openssl/ssl/d1_srtp.c - Issue 2072073002: Delete bundled copy of OpenSSL and replace with README.

Side by Side Diff: openssl/ssl/d1_srtp.c

Issue 2072073002: Delete bundled copy of OpenSSL and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master

Patch Set: Delete bundled copy of OpenSSL and replace with README. Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 /* ssl/t1_lib.c */

2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

3 * All rights reserved.

4 *

5 * This package is an SSL implementation written

6 * by Eric Young (eay@cryptsoft.com).

7 * The implementation was written so as to conform with Netscapes SSL.

8 *

9 * This library is free for commercial and non-commercial use as long as

10 * the following conditions are aheared to. The following conditions

11 * apply to all code found in this distribution, be it the RC4, RSA,

12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation

13 * included with this distribution is covered by the same copyright terms

14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).

15 *

16 * Copyright remains Eric Young's, and as such any Copyright notices in

17 * the code are not to be removed.

18 * If this package is used in a product, Eric Young should be given attribution

19 * as the author of the parts of the library used.

20 * This can be in the form of a textual message at program startup or

21 * in documentation (online or textual) provided with the package.

22 *

23 * Redistribution and use in source and binary forms, with or without

24 * modification, are permitted provided that the following conditions

25 * are met:

26 * 1. Redistributions of source code must retain the copyright

27 * notice, this list of conditions and the following disclaimer.

28 * 2. Redistributions in binary form must reproduce the above copyright

29 * notice, this list of conditions and the following disclaimer in the

30 * documentation and/or other materials provided with the distribution.

31 * 3. All advertising materials mentioning features or use of this software

32 * must display the following acknowledgement:

33 * "This product includes cryptographic software written by

34 * Eric Young (eay@cryptsoft.com)"

35 * The word 'cryptographic' can be left out if the rouines from the library

36 * being used are not cryptographic related :-).

37 * 4. If you include any Windows specific code (or a derivative thereof) from

38 * the apps directory (application code) you must include an acknowledgement:

39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

40 *

41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

51 * SUCH DAMAGE.

52 *

53 * The licence and distribution terms for any publically available version or

54 * derivative of this code cannot be changed. i.e. this code cannot simply be

55 * copied and put under another distribution licence

56 * [including the GNU Public Licence.]

57 */

58 /* ====================================================================

59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.

60 *

61 * Redistribution and use in source and binary forms, with or without

62 * modification, are permitted provided that the following conditions

63 * are met:

64 *

65 * 1. Redistributions of source code must retain the above copyright

66 * notice, this list of conditions and the following disclaimer.

67 *

68 * 2. Redistributions in binary form must reproduce the above copyright

69 * notice, this list of conditions and the following disclaimer in

70 * the documentation and/or other materials provided with the

71 * distribution.

72 *

73 * 3. All advertising materials mentioning features or use of this

74 * software must display the following acknowledgment:

75 * "This product includes software developed by the OpenSSL Project

76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

77 *

78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

79 * endorse or promote products derived from this software without

80 * prior written permission. For written permission, please contact

81 * openssl-core@openssl.org.

82 *

83 * 5. Products derived from this software may not be called "OpenSSL"

84 * nor may "OpenSSL" appear in their names without prior written

85 * permission of the OpenSSL Project.

86 *

87 * 6. Redistributions of any form whatsoever must retain the following

88 * acknowledgment:

89 * "This product includes software developed by the OpenSSL Project

90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"

91 *

92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR

96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

103 * OF THE POSSIBILITY OF SUCH DAMAGE.

104 * ====================================================================

105 *

106 * This product includes cryptographic software written by Eric Young

107 * (eay@cryptsoft.com). This product includes software written by Tim

108 * Hudson (tjh@cryptsoft.com).

109 *

110 */

111 /*

112 DTLS code by Eric Rescorla <ekr@rtfm.com>

113

114 Copyright (C) 2006, Network Resonance, Inc.

115 Copyright (C) 2011, RTFM, Inc.

116 */

117

118 #include <stdio.h>

119 #include <openssl/objects.h>

120 #include "ssl_locl.h"

121

122 #ifndef OPENSSL_NO_SRTP

123

124 #include "srtp.h"

125

126

127 static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=

128 {

129 {

130 "SRTP_AES128_CM_SHA1_80",

131 SRTP_AES128_CM_SHA1_80,

132 },

133 {

134 "SRTP_AES128_CM_SHA1_32",

135 SRTP_AES128_CM_SHA1_32,

136 },

137 #if 0

138 {

139 "SRTP_NULL_SHA1_80",

140 SRTP_NULL_SHA1_80,

141 },

142 {

143 "SRTP_NULL_SHA1_32",

144 SRTP_NULL_SHA1_32,

145 },

146 #endif

147 {0}

148 };

