1238384Sjkim/* ssl/t1_lib.c */ 2238384Sjkim/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3238384Sjkim * All rights reserved. 4238384Sjkim * 5238384Sjkim * This package is an SSL implementation written 6238384Sjkim * by Eric Young (eay@cryptsoft.com). 7238384Sjkim * The implementation was written so as to conform with Netscapes SSL. 8280304Sjkim * 9238384Sjkim * This library is free for commercial and non-commercial use as long as 10238384Sjkim * the following conditions are aheared to. The following conditions 11238384Sjkim * apply to all code found in this distribution, be it the RC4, RSA, 12238384Sjkim * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13238384Sjkim * included with this distribution is covered by the same copyright terms 14238384Sjkim * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15280304Sjkim * 16238384Sjkim * Copyright remains Eric Young's, and as such any Copyright notices in 17238384Sjkim * the code are not to be removed. 18238384Sjkim * If this package is used in a product, Eric Young should be given attribution 19238384Sjkim * as the author of the parts of the library used. 20238384Sjkim * This can be in the form of a textual message at program startup or 21238384Sjkim * in documentation (online or textual) provided with the package. 22280304Sjkim * 23238384Sjkim * Redistribution and use in source and binary forms, with or without 24238384Sjkim * modification, are permitted provided that the following conditions 25238384Sjkim * are met: 26238384Sjkim * 1. Redistributions of source code must retain the copyright 27238384Sjkim * notice, this list of conditions and the following disclaimer. 28238384Sjkim * 2. Redistributions in binary form must reproduce the above copyright 29238384Sjkim * notice, this list of conditions and the following disclaimer in the 30238384Sjkim * documentation and/or other materials provided with the distribution. 31238384Sjkim * 3. All advertising materials mentioning features or use of this software 32238384Sjkim * must display the following acknowledgement: 33238384Sjkim * "This product includes cryptographic software written by 34238384Sjkim * Eric Young (eay@cryptsoft.com)" 35238384Sjkim * The word 'cryptographic' can be left out if the rouines from the library 36238384Sjkim * being used are not cryptographic related :-). 37280304Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 38238384Sjkim * the apps directory (application code) you must include an acknowledgement: 39238384Sjkim * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40280304Sjkim * 41238384Sjkim * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42238384Sjkim * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43238384Sjkim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44238384Sjkim * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45238384Sjkim * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46238384Sjkim * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47238384Sjkim * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48238384Sjkim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49238384Sjkim * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50238384Sjkim * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51238384Sjkim * SUCH DAMAGE. 52280304Sjkim * 53238384Sjkim * The licence and distribution terms for any publically available version or 54238384Sjkim * derivative of this code cannot be changed. i.e. this code cannot simply be 55238384Sjkim * copied and put under another distribution licence 56238384Sjkim * [including the GNU Public Licence.] 57238384Sjkim */ 58238384Sjkim/* ==================================================================== 59238384Sjkim * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60238384Sjkim * 61238384Sjkim * Redistribution and use in source and binary forms, with or without 62238384Sjkim * modification, are permitted provided that the following conditions 63238384Sjkim * are met: 64238384Sjkim * 65238384Sjkim * 1. Redistributions of source code must retain the above copyright 66280304Sjkim * notice, this list of conditions and the following disclaimer. 67238384Sjkim * 68238384Sjkim * 2. Redistributions in binary form must reproduce the above copyright 69238384Sjkim * notice, this list of conditions and the following disclaimer in 70238384Sjkim * the documentation and/or other materials provided with the 71238384Sjkim * distribution. 