WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve the DTLS SRTP client side parsing.

pull/4755/head
David Garske 2022-01-18 08:58:06 -08:00
parent f3f5b0f53b
commit ba589955f7
2 changed files with 29 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl.c
View File

@ -1406,14 +1406,15 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl,
WOLFSSL_MSG("Not using DTLS SRTP"); WOLFSSL_MSG("Not using DTLS SRTP");
return EXT_MISSING; return EXT_MISSING;
} }
if (*olen < (size_t)profile->kdfBits) {
return BUFFER_E;
}
if (out == NULL) { if (out == NULL) {
*olen = profile->kdfBits; *olen = profile->kdfBits;
return LENGTH_ONLY_E; return LENGTH_ONLY_E;
} }
if (*olen < (size_t)profile->kdfBits) {
return BUFFER_E;
}
#ifdef WOLFSSL_HAVE_PRF #ifdef WOLFSSL_HAVE_PRF
XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN); XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN);
XMEMCPY(seed + RAN_LEN, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(seed + RAN_LEN, ssl->arrays->clientRandom, RAN_LEN);

43
src/tls.c
View File

@ -5407,33 +5407,44 @@ static int TLSX_UseSRTP_Parse(WOLFSSL* ssl, const byte* input, word16 length,
byte isRequest) byte isRequest)
{ {
int ret = BAD_FUNC_ARG; int ret = BAD_FUNC_ARG;
#ifndef NO_WOLFSSL_SERVER
int i;
TlsxSrtp* srtp = NULL;
word16 profile_len = 0; word16 profile_len = 0;
word16 profile_value = 0; word16 profile_value = 0;
word16 offset = 0; word16 offset = 0;
#ifndef NO_WOLFSSL_SERVER
int i;
TlsxSrtp* srtp = NULL;
#endif #endif
if (length < OPAQUE16_LEN) { if (length < OPAQUE16_LEN) {
return BUFFER_ERROR; return BUFFER_ERROR;
} }
if (!isRequest) { /* reset selected DTLS SRTP profile ID */
#ifndef NO_WOLFSSL_CLIENT ssl->dtlsSrtpId = 0;
ssl->dtlsSrtpProfiles = ssl->ctx->dtlsSrtpProfiles;
ret = 0; /* success */
#endif
}
#ifndef NO_WOLFSSL_SERVER
else {
/* total length, not include itself */ /* total length, not include itself */
ato16(input, &profile_len); ato16(input, &profile_len);
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
if (!isRequest) {
#ifndef NO_WOLFSSL_CLIENT
if (length < offset + OPAQUE16_LEN)
return BUFFER_ERROR;
ato16(input + offset, &profile_value);
/* check that the profile received was in the ones we support */
if (profile_value < 16 &&
(ssl->dtlsSrtpProfiles & (1 << profile_value))) {
ssl->dtlsSrtpId = profile_value;
ret = 0; /* success */
}
#endif
}
#ifndef NO_WOLFSSL_SERVER
else {
/* parse remainder one profile at a time, looking for match in CTX */ /* parse remainder one profile at a time, looking for match in CTX */
ret = 0; ret = 0;
ssl->dtlsSrtpId = 0;
for (i=offset; i<length; i+=OPAQUE16_LEN) { for (i=offset; i<length; i+=OPAQUE16_LEN) {
ato16(input+i, &profile_value); ato16(input+i, &profile_value);
/* find first match */ /* find first match */
@ -5448,6 +5459,7 @@ static int TLSX_UseSRTP_Parse(WOLFSSL* ssl, const byte* input, word16 length,
(void*)srtp, ssl->heap); (void*)srtp, ssl->heap);
if (ret == 0) { if (ret == 0) {
TLSX_SetResponse(ssl, TLSX_USE_SRTP); TLSX_SetResponse(ssl, TLSX_USE_SRTP);
/* successfully set extension */
} }
} }
else { else {
@ -5456,19 +5468,18 @@ static int TLSX_UseSRTP_Parse(WOLFSSL* ssl, const byte* input, word16 length,
break; break;
} }
} }
(void)profile_len;
} }
if (ret == 0 && ssl->dtlsSrtpId == 0) { if (ret == 0 && ssl->dtlsSrtpId == 0) {
WOLFSSL_MSG("SRP Profile not found!"); WOLFSSL_MSG("TLSX_UseSRTP_Parse profile not found!");
/* not fatal, so return 0 */ /* not fatal */
ret = 0;
} }
else if (ret != 0) { else if (ret != 0) {
ssl->dtlsSrtpId = 0; ssl->dtlsSrtpId = 0;
TLSX_UseSRTP_Free(srtp, ssl->heap); TLSX_UseSRTP_Free(srtp, ssl->heap);
} }
#endif #endif
(void)profile_len;
return ret; return ret;
} }