Chiebot-Mirror
/
boringssl
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Const-correct SSL_get_srtp_profiles.

Browse Source 
This is part of a very deep dependency chain. I'm sniffing at making all
the add_clienthello callbacks const. Between HelloVerifyRequest,
HelloRetryRequest, and soon ECH, we're creating lots of ClientHellos per
connection. That's probably easiest to manage if constructing a
ClientHello had no side effects.

Update-Note: The change to the return type isn't quite compatible, but I
only found one caller of this function, which has since been fixed. (If
we need to return a non-const value for compatibility, we can do that
and document that the caller should not mutate the output.)

Change-Id: I21f18f7438920a5b03d874fa548f054af3a42c4a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47664
Reviewed-by: Adam Langley <agl@google.com>
chromium-5359
David Benjamin 4 years ago committed by Adam Langley
parent 49ee62fe13
commit b778b9c1b3
3 changed files with 7 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      include/openssl/ssl.h
  2. 2
      ssl/d1_srtp.cc
  3. 10
      ssl/t1_lib.cc

4
include/openssl/ssl.h
Unescape View File

@ -3054,8 +3054,8 @@ OPENSSL_EXPORT int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx,
OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ssl, const char *profiles); OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ssl, const char *profiles);
// SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|. // SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|.
OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles( OPENSSL_EXPORT const STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(
SSL *ssl); const SSL *ssl);
// SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if // SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if
// SRTP was not negotiated. // SRTP was not negotiated.

2
ssl/d1_srtp.cc
Unescape View File

@ -202,7 +202,7 @@ int SSL_set_srtp_profiles(SSL *ssl, const char *profiles) {
ssl_ctx_make_profiles(profiles, &ssl->config->srtp_profiles); ssl_ctx_make_profiles(profiles, &ssl->config->srtp_profiles);
} }
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl) { const STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(const SSL *ssl) {
if (ssl == nullptr) { if (ssl == nullptr) {
return nullptr; return nullptr;
} }

10
ssl/t1_lib.cc
Unescape View File

@ -1720,7 +1720,8 @@ static void ext_srtp_init(SSL_HANDSHAKE *hs) {
static bool ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { static bool ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl; SSL *const ssl = hs->ssl;
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl); const STACK_OF(SRTP_PROTECTION_PROFILE) *profiles =
SSL_get_srtp_profiles(ssl);
if (profiles == NULL || if (profiles == NULL ||
sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0) { sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0) {
return true; return true;
@ -1776,11 +1777,8 @@ static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
return false; return false;
} }
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl); // Check to see if the server gave us something we support and offered.
for (const SRTP_PROTECTION_PROFILE *profile : SSL_get_srtp_profiles(ssl)) {
// Check to see if the server gave us something we support (and presumably
// offered).
for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
if (profile->id == profile_id) { if (profile->id == profile_id) {
ssl->s3->srtp_profile = profile; ssl->s3->srtp_profile = profile;
return true; return true;

Write Preview
Loading…
Cancel
Save