From c2a2ff3f0acf1b11f2602bc0bd70b84d1c6a5602 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 15 Oct 2014 01:23:07 +0100 Subject: [PATCH] Fix SRTP compile issues for windows Related to CVE-2014-3513 This fix was developed by the OpenSSL Team Reviewed-by: Tim Hudson Conflicts: util/mkdef.pl util/ssleay.num Conflicts: util/mkdef.pl --- ssl/srtp.h | 4 ++++ util/mk1mf.pl | 1 + util/mkdef.pl | 10 +++++++--- util/ssleay.num | 8 ++++---- 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/ssl/srtp.h b/ssl/srtp.h index ae364d0ff..dfdab0ed8 100644 --- a/ssl/srtp.h +++ b/ssl/srtp.h @@ -130,12 +130,16 @@ extern "C" { #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 +#ifndef OPENSSL_NO_SRTP + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +#endif + #ifdef __cplusplus } #endif diff --git a/util/mk1mf.pl b/util/mk1mf.pl index be7d383f5..b5e522121 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -1228,6 +1228,7 @@ sub read_options "dll" => \$shlib, "shared" => 0, "no-sctp" => 0, + "no-srtp" => 0, "no-gmp" => 0, "no-rfc3779" => 0, "no-montasm" => 0, diff --git a/util/mkdef.pl b/util/mkdef.pl index 05c568929..a39a56cb2 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -115,10 +115,12 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "DEPRECATED", # Hide SSL internals "SSL_INTERN", + # SCTP + "SCTP", + # SRTP + "SRTP", # SSL TRACE "SSL_TRACE", - # SCTP - "SCTP", # Unit testing "UNIT_TEST"); @@ -140,7 +142,7 @@ my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; -my $no_nextprotoneg; my $no_sctp; my $no_ssl_trace; +my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $fips; @@ -241,6 +243,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-jpake$/) { $no_jpake=1; } elsif (/^no-srp$/) { $no_srp=1; } elsif (/^no-sctp$/) { $no_sctp=1; } + elsif (/^no-srtp$/) { $no_srtp=1; } elsif (/^no-unit-test$/){ $no_unit_test=1; } } @@ -1214,6 +1217,7 @@ sub is_valid if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "SRP" && $no_srp) { return 0; } if ($keyword eq "SCTP" && $no_sctp) { return 0; } + if ($keyword eq "SRTP" && $no_srtp) { return 0; } if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } diff --git a/util/ssleay.num b/util/ssleay.num index ac98f905c..7eb4f179f 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -310,14 +310,14 @@ TLSv1_2_method 350 EXIST::FUNCTION: SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION: kssl_ctx_get0_client_princ 352 EXIST::FUNCTION:KRB5 SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT -SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION: +SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG -SSL_get_selected_srtp_profile 357 EXIST::FUNCTION: -SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION: +SSL_get_selected_srtp_profile 357 EXIST::FUNCTION:SRTP +SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:SRTP SSL_select_next_proto 359 EXIST::FUNCTION:TLSEXT -SSL_get_srtp_profiles 360 EXIST::FUNCTION: +SSL_get_srtp_profiles 360 EXIST::FUNCTION:SRTP SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_SESSION_get_compress_id 362 EXIST::FUNCTION: