Style fixes
1. Adjust to 80 colums where possible.
2. Add \ remove spaces where needed.
3. Fix alignments.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index d6b429d..8335f00 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -766,7 +766,8 @@
*olen = 0;
- if( (ssl->conf->dtls_srtp_profile_list == NULL) || (ssl->conf->dtls_srtp_profile_list_len == 0) )
+ if( (ssl->conf->dtls_srtp_profile_list == NULL) ||
+ (ssl->conf->dtls_srtp_profile_list_len == 0) )
{
return;
}
@@ -785,52 +786,69 @@
* } UseSRTPData;
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
- *
*/
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
- ssl->dtls_srtp_info.mki_len != 0 )
+ ssl->dtls_srtp_info.mki_len != 0 )
{
mki_len = ssl->dtls_srtp_info.mki_len;
}
- /* Extension length = 2bytes for profiles length, ssl->conf->dtls_srtp_profile_list_len*2 (each profile is 2 bytes length ) + 1 byte for srtp_mki vector length and the mki_len value */
- *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) ) & 0xFF );
-
+ /* Extension length = 2 bytes for profiles length,
+ * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ),
+ * 1 byte for srtp_mki vector length and the mki_len value
+ */
+ *p++ = (unsigned char)( ( ( 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len )
+ + 1 + mki_len ) >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ( 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len )
+ + 1 + mki_len ) ) & 0xFF );
/* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
- *p++ = (unsigned char)( ( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) & 0xFF );
+ *p++ = (unsigned char)( ( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) )
+ >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) )
+ & 0xFF );
- for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ )
+ for( protection_profiles_index=0;
+ protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
+ protection_profiles_index++ )
{
switch (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) {
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) );
- *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF);
- *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF);
+ *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE )
+ >> 8 ) & 0xFF );
+ *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE )
+ & 0xFF );
break;
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) );
- *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF);
- *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF);
+ *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE )
+ >> 8 ) & 0xFF );
+ *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE )
+ & 0xFF );
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) );
- *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF);
- *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF);
+ *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 )
+ & 0xFF ) ;
+ *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF );
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) );
- *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF);
- *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF);
+ *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 )
+ & 0xFF );
+ *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF );
break;
default:
- /* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) );
+ /*
+ * Note: we shall never arrive here as protection profiles
+ * is checked by ssl_set_dtls_srtp_protection_profiles function
+ */
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d",
+ ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) );
break;
}
}
@@ -843,11 +861,18 @@
{
*p++ = ssl->dtls_srtp_info.mki_value[i];
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value,
+ ssl->dtls_srtp_info.mki_len );
}
- /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/
- *olen = 2 + 2 + 2 + 2*( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
+ /*
+ * total extension length: extension type (2 bytes)
+ * + extension length (2 bytes)
+ * + protection profile length (2 bytes)
+ * + 2 * number of protection profiles
+ * + srtp_mki vector length(1 byte)
+ */
+ *olen = 2 + 2 + 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@@ -1815,7 +1840,8 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+ const unsigned char *buf,
+ size_t len )
{
mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE;
size_t i, mki_len = 0;
@@ -1823,7 +1849,8 @@
const mbedtls_ssl_srtp_profile_info * profile_info;
/* If use_srtp is not configured, just ignore the extension */
- if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
+ if( ssl->conf->dtls_srtp_profile_list == NULL ||
+ ssl->conf->dtls_srtp_profile_list_len == 0 )
return( 0 );
/* RFC5764 section 4.1.1
@@ -1838,21 +1865,32 @@
*
*/
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
- ssl->dtls_srtp_info.mki_len != 0 )
+ ssl->dtls_srtp_info.mki_len != 0 )
{
mki_len = ssl->dtls_srtp_info.mki_len;
}
- /* Length is 5 and optional mki_value : one protection profile(2 bytes) + length(2 bytes) and srtp_mki */
+ /*
+ * Length is 5 and optional mki_value : one protection profile(2 bytes)
+ * + length(2 bytes) and srtp_mki
+ */
if( ( len != 5 ) && ( len != ( 5 + mki_len ) ) )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
/*
* get the server protection profile
*/
- if (((uint16_t)( ( buf[0]<<8 ) | buf[1] ) ) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */
+
+ /*
+ * protection profile length must be 0x0002 as we must have only
+ * one protection profile in server Hello
+ */
+ if( ( (uint16_t)( ( buf[0] << 8 ) | buf[1] ) ) != 0x0002 )
+ {
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
- } else {
+ }
+ else
+ {
server_protection_profile_value = ( buf[2] << 8 ) | buf[3];
}
@@ -1863,7 +1901,7 @@
*/
for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
{
- switch ( server_protection_profile_value ) {
+ switch( server_protection_profile_value ) {
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE:
server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80;
break;
@@ -1886,7 +1924,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) );
}
- if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) {
+ if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) {
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) );
break;
@@ -1897,10 +1935,11 @@
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE )
{
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- /* RFC5764:
+ /*
+ * RFC5764:
* If the client detects a nonzero-length MKI in the server's response
* that is different than the one the client offered, then the client
* MUST abort the handshake and SHOULD send an invalid_parameter alert.
