freebsd-src/crypto/openssl/ssl/d1_srtp.c

/*
 * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DTLS code by Eric Rescorla <ekr@rtfm.com>
 *
 * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
 */

#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_local.h"

#ifndef OPENSSL_NO_SRTP

static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
    {
     "SRTP_AES128_CM_SHA1_80",
     SRTP_AES128_CM_SHA1_80,
     },
    {
     "SRTP_AES128_CM_SHA1_32",
     SRTP_AES128_CM_SHA1_32,
     },
    {
     "SRTP_AEAD_AES_128_GCM",
     SRTP_AEAD_AES_128_GCM,
     },
    {
     "SRTP_AEAD_AES_256_GCM",
     SRTP_AEAD_AES_256_GCM,
     },
    {0}
};

static int find_profile_by_name(char *profile_name,
                                SRTP_PROTECTION_PROFILE **pptr, size_t len)
{
    SRTP_PROTECTION_PROFILE *p;

    p = srtp_known_profiles;
    while (p->name) {
        if ((len == strlen(p->name))
            && strncmp(p->name, profile_name, len) == 0) {
            *pptr = p;
            return 0;
        }

        p++;
    }

    return 1;
}

static int ssl_ctx_make_profiles(const char *profiles_string,
                                 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
{
    STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;

    char *col;
    char *ptr = (char *)profiles_string;
    SRTP_PROTECTION_PROFILE *p;

    if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
        ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
        return 1;
    }

    do {
        col = strchr(ptr, ':');

        if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
                                               : strlen(ptr))) {
            if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
                ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                goto err;
            }

            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
                ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
                goto err;
            }
        } else {
            ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
            goto err;
        }

        if (col)
            ptr = col + 1;
    } while (col);

    sk_SRTP_PROTECTION_PROFILE_free(*out);

    *out = profiles;

    return 0;
 err:
    sk_SRTP_PROTECTION_PROFILE_free(profiles);
    return 1;
}

int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
{
    return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
}

int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
{
    return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
}

STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
{
    if (s != NULL) {
        if (s->srtp_profiles != NULL) {
            return s->srtp_profiles;
        } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
            return s->ctx->srtp_profiles;
        }
    }

    return NULL;
}

SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
{
    return s->srtp_profile;
}
#endif
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`/*`
openssl: Vendor import of OpenSSL-3.0.8 Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set \| egrep '(XLIST\|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l \| cut -c 3- \| sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835 2023-03-01 04:21:31 +00:00			`* Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`*`
openssl: Vendor import of OpenSSL-3.0.8 Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set \| egrep '(XLIST\|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l \| cut -c 3- \| sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835 2023-03-01 04:21:31 +00:00			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`*/`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`/*`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`* DTLS code by Eric Rescorla <ekr@rtfm.com>`
			`*`
			`* Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.`
			`*/`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00
			`#include <stdio.h>`
			`#include <openssl/objects.h>`
Import OpenSSL 1.1.1e. 2020-03-17 21:27:57 +00:00			`#include "ssl_local.h"`
Import OpenSSL 1.0.1e. Approved by: secteam (delphij, simon), benl (silence) 2013-02-13 22:15:56 +00:00
			`#ifndef OPENSSL_NO_SRTP`

Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`{`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`"SRTP_AES128_CM_SHA1_80",`
			`SRTP_AES128_CM_SHA1_80,`
			`},`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`{`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`"SRTP_AES128_CM_SHA1_32",`
			`SRTP_AES128_CM_SHA1_32,`
			`},`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`{`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`"SRTP_AEAD_AES_128_GCM",`
			`SRTP_AEAD_AES_128_GCM,`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`},`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`{`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`"SRTP_AEAD_AES_256_GCM",`
			`SRTP_AEAD_AES_256_GCM,`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`},`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`{0}`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`};`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00
			`static int find_profile_by_name(char *profile_name,`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`SRTP_PROTECTION_PROFILE **pptr, size_t len)`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`{`
			`SRTP_PROTECTION_PROFILE *p;`

			`p = srtp_known_profiles;`
			`while (p->name) {`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`if ((len == strlen(p->name))`
			`&& strncmp(p->name, profile_name, len) == 0) {`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`*pptr = p;`
			`return 0;`
			`}`

			`p++;`
			`}`

			`return 1;`
			`}`

			`static int ssl_ctx_make_profiles(const char *profiles_string,`
			`STACK_OF(SRTP_PROTECTION_PROFILE) **out)`
			`{`
			`STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;`

			`char *col;`
			`char ptr = (char )profiles_string;`
			`SRTP_PROTECTION_PROFILE *p;`

Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {`
openssl: Vendor import of OpenSSL-3.0.8 Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set \| egrep '(XLIST\|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l \| cut -c 3- \| sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835 2023-03-01 04:21:31 +00:00			`ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`return 1;`
			`}`

			`do {`
			`col = strchr(ptr, ':');`

Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)`
			`: strlen(ptr))) {`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {`
openssl: Vendor import of OpenSSL-3.0.8 Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set \| egrep '(XLIST\|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l \| cut -c 3- \| sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835 2023-03-01 04:21:31 +00:00			`ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`goto err;`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`}`

Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {`
openssl: Vendor import of OpenSSL-3.0.8 Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set \| egrep '(XLIST\|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l \| cut -c 3- \| sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835 2023-03-01 04:21:31 +00:00			`ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`goto err;`
			`}`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`} else {`
openssl: Vendor import of OpenSSL-3.0.8 Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set \| egrep '(XLIST\|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l \| cut -c 3- \| sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835 2023-03-01 04:21:31 +00:00			`ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`goto err;`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`}`

			`if (col)`
			`ptr = col + 1;`
			`} while (col);`

Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`sk_SRTP_PROTECTION_PROFILE_free(*out);`

Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`*out = profiles;`

			`return 0;`
Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00			`err:`
			`sk_SRTP_PROTECTION_PROFILE_free(profiles);`
			`return 1;`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`}`

			`int SSL_CTX_set_tlsext_use_srtp(SSL_CTX ctx, const char profiles)`
			`{`
			`return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);`
			`}`

			`int SSL_set_tlsext_use_srtp(SSL s, const char profiles)`
			`{`
			`return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);`
			`}`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00
			`STACK_OF(SRTP_PROTECTION_PROFILE) SSL_get_srtp_profiles(SSL s)`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`{`
			`if (s != NULL) {`
			`if (s->srtp_profiles != NULL) {`
			`return s->srtp_profiles;`
			`} else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {`
			`return s->ctx->srtp_profiles;`
			`}`
			`}`

			`return NULL;`
			`}`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00
			`SRTP_PROTECTION_PROFILE SSL_get_selected_srtp_profile(SSL s)`
Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00			`{`
			`return s->srtp_profile;`
			`}`
Import OpenSSL 1.0.1c. Approved by: benl (maintainer) 2012-07-11 23:31:36 +00:00			`#endif`