72238384Sjkim * 73238384Sjkim * 3. All advertising materials mentioning features or use of this 74238384Sjkim * software must display the following acknowledgment: 75238384Sjkim * "This product includes software developed by the OpenSSL Project 76238384Sjkim * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77238384Sjkim * 78238384Sjkim * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79238384Sjkim * endorse or promote products derived from this software without 80238384Sjkim * prior written permission. For written permission, please contact 81238384Sjkim * openssl-core@openssl.org. 82238384Sjkim * 83238384Sjkim * 5. Products derived from this software may not be called "OpenSSL" 84238384Sjkim * nor may "OpenSSL" appear in their names without prior written 85238384Sjkim * permission of the OpenSSL Project. 86238384Sjkim * 87238384Sjkim * 6. Redistributions of any form whatsoever must retain the following 88238384Sjkim * acknowledgment: 89238384Sjkim * "This product includes software developed by the OpenSSL Project 90238384Sjkim * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91238384Sjkim * 92238384Sjkim * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93238384Sjkim * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94238384Sjkim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95238384Sjkim * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96238384Sjkim * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97238384Sjkim * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98238384Sjkim * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99238384Sjkim * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100238384Sjkim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101238384Sjkim * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102238384Sjkim * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103238384Sjkim * OF THE POSSIBILITY OF SUCH DAMAGE. 104238384Sjkim * ==================================================================== 105238384Sjkim * 106238384Sjkim * This product includes cryptographic software written by Eric Young 107238384Sjkim * (eay@cryptsoft.com). This product includes software written by Tim 108238384Sjkim * Hudson (tjh@cryptsoft.com). 109238384Sjkim * 110238384Sjkim */ 111238384Sjkim/* 112280304Sjkim * DTLS code by Eric Rescorla <ekr@rtfm.com> 113280304Sjkim * 114280304Sjkim * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. 115280304Sjkim */ 116238384Sjkim 117238384Sjkim#include <stdio.h> 118238384Sjkim#include <openssl/objects.h> 119238384Sjkim#include "ssl_locl.h" 120246772Sjkim 121246772Sjkim#ifndef OPENSSL_NO_SRTP 122246772Sjkim 123280304Sjkim# include "srtp.h" 124238384Sjkim 125280304Sjkimstatic SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { 126238384Sjkim { 127280304Sjkim "SRTP_AES128_CM_SHA1_80", 128280304Sjkim SRTP_AES128_CM_SHA1_80, 129280304Sjkim }, 130238384Sjkim { 131280304Sjkim "SRTP_AES128_CM_SHA1_32", 132280304Sjkim SRTP_AES128_CM_SHA1_32, 133280304Sjkim }, 134280304Sjkim# if 0 135238384Sjkim { 136280304Sjkim "SRTP_NULL_SHA1_80", 137280304Sjkim SRTP_NULL_SHA1_80, 138280304Sjkim }, 139238384Sjkim { 140280304Sjkim "SRTP_NULL_SHA1_32", 141280304Sjkim SRTP_NULL_SHA1_32, 142280304Sjkim }, 143280304Sjkim# endif 144238384Sjkim {0} 145280304Sjkim}; 146238384Sjkim 147238384Sjkimstatic int find_profile_by_name(char *profile_name, 148280304Sjkim SRTP_PROTECTION_PROFILE **pptr, unsigned len) 149280304Sjkim{ 150280304Sjkim SRTP_PROTECTION_PROFILE *p; 151238384Sjkim 152280304Sjkim p = srtp_known_profiles; 153280304Sjkim while (p->name) { 154280304Sjkim if ((len == strlen(p->name)) && !strncmp(p->name, profile_name, len)) { 155280304Sjkim *pptr = p; 156280304Sjkim return 0; 157280304Sjkim } 158238384Sjkim 159280304Sjkim p++; 160280304Sjkim } 161238384Sjkim 162280304Sjkim return 1; 163280304Sjkim} 164238384Sjkim 165280304Sjkimstatic int ssl_ctx_make_profiles(const char *profiles_string, 166280304Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) **out) 167280304Sjkim{ 168280304Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; 169238384Sjkim 170280304Sjkim char *col; 171280304Sjkim char *ptr = (char *)profiles_string; 172238384Sjkim 173280304Sjkim SRTP_PROTECTION_PROFILE *p; 174238384Sjkim 175280304Sjkim if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { 176280304Sjkim SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, 177280304Sjkim SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); 178280304Sjkim return 1; 179280304Sjkim } 180273149Sjkim 181280304Sjkim do { 182280304Sjkim col = strchr(ptr, ':'); 183238384Sjkim 184280304Sjkim if (!find_profile_by_name(ptr, &p, 185280304Sjkim col ? col - ptr : (int)strlen(ptr))) { 186280304Sjkim if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { 187280304Sjkim SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, 