]>
Commit | Line | Data |
---|---|---|
333f926d BL |
1 | /* ssl/t1_lib.c */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
3 | * All rights reserved. | |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 8 | * |
333f926d BL |
9 | * This library is free for commercial and non-commercial use as long as |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 15 | * |
333f926d BL |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 22 | * |
333f926d BL |
23 | * Redistribution and use in source and binary forms, with or without |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
0f113f3e | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
333f926d BL |
38 | * the apps directory (application code) you must include an acknowledgement: |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 40 | * |
333f926d BL |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
0f113f3e | 52 | * |
333f926d BL |
53 | * The licence and distribution terms for any publically available version or |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | /* ==================================================================== | |
59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | |
60 | * | |
61 | * Redistribution and use in source and binary forms, with or without | |
62 | * modification, are permitted provided that the following conditions | |
63 | * are met: | |
64 | * | |
65 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 66 | * notice, this list of conditions and the following disclaimer. |
333f926d BL |
67 | * |
68 | * 2. Redistributions in binary form must reproduce the above copyright | |
69 | * notice, this list of conditions and the following disclaimer in | |
70 | * the documentation and/or other materials provided with the | |
71 | * distribution. | |
72 | * | |
73 | * 3. All advertising materials mentioning features or use of this | |
74 | * software must display the following acknowledgment: | |
75 | * "This product includes software developed by the OpenSSL Project | |
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
77 | * | |
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
79 | * endorse or promote products derived from this software without | |
80 | * prior written permission. For written permission, please contact | |
81 | * openssl-core@openssl.org. | |
82 | * | |
83 | * 5. Products derived from this software may not be called "OpenSSL" | |
84 | * nor may "OpenSSL" appear in their names without prior written | |
85 | * permission of the OpenSSL Project. | |
86 | * | |
87 | * 6. Redistributions of any form whatsoever must retain the following | |
88 | * acknowledgment: | |
89 | * "This product includes software developed by the OpenSSL Project | |
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
91 | * | |
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
104 | * ==================================================================== | |
105 | * | |
106 | * This product includes cryptographic software written by Eric Young | |
107 | * (eay@cryptsoft.com). This product includes software written by Tim | |
108 | * Hudson (tjh@cryptsoft.com). | |
109 | * | |
110 | */ | |
111 | /* | |
0f113f3e MC |
112 | * DTLS code by Eric Rescorla <ekr@rtfm.com> |
113 | * | |
114 | * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. | |
115 | */ | |
333f926d BL |
116 | |
117 | #include <stdio.h> | |
118 | #include <openssl/objects.h> | |
119 | #include "ssl_locl.h" | |
333f926d | 120 | |
32b07f5a | 121 | #ifndef OPENSSL_NO_SRTP |
333f926d | 122 | |
0f113f3e | 123 | static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { |
333f926d | 124 | { |
0f113f3e MC |
125 | "SRTP_AES128_CM_SHA1_80", |
126 | SRTP_AES128_CM_SHA1_80, | |
127 | }, | |
333f926d | 128 | { |
0f113f3e MC |
129 | "SRTP_AES128_CM_SHA1_32", |
130 | SRTP_AES128_CM_SHA1_32, | |
131 | }, | |
333f926d | 132 | {0} |
0f113f3e | 133 | }; |
333f926d BL |
134 | |
135 | static int find_profile_by_name(char *profile_name, | |
0f113f3e MC |
136 | SRTP_PROTECTION_PROFILE **pptr, unsigned len) |
137 | { | |
138 | SRTP_PROTECTION_PROFILE *p; | |
139 | ||
140 | p = srtp_known_profiles; | |
141 | while (p->name) { | |
86885c28 RS |
142 | if ((len == strlen(p->name)) |
143 | && strncmp(p->name, profile_name, len) == 0) { | |
0f113f3e MC |
144 | *pptr = p; |
145 | return 0; | |
146 | } | |
147 | ||
148 | p++; | |
149 | } | |
150 | ||
151 | return 1; | |
152 | } | |
