdef CIPHER_DEBUG @@ -999,7 +999,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, - SSL_CIPHER **ca_list) + const SSL_CIPHER **ca_list) { unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; const char *l, *start, *buf; @@ -1258,7 +1258,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; - SSL_CIPHER **ca_list = NULL; + const SSL_CIPHER **ca_list = NULL; /* * Return with error if nothing to do. @@ -1345,8 +1345,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = - (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); + ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); if (ca_list == NULL) { OPENSSL_free(co_list); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 203bce661a..803894c44f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1348,7 +1348,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp) { - SSL_CIPHER *c; + const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; @@ -1751,7 +1751,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) X509_VERIFY_PARAM_set_depth(ctx->param, depth); } -void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) +void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) { CERT_PKEY *cpk; int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; @@ -1963,7 +1963,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) +int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) { unsigned long alg_k, alg_a; EVP_PKEY *pkey = NULL; @@ -2109,7 +2109,7 @@ X509 *ssl_get_server_send_cert(SSL *s) return(c->pkeys[i].x509); } -EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) +EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher) { unsigned long alg_a; CERT *c; @@ -2547,7 +2547,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s) return(NULL); } -SSL_CIPHER *SSL_get_current_cipher(const SSL *s) +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL)) return(s->session->cipher); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a499a16ea5..ad69a71ff5 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -577,7 +577,7 @@ typedef struct ssl3_buf_freelist_entry_st #endif extern SSL3_ENC_METHOD ssl3_undef_enc_method; -OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; +OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; @@ -784,6 +784,8 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); +DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(const SSL_CIPHER, const SSL_CIPHER, + ssl_cipher_id_cmp); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, @@ -803,9 +805,9 @@ int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); X509 *ssl_get_server_send_cert(SSL *); -EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); +EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); +void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); @@ -814,7 +816,7 @@ int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); void ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); -SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); int ssl2_part_read(SSL *s, unsigned long f, int i); int ssl2_do_write(SSL *s); @@ -822,7 +824,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); void ssl2_return_error(SSL *s,int reason); void ssl2_write_error(SSL *s); int ssl2_num_ciphers(void); -SSL_CIPHER *ssl2_get_cipher(unsigned int u); +const SSL_CIPHER *ssl2_get_cipher(unsigned int u); int ssl2_new(SSL *s); void ssl2_free(SSL *s); int ssl2_accept(SSL *s); @@ -839,7 +841,7 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); int ssl2_pending(const SSL *s); long ssl2_default_timeout(void ); -SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); void ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); @@ -858,7 +860,7 @@ int ssl3_get_req_cert_type(SSL *s,unsigned char *p); long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); int ssl3_num_ciphers(void); -SSL_CIPHER *ssl3_get_cipher(unsigned int u); +const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl); int ssl3_dispatch_alert(SSL *s); @@ -899,12 +901,12 @@ int ssl3_do_change_cipher_spec(SSL *ssl); long ssl3_default_timeout(void ); int ssl23_num_ciphers(void ); -SSL_CIPHER *ssl23_get_cipher(unsigned int u); +const SSL_CIPHER *ssl23_get_cipher(unsigned int u); int ssl23_read(SSL *s, void *buf, int len); int ssl23_peek(SSL *s, void *buf, int len); int ssl23_write(SSL *s, const void *buf, int len); int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); +const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); long ssl23_default_timeout(void ); long tls1_default_timeout(void); @@ -934,7 +936,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); long dtls1_default_timeout(void); -SSL_CIPHER *dtls1_get_cipher(unsigned int u); +const SSL_CIPHER *dtls1_get_cipher(unsigned int u); /* some client-only functions */ @@ -1020,7 +1022,7 @@ int ssl3_alert_code(int code); int ssl_ok(SSL *s); #ifndef OPENSSL_NO_ECDH -int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); +int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs); #endif SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index b20ab0fb05..c76f6677b4 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -317,7 +317,7 @@ static void sv_usage(void) static void print_details(SSL *c_ssl, const char *prefix) { - SSL_CIPHER *ciph; + const SSL_CIPHER *ciph; X509 *cert; ciph=SSL_get_current_cipher(c_ssl); @@ -2408,7 +2408,7 @@ static int do_test_cipherlist(void) { int i = 0; const SSL_METHOD *meth; - SSL_CIPHER *ci, *tci = NULL; + const SSL_CIPHER *ci, *tci = NULL; #ifndef OPENSSL_NO_SSL2 fprintf(stderr, "testing SSLv2 cipher list order: "); |