188280304Sjkim SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 189280304Sjkim sk_SRTP_PROTECTION_PROFILE_free(profiles); 190280304Sjkim return 1; 191280304Sjkim } 192238384Sjkim 193280304Sjkim sk_SRTP_PROTECTION_PROFILE_push(profiles, p); 194280304Sjkim } else { 195280304Sjkim SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, 196280304Sjkim SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); 197280304Sjkim sk_SRTP_PROTECTION_PROFILE_free(profiles); 198280304Sjkim return 1; 199280304Sjkim } 200238384Sjkim 201280304Sjkim if (col) 202280304Sjkim ptr = col + 1; 203280304Sjkim } while (col); 204238384Sjkim 205280304Sjkim *out = profiles; 206238384Sjkim 207280304Sjkim return 0; 208280304Sjkim} 209280304Sjkim 210280304Sjkimint SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) 211280304Sjkim{ 212280304Sjkim return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); 213280304Sjkim} 214280304Sjkim 215280304Sjkimint SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) 216280304Sjkim{ 217280304Sjkim return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); 218280304Sjkim} 219280304Sjkim 220238384SjkimSTACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) 221280304Sjkim{ 222280304Sjkim if (s != NULL) { 223280304Sjkim if (s->srtp_profiles != NULL) { 224280304Sjkim return s->srtp_profiles; 225280304Sjkim } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { 226280304Sjkim return s->ctx->srtp_profiles; 227280304Sjkim } 228280304Sjkim } 229238384Sjkim 230280304Sjkim return NULL; 231280304Sjkim} 232238384Sjkim 233238384SjkimSRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) 234280304Sjkim{ 235280304Sjkim return s->srtp_profile; 236280304Sjkim} 237238384Sjkim 238280304Sjkim/* 239280304Sjkim * Note: this function returns 0 length if there are no profiles specified 240280304Sjkim */ 241280304Sjkimint ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, 242280304Sjkim int maxlen) 243280304Sjkim{ 244280304Sjkim int ct = 0; 245280304Sjkim int i; 246280304Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0; 247280304Sjkim SRTP_PROTECTION_PROFILE *prof; 248238384Sjkim 249280304Sjkim clnt = SSL_get_srtp_profiles(s); 250280304Sjkim ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ 251238384Sjkim 252280304Sjkim if (p) { 253280304Sjkim if (ct == 0) { 254280304Sjkim SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, 255280304Sjkim SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); 256280304Sjkim return 1; 257280304Sjkim } 258238384Sjkim 259280304Sjkim if ((2 + ct * 2 + 1) > maxlen) { 260280304Sjkim SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, 261280304Sjkim SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 262280304Sjkim return 1; 263280304Sjkim } 264238384Sjkim 265280304Sjkim /* Add the length */ 266280304Sjkim s2n(ct * 2, p); 267280304Sjkim for (i = 0; i < ct; i++) { 268280304Sjkim prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); 269280304Sjkim s2n(prof->id, p); 270280304Sjkim } 271238384Sjkim 272280304Sjkim /* Add an empty use_mki value */ 273280304Sjkim *p++ = 0; 274280304Sjkim } 275238384Sjkim 276280304Sjkim *len = 2 + ct * 2 + 1; 277238384Sjkim 278280304Sjkim return 0; 279280304Sjkim} 280238384Sjkim 281280304Sjkimint ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, 282280304Sjkim int *al) 283280304Sjkim{ 284280304Sjkim SRTP_PROTECTION_PROFILE *sprof; 285280304Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; 286280304Sjkim int ct; 287280304Sjkim int mki_len; 288280304Sjkim int i, srtp_pref; 289280304Sjkim unsigned int id; 290238384Sjkim 291280304Sjkim /* Length value + the MKI length */ 292280304Sjkim if (len < 3) { 293280304Sjkim SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 294280304Sjkim SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 295280304Sjkim *al = SSL_AD_DECODE_ERROR; 296280304Sjkim return 1; 297280304Sjkim } 298280304Sjkim 299280304Sjkim /* Pull off the length of the cipher suite list */ 300280304Sjkim n2s(d, ct); 301280304Sjkim len -= 2; 302280304Sjkim 303280304Sjkim /* Check that it is even */ 304280304Sjkim if (ct % 2) { 305280304Sjkim SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 306280304Sjkim SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 307280304Sjkim *al = SSL_AD_DECODE_ERROR; 308280304Sjkim return 1; 309280304Sjkim } 310280304Sjkim 311280304Sjkim /* Check that lengths are consistent */ 312280304Sjkim if (len < (ct + 1)) { 313280304Sjkim SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 314280304Sjkim SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 315280304Sjkim *al = SSL_AD_DECODE_ERROR; 316280304Sjkim return 1; 317280304Sjkim } 318280304Sjkim 319280304Sjkim srvr = SSL_get_srtp_profiles(s); 320280304Sjkim s->srtp_profile = NULL; 321280304Sjkim /* Search all profiles for a match initially */ 322280304Sjkim srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); 323280304Sjkim 324280304Sjkim while (ct) { 325280304Sjkim n2s(d, id); 326280304Sjkim ct -= 2; 327238384Sjkim len -= 2; 328238384Sjkim 329280304Sjkim /* 330280304Sjkim * Only look for match in profiles of higher preference than 331280304Sjkim * current match. 