Mark all SSL_CIPHERs as const.
This lets us put the SSL_CIPHER table in the data section. For type-checking,
make STACK_OF(SSL_CIPHER) cast everything to const SSL_CIPHER*.
Note that this will require some changes in consumers which weren't using a
const SSL_CIPHER *.
Change-Id: Iff734ac0e36f9e5c4a0f3c8411c7f727b820469c
Reviewed-on: https://boringssl-review.googlesource.com/1541
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6b218f2..631ed8b 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -920,7 +920,7 @@
/* check if we want to resume the session based on external pre-shared secret */
if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
{
- SSL_CIPHER *pref_cipher=NULL;
+ const SSL_CIPHER *pref_cipher=NULL;
s->session->master_key_length=sizeof(s->session->master_key);
if (s->tls_session_secret_cb(s, s->session->master_key,
&s->session->master_key_length,
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4e98f33..9a29bf8 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -165,7 +165,7 @@
#define FIXED_NONCE_LEN(x) ((x/2)<<24)
/* list of available SSLv3 ciphers (sorted by id) */
-SSL_CIPHER ssl3_ciphers[]={
+const SSL_CIPHER ssl3_ciphers[]={
/* The RSA ciphers */
/* Cipher 04 */
@@ -2671,10 +2671,10 @@
return NULL;
}
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
struct ssl_cipher_preference_list_st *server_pref)
{
- SSL_CIPHER *c,*ret=NULL;
+ const SSL_CIPHER *c,*ret=NULL;
STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
int i,ok;
size_t cipher_index;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 6a028ef..19a121d 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -821,7 +821,7 @@
{
int i,ok,al=SSL_AD_INTERNAL_ERROR,ret= -1;
long n;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *ciphers=NULL;
struct ssl_early_callback_ctx early_ctx;
CBS client_hello;
@@ -1152,7 +1152,7 @@
if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
{
- SSL_CIPHER *pref_cipher=NULL;
+ const SSL_CIPHER *pref_cipher=NULL;
s->session->master_key_length=sizeof(s->session->master_key);
if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 62f790f..2371553 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -690,7 +690,7 @@
if ((algorithm_ssl & mask_ssl) == 0)
continue;
- *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+ *ca_curr = cipher_aliases + i;
ca_curr++;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ecc0c27..ea8af85 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1398,7 +1398,7 @@
/** The old interface to get the same thing as SSL_get_ciphers() */
const char *SSL_get_cipher_list(const SSL *s,int n)
{
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
if (s == NULL) return(NULL);
@@ -1472,7 +1472,7 @@
{
char *p;
STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
int i;
if ((s->session == NULL) || (s->session->ciphers == NULL) ||
@@ -1510,7 +1510,7 @@
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
{
int i;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
CERT *ct = s->cert;
unsigned char *q;
int no_scsv = s->renegotiate;
@@ -1546,7 +1546,7 @@
{
if (!no_scsv)
{
- static SSL_CIPHER scsv =
+ static const SSL_CIPHER scsv =
{
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
@@ -1557,7 +1557,7 @@
}
if (s->fallback_scsv)
{
- static SSL_CIPHER fallback_scsv =
+ static const SSL_CIPHER fallback_scsv =
{
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 8a549d1..b28c936 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -690,7 +690,7 @@
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-extern SSL_CIPHER ssl3_ciphers[];
+extern const SSL_CIPHER ssl3_ciphers[];
SSL_METHOD *ssl_bad_method(int ver);
@@ -934,7 +934,7 @@
int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
void ssl3_free_digest_list(SSL *s);
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
+const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
struct ssl_cipher_preference_list_st *srvr);
int ssl3_setup_buffers(SSL *s);
int ssl3_setup_read_buffer(SSL *s);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 0b6a6e3..50d9190 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -851,7 +851,7 @@
}
int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
- STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
+ STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg), void *arg)
{
if (s == NULL) return(0);
s->tls_session_secret_cb = tls_session_secret_cb;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f6518c4..cdbc6c3 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -937,7 +937,7 @@
for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
{
- SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+ const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
