diff options
| author | David Benjamin <davidben@chromium.org> | 2014-10-27 17:33:35 -0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-10-27 21:58:09 +0000 |
| commit | aeb8d00e76163cea462d55f4b797c64002b12ce9 (patch) | |
| tree | 7fbe0eeb1e56223012bd2643a8314ef1e7753099 | |
| parent | 7001a7fce6abe7fa5fc5b9ef52d74851c0db6e24 (diff) | |
| download | boringssl-aeb8d00e76163cea462d55f4b797c64002b12ce9.zip boringssl-aeb8d00e76163cea462d55f4b797c64002b12ce9.tar.gz boringssl-aeb8d00e76163cea462d55f4b797c64002b12ce9.tar.bz2 | |
Add less dangerous versions of SRTP functions.
The old ones inverted their return value. Add SSL_(CTX_)set_srtp_profiles which
return success/failure correctly and deprecate the old functions. Also align
srtp.h with the new style since it's very short.
When this rolls through, we can move WebRTC over to the new ones.
Change-Id: Ie55282e8858331910bba6ad330c8bcdd0e38f2f8
Reviewed-on: https://boringssl-review.googlesource.com/2060
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | include/openssl/srtp.h | 56 | ||||
| -rw-r--r-- | ssl/d1_srtp.c | 30 |
2 files changed, 53 insertions, 33 deletions
diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h index c11608e..860362b 100644 --- a/include/openssl/srtp.h +++ b/include/openssl/srtp.h @@ -115,14 +115,15 @@ Copyright (C) 2011, RTFM, Inc. */ -#ifndef HEADER_D1_SRTP_H -#define HEADER_D1_SRTP_H +#ifndef OPENSSL_HEADER_SRTP_H +#define OPENSSL_HEADER_SRTP_H #ifdef __cplusplus extern "C" { #endif - + +/* Constants for SRTP profiles */ #define SRTP_AES128_CM_SHA1_80 0x0001 #define SRTP_AES128_CM_SHA1_32 0x0002 #define SRTP_AES128_F8_SHA1_80 0x0003 @@ -130,32 +131,47 @@ extern "C" { #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 -/* SSL_CTX_set_tlsext_use_srtp enables SRTP for all SSL objects - * created from |ctx|. |profile| contains a colon-separated list of - * profile names. It returns zero on success and one on failure. +/* SSL_CTX_set_srtp_profiles enables SRTP for all SSL objects created from + * |ctx|. |profile| contains a colon-separated list of profile names. It returns + * one on success and zero on failure. */ +OPENSSL_EXPORT int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx, + const char *profiles); + +/* SSL_set_srtp_profiles enables SRTP for |ssl|. |profile| contains a + * colon-separated list of profile names. It returns one on success and zero on + * failure. */ +OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ctx, const char *profiles); + +/* SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|. */ +OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles( + SSL *ssl); + +/* SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if + * SRTP was not negotiated. */ +OPENSSL_EXPORT SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + + +/* Deprecated functions */ + +/* SSL_CTX_set_tlsext_use_srtp calls SSL_CTX_set_srtp_profiles. It returns zero + * on success and one on failure. * - * WARNING: this function is dangerous because it breaks the usual - * return value convention. */ + * WARNING: this function is dangerous because it breaks the usual return value + * convention. Use SSL_CTX_set_srtp_profiles instead. */ OPENSSL_EXPORT int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); -/* SSL_set_tlsext_use_srtp enables SRTP for |ssl| with a profile list. - * |profile| contains a colon-separated list of profile names. It - * returns zero on success and one on failure. +/* SSL_set_tlsext_use_srtp calls SSL_set_srtp_profiles. It returns zero on + * success and one on failure. * - * WARNING: this function is dangerous because it breaks the usual - * return value convention. */ + * WARNING: this function is dangerous because it breaks the usual return value + * convention. Use SSL_set_srtp_profiles instead. */ OPENSSL_EXPORT int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); -OPENSSL_EXPORT SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); - -OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) * - SSL_get_srtp_profiles(SSL *ssl); -OPENSSL_EXPORT SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); #ifdef __cplusplus -} +} /* extern C */ #endif -#endif +#endif /* OPENSSL_HEADER_SRTP_H */ diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index bc278c3..69b11ad 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -114,8 +114,6 @@ Copyright (C) 2011, RTFM, Inc. */ -#ifndef OPENSSL_NO_SRTP - #include <stdio.h> #include <openssl/bytestring.h> @@ -226,20 +224,17 @@ static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTE return 1; } - -int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles) + +int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx, const char *profiles) { - /* This API inverts its return value. */ - return !ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles); + return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); } -int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles) +int SSL_set_srtp_profiles(SSL *s, const char *profiles) { - /* This API inverts its return value. */ - return !ssl_ctx_make_profiles(profiles,&s->srtp_profiles); + return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); } - STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) { if(s != NULL) @@ -263,6 +258,18 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) return s->srtp_profile; } +int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) + { + /* This API inverts its return value. */ + return !SSL_CTX_set_srtp_profiles(ctx, profiles); + } + +int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) + { + /* This API inverts its return value. */ + return !SSL_set_srtp_profiles(s, profiles); + } + /* Note: this function returns 0 length if there are no profiles specified */ int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) @@ -464,6 +471,3 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert) *out_alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } - - -#endif |