diff options
| author | jsing <> | 2014-04-14 14:16:33 +0000 |
|---|---|---|
| committer | jsing <> | 2014-04-14 14:16:33 +0000 |
| commit | 95692a60ee0169e369d59f82504e36ff376e13ba (patch) | |
| tree | d3a4c41549109f6de6427907f10589c02eec0d25 /src/lib/libssl/d1_srtp.c | |
| parent | 72c1bd17672378115dcd5254ed88828e45357e7f (diff) | |
| download | openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.gz openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.bz2 openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.zip | |
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.
Diffstat (limited to 'src/lib/libssl/d1_srtp.c')
| -rw-r--r-- | src/lib/libssl/d1_srtp.c | 497 |
1 files changed, 237 insertions, 260 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c index ab9c41922c..fadd9f381f 100644 --- a/src/lib/libssl/d1_srtp.c +++ b/src/lib/libssl/d1_srtp.c | |||
| @@ -124,371 +124,348 @@ | |||
| 124 | #include "srtp.h" | 124 | #include "srtp.h" |
| 125 | 125 | ||
| 126 | 126 | ||
| 127 | static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= | 127 | static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= { |
| 128 | { | 128 | { |
| 129 | { | 129 | "SRTP_AES128_CM_SHA1_80", |
| 130 | "SRTP_AES128_CM_SHA1_80", | 130 | SRTP_AES128_CM_SHA1_80, |
| 131 | SRTP_AES128_CM_SHA1_80, | 131 | }, |
| 132 | }, | 132 | { |
| 133 | { | 133 | "SRTP_AES128_CM_SHA1_32", |
| 134 | "SRTP_AES128_CM_SHA1_32", | 134 | SRTP_AES128_CM_SHA1_32, |
| 135 | SRTP_AES128_CM_SHA1_32, | 135 | }, |
| 136 | }, | ||
| 137 | #if 0 | 136 | #if 0 |
| 138 | { | 137 | { |
| 139 | "SRTP_NULL_SHA1_80", | 138 | "SRTP_NULL_SHA1_80", |
| 140 | SRTP_NULL_SHA1_80, | 139 | SRTP_NULL_SHA1_80, |
| 141 | }, | 140 | }, |
| 142 | { | 141 | { |
| 143 | "SRTP_NULL_SHA1_32", | 142 | "SRTP_NULL_SHA1_32", |
| 144 | SRTP_NULL_SHA1_32, | 143 | SRTP_NULL_SHA1_32, |
| 145 | }, | 144 | }, |
| 146 | #endif | 145 | #endif |
| 147 | {0} | 146 | {0} |
| 148 | }; | 147 | }; |
| 149 | 148 | ||
| 150 | static int find_profile_by_name(char *profile_name, | 149 | static int |
| 151 | SRTP_PROTECTION_PROFILE **pptr,unsigned len) | 150 | find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr, |
| 152 | { | 151 | unsigned len) |
| 152 | { | ||
| 153 | SRTP_PROTECTION_PROFILE *p; | 153 | SRTP_PROTECTION_PROFILE *p; |
| 154 | 154 | ||
| 155 | p=srtp_known_profiles; | 155 | p = srtp_known_profiles; |
| 156 | while(p->name) | 156 | while (p->name) { |
| 157 | { | 157 | if ((len == strlen(p->name)) && |
| 158 | if((len == strlen(p->name)) && !strncmp(p->name,profile_name, | 158 | !strncmp(p->name, profile_name, len)) { |
| 159 | len)) | 159 | *pptr = p; |
| 160 | { | ||
| 161 | *pptr=p; | ||
| 162 | return 0; | 160 | return 0; |
| 163 | } | 161 | } |
| 164 | 162 | ||
| 165 | p++; | 163 | p++; |
| 166 | } | 164 | } |
| 167 | 165 | ||
| 168 | return 1; | 166 | return 1; |
| 169 | } | 167 | } |
| 170 | 168 | ||
| 171 | static int find_profile_by_num(unsigned profile_num, | 169 | static int |
| 172 | SRTP_PROTECTION_PROFILE **pptr) | 170 | find_profile_by_num(unsigned profile_num, SRTP_PROTECTION_PROFILE **pptr) |
| 173 | { | 171 | { |
| 174 | SRTP_PROTECTION_PROFILE *p; | 172 | SRTP_PROTECTION_PROFILE *p; |
| 175 | 173 | ||
| 176 | p=srtp_known_profiles; | 174 | p = srtp_known_profiles; |
| 177 | while(p->name) | 175 | while (p->name) { |
| 178 | { | 176 | if (p->id == profile_num) { |
| 179 | if(p->id == profile_num) | 177 | *pptr = p; |
| 180 | { | ||
| 181 | *pptr=p; | ||
| 182 | return 0; | 178 | return 0; |
| 183 | } | ||
| 184 | p++; | ||
| 185 | } | 179 | } |
| 180 | p++; | ||
| 181 | } | ||
| 186 | 182 | ||
| 187 | return 1; | 183 | return 1; |
| 188 | } | 184 | } |
| 189 | 185 | ||
| 190 | static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) | 186 | static int |
| 191 | { | 187 | ssl_ctx_make_profiles(const char *profiles_string, |
| 188 | STACK_OF(SRTP_PROTECTION_PROFILE) **out) | ||
| 189 | { | ||
| 192 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; | 190 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; |
| 193 | 191 | ||
| 194 | char *col; | 192 | char *col; |
| 195 | char *ptr=(char *)profiles_string; | 193 | char *ptr = (char *)profiles_string; |
| 196 | 194 | ||
| 197 | SRTP_PROTECTION_PROFILE *p; | 195 | SRTP_PROTECTION_PROFILE *p; |
| 198 | 196 | ||
| 199 | if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null())) | 197 | if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { |
| 200 | { | ||
| 201 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); | 198 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); |
| 202 | return 1; | 199 | return 1; |
| 203 | } | 200 | } |
| 204 | |||
| 205 | do | ||
| 206 | { | ||
| 207 | col=strchr(ptr,':'); | ||
| 208 | |||
| 209 | if(!find_profile_by_name(ptr,&p, | ||
| 210 | col ? col-ptr : (int)strlen(ptr))) | ||
| 211 | { | ||
| 212 | sk_SRTP_PROTECTION_PROFILE_push(profiles,p); | ||
| 213 | } | ||
| 214 | else | ||
| 215 | { | ||
| 216 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); | ||
| 217 | return 1; | ||
| 218 | } | ||
| 219 | 201 | ||
| 220 | if(col) ptr=col+1; | 202 | do { |
| 221 | } while (col); | 203 | col = strchr(ptr, ':'); |
| 222 | 204 | ||
| 223 | *out=profiles; | 205 | if (!find_profile_by_name(ptr, &p, |
| 224 | 206 | col ? col - ptr : (int)strlen(ptr))) { | |
| 225 | return 0; | 207 | sk_SRTP_PROTECTION_PROFILE_push(profiles, p); |
| 226 | } | 208 | } else { |
| 227 | 209 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); | |
| 228 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) | 210 | return 1; |
| 229 | { | 211 | } |
| 230 | return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles); | ||
| 231 | } | ||
| 232 | 212 | ||
| 233 | int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) | 213 | if (col) |
| 234 | { | 214 | ptr = col + 1; |
| 235 | return ssl_ctx_make_profiles(profiles,&s->srtp_profiles); | 215 | } while (col); |
| 236 | } | ||
| 237 | 216 | ||
| 217 | *out = profiles; | ||
| 238 | 218 | ||
| 239 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) | 219 | return 0; |
| 240 | { | 220 | } |
| 241 | if(s != NULL) | 221 | |
| 242 | { | 222 | int |
| 243 | if(s->srtp_profiles != NULL) | 223 | SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) |
| 244 | { | 224 | { |
| 225 | return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); | ||
| 226 | } | ||
| 227 | |||
| 228 | int | ||
| 229 | SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) | ||
| 230 | { | ||
| 231 | return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); | ||
| 232 | } | ||
| 233 | |||
| 234 | |||
| 235 | STACK_OF(SRTP_PROTECTION_PROFILE) | ||
| 236 | *SSL_get_srtp_profiles(SSL *s) | ||
| 237 | { | ||
| 238 | if (s != NULL) { | ||
| 239 | if (s->srtp_profiles != NULL) { | ||
| 245 | return s->srtp_profiles; | 240 | return s->srtp_profiles; |
| 246 | } | 241 | } else if ((s->ctx != NULL) && |
| 247 | else if((s->ctx != NULL) && | 242 | (s->ctx->srtp_profiles != NULL)) { |
| 248 | (s->ctx->srtp_profiles != NULL)) | ||
| 249 | { | ||
| 250 | return s->ctx->srtp_profiles; | 243 | return s->ctx->srtp_profiles; |
| 251 | } | ||
| 252 | } | 244 | } |
| 245 | } | ||
| 253 | 246 | ||
| 254 | return NULL; | 247 | return NULL; |
| 255 | } | 248 | } |
| 256 | 249 | ||
| 257 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) | 250 | SRTP_PROTECTION_PROFILE |
| 258 | { | 251 | *SSL_get_selected_srtp_profile(SSL *s) |
| 252 | { | ||
| 259 | return s->srtp_profile; | 253 | return s->srtp_profile; |
| 260 | } | 254 | } |
| 261 | 255 | ||
| 262 | /* Note: this function returns 0 length if there are no | 256 | /* Note: this function returns 0 length if there are no |
| 263 | profiles specified */ | 257 | profiles specified */ |
| 264 | int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) | 258 | int |
| 265 | { | 259 | ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) |
