mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 03:45:38 +01:00
Style fixes
1. Adjust to 80 colums where possible. 2. Add \ remove spaces where needed. 3. Fix alignments. Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
parent
2b3dfe41af
commit
ef72faf2bb
@ -3190,10 +3190,11 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
|
||||
* (Default: MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED)
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param support_mki_value Enable or disable (MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED or
|
||||
* MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED)
|
||||
* \param support_mki_value Enable or disable (MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
|
||||
* or MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED)
|
||||
*/
|
||||
void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value );
|
||||
void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
|
||||
int support_mki_value );
|
||||
|
||||
/**
|
||||
* \brief Set the supported DTLS-SRTP protection profiles.
|
||||
@ -3205,7 +3206,9 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int su
|
||||
*
|
||||
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
|
||||
*/
|
||||
int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number);
|
||||
int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
|
||||
const mbedtls_ssl_srtp_profile *profiles,
|
||||
size_t profiles_number );
|
||||
|
||||
/**
|
||||
* \brief Set the mki_value for the current dtls session.
|
||||
@ -3214,9 +3217,12 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co
|
||||
* \param mki_value MKI value to set
|
||||
* \param mki_len MKI length
|
||||
*
|
||||
* \return 0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA or MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
* \return 0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA
|
||||
* or MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE on failure
|
||||
*/
|
||||
int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char* mki_value, size_t mki_len );
|
||||
int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
|
||||
unsigned char *mki_value,
|
||||
size_t mki_len );
|
||||
/**
|
||||
* \brief Get the negotiated DTLS-SRTP Protection Profile.
|
||||
* This function should be called after the handshake is
|
||||
@ -3224,22 +3230,28 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char
|
||||
*
|
||||
* \param ssl SSL context
|
||||
*
|
||||
* \return Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated.
|
||||
* \return Protection Profile enum member,
|
||||
* MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated.
|
||||
*/
|
||||
mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Get the generated DTLS-SRTP key material.
|
||||
* This function should be called after the handshake is
|
||||
* completed. It shall returns 80 bytes of key material generated according to RFC5764
|
||||
* completed. It shall returns 80 bytes of key material
|
||||
* generated according to RFC5764
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param key Buffer to hold the generated key material
|
||||
* \param key_len [in/out] key buffer size. outputs the actual number of bytes written
|
||||
* \param key_len [in/out] key buffer size. outputs the actual number
|
||||
* of bytes written
|
||||
*
|
||||
* \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer is too small to hold the generated key
|
||||
* \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer
|
||||
* is too small to hold the generated key
|
||||
*/
|
||||
int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len );
|
||||
int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl,
|
||||
unsigned char *key,
|
||||
size_t *key_len );
|
||||
|
||||
/**
|
||||
* \brief Utility function to get information on dtls srtp profile.
|
||||
@ -3267,7 +3279,7 @@ const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id(
|
||||
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 supported)
|
||||
*/
|
||||
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
|
||||
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf,int major, int minor );
|
||||
|
||||
/**
|
||||
* \brief Set the minimum accepted SSL/TLS protocol version
|
||||
|
@ -766,7 +766,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if( (ssl->conf->dtls_srtp_profile_list == NULL) || (ssl->conf->dtls_srtp_profile_list_len == 0) )
|
||||
if( (ssl->conf->dtls_srtp_profile_list == NULL) ||
|
||||
(ssl->conf->dtls_srtp_profile_list_len == 0) )
|
||||
{
|
||||
return;
|
||||
}
|
||||
@ -785,52 +786,69 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
* } UseSRTPData;
|
||||
|
||||
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
|
||||
*
|
||||
*/
|
||||
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
|
||||
ssl->dtls_srtp_info.mki_len != 0 )
|
||||
ssl->dtls_srtp_info.mki_len != 0 )
|
||||
{
|
||||
mki_len = ssl->dtls_srtp_info.mki_len;
|
||||
}
|
||||
/* Extension length = 2bytes for profiles length, ssl->conf->dtls_srtp_profile_list_len*2 (each profile is 2 bytes length ) + 1 byte for srtp_mki vector length and the mki_len value */
|
||||
*p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) ) & 0xFF );
|
||||
|
||||
/* Extension length = 2 bytes for profiles length,
|
||||
* ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ),
|
||||
* 1 byte for srtp_mki vector length and the mki_len value
|
||||
*/
|
||||
*p++ = (unsigned char)( ( ( 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len )
|
||||
+ 1 + mki_len ) >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ( 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len )
|
||||
+ 1 + mki_len ) ) & 0xFF );
|
||||
|
||||
/* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
|
||||
*p++ = (unsigned char)( ( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) )
|
||||
>> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) )
|
||||
& 0xFF );
|
||||
|
||||
for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ )
|
||||
for( protection_profiles_index=0;
|
||||
protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
|
||||
protection_profiles_index++ )
|
||||
{
|
||||
switch (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) {
|
||||
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
|
||||
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) );
|
||||
*p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF);
|
||||
*p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF);
|
||||
*p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE )
|
||||
>> 8 ) & 0xFF );
|
||||
*p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE )
|
||||
& 0xFF );
|
||||
break;
|
||||
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
|
||||
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) );
|
||||
*p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF);
|
||||
*p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF);
|
||||
*p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE )
|
||||
>> 8 ) & 0xFF );
|
||||
*p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE )
|
||||
& 0xFF );
|
||||
break;
|
||||
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) );
|
||||
*p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF);
|
||||
*p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF);
|
||||
*p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 )
|
||||
& 0xFF ) ;
|
||||
*p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF );
|
||||
break;
|
||||
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) );
|
||||
*p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF);
|
||||
*p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF);
|
||||
*p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 )
|
||||
& 0xFF );
|
||||
*p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF );
|
||||
break;
|
||||
default:
|
||||
/* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) );
|
||||
/*
|
||||
* Note: we shall never arrive here as protection profiles
|
||||
* is checked by ssl_set_dtls_srtp_protection_profiles function
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d",
|
||||
ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) );
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -843,11 +861,18 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
{
|
||||
*p++ = ssl->dtls_srtp_info.mki_value[i];
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value,
|
||||
ssl->dtls_srtp_info.mki_len );
|
||||
}
|
||||
|
||||
/* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/
|
||||
*olen = 2 + 2 + 2 + 2*( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
|
||||
/*
|
||||
* total extension length: extension type (2 bytes)
|
||||
* + extension length (2 bytes)
|
||||
* + protection profile length (2 bytes)
|
||||
* + 2 * number of protection profiles
|
||||
* + srtp_mki vector length(1 byte)
|
||||
*/
|
||||
*olen = 2 + 2 + 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
|
||||
@ -1815,7 +1840,8 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
|
||||
size_t i, mki_len = 0;
|
||||
@ -1823,7 +1849,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_srtp_profile_info * profile_info;
|
||||
|
||||
/* If use_srtp is not configured, just ignore the extension */
|
||||
if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
|
||||
if( ssl->conf->dtls_srtp_profile_list == NULL ||
|
||||
ssl->conf->dtls_srtp_profile_list_len == 0 )
|
||||
return( 0 );
|
||||
|
||||
/* RFC5764 section 4.1.1
|
||||
@ -1838,21 +1865,32 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
*
|
||||
*/
|
||||
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
|
||||
ssl->dtls_srtp_info.mki_len != 0 )
|
||||
ssl->dtls_srtp_info.mki_len != 0 )
|
||||
{
|
||||
mki_len = ssl->dtls_srtp_info.mki_len;
|
||||
}
|
||||
|
||||
/* Length is 5 and optional mki_value : one protection profile(2 bytes) + length(2 bytes) and srtp_mki */
|
||||
/*
|
||||
* Length is 5 and optional mki_value : one protection profile(2 bytes)
|
||||
* + length(2 bytes) and srtp_mki
|
||||
*/
|
||||
if( ( len != 5 ) && ( len != ( 5 + mki_len ) ) )
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
|
||||
/*
|
||||
* get the server protection profile
|
||||
*/
|
||||
if (((uint16_t)( ( buf[0]<<8 ) | buf[1] ) ) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */
|
||||
|
||||
/*
|
||||
* protection profile length must be 0x0002 as we must have only
|
||||
* one protection profile in server Hello
|
||||
*/
|
||||
if( ( (uint16_t)( ( buf[0] << 8 ) | buf[1] ) ) != 0x0002 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
server_protection_profile_value = ( buf[2] << 8 ) | buf[3];
|
||||
}
|
||||
|
||||
@ -1863,7 +1901,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
|
||||
{
|
||||
switch ( server_protection_profile_value ) {
|
||||
switch( server_protection_profile_value ) {
|
||||
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE:
|
||||
server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80;
|
||||
break;
|
||||
@ -1886,7 +1924,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) );
|
||||
}
|
||||
|
||||
if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) {
|
||||
if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) {
|
||||
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) );
|
||||
break;
|
||||
@ -1897,10 +1935,11 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE )
|
||||
{
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
|
||||
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
/* RFC5764:
|
||||
/*
|
||||
* RFC5764:
|
||||
* If the client detects a nonzero-length MKI in the server's response
|
||||
* that is different than the one the client offered, then the client
|
||||
* MUST abort the handshake and SHOULD send an invalid_parameter alert.
