diff options
| author | djm <> | 2012-10-13 21:23:50 +0000 |
|---|---|---|
| committer | djm <> | 2012-10-13 21:23:50 +0000 |
| commit | 228cae30b117c2493f69ad3c195341cd6ec8d430 (patch) | |
| tree | 29ff00b10d52c0978077c4fd83c33b065bade73e /src/lib/libssl/d1_srtp.c | |
| parent | 731838c66b52c0ae5888333005b74115a620aa96 (diff) | |
| download | openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.gz openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.bz2 openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.zip | |
import OpenSSL-1.0.1c
Diffstat (limited to 'src/lib/libssl/d1_srtp.c')
| -rw-r--r-- | src/lib/libssl/d1_srtp.c | 493 |
1 files changed, 493 insertions, 0 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c new file mode 100644 index 0000000000..928935bd8b --- /dev/null +++ b/src/lib/libssl/d1_srtp.c | |||
| @@ -0,0 +1,493 @@ | |||
| 1 | /* ssl/t1_lib.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* | ||
| 112 | DTLS code by Eric Rescorla <ekr@rtfm.com> | ||
| 113 | |||
| 114 | Copyright (C) 2006, Network Resonance, Inc. | ||
| 115 | Copyright (C) 2011, RTFM, Inc. | ||
| 116 | */ | ||
| 117 | |||
| 118 | #ifndef OPENSSL_NO_SRTP | ||
| 119 | |||
| 120 | #include <stdio.h> | ||
| 121 | #include <openssl/objects.h> | ||
| 122 | #include "ssl_locl.h" | ||
| 123 | #include "srtp.h" | ||
| 124 | |||
| 125 | |||
| 126 | static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= | ||
| 127 | { | ||
| 128 | { | ||
| 129 | "SRTP_AES128_CM_SHA1_80", | ||
| 130 | SRTP_AES128_CM_SHA1_80, | ||
| 131 | }, | ||
| 132 | { | ||
| 133 | "SRTP_AES128_CM_SHA1_32", | ||
| 134 | SRTP_AES128_CM_SHA1_32, | ||
| 135 | }, | ||
| 136 | #if 0 | ||
| 137 | { | ||
| 138 | "SRTP_NULL_SHA1_80", | ||
| 139 | SRTP_NULL_SHA1_80, | ||
| 140 | }, | ||
| 141 | { | ||
| 142 | "SRTP_NULL_SHA1_32", | ||
| 143 | SRTP_NULL_SHA1_32, | ||
| 144 | }, | ||
| 145 | #endif | ||
| 146 | {0} | ||
| 147 | }; | ||
| 148 | |||
| 149 | static int find_profile_by_name(char *profile_name, | ||
| 150 | SRTP_PROTECTION_PROFILE **pptr,unsigned len) | ||
| 151 | { | ||
| 152 | SRTP_PROTECTION_PROFILE *p; | ||
| 153 | |||
| 154 | p=srtp_known_profiles; | ||
| 155 | while(p->name) | ||
| 156 | { | ||
| 157 | if((len == strlen(p->name)) && !strncmp(p->name,profile_name, | ||
| 158 | len)) | ||
| 159 | { | ||
| 160 | *pptr=p; | ||
| 161 | return 0; | ||
| 162 | } | ||
| 163 | |||
| 164 | p++; | ||
| 165 | } | ||
| 166 | |||
| 167 | return 1; | ||
| 168 | } | ||
| 169 | |||
| 170 | static int find_profile_by_num(unsigned profile_num, | ||
| 171 | SRTP_PROTECTION_PROFILE **pptr) | ||
| 172 | { | ||
| 173 | SRTP_PROTECTION_PROFILE *p; | ||
| 174 | |||
| 175 | p=srtp_known_profiles; | ||
| 176 | while(p->name) | ||
| 177 | { | ||
| 178 | if(p->id == profile_num) | ||
| 179 | { | ||
| 180 | *pptr=p; | ||
| 181 | return 0; | ||
| 182 | } | ||
| 183 | p++; | ||
| 184 | } | ||
| 185 | |||
| 186 | return 1; | ||
| 187 | } | ||
| 188 | |||
| 189 | static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) | ||
| 190 | { | ||
| 191 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; | ||
| 192 | |||
| 193 | char *col; | ||
| 194 | char *ptr=(char *)profiles_string; | ||
| 195 | |||
| 196 | SRTP_PROTECTION_PROFILE *p; | ||
| 197 | |||
| 198 | if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null())) | ||
| 199 | { | ||
| 200 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); | ||
| 201 | return 1; | ||
| 202 | } | ||
| 203 | |||
| 204 | do | ||
| 205 | { | ||
| 206 | col=strchr(ptr,':'); | ||
| 207 | |||
| 208 | if(!find_profile_by_name(ptr,&p, | ||
| 209 | col ? col-ptr : (int)strlen(ptr))) | ||
| 210 | { | ||
| 211 | sk_SRTP_PROTECTION_PROFILE_push(profiles,p); | ||
| 212 | } | ||
| 213 | else | ||
| 214 | { | ||
| 215 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); | ||
| 216 | return 1; | ||
| 217 | } | ||
| 218 | |||
| 219 | if(col) ptr=col+1; | ||
| 220 | } while (col); | ||
| 221 | |||
