summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-06-29 12:25:47 +0000
committerjsing <>2014-06-29 12:25:47 +0000
commita42397a16a85bdf807c91b71a48aa51cd4dda0cf (patch)
treed53ca0e147e1a5d3b5daedb930f0dbdbcf0377c2
parentd911dabb7612c190534926f7712219cb024885c8 (diff)
downloadopenbsd-a42397a16a85bdf807c91b71a48aa51cd4dda0cf.tar.gz
openbsd-a42397a16a85bdf807c91b71a48aa51cd4dda0cf.tar.bz2
openbsd-a42397a16a85bdf807c91b71a48aa51cd4dda0cf.zip
More KNF.
Diffstat
-rw-r--r--src/lib/libssl/d1_srtp.c81
-rw-r--r--src/lib/libssl/src/ssl/d1_srtp.c81
2 files changed, 98 insertions, 64 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 4a9a6b2ea8..c39cb95f19 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srtp.c,v 1.6 2014/06/28 18:05:27 logan Exp $ */ 1/* $OpenBSD: d1_srtp.c,v 1.7 2014/06/29 12:25:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -124,7 +124,7 @@
124#include "srtp.h" 124#include "srtp.h"
125 125
126 126
127static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= { 127static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
128 { 128 {
129 "SRTP_AES128_CM_SHA1_80", 129 "SRTP_AES128_CM_SHA1_80",
130 SRTP_AES128_CM_SHA1_80, 130 SRTP_AES128_CM_SHA1_80,
@@ -185,7 +185,8 @@ ssl_ctx_make_profiles(const char *profiles_string,
185 SRTP_PROTECTION_PROFILE *p; 185 SRTP_PROTECTION_PROFILE *p;
186 186
187 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { 187 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
188 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 188 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
189 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
189 return 1; 190 return 1;
190 } 191 }
191 192
@@ -196,14 +197,15 @@ ssl_ctx_make_profiles(const char *profiles_string,
196 col ? col - ptr : (int)strlen(ptr))) { 197 col ? col - ptr : (int)strlen(ptr))) {
197 sk_SRTP_PROTECTION_PROFILE_push(profiles, p); 198 sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
198 } else { 199 } else {
199 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); 200 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
201 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
200 sk_SRTP_PROTECTION_PROFILE_free(profiles); 202 sk_SRTP_PROTECTION_PROFILE_free(profiles);
201 return 1; 203 return 1;
202 } 204 }
203 205
204 if (col) 206 if (col)
205 ptr = col + 1; 207 ptr = col + 1;
206 } while (col); 208 } while (col);
207 209
208 *out = profiles; 210 *out = profiles;
209 211
@@ -260,12 +262,14 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
260 262
261 if (p) { 263 if (p) {
262 if (ct == 0) { 264 if (ct == 0) {
263 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); 265 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
266 SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
264 return 1; 267 return 1;
265 } 268 }
266 269
267 if ((2 + ct * 2 + 1) > maxlen) { 270 if ((2 + ct * 2 + 1) > maxlen) {
268 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 271 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
272 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
269 return 1; 273 return 1;
270 } 274 }
271 275
@@ -299,7 +303,8 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
299 303
300 /* Length value + the MKI length */ 304 /* Length value + the MKI length */
301 if (len < 3) { 305 if (len < 3) {
302 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 306 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
307 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
303 *al = SSL_AD_DECODE_ERROR; 308 *al = SSL_AD_DECODE_ERROR;
304 return 1; 309 return 1;
305 } 310 }
@@ -310,14 +315,16 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
310 315
311 /* Check that it is even */ 316 /* Check that it is even */
312 if (ct % 2) { 317 if (ct % 2) {
313 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 318 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
319 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
314 *al = SSL_AD_DECODE_ERROR; 320 *al = SSL_AD_DECODE_ERROR;
315 return 1; 321 return 1;
316 } 322 }
317 323
318 /* Check that lengths are consistent */ 324 /* Check that lengths are consistent */
319 if (len < (ct + 1)) { 325 if (len < (ct + 1)) {
320 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 326 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
327 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
321 *al = SSL_AD_DECODE_ERROR; 328 *al = SSL_AD_DECODE_ERROR;
322 return 1; 329 return 1;
323 } 330 }
@@ -337,13 +344,14 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
