[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Wed Jan 10 17:53:04 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via 19c708d77d6b61fbd46c13d43f2b078eae5362f9 (commit)
from 32859f608c2fe876c418e94e3883ab04083cac75 (commit)
- Log -----------------------------------------------------------------
commit 19c708d77d6b61fbd46c13d43f2b078eae5362f9
Author: Patrick Schlangen <patrick at schlangen.me>
Date: Wed Jan 10 12:06:35 2018 -0500
Make data argument const in SSL_dane_tlsa_add
The data argument of SSL_dane_tlsa_add is used read-only, so it
should be const.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5056)
(cherry picked from commit a41a6120cdcb7e883481bc1bed55e7157c9255c4)
-----------------------------------------------------------------------
Summary of changes:
doc/ssl/SSL_CTX_dane_enable.pod | 2 ++
include/openssl/ssl.h | 2 +-
ssl/ssl_lib.c | 4 ++--
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod
index cb71d3a..288a12f 100644
--- a/doc/ssl/SSL_CTX_dane_enable.pod
+++ b/doc/ssl/SSL_CTX_dane_enable.pod
@@ -76,6 +76,8 @@ TLSA records that apply to the remote TLS peer.
The arguments specify the fields of the TLSA record.
The B<data> field is provided in binary (wire RDATA) form, not the hexadecimal
ASCII presentation form, with an explicit length passed via B<dlen>.
+The library takes a copy of the B<data> buffer contents and the caller may
+free the original B<data> buffer when convenient.
A return value of 0 indicates that "unusable" TLSA records (with invalid or
unsupported parameters) were provided.
A negative return value indicates an internal error in processing the record.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 4cdcdcf..0d08663 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1529,7 +1529,7 @@ __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
uint8_t mtype, uint8_t ord);
__owur int SSL_dane_enable(SSL *s, const char *basedomain);
__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
- uint8_t mtype, unsigned char *data, size_t dlen);
+ uint8_t mtype, unsigned const char *data, size_t dlen);
__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
uint8_t *mtype, unsigned const char **data,
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 8dddee1..a7d4dd1 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -320,7 +320,7 @@ static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
static int dane_tlsa_add(SSL_DANE *dane,
uint8_t usage,
uint8_t selector,
- uint8_t mtype, unsigned char *data, size_t dlen)
+ uint8_t mtype, unsigned const char *data, size_t dlen)
{
danetls_record *t;
const EVP_MD *md = NULL;
@@ -1076,7 +1076,7 @@ SSL_DANE *SSL_get0_dane(SSL *s)
}
int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
- uint8_t mtype, unsigned char *data, size_t dlen)
+ uint8_t mtype, unsigned const char *data, size_t dlen)
{
return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
}
More information about the openssl-commits
mailing list