eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Style fixes

Browse source 
1. Adjust to 80 colums where possible.
2. Add \ remove spaces where needed.
3. Fix alignments.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Ron Eldor 2018-07-12 11:54:20 +03:00 committed by Johan Pascal
parent 2b3dfe41af
commit ef72faf2bb
6 changed files with 212 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

121
library/ssl_cli.c
View file

@ -766,7 +766,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
*olen = 0;
if( (ssl->conf->dtls_srtp_profile_list == NULL) || (ssl->conf->dtls_srtp_profile_list_len == 0) )
if( (ssl->conf->dtls_srtp_profile_list == NULL) ||
(ssl->conf->dtls_srtp_profile_list_len == 0) )
{
return;
}
@ -785,52 +786,69 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
* } UseSRTPData;
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
*
*/
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
ssl->dtls_srtp_info.mki_len != 0 )
ssl->dtls_srtp_info.mki_len != 0 )
{
mki_len = ssl->dtls_srtp_info.mki_len;
}
/* Extension length = 2bytes for profiles length, ssl->conf->dtls_srtp_profile_list_len*2 (each profile is 2 bytes length ) + 1 byte for srtp_mki vector length and the mki_len value */
*p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) ) & 0xFF );
/* Extension length = 2 bytes for profiles length,
* ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ),
* 1 byte for srtp_mki vector length and the mki_len value
*/
*p++ = (unsigned char)( ( ( 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len )
+ 1 + mki_len ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len )
+ 1 + mki_len ) ) & 0xFF );
/* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
*p++ = (unsigned char)( ( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) & 0xFF );
*p++ = (unsigned char)( ( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) )
>> 8 ) & 0xFF );
*p++ = (unsigned char)( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) )
& 0xFF );
for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ )
for( protection_profiles_index=0;
protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
protection_profiles_index++ )
{
switch (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) {
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) );
*p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF);
*p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF);
*p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE )
>> 8 ) & 0xFF );
*p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE )
& 0xFF );
break;
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) );
*p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF);
*p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF);
*p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE )
>> 8 ) & 0xFF );
*p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE )
& 0xFF );
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) );
*p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF);
*p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF);
*p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 )
& 0xFF ) ;
*p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF );
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) );
*p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF);
*p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF);
*p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 )
& 0xFF );
*p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF );
break;
default:
/* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) );
/*
* Note: we shall never arrive here as protection profiles
* is checked by ssl_set_dtls_srtp_protection_profiles function
*/
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d",
ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) );
break;
}
}
@ -843,11 +861,18 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
{
*p++ = ssl->dtls_srtp_info.mki_value[i];
}
MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value,
ssl->dtls_srtp_info.mki_len );
}
/* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/
*olen = 2 + 2 + 2 + 2*( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
/*
* total extension length: extension type (2 bytes)
* + extension length (2 bytes)
* + protection profile length (2 bytes)
* + 2 * number of protection profiles
* + srtp_mki vector length(1 byte)
*/
*olen = 2 + 2 + 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@ -1815,7 +1840,8 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_DTLS_SRTP)
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
const unsigned char *buf,
size_t len )
{
mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
size_t i, mki_len = 0;
@ -1823,7 +1849,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
const mbedtls_ssl_srtp_profile_info * profile_info;
/* If use_srtp is not configured, just ignore the extension */
if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
if( ssl->conf->dtls_srtp_profile_list == NULL ||
ssl->conf->dtls_srtp_profile_list_len == 0 )
return( 0 );
/* RFC5764 section 4.1.1
@ -1838,21 +1865,32 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
*
*/
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
ssl->dtls_srtp_info.mki_len != 0 )
ssl->dtls_srtp_info.mki_len != 0 )
{
mki_len = ssl->dtls_srtp_info.mki_len;
}
/* Length is 5 and optional mki_value : one protection profile(2 bytes) + length(2 bytes) and srtp_mki */
/*
* Length is 5 and optional mki_value : one protection profile(2 bytes)
* + length(2 bytes) and srtp_mki
*/
if( ( len != 5 ) && ( len != ( 5 + mki_len ) ) )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
/*
* get the server protection profile
*/
if (((uint16_t)( ( buf[0]<<8 ) | buf[1] ) ) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */
/*
* protection profile length must be 0x0002 as we must have only
* one protection profile in server Hello
*/
if( ( (uint16_t)( ( buf[0] << 8 ) | buf[1] ) ) != 0x0002 )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
} else {
}
else
{
server_protection_profile_value = ( buf[2] << 8 ) | buf[3];
}
@ -1863,7 +1901,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
*/
for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
{
switch ( server_protection_profile_value ) {
switch( server_protection_profile_value ) {
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE:
server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80;
break;
@ -1886,7 +1924,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) );
}
if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) {
if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) {
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) );
break;
@ -1897,10 +1935,11 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE )
{
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
/* RFC5764:
/*
* RFC5764:
* If the client detects a nonzero-length MKI in the server's response
* that is different than the one the client offered, then the client
* MUST abort the handshake and SHOULD send an invalid_parameter alert.
@ -1913,9 +1952,10 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
#if defined (MBEDTLS_DEBUG_C)
if( len > 5)
if( len > 5 )
{
MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value,
ssl->dtls_srtp_info.mki_len );
}
#endif
return 0;
@ -3469,14 +3509,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
if( ssl->client_auth == 0 )
{
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/* check if we have a chosen srtp protection profile */
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
/* check if we have a chosen srtp protection profile */
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
else
{
#endif
/* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/* Current message is probably the ServerHelloDone */
ssl->keep_current_message = 1;
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@ -4129,8 +4168,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
{
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/* check if we have a chosen srtp protection profile */
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
/* check if we have a chosen srtp protection profile */
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
else