| 222 | *out=profiles; | ||
| 223 | |||
| 224 | return 0; | ||
| 225 | } | ||
| 226 | |||
| 227 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) | ||
| 228 | { | ||
| 229 | return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles); | ||
| 230 | } | ||
| 231 | |||
| 232 | int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) | ||
| 233 | { | ||
| 234 | return ssl_ctx_make_profiles(profiles,&s->srtp_profiles); | ||
| 235 | } | ||
| 236 | |||
| 237 | |||
| 238 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) | ||
| 239 | { | ||
| 240 | if(s != NULL) | ||
| 241 | { | ||
| 242 | if(s->srtp_profiles != NULL) | ||
| 243 | { | ||
| 244 | return s->srtp_profiles; | ||
| 245 | } | ||
| 246 | else if((s->ctx != NULL) && | ||
| 247 | (s->ctx->srtp_profiles != NULL)) | ||
| 248 | { | ||
| 249 | return s->ctx->srtp_profiles; | ||
| 250 | } | ||
| 251 | } | ||
| 252 | |||
| 253 | return NULL; | ||
| 254 | } | ||
| 255 | |||
| 256 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) | ||
| 257 | { | ||
| 258 | return s->srtp_profile; | ||
| 259 | } | ||
| 260 | |||
| 261 | /* Note: this function returns 0 length if there are no | ||
| 262 | profiles specified */ | ||
| 263 | int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) | ||
| 264 | { | ||
| 265 | int ct=0; | ||
| 266 | int i; | ||
| 267 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0; | ||
| 268 | SRTP_PROTECTION_PROFILE *prof; | ||
| 269 | |||
| 270 | clnt=SSL_get_srtp_profiles(s); | ||
| 271 | ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ | ||
| 272 | |||
| 273 | if(p) | ||
| 274 | { | ||
| 275 | if(ct==0) | ||
| 276 | { | ||
| 277 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); | ||
| 278 | return 1; | ||
| 279 | } | ||
| 280 | |||
| 281 | if((2 + ct*2 + 1) > maxlen) | ||
| 282 | { | ||
| 283 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); | ||
| 284 | return 1; | ||
| 285 | } | ||
| 286 | |||
| 287 | /* Add the length */ | ||
| 288 | s2n(ct * 2, p); | ||
| 289 | for(i=0;i<ct;i++) | ||
| 290 | { | ||
| 291 | prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); | ||
| 292 | s2n(prof->id,p); | ||
| 293 | } | ||
| 294 | |||
| 295 | /* Add an empty use_mki value */ | ||
| 296 | *p++ = 0; | ||
| 297 | } | ||
| 298 | |||
| 299 | *len=2 + ct*2 + 1; | ||
| 300 | |||
| 301 | return 0; | ||
| 302 | } | ||
| 303 | |||
| 304 | |||
| 305 | int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) | ||
| 306 | { | ||
| 307 | SRTP_PROTECTION_PROFILE *cprof,*sprof; | ||
| 308 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; | ||
| 309 | int ct; | ||
| 310 | int mki_len; | ||
| 311 | int i,j; | ||
| 312 | int id; | ||
| 313 | int ret; | ||
| 314 | |||
| 315 | /* Length value + the MKI length */ | ||
| 316 | if(len < 3) | ||
| 317 | { | ||
| 318 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 319 | *al=SSL_AD_DECODE_ERROR; | ||
| 320 | return 1; | ||
| 321 | } | ||
| 322 | |||
| 323 | /* Pull off the length of the cipher suite list */ | ||
| 324 | n2s(d, ct); | ||
| 325 | len -= 2; | ||
| 326 | |||
| 327 | /* Check that it is even */ | ||
| 328 | if(ct%2) | ||
| 329 | { | ||
| 330 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 331 | *al=SSL_AD_DECODE_ERROR; | ||
| 332 | return 1; | ||
| 333 | } | ||
| 334 | |||
| 335 | /* Check that lengths are consistent */ | ||
| 336 | if(len < (ct + 1)) | ||
| 337 | { | ||
| 338 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 339 | *al=SSL_AD_DECODE_ERROR; | ||
| 340 | return 1; | ||
| 341 | } | ||
| 342 | |||
| 343 | |||
| 344 | clnt=sk_SRTP_PROTECTION_PROFILE_new_null(); | ||
| 345 | |||
| 346 | while(ct) | ||
| 347 | { | ||
| 348 | n2s(d,id); | ||
| 349 | ct-=2; | ||
| 350 | len-=2; | ||
| 351 | |||
| 352 | if(!find_profile_by_num(id,&cprof)) | ||
| 353 | { | ||
| 354 | sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); | ||
| 355 | } | ||
| 356 | else | ||
| 357 | { | ||
| 358 | ; /* Ignore */ | ||
| 359 | } | ||
| 360 | } | ||
| 361 | |||
