Store SRTP_PROTECTION_PROFILES as const.
They're small, but they should be read-only. This slightly changes public API
and affects downstream WebRTC code.
Hold on landing this until https://webrtc-codereview.appspot.com/34649004/
rolls into Chromium.
Change-Id: I93cbae20f69d55411d6b1cb62ed7d9a81c83b701
Reviewed-on: https://boringssl-review.googlesource.com/2720
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h
index 860362b..3f5a53e 100644
--- a/include/openssl/srtp.h
+++ b/include/openssl/srtp.h
@@ -148,7 +148,8 @@
/* SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if
* SRTP was not negotiated. */
-OPENSSL_EXPORT SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+OPENSSL_EXPORT const SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(
+ SSL *s);
/* Deprecated functions */
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 61fb778..3b3d114 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1337,8 +1337,13 @@
uint8_t *next_proto_negotiated;
size_t next_proto_negotiated_len;
- STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */
- SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */
+ /* srtp_profiles is the list of configured SRTP protection profiles for
+ * DTLS-SRTP. */
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+
+ /* srtp_profile is the selected SRTP protection profile for
+ * DTLS-SRTP. */
+ const SRTP_PROTECTION_PROFILE *srtp_profile;
/* Copied from the SSL_CTX. For a server, means that we'll accept
* Channel IDs from clients. For a client, means that we'll advertise
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
index 6cde95d..0eeda7f 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -145,7 +145,6 @@
* STACK_OF:POLICYINFO
* STACK_OF:POLICYQUALINFO
* STACK_OF:POLICY_MAPPING
- * STACK_OF:SRTP_PROTECTION_PROFILE
* STACK_OF:SSL_COMP
* STACK_OF:STACK_OF_X509_NAME_ENTRY
* STACK_OF:SXNETID
@@ -168,9 +167,10 @@
* STACK_OF:X509_VERIFY_PARAM
* STACK_OF:void
*
- * We declare STACK_OF(SSL_CIPHER) differently; every SSL_CIPHER is const,
- * so the stack should return const pointers to retain type-checking.
+ * Some stacks contain only const structures, so the stack should return const
+ * pointers to retain type-checking.
*
+ * CONST_STACK_OF:SRTP_PROTECTION_PROFILE
* CONST_STACK_OF:SSL_CIPHER */
diff --git a/include/openssl/stack_macros.h b/include/openssl/stack_macros.h
index 0370899..a62fce3 100644
--- a/include/openssl/stack_macros.h
+++ b/include/openssl/stack_macros.h
@@ -1792,92 +1792,6 @@
comp)))
-/* SRTP_PROTECTION_PROFILE */
-#define sk_SRTP_PROTECTION_PROFILE_new(comp) \
- ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_new( \
- CHECKED_CAST(stack_cmp_func, int (*)(const SRTP_PROTECTION_PROFILE **a, \
- const SRTP_PROTECTION_PROFILE **b), \
- comp)))
-
-#define sk_SRTP_PROTECTION_PROFILE_new_null() \
- ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_new_null())
-
-#define sk_SRTP_PROTECTION_PROFILE_num(sk) \
- sk_num(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
-
-#define sk_SRTP_PROTECTION_PROFILE_zero(sk) \
- sk_zero(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk));
-
-#define sk_SRTP_PROTECTION_PROFILE_value(sk, i) \
- ((SRTP_PROTECTION_PROFILE *)sk_value( \
- CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- (i)))
-
-#define sk_SRTP_PROTECTION_PROFILE_set(sk, i, p) \
- ((SRTP_PROTECTION_PROFILE *)sk_set( \
- CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), (i), \
- CHECKED_CAST(void *, SRTP_PROTECTION_PROFILE *, p)))
-
-#define sk_SRTP_PROTECTION_PROFILE_free(sk) \
- sk_free(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
-
-#define sk_SRTP_PROTECTION_PROFILE_pop_free(sk, free_func) \
- sk_pop_free(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- CHECKED_CAST(void (*)(void *), \
- void (*)(SRTP_PROTECTION_PROFILE *), free_func))
-
-#define sk_SRTP_PROTECTION_PROFILE_insert(sk, p, where) \
