OLD | NEW |
| (Empty) |
1 /* ssl/t1_lib.c */ | |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
3 * All rights reserved. | |
4 * | |
5 * This package is an SSL implementation written | |
6 * by Eric Young (eay@cryptsoft.com). | |
7 * The implementation was written so as to conform with Netscapes SSL. | |
8 * | |
9 * This library is free for commercial and non-commercial use as long as | |
10 * the following conditions are aheared to. The following conditions | |
11 * apply to all code found in this distribution, be it the RC4, RSA, | |
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 * included with this distribution is covered by the same copyright terms | |
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 * | |
16 * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 * the code are not to be removed. | |
18 * If this package is used in a product, Eric Young should be given attribution | |
19 * as the author of the parts of the library used. | |
20 * This can be in the form of a textual message at program startup or | |
21 * in documentation (online or textual) provided with the package. | |
22 * | |
23 * Redistribution and use in source and binary forms, with or without | |
24 * modification, are permitted provided that the following conditions | |
25 * are met: | |
26 * 1. Redistributions of source code must retain the copyright | |
27 * notice, this list of conditions and the following disclaimer. | |
28 * 2. Redistributions in binary form must reproduce the above copyright | |
29 * notice, this list of conditions and the following disclaimer in the | |
30 * documentation and/or other materials provided with the distribution. | |
31 * 3. All advertising materials mentioning features or use of this software | |
32 * must display the following acknowledgement: | |
33 * "This product includes cryptographic software written by | |
34 * Eric Young (eay@cryptsoft.com)" | |
35 * The word 'cryptographic' can be left out if the rouines from the library | |
36 * being used are not cryptographic related :-). | |
37 * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 * the apps directory (application code) you must include an acknowledgement: | |
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 * | |
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 * SUCH DAMAGE. | |
52 * | |
53 * The licence and distribution terms for any publically available version or | |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 * copied and put under another distribution licence | |
56 * [including the GNU Public Licence.] | |
57 */ | |
58 /* ==================================================================== | |
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | |
60 * | |
61 * Redistribution and use in source and binary forms, with or without | |
62 * modification, are permitted provided that the following conditions | |
63 * are met: | |
64 * | |
65 * 1. Redistributions of source code must retain the above copyright | |
66 * notice, this list of conditions and the following disclaimer. | |
67 * | |
68 * 2. Redistributions in binary form must reproduce the above copyright | |
69 * notice, this list of conditions and the following disclaimer in | |
70 * the documentation and/or other materials provided with the | |
71 * distribution. | |
72 * | |
73 * 3. All advertising materials mentioning features or use of this | |
74 * software must display the following acknowledgment: | |
75 * "This product includes software developed by the OpenSSL Project | |
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
77 * | |
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
79 * endorse or promote products derived from this software without | |
80 * prior written permission. For written permission, please contact | |
81 * openssl-core@openssl.org. | |
82 * | |
83 * 5. Products derived from this software may not be called "OpenSSL" | |
84 * nor may "OpenSSL" appear in their names without prior written | |
85 * permission of the OpenSSL Project. | |
86 * | |
87 * 6. Redistributions of any form whatsoever must retain the following | |
88 * acknowledgment: | |
89 * "This product includes software developed by the OpenSSL Project | |
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
91 * | |
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
103 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
104 * ==================================================================== | |
105 * | |
106 * This product includes cryptographic software written by Eric Young | |
107 * (eay@cryptsoft.com). This product includes software written by Tim | |
108 * Hudson (tjh@cryptsoft.com). | |
109 * | |
110 */ | |
111 /* | |
112 DTLS code by Eric Rescorla <ekr@rtfm.com> | |
113 | |