332280304Sjkim * If no profiles have been have been configured then this 333280304Sjkim * does nothing. 334280304Sjkim */ 335280304Sjkim for (i = 0; i < srtp_pref; i++) { 336280304Sjkim sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); 337280304Sjkim if (sprof->id == id) { 338280304Sjkim s->srtp_profile = sprof; 339280304Sjkim srtp_pref = i; 340280304Sjkim break; 341280304Sjkim } 342280304Sjkim } 343280304Sjkim } 344238384Sjkim 345280304Sjkim /* 346280304Sjkim * Now extract the MKI value as a sanity check, but discard it for now 347280304Sjkim */ 348280304Sjkim mki_len = *d; 349280304Sjkim d++; 350280304Sjkim len--; 351238384Sjkim 352280304Sjkim if (mki_len != len) { 353280304Sjkim SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 354280304Sjkim SSL_R_BAD_SRTP_MKI_VALUE); 355280304Sjkim *al = SSL_AD_DECODE_ERROR; 356280304Sjkim return 1; 357280304Sjkim } 358238384Sjkim 359280304Sjkim return 0; 360280304Sjkim} 361238384Sjkim 362280304Sjkimint ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, 363280304Sjkim int maxlen) 364280304Sjkim{ 365280304Sjkim if (p) { 366280304Sjkim if (maxlen < 5) { 367280304Sjkim SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, 368280304Sjkim SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); 369280304Sjkim return 1; 370280304Sjkim } 371238384Sjkim 372280304Sjkim if (s->srtp_profile == 0) { 373280304Sjkim SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, 374280304Sjkim SSL_R_USE_SRTP_NOT_NEGOTIATED); 375280304Sjkim return 1; 376280304Sjkim } 377280304Sjkim s2n(2, p); 378280304Sjkim s2n(s->srtp_profile->id, p); 379280304Sjkim *p++ = 0; 380280304Sjkim } 381280304Sjkim *len = 5; 382238384Sjkim 383280304Sjkim return 0; 384280304Sjkim} 385238384Sjkim 386280304Sjkimint ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, 387280304Sjkim int *al) 388280304Sjkim{ 389280304Sjkim unsigned id; 390280304Sjkim int i; 391280304Sjkim int ct; 392238384Sjkim 393280304Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; 394280304Sjkim SRTP_PROTECTION_PROFILE *prof; 395238384Sjkim 396280304Sjkim if (len != 5) { 397280304Sjkim SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 398280304Sjkim SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 399280304Sjkim *al = SSL_AD_DECODE_ERROR; 400280304Sjkim return 1; 401280304Sjkim } 402238384Sjkim 403280304Sjkim n2s(d, ct); 404280304Sjkim if (ct != 2) { 405280304Sjkim SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 406280304Sjkim SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 407280304Sjkim *al = SSL_AD_DECODE_ERROR; 408280304Sjkim return 1; 409280304Sjkim } 410238384Sjkim 411280304Sjkim n2s(d, id); 412280304Sjkim if (*d) { /* Must be no MKI, since we never offer one */ 413280304Sjkim SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 414280304Sjkim SSL_R_BAD_SRTP_MKI_VALUE); 415280304Sjkim *al = SSL_AD_ILLEGAL_PARAMETER; 416280304Sjkim return 1; 417280304Sjkim } 418238384Sjkim 419280304Sjkim clnt = SSL_get_srtp_profiles(s); 420238384Sjkim 421280304Sjkim /* Throw an error if the server gave us an unsolicited extension */ 422280304Sjkim if (clnt == NULL) { 423280304Sjkim SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 424280304Sjkim SSL_R_NO_SRTP_PROFILES); 425280304Sjkim *al = SSL_AD_DECODE_ERROR; 426280304Sjkim return 1; 427280304Sjkim } 428238384Sjkim 429280304Sjkim /* 430280304Sjkim * Check to see if the server gave us something we support (and 431280304Sjkim * presumably offered) 432280304Sjkim */ 433280304Sjkim for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { 434280304Sjkim prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); 435238384Sjkim 436280304Sjkim if (prof->id == id) { 437280304Sjkim s->srtp_profile = prof; 438280304Sjkim *al = 0; 439280304Sjkim return 0; 440280304Sjkim } 441280304Sjkim } 442238384Sjkim 443280304Sjkim SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 444280304Sjkim SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); 445280304Sjkim *al = SSL_AD_DECODE_ERROR; 446280304Sjkim return 1; 447280304Sjkim} 448280304Sjkim 449238384Sjkim#endif 450