- sk_insert(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- CHECKED_CAST(void *, SRTP_PROTECTION_PROFILE *, p), (where))
-
-#define sk_SRTP_PROTECTION_PROFILE_delete(sk, where) \
- ((SRTP_PROTECTION_PROFILE *)sk_delete( \
- CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- (where)))
-
-#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(sk, p) \
- ((SRTP_PROTECTION_PROFILE *)sk_delete_ptr( \
- CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- CHECKED_CAST(void *, SRTP_PROTECTION_PROFILE *, p)))
-
-#define sk_SRTP_PROTECTION_PROFILE_find(sk, out_index, p) \
- sk_find(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- (out_index), CHECKED_CAST(void *, SRTP_PROTECTION_PROFILE *, p))
-
-#define sk_SRTP_PROTECTION_PROFILE_shift(sk) \
- ((SRTP_PROTECTION_PROFILE *)sk_shift( \
- CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk)))
-
-#define sk_SRTP_PROTECTION_PROFILE_push(sk, p) \
- sk_push(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- CHECKED_CAST(void *, SRTP_PROTECTION_PROFILE *, p))
-
-#define sk_SRTP_PROTECTION_PROFILE_pop(sk) \
- ((SRTP_PROTECTION_PROFILE *)sk_pop( \
- CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk)))
-
-#define sk_SRTP_PROTECTION_PROFILE_dup(sk) \
- ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_dup( \
- CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk)))
-
-#define sk_SRTP_PROTECTION_PROFILE_sort(sk) \
- sk_sort(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
-
-#define sk_SRTP_PROTECTION_PROFILE_is_sorted(sk) \
- sk_is_sorted( \
- CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
-
-#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, comp) \
- ((int (*)(const SRTP_PROTECTION_PROFILE **a, \
- const SRTP_PROTECTION_PROFILE **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- CHECKED_CAST(stack_cmp_func, \
- int (*)(const SRTP_PROTECTION_PROFILE **a, \
- const SRTP_PROTECTION_PROFILE **b), \
- comp)))
-
-
/* SSL_COMP */
#define sk_SSL_COMP_new(comp) \
((STACK_OF(SSL_COMP) *)sk_new(CHECKED_CAST( \
@@ -3468,6 +3382,94 @@
comp)))
+/* SRTP_PROTECTION_PROFILE */
+#define sk_SRTP_PROTECTION_PROFILE_new(comp) \
+ ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_new(CHECKED_CAST( \
+ stack_cmp_func, int (*)(const const SRTP_PROTECTION_PROFILE **a, \
+ const const SRTP_PROTECTION_PROFILE **b), \
+ comp)))
+
+#define sk_SRTP_PROTECTION_PROFILE_new_null() \
+ ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_new_null())
+
+#define sk_SRTP_PROTECTION_PROFILE_num(sk) \
+ sk_num(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
+
+#define sk_SRTP_PROTECTION_PROFILE_zero(sk) \
+ sk_zero(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk));
+
+#define sk_SRTP_PROTECTION_PROFILE_value(sk, i) \
+ ((const SRTP_PROTECTION_PROFILE *)sk_value( \
+ CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ (i)))
+
+#define sk_SRTP_PROTECTION_PROFILE_set(sk, i, p) \
+ ((const SRTP_PROTECTION_PROFILE *)sk_set( \
+ CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), (i), \
+ CHECKED_CAST(void *, const SRTP_PROTECTION_PROFILE *, p)))
+
+#define sk_SRTP_PROTECTION_PROFILE_free(sk) \
+ sk_free(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
+
+#define sk_SRTP_PROTECTION_PROFILE_pop_free(sk, free_func) \
+ sk_pop_free( \
+ CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ CHECKED_CAST(void (*)(void *), \
+ void (*)(const SRTP_PROTECTION_PROFILE *), free_func))
+
+#define sk_SRTP_PROTECTION_PROFILE_insert(sk, p, where) \
+ sk_insert(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ CHECKED_CAST(void *, const SRTP_PROTECTION_PROFILE *, p), (where))
+
+#define sk_SRTP_PROTECTION_PROFILE_delete(sk, where) \
+ ((const SRTP_PROTECTION_PROFILE *)sk_delete( \
+ CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ (where)))
+
+#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(sk, p) \
+ ((const SRTP_PROTECTION_PROFILE *)sk_delete_ptr( \
+ CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ CHECKED_CAST(void *, const SRTP_PROTECTION_PROFILE *, p)))
+
+#define sk_SRTP_PROTECTION_PROFILE_find(sk, out_index, p) \
+ sk_find(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ (out_index), \
+ CHECKED_CAST(void *, const SRTP_PROTECTION_PROFILE *, p))
+
+#define sk_SRTP_PROTECTION_PROFILE_shift(sk) \
+ ((const SRTP_PROTECTION_PROFILE *)sk_shift( \
+ CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk)))
+
+#define sk_SRTP_PROTECTION_PROFILE_push(sk, p) \
+ sk_push(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ CHECKED_CAST(void *, const SRTP_PROTECTION_PROFILE *, p))
+
+#define sk_SRTP_PROTECTION_PROFILE_pop(sk) \
+ ((const SRTP_PROTECTION_PROFILE *)sk_pop( \
+ CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk)))
+
+#define sk_SRTP_PROTECTION_PROFILE_dup(sk) \
+ ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_dup( \
+ CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk)))
+
+#define sk_SRTP_PROTECTION_PROFILE_sort(sk) \
+ sk_sort(CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
+
+#define sk_SRTP_PROTECTION_PROFILE_is_sorted(sk) \
+ sk_is_sorted( \
+ CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
+
+#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, comp) \
+ ((int (*)(const SRTP_PROTECTION_PROFILE **a, \
+ const SRTP_PROTECTION_PROFILE **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ CHECKED_CAST(stack_cmp_func, \
+ int (*)(const SRTP_PROTECTION_PROFILE **a, \
+ const SRTP_PROTECTION_PROFILE **b), \
+ comp)))
+
+
/* SSL_CIPHER */
#define sk_SSL_CIPHER_new(comp) \
((STACK_OF(SSL_CIPHER) *)sk_new(CHECKED_CAST( \
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 96a4593..b85ff9b 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -124,7 +124,7 @@
#include <openssl/srtp.h>
-static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
+static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
{
"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80,
},
@@ -135,8 +135,9 @@
};
static int find_profile_by_name(const char *profile_name,
- SRTP_PROTECTION_PROFILE **pptr, size_t len) {
- SRTP_PROTECTION_PROFILE *p;
+ const SRTP_PROTECTION_PROFILE **pptr,
+ size_t len) {
+ const SRTP_PROTECTION_PROFILE *p;
p = srtp_known_profiles;
while (p->name) {
@@ -152,8 +153,8 @@
}
static int find_profile_by_num(unsigned profile_num,
- SRTP_PROTECTION_PROFILE **pptr) {
- SRTP_PROTECTION_PROFILE *p;
+ const SRTP_PROTECTION_PROFILE **pptr) {
+ const SRTP_PROTECTION_PROFILE *p;
p = srtp_known_profiles;
while (p->name) {
@@ -182,7 +183,7 @@
}
do {
- SRTP_PROTECTION_PROFILE *p;
+ const SRTP_PROTECTION_PROFILE *p;
col = strchr(ptr, ':');
if (find_profile_by_name(ptr, &p, col ? col - ptr : strlen(ptr))) {
@@ -227,7 +228,7 @@
return NULL;
}
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) {
+const SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) {
return s->srtp_profile;
}
@@ -246,7 +247,7 @@
int ct = 0;
int i;
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
- SRTP_PROTECTION_PROFILE *prof;
+ const SRTP_PROTECTION_PROFILE *prof;
clnt = SSL_get_srtp_profiles(s);
ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
@@ -282,7 +283,7 @@
int ssl_parse_clienthello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert) {
CBS profile_ids, srtp_mki;
- SRTP_PROTECTION_PROFILE *cprof, *sprof;
+ const SRTP_PROTECTION_PROFILE *cprof, *sprof;
STACK_OF(SRTP_PROTECTION_PROFILE) *client_profiles = 0, *server_profiles;
size_t i, j;
int ret = 0;
@@ -378,7 +379,7 @@
size_t i;
STACK_OF(SRTP_PROTECTION_PROFILE) *client_profiles;
- SRTP_PROTECTION_PROFILE *prof;
+ const SRTP_PROTECTION_PROFILE *prof;
/* The extension consists of a u16-prefixed profile ID list containing a
* single uint16_t profile ID, then followed by a u8-prefixed srtp_mki field.