mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Convert ssl_parse_serverhello_use_srtp_ext to CBS.

Browse Source 
ok miod@ jsing@
This commit is contained in:
doug 2015-07-17 17:36:24 +00:00
parent c939baa47e
commit 15470c51d0
4 changed files with 34 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
lib/libssl/d1_srtp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: d1_srtp.c,v 1.13 2015/07/15 21:52:02 beck Exp $ */
/* $OpenBSD: d1_srtp.c,v 1.14 2015/07/17 17:36:24 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -404,32 +404,37 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
int
ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int *al)
{
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
SRTP_PROTECTION_PROFILE *prof;
unsigned id;
int i;
int ct;
uint16_t id;
CBS cbs, profile_ids, mki;
if (len != 5) {
if (len < 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 1;
}
n2s(d, ct);
if (ct != 2) {
CBS_init(&cbs, d, len);
/*
* As per RFC 5764 section 4.1.1, server response MUST be a single
* profile id.
*/
if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 1;
}
n2s(d, id);
if (*d) {
/* Must be no MKI, since we never offer one. */
/* Must be no MKI, since we never offer one. */
if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_ILLEGAL_PARAMETER;

25
lib/libssl/src/ssl/d1_srtp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: d1_srtp.c,v 1.13 2015/07/15 21:52:02 beck Exp $ */
/* $OpenBSD: d1_srtp.c,v 1.14 2015/07/17 17:36:24 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -404,32 +404,37 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
int
ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int *al)
{
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
SRTP_PROTECTION_PROFILE *prof;
unsigned id;
int i;
int ct;
uint16_t id;
CBS cbs, profile_ids, mki;
if (len != 5) {
if (len < 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 1;
}
n2s(d, ct);
if (ct != 2) {
CBS_init(&cbs, d, len);
/*
* As per RFC 5764 section 4.1.1, server response MUST be a single
* profile id.
*/
if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 1;
}
n2s(d, id);
if (*d) {
/* Must be no MKI, since we never offer one. */
/* Must be no MKI, since we never offer one. */
if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_ILLEGAL_PARAMETER;

4
lib/libssl/src/ssl/ssl_locl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_locl.h,v 1.95 2015/07/14 03:38:26 doug Exp $ */
/* $OpenBSD: ssl_locl.h,v 1.96 2015/07/17 17:36:24 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -854,7 +854,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d,
int len, int *al);
int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
int *len, int maxlen);
int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d,
int ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d,
int len, int *al);
/* s3_cbc.c */

4
lib/libssl/ssl_locl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_locl.h,v 1.95 2015/07/14 03:38:26 doug Exp $ */
/* $OpenBSD: ssl_locl.h,v 1.96 2015/07/17 17:36:24 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -854,7 +854,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d,
int len, int *al);
int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
int *len, int maxlen);
int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d,
int ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d,
int len, int *al);
/* s3_cbc.c */