Improve code readability

+micro optimization
+style

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>

include/mbedtls/ssl.h

@@ -873,6 +873,7 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
 
 #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH    60
 #define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH             255
+#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH    4
 /*
  * For code readability use a typedef for DTLS-SRTP profiles
  * The supported profiles are defines as macro above:
@@ -3185,7 +3186,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 #if defined(MBEDTLS_DEBUG_C)
-static inline const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile )
+static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile )
 {
     switch( profile )
     {
@@ -3229,6 +3230,8 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
  *                          for later reference as required, so the lifetime
  *                          of the table must be at least as long as the lifetime
  *                          of the SSL configuration structure.
+ *                          The list must not hold more than
+ *                          MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements
  *
  * \return                  0 on success
  * \return                  #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of

library/ssl_cli.c

@@ -800,8 +800,14 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
     *p++ = (unsigned char)( ext_len & 0xFF );
 
     /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
-    *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len )
+    /* micro-optimization:
-                              >> 8 ) & 0xFF );
+     * the list size is limited to MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH
+     * which is lower than 127, so the upper byte of the length is always 0
+     * For the documentation, the more generic code is left in comments
+     * *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len )
+     *                        >> 8 ) & 0xFF );
+     */
+    *p++ = 0;
     *p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len )
                             & 0xFF );
 

library/ssl_tls.c

@@ -4723,7 +4723,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
 
     /* check the profiles list: all entry must be valid,
      * its size cannot be more than the total number of supported profiles, currently 4 */
-    for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size < 5; p++ )
+    for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; p++ )
     {
         switch( *p )
         {
@@ -4734,11 +4734,11 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
                     list_size++;
                 break;
             default: /* unsupported value, stop parsing and set the size to an error value */
-                list_size = 5;
+                list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH+1;
         }
     }
 
-    if ( list_size > 4 ) {
+    if ( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) {
                 conf->dtls_srtp_profile_list = NULL;
                 conf->dtls_srtp_profile_list_len = 0;
                 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );