libssl: const correct ssl_*version* API · bda9fb276b - src

mirror of https://github.com/openbsd/src.git synced 2026-06-17 23:03:29 +02:00

libssl: const correct ssl_version API

None of these functions modifies the SSL pointer. An upcoming diff will
need to call one of them with a const pointer, so fix all of them.

ok jsing kenjiro

This commit is contained in:

2026-06-04 12:05:57 +00:00

parent b583cabed5

commit bda9fb276b

2 changed files with 21 additions and 18 deletions

									
										lib/libssl/ssl_local.h
									
		+11
		-9
	
												View File
												
				@@ -1,4 +1,4 @@

				/* $OpenBSD: ssl_local.h,v 1.39 2026/05/31 14:34:44 jsing Exp $ */

				/* $OpenBSD: ssl_local.h,v 1.40 2026/06/04 12:05:57 tb Exp $ */

				/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

				 * All rights reserved.

				 *

				@@ -1177,15 +1177,17 @@ int ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver,

				    uint16_t max_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver);

				int ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver,

				    uint16_t min_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver);

				int ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);

				int ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);

				int ssl_enabled_tls_version_range(const SSL *s, uint16_t *min_ver,

				    uint16_t *max_ver);

				int ssl_supported_tls_version_range(const SSL *s, uint16_t *min_ver,

				    uint16_t *max_ver);

				uint16_t ssl_tls_version(uint16_t version);

				uint16_t ssl_effective_tls_version(SSL *s);

				int ssl_max_supported_version(SSL *s, uint16_t *max_ver);

				int ssl_max_legacy_version(SSL *s, uint16_t *max_ver);

				int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);

				int ssl_check_version_from_server(SSL *s, uint16_t server_version);

				int ssl_legacy_stack_version(SSL *s, uint16_t version);

				uint16_t ssl_effective_tls_version(const SSL *s);

				int ssl_max_supported_version(const SSL *s, uint16_t *max_ver);

				int ssl_max_legacy_version(const SSL *s, uint16_t *max_ver);

				int ssl_max_shared_version(const SSL *s, uint16_t peer_ver, uint16_t *max_ver);

				int ssl_check_version_from_server(const SSL *s, uint16_t server_version);

				int ssl_legacy_stack_version(const SSL *s, uint16_t version);

				int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher);

				int ssl_cipher_allowed_in_tls_version_range(const SSL_CIPHER *cipher,

				    uint16_t min_ver, uint16_t max_ver);

									
										lib/libssl/ssl_versions.c
									
		+10
		-9
	
												View File
												
				@@ -1,4 +1,4 @@

				/* $OpenBSD: ssl_versions.c,v 1.27 2023/07/02 17:21:32 beck Exp $ */

				/* $OpenBSD: ssl_versions.c,v 1.28 2026/06/04 12:05:57 tb Exp $ */

				/*

				 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>

				 *

				@@ -125,7 +125,7 @@ ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver,

				}

				int

				ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)

				ssl_enabled_tls_version_range(const SSL *s, uint16_t *min_ver, uint16_t *max_ver)

				{

					uint16_t min_version, max_version;

					unsigned long options;

				@@ -186,7 +186,8 @@ ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)

				}

				int

				ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)

				ssl_supported_tls_version_range(const SSL *s, uint16_t *min_ver,

				    uint16_t *max_ver)

				{

					uint16_t min_version, max_version;

				@@ -222,7 +223,7 @@ ssl_tls_version(uint16_t version)

				}

				uint16_t

				ssl_effective_tls_version(SSL *s)

				ssl_effective_tls_version(const SSL *s)

				{

					if (s->s3->hs.negotiated_tls_version > 0)

						return s->s3->hs.negotiated_tls_version;

				@@ -231,7 +232,7 @@ ssl_effective_tls_version(SSL *s)

				}

				int

				ssl_max_supported_version(SSL *s, uint16_t *max_ver)

				ssl_max_supported_version(const SSL *s, uint16_t *max_ver)

				{

					uint16_t max_version;

				@@ -251,7 +252,7 @@ ssl_max_supported_version(SSL *s, uint16_t *max_ver)

				}

				int

				ssl_max_legacy_version(SSL *s, uint16_t *max_ver)

				ssl_max_legacy_version(const SSL *s, uint16_t *max_ver)

				{

					uint16_t max_version;

				@@ -269,7 +270,7 @@ ssl_max_legacy_version(SSL *s, uint16_t *max_ver)

				}

				int

				ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)

				ssl_max_shared_version(const SSL *s, uint16_t peer_ver, uint16_t *max_ver)

				{

					uint16_t min_version, max_version, peer_tls_version, shared_version;

				@@ -338,7 +339,7 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)

				}

				int

				ssl_check_version_from_server(SSL *s, uint16_t server_version)

				ssl_check_version_from_server(const SSL *s, uint16_t server_version)

				{

					uint16_t min_tls_version, max_tls_version, server_tls_version;

				@@ -363,7 +364,7 @@ ssl_check_version_from_server(SSL *s, uint16_t server_version)

				}

				int

				ssl_legacy_stack_version(SSL *s, uint16_t version)

				ssl_legacy_stack_version(const SSL *s, uint16_t version)

				{

					if (SSL_is_dtls(s))

						return version == DTLS1_VERSION || version == DTLS1_2_VERSION;