| 362 | /* Now extract the MKI value as a sanity check, but discard it for now */ | ||
| 363 | mki_len = *d; | ||
| 364 | d++; len--; | ||
| 365 | |||
| 366 | if (mki_len != len) | ||
| 367 | { | ||
| 368 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); | ||
| 369 | *al=SSL_AD_DECODE_ERROR; | ||
| 370 | return 1; | ||
| 371 | } | ||
| 372 | |||
| 373 | srvr=SSL_get_srtp_profiles(s); | ||
| 374 | |||
| 375 | /* Pick our most preferred profile. If no profiles have been | ||
| 376 | configured then the outer loop doesn't run | ||
| 377 | (sk_SRTP_PROTECTION_PROFILE_num() = -1) | ||
| 378 | and so we just return without doing anything */ | ||
| 379 | for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++) | ||
| 380 | { | ||
| 381 | sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i); | ||
| 382 | |||
| 383 | for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++) | ||
| 384 | { | ||
| 385 | cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j); | ||
| 386 | |||
| 387 | if(cprof->id==sprof->id) | ||
| 388 | { | ||
| 389 | s->srtp_profile=sprof; | ||
| 390 | *al=0; | ||
| 391 | ret=0; | ||
| 392 | goto done; | ||
| 393 | } | ||
| 394 | } | ||
| 395 | } | ||
| 396 | |||
| 397 | ret=0; | ||
| 398 | |||
| 399 | done: | ||
| 400 | if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); | ||
| 401 | |||
| 402 | return ret; | ||
| 403 | } | ||
| 404 | |||
| 405 | int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) | ||
| 406 | { | ||
| 407 | if(p) | ||
| 408 | { | ||
| 409 | if(maxlen < 5) | ||
| 410 | { | ||
| 411 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); | ||
| 412 | return 1; | ||
| 413 | } | ||
| 414 | |||
| 415 | if(s->srtp_profile==0) | ||
| 416 | { | ||
| 417 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED); | ||
| 418 | return 1; | ||
| 419 | } | ||
| 420 | s2n(2, p); | ||
| 421 | s2n(s->srtp_profile->id,p); | ||
| 422 | *p++ = 0; | ||
| 423 | } | ||
| 424 | *len=5; | ||
| 425 | |||
| 426 | return 0; | ||
| 427 | } | ||
| 428 | |||
| 429 | |||
| 430 | int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) | ||
| 431 | { | ||
| 432 | unsigned id; | ||
| 433 | int i; | ||
| 434 | int ct; | ||
| 435 | |||
| 436 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; | ||
| 437 | SRTP_PROTECTION_PROFILE *prof; | ||
| 438 | |||
| 439 | if(len!=5) | ||
| 440 | { | ||
| 441 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 442 | *al=SSL_AD_DECODE_ERROR; | ||
| 443 | return 1; | ||
| 444 | } | ||
| 445 | |||
| 446 | n2s(d, ct); | ||
| 447 | if(ct!=2) | ||
| 448 | { | ||
| 449 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 450 | *al=SSL_AD_DECODE_ERROR; | ||
| 451 | return 1; | ||
| 452 | } | ||
| 453 | |||
| 454 | n2s(d,id); | ||
| 455 | if (*d) /* Must be no MKI, since we never offer one */ | ||
| 456 | { | ||
| 457 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); | ||
| 458 | *al=SSL_AD_ILLEGAL_PARAMETER; | ||
| 459 | return 1; | ||
| 460 | } | ||
| 461 | |||
| 462 | clnt=SSL_get_srtp_profiles(s); | ||
| 463 | |||
| 464 | /* Throw an error if the server gave us an unsolicited extension */ | ||
| 465 | if (clnt == NULL) | ||
| 466 | { | ||
| 467 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES); | ||
| 468 | *al=SSL_AD_DECODE_ERROR; | ||
| 469 | return 1; | ||
| 470 | } | ||
| 471 | |||
| 472 | /* Check to see if the server gave us something we support | ||
| 473 | (and presumably offered) | ||
| 474 | */ | ||
| 475 | for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++) | ||
| 476 | { | ||
| 477 | prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); | ||
| 478 | |||
| 479 | if(prof->id == id) | ||
| 480 | { | ||
| 481 | s->srtp_profile=prof; | ||
| 482 | *al=0; | ||
| 483 | return 0; | ||
| 484 | } | ||
| 485 | } | ||
| 486 | |||
| 487 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 488 | *al=SSL_AD_DECODE_ERROR; | ||
| 489 | return 1; | ||
| 490 | } | ||
| 491 | |||
| 492 | |||
| 493 | #endif | ||