337 } 344 }
338 } 345 }
339 346
340 /* Now extract the MKI value as a sanity check, but discard it for now */ 347 /* Extract the MKI value as a sanity check, but discard it for now. */
341 mki_len = *d; 348 mki_len = *d;
342 d++; 349 d++;
343 len--; 350 len--;
344 351
345 if (mki_len != len) { 352 if (mki_len != len) {
346 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE); 353 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
354 SSL_R_BAD_SRTP_MKI_VALUE);
347 *al = SSL_AD_DECODE_ERROR; 355 *al = SSL_AD_DECODE_ERROR;
348 sk_SRTP_PROTECTION_PROFILE_free(clnt); 356 sk_SRTP_PROTECTION_PROFILE_free(clnt);
349 return 1; 357 return 1;
@@ -351,10 +359,12 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
351 359
352 srvr = SSL_get_srtp_profiles(s); 360 srvr = SSL_get_srtp_profiles(s);
353 361
354 /* Pick our most preferred profile. If no profiles have been 362 /*
355 configured then the outer loop doesn't run 363 * Pick our most preferred profile. If no profiles have been
356 (sk_SRTP_PROTECTION_PROFILE_num() = -1) 364 * configured then the outer loop doesn't run
357 and so we just return without doing anything */ 365 * (sk_SRTP_PROTECTION_PROFILE_num() = -1)
366 * and so we just return without doing anything.
367 */
358 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) { 368 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
359 sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); 369 sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
360 370
@@ -384,12 +394,14 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
384{ 394{
385 if (p) { 395 if (p) {
386 if (maxlen < 5) { 396 if (maxlen < 5) {
387 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 397 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
398 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
388 return 1; 399 return 1;
389 } 400 }
390 401
391 if (s->srtp_profile == 0) { 402 if (s->srtp_profile == 0) {
392 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_USE_SRTP_NOT_NEGOTIATED); 403 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
404 SSL_R_USE_SRTP_NOT_NEGOTIATED);
393 return 1; 405 return 1;
394 } 406 }
395 s2n(2, p); 407 s2n(2, p);
@@ -405,46 +417,50 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
405int 417int
406ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) 418ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
407{ 419{
420 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
421 SRTP_PROTECTION_PROFILE *prof;
408 unsigned id; 422 unsigned id;
409 int i; 423 int i;
410 int ct; 424 int ct;
411 425
412 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
413 SRTP_PROTECTION_PROFILE *prof;
414
415 if (len != 5) { 426 if (len != 5) {
416 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 427 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
428 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
417 *al = SSL_AD_DECODE_ERROR; 429 *al = SSL_AD_DECODE_ERROR;
418 return 1; 430 return 1;
419 } 431 }
420 432
421 n2s(d, ct); 433 n2s(d, ct);
422 if (ct != 2) { 434 if (ct != 2) {
423 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 435 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
436 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
424 *al = SSL_AD_DECODE_ERROR; 437 *al = SSL_AD_DECODE_ERROR;
425 return 1; 438 return 1;
426 } 439 }
427 440
428 n2s(d, id); 441 n2s(d, id);
429 if (*d) /* Must be no MKI, since we never offer one */ 442 if (*d) {
430 { 443 /* Must be no MKI, since we never offer one. */
431 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE); 444 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
445 SSL_R_BAD_SRTP_MKI_VALUE);
432 *al = SSL_AD_ILLEGAL_PARAMETER; 446 *al = SSL_AD_ILLEGAL_PARAMETER;
433 return 1; 447 return 1;
434 } 448 }
435 449
436 clnt = SSL_get_srtp_profiles(s); 450 clnt = SSL_get_srtp_profiles(s);
437 451
438 /* Throw an error if the server gave us an unsolicited extension */ 452 /* Throw an error if the server gave us an unsolicited extension. */
439 if (clnt == NULL) { 453 if (clnt == NULL) {
440 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_NO_SRTP_PROFILES); 454 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
455 SSL_R_NO_SRTP_PROFILES);
441 *al = SSL_AD_DECODE_ERROR; 456 *al = SSL_AD_DECODE_ERROR;
442 return 1; 457 return 1;
443 } 458 }
444 459
445 /* Check to see if the server gave us something we support 460 /*
446 (and presumably offered) 461 * Check to see if the server gave us something we support
447 */ 462 * (and presumably offered).