153 | ||
154 | static int ssl_ctx_make_profiles(const char *profiles_string, | |
155 | STACK_OF(SRTP_PROTECTION_PROFILE) **out) | |
156 | { | |
157 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; | |
158 | ||
159 | char *col; | |
160 | char *ptr = (char *)profiles_string; | |
0f113f3e MC |
161 | SRTP_PROTECTION_PROFILE *p; |
162 | ||
75ebbd9a | 163 | if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { |
0f113f3e MC |
164 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, |
165 | SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); | |
166 | return 1; | |
167 | } | |
168 | ||
169 | do { | |
170 | col = strchr(ptr, ':'); | |
171 | ||
172 | if (!find_profile_by_name(ptr, &p, | |
173 | col ? col - ptr : (int)strlen(ptr))) { | |
174 | if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { | |
175 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, | |
176 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | |
177 | sk_SRTP_PROTECTION_PROFILE_free(profiles); | |
178 | return 1; | |
179 | } | |
180 | ||
181 | sk_SRTP_PROTECTION_PROFILE_push(profiles, p); | |
182 | } else { | |
183 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, | |
184 | SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); | |
185 | sk_SRTP_PROTECTION_PROFILE_free(profiles); | |
186 | return 1; | |
187 | } | |
188 | ||
189 | if (col) | |
190 | ptr = col + 1; | |
191 | } while (col); | |
192 | ||
193 | *out = profiles; | |
194 | ||
195 | return 0; | |
196 | } | |
197 | ||
198 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) | |
199 | { | |
200 | return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); | |
201 | } | |
202 | ||
203 | int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) | |
204 | { | |
205 | return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); | |
206 | } | |
333f926d BL |
207 | |
208 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) | |
0f113f3e MC |
209 | { |
210 | if (s != NULL) { | |
211 | if (s->srtp_profiles != NULL) { | |
212 | return s->srtp_profiles; | |
213 | } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { | |
214 | return s->ctx->srtp_profiles; | |
215 | } | |
216 | } | |
217 | ||
218 | return NULL; | |
219 | } | |
333f926d BL |
220 | |
221 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) | |
0f113f3e MC |
222 | { |
223 | return s->srtp_profile; | |
224 | } | |
225 | ||
226 | /* | |
227 | * Note: this function returns 0 length if there are no profiles specified | |
228 | */ | |
229 | int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, | |
230 | int maxlen) | |
231 | { | |
232 | int ct = 0; | |
233 | int i; | |
234 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0; | |
235 | SRTP_PROTECTION_PROFILE *prof; | |
236 | ||
237 | clnt = SSL_get_srtp_profiles(s); | |
238 | ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ | |
239 | ||
240 | if (p) { | |
241 | if (ct == 0) { | |
242 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, | |
243 | SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); | |
244 | return 1; | |
245 | } | |
246 | ||
247 | if ((2 + ct * 2 + 1) > maxlen) { | |
248 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, | |
249 | SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); | |
250 | return 1; | |
251 | } | |
252 | ||
253 | /* Add the length */ | |
254 | s2n(ct * 2, p); | |
255 | for (i = 0; i < ct; i++) { | |
256 | prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); | |
257 | s2n(prof->id, p); | |
258 | } | |
259 | ||
260 | /* Add an empty use_mki value */ | |
261 | *p++ = 0; | |
262 | } | |
263 | ||
264 | *len = 2 + ct * 2 + 1; | |
265 | ||
266 | return 0; | |
267 | } | |
268 | ||
9ceb2426 | 269 | int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) |
0f113f3e MC |
270 | { |
271 | SRTP_PROTECTION_PROFILE *sprof; | |
272 | STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; | |
9ceb2426 | 273 | unsigned int ct, mki_len, id; |
0f113f3e | 274 | int i, srtp_pref; |
9ceb2426 | 275 | PACKET subpkt; |
0f113f3e | 276 | |
9ceb2426 MC |
277 | /* Pull off the length of the cipher suite list and check it is even */ |
278 | if (!PACKET_get_net_2(pkt, &ct) | |
279 | || (ct & 1) != 0 | |
280 | || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { | |
0f113f3e MC |
281 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, |
282 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | |
283 | *al = SSL_AD_DECODE_ERROR; | |
