1 | /* |
2 | * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | /* |
11 | * DTLS code by Eric Rescorla <ekr@rtfm.com> |
12 | * |
13 | * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. |
14 | */ |
15 | |
16 | #include <stdio.h> |
17 | #include <openssl/objects.h> |
18 | #include "ssl_local.h" |
19 | |
20 | #ifndef OPENSSL_NO_SRTP |
21 | |
22 | static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { |
23 | { |
24 | "SRTP_AES128_CM_SHA1_80" , |
25 | SRTP_AES128_CM_SHA1_80, |
26 | }, |
27 | { |
28 | "SRTP_AES128_CM_SHA1_32" , |
29 | SRTP_AES128_CM_SHA1_32, |
30 | }, |
31 | { |
32 | "SRTP_AEAD_AES_128_GCM" , |
33 | SRTP_AEAD_AES_128_GCM, |
34 | }, |
35 | { |
36 | "SRTP_AEAD_AES_256_GCM" , |
37 | SRTP_AEAD_AES_256_GCM, |
38 | }, |
39 | {0} |
40 | }; |
41 | |
42 | static int find_profile_by_name(char *profile_name, |
43 | SRTP_PROTECTION_PROFILE **pptr, size_t len) |
44 | { |
45 | SRTP_PROTECTION_PROFILE *p; |
46 | |
47 | p = srtp_known_profiles; |
48 | while (p->name) { |
49 | if ((len == strlen(p->name)) |
50 | && strncmp(p->name, profile_name, len) == 0) { |
51 | *pptr = p; |
52 | return 0; |
53 | } |
54 | |
55 | p++; |
56 | } |
57 | |
58 | return 1; |
59 | } |
60 | |
61 | static int ssl_ctx_make_profiles(const char *profiles_string, |
62 | STACK_OF(SRTP_PROTECTION_PROFILE) **out) |
63 | { |
64 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; |
65 | |
66 | char *col; |
67 | char *ptr = (char *)profiles_string; |
68 | SRTP_PROTECTION_PROFILE *p; |
69 | |
70 | if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { |
71 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, |
72 | SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); |
73 | return 1; |
74 | } |
75 | |
76 | do { |
77 | col = strchr(ptr, ':'); |
78 | |
79 | if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) |
80 | : strlen(ptr))) { |
81 | if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { |
82 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, |
83 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
84 | goto err; |
85 | } |
86 | |
87 | if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) { |
88 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, |
89 | SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); |
90 | goto err; |
91 | } |
92 | } else { |
93 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, |
94 | SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); |
95 | goto err; |
96 | } |
97 | |
98 | if (col) |
99 | ptr = col + 1; |
100 | } while (col); |
101 | |
102 | sk_SRTP_PROTECTION_PROFILE_free(*out); |
103 | |
104 | *out = profiles; |
105 | |
106 | return 0; |
107 | err: |
108 | sk_SRTP_PROTECTION_PROFILE_free(profiles); |
109 | return 1; |
110 | } |
111 | |
112 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) |
113 | { |
114 | return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); |
115 | } |
116 | |
117 | int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) |
118 | { |
119 | return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); |
120 | } |
121 | |
122 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) |
123 | { |
124 | if (s != NULL) { |
125 | if (s->srtp_profiles != NULL) { |
126 | return s->srtp_profiles; |
127 | } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { |
128 | return s->ctx->srtp_profiles; |
129 | } |
130 | } |
131 | |
132 | return NULL; |
133 | } |
134 | |
135 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) |
136 | { |
137 | return s->srtp_profile; |
138 | } |
139 | #endif |
140 | |