463 */
448 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { 464 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
449 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); 465 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
450 466
@@ -455,7 +471,8 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
455 } 471 }
456 } 472 }
457 473
458 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 474 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
475 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
459 *al = SSL_AD_DECODE_ERROR; 476 *al = SSL_AD_DECODE_ERROR;
460 return 1; 477 return 1;
461} 478}
diff --git a/src/lib/libssl/src/ssl/d1_srtp.c b/src/lib/libssl/src/ssl/d1_srtp.c
index 4a9a6b2ea8..c39cb95f19 100644
--- a/src/lib/libssl/src/ssl/d1_srtp.c
+++ b/src/lib/libssl/src/ssl/d1_srtp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srtp.c,v 1.6 2014/06/28 18:05:27 logan Exp $ */ 1/* $OpenBSD: d1_srtp.c,v 1.7 2014/06/29 12:25:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -124,7 +124,7 @@
124#include "srtp.h" 124#include "srtp.h"
125 125
126 126
127static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= { 127static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
128 { 128 {
129 "SRTP_AES128_CM_SHA1_80", 129 "SRTP_AES128_CM_SHA1_80",
130 SRTP_AES128_CM_SHA1_80, 130 SRTP_AES128_CM_SHA1_80,
@@ -185,7 +185,8 @@ ssl_ctx_make_profiles(const char *profiles_string,
185 SRTP_PROTECTION_PROFILE *p; 185 SRTP_PROTECTION_PROFILE *p;
186 186
187 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { 187 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
188 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 188 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
189 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
189 return 1; 190 return 1;
190 } 191 }
191 192
@@ -196,14 +197,15 @@ ssl_ctx_make_profiles(const char *profiles_string,
196 col ? col - ptr : (int)strlen(ptr))) { 197 col ? col - ptr : (int)strlen(ptr))) {
197 sk_SRTP_PROTECTION_PROFILE_push(profiles, p); 198 sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
198 } else { 199 } else {
199 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); 200 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
201 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
200 sk_SRTP_PROTECTION_PROFILE_free(profiles); 202 sk_SRTP_PROTECTION_PROFILE_free(profiles);
201 return 1; 203 return 1;
202 } 204 }
203 205
204 if (col) 206 if (col)
205 ptr = col + 1; 207 ptr = col + 1;
206 } while (col); 208 } while (col);
207 209
208 *out = profiles; 210 *out = profiles;
209 211
@@ -260,12 +262,14 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
260 262
261 if (p) { 263 if (p) {
262 if (ct == 0) { 264 if (ct == 0) {
263 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); 265 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
266 SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
264 return 1; 267 return 1;
265 } 268 }
266 269
267 if ((2 + ct * 2 + 1) > maxlen) { 270 if ((2 + ct * 2 + 1) > maxlen) {
268 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 271 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
272 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
269 return 1; 273 return 1;
270 } 274 }
271 275
@@ -299,7 +303,8 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
299 303
300 /* Length value + the MKI length */ 304 /* Length value + the MKI length */
301 if (len < 3) { 305 if (len < 3) {
302 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 306 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
307 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
303 *al = SSL_AD_DECODE_ERROR; 308 *al = SSL_AD_DECODE_ERROR;
304 return 1; 309 return 1;
305 } 310 }
@@ -310,14 +315,16 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
310 315
311 /* Check that it is even */ 316 /* Check that it is even */
312 if (ct % 2) { 317 if (ct % 2) {
313 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 318 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
319 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
314 *al = SSL_AD_DECODE_ERROR; 320 *al = SSL_AD_DECODE_ERROR;
315 return 1; 321 return 1;
316 } 322 }
317 323
318 /* Check that lengths are consistent */ 324 /* Check that lengths are consistent */
319 if (len < (ct + 1)) { 325 if (len < (ct + 1)) {
320 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 326 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
327 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
321 *al = SSL_AD_DECODE_ERROR; 328 *al = SSL_AD_DECODE_ERROR;
322 return 1; 329 return 1;
323 } 330 }
@@ -337,13 +344,14 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
337 } 344 }
338 } 345 }
339 346
340 /* Now extract the MKI value as a sanity check, but discard it for now */ 347 /* Extract the MKI value as a sanity check, but discard it for now. */
341 mki_len = *d; 348 mki_len = *d;
342 d++; 349 d++;
343 len--; 350 len--;
344 351
345 if (mki_len != len) { 352 if (mki_len != len) {
346 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE); 353 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
354 SSL_R_BAD_SRTP_MKI_VALUE);
347 *al = SSL_AD_DECODE_ERROR; 355 *al = SSL_AD_DECODE_ERROR;
348 sk_SRTP_PROTECTION_PROFILE_free(clnt); 356 sk_SRTP_PROTECTION_PROFILE_free(clnt);
349 return 1; 357 return 1;
@@ -351,10 +359,12 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
351 359
352 srvr = SSL_get_srtp_profiles(s); 360 srvr = SSL_get_srtp_profiles(s);
353 361
354 /* Pick our most preferred profile. If no profiles have been 362 /*
355 configured then the outer loop doesn't run 363 * Pick our most preferred profile. If no profiles have been
356 (sk_SRTP_PROTECTION_PROFILE_num() = -1) 364 * configured then the outer loop doesn't run
357 and so we just return without doing anything */ 365 * (sk_SRTP_PROTECTION_PROFILE_num() = -1)
366 * and so we just return without doing anything.
