Change TLSEXT_IDX_* values into an enum

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

ssl/ssl_locl.h

@@ -1650,24 +1650,26 @@ typedef struct raw_extension_st {
  * Extension index values NOTE: Any updates to these defines should be mirrored
  * with equivalent updates to ext_defs in extensions.c
  */
-#define TLSEXT_IDX_renegotiate                                   0
-#define TLSEXT_IDX_server_name                                   1
-#define TLSEXT_IDX_srp                                           2
-#define TLSEXT_IDX_ec_point_formats                              3
-#define TLSEXT_IDX_supported_groups                              4
-#define TLSEXT_IDX_session_ticket                                5
-#define TLSEXT_IDX_signature_algorithms                          6
-#define TLSEXT_IDX_status_request                                7
-#define TLSEXT_IDX_next_proto_neg                                8
-#define TLSEXT_IDX_application_layer_protocol_negotiation        9
-#define TLSEXT_IDX_use_srtp                                     10
-#define TLSEXT_IDX_encrypt_then_mac                             11
-#define TLSEXT_IDX_signed_certificate_timestamp                 12
-#define TLSEXT_IDX_extended_master_secret                       13
-#define TLSEXT_IDX_supported_versions                           14
-#define TLSEXT_IDX_key_share                                    15
-#define TLSEXT_IDX_cryptopro_bug                                16
-#define TLSEXT_IDX_padding                                      17
+typedef enum tlsext_index_en {
+    TLSEXT_IDX_renegotiate,
+    TLSEXT_IDX_server_name,
+    TLSEXT_IDX_srp,
+    TLSEXT_IDX_ec_point_formats,
+    TLSEXT_IDX_supported_groups,
+    TLSEXT_IDX_session_ticket,
+    TLSEXT_IDX_signature_algorithms,
+    TLSEXT_IDX_status_request,
+    TLSEXT_IDX_next_proto_neg,
+    TLSEXT_IDX_application_layer_protocol_negotiation,
+    TLSEXT_IDX_use_srtp,
+    TLSEXT_IDX_encrypt_then_mac,
+    TLSEXT_IDX_signed_certificate_timestamp,
+    TLSEXT_IDX_extended_master_secret,
+    TLSEXT_IDX_supported_versions,
+    TLSEXT_IDX_key_share,
+    TLSEXT_IDX_cryptopro_bug,
+    TLSEXT_IDX_padding
+} TLSEXT_INDEX;
 
 #define MAX_COMPRESSIONS_SIZE   255
 

ssl/statem/extensions.c

@@ -260,7 +260,7 @@ static int verify_extension(SSL *s, unsigned int context, unsigned int type,
 {
     size_t i;
     size_t builtin_num = OSSL_NELEM(ext_defs);
-    EXTENSION_DEFINITION *thisext;
+    const EXTENSION_DEFINITION *thisext;
 
     for (i = 0, thisext = ext_defs; i < builtin_num; i++, thisext++) {
         if (type == thisext->type) {
@@ -344,11 +344,10 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
                            RAW_EXTENSION **res, int *al)
 {
     PACKET extensions = *packet;
-    size_t i = 0, idx;
-    int found = 0;
+    size_t i = 0;
     custom_ext_methods *exts = NULL;
     RAW_EXTENSION *raw_extensions = NULL;
-    EXTENSION_DEFINITION *thisexd;
+    const EXTENSION_DEFINITION *thisexd;
 
     /*
      * Initialise server side custom extensions. Client side is done during
@@ -427,7 +426,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
  * or 0 on failure. In the event of a failure |*al| is populated with a suitable
  * alert code. If an extension is not present this counted as success.
  */
-int tls_parse_extension(SSL *s, unsigned int idx, int context,
+int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
                         RAW_EXTENSION *exts, int *al)
 {
     RAW_EXTENSION *currext = &exts[idx];
@@ -497,7 +496,7 @@ int tls_parse_extension(SSL *s, unsigned int idx, int context,
 int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, int *al)
 {
     size_t i, numexts = OSSL_NELEM(ext_defs);
-    EXTENSION_DEFINITION *thisexd;
+    const EXTENSION_DEFINITION *thisexd;
 
     /* Calculate the number of extensions in the extensions list */
     if ((context & EXT_CLIENT_HELLO) != 0) {
@@ -508,7 +507,7 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, int *al)
 
     /* Parse each extension in turn */
     for (i = 0; i < numexts; i++) {
-        if (!tls_parse_extension(s, loop, context, exts, al))
+        if (!tls_parse_extension(s, i, context, exts, al))
             return 0;
     }
 
@@ -537,7 +536,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
 {
     size_t i;
     int addcustom = 0, min_version, max_version = 0, reason, tmpal;
-    EXTENSION_DEFINITION *thisexd;
+    const EXTENSION_DEFINITION *thisexd;
 
     /*
      * Normally if something goes wrong during construction it's an internal
@@ -591,7 +590,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
         int (*construct)(SSL *s, WPACKET *pkt, int *al);
 
         /* Skip if not relevant for our context */
-        if ((ext_defs[loop].context & context) == 0)
+        if ((thisexd->context & context) == 0)
             continue;
 
         construct = s->server ? thisexd->construct_stoc

ssl/statem/extensions_srvr.c

@@ -413,7 +413,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, int *al)
          * does nothing.
          */
         for (i = 0; i < srtp_pref; i++) {
-            const SRTP_PROTECTION_PROFILE *sprof =
+            SRTP_PROTECTION_PROFILE *sprof =
                 sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
 
             if (sprof->id == id) {