@@ -1913,9 +1952,10 @@
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
#if defined (MBEDTLS_DEBUG_C)
- if( len > 5)
+ if( len > 5 )
{
- MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value,
+ ssl->dtls_srtp_info.mki_len );
}
#endif
return 0;
@@ -3469,14 +3509,13 @@
if( ssl->client_auth == 0 )
{
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- /* check if we have a chosen srtp protection profile */
- if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
+ /* check if we have a chosen srtp protection profile */
+ if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
}
else
{
-#endif
- /* MBEDTLS_SSL_DTLS_SRTP */
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
/* Current message is probably the ServerHelloDone */
ssl->keep_current_message = 1;
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -4129,8 +4168,8 @@
if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
{
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- /* check if we have a chosen srtp protection profile */
- if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
+ /* check if we have a chosen srtp protection profile */
+ if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
else
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 4c59e5b..38908c8 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -778,15 +778,17 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len )
+ const unsigned char *buf,
+ size_t len )
{
mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE;
size_t i,j;
size_t profile_length;
- const mbedtls_ssl_srtp_profile_info * profile_info;
+ const mbedtls_ssl_srtp_profile_info *profile_info;
/* If use_srtp is not configured, just ignore the extension */
- if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
+ if( ssl->conf->dtls_srtp_profile_list == NULL ||
+ ssl->conf->dtls_srtp_profile_list_len == 0 )
return( 0 );
/* RFC5764 section 4.1.1
@@ -798,22 +800,28 @@
* } UseSRTPData;
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
- *
*/
- /* Min length is 5: at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */
+ /*
+ * Min length is 5: at least one protection profile(2 bytes)
+ * and length(2 bytes) + srtp_mki length(1 byte)
+ */
if( len < 5 )
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE;
- profile_length = ( buf[0] << 8 ) | buf[1]; /* first 2 bytes are protection profile length(in bytes) */
+ /* first 2 bytes are protection profile length(in bytes) */
+ profile_length = ( buf[0] << 8 ) | buf[1];
-
- /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */
- for( j=0; j < profile_length; j+=2 )
+ /*
+ * parse the extension list values are defined in
+ * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
+ */
+ for( j=0; j < profile_length; j += 2 )
{
- uint16_t protection_profile_value = buf[j+2]<<8 | buf[j+3]; /* +2 to skip the length field */
+ /* + 2 to skip the length field */
+ uint16_t protection_profile_value = buf[j + 2] << 8 | buf[j+3];
switch ( protection_profile_value )
{
@@ -854,7 +862,7 @@
if( ( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) &&
( len > ( profile_length + 2 ) ) )
{
- ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ];
+ ssl->dtls_srtp_info.mki_len = buf[profile_length + 2];
if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH )
{
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@@ -863,13 +871,14 @@
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ];
+ ssl->dtls_srtp_info.mki_len = buf[profile_length + 2];
for( i=0; i < ssl->dtls_srtp_info.mki_len; i++ )
{
- ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ];
+ ssl->dtls_srtp_info.mki_value[i] = buf[profile_length + 2 + 1 + i];
}
- MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value,
+ ssl->dtls_srtp_info.mki_len );
}
return( 0 );
@@ -2611,7 +2620,8 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS)
static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+ unsigned char *buf,
+ size_t *olen )
{
size_t mki_len = 0, ext_len = 0, i;
@@ -2624,7 +2634,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) );
if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
- ssl->dtls_srtp_info.mki_len != 0 )
+ ssl->dtls_srtp_info.mki_len != 0 )
{
mki_len = ssl->dtls_srtp_info.mki_len;
}
@@ -2632,7 +2642,10 @@
/* extension */
buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF );
buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF );
- /* total length 5 and mki value: only one profile(2 bytes) and length(2 bytes) and srtp_mki ) */
+ /*
+ * total length 5 and mki value: only one profile(2 bytes)
+ * and length(2 bytes) and srtp_mki )
+ */
ext_len = 5 + mki_len;
buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
buf[3] = (unsigned char)( ext_len & 0xFF );
@@ -2642,20 +2655,28 @@
buf[5] = 0x02;
switch (ssl->dtls_srtp_info.chosen_dtls_srtp_profile) {
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
- buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF );
- buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF );
+ buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8 )
+ & 0xFF );
+ buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE )
+ & 0xFF );
break;
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
- buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF );
- buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF );
+ buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8 )
+ & 0xFF );
+ buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE )
+ & 0xFF );
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
- buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF );
- buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF );
+ buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8 )
+ & 0xFF );
+ buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE )
+ & 0xFF );
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
- buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF );
- buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF );
+ buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8 )
+ & 0xFF );
+ buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE )
+ & 0xFF );
break;
default:
*olen = 0;
@@ -2665,7 +2686,7 @@
buf[8] = mki_len & 0xFF;
for( i=0; i < mki_len; i++ )
{
- buf[ 9 + i ] = ssl->dtls_srtp_info.mki_value[i];
+ buf[9 + i] = ssl->dtls_srtp_info.mki_value[i];
}
*olen = 9 + mki_len;
@@ -2961,7 +2982,7 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen);
+ ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif
@@ -3030,11 +3051,15 @@
else
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- /* check if we have a chosen srtp protection profile, force verify mode to be at least OPTIONAL */
- if ( ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) && ( ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) ) {
+ /*
+ * check if we have a chosen srtp protection profile,
+ * force verify mode to be at least OPTIONAL
+ */
+ if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE &&
+ ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) {
authmode = MBEDTLS_SSL_VERIFY_OPTIONAL;
}
- else
+ else
#endif
authmode = ssl->conf->authmode;
@@ -3045,7 +3070,7 @@
/* check if we have a chosen srtp protection profile */
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "should not happen" ) );
- return ( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
else
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 18c86a5..3a0fbfc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -873,19 +873,19 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/* check if we have a chosen srtp protection profile */
- if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
- /* derive key material for srtp session RFC5764 section 4.2 */
- /* master key and master salt are respectively 128 bits and 112 bits for all currently available modes :
+ if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
+ /* derive key material for srtp session RFC5764 section 4.2
+ * master key and master salt are respectively 128 bits and 112 bits
+ * for all currently available modes :
* SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32
* SRTP_NULL_HMAC_SHA1_80, SRTP_NULL_HMAC_SHA1_32
* So we must export 2*(128 + 112) = 480 bits
*/
ssl->dtls_srtp_info.dtls_srtp_keys_len = MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH;
- //ssl->dtls_srtp_info.dtls_srtp_keys = (unsigned char *)mbedtls_calloc(1, ssl->dtls_srtp_info.dtls_srtp_keys_len);
-
- ret = tls_prf( master, 48, "EXTRACTOR-dtls_srtp",
- randbytes, 64, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len );
+ ret = tls_prf( master, 48, "EXTRACTOR-dtls_srtp",
+ randbytes, 64, ssl->dtls_srtp_info.dtls_srtp_keys,
+ ssl->dtls_srtp_info.dtls_srtp_keys_len );
if( ret != 0 )
{
@@ -2113,9 +2113,9 @@
if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
{
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- /* check if we have a chosen srtp protection profile */
- if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
- return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+ /* check if we have a chosen srtp protection profile */
+ if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) {
+ return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
}
else
{
@@ -2754,7 +2754,7 @@
: ssl->dtls_srtp_info.chosen_dtls_srtp_profile !=
MBEDTLS_SRTP_UNSET_PROFILE
&& ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE
- ? MBEDTLS_SSL_VERIFY_REQUIRED
+ ? MBEDTLS_SSL_VERIFY_OPTIONAL
#endif /* MBEDTLS_SSL_DTLS_SRTP */
: ssl->conf->authmode;
#else
@@ -2763,7 +2763,7 @@
ssl->dtls_srtp_info.chosen_dtls_srtp_profile !=
MBEDTLS_SRTP_UNSET_PROFILE &&
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ?
