diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a6b8f1bf5..840722ded 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3232,6 +3232,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * of the SSL configuration structure. * The list must not hold more than * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements + * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). * * \return 0 on success * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 73d16b3a8..c864cb2c6 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -758,9 +758,9 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_DTLS_SRTP) static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; size_t protection_profiles_index = 0, ext_len = 0; @@ -1399,7 +1399,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) + end, &olen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret ); return( ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 18a149f0c..58fcab3dd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4723,7 +4723,9 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, /* check the profiles list: all entry must be valid, * its size cannot be more than the total number of supported profiles, currently 4 */ - for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; p++ ) + for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && + list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; + p++ ) { switch( *p ) { @@ -4731,14 +4733,15 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - list_size++; + list_size++; break; default: /* unsupported value, stop parsing and set the size to an error value */ - list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH+1; + list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; } } - if ( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) { + if ( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) + { conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cdedbd290..d0f573e27 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2614,7 +2614,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, - strlen( opt.mki ) / 2 ) ) != 0 ) + (uint16_t) strlen( opt.mki ) / 2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret ); goto exit;