projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Free any existing SRTP connection profile
[openssl.git]
/
ssl
/
d1_srtp.c
diff --git
a/ssl/d1_srtp.c
b/ssl/d1_srtp.c
index 19cf6ff396b554a8b170e33d1014506c39f3f6f1..e49aea9be1e4bf5866d47834c1b976819e1e4375 100644
(file)
--- a/
ssl/d1_srtp.c
+++ b/
ssl/d1_srtp.c
@@
-1,4
+1,3
@@
-/* ssl/t1_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@
-129,6
+128,14
@@
static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
"SRTP_AES128_CM_SHA1_32",
SRTP_AES128_CM_SHA1_32,
},
"SRTP_AES128_CM_SHA1_32",
SRTP_AES128_CM_SHA1_32,
},
+ {
+ "SRTP_AEAD_AES_128_GCM",
+ SRTP_AEAD_AES_128_GCM
+ },
+ {
+ "SRTP_AEAD_AES_256_GCM",
+ SRTP_AEAD_AES_256_GCM
+ },
{0}
};
{0}
};
@@
-190,6
+197,8
@@
static int ssl_ctx_make_profiles(const char *profiles_string,
ptr = col + 1;
} while (col);
ptr = col + 1;
} while (col);
+ sk_SRTP_PROTECTION_PROFILE_free(*out);
+
*out = profiles;
return 0;
*out = profiles;
return 0;
@@
-266,38
+275,18
@@
int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
return 0;
}
return 0;
}
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
- int *al)
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
{
SRTP_PROTECTION_PROFILE *sprof;
STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
{
SRTP_PROTECTION_PROFILE *sprof;
STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
- int ct;
- int mki_len;
+ unsigned int ct, mki_len, id;
int i, srtp_pref;
int i, srtp_pref;
- unsigned int id;
-
- /* Length value + the MKI length */
- if (len < 3) {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
- SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
- *al = SSL_AD_DECODE_ERROR;
- return 1;
- }
-
- /* Pull off the length of the cipher suite list */
- n2s(d, ct);
- len -= 2;
+ PACKET subpkt;
- /* Check that it is even */
- if (ct % 2) {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
- SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
- *al = SSL_AD_DECODE_ERROR;
- return 1;
- }
-
- /* Check that lengths are consistent */
- if (len < (ct + 1)) {
+ /* Pull off the length of the cipher suite list and check it is even */
+ if (!PACKET_get_net_2(pkt, &ct)
+ || (ct & 1) != 0
+ || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
@@
-309,10
+298,13
@@
int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
/* Search all profiles for a match initially */
srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
/* Search all profiles for a match initially */
srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
- while (ct) {
- n2s(d, id);
- ct -= 2;
- len -= 2;
+ while (PACKET_remaining(&subpkt)) {
+ if (!PACKET_get_net_2(&subpkt, &id)) {
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+ SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+ *al = SSL_AD_DECODE_ERROR;
+ return 1;
+ }
/*
* Only look for match in profiles of higher preference than
/*
* Only look for match in profiles of higher preference than
@@
-333,11
+325,15
@@
int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
/*
* Now extract the MKI value as a sanity check, but discard it for now
*/
/*
* Now extract the MKI value as a sanity check, but discard it for now
*/
- mki_len = *d;
- d++;
- len--;
+ if (!PACKET_get_1(pkt, &mki_len)) {
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+ SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+ *al = SSL_AD_DECODE_ERROR;
+ return 1;
+ }
- if (mki_len != len) {
+ if (!PACKET_forward(pkt, mki_len)
+ || PACKET_remaining(pkt)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_DECODE_ERROR;
@@
-371,33
+367,27
@@
int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
return 0;
}
return 0;
}
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
- int *al)
+int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
{
{
- unsigned i
d
;
+ unsigned i
nt id, ct, mki
;
int i;
int i;
- int ct;
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
SRTP_PROTECTION_PROFILE *prof;
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
SRTP_PROTECTION_PROFILE *prof;
- if (len != 5) {
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
- SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
- *al = SSL_AD_DECODE_ERROR;
- return 1;
- }
-
- n2s(d, ct);
- if (ct != 2) {
+ if (!PACKET_get_net_2(pkt, &ct)
+ || ct != 2
+ || !PACKET_get_net_2(pkt, &id)
+ || !PACKET_get_1(pkt, &mki)
+ || PACKET_remaining(pkt) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 1;
}
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 1;
}
- n2s(d, id);
-
if (*d) {
/* Must be no MKI, since we never offer one */
+ if (mki != 0) {
+ /* Must be no MKI, since we never offer one */
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_ILLEGAL_PARAMETER;