Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(140)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/sslsock.c

Issue 9982019: Implement RFC 5764 (DTLS-SRTP). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Fix coding style nits, require DTLS for the use_srtp extension Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/third_party/nss/ssl/ssl3ext.c ('K') | « net/third_party/nss/ssl/sslproto.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslsock.c
===================================================================
--- net/third_party/nss/ssl/sslsock.c (revision 130750)
+++ net/third_party/nss/ssl/sslsock.c (working copy)
@@ -225,6 +225,13 @@
char lockStatus[] = "Locks are ENABLED. ";
#define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
+static PRUint16 srtpCiphers[] = {
+ SRTP_AES128_CM_SHA1_80,
+ SRTP_AES128_CM_SHA1_32,
+ /* XXX what about SRTP_NULL_SHA1_80 and SRTP_NULL_SHA1_32? */
wtc 2012/04/04 23:32:49 Should SRTP_NULL_SHA1_80 and SRTP_NULL_SHA1_32 be
ekr 2012/04/19 14:29:36 I think my preference is to simply not implement t
+ 0
+};
+
/* forward declarations. */
static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
static SECStatus ssl_MakeLocks(sslSocket *ss);
@@ -1596,6 +1603,66 @@
return SECSuccess;
}
+SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *socket,
+ const PRUint16 *ciphers,
+ unsigned int numCiphers)
+{
+ sslSocket * ss;
+ int i;
+
+ ss = ssl_FindSocket(socket);
+ if (!ss || !IS_DTLS(ss)) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers"));
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ for (i = 0; i < numCiphers; i++) {
+ PRUint16 *srtpCipher = srtpCiphers;
+
+ while (*srtpCipher) {
+ if (ciphers[i] == *srtpCipher)
+ break;
+ srtpCipher++;
+ }
+ if (!*srtpCipher) {
+ SSL_DBG(("%d: SSL[%d]: invalid SRTP cipher suite specified"));
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ }
+
+ if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ memcpy(ss->ssl3.dtlsSRTPCiphers, ciphers, sizeof(PRUint16) * numCiphers);
+ ss->ssl3.dtlsSRTPCipherCount = numCiphers;
+
+ return SECSuccess;
+}
+
+SECStatus
+SSL_GetSRTPCipher(PRFileDesc *socket, PRUint16 *cipher)
+{
+ sslSocket * ss;
+
+ ss = ssl_FindSocket(socket);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher"));
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ if (!ss->ssl3.dtlsSRTPCipherSuite) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ *cipher = ss->ssl3.dtlsSRTPCipherSuite;
+ return SECSuccess;
+}
+
PRFileDesc *
SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
{
« net/third_party/nss/ssl/ssl3ext.c ('K') | « net/third_party/nss/ssl/sslproto.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698