149

150 static int find_profile_by_name(char *profile_name,

151 SRTP_PROTECTION_PROFILE **pptr,unsigned len)

152 {

153 SRTP_PROTECTION_PROFILE *p;

154

155 p=srtp_known_profiles;

156 while(p->name)

157 {

158 if((len == strlen(p->name)) && !strncmp(p->name,profile_name,

159 len))

160 {

161 *pptr=p;

162 return 0;

163 }

164

165 p++;

166 }

167

168 return 1;

169 }

170

171 static int find_profile_by_num(unsigned profile_num,

172 SRTP_PROTECTION_PROFILE **pptr)

173 {

174 SRTP_PROTECTION_PROFILE *p;

175

176 p=srtp_known_profiles;

177 while(p->name)

178 {

179 if(p->id == profile_num)

180 {

181 *pptr=p;

182 return 0;

183 }

184 p++;

185 }

186

187 return 1;

188 }

189

190 static int ssl_ctx_make_profiles(const char profiles_string,STACK_OF(SRTP_PROTE CTION_PROFILE) *out)

191 {

192 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;

193

194 char *col;

195 char ptr=(char )profiles_string;

196

197 SRTP_PROTECTION_PROFILE *p;

198

199 if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null()))

200 {

201 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCAT E_PROFILES);

202 return 1;

203 }

204

205 do

206 {

207 col=strchr(ptr,':');

208

209 if(!find_profile_by_name(ptr,&p,

210 col ? col-ptr : (int)strlen(ptr)))

211 {

212 sk_SRTP_PROTECTION_PROFILE_push(profiles,p);

213 }

214 else

215 {

216 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PR OTECTION_PROFILE);

217 return 1;

218 }

219

220 if(col) ptr=col+1;

221 } while (col);

222

223 *out=profiles;

224

225 return 0;

226 }

227

228 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX ctx,const char profiles)

229 {

230 return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);

231 }

232

233 int SSL_set_tlsext_use_srtp(SSL s,const char profiles)

234 {

235 return ssl_ctx_make_profiles(profiles,&s->srtp_profiles);

236 }

237

238

239 STACK_OF(SRTP_PROTECTION_PROFILE) SSL_get_srtp_profiles(SSL s)

240 {

241 if(s != NULL)

242 {

243 if(s->srtp_profiles != NULL)

244 {

245 return s->srtp_profiles;

246 }

247 else if((s->ctx != NULL) &&

248 (s->ctx->srtp_profiles != NULL))

249 {

250 return s->ctx->srtp_profiles;

251 }

252 }

253

254 return NULL;

255 }

256

257 SRTP_PROTECTION_PROFILE SSL_get_selected_srtp_profile(SSL s)

258 {

259 return s->srtp_profile;

260 }

261

262 /* Note: this function returns 0 length if there are no

263 profiles specified */

264 int ssl_add_clienthello_use_srtp_ext(SSL s, unsigned char p, int *len, int max len)

265 {

266 int ct=0;

267 int i;

268 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0;

269 SRTP_PROTECTION_PROFILE *prof;

270

271 clnt=SSL_get_srtp_profiles(s);

272 ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */

273

274 if(p)

275 {

276 if(ct==0)

277 {

278 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPT Y_SRTP_PROTECTION_PROFILE_LIST);

279 return 1;

280 }

281

282 if((2 + ct*2 + 1) > maxlen)

283 {

284 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP _PROTECTION_PROFILE_LIST_TOO_LONG);

285 return 1;

286 }

287

288 /* Add the length */

289 s2n(ct * 2, p);

290 for(i=0;i<ct;i++)

291 {

292 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);

293 s2n(prof->id,p);

294 }

295

296 /* Add an empty use_mki value */

297 *p++ = 0;

298 }

299

300 len=2 + ct2 + 1;

301

302 return 0;

303 }

304

305

306 int ssl_parse_clienthello_use_srtp_ext(SSL s, unsigned char d, int len,int *al )

307 {

308 SRTP_PROTECTION_PROFILE cprof,sprof;

309 STACK_OF(SRTP_PROTECTION_PROFILE) clnt=0,srvr;

310 int ct;

311 int mki_len;

312 int i,j;

313 int id;