| 266 | int ct=0; | 260 | { |
| 261 | int ct = 0; | ||
| 267 | int i; | 262 | int i; |
| 268 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0; | 263 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0; |
| 269 | SRTP_PROTECTION_PROFILE *prof; | 264 | SRTP_PROTECTION_PROFILE *prof; |
| 270 | |||
| 271 | clnt=SSL_get_srtp_profiles(s); | ||
| 272 | ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ | ||
| 273 | |||
| 274 | if(p) | ||
| 275 | { | ||
| 276 | if(ct==0) | ||
| 277 | { | ||
| 278 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); | ||
| 279 | return 1; | ||
| 280 | } | ||
| 281 | 265 | ||
| 282 | if((2 + ct*2 + 1) > maxlen) | 266 | clnt = SSL_get_srtp_profiles(s); |
| 283 | { | 267 | |
| 284 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); | 268 | ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ |
| 269 | |||
| 270 | if (p) { | ||
| 271 | if (ct == 0) { | ||
| 272 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); | ||
| 285 | return 1; | 273 | return 1; |
| 286 | } | 274 | } |
| 287 | 275 | ||
| 288 | /* Add the length */ | 276 | if ((2 + ct * 2 + 1) > maxlen) { |
| 289 | s2n(ct * 2, p); | 277 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); |
| 290 | for(i=0;i<ct;i++) | 278 | return 1; |
| 291 | { | 279 | } |
| 292 | prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); | ||
| 293 | s2n(prof->id,p); | ||
| 294 | } | ||
| 295 | 280 | ||
| 296 | /* Add an empty use_mki value */ | 281 | /* Add the length */ |
| 297 | *p++ = 0; | 282 | s2n(ct * 2, p); |
| 283 | for (i = 0; i < ct; i++) { | ||
| 284 | prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); | ||
| 285 | s2n(prof->id, p); | ||
| 298 | } | 286 | } |
| 299 | 287 | ||
| 300 | *len=2 + ct*2 + 1; | 288 | /* Add an empty use_mki value */ |
| 301 | 289 | *p++ = 0; | |
| 302 | return 0; | ||
| 303 | } | 290 | } |
| 304 | 291 | ||
| 292 | *len = 2 + ct*2 + 1; | ||
| 305 | 293 | ||
| 306 | int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) | 294 | return 0; |
| 307 | { | 295 | } |
| 308 | SRTP_PROTECTION_PROFILE *cprof,*sprof; | 296 | |
| 309 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; | 297 | |
| 310 | int ct; | 298 | int |
| 311 | int mki_len; | 299 | ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) |
| 312 | int i,j; | 300 | { |
| 301 | SRTP_PROTECTION_PROFILE *cprof, *sprof; | ||
| 302 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr; | ||
| 303 | int ct; | ||
| 304 | int mki_len; | ||
| 305 | int i, j; | ||
| 313 | int id; | 306 | int id; |
| 314 | int ret; | 307 | int ret; |
| 315 | 308 | ||
| 316 | /* Length value + the MKI length */ | 309 | /* Length value + the MKI length */ |
| 317 | if(len < 3) | 310 | if (len < 3) { |
| 318 | { | 311 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 319 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 312 | *al = SSL_AD_DECODE_ERROR; |
| 320 | *al=SSL_AD_DECODE_ERROR; | ||
| 321 | return 1; | 313 | return 1; |
| 322 | } | 314 | } |
| 323 | 315 | ||
| 324 | /* Pull off the length of the cipher suite list */ | 316 | /* Pull off the length of the cipher suite list */ |
| 325 | n2s(d, ct); | 317 | n2s(d, ct); |
| 326 | len -= 2; | 318 | len -= 2; |
| 327 | 319 | ||
| 328 | /* Check that it is even */ | 320 | /* Check that it is even */ |
| 329 | if(ct%2) | 321 | if (ct % 2) { |
| 330 | { | 322 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 331 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 323 | *al = SSL_AD_DECODE_ERROR; |
| 332 | *al=SSL_AD_DECODE_ERROR; | ||
| 333 | return 1; | 324 | return 1; |
| 334 | } | 325 | } |
| 335 | 326 | ||
| 336 | /* Check that lengths are consistent */ | 327 | /* Check that lengths are consistent */ |
| 337 | if(len < (ct + 1)) | 328 | if (len < (ct + 1)) { |
| 338 | { | 329 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 339 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 330 | *al = SSL_AD_DECODE_ERROR; |
| 340 | *al=SSL_AD_DECODE_ERROR; | ||