|
||||
@ -1913,9 +1952,10 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
#if defined (MBEDTLS_DEBUG_C)
|
||||
if( len > 5)
|
||||
if( len > 5 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value,
|
||||
ssl->dtls_srtp_info.mki_len );
|
||||
}
|
||||
#endif
|
||||
return 0;
|
||||
@ -3469,14 +3509,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
if( ssl->client_auth == 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
|
||||
}
|
||||
else
|
||||
{
|
||||
#endif
|
||||
/* MBEDTLS_SSL_DTLS_SRTP */
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
/* Current message is probably the ServerHelloDone */
|
||||
ssl->keep_current_message = 1;
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
@ -4129,8 +4168,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
else
|
||||
|
@ -778,15 +778,17 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE;
|
||||
size_t i,j;
|
||||
size_t profile_length;
|
||||
const mbedtls_ssl_srtp_profile_info * profile_info;
|
||||
const mbedtls_ssl_srtp_profile_info *profile_info;
|
||||
|
||||
/* If use_srtp is not configured, just ignore the extension */
|
||||
if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
|
||||
if( ssl->conf->dtls_srtp_profile_list == NULL ||
|
||||
ssl->conf->dtls_srtp_profile_list_len == 0 )
|
||||
return( 0 );
|
||||
|
||||
/* RFC5764 section 4.1.1
|
||||
@ -798,22 +800,28 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
* } UseSRTPData;
|
||||
|
||||
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
|
||||
*
|
||||
*/
|
||||
|
||||
/* Min length is 5: at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */
|
||||
/*
|
||||
* Min length is 5: at least one protection profile(2 bytes)
|
||||
* and length(2 bytes) + srtp_mki length(1 byte)
|
||||
*/
|
||||
if( len < 5 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
|
||||
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE;
|
||||
|
||||
profile_length = ( buf[0] << 8 ) | buf[1]; /* first 2 bytes are protection profile length(in bytes) */
|
||||
/* first 2 bytes are protection profile length(in bytes) */
|
||||
profile_length = ( buf[0] << 8 ) | buf[1];
|
||||
|
||||
|
||||
/* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */
|
||||
for( j=0; j < profile_length; j+=2 )
|
||||
/*
|
||||
* parse the extension list values are defined in
|
||||
* http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
|
||||
*/
|
||||
for( j=0; j < profile_length; j += 2 )
|
||||
{
|
||||
uint16_t protection_profile_value = buf[j+2]<<8 | buf[j+3]; /* +2 to skip the length field */
|
||||
/* + 2 to skip the length field */
|
||||
uint16_t protection_profile_value = buf[j + 2] << 8 | buf[j+3];
|
||||
|
||||
switch ( protection_profile_value )
|
||||
{
|
||||
@ -854,7 +862,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
if( ( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) &&
|
||||
( len > ( profile_length + 2 ) ) )
|
||||
{
|
||||
ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ];
|
||||
ssl->dtls_srtp_info.mki_len = buf[profile_length + 2];
|
||||
if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH )
|
||||
{
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
@ -863,13 +871,14 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ];
|
||||
ssl->dtls_srtp_info.mki_len = buf[profile_length + 2];
|
||||
for( i=0; i < ssl->dtls_srtp_info.mki_len; i++ )
|
||||
{
|
||||
ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ];
|
||||
ssl->dtls_srtp_info.mki_value[i] = buf[profile_length + 2 + 1 + i];
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value,
|
||||
ssl->dtls_srtp_info.mki_len );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
@ -2611,7 +2620,8 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf, size_t *olen )
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
{
|
||||
size_t mki_len = 0, ext_len = 0, i;
|
||||
|
||||
@ -2624,7 +2634,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) );
|
||||
|
||||
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
|
||||
ssl->dtls_srtp_info.mki_len != 0 )
|
||||
ssl->dtls_srtp_info.mki_len != 0 )
|
||||
{
|
||||
mki_len = ssl->dtls_srtp_info.mki_len;
|
||||
}
|
||||
@ -2632,7 +2642,10 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
/* extension */
|
||||
buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF );
|
||||
buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF );
|
||||
/* total length 5 and mki value: only one profile(2 bytes) and length(2 bytes) and srtp_mki ) */
|
||||
/*
|
||||
* total length 5 and mki value: only one profile(2 bytes)
|
||||
* and length(2 bytes) and srtp_mki )
|
||||
*/
|
||||
ext_len = 5 + mki_len;
|
||||
buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
|
||||
buf[3] = (unsigned char)( ext_len & 0xFF );
|
||||
@ -2642,20 +2655,28 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
buf[5] = 0x02;
|
||||
