Convert ssl_parse_clienthello_use_srtp_ext to CBS.

ok miod@ jsing@

2 files changed, 25 insertions, 42 deletions

diff --git a/lib/libssl/src/ssl/d1_srtp.c b/lib/libssl/src/ssl/d1_srtp.c
index 7c426f1145a..801eab1b76f 100644
--- a/lib/libssl/src/ssl/d1_srtp.c
+++ b/lib/libssl/src/ssl/d1_srtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srtp.c,v 1.11 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: d1_srtp.c,v 1.12 2015/07/14 03:38:26 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -123,9 +123,9 @@
 
 #ifndef OPENSSL_NO_SRTP
 
+#include "bytestring.h"
 #include "srtp.h"
 
-
 static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
 	{
 		"SRTP_AES128_CM_SHA1_80",
@@ -293,65 +293,48 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
 
 
 int
-ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
+ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
+    int *al)
 {
 	SRTP_PROTECTION_PROFILE *cprof, *sprof;
 	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
-	int ct;
-	int mki_len;
 	int i, j;
-	int id;
 	int ret = 1;
+	uint16_t id;
+	CBS cbs, ciphers, mki;
 
-	/* Length value + the MKI length */
-	if (len < 3) {
-		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
-		    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-		*al = SSL_AD_DECODE_ERROR;
-		goto done;
-	}
-
-	/* Pull off the length of the cipher suite list */
-	n2s(d, ct);
-	len -= 2;
-
-	/* Check that it is even */
-	if (ct % 2) {
-		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
-		    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-		*al = SSL_AD_DECODE_ERROR;
-		goto done;
-	}
+	CBS_init(&cbs, d, len);
 
-	/* Check that lengths are consistent */
-	if (len < (ct + 1)) {
+	/* Pull off the cipher suite list */
+	if (len < 0 ||
+	    !CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
+	    CBS_len(&ciphers) % 2 ||
+	    CBS_len(&cbs) != 0) {
 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
 		    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 		*al = SSL_AD_DECODE_ERROR;
 		goto done;
 	}
 
-
 	clnt = sk_SRTP_PROTECTION_PROFILE_new_null();
 
-	while (ct) {
-		n2s(d, id);
-		ct -= 2;
-		len -= 2;
+	while (CBS_len(&ciphers) > 0) {
+		if (!CBS_get_u16(&ciphers, &id)) {
+			SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+			    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+			*al = SSL_AD_DECODE_ERROR;
+			goto done;
+		}
 
-		if (!find_profile_by_num(id, &cprof)) {
+		if (!find_profile_by_num(id, &cprof))
 			sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
-		} else {
+		else
 			; /* Ignore */
-		}
 	}
 
 	/* Extract the MKI value as a sanity check, but discard it for now. */
-	mki_len = *d;
-	d++;
-	len--;
-
-	if (mki_len != len) {
+	if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
+	    CBS_len(&cbs) != 0) {
 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
 		    SSL_R_BAD_SRTP_MKI_VALUE);
 		*al = SSL_AD_DECODE_ERROR;
diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 8116bfddfae..0056daa1555 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.94 2015/06/28 00:08:27 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.95 2015/07/14 03:38:26 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -850,7 +850,7 @@ int tls1_check_ec_tmp_key(SSL *s);
 
 int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
     int *len, int maxlen);
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d,
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d,
     int len, int *al);
 int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
     int *len, int maxlen);