set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 1ded993..085d270 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3204,13 +3204,13 @@
* \brief Set the supported DTLS-SRTP protection profiles.
*
* \param conf SSL configuration
- * \param profiles List of supported protection profiles,
+ * \param profiles Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated
+ * supported protection profiles
* in decreasing preference order.
- * The pointer to the list is
- * recorded by the library for later reference as required,
- * so the lifetime of the table must be at least as long
- * as the lifetime of the SSL configuration structure.
- * \param profiles_number Number of supported profiles.
+ * The pointer to the list is recorded by the library
+ * for later reference as required, so the lifetime
+ * of the table must be at least as long as the lifetime
+ * of the SSL configuration structure.
*
* \return 0 on success
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
@@ -3218,8 +3218,7 @@
*/
int mbedtls_ssl_conf_dtls_srtp_protection_profiles
( mbedtls_ssl_config *conf,
- const mbedtls_ssl_srtp_profile *profiles,
- size_t profiles_number );
+ const mbedtls_ssl_srtp_profile *profiles );
/**
* \brief Set the mki_value for the current DTLS-SRTP session.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index caaba24..f6b56f1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4735,38 +4735,36 @@
}
int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
- const mbedtls_ssl_srtp_profile *profiles,
- size_t profiles_number )
+ const mbedtls_ssl_srtp_profile *profiles )
{
- size_t i;
- /*
- * Check input validity : must be a list of profiles from enumeration.
- * Maximum length is 4 as only 4 protection profiles are defined.
- */
- if( profiles_number > 4 )
- {
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- }
+ const mbedtls_ssl_srtp_profile *p;
+ size_t list_size = 0;
-
- for( i=0; i < profiles_number; i++ )
+ /* check the profiles list: all entry must be valid,
+ * its size cannot be more than the total number of supported profiles, currently 4 */
+ for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size < 5; p++ )
{
- switch( profiles[i] )
+ switch( *p )
{
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
+ list_size++;
break;
- default:
- conf->dtls_srtp_profile_list = NULL;
- conf->dtls_srtp_profile_list_len = 0;
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ default: /* unsupported value, stop parsing and set the size to an error value */
+ list_size = 5;
}
}
+ if ( list_size > 4 ) {
+ conf->dtls_srtp_profile_list = NULL;
+ conf->dtls_srtp_profile_list_len = 0;
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+
conf->dtls_srtp_profile_list = profiles;
- conf->dtls_srtp_profile_list_len = profiles_number;
+ conf->dtls_srtp_profile_list_len = list_size;
return( 0 );
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 33fbc05..cdedbd2 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1249,7 +1249,8 @@
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
- MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32
+ MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
+ MBEDTLS_TLS_SRTP_UNSET
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@@ -2334,18 +2335,12 @@
{
if( opt.force_srtp_profile != 0 )
{
- const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
- ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
- ( &conf,
- forced_profile,
- sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
+ const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile );
}
else
{
- ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
- ( &conf,
- default_profiles,
- sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles );
}
if( ret != 0 )
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b6f0736..e66ca40 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1880,7 +1880,8 @@
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
- MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32
+ MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
+ MBEDTLS_TLS_SRTP_UNSET
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@@ -3146,16 +3147,12 @@
{
if( opt.force_srtp_profile != 0 )
{
- const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
- ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
- forced_profile,
- sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) );
+ const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile );
}
else
{
- ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
- default_profiles,
- sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles );
}
if( ret != 0 )
