generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix building with no-srtp

Browse Source 
RT3638

Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Piotr Sikora 2014-12-22 11:15:51 +00:00 committed by Matt Caswell
parent cb2bc0543a
commit e783bae26a
4 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/s_client.c
View File

@ -368,7 +368,9 @@ static void sc_usage(void)
BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
#endif #endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
#ifndef OPENSSL_NO_SRTP
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
} }
@ -508,7 +510,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
} }
#endif #endif
#ifndef OPENSSL_NO_SRTP
char *srtp_profiles = NULL; char *srtp_profiles = NULL;
#endif
# ifndef OPENSSL_NO_NEXTPROTONEG # ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */ /* This the context that we pass to next_proto_cb */
@ -1089,11 +1093,13 @@ static char *jpake_secret = NULL;
jpake_secret = *++argv; jpake_secret = *++argv;
} }
#endif #endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv,"-use_srtp") == 0) else if (strcmp(*argv,"-use_srtp") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
srtp_profiles = *(++argv); srtp_profiles = *(++argv);
} }
#endif
else if (strcmp(*argv,"-keymatexport") == 0) else if (strcmp(*argv,"-keymatexport") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
@ -1323,6 +1329,8 @@ bad:
BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
} }
#endif
#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL) if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif #endif
@ -2300,6 +2308,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
} }
#endif #endif
#ifndef OPENSSL_NO_SRTP
{ {
SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s); SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
@ -2307,6 +2316,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n", BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
srtp_profile->name); srtp_profile->name);
} }
#endif
SSL_SESSION_print(bio,SSL_get_session(s)); SSL_SESSION_print(bio,SSL_get_session(s));
if (keymatexportlabel != NULL) if (keymatexportlabel != NULL)

10
apps/s_server.c
View File

@ -545,7 +545,9 @@ static void sv_usage(void)
# ifndef OPENSSL_NO_NEXTPROTONEG # ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
# endif # endif
# ifndef OPENSSL_NO_SRTP
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
# endif
BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
#endif #endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
@ -965,7 +967,9 @@ static char *jpake_secret = NULL;
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
static srpsrvparm srp_callback_parm; static srpsrvparm srp_callback_parm;
#endif #endif
#ifndef OPENSSL_NO_SRTP
static char *srtp_profiles = NULL; static char *srtp_profiles = NULL;
#endif
int MAIN(int argc, char *argv[]) int MAIN(int argc, char *argv[])
{ {
@ -1488,11 +1492,13 @@ int MAIN(int argc, char *argv[])
jpake_secret = *(++argv); jpake_secret = *(++argv);
} }
#endif #endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv,"-use_srtp") == 0) else if (strcmp(*argv,"-use_srtp") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
srtp_profiles = *(++argv); srtp_profiles = *(++argv);
} }
#endif
else if (strcmp(*argv,"-keymatexport") == 0) else if (strcmp(*argv,"-keymatexport") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
@ -1774,8 +1780,10 @@ bad:
else else
SSL_CTX_sess_set_cache_size(ctx,128); SSL_CTX_sess_set_cache_size(ctx,128);
#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL) if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
#if 0 #if 0
if (cipher == NULL) cipher=getenv("SSL_CIPHER"); if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@ -2727,6 +2735,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out, "\n"); BIO_printf(bio_s_out, "\n");
} }
#endif #endif
#ifndef OPENSSL_NO_SRTP
{ {
SRTP_PROTECTION_PROFILE *srtp_profile SRTP_PROTECTION_PROFILE *srtp_profile
= SSL_get_selected_srtp_profile(con); = SSL_get_selected_srtp_profile(con);
@ -2735,6 +2744,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
srtp_profile->name); srtp_profile->name);
} }
#endif
if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG) TLS1_FLAGS_TLS_PADDING_BUG)

4
ssl/ssl_lib.c
View File

@ -631,8 +631,10 @@ void SSL_free(SSL *s)
OPENSSL_free(s->next_proto_negotiated); OPENSSL_free(s->next_proto_negotiated);
#endif #endif
#ifndef OPENSSL_NO_SRTP
if (s->srtp_profiles) if (s->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
#endif
OPENSSL_free(s); OPENSSL_free(s);
} }
@ -2145,8 +2147,10 @@ void SSL_CTX_free(SSL_CTX *a)
a->comp_methods = NULL; a->comp_methods = NULL;
#endif #endif
#ifndef OPENSSL_NO_SRTP
if (a->srtp_profiles) if (a->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
#endif
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
if (a->psk_identity_hint) if (a->psk_identity_hint)

8
ssl/t1_lib.c
View File

@ -1501,6 +1501,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret += s->alpn_client_proto_list_len; ret += s->alpn_client_proto_list_len;
} }
#ifndef OPENSSL_NO_SRTP
if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
{ {
int el; int el;
@ -1519,6 +1520,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
} }
ret += el; ret += el;
} }
#endif
custom_ext_init(&s->cert->cli_ext); custom_ext_init(&s->cert->cli_ext);
/* Add custom TLS Extensions to ClientHello */ /* Add custom TLS Extensions to ClientHello */
if (!custom_ext_add(s, 0, &ret, limit, al)) if (!custom_ext_add(s, 0, &ret, limit, al))
@ -1681,6 +1683,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
} }
#endif #endif
#ifndef OPENSSL_NO_SRTP
if(SSL_IS_DTLS(s) && s->srtp_profile) if(SSL_IS_DTLS(s) && s->srtp_profile)
{ {
int el; int el;
@ -1699,6 +1702,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
} }
ret+=el; ret+=el;
} }
#endif
if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81)
&& (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
@ -2470,6 +2474,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
} }
/* session ticket processed earlier */ /* session ticket processed earlier */
#ifndef OPENSSL_NO_SRTP
else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
&& type == TLSEXT_TYPE_use_srtp) && type == TLSEXT_TYPE_use_srtp)
{ {
@ -2477,6 +2482,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
al)) al))
return 0; return 0;
} }
#endif
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac) else if (type == TLSEXT_TYPE_encrypt_then_mac)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
@ -2813,12 +2819,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
} }
} }
#endif #endif
#ifndef OPENSSL_NO_SRTP
else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
{ {
if(ssl_parse_serverhello_use_srtp_ext(s, data, size, if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
al)) al))
return 0; return 0;
} }
#endif
#ifdef TLSEXT_TYPE_encrypt_then_mac #ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac) else if (type == TLSEXT_TYPE_encrypt_then_mac)
{ {