switch (ssl->dtls_srtp_info.chosen_dtls_srtp_profile) {
|
||||
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
|
||||
buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF );
|
||||
buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF );
|
||||
buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8 )
|
||||
& 0xFF );
|
||||
buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE )
|
||||
& 0xFF );
|
||||
break;
|
||||
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
|
||||
buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF );
|
||||
buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF );
|
||||
buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8 )
|
||||
& 0xFF );
|
||||
buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE )
|
||||
& 0xFF );
|
||||
break;
|
||||
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
|
||||
buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF );
|
||||
buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF );
|
||||
buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8 )
|
||||
& 0xFF );
|
||||
buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE )
|
||||
& 0xFF );
|
||||
break;
|
||||
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
|
||||
buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF );
|
||||
buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF );
|
||||
buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8 )
|
||||
& 0xFF );
|
||||
buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE )
|
||||
& 0xFF );
|
||||
break;
|
||||
default:
|
||||
*olen = 0;
|
||||
@ -2665,7 +2686,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
|
||||
buf[8] = mki_len & 0xFF;
|
||||
for( i=0; i < mki_len; i++ )
|
||||
{
|
||||
buf[ 9 + i ] = ssl->dtls_srtp_info.mki_value[i];
|
||||
buf[9 + i] = ssl->dtls_srtp_info.mki_value[i];
|
||||
}
|
||||
|
||||
*olen = 9 + mki_len;
|
||||
@ -2961,7 +2982,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen);
|
||||
ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
@ -3030,11 +3051,15 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
/* check if we have a chosen srtp protection profile, force verify mode to be at least OPTIONAL */
|
||||
if ( ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) && ( ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) ) {
|
||||
/*
|
||||
* check if we have a chosen srtp protection profile,
|
||||
* force verify mode to be at least OPTIONAL
|
||||
*/
|
||||
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE &&
|
||||
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) {
|
||||
authmode = MBEDTLS_SSL_VERIFY_OPTIONAL;
|
||||
}
|
||||
else
|
||||
else
|
||||
#endif
|
||||
authmode = ssl->conf->authmode;
|
||||
|
||||
@ -3045,7 +3070,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "should not happen" ) );
|
||||
return ( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -873,19 +873,19 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
/* derive key material for srtp session RFC5764 section 4.2 */
|
||||
/* master key and master salt are respectively 128 bits and 112 bits for all currently available modes :
|
||||
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
/* derive key material for srtp session RFC5764 section 4.2
|
||||
* master key and master salt are respectively 128 bits and 112 bits
|
||||
* for all currently available modes :
|
||||
* SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32
|
||||
* SRTP_NULL_HMAC_SHA1_80, SRTP_NULL_HMAC_SHA1_32
|
||||
* So we must export 2*(128 + 112) = 480 bits
|
||||
*/
|
||||
ssl->dtls_srtp_info.dtls_srtp_keys_len = MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH;
|
||||
|
||||
//ssl->dtls_srtp_info.dtls_srtp_keys = (unsigned char *)mbedtls_calloc(1, ssl->dtls_srtp_info.dtls_srtp_keys_len);
|
||||
|
||||
ret = tls_prf( master, 48, "EXTRACTOR-dtls_srtp",
|
||||
randbytes, 64, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len );
|
||||
ret = tls_prf( master, 48, "EXTRACTOR-dtls_srtp",
|
||||
randbytes, 64, ssl->dtls_srtp_info.dtls_srtp_keys,
|
||||
ssl->dtls_srtp_info.dtls_srtp_keys_len );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
@ -2113,9 +2113,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||
if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -2754,7 +2754,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
: ssl->dtls_srtp_info.chosen_dtls_srtp_profile !=
|
||||
MBEDTLS_SRTP_UNSET_PROFILE
|
||||
&& ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE
|
||||
? MBEDTLS_SSL_VERIFY_REQUIRED
|
||||
? MBEDTLS_SSL_VERIFY_OPTIONAL
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
: ssl->conf->authmode;
|
||||
#else
|
||||
@ -2763,7 +2763,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
ssl->dtls_srtp_info.chosen_dtls_srtp_profile !=
|
||||
MBEDTLS_SRTP_UNSET_PROFILE &&
|
||||
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ?
