yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-06-22 18:18:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Style + fix bound check in write_use_srt_ext

Browse source 
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Johan Pascal 2020-09-22 10:39:53 +02:00
parent 9bc97ca19d
commit d576fdb1d6
4 changed files with 26 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
library/ssl_srv.c
View file

@ -2063,6 +2063,7 @@ read_record_header:
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
case MBEDTLS_TLS_EXT_USE_SRTP: case MBEDTLS_TLS_EXT_USE_SRTP:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) );
ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size );
if ( ret != 0 ) if ( ret != 0 )
return( ret ); return( ret );
@ -2645,8 +2646,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) );
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
ssl->dtls_srtp_info.mki_len != 0 )
{ {
mki_len = ssl->dtls_srtp_info.mki_len; mki_len = ssl->dtls_srtp_info.mki_len;
} }
@ -2659,7 +2659,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
* - 1 byte for the mki length * - 1 byte for the mki length
* + the actual mki length * + the actual mki length
* Check we have enough room in the output buffer */ * Check we have enough room in the output buffer */
if( end < buf + mki_len + 9 ) if( (size_t)( end - buf ) < mki_len + 9 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return; return;
@ -2679,7 +2679,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
/* protection profile length: 2 */ /* protection profile length: 2 */
buf[4] = 0x00; buf[4] = 0x00;
buf[5] = 0x02; buf[5] = 0x02;
profile_value = mbedtls_ssl_get_srtp_profile_iana_value( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); profile_value = mbedtls_ssl_get_srtp_profile_iana_value(
ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
if( profile_value != 0xFFFF ) if( profile_value != 0xFFFF )
{ {
buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF );

10
library/ssl_tls.c
View file

@ -4751,12 +4751,12 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
{ {
if ( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) if ( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH )
{ {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ) if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED )
{ {
return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
} }
memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len ); memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len );
@ -4779,8 +4779,10 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
} }
for( i=0; i < profiles_number; i++ ) { for( i=0; i < profiles_number; i++ )
switch( profiles[i] ) { {
switch( profiles[i] )
{
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:

14
programs/ssl/ssl_client2.c
View file

@ -2608,7 +2608,7 @@ int main( int argc, char *argv[] )
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) if( opt.use_srtp != 0 && strlen( opt.mki ) != 0 )
{ {
if( mbedtls_test_unhexify( mki, sizeof( mki ), if( mbedtls_test_unhexify( mki, sizeof( mki ),
opt.mki,&mki_len ) != 0 ) opt.mki,&mki_len ) != 0 )
@ -2754,11 +2754,11 @@ int main( int argc, char *argv[] )
{ {
size_t j = 0; size_t j = 0;
if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
== MBEDTLS_SRTP_UNSET_PROFILE ) ) == MBEDTLS_SRTP_UNSET_PROFILE ) )
{ {
mbedtls_printf( " DTLS-SRTP unable to negotiate " mbedtls_printf( " Unable to negotiate "
"protection profile\n" ); "the use of DTLS-SRTP\n" );
} }
else else
{ {
@ -2781,11 +2781,11 @@ int main( int argc, char *argv[] )
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
{ {
if( j % 8 == 0 ) if( j % 8 == 0 )
mbedtls_printf("\n "); mbedtls_printf( "\n " );
mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
} }
mbedtls_printf("\n"); mbedtls_printf( "\n" );
} }
} }
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */

12
programs/ssl/ssl_server2.c
View file

@ -3863,11 +3863,11 @@ handshake:
{ {
size_t j = 0; size_t j = 0;
if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
== MBEDTLS_SRTP_UNSET_PROFILE ) ) == MBEDTLS_SRTP_UNSET_PROFILE ) )
{ {
mbedtls_printf( " DTLS-SRTP unable to negotiate " mbedtls_printf( " Unable to negotiate "
"protection profile\n" ); "the use of DTLS-SRTP\n" );
} }
else else
{ {
@ -3890,11 +3890,11 @@ handshake:
for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
{ {
if( j % 8 == 0 ) if( j % 8 == 0 )
mbedtls_printf("\n "); mbedtls_printf( "\n " );
mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); mbedtls_printf( "%02x ", dtls_srtp_key_material[j] );
} }
mbedtls_printf("\n"); mbedtls_printf( "\n" );
} }
} }
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */