summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_srtp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/d1_srtp.c')
-rw-r--r--src/lib/libssl/d1_srtp.c47
1 files changed, 16 insertions, 31 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index b98c04b7cf..82dc8bfdef 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srtp.c,v 1.19 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: d1_srtp.c,v 1.20 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -187,8 +187,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
187 SRTP_PROTECTION_PROFILE *p; 187 SRTP_PROTECTION_PROFILE *p;
188 188
189 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { 189 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
190 SSLerror( 190 SSLerror(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
191 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
192 return 1; 191 return 1;
193 } 192 }
194 193
@@ -199,8 +198,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
199 col ? col - ptr : (int)strlen(ptr))) { 198 col ? col - ptr : (int)strlen(ptr))) {
200 sk_SRTP_PROTECTION_PROFILE_push(profiles, p); 199 sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
201 } else { 200 } else {
202 SSLerror( 201 SSLerror(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
203 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
204 sk_SRTP_PROTECTION_PROFILE_free(profiles); 202 sk_SRTP_PROTECTION_PROFILE_free(profiles);
205 return 1; 203 return 1;
206 } 204 }
@@ -264,14 +262,12 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
264 262
265 if (p) { 263 if (p) {
266 if (ct == 0) { 264 if (ct == 0) {
267 SSLerror( 265 SSLerror(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
268 SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
269 return 1; 266 return 1;
270 } 267 }
271 268
272 if ((2 + ct * 2 + 1) > maxlen) { 269 if ((2 + ct * 2 + 1) > maxlen) {
273 SSLerror( 270 SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
274 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
275 return 1; 271 return 1;
276 } 272 }
277 273
@@ -304,8 +300,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
304 CBS cbs, ciphers, mki; 300 CBS cbs, ciphers, mki;
305 301
306 if (len < 0) { 302 if (len < 0) {
307 SSLerror( 303 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
308 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
309 *al = SSL_AD_DECODE_ERROR; 304 *al = SSL_AD_DECODE_ERROR;
310 goto done; 305 goto done;
311 } 306 }
@@ -314,8 +309,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
314 /* Pull off the cipher suite list */ 309 /* Pull off the cipher suite list */
315 if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) || 310 if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
316 CBS_len(&ciphers) % 2) { 311 CBS_len(&ciphers) % 2) {
317 SSLerror( 312 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
318 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
319 *al = SSL_AD_DECODE_ERROR; 313 *al = SSL_AD_DECODE_ERROR;
320 goto done; 314 goto done;
321 } 315 }
@@ -324,8 +318,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
324 318
325 while (CBS_len(&ciphers) > 0) { 319 while (CBS_len(&ciphers) > 0) {
326 if (!CBS_get_u16(&ciphers, &id)) { 320 if (!CBS_get_u16(&ciphers, &id)) {
327 SSLerror( 321 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
328 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
329 *al = SSL_AD_DECODE_ERROR; 322 *al = SSL_AD_DECODE_ERROR;
330 goto done; 323 goto done;
331 } 324 }
@@ -339,8 +332,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
339 /* Extract the MKI value as a sanity check, but discard it for now. */ 332 /* Extract the MKI value as a sanity check, but discard it for now. */
340 if (!CBS_get_u8_length_prefixed(&cbs, &mki) || 333 if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
341 CBS_len(&cbs) != 0) { 334 CBS_len(&cbs) != 0) {
342 SSLerror( 335 SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);
343 SSL_R_BAD_SRTP_MKI_VALUE);
344 *al = SSL_AD_DECODE_ERROR; 336 *al = SSL_AD_DECODE_ERROR;
345 goto done; 337 goto done;
346 } 338 }
@@ -381,14 +373,12 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
381{ 373{
382 if (p) { 374 if (p) {
383 if (maxlen < 5) { 375 if (maxlen < 5) {
384 SSLerror( 376 SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
385 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
386 return 1; 377 return 1;
387 } 378 }
388 379
389 if (s->internal->srtp_profile == 0) { 380 if (s->internal->srtp_profile == 0) {
390 SSLerror( 381 SSLerror(SSL_R_USE_SRTP_NOT_NEGOTIATED);
391 SSL_R_USE_SRTP_NOT_NEGOTIATED);
392 return 1; 382 return 1;
393 } 383 }
394 s2n(2, p); 384 s2n(2, p);
@@ -411,8 +401,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
411 CBS cbs, profile_ids, mki; 401 CBS cbs, profile_ids, mki;
412 402
413 if (len < 0) { 403 if (len < 0) {
414 SSLerror( 404 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
415 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
416 *al = SSL_AD_DECODE_ERROR; 405 *al = SSL_AD_DECODE_ERROR;
417 return 1; 406 return 1;
418 } 407 }
@@ -425,16 +414,14 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
425 */ 414 */
426 if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) || 415 if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
427 !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) { 416 !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
428 SSLerror( 417 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
429 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
430 *al = SSL_AD_DECODE_ERROR; 418 *al = SSL_AD_DECODE_ERROR;
431 return 1; 419 return 1;
432 } 420 }
433 421
434 /* Must be no MKI, since we never offer one. */ 422 /* Must be no MKI, since we never offer one. */
435 if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) { 423 if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
436 SSLerror( 424 SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);
437 SSL_R_BAD_SRTP_MKI_VALUE);
438 *al = SSL_AD_ILLEGAL_PARAMETER; 425 *al = SSL_AD_ILLEGAL_PARAMETER;
439 return 1; 426 return 1;
440 } 427 }
@@ -443,8 +430,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
443 430
444 /* Throw an error if the server gave us an unsolicited extension. */ 431 /* Throw an error if the server gave us an unsolicited extension. */
445 if (clnt == NULL) { 432 if (clnt == NULL) {
446 SSLerror( 433 SSLerror(SSL_R_NO_SRTP_PROFILES);
447 SSL_R_NO_SRTP_PROFILES);
448 *al = SSL_AD_DECODE_ERROR; 434 *al = SSL_AD_DECODE_ERROR;
449 return 1; 435 return 1;
450 } 436 }
@@ -463,8 +449,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
463 } 449 }
464 } 450 }
465 451
466 SSLerror( 452 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
467 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
468 *al = SSL_AD_DECODE_ERROR; 453 *al = SSL_AD_DECODE_ERROR;
469 return 1; 454 return 1;
470} 455}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 03:14:04 +0000