Minor style modifications
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a859093..a1056b7 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -418,10 +418,10 @@
* Use_srtp extension protection profiles values as defined in
* http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
*/
-#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE 0x0001
-#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE 0x0002
-#define MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE 0x0005
-#define MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE 0x0006
+#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 0x0001
+#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 0x0002
+#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 0x0005
+#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 0x0006
/*
* Size defines
@@ -867,8 +867,8 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
-#define MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60
-#define MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH 255
+#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60
+#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255
/*
* List of SRTP profiles for DTLS-SRTP
*/
@@ -894,7 +894,7 @@
/*! The SRTP profile that was negotiated*/
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
/*! The mki_value used, with max size of 256 bytes */
- unsigned char mki_value[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH];
+ unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
/*! The length of mki_value */
size_t mki_len;
}
@@ -3190,7 +3190,9 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/**
- * \brief Add support for mki value in use_srtp extension.
+ * \brief Add support for mki(master key id) value in use_srtp extension.
+ * MKI is an optional part of SRTP used for key management and
+ * re-keying. See RFC3711 section 3.1 for details
* The default value is
* #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED.
*
@@ -3210,7 +3212,8 @@
* in decreasing preference order.
* \param profiles_number Number of supported profiles.
*
- * \return 0 on success, or #MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+ * \return 0 on success
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of protection profiles is incorrect
*/
int mbedtls_ssl_conf_dtls_srtp_protection_profiles
( mbedtls_ssl_config *conf,
@@ -3224,8 +3227,9 @@
* \param mki_value The MKI value to set.
* \param mki_len The length of the MKI value.
*
- * \return 0 on success, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
- * or #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE on failure
+ * \return 0 on success
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+ * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
*/
int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
unsigned char *mki_value,
@@ -3235,10 +3239,11 @@
* This function should be called after the handshake is
* completed.
*
- * \param ssl SSL context
+ * \param ssl The SSL context to query
*
- * \return Protection Profile enum member,
- * #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated.
+ * \return The DTLS SRTP protection profile in use
+ * \return #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated or the handshake is still on
+ * early stage
*/
mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile
( const mbedtls_ssl_context *ssl );
@@ -3246,10 +3251,11 @@
/**
* \brief Utility function to get information on DTLS-SRTP profile.
*
- * \param profile The dtls-srtp profile id to get info on.
+ * \param profile The DTLS-SRTP profile id to get info on.
*
* \return Address of the SRTP profile information structure on
- * success,NULL if not found.
+ * success
+ * \return \c NULL if not found.
*/
const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id
( mbedtls_ssl_srtp_profile profile );
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index c3923ee..a4c0467 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1103,16 +1103,16 @@
switch( profile )
{
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80:
- profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE;
+ profile_value = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80;
break;
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
- profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE;
+ profile_value = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32;
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
- profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE;
+ profile_value = MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80;
break;
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
- profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE;
+ profile_value = MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32;
break;
default: break;
}
@@ -1125,16 +1125,16 @@
mbedtls_ssl_srtp_profile profile_value = MBEDTLS_SRTP_UNSET_PROFILE;
switch( srtp_iana_value )
{
- case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE:
+ case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80;
break;
- case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE:
+ case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32;
break;
- case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE:
+ case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_80;
break;
- case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE:
+ case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_32;
break;
default: break;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 56e0cbf..0c7e6fd 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -791,7 +791,9 @@
/* If use_srtp is not configured, just ignore the extension */
if( ssl->conf->dtls_srtp_profile_list == NULL ||
ssl->conf->dtls_srtp_profile_list_len == 0 )
+ {
return( 0 );
+ }
/* RFC5764 section 4.1.1
* uint8 SRTPProtectionProfile[2];
@@ -841,6 +843,10 @@
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) );
}
+ else
+ {
+ continue;
+ }
/* check if suggested profile is in our list */
for( i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
{
@@ -858,7 +864,7 @@
( len > ( profile_length + 2 ) ) )
{
ssl->dtls_srtp_info.mki_len = buf[profile_length + 2];
- if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ||
+ if( ssl->dtls_srtp_info.mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ||
ssl->dtls_srtp_info.mki_len + profile_length + size_of_lengths != len )
{
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 63244a1..4872b69 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4749,7 +4749,7 @@
unsigned char *mki_value,
size_t mki_len )
{
- if ( mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH )
+ if ( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH )
{
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 82627ff..644cafa 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1194,7 +1194,7 @@
const mbedtls_ecp_curve_info *curve_cur;
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH];
+ unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
size_t mki_len=0;
#endif
@@ -1242,7 +1242,7 @@
eap_tls_keys eap_tls_keying;
#if defined( MBEDTLS_SSL_DTLS_SRTP )
/*! master keys and master salt for SRTP generated during handshake */
- unsigned char dtls_srtp_key_material[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
+ unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index dd365b7..069bd44 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1873,7 +1873,7 @@
eap_tls_keys eap_tls_keying;
#if defined( MBEDTLS_SSL_DTLS_SRTP )
/*! master keys and master salt for SRTP generated during handshake */
- unsigned char dtls_srtp_key_material[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
+ unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
#endif /* MBEDTLS_SSL_DTLS_SRTP */