367 */
358 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) { 368 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
359 sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); 369 sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
360 370
@@ -384,12 +394,14 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
384{ 394{
385 if (p) { 395 if (p) {
386 if (maxlen < 5) { 396 if (maxlen < 5) {
387 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 397 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
398 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
388 return 1; 399 return 1;
389 } 400 }
390 401
391 if (s->srtp_profile == 0) { 402 if (s->srtp_profile == 0) {
392 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_USE_SRTP_NOT_NEGOTIATED); 403 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
404 SSL_R_USE_SRTP_NOT_NEGOTIATED);
393 return 1; 405 return 1;
394 } 406 }
395 s2n(2, p); 407 s2n(2, p);
@@ -405,46 +417,50 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
405int 417int
406ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) 418ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
407{ 419{
420 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
421 SRTP_PROTECTION_PROFILE *prof;
408 unsigned id; 422 unsigned id;
409 int i; 423 int i;
410 int ct; 424 int ct;
411 425
412 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
413 SRTP_PROTECTION_PROFILE *prof;
414
415 if (len != 5) { 426 if (len != 5) {
416 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 427 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
428 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
417 *al = SSL_AD_DECODE_ERROR; 429 *al = SSL_AD_DECODE_ERROR;
418 return 1; 430 return 1;
419 } 431 }
420 432
421 n2s(d, ct); 433 n2s(d, ct);
422 if (ct != 2) { 434 if (ct != 2) {
423 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 435 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
436 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
424 *al = SSL_AD_DECODE_ERROR; 437 *al = SSL_AD_DECODE_ERROR;
425 return 1; 438 return 1;
426 } 439 }
427 440
428 n2s(d, id); 441 n2s(d, id);
429 if (*d) /* Must be no MKI, since we never offer one */ 442 if (*d) {
430 { 443 /* Must be no MKI, since we never offer one. */
431 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE); 444 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
445 SSL_R_BAD_SRTP_MKI_VALUE);
432 *al = SSL_AD_ILLEGAL_PARAMETER; 446 *al = SSL_AD_ILLEGAL_PARAMETER;
433 return 1; 447 return 1;
434 } 448 }
435 449
436 clnt = SSL_get_srtp_profiles(s); 450 clnt = SSL_get_srtp_profiles(s);
437 451
438 /* Throw an error if the server gave us an unsolicited extension */ 452 /* Throw an error if the server gave us an unsolicited extension. */
439 if (clnt == NULL) { 453 if (clnt == NULL) {
440 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_NO_SRTP_PROFILES); 454 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
455 SSL_R_NO_SRTP_PROFILES);
441 *al = SSL_AD_DECODE_ERROR; 456 *al = SSL_AD_DECODE_ERROR;
442 return 1; 457 return 1;
443 } 458 }
444 459
445 /* Check to see if the server gave us something we support 460 /*
446 (and presumably offered) 461 * Check to see if the server gave us something we support
447 */ 462 * (and presumably offered).
463 */
448 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { 464 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
449 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); 465 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
450 466
@@ -455,7 +471,8 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al)
455 } 471 }
456 } 472 }
457 473
458 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 474 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
475 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
459 *al = SSL_AD_DECODE_ERROR; 476 *al = SSL_AD_DECODE_ERROR;
460 return 1; 477 return 1;
461} 478}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 16:20:57 +0000