|
||||
MBEDTLS_SSL_VERIFY_REQUIRED :
|
||||
MBEDTLS_SSL_VERIFY_OPTIONAL :
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
ssl->conf->authmode;
|
||||
#endif
|
||||
@ -4762,12 +4762,15 @@ const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id(
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value )
|
||||
void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
|
||||
int support_mki_value )
|
||||
{
|
||||
conf->dtls_srtp_mki_support = support_mki_value;
|
||||
}
|
||||
|
||||
int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char* mki_value, size_t mki_len )
|
||||
int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
|
||||
unsigned char *mki_value,
|
||||
size_t mki_len )
|
||||
{
|
||||
if ( mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH )
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
@ -4780,20 +4783,22 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char
|
||||
return 0;
|
||||
}
|
||||
|
||||
int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number)
|
||||
int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
|
||||
const mbedtls_ssl_srtp_profile *profiles,
|
||||
size_t profiles_number )
|
||||
{
|
||||
size_t i;
|
||||
/* check in put validity : must be a list of profiles from enumeration */
|
||||
/* maximum length is 4 as only 4 protection profiles are defined */
|
||||
if (profiles_number>4) {
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
if( profiles_number > 4 ) {
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
mbedtls_free(conf->dtls_srtp_profile_list);
|
||||
conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile *)mbedtls_calloc(1, profiles_number*sizeof(mbedtls_ssl_srtp_profile));
|
||||
mbedtls_free( conf->dtls_srtp_profile_list );
|
||||
conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1, profiles_number * sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
|
||||
for (i=0; i<profiles_number; i++) {
|
||||
switch (profiles[i]) {
|
||||
for( i=0; i < profiles_number; i++ ) {
|
||||
switch( profiles[i] ) {
|
||||
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
|
||||
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
|
||||
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
|
||||
@ -4801,7 +4806,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co
|
||||
conf->dtls_srtp_profile_list[i] = profiles[i];
|
||||
break;
|
||||
default:
|
||||
mbedtls_free(conf->dtls_srtp_profile_list);
|
||||
mbedtls_free( conf->dtls_srtp_profile_list );
|
||||
conf->dtls_srtp_profile_list = NULL;
|
||||
conf->dtls_srtp_profile_list_len = 0;
|
||||
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
|
||||
@ -4814,19 +4819,22 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl)
|
||||
mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile);
|
||||
return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ) {
|
||||
int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl,
|
||||
unsigned char *key,
|
||||
size_t *key_len ) {
|
||||
|
||||
/* check output buffer size */
|
||||
if ( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len) {
|
||||
if( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len ) {
|
||||
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len);
|
||||
memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys,
|
||||
ssl->dtls_srtp_info.dtls_srtp_keys_len );
|
||||
*key_len = ssl->dtls_srtp_info.dtls_srtp_keys_len;
|
||||
|
||||
return 0;
|
||||
@ -6931,8 +6939,8 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||
#endif
|
||||
|
||||
#if defined (MBEDTLS_SSL_DTLS_SRTP)
|
||||
mbedtls_platform_zeroize( ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len );
|
||||
//mbedtls_free( ssl->dtls_srtp_keys );
|
||||
mbedtls_platform_zeroize( ssl->dtls_srtp_info.dtls_srtp_keys,
|
||||
ssl->dtls_srtp_info.dtls_srtp_keys_len );
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
|
||||
|
@ -561,7 +561,7 @@ struct options
|
||||
int query_config_mode; /* whether to read config */
|
||||
int use_srtp; /* Support SRTP */
|
||||
int force_srtp_profile; /* SRTP protection profile to use or all */
|
||||
const char* mki; /* The dtls mki value to use */
|
||||
const char *mki; /* The dtls mki value to use */
|
||||
} opt;
|
||||
|
||||
int query_config( const char *config );
|
||||
@ -2285,7 +2285,9 @@ int main( int argc, char *argv[] )
|
||||
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
|
||||
{
|
||||
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
|
||||
forced_profile,
|
||||
sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -2293,7 +2295,9 @@ int main( int argc, char *argv[] )
|
||||
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
|
||||
default_profiles,
|
||||
sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
}
|
||||
|
||||
if( ret != 0 )
|
||||
@ -2557,7 +2561,8 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
|
||||
if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, strlen( mki )) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki,
|
||||
strlen( mki ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret );
|
||||
goto exit;
|
||||
|
@ -3103,7 +3103,9 @@ int main( int argc, char *argv[] )
|
||||
if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
|
||||
{
|
||||
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
|
||||
forced_profile,
|
||||
sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -3111,7 +3113,9 @@ int main( int argc, char *argv[] )
|
||||
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
|
||||
MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
|
||||
default_profiles,
|
||||
sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
|
||||
}
|
||||
|
||||
if( ret != 0 )
|
||||
|
Loading…
Reference in New Issue
Block a user