mirror of
https://github.com/openbsd/src.git
synced 2025-01-10 06:47:55 -08:00
Convert ssl_parse_clienthello_use_srtp_ext to CBS.
ok miod@ jsing@
This commit is contained in:
doug
parent
5571deaaa3
commit
e5a389e3ea
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: d1_srtp.c,v 1.11 2014/12/14 15:30:50 jsing Exp $ */
|
||||
/* $OpenBSD: d1_srtp.c,v 1.12 2015/07/14 03:38:26 doug Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -123,9 +123,9 @@
|
||||
|
||||
#ifndef OPENSSL_NO_SRTP
|
||||
|
||||
#include "bytestring.h"
|
||||
#include "srtp.h"
|
||||
|
||||
|
||||
static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
|
||||
{
|
||||
"SRTP_AES128_CM_SHA1_80",
|
||||
@ -293,65 +293,48 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
|
||||
|
||||
|
||||
int
|
||||
ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
|
||||
ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
|
||||
int *al)
|
||||
{
|
||||
SRTP_PROTECTION_PROFILE *cprof, *sprof;
|
||||
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
|
||||
int ct;
|
||||
int mki_len;
|
||||
int i, j;
|
||||
int id;
|
||||
int ret = 1;
|
||||
uint16_t id;
|
||||
CBS cbs, ciphers, mki;
|
||||
|
||||
/* Length value + the MKI length */
|
||||
if (len < 3) {
|
||||
CBS_init(&cbs, d, len);
|
||||
|
||||
/* Pull off the cipher suite list */
|
||||
if (len < 0 ||
|
||||
!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
|
||||
CBS_len(&ciphers) % 2 ||
|
||||
CBS_len(&cbs) != 0) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Pull off the length of the cipher suite list */
|
||||
n2s(d, ct);
|
||||
len -= 2;
|
||||
|
||||
/* Check that it is even */
|
||||
if (ct % 2) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Check that lengths are consistent */
|
||||
if (len < (ct + 1)) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
||||
clnt = sk_SRTP_PROTECTION_PROFILE_new_null();
|
||||
|
||||
while (ct) {
|
||||
n2s(d, id);
|
||||
ct -= 2;
|
||||
len -= 2;
|
||||
|
||||
if (!find_profile_by_num(id, &cprof)) {
|
||||
sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
|
||||
} else {
|
||||
; /* Ignore */
|
||||
while (CBS_len(&ciphers) > 0) {
|
||||
if (!CBS_get_u16(&ciphers, &id)) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!find_profile_by_num(id, &cprof))
|
||||
sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
|
||||
else
|
||||
; /* Ignore */
|
||||
}
|
||||
|
||||
/* Extract the MKI value as a sanity check, but discard it for now. */
|
||||
mki_len = *d;
|
||||
d++;
|
||||
len--;
|
||||
|
||||
if (mki_len != len) {
|
||||
if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
|
||||
CBS_len(&cbs) != 0) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_MKI_VALUE);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: d1_srtp.c,v 1.11 2014/12/14 15:30:50 jsing Exp $ */
|
||||
/* $OpenBSD: d1_srtp.c,v 1.12 2015/07/14 03:38:26 doug Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -123,9 +123,9 @@
|
||||
|
||||
#ifndef OPENSSL_NO_SRTP
|
||||
|
||||
#include "bytestring.h"
|
||||
#include "srtp.h"
|
||||
|
||||
|
||||
static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
|
||||
{
|
||||
"SRTP_AES128_CM_SHA1_80",
|
||||
@ -293,65 +293,48 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
|
||||
|
||||
|
||||
int
|
||||
ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
|
||||
ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
|
||||
int *al)
|
||||
{
|
||||
SRTP_PROTECTION_PROFILE *cprof, *sprof;
|
||||
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
|
||||
int ct;
|
||||
int mki_len;
|
||||
int i, j;
|
||||
int id;
|
||||
int ret = 1;
|
||||
uint16_t id;
|
||||
CBS cbs, ciphers, mki;
|
||||
|
||||
/* Length value + the MKI length */
|
||||
if (len < 3) {
|
||||
CBS_init(&cbs, d, len);
|
||||
|
||||
/* Pull off the cipher suite list */
|
||||
if (len < 0 ||
|
||||
!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
|
||||
CBS_len(&ciphers) % 2 ||
|
||||
CBS_len(&cbs) != 0) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Pull off the length of the cipher suite list */
|
||||
n2s(d, ct);
|
||||
len -= 2;
|
||||
|
||||
/* Check that it is even */
|
||||
if (ct % 2) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Check that lengths are consistent */
|
||||
if (len < (ct + 1)) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
||||
clnt = sk_SRTP_PROTECTION_PROFILE_new_null();
|
||||
|
||||
while (ct) {
|
||||
n2s(d, id);
|
||||
ct -= 2;
|
||||
len -= 2;
|
||||
|
||||
if (!find_profile_by_num(id, &cprof)) {
|
||||
sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
|
||||
} else {
|
||||
; /* Ignore */
|
||||
while (CBS_len(&ciphers) > 0) {
|
||||
if (!CBS_get_u16(&ciphers, &id)) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!find_profile_by_num(id, &cprof))
|
||||
sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
|
||||
else
|
||||
; /* Ignore */
|
||||
}
|
||||
|
||||
/* Extract the MKI value as a sanity check, but discard it for now. */
|
||||
mki_len = *d;
|
||||
d++;
|
||||
len--;
|
||||
|
||||
if (mki_len != len) {
|
||||
if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
|
||||
CBS_len(&cbs) != 0) {
|
||||
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
|
||||
SSL_R_BAD_SRTP_MKI_VALUE);
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssl_locl.h,v 1.94 2015/06/28 00:08:27 doug Exp $ */
|
||||
/* $OpenBSD: ssl_locl.h,v 1.95 2015/07/14 03:38:26 doug Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -850,7 +850,7 @@ int tls1_check_ec_tmp_key(SSL *s);
|
||||
|
||||
int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
|
||||
int *len, int maxlen);
|
||||
int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d,
|
||||
int ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d,
|
||||
int len, int *al);
|
||||
int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
|
||||
int *len, int maxlen);
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssl_locl.h,v 1.94 2015/06/28 00:08:27 doug Exp $ */
|
||||
/* $OpenBSD: ssl_locl.h,v 1.95 2015/07/14 03:38:26 doug Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -850,7 +850,7 @@ int tls1_check_ec_tmp_key(SSL *s);
|
||||
|
||||
int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
|
||||
int *len, int maxlen);
|
||||
int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d,
|
||||
int ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d,
|
||||
int len, int *al);
|
||||
int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
|
||||
int *len, int maxlen);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user