| 341 | return 1; | 331 | return 1; |
| 342 | } | 332 | } |
| 343 | 333 | ||
| 344 | |||
| 345 | clnt=sk_SRTP_PROTECTION_PROFILE_new_null(); | ||
| 346 | 334 | ||
| 347 | while(ct) | 335 | clnt = sk_SRTP_PROTECTION_PROFILE_new_null(); |
| 348 | { | ||
| 349 | n2s(d,id); | ||
| 350 | ct-=2; | ||
| 351 | len-=2; | ||
| 352 | 336 | ||
| 353 | if(!find_profile_by_num(id,&cprof)) | 337 | while (ct) { |
| 354 | { | 338 | n2s(d, id); |
| 355 | sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); | 339 | ct -= 2; |
| 356 | } | 340 | len -= 2; |
| 357 | else | 341 | |
| 358 | { | 342 | if (!find_profile_by_num(id, &cprof)) { |
| 343 | sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof); | ||
| 344 | } else { | ||
| 359 | ; /* Ignore */ | 345 | ; /* Ignore */ |
| 360 | } | ||
| 361 | } | 346 | } |
| 347 | } | ||
| 362 | 348 | ||
| 363 | /* Now extract the MKI value as a sanity check, but discard it for now */ | 349 | /* Now extract the MKI value as a sanity check, but discard it for now */ |
| 364 | mki_len = *d; | 350 | mki_len = *d; |
| 365 | d++; len--; | 351 | d++; |
| 352 | len--; | ||
| 366 | 353 | ||
| 367 | if (mki_len != len) | 354 | if (mki_len != len) { |
| 368 | { | 355 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE); |
| 369 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); | 356 | *al = SSL_AD_DECODE_ERROR; |
| 370 | *al=SSL_AD_DECODE_ERROR; | ||
| 371 | return 1; | 357 | return 1; |
| 372 | } | 358 | } |
| 373 | 359 | ||
| 374 | srvr=SSL_get_srtp_profiles(s); | 360 | srvr = SSL_get_srtp_profiles(s); |
| 375 | 361 | ||
| 376 | /* Pick our most preferred profile. If no profiles have been | 362 | /* Pick our most preferred profile. If no profiles have been |
| 377 | configured then the outer loop doesn't run | 363 | configured then the outer loop doesn't run |
| 378 | (sk_SRTP_PROTECTION_PROFILE_num() = -1) | 364 | (sk_SRTP_PROTECTION_PROFILE_num() = -1) |
| 379 | and so we just return without doing anything */ | 365 | and so we just return without doing anything */ |
| 380 | for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++) | 366 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) { |
| 381 | { | 367 | sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); |
| 382 | sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i); | 368 | |
| 383 | 369 | for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) { | |
| 384 | for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++) | 370 | cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j); |
| 385 | { | 371 | |
| 386 | cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j); | 372 | if (cprof->id == sprof->id) { |
| 387 | 373 | s->srtp_profile = sprof; | |
| 388 | if(cprof->id==sprof->id) | 374 | *al = 0; |
| 389 | { | 375 | ret = 0; |
| 390 | s->srtp_profile=sprof; | ||
| 391 | *al=0; | ||
| 392 | ret=0; | ||
| 393 | goto done; | 376 | goto done; |
| 394 | } | ||
| 395 | } | 377 | } |
| 396 | } | 378 | } |
| 379 | } | ||
| 380 | |||
| 381 | ret = 0; | ||
| 397 | 382 | ||
| 398 | ret=0; | ||
| 399 | |||
| 400 | done: | 383 | done: |
| 401 | if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); | 384 | if (clnt) |
| 385 | sk_SRTP_PROTECTION_PROFILE_free(clnt); | ||
| 402 | 386 | ||
| 403 | return ret; | 387 | return ret; |
| 404 | } | 388 | } |
| 405 | 389 | ||
| 406 | int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) | 390 | int |
| 407 | { | 391 | ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) |
| 408 | if(p) | 392 | { |
| 409 | { | 393 | if (p) { |
| 410 | if(maxlen < 5) | 394 | if (maxlen < 5) { |
| 411 | { | 395 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); |
| 412 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); | ||
| 413 | return 1; | 396 | return 1; |
| 414 | } | 397 | } |
| 415 | 398 | ||
| 416 | if(s->srtp_profile==0) | 399 | if (s->srtp_profile == 0) { |
| 417 | { | 400 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_USE_SRTP_NOT_NEGOTIATED); |
