mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
mbedtls_ssl_conf_alpn_protocols: declare list elements as const
This reflects the fact that the library will not modify the list, and allows the list to be read from a const buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
4
ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt
Normal file
4
ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
API changes
|
||||||
|
* The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared
|
||||||
|
as having const elements, reflecting the fact that the library will
|
||||||
|
not modify it
|
@ -1569,7 +1569,7 @@ struct mbedtls_ssl_config {
|
|||||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
|
const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||||
@ -4011,7 +4011,8 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl,
|
|||||||
*
|
*
|
||||||
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
|
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos);
|
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
|
||||||
|
const char *const *protos);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Get the name of the negotiated Application Layer Protocol.
|
* \brief Get the name of the negotiated Application Layer Protocol.
|
||||||
|
@ -141,7 +141,7 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
|
|||||||
* ProtocolName protocol_name_list<2..2^16-1>
|
* ProtocolName protocol_name_list<2..2^16-1>
|
||||||
* } ProtocolNameList;
|
* } ProtocolNameList;
|
||||||
*/
|
*/
|
||||||
for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
|
for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
|
||||||
/*
|
/*
|
||||||
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
|
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
|
||||||
* protocol names is less than 255.
|
* protocol names is less than 255.
|
||||||
|
@ -2534,10 +2534,11 @@ void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf,
|
|||||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
|
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
|
||||||
|
const char *const *protos)
|
||||||
{
|
{
|
||||||
size_t cur_len, tot_len;
|
size_t cur_len, tot_len;
|
||||||
const char **p;
|
const char *const *p;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
|
* RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
|
||||||
@ -5111,7 +5112,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
|
|||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
{
|
{
|
||||||
uint8_t alpn_len;
|
uint8_t alpn_len;
|
||||||
const char **cur;
|
const char *const *cur;
|
||||||
|
|
||||||
if ((size_t) (end - p) < 1) {
|
if ((size_t) (end - p) < 1) {
|
||||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||||
@ -8547,7 +8548,7 @@ int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Use our order of preference */
|
/* Use our order of preference */
|
||||||
for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
|
for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
|
||||||
size_t const alpn_len = strlen(*alpn);
|
size_t const alpn_len = strlen(*alpn);
|
||||||
p = protocol_name_list;
|
p = protocol_name_list;
|
||||||
while (p < protocol_name_list_end) {
|
while (p < protocol_name_list_end) {
|
||||||
|
@ -869,7 +869,7 @@ static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
|
|||||||
const unsigned char *buf, size_t len)
|
const unsigned char *buf, size_t len)
|
||||||
{
|
{
|
||||||
size_t list_len, name_len;
|
size_t list_len, name_len;
|
||||||
const char **p;
|
const char *const *p;
|
||||||
|
|
||||||
/* If we didn't send it, the server shouldn't send it */
|
/* If we didn't send it, the server shouldn't send it */
|
||||||
if (ssl->conf->alpn_list == NULL) {
|
if (ssl->conf->alpn_list == NULL) {
|
||||||
|
@ -158,7 +158,7 @@ static int ssl_tls13_parse_alpn_ext(mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
/* Check that the server chosen protocol was in our list and save it */
|
/* Check that the server chosen protocol was in our list and save it */
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len);
|
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len);
|
||||||
for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
|
for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
|
||||||
if (protocol_name_len == strlen(*alpn) &&
|
if (protocol_name_len == strlen(*alpn) &&
|
||||||
memcmp(p, *alpn, protocol_name_len) == 0) {
|
memcmp(p, *alpn, protocol_name_len) == 0) {
|
||||||
ssl->alpn_chosen = *alpn;
|
ssl->alpn_chosen = *alpn;
|
||||||
|
Reference in New Issue
Block a user