284 | return 1; | |
285 | } | |
286 | ||
287 | srvr = SSL_get_srtp_profiles(s); | |
288 | s->srtp_profile = NULL; | |
289 | /* Search all profiles for a match initially */ | |
290 | srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); | |
291 | ||
9ceb2426 MC |
292 | while (PACKET_remaining(&subpkt)) { |
293 | if (!PACKET_get_net_2(&subpkt, &id)) { | |
294 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, | |
295 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | |
296 | *al = SSL_AD_DECODE_ERROR; | |
297 | return 1; | |
298 | } | |
333f926d | 299 | |
0f113f3e MC |
300 | /* |
301 | * Only look for match in profiles of higher preference than | |
302 | * current match. | |
303 | * If no profiles have been have been configured then this | |
304 | * does nothing. | |
305 | */ | |
306 | for (i = 0; i < srtp_pref; i++) { | |
307 | sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); | |
308 | if (sprof->id == id) { | |
309 | s->srtp_profile = sprof; | |
310 | srtp_pref = i; | |
311 | break; | |
312 | } | |
313 | } | |
314 | } | |
315 | ||
316 | /* | |
317 | * Now extract the MKI value as a sanity check, but discard it for now | |
318 | */ | |
9ceb2426 MC |
319 | if (!PACKET_get_1(pkt, &mki_len)) { |
320 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, | |
321 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | |
322 | *al = SSL_AD_DECODE_ERROR; | |
323 | return 1; | |
324 | } | |
0f113f3e | 325 | |
9ceb2426 MC |
326 | if (!PACKET_forward(pkt, mki_len) |
327 | || PACKET_remaining(pkt)) { | |
0f113f3e MC |
328 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, |
329 | SSL_R_BAD_SRTP_MKI_VALUE); | |
330 | *al = SSL_AD_DECODE_ERROR; | |
331 | return 1; | |
332 | } | |
333 | ||
334 | return 0; | |
335 | } | |
336 | ||
337 | int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, | |
338 | int maxlen) | |
339 | { | |
340 | if (p) { | |
341 | if (maxlen < 5) { | |
342 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, | |
343 | SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); | |
344 | return 1; | |
345 | } | |
346 | ||
347 | if (s->srtp_profile == 0) { | |
348 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, | |
349 | SSL_R_USE_SRTP_NOT_NEGOTIATED); | |
350 | return 1; | |
351 | } | |
352 | s2n(2, p); | |
353 | s2n(s->srtp_profile->id, p); | |
354 | *p++ = 0; | |
355 | } | |
356 | *len = 5; | |
357 | ||
358 | return 0; | |
359 | } | |
360 | ||
50932c4a | 361 | int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) |
0f113f3e | 362 | { |
50932c4a | 363 | unsigned int id, ct, mki; |
0f113f3e | 364 | int i; |
0f113f3e MC |
365 | |
366 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; | |
367 | SRTP_PROTECTION_PROFILE *prof; | |
368 | ||
50932c4a MC |
369 | if (!PACKET_get_net_2(pkt, &ct) |
370 | || ct != 2 | |
371 | || !PACKET_get_net_2(pkt, &id) | |
372 | || !PACKET_get_1(pkt, &mki) | |
373 | || PACKET_remaining(pkt) != 0) { | |
0f113f3e MC |
374 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, |
375 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | |
376 | *al = SSL_AD_DECODE_ERROR; | |
377 | return 1; | |
378 | } | |
379 | ||
50932c4a MC |
380 | if (mki != 0) { |
381 | /* Must be no MKI, since we never offer one */ | |
0f113f3e MC |
382 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, |
383 | SSL_R_BAD_SRTP_MKI_VALUE); | |
384 | *al = SSL_AD_ILLEGAL_PARAMETER; | |
385 | return 1; | |
386 | } | |
387 | ||
388 | clnt = SSL_get_srtp_profiles(s); | |
389 | ||
390 | /* Throw an error if the server gave us an unsolicited extension */ | |
391 | if (clnt == NULL) { | |
392 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, | |
393 | SSL_R_NO_SRTP_PROFILES); | |
394 | *al = SSL_AD_DECODE_ERROR; | |
395 | return 1; | |
396 | } | |
397 | ||
398 | /* | |
399 | * Check to see if the server gave us something we support (and | |
400 | * presumably offered) | |
401 | */ | |
402 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { | |
403 | prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); | |
404 | ||
405 | if (prof->id == id) { | |
406 | s->srtp_profile = prof; | |
407 | *al = 0; | |
408 | return 0; | |
409 | } | |
410 | } | |
411 | ||
412 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, | |
413 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | |
414 | *al = SSL_AD_DECODE_ERROR; | |
415 | return 1; | |
416 | } | |
333f926d BL |
417 | |
418 | #endif |