| 418 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED); | ||
| 419 | return 1; | 401 | return 1; |
| 420 | } | ||
| 421 | s2n(2, p); | ||
| 422 | s2n(s->srtp_profile->id,p); | ||
| 423 | *p++ = 0; | ||
| 424 | } | 402 | } |
| 425 | *len=5; | 403 | s2n(2, p); |
| 426 | 404 | s2n(s->srtp_profile->id, p); | |
| 427 | return 0; | 405 | *p++ = 0; |
| 428 | } | 406 | } |
| 429 | 407 | *len = 5; | |
| 430 | 408 | ||
| 431 | int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) | 409 | return 0; |
| 432 | { | 410 | } |
| 411 | |||
| 412 | |||
| 413 | int | ||
| 414 | ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) | ||
| 415 | { | ||
| 433 | unsigned id; | 416 | unsigned id; |
| 434 | int i; | 417 | int i; |
| 435 | int ct; | 418 | int ct; |
| 436 | 419 | ||
| 437 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; | 420 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; |
| 438 | SRTP_PROTECTION_PROFILE *prof; | 421 | SRTP_PROTECTION_PROFILE *prof; |
| 439 | 422 | ||
| 440 | if(len!=5) | 423 | if (len != 5) { |
| 441 | { | 424 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 442 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 425 | *al = SSL_AD_DECODE_ERROR; |
| 443 | *al=SSL_AD_DECODE_ERROR; | ||
| 444 | return 1; | 426 | return 1; |
| 445 | } | 427 | } |
| 446 | 428 | ||
| 447 | n2s(d, ct); | 429 | n2s(d, ct); |
| 448 | if(ct!=2) | 430 | if (ct != 2) { |
| 449 | { | 431 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
| 450 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | 432 | *al = SSL_AD_DECODE_ERROR; |
| 451 | *al=SSL_AD_DECODE_ERROR; | ||
| 452 | return 1; | 433 | return 1; |
| 453 | } | 434 | } |
| 454 | 435 | ||
| 455 | n2s(d,id); | 436 | n2s(d, id); |
| 456 | if (*d) /* Must be no MKI, since we never offer one */ | 437 | if (*d) /* Must be no MKI, since we never offer one */ |
| 457 | { | 438 | { |
| 458 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); | 439 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_MKI_VALUE); |
| 459 | *al=SSL_AD_ILLEGAL_PARAMETER; | 440 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 460 | return 1; | 441 | return 1; |
| 461 | } | 442 | } |
| 462 | 443 | ||
| 463 | clnt=SSL_get_srtp_profiles(s); | 444 | clnt = SSL_get_srtp_profiles(s); |
| 464 | 445 | ||
| 465 | /* Throw an error if the server gave us an unsolicited extension */ | 446 | /* Throw an error if the server gave us an unsolicited extension */ |
| 466 | if (clnt == NULL) | 447 | if (clnt == NULL) { |
| 467 | { | 448 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_NO_SRTP_PROFILES); |
| 468 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES); | 449 | *al = SSL_AD_DECODE_ERROR; |
| 469 | *al=SSL_AD_DECODE_ERROR; | ||
| 470 | return 1; | 450 | return 1; |
| 471 | } | 451 | } |
| 472 | 452 | ||
| 473 | /* Check to see if the server gave us something we support | 453 | /* Check to see if the server gave us something we support |
| 474 | (and presumably offered) | 454 | (and presumably offered) |
| 475 | */ | 455 | */ |
| 476 | for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++) | 456 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { |
| 477 | { | 457 | prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); |
| 478 | prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); | 458 | |
| 479 | 459 | if (prof->id == id) { | |
| 480 | if(prof->id == id) | 460 | s->srtp_profile = prof; |
| 481 | { | 461 | *al = 0; |
| 482 | s->srtp_profile=prof; | ||
| 483 | *al=0; | ||
| 484 | return 0; | 462 | return 0; |
| 485 | } | ||
| 486 | } | 463 | } |
| 487 | |||
| 488 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 489 | *al=SSL_AD_DECODE_ERROR; | ||
| 490 | return 1; | ||
| 491 | } | 464 | } |
| 492 | 465 | ||
| 466 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 467 | *al = SSL_AD_DECODE_ERROR; | ||
| 468 | return 1; | ||
| 469 | } | ||
| 493 | 470 | ||
| 494 | #endif | 471 | #endif |