},
{
"SRTP_AEAD_AES_128_GCM",
- SRTP_AEAD_AES_128_GCM
+ SRTP_AEAD_AES_128_GCM,
},
{
"SRTP_AEAD_AES_256_GCM",
- SRTP_AEAD_AES_256_GCM
+ SRTP_AEAD_AES_256_GCM,
},
{0}
};
static int find_profile_by_name(char *profile_name,
- SRTP_PROTECTION_PROFILE **pptr, unsigned len)
+ SRTP_PROTECTION_PROFILE **pptr, size_t len)
{
SRTP_PROTECTION_PROFILE *p;
do {
col = strchr(ptr, ':');
- if (!find_profile_by_name(ptr, &p,
- col ? col - ptr : (int)strlen(ptr))) {
+ if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
+ : strlen(ptr))) {
if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*out = profiles;
return 0;
-err:
+ err:
sk_SRTP_PROTECTION_PROFILE_free(profiles);
return 1;
}
return s->srtp_profile;
}
-/*
- * Note: this function returns 0 length if there are no profiles specified
- */
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
- int maxlen)
-{
- int ct = 0;
- int i;
- STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
- SRTP_PROTECTION_PROFILE *prof;
-
- clnt = SSL_get_srtp_profiles(s);
- ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
-
- if (p) {
- if (ct == 0) {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
- SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
- return 1;
- }
-
- if ((2 + ct * 2 + 1) > maxlen) {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
- SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
- return 1;
- }
-
- /* Add the length */
- s2n(ct * 2, p);
- for (i = 0; i < ct; i++) {
- prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
- s2n(prof->id, p);
- }
-
- /* Add an empty use_mki value */
- *p++ = 0;
- }
-
- *len = 2 + ct * 2 + 1;
-
- return 0;
-}
-
int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
{
SRTP_PROTECTION_PROFILE *sprof;
/* Pull off the length of the cipher suite list and check it is even */
if (!PACKET_get_net_2(pkt, &ct)
- || (ct & 1) != 0
- || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
+ || (ct & 1) != 0 || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
}
if (!PACKET_forward(pkt, mki_len)
- || PACKET_remaining(pkt)) {
+ || PACKET_remaining(pkt)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_DECODE_ERROR;
return 0;
}
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
- int maxlen)
-{
- if (p) {
- if (maxlen < 5) {
- SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
- SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
- return 1;
- }
-
- if (s->srtp_profile == 0) {
- SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
- SSL_R_USE_SRTP_NOT_NEGOTIATED);
- return 1;
- }
- s2n(2, p);
- s2n(s->srtp_profile->id, p);
- *p++ = 0;
- }
- *len = 5;
-
- return 0;
-}
-
int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
{
unsigned int id, ct, mki;
SRTP_PROTECTION_PROFILE *prof;
if (!PACKET_get_net_2(pkt, &ct)
- || ct != 2
- || !PACKET_get_net_2(pkt, &id)
- || !PACKET_get_1(pkt, &mki)
- || PACKET_remaining(pkt) != 0) {
+ || ct != 2 || !PACKET_get_net_2(pkt, &id)
+ || !PACKET_get_1(pkt, &mki)
+ || PACKET_remaining(pkt) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;