TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9bc97ca19d388ae0e155ba6302787acd2bcd4c36^! / . / library
commit9bc97ca19d388ae0e155ba6302787acd2bcd4c36[log] [tgz]
authorJohan Pascal <johan.pascal@belledonne-communications.com>Mon Sep 21 23:44:45 2020 +0200
committerJohan Pascal <johan.pascal@belledonne-communications.com>Thu Oct 29 01:14:49 2020 +0100
tree4e38b980e48cc6d853f84af8808f9dee1372c0d2
parent8f70fba988d9c25d8d461e68b2c0c9285e0bc401 [diff]
SRTP-DTLS protection profile configuration list not copied into ssl_config
+ improve test
+ minor style fix

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5bd303a..b8acc75 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -788,8 +788,7 @@
      * } UseSRTPData;
      * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
      */
-    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
-        ssl->dtls_srtp_info.mki_len != 0 )
+    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
     {
         mki_len = ssl->dtls_srtp_info.mki_len;
     }

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index d070505..6dc219b 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -2651,6 +2651,14 @@
         mki_len = ssl->dtls_srtp_info.mki_len;
     }
 
+    /* The extension total size is 9 bytes :
+     * - 2 bytes for the extension tag
+     * - 2 bytes for the total size
+     * - 2 bytes for the protection profile length
+     * - 2 bytes for the protection profile
+     * - 1 byte for the mki length
+     * +  the actual mki length
+     * Check we have enough room in the output buffer */
     if( end < buf + mki_len + 9 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4872b69..93b60cc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -4778,12 +4778,6 @@
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
-    mbedtls_free( conf->dtls_srtp_profile_list );
-    conf->dtls_srtp_profile_list =
-            (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1,
-             profiles_number * sizeof( mbedtls_ssl_srtp_profile ) );
-    if( conf->dtls_srtp_profile_list == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
 
     for( i=0; i < profiles_number; i++ ) {
         switch( profiles[i] ) {
@@ -4791,17 +4785,15 @@
             case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
             case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
             case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
-                conf->dtls_srtp_profile_list[i] = profiles[i];
                 break;
             default:
-                mbedtls_free( conf->dtls_srtp_profile_list );
                 conf->dtls_srtp_profile_list = NULL;
                 conf->dtls_srtp_profile_list_len = 0;
                 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
         }
     }
 
-    /* assign array length */
+    conf->dtls_srtp_profile_list = profiles;
     conf->dtls_srtp_profile_list_len = profiles_number;
 
     return( 0 );
@@ -7164,10 +7156,6 @@
     ssl_key_cert_free( conf->key_cert );
 #endif
 
-#if defined (MBEDTLS_SSL_DTLS_SRTP)
-    mbedtls_free( conf->dtls_srtp_profile_list );
-#endif
-
     mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
 }