314 int ret;

315

316 /* Length value + the MKI length */

317 if(len < 3)

318 {

319 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P ROTECTION_PROFILE_LIST);

320 *al=SSL_AD_DECODE_ERROR;

321 return 1;

322 }

323

324 /* Pull off the length of the cipher suite list */

325 n2s(d, ct);

326 len -= 2;

327

328 /* Check that it is even */

329 if(ct%2)

330 {

331 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P ROTECTION_PROFILE_LIST);

332 *al=SSL_AD_DECODE_ERROR;

333 return 1;

334 }

335

336 /* Check that lengths are consistent */

337 if(len < (ct + 1))

338 {

339 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P ROTECTION_PROFILE_LIST);

340 *al=SSL_AD_DECODE_ERROR;

341 return 1;

342 }

343

344

345 clnt=sk_SRTP_PROTECTION_PROFILE_new_null();

346

347 while(ct)

348 {

349 n2s(d,id);

350 ct-=2;

351 len-=2;

352

353 if(!find_profile_by_num(id,&cprof))

354 {

355 sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof);

356 }

357 else

358 {

359 ; /* Ignore */

360 }

361 }

362

363 /* Now extract the MKI value as a sanity check, but discard it for now * /

364 mki_len = *d;

365 d++; len--;

366

367 if (mki_len != len)

368 {

369 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_M KI_VALUE);

370 *al=SSL_AD_DECODE_ERROR;

371 return 1;

372 }

373

374 srvr=SSL_get_srtp_profiles(s);

375

376 /* Pick our most preferred profile. If no profiles have been

377 configured then the outer loop doesn't run

378 (sk_SRTP_PROTECTION_PROFILE_num() = -1)

379 and so we just return without doing anything */

380 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++)

381 {

382 sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i);

383

384 for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++)

385 {

386 cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j);

387

388 if(cprof->id==sprof->id)

389 {

390 s->srtp_profile=sprof;

391 *al=0;

392 ret=0;

393 goto done;

394 }

395 }

396 }

397

398 ret=0;

399

400 done:

401 if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt);

402

403 return ret;

404 }

405

406 int ssl_add_serverhello_use_srtp_ext(SSL s, unsigned char p, int *len, int max len)

407 {

408 if(p)

409 {

410 if(maxlen < 5)

411 {

412 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP _PROTECTION_PROFILE_LIST_TOO_LONG);

413 return 1;

414 }

415

416 if(s->srtp_profile==0)

417 {

418 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_ SRTP_NOT_NEGOTIATED);

419 return 1;

420 }

421 s2n(2, p);

422 s2n(s->srtp_profile->id,p);

423 *p++ = 0;

424 }

425 *len=5;

426

427 return 0;

428 }

429

430

431 int ssl_parse_serverhello_use_srtp_ext(SSL s, unsigned char d, int len,int *al )

432 {

433 unsigned id;

434 int i;

435 int ct;

436

437 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;

438 SRTP_PROTECTION_PROFILE *prof;

439

440 if(len!=5)

441 {

442 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P ROTECTION_PROFILE_LIST);

443 *al=SSL_AD_DECODE_ERROR;

444 return 1;

445 }

446

447 n2s(d, ct);

448 if(ct!=2)

449 {

450 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P ROTECTION_PROFILE_LIST);

451 *al=SSL_AD_DECODE_ERROR;

452 return 1;

453 }

454

455 n2s(d,id);

456 if (d) / Must be no MKI, since we never offer one */

457 {

458 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_M KI_VALUE);

459 *al=SSL_AD_ILLEGAL_PARAMETER;

460 return 1;

461 }

462

463 clnt=SSL_get_srtp_profiles(s);

464

465 /* Throw an error if the server gave us an unsolicited extension */

466 if (clnt == NULL)

467 {

468 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PR OFILES);

469 *al=SSL_AD_DECODE_ERROR;

470 return 1;

471 }

472

473 /* Check to see if the server gave us something we support

474 (and presumably offered)

475 */

476 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++)

477 {

478 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);

479

480 if(prof->id == id)

481 {

482 s->srtp_profile=prof;

483 *al=0;

484 return 0;

485 }

486 }

487

488 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTIO N_PROFILE_LIST);

489 *al=SSL_AD_DECODE_ERROR;

490 return 1;

491 }

492

493

494 #endif

OLD	NEW

« no previous file with comments | « openssl/ssl/d1_pkt.c ('k') | openssl/ssl/d1_srvr.c » ('j') | no next file with comments »