mbedtls_ssl_conf_alpn_protocols: declare list elements as const
This reflects the fact that the library will not modify the list, and allows
the list to be read from a const buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt
new file mode 100644
index 0000000..0e396bb
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt
@@ -0,0 +1,4 @@
+API changes
+ * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared
+ as having const elements, reflecting the fact that the library will
+ not modify it
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c77cec8..60e5829 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1569,7 +1569,7 @@
#endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_SSL_ALPN)
- const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
+ const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -4011,7 +4011,8 @@
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
-int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos);
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+ const char *const *protos);
/**
* \brief Get the name of the negotiated Application Layer Protocol.
diff --git a/library/ssl_client.c b/library/ssl_client.c
index cb57a97..307da0f 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -141,7 +141,7 @@
* ProtocolName protocol_name_list<2..2^16-1>
* } ProtocolNameList;
*/
- for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
+ for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
/*
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
* protocol names is less than 255.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f95f3c7..1c0aab0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2534,10 +2534,11 @@
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN)
-int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+ const char *const *protos)
{
size_t cur_len, tot_len;
- const char **p;
+ const char *const *p;
/*
* RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
@@ -5111,7 +5112,7 @@
#if defined(MBEDTLS_SSL_ALPN)
{
uint8_t alpn_len;
- const char **cur;
+ const char *const *cur;
if ((size_t) (end - p) < 1) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -8547,7 +8548,7 @@
}
/* Use our order of preference */
- for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
+ for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
size_t const alpn_len = strlen(*alpn);
p = protocol_name_list;
while (p < protocol_name_list_end) {
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index df7dfbf..ec778f9 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -869,7 +869,7 @@
const unsigned char *buf, size_t len)
{
size_t list_len, name_len;
- const char **p;
+ const char *const *p;
/* If we didn't send it, the server shouldn't send it */
if (ssl->conf->alpn_list == NULL) {
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 9386801..b7b075c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -158,7 +158,7 @@
/* Check that the server chosen protocol was in our list and save it */
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len);
- for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
+ for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
if (protocol_name_len == strlen(*alpn) &&
memcmp(p, *alpn, protocol_name_len) == 0) {
ssl->alpn_chosen = *alpn;