- MBEDTLS_SSL_VERIFY_REQUIRED :
+ MBEDTLS_SSL_VERIFY_OPTIONAL :
#endif /* MBEDTLS_SSL_DTLS_SRTP */
ssl->conf->authmode;
#endif
@@ -4762,12 +4762,15 @@
return( NULL );
}
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value )
+void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
+ int support_mki_value )
{
conf->dtls_srtp_mki_support = support_mki_value;
}
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char* mki_value, size_t mki_len )
+int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
+ unsigned char *mki_value,
+ size_t mki_len )
{
if ( mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH )
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -4780,20 +4783,22 @@
return 0;
}
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number)
+int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
+ const mbedtls_ssl_srtp_profile *profiles,
+ size_t profiles_number )
{
size_t i;
/* check in put validity : must be a list of profiles from enumeration */
/* maximum length is 4 as only 4 protection profiles are defined */
- if (profiles_number>4) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ if( profiles_number > 4 ) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- mbedtls_free(conf->dtls_srtp_profile_list);
- conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile *)mbedtls_calloc(1, profiles_number*sizeof(mbedtls_ssl_srtp_profile));
+ mbedtls_free( conf->dtls_srtp_profile_list );
+ conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1, profiles_number * sizeof( mbedtls_ssl_srtp_profile ) );
- for (i=0; i<profiles_number; i++) {
- switch (profiles[i]) {
+ for( i=0; i < profiles_number; i++ ) {
+ switch( profiles[i] ) {
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
@@ -4801,7 +4806,7 @@
conf->dtls_srtp_profile_list[i] = profiles[i];
break;
default:
- mbedtls_free(conf->dtls_srtp_profile_list);
+ mbedtls_free( conf->dtls_srtp_profile_list );
conf->dtls_srtp_profile_list = NULL;
conf->dtls_srtp_profile_list_len = 0;
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -4814,19 +4819,22 @@
return( 0 );
}
-mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl)
+mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl )
{
- return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile);
+ return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
}
-int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ) {
+int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl,
+ unsigned char *key,
+ size_t *key_len ) {
/* check output buffer size */
- if ( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len) {
+ if( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len ) {
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
}
- memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len);
+ memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys,
+ ssl->dtls_srtp_info.dtls_srtp_keys_len );
*key_len = ssl->dtls_srtp_info.dtls_srtp_keys_len;
return 0;
@@ -6931,8 +6939,8 @@
#endif
#if defined (MBEDTLS_SSL_DTLS_SRTP)
- mbedtls_platform_zeroize( ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len );
- //mbedtls_free( ssl->dtls_srtp_keys );
+ mbedtls_platform_zeroize( ssl->dtls_srtp_info.dtls_srtp_keys,
+ ssl->dtls_srtp_info.dtls_srtp_keys_len );
#endif /* MBEDTLS_SSL_DTLS_SRTP */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );