1392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* ssl/t1_lib.c */ 2392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * All rights reserved. 4392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 5392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * This package is an SSL implementation written 6392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * by Eric Young (eay@cryptsoft.com). 7392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * The implementation was written so as to conform with Netscapes SSL. 8392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 9392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * This library is free for commercial and non-commercial use as long as 10392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * the following conditions are aheared to. The following conditions 11392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * apply to all code found in this distribution, be it the RC4, RSA, 12392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * included with this distribution is covered by the same copyright terms 14392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 16392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Copyright remains Eric Young's, and as such any Copyright notices in 17392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * the code are not to be removed. 18392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * If this package is used in a product, Eric Young should be given attribution 19392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * as the author of the parts of the library used. 20392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * This can be in the form of a textual message at program startup or 21392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * in documentation (online or textual) provided with the package. 22392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 23392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Redistribution and use in source and binary forms, with or without 24392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * modification, are permitted provided that the following conditions 25392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * are met: 26392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 1. Redistributions of source code must retain the copyright 27392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * notice, this list of conditions and the following disclaimer. 28392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2. Redistributions in binary form must reproduce the above copyright 29392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * notice, this list of conditions and the following disclaimer in the 30392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * documentation and/or other materials provided with the distribution. 31392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 3. All advertising materials mentioning features or use of this software 32392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * must display the following acknowledgement: 33392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * "This product includes cryptographic software written by 34392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Eric Young (eay@cryptsoft.com)" 35392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * The word 'cryptographic' can be left out if the rouines from the library 36392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * being used are not cryptographic related :-). 37392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 4. If you include any Windows specific code (or a derivative thereof) from 38392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * the apps directory (application code) you must include an acknowledgement: 39392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 41392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * SUCH DAMAGE. 52392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 53392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * The licence and distribution terms for any publically available version or 54392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * derivative of this code cannot be changed. i.e. this code cannot simply be 55392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * copied and put under another distribution licence 56392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * [including the GNU Public Licence.] 57392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 58392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* ==================================================================== 59392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 61392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Redistribution and use in source and binary forms, with or without 62392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * modification, are permitted provided that the following conditions 63392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * are met: 64392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 65392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 1. Redistributions of source code must retain the above copyright 66392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * notice, this list of conditions and the following disclaimer. 67392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 68392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2. Redistributions in binary form must reproduce the above copyright 69392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * notice, this list of conditions and the following disclaimer in 70392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * the documentation and/or other materials provided with the 71392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * distribution. 72392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 73392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 3. All advertising materials mentioning features or use of this 74392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * software must display the following acknowledgment: 75392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * "This product includes software developed by the OpenSSL Project 76392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 78392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * endorse or promote products derived from this software without 80392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * prior written permission. For written permission, please contact 81392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * openssl-core@openssl.org. 82392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 83392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 5. Products derived from this software may not be called "OpenSSL" 84392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * nor may "OpenSSL" appear in their names without prior written 85392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * permission of the OpenSSL Project. 86392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 87392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 6. Redistributions of any form whatsoever must retain the following 88392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * acknowledgment: 89392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * "This product includes software developed by the OpenSSL Project 90392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 92392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * OF THE POSSIBILITY OF SUCH DAMAGE. 104392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ==================================================================== 105392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 106392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * This product includes cryptographic software written by Eric Young 107392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * (eay@cryptsoft.com). This product includes software written by Tim 108392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Hudson (tjh@cryptsoft.com). 109392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 110392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 111392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* 112392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom DTLS code by Eric Rescorla <ekr@rtfm.com> 113392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 114392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom Copyright (C) 2006, Network Resonance, Inc. 115392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom Copyright (C) 2011, RTFM, Inc. 116392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom*/ 117392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 118392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRTP 119392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 120392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <stdio.h> 121392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/objects.h> 122392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include "ssl_locl.h" 123392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include "srtp.h" 124392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 125392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 126392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic SRTP_PROTECTION_PROFILE srtp_known_profiles[]= 127392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 128392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 129392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "SRTP_AES128_CM_SHA1_80", 130392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_AES128_CM_SHA1_80, 131392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }, 132392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 133392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "SRTP_AES128_CM_SHA1_32", 134392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_AES128_CM_SHA1_32, 135392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }, 136392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#if 0 137392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 138392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "SRTP_NULL_SHA1_80", 139392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_NULL_SHA1_80, 140392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }, 141392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 142392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "SRTP_NULL_SHA1_32", 143392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_NULL_SHA1_32, 144392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }, 145392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 146392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom {0} 147392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom }; 148392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 149392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic int find_profile_by_name(char *profile_name, 150392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE **pptr,unsigned len) 151392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 152392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE *p; 153392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 154392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p=srtp_known_profiles; 155392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom while(p->name) 156392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 157392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if((len == strlen(p->name)) && !strncmp(p->name,profile_name, 158392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom len)) 159392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 160392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *pptr=p; 161392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 162392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 163392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 164392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p++; 165392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 166392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 167392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 168392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 169392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 170392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic int find_profile_by_num(unsigned profile_num, 171392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE **pptr) 172392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 173392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE *p; 174392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 175392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p=srtp_known_profiles; 176392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom while(p->name) 177392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 178392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(p->id == profile_num) 179392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 180392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *pptr=p; 181392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 182392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 183392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p++; 184392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 185392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 186392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 187392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 188392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 189392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) 190392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 191392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; 192392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 193392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom char *col; 194392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom char *ptr=(char *)profiles_string; 195392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 196392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE *p; 197392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 198392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null())) 199392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 200392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 201392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 202392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 203392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 204392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom do 205392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 206392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom col=strchr(ptr,':'); 207392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 208392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(!find_profile_by_name(ptr,&p, 209392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom col ? col-ptr : (int)strlen(ptr))) 210392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 211392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sk_SRTP_PROTECTION_PROFILE_push(profiles,p); 212392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 213392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 214392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 215392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); 216392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 217392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 218392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 219392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(col) ptr=col+1; 220392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } while (col); 221392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 222392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *out=profiles; 223392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 224392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 225392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 226392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 227392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) 228392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 229392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles); 230392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 231392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 232392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) 233392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 234392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return ssl_ctx_make_profiles(profiles,&s->srtp_profiles); 235392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 236392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 237392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 238392aa7cc7d2b122614c5393c3e357da07fd07af3Brian CarlstromSTACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) 239392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 240392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(s != NULL) 241392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 242392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(s->srtp_profiles != NULL) 243392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 244392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->srtp_profiles; 245392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 246392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if((s->ctx != NULL) && 247392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (s->ctx->srtp_profiles != NULL)) 248392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 249392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->ctx->srtp_profiles; 250392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 251392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 252392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 253392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return NULL; 254392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 255392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 256392aa7cc7d2b122614c5393c3e357da07fd07af3Brian CarlstromSRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) 257392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 258392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->srtp_profile; 259392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 260392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 261392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* Note: this function returns 0 length if there are no 262392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom profiles specified */ 263392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) 264392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 265392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int ct=0; 266392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int i; 267392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0; 268392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE *prof; 269392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 270392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom clnt=SSL_get_srtp_profiles(s); 271392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ 272392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 273392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(p) 274392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 275392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(ct==0) 276392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 277392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); 278392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 279392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 280392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 281392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if((2 + ct*2 + 1) > maxlen) 282392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 283392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 284392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 285392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 286392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 287392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Add the length */ 288392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(ct * 2, p); 289392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for(i=0;i<ct;i++) 290392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 291392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); 292392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(prof->id,p); 293392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 294392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 295392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Add an empty use_mki value */ 296392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *p++ = 0; 297392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 298392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 299392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *len=2 + ct*2 + 1; 300392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 301392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 302392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 303392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 304392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) 306392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 307392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE *cprof,*sprof; 308392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; 309392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int ct; 310392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int mki_len; 311392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int i,j; 312392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int id; 313392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int ret; 314392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 315392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Length value + the MKI length */ 316392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(len < 3) 317392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 318392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 319392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_DECODE_ERROR; 320392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 321392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 322392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 323392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Pull off the length of the cipher suite list */ 324392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(d, ct); 325392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom len -= 2; 326392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 327392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Check that it is even */ 328392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(ct%2) 329392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 330392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 331392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_DECODE_ERROR; 332392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 333392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 334392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 335392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Check that lengths are consistent */ 336392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(len < (ct + 1)) 337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 338392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 339392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_DECODE_ERROR; 340392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 341392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 342392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 343392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 344392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom clnt=sk_SRTP_PROTECTION_PROFILE_new_null(); 345392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 346392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom while(ct) 347392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 348392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(d,id); 349392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ct-=2; 350392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom len-=2; 351392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 352392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(!find_profile_by_num(id,&cprof)) 353392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 354392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); 355392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 356392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 357392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 358392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ; /* Ignore */ 359392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 360392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 361392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 362392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Now extract the MKI value as a sanity check, but discard it for now */ 363392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom mki_len = *d; 364392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom d++; len--; 365392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 366392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (mki_len != len) 367392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 368392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); 369392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_DECODE_ERROR; 370392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 371392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 372392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 373392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srvr=SSL_get_srtp_profiles(s); 374392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 375392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Pick our most preferred profile. If no profiles have been 376392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom configured then the outer loop doesn't run 377392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (sk_SRTP_PROTECTION_PROFILE_num() = -1) 378392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom and so we just return without doing anything */ 379392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++) 380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 381392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i); 382392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 383392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++) 384392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 385392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j); 386392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 387392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(cprof->id==sprof->id) 388392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 389392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srtp_profile=sprof; 390392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=0; 391392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret=0; 392392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto done; 393392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 394392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 396392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 397392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret=0; 398392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 399392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromdone: 400392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); 401392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 402392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return ret; 403392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 404392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 405392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) 406392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(p) 408392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 409392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(maxlen < 5) 410392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 411392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 412392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 413392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 414392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 415392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(s->srtp_profile==0) 416392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 417392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED); 418392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 419392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 420392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(2, p); 421392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s2n(s->srtp_profile->id,p); 422392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *p++ = 0; 423392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 424392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *len=5; 425392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 426392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 427392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 428392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 429392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 430392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) 431392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 432392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned id; 433392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int i; 434392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int ct; 435392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 436392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; 437392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE *prof; 438392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 439392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(len!=5) 440392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 441392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 442392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_DECODE_ERROR; 443392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 444392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 445392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 446392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(d, ct); 447392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(ct!=2) 448392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 449392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 450392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_DECODE_ERROR; 451392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 452392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 453392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 454392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom n2s(d,id); 455392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (*d) /* Must be no MKI, since we never offer one */ 456392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 457392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE); 458392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_ILLEGAL_PARAMETER; 459392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 460392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 461392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 462392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom clnt=SSL_get_srtp_profiles(s); 463392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 464392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Throw an error if the server gave us an unsolicited extension */ 465392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (clnt == NULL) 466392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 467392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES); 468392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_DECODE_ERROR; 469392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 470392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 471392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 472392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Check to see if the server gave us something we support 473392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (and presumably offered) 474392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 475392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++) 476392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 477392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); 478392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 479392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(prof->id == id) 480392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 481392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srtp_profile=prof; 482392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=0; 483392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 484392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 485392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 486392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 487392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 488392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *al=SSL_AD_DECODE_ERROR; 489392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 490392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 491392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 492392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 493392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 494