net/third_party/nss/ssl/sslsock.c - Issue 9982019: Implement RFC 5764 (DTLS-SRTP).

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/third_party/nss/ssl/sslsock.c

Issue 9982019: Implement RFC 5764 (DTLS-SRTP). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: First full review Created 8 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/third_party/nss/ssl/sslsock.c

===================================================================

--- net/third_party/nss/ssl/sslsock.c (revision 130750)

+++ net/third_party/nss/ssl/sslsock.c (working copy)

@@ -225,6 +225,13 @@

char lockStatus[] = "Locks are ENABLED. ";

#define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */

+/* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */

+static const PRUint16 srtpCiphers[] = {

+ SRTP_AES128_CM_HMAC_SHA1_80,

+ SRTP_AES128_CM_HMAC_SHA1_32,

+ 0

+};

/* forward declarations. */

static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);

static SECStatus ssl_MakeLocks(sslSocket *ss);

@@ -1596,6 +1603,70 @@

return SECSuccess;

}

+SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,

+ const PRUint16 *ciphers,

+ unsigned int numCiphers)

+ sslSocket * ss;

+ int i;

+ ss = ssl_FindSocket(fd);

+ if (!ss || !IS_DTLS(ss)) {

+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",

+ SSL_GETPID(), fd));

+ PORT_SetError(SEC_ERROR_INVALID_ARGS);

+ return SECFailure;

+ }

+ for (i = 0; i < numCiphers; i++) {

+ const PRUint16 *srtpCipher = srtpCiphers;

+ while (*srtpCipher) {

+ if (ciphers[i] == *srtpCipher)

+ break;

+ srtpCipher++;

+ }

+ if (!*srtpCipher) {

+ SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "

+ "suite specified: 0x%04hx", SSL_GETPID(), fd,

+ ciphers[i]));

+ PORT_SetError(SEC_ERROR_INVALID_ARGS);

+ return SECFailure;

+ }

+ if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {

+ PORT_SetError(SEC_ERROR_INVALID_ARGS);

+ return SECFailure;

+ }

+ memcpy(ss->ssl3.dtlsSRTPCiphers, ciphers, sizeof(PRUint16) * numCiphers);

+ ss->ssl3.dtlsSRTPCipherCount = numCiphers;

+ return SECSuccess;

+SECStatus

+SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)

+ sslSocket * ss;

+ ss = ssl_FindSocket(fd);

+ if (!ss) {

+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",

+ SSL_GETPID(), fd));

+ PORT_SetError(SEC_ERROR_INVALID_ARGS);

+ return SECFailure;

+ }

+ if (!ss->ssl3.dtlsSRTPCipherSuite) {

+ PORT_SetError(SEC_ERROR_INVALID_ARGS);

+ return SECFailure;

+ }

+ *cipher = ss->ssl3.dtlsSRTPCipherSuite;

+ return SECSuccess;

PRFileDesc *

SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)

{

« net/third_party/nss/ssl/sslproto.h ('K') | « net/third_party/nss/ssl/sslproto.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »