Convert ssl_next_proto_validate to CBS.

ok miod@, tweak + ok jsing@
author: doug <> 2015-06-17 07:52:22 +0000
committer: doug <> 2015-06-17 07:52:22 +0000
commit: 809e2d4354c87ca02f3ab6c09ddf6ae12b24c444 (patch)
tree: 793174392fb7dde0c9035b6cb51ae04b19c11427 /src/lib
parent: d4871df416e2cd7b2756dfcfa82b55261b722b0b (diff)
download: openbsd-809e2d4354c87ca02f3ab6c09ddf6ae12b24c444.tar.gz
openbsd-809e2d4354c87ca02f3ab6c09ddf6ae12b24c444.tar.bz2
openbsd-809e2d4354c87ca02f3ab6c09ddf6ae12b24c444.zip
2 files changed, 24 insertions, 22 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 145ebf2791..fd423a9135 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.76 2015/06/17 07:36:30 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.77 2015/06/17 07:52:22 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1672,22 +1672,23 @@ ri_check:
        return 1;
 }
-/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
+/*
+ * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
 * elements of zero length are allowed and the set of elements must exactly fill
- * the length of the block. */
+ * the length of the block.
+ */
 static char
-ssl_next_proto_validate(unsigned char *d, unsigned len)
+ssl_next_proto_validate(const unsigned char *d, unsigned int len)
 {
-        unsigned int off = 0;
+        CBS npn, value;
-        while (off < len) {
+        CBS_init(&npn, d, len);
-                if (d[off] == 0)
+        while (CBS_len(&npn) > 0) {
+                if (!CBS_get_u8_length_prefixed(&npn, &value) ||
+                    CBS_len(&value) == 0)
                        return 0;
-                off += d[off];
-                off++;
        }
+        return 1;
-        return off == len;
 }
 int
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 145ebf2791..fd423a9135 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.76 2015/06/17 07:36:30 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.77 2015/06/17 07:52:22 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1672,22 +1672,23 @@ ri_check:
        return 1;
 }
-/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
+/*
+ * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
 * elements of zero length are allowed and the set of elements must exactly fill
- * the length of the block. */
+ * the length of the block.
+ */
 static char
-ssl_next_proto_validate(unsigned char *d, unsigned len)
+ssl_next_proto_validate(const unsigned char *d, unsigned int len)
 {
-        unsigned int off = 0;
+        CBS npn, value;
-        while (off < len) {
+        CBS_init(&npn, d, len);
-                if (d[off] == 0)
+        while (CBS_len(&npn) > 0) {
+                if (!CBS_get_u8_length_prefixed(&npn, &value) ||
+                    CBS_len(&value) == 0)
                        return 0;
-                off += d[off];
-                off++;
        }
+        return 1;
-        return off == len;
 }
 int
author	doug <>	2015-06-17 07:52:22 +0000
committer	doug <>	2015-06-17 07:52:22 +0000
commit	809e2d4354c87ca02f3ab6c09ddf6ae12b24c444 (patch)
tree	793174392fb7dde0c9035b6cb51ae04b19c11427 /src/lib
parent	d4871df416e2cd7b2756dfcfa82b55261b722b0b (diff)
download	openbsd-809e2d4354c87ca02f3ab6c09ddf6ae12b24c444.tar.gz openbsd-809e2d4354c87ca02f3ab6c09ddf6ae12b24c444.tar.bz2 openbsd-809e2d4354c87ca02f3ab6c09ddf6ae12b24c444.zip

diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 145ebf2791..fd423a9135 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.76 2015/06/17 07:36:30 doug Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.77 2015/06/17 07:52:22 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1672,22 +1672,23 @@ ri_check:
1672	return 1;	1672	return 1;
1673	}	1673	}
1674		1674
1675	/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No	1675	/*
		1676	* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
1676	* elements of zero length are allowed and the set of elements must exactly fill	1677	* elements of zero length are allowed and the set of elements must exactly fill
1677	* the length of the block. */	1678	* the length of the block.
		1679	*/
1678	static char	1680	static char
1679	ssl_next_proto_validate(unsigned char *d, unsigned len)	1681	ssl_next_proto_validate(const unsigned char *d, unsigned int len)
1680	{	1682	{
1681	unsigned int off = 0;	1683	CBS npn, value;
1682		1684
1683	while (off < len) {	1685	CBS_init(&npn, d, len);
1684	if (d[off] == 0)	1686	while (CBS_len(&npn) > 0) {
		1687	if (!CBS_get_u8_length_prefixed(&npn, &value) \|\|
		1688	CBS_len(&value) == 0)
1685	return 0;	1689	return 0;
1686	off += d[off];
1687	off++;
1688	}	1690	}
1689		1691	return 1;
1690	return off == len;
1691	}	1692	}
1692		1693
1693	int	1694	int


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 145ebf2791..fd423a9135 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.76 2015/06/17 07:36:30 doug Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.77 2015/06/17 07:52:22 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1672,22 +1672,23 @@ ri_check:
1672	return 1;	1672	return 1;
1673	}	1673	}
1674		1674
1675	/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No	1675	/*
		1676	* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
1676	* elements of zero length are allowed and the set of elements must exactly fill	1677	* elements of zero length are allowed and the set of elements must exactly fill
1677	* the length of the block. */	1678	* the length of the block.
		1679	*/
1678	static char	1680	static char
1679	ssl_next_proto_validate(unsigned char *d, unsigned len)	1681	ssl_next_proto_validate(const unsigned char *d, unsigned int len)
1680	{	1682	{
1681	unsigned int off = 0;	1683	CBS npn, value;
1682		1684
1683	while (off < len) {	1685	CBS_init(&npn, d, len);
1684	if (d[off] == 0)	1686	while (CBS_len(&npn) > 0) {
		1687	if (!CBS_get_u8_length_prefixed(&npn, &value) \|\|
		1688	CBS_len(&value) == 0)
1685	return 0;	1689	return 0;
1686	off += d[off];
1687	off++;
1688	}	1690	}
1689		1691	return 1;
1690	return off == len;
1691	}	1692	}
1692		1693
1693	int	1694	int