/src/openssl/ssl/d1_srtp.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * DTLS code by Eric Rescorla <ekr@rtfm.com> |
12 | | * |
13 | | * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. |
14 | | */ |
15 | | |
16 | | #include <stdio.h> |
17 | | #include <openssl/objects.h> |
18 | | #include "ssl_local.h" |
19 | | #include "internal/ssl_unwrap.h" |
20 | | |
21 | | #ifndef OPENSSL_NO_SRTP |
22 | | |
23 | | static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { |
24 | | { |
25 | | "SRTP_AES128_CM_SHA1_80", |
26 | | SRTP_AES128_CM_SHA1_80, |
27 | | }, |
28 | | { |
29 | | "SRTP_AES128_CM_SHA1_32", |
30 | | SRTP_AES128_CM_SHA1_32, |
31 | | }, |
32 | | { |
33 | | "SRTP_AEAD_AES_128_GCM", |
34 | | SRTP_AEAD_AES_128_GCM, |
35 | | }, |
36 | | { |
37 | | "SRTP_AEAD_AES_256_GCM", |
38 | | SRTP_AEAD_AES_256_GCM, |
39 | | }, |
40 | | { |
41 | | "SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM", |
42 | | SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM, |
43 | | }, |
44 | | { |
45 | | "SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM", |
46 | | SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM, |
47 | | }, |
48 | | { |
49 | | "SRTP_ARIA_128_CTR_HMAC_SHA1_80", |
50 | | SRTP_ARIA_128_CTR_HMAC_SHA1_80, |
51 | | }, |
52 | | { |
53 | | "SRTP_ARIA_128_CTR_HMAC_SHA1_32", |
54 | | SRTP_ARIA_128_CTR_HMAC_SHA1_32, |
55 | | }, |
56 | | { |
57 | | "SRTP_ARIA_256_CTR_HMAC_SHA1_80", |
58 | | SRTP_ARIA_256_CTR_HMAC_SHA1_80, |
59 | | }, |
60 | | { |
61 | | "SRTP_ARIA_256_CTR_HMAC_SHA1_32", |
62 | | SRTP_ARIA_256_CTR_HMAC_SHA1_32, |
63 | | }, |
64 | | { |
65 | | "SRTP_AEAD_ARIA_128_GCM", |
66 | | SRTP_AEAD_ARIA_128_GCM, |
67 | | }, |
68 | | { |
69 | | "SRTP_AEAD_ARIA_256_GCM", |
70 | | SRTP_AEAD_ARIA_256_GCM, |
71 | | }, |
72 | | {0} |
73 | | }; |
74 | | |
75 | | static int find_profile_by_name(char *profile_name, |
76 | | const SRTP_PROTECTION_PROFILE **pptr, size_t len) |
77 | 0 | { |
78 | 0 | const SRTP_PROTECTION_PROFILE *p; |
79 | |
|
80 | 0 | p = srtp_known_profiles; |
81 | 0 | while (p->name) { |
82 | 0 | if ((len == strlen(p->name)) |
83 | 0 | && strncmp(p->name, profile_name, len) == 0) { |
84 | 0 | *pptr = p; |
85 | 0 | return 0; |
86 | 0 | } |
87 | | |
88 | 0 | p++; |
89 | 0 | } |
90 | | |
91 | 0 | return 1; |
92 | 0 | } |
93 | | |
94 | | static int ssl_ctx_make_profiles(const char *profiles_string, |
95 | | STACK_OF(SRTP_PROTECTION_PROFILE) **out) |
96 | 0 | { |
97 | 0 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; |
98 | |
|
99 | 0 | char *col; |
100 | 0 | char *ptr = (char *)profiles_string; |
101 | 0 | const SRTP_PROTECTION_PROFILE *p; |
102 | |
|
103 | 0 | if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { |
104 | 0 | ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); |
105 | 0 | return 1; |
106 | 0 | } |
107 | | |
108 | 0 | do { |
109 | 0 | col = strchr(ptr, ':'); |
110 | |
|
111 | 0 | if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) |
112 | 0 | : strlen(ptr))) { |
113 | 0 | if (sk_SRTP_PROTECTION_PROFILE_find(profiles, |
114 | 0 | (SRTP_PROTECTION_PROFILE *)p) >= 0) { |
115 | 0 | ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); |
116 | 0 | goto err; |
117 | 0 | } |
118 | | |
119 | 0 | if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, |
120 | 0 | (SRTP_PROTECTION_PROFILE *)p)) { |
121 | 0 | ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); |
122 | 0 | goto err; |
123 | 0 | } |
124 | 0 | } else { |
125 | 0 | ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); |
126 | 0 | goto err; |
127 | 0 | } |
128 | | |
129 | 0 | if (col) |
130 | 0 | ptr = col + 1; |
131 | 0 | } while (col); |
132 | | |
133 | 0 | sk_SRTP_PROTECTION_PROFILE_free(*out); |
134 | |
|
135 | 0 | *out = profiles; |
136 | |
|
137 | 0 | return 0; |
138 | 0 | err: |
139 | 0 | sk_SRTP_PROTECTION_PROFILE_free(profiles); |
140 | 0 | return 1; |
141 | 0 | } |
142 | | |
143 | | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) |
144 | 0 | { |
145 | 0 | if (IS_QUIC_METHOD(ctx->method)) |
146 | 0 | return 1; |
147 | | |
148 | 0 | return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); |
149 | 0 | } |
150 | | |
151 | | int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) |
152 | 0 | { |
153 | 0 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); |
154 | |
|
155 | 0 | if (sc == NULL) |
156 | 0 | return 1; |
157 | | |
158 | 0 | return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles); |
159 | 0 | } |
160 | | |
161 | | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) |
162 | 0 | { |
163 | 0 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); |
164 | |
|
165 | 0 | if (sc != NULL) { |
166 | 0 | if (sc->srtp_profiles != NULL) { |
167 | 0 | return sc->srtp_profiles; |
168 | 0 | } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { |
169 | 0 | return s->ctx->srtp_profiles; |
170 | 0 | } |
171 | 0 | } |
172 | | |
173 | 0 | return NULL; |
174 | 0 | } |
175 | | |
176 | | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) |
177 | 0 | { |
178 | 0 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); |
179 | |
|
180 | 0 | if (sc == NULL) |
181 | 0 | return 0; |
182 | | |
183 | 0 | return sc->srtp_profile; |
184 | 0 | } |
185 | | #endif |