1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00

mbedtls_ssl_conf_alpn_protocols: declare list elements as const

This reflects the fact that the library will not modify the list, and allows
the list to be read from a const buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2025-05-27 19:45:29 +02:00
parent 2744a43977
commit c4949d1426
6 changed files with 15 additions and 9 deletions

View File

@ -0,0 +1,4 @@
API changes
* The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared
as having const elements, reflecting the fact that the library will
not modify it

View File

@ -1569,7 +1569,7 @@ struct mbedtls_ssl_config {
#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
@ -4011,7 +4011,8 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl,
* *
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/ */
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos); int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
const char *const *protos);
/** /**
* \brief Get the name of the negotiated Application Layer Protocol. * \brief Get the name of the negotiated Application Layer Protocol.

View File

@ -141,7 +141,7 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
* ProtocolName protocol_name_list<2..2^16-1> * ProtocolName protocol_name_list<2..2^16-1>
* } ProtocolNameList; * } ProtocolNameList;
*/ */
for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) { for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
/* /*
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
* protocol names is less than 255. * protocol names is less than 255.

View File

@ -2534,10 +2534,11 @@ void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf,
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
const char *const *protos)
{ {
size_t cur_len, tot_len; size_t cur_len, tot_len;
const char **p; const char *const *p;
/* /*
* RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
@ -5111,7 +5112,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
{ {
uint8_t alpn_len; uint8_t alpn_len;
const char **cur; const char *const *cur;
if ((size_t) (end - p) < 1) { if ((size_t) (end - p) < 1) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@ -8547,7 +8548,7 @@ int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
} }
/* Use our order of preference */ /* Use our order of preference */
for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
size_t const alpn_len = strlen(*alpn); size_t const alpn_len = strlen(*alpn);
p = protocol_name_list; p = protocol_name_list;
while (p < protocol_name_list_end) { while (p < protocol_name_list_end) {

View File

@ -869,7 +869,7 @@ static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len) const unsigned char *buf, size_t len)
{ {
size_t list_len, name_len; size_t list_len, name_len;
const char **p; const char *const *p;
/* If we didn't send it, the server shouldn't send it */ /* If we didn't send it, the server shouldn't send it */
if (ssl->conf->alpn_list == NULL) { if (ssl->conf->alpn_list == NULL) {

View File

@ -158,7 +158,7 @@ static int ssl_tls13_parse_alpn_ext(mbedtls_ssl_context *ssl,
/* Check that the server chosen protocol was in our list and save it */ /* Check that the server chosen protocol was in our list and save it */
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len); MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len);
for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
if (protocol_name_len == strlen(*alpn) && if (protocol_name_len == strlen(*alpn) &&
memcmp(p, *alpn, protocol_name_len) == 0) { memcmp(p, *alpn, protocol_name_len) == 0) {
ssl->alpn_chosen = *alpn; ssl->alpn_chosen = *alpn;