114 Copyright (C) 2006, Network Resonance, Inc. | |
115 Copyright (C) 2011, RTFM, Inc. | |
116 */ | |
117 | |
118 #include <stdio.h> | |
119 #include <openssl/objects.h> | |
120 #include "ssl_locl.h" | |
121 | |
122 #ifndef OPENSSL_NO_SRTP | |
123 | |
124 #include "srtp.h" | |
125 | |
126 | |
127 static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= | |
128 { | |
129 { | |
130 "SRTP_AES128_CM_SHA1_80", | |
131 SRTP_AES128_CM_SHA1_80, | |
132 }, | |
133 { | |
134 "SRTP_AES128_CM_SHA1_32", | |
135 SRTP_AES128_CM_SHA1_32, | |
136 }, | |
137 #if 0 | |
138 { | |
139 "SRTP_NULL_SHA1_80", | |
140 SRTP_NULL_SHA1_80, | |
141 }, | |
142 { | |
143 "SRTP_NULL_SHA1_32", | |
144 SRTP_NULL_SHA1_32, | |
145 }, | |
146 #endif | |
147 {0} | |
148 }; | |
149 | |
150 static int find_profile_by_name(char *profile_name, | |
151 SRTP_PROTECTION_PROFILE **pptr,unsigned len) | |
152 { | |
153 SRTP_PROTECTION_PROFILE *p; | |
154 | |
155 p=srtp_known_profiles; | |
156 while(p->name) | |
157 { | |
158 if((len == strlen(p->name)) && !strncmp(p->name,profile_name, | |
159 len)) | |
160 { | |
161 *pptr=p; | |
162 return 0; | |
163 } | |
164 | |
165 p++; | |
166 } | |
167 | |
168 return 1; | |
169 } | |
170 | |
171 static int find_profile_by_num(unsigned profile_num, | |
172 SRTP_PROTECTION_PROFILE **pptr) | |
173 { | |
174 SRTP_PROTECTION_PROFILE *p; | |
175 | |
176 p=srtp_known_profiles; | |
177 while(p->name) | |
178 { | |
179 if(p->id == profile_num) | |
180 { | |
181 *pptr=p; | |
182 return 0; | |
183 } | |
184 p++; | |
185 } | |
186 | |
187 return 1; | |
188 } | |
189 | |
190 static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTE
CTION_PROFILE) **out) | |
191 { | |
192 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; | |
193 | |
194 char *col; | |
195 char *ptr=(char *)profiles_string; | |
196 | |
197 SRTP_PROTECTION_PROFILE *p; | |
198 | |
199 if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null())) | |
200 { | |
201 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCAT
E_PROFILES); | |
202 return 1; | |
203 } | |
204 | |
205 do | |
206 { | |
207 col=strchr(ptr,':'); | |
208 | |
209 if(!find_profile_by_name(ptr,&p, | |
210 col ? col-ptr : (int)strlen(ptr))) | |
211 { | |
212 sk_SRTP_PROTECTION_PROFILE_push(profiles,p); | |
213 } | |
214 else | |
215 { | |
216 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PR
OTECTION_PROFILE); | |
217 return 1; | |
218 } | |
219 | |
220 if(col) ptr=col+1; | |
221 } while (col); | |
222 | |
223 *out=profiles; | |
224 | |
225 return 0; | |
226 } | |
227 | |
228 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) | |
229 { | |
230 return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles); | |
231 } | |
232 | |
233 int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) | |
234 { | |
235 return ssl_ctx_make_profiles(profiles,&s->srtp_profiles); | |
236 } | |
237 | |
238 | |
239 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) | |
240 { | |
241 if(s != NULL) | |
242 { | |
243 if(s->srtp_profiles != NULL) | |
244 { | |
245 return s->srtp_profiles; | |
246 } | |
247 else if((s->ctx != NULL) && | |
248 (s->ctx->srtp_profiles != NULL)) | |
249 { | |
250 return s->ctx->srtp_profiles; | |
251 } | |
252 } | |
253 | |
254 return NULL; | |
255 } | |
256 | |
257 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) | |
258 { | |
259 return s->srtp_profile; | |
260 } | |
261 | |
262 /* Note: this function returns 0 length if there are no | |
263 profiles specified */ | |
264 int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int max
len) | |
265 { | |
266 int ct=0; | |
267 int i; | |
268 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0; | |
269 SRTP_PROTECTION_PROFILE *prof; | |
270 | |
271 clnt=SSL_get_srtp_profiles(s); | |
272 ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ | |
273 | |
274 if(p) | |
275 { | |
276 if(ct==0) | |
277 { | |
278 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPT
Y_SRTP_PROTECTION_PROFILE_LIST); | |
279 return 1; | |
280 } | |
281 | |
282 if((2 + ct*2 + 1) > maxlen) | |
283 { | |
284 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP
_PROTECTION_PROFILE_LIST_TOO_LONG); | |
285 return 1; | |
286 } | |
287 | |
288 /* Add the length */ | |
289 s2n(ct * 2, p); | |
290 for(i=0;i<ct;i++) | |
291 { | |
292 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); | |
293 s2n(prof->id,p); | |
294 } | |
295 | |
296 /* Add an empty use_mki value */ | |
297 *p++ = 0; | |
298 } | |
299 | |
300 *len=2 + ct*2 + 1; | |
301 | |
302 return 0; | |
303 } | |
304 | |
305 | |
306 int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
) | |
307 { | |
308 SRTP_PROTECTION_PROFILE *cprof,*sprof; | |
309 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; | |
310 int ct; | |
311 int mki_len; | |
312 int i,j; | |
313 int id; | |
314 int ret; | |
315 | |
316 /* Length value + the MKI length */ | |
317 if(len < 3) | |
318 { | |
319 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P
ROTECTION_PROFILE_LIST); | |
320 *al=SSL_AD_DECODE_ERROR; | |
321 return 1; | |
322 } | |
323 | |
324 /* Pull off the length of the cipher suite list */ | |
325 n2s(d, ct); | |
326 len -= 2; | |
327 | |
328 /* Check that it is even */ | |
329 if(ct%2) | |
330 { | |
331 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P
ROTECTION_PROFILE_LIST); | |
332 *al=SSL_AD_DECODE_ERROR; | |
333 return 1; | |
334 } | |
335 | |
336 /* Check that lengths are consistent */ | |
337 if(len < (ct + 1)) | |
338 { | |
339 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P
ROTECTION_PROFILE_LIST); | |
340 *al=SSL_AD_DECODE_ERROR; | |
341 return 1; | |
342 } | |
343 | |
344 | |
345 clnt=sk_SRTP_PROTECTION_PROFILE_new_null(); | |
346 | |
347 while(ct) | |
348 { | |
349 n2s(d,id); | |
350 ct-=2; | |
351 len-=2; | |
352 | |
353 if(!find_profile_by_num(id,&cprof)) | |
354 { | |
355 sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); | |
356 } | |
357 else | |
358 { | |
359 ; /* Ignore */ | |
360 } | |
361 } | |
362 | |
363 /* Now extract the MKI value as a sanity check, but discard it for now *
/ | |
364 mki_len = *d; | |
365 d++; len--; | |
366 | |
367 if (mki_len != len) | |
368 { | |
369 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_M
KI_VALUE); | |
370 *al=SSL_AD_DECODE_ERROR; | |
371 return 1; | |
372 } | |
373 | |
374 srvr=SSL_get_srtp_profiles(s); | |
375 | |
376 /* Pick our most preferred profile. If no profiles have been | |
377 configured then the outer loop doesn't run | |
378 (sk_SRTP_PROTECTION_PROFILE_num() = -1) | |
379 and so we just return without doing anything */ | |
380 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++) | |
381 { | |
382 sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i); | |
383 | |
384 for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++) | |
385 { | |
386 cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j); | |
387 | |
388 if(cprof->id==sprof->id) | |
389 { | |
390 s->srtp_profile=sprof; | |
391 *al=0; | |
392 ret=0; | |
393 goto done; | |
394 } | |
395 } | |
396 } | |
397 | |
398 ret=0; | |
399 | |
400 done: | |
401 if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); | |
402 | |
403 return ret; | |
404 } | |
405 | |
406 int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int max
len) | |
407 { | |
408 if(p) | |
409 { | |
410 if(maxlen < 5) | |
411 { | |
412 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP
_PROTECTION_PROFILE_LIST_TOO_LONG); | |
413 return 1; | |
414 } | |
415 | |
416 if(s->srtp_profile==0) | |
417 { | |
418 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_
SRTP_NOT_NEGOTIATED); | |
419 return 1; | |
420 } | |
421 s2n(2, p); | |
422 s2n(s->srtp_profile->id,p); | |
423 *p++ = 0; | |
424 } | |
425 *len=5; | |
426 | |
427 return 0; | |
428 } | |
429 | |
430 | |
431 int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
) | |
432 { | |
433 unsigned id; | |
434 int i; | |
435 int ct; | |
436 | |
437 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; | |
438 SRTP_PROTECTION_PROFILE *prof; | |
439 | |
440 if(len!=5) | |
441 { | |
442 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P
ROTECTION_PROFILE_LIST); | |
443 *al=SSL_AD_DECODE_ERROR; | |
444 return 1; | |
445 } | |
446 | |
447 n2s(d, ct); | |
448 if(ct!=2) | |
449 { | |
450 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_P
ROTECTION_PROFILE_LIST); | |
451 *al=SSL_AD_DECODE_ERROR; | |
452 return 1; | |
453 } | |
454 | |
455 n2s(d,id); | |
456 if (*d) /* Must be no MKI, since we never offer one */ | |
457 { | |
458 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_M
KI_VALUE); | |
459 *al=SSL_AD_ILLEGAL_PARAMETER; | |
460 return 1; | |
461 } | |
462 | |
463 clnt=SSL_get_srtp_profiles(s); | |
464 | |
465 /* Throw an error if the server gave us an unsolicited extension */ | |
466 if (clnt == NULL) | |
467 { | |
468 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PR
OFILES); | |
469 *al=SSL_AD_DECODE_ERROR; | |
470 return 1; | |
471 } | |
472 | |
473 /* Check to see if the server gave us something we support | |
474 (and presumably offered) | |
475 */ | |
476 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++) | |
477 { | |
478 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i); | |
479 | |
480 if(prof->id == id) | |
481 { | |
482 s->srtp_profile=prof; | |
483 *al=0; | |
484 return 0; | |
485 } | |
486 } | |
487 | |
488 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTIO
N_PROFILE_LIST); | |
489 *al=SSL_AD_DECODE_ERROR; | |
490 return 1; | |
491 } | |
492 | |
493 | |
494 #endif | |
OLD | NEW |