cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 20:22:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list

Browse Source 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Johan Pascal 2020-09-22 13:04:45 +02:00
parent 43f9490a52
commit 253d0263a6
4 changed files with 34 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/mbedtls/ssl.h
View File

@ -3204,13 +3204,13 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
* \brief Set the supported DTLS-SRTP protection profiles.
*
* \param conf SSL configuration
* \param profiles List of supported protection profiles,
* \param profiles Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated
* supported protection profiles
* in decreasing preference order.
* The pointer to the list is
* recorded by the library for later reference as required,
* so the lifetime of the table must be at least as long
* as the lifetime of the SSL configuration structure.
* \param profiles_number Number of supported profiles.
* The pointer to the list is recorded by the library
* for later reference as required, so the lifetime
* of the table must be at least as long as the lifetime
* of the SSL configuration structure.
*
* \return 0 on success
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
@ -3218,8 +3218,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
*/
int mbedtls_ssl_conf_dtls_srtp_protection_profiles
( mbedtls_ssl_config *conf,
const mbedtls_ssl_srtp_profile *profiles,
size_t profiles_number );
const mbedtls_ssl_srtp_profile *profiles );
/**
* \brief Set the mki_value for the current DTLS-SRTP session.

32
library/ssl_tls.c
View File

@ -4735,38 +4735,36 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
}
int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
const mbedtls_ssl_srtp_profile *profiles,
size_t profiles_number )
const mbedtls_ssl_srtp_profile *profiles )
{
size_t i;
/*
* Check input validity : must be a list of profiles from enumeration.
* Maximum length is 4 as only 4 protection profiles are defined.
*/
if( profiles_number > 4 )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
const mbedtls_ssl_srtp_profile *p;
size_t list_size = 0;
for( i=0; i < profiles_number; i++ )
/* check the profiles list: all entry must be valid,
* its size cannot be more than the total number of supported profiles, currently 4 */
for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size < 5; p++ )
{
switch( profiles[i] )
switch( *p )
{
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
list_size++;
break;
default:
default: /* unsupported value, stop parsing and set the size to an error value */
list_size = 5;
}
}
if ( list_size > 4 ) {
conf->dtls_srtp_profile_list = NULL;
conf->dtls_srtp_profile_list_len = 0;
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
}
conf->dtls_srtp_profile_list = profiles;
conf->dtls_srtp_profile_list_len = profiles_number;
conf->dtls_srtp_profile_list_len = list_size;
return( 0 );
}

15
programs/ssl/ssl_client2.c
View File

@ -1249,7 +1249,8 @@ int main( int argc, char *argv[] )
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
MBEDTLS_TLS_SRTP_UNSET
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@ -2334,18 +2335,12 @@ int main( int argc, char *argv[] )
{
if( opt.force_srtp_profile != 0 )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
( &conf,
forced_profile,
sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
}
else
{
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
( &conf,
default_profiles,
sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles );
}
if( ret != 0 )

13
programs/ssl/ssl_server2.c
View File

@ -1880,7 +1880,8 @@ int main( int argc, char *argv[] )
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
MBEDTLS_TLS_SRTP_UNSET
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@ -3146,16 +3147,12 @@ int main( int argc, char *argv[] )
{
if( opt.force_srtp_profile != 0 )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
forced_profile,
sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile );
}
else
{
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
default_profiles,
sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles );
}
if( ret != 0 )