From aae4d22b166deec4c36bb53e8ad3e333dfda10d9 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 21:21:39 +0200 Subject: [PATCH] Improve code readability +micro optimization +style Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 5 ++++- library/ssl_cli.c | 10 ++++++++-- library/ssl_tls.c | 6 +++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index bae5348d3..a6b8f1bf5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -873,6 +873,7 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 #define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 +#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4 /* * For code readability use a typedef for DTLS-SRTP profiles * The supported profiles are defines as macro above: @@ -3185,7 +3186,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_DEBUG_C) -static inline const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ) +static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile ) { switch( profile ) { @@ -3229,6 +3230,8 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * for later reference as required, so the lifetime * of the table must be at least as long as the lifetime * of the SSL configuration structure. + * The list must not hold more than + * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements * * \return 0 on success * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 0eaeefa10..b3cfc972c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -800,8 +800,14 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ext_len & 0xFF ); /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ - *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) - >> 8 ) & 0xFF ); + /* micro-optimization: + * the list size is limited to MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + * which is lower than 127, so the upper byte of the length is always 0 + * For the documentation, the more generic code is left in comments + * *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) + * >> 8 ) & 0xFF ); + */ + *p++ = 0; *p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7c06c3bda..18a149f0c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4723,7 +4723,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, /* check the profiles list: all entry must be valid, * its size cannot be more than the total number of supported profiles, currently 4 */ - for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size < 5; p++ ) + for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; p++ ) { switch( *p ) { @@ -4734,11 +4734,11 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, list_size++; break; default: /* unsupported value, stop parsing and set the size to an error value */ - list_size = 5; + list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH+1; } } - if ( list_size > 4 ) { + if ( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) { conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );