diff options
Diffstat (limited to 'ssl/d1_srtp.c')
| -rw-r--r-- | ssl/d1_srtp.c | 74 |
1 files changed, 62 insertions, 12 deletions
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 23007533826a..ad926a613dee 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,10 +16,11 @@ #include <stdio.h> #include <openssl/objects.h> #include "ssl_local.h" +#include "internal/ssl_unwrap.h" #ifndef OPENSSL_NO_SRTP -static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { +static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { "SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80, @@ -36,13 +37,45 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { "SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM, }, + { + "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM", + SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM, + }, + { + "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM", + SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM, + }, + { + "SRTP_ARIA_128_CTR_HMAC_SHA1_80", + SRTP_ARIA_128_CTR_HMAC_SHA1_80, + }, + { + "SRTP_ARIA_128_CTR_HMAC_SHA1_32", + SRTP_ARIA_128_CTR_HMAC_SHA1_32, + }, + { + "SRTP_ARIA_256_CTR_HMAC_SHA1_80", + SRTP_ARIA_256_CTR_HMAC_SHA1_80, + }, + { + "SRTP_ARIA_256_CTR_HMAC_SHA1_32", + SRTP_ARIA_256_CTR_HMAC_SHA1_32, + }, + { + "SRTP_AEAD_ARIA_128_GCM", + SRTP_AEAD_ARIA_128_GCM, + }, + { + "SRTP_AEAD_ARIA_256_GCM", + SRTP_AEAD_ARIA_256_GCM, + }, {0} }; static int find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, size_t len) + const SRTP_PROTECTION_PROFILE **pptr, size_t len) { - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; p = srtp_known_profiles; while (p->name) { @@ -65,7 +98,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string, char *col; char *ptr = (char *)profiles_string; - SRTP_PROTECTION_PROFILE *p; + const SRTP_PROTECTION_PROFILE *p; if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); @@ -77,12 +110,14 @@ static int ssl_ctx_make_profiles(const char *profiles_string, if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) : strlen(ptr))) { - if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { + if (sk_SRTP_PROTECTION_PROFILE_find(profiles, + (SRTP_PROTECTION_PROFILE *)p) >= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); goto err; } - if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) { + if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, + (SRTP_PROTECTION_PROFILE *)p)) { ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); goto err; } @@ -107,19 +142,29 @@ static int ssl_ctx_make_profiles(const char *profiles_string, int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) { + if (IS_QUIC_METHOD(ctx->method)) + return 1; + return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); } int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) { - return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 1; + + return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles); } STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) { - if (s != NULL) { - if (s->srtp_profiles != NULL) { - return s->srtp_profiles; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc != NULL) { + if (sc->srtp_profiles != NULL) { + return sc->srtp_profiles; } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { return s->ctx->srtp_profiles; } @@ -130,6 +175,11 @@ STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) { - return s->srtp_profile; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); + + if (sc == NULL) + return 0; + + return sc->srtp_profile; } #endif |