diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-14 03:38:27 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-14 03:38:27 +0000 |
| commit | ffec29756ed988e61762e3012836a79600419144 (patch) | |
| tree | db579334cfe2cd8160f2341b32f204bc48c593d0 /lib | |
| parent | 939bee7190b042054c284ff8cbe061906ddef123 (diff) | |
Convert ssl_parse_clienthello_use_srtp_ext to CBS.
ok miod@ jsing@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/d1_srtp.c | 63 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 4 |
2 files changed, 25 insertions, 42 deletions
diff --git a/lib/libssl/d1_srtp.c b/lib/libssl/d1_srtp.c index 7c426f1145a..801eab1b76f 100644 --- a/lib/libssl/d1_srtp.c +++ b/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.11 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.12 2015/07/14 03:38:26 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -123,9 +123,9 @@ #ifndef OPENSSL_NO_SRTP +#include "bytestring.h" #include "srtp.h" - static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { "SRTP_AES128_CM_SHA1_80", @@ -293,65 +293,48 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) int -ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) +ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, + int *al) { SRTP_PROTECTION_PROFILE *cprof, *sprof; STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr; - int ct; - int mki_len; int i, j; - int id; int ret = 1; + uint16_t id; + CBS cbs, ciphers, mki; - /* Length value + the MKI length */ - if (len < 3) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al = SSL_AD_DECODE_ERROR; - goto done; - } - - /* Pull off the length of the cipher suite list */ - n2s(d, ct); - len -= 2; - - /* Check that it is even */ - if (ct % 2) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al = SSL_AD_DECODE_ERROR; - goto done; - } + CBS_init(&cbs, d, len); - /* Check that lengths are consistent */ - if (len < (ct + 1)) { + /* Pull off the cipher suite list */ + if (len < 0 || + !CBS_get_u16_length_prefixed(&cbs, &ciphers) || + CBS_len(&ciphers) % 2 || + CBS_len(&cbs) != 0) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; goto done; } - clnt = sk_SRTP_PROTECTION_PROFILE_new_null(); - while (ct) { - n2s(d, id); - ct -= 2; - len -= 2; + while (CBS_len(&ciphers) > 0) { + if (!CBS_get_u16(&ciphers, &id)) { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + *al = SSL_AD_DECODE_ERROR; + goto done; + } - if (!find_profile_by_num(id, &cprof)) { + if (!find_profile_by_num(id, &cprof)) sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof); - } else { + else ; /* Ignore */ - } } /* Extract the MKI value as a sanity check, but discard it for now. */ - mki_len = *d; - d++; - len--; - - if (mki_len != len) { + if (!CBS_get_u8_length_prefixed(&cbs, &mki) || + CBS_len(&cbs) != 0) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE); *al = SSL_AD_DECODE_ERROR; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 8116bfddfae..0056daa1555 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.94 2015/06/28 00:08:27 doug Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.95 2015/07/14 03:38:26 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -850,7 +850,7 @@ int tls1_check_ec_tmp_key(SSL *s); int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); -int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, +int ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int *al); int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); |