vendor/openssl/3.5.0

1 files changed, 62 insertions, 12 deletions

diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 23007533826a..ad926a613dee 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,10 +16,11 @@
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "ssl_local.h"
+#include "internal/ssl_unwrap.h"
 
 #ifndef OPENSSL_NO_SRTP
 
-static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
+static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
     {
      "SRTP_AES128_CM_SHA1_80",
      SRTP_AES128_CM_SHA1_80,
@@ -36,13 +37,45 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
      "SRTP_AEAD_AES_256_GCM",
      SRTP_AEAD_AES_256_GCM,
      },
+    {
+     "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM",
+     SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM,
+     },
+    {
+     "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM",
+     SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM,
+     },
+    {
+     "SRTP_ARIA_128_CTR_HMAC_SHA1_80",
+     SRTP_ARIA_128_CTR_HMAC_SHA1_80,
+     },
+    {
+     "SRTP_ARIA_128_CTR_HMAC_SHA1_32",
+     SRTP_ARIA_128_CTR_HMAC_SHA1_32,
+     },
+    {
+     "SRTP_ARIA_256_CTR_HMAC_SHA1_80",
+     SRTP_ARIA_256_CTR_HMAC_SHA1_80,
+     },
+    {
+     "SRTP_ARIA_256_CTR_HMAC_SHA1_32",
+     SRTP_ARIA_256_CTR_HMAC_SHA1_32,
+     },
+    {
+     "SRTP_AEAD_ARIA_128_GCM",
+     SRTP_AEAD_ARIA_128_GCM,
+     },
+    {
+     "SRTP_AEAD_ARIA_256_GCM",
+     SRTP_AEAD_ARIA_256_GCM,
+     },
     {0}
 };
 
 static int find_profile_by_name(char *profile_name,
-                                SRTP_PROTECTION_PROFILE **pptr, size_t len)
+                                const SRTP_PROTECTION_PROFILE **pptr, size_t len)
 {
-    SRTP_PROTECTION_PROFILE *p;
+    const SRTP_PROTECTION_PROFILE *p;
 
     p = srtp_known_profiles;
     while (p->name) {
@@ -65,7 +98,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
 
     char *col;
     char *ptr = (char *)profiles_string;
-    SRTP_PROTECTION_PROFILE *p;
+    const SRTP_PROTECTION_PROFILE *p;
 
     if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
         ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
@@ -77,12 +110,14 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
 
         if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
                                                : strlen(ptr))) {
-            if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
+            if (sk_SRTP_PROTECTION_PROFILE_find(profiles,
+                                                (SRTP_PROTECTION_PROFILE *)p) >= 0) {
                 ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                 goto err;
             }
 
-            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
+            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles,
+                                                 (SRTP_PROTECTION_PROFILE *)p)) {
                 ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
                 goto err;
             }
@@ -107,19 +142,29 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
 
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
 {
+    if (IS_QUIC_METHOD(ctx->method))
+        return 1;
+
     return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
 }
 
 int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
 {
-    return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
+    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
+
+    if (sc == NULL)
+        return 1;
+
+    return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
 }
 
 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
 {
-    if (s != NULL) {
-        if (s->srtp_profiles != NULL) {
-            return s->srtp_profiles;
+    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
+
+    if (sc != NULL) {
+        if (sc->srtp_profiles != NULL) {
+            return sc->srtp_profiles;
         } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
             return s->ctx->srtp_profiles;
         }
@@ -130,6 +175,11 @@ STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
 
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
 {
-    return s->srtp_profile;
+    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
+
+    if (sc == NULL)
+        return 0;
+
+    return sc->srtp_profile;
 }
 #endif