[openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-139-g6ee7de1

Matt Caswell matt at openssl.org
Mon Jan 5 14:32:12 UTC 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, OpenSSL_1_0_2-stable has been updated
       via  6ee7de1eb3cb3a47a824cf5de1e6a2522fb1e998 (commit)
       via  7b0194db42bdbd2b060f730195fa4ffed630829f (commit)
      from  bfaf796241d60132442db35bebda88dbafef53a1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6ee7de1eb3cb3a47a824cf5de1e6a2522fb1e998
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Dec 22 11:34:24 2014 +0000

    Additional fix required for no-srtp to work
    
    RT3638
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

commit 7b0194db42bdbd2b060f730195fa4ffed630829f
Author: Piotr Sikora <piotr at cloudflare.com>
Date:   Mon Dec 22 11:15:51 2014 +0000

    Fix building with no-srtp
    
    RT3638
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>
    
    Conflicts:
    	ssl/t1_lib.c

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c |   10 ++++++++++
 apps/s_server.c |   10 ++++++++++
 ssl/d1_srtp.c   |    2 +-
 ssl/ssl_lib.c   |    4 ++++
 ssl/t1_lib.c    |    8 ++++++++
 5 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index e6e8a07..d27ee3d 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -375,7 +375,9 @@ static void sc_usage(void)
 # endif
 	BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
 	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+#ifndef OPENSSL_NO_SRTP
 	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+#endif
  	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
  	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
 	}
@@ -515,7 +517,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
 	}
 
 #endif
+#ifndef OPENSSL_NO_SRTP
 	char *srtp_profiles = NULL;
+#endif
 
 # ifndef OPENSSL_NO_NEXTPROTONEG
 /* This the context that we pass to next_proto_cb */
@@ -1087,11 +1091,13 @@ static char *jpake_secret = NULL;
 			jpake_secret = *++argv;
 			}
 #endif
+#ifndef OPENSSL_NO_SRTP
 		else if (strcmp(*argv,"-use_srtp") == 0)
 			{
 			if (--argc < 1) goto bad;
 			srtp_profiles = *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-keymatexport") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -1313,6 +1319,8 @@ bad:
 			BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
 		SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
 		}
+#endif
+#ifndef OPENSSL_NO_SRTP
 	if (srtp_profiles != NULL)
 		SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
 #endif
@@ -2332,6 +2340,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	}
 #endif
 
+#ifndef OPENSSL_NO_SRTP
  	{
  	SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
  
@@ -2339,6 +2348,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 		BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
 			   srtp_profile->name);
 	}
+#endif
  
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	if (keymatexportlabel != NULL)
diff --git a/apps/s_server.c b/apps/s_server.c
index c608fbb..d824a83 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -583,7 +583,9 @@ static void sv_usage(void)
 # ifndef OPENSSL_NO_NEXTPROTONEG
 	BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
 # endif
+# ifndef OPENSSL_NO_SRTP
         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+# endif
 	BIO_printf(bio_err," -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
 #endif
 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
@@ -997,7 +999,9 @@ static char *jpake_secret = NULL;
 #ifndef OPENSSL_NO_SRP
 	static srpsrvparm srp_callback_parm;
 #endif
+#ifndef OPENSSL_NO_SRTP
 static char *srtp_profiles = NULL;
+#endif
 
 int MAIN(int argc, char *argv[])
 	{
@@ -1498,11 +1502,13 @@ int MAIN(int argc, char *argv[])
 			jpake_secret = *(++argv);
 			}
 #endif
+#ifndef OPENSSL_NO_SRTP
 		else if (strcmp(*argv,"-use_srtp") == 0)
 			{
 			if (--argc < 1) goto bad;
 			srtp_profiles = *(++argv);
 			}
+#endif
 		else if (strcmp(*argv,"-keymatexport") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -1780,8 +1786,10 @@ bad:
 	else
 		SSL_CTX_sess_set_cache_size(ctx,128);
 
+#ifndef OPENSSL_NO_SRTP
 	if (srtp_profiles != NULL)
 		SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+#endif
 
 #if 0
 	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -2713,6 +2721,7 @@ static int init_ssl_connection(SSL *con)
 		BIO_printf(bio_s_out, "\n");
 		}
 #endif
+#ifndef OPENSSL_NO_SRTP
 	{
 	SRTP_PROTECTION_PROFILE *srtp_profile
 	  = SSL_get_selected_srtp_profile(con);
@@ -2721,6 +2730,7 @@ static int init_ssl_connection(SSL *con)
 		BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
 			   srtp_profile->name);
 	}
+#endif
 	if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
 	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
 		TLS1_FLAGS_TLS_PADDING_BUG)
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index ac1bef0..49bd9b1 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -115,13 +115,13 @@
   Copyright (C) 2011, RTFM, Inc.
 */
 
-#ifndef OPENSSL_NO_SRTP
 
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 #include "srtp.h"
 
+#ifndef OPENSSL_NO_SRTP
 
 static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=
     {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d56459f..cd4ea68 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -641,8 +641,10 @@ void SSL_free(SSL *s)
 		OPENSSL_free(s->next_proto_negotiated);
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if (s->srtp_profiles)
             sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
 
 	OPENSSL_free(s);
 	}
@@ -2139,8 +2141,10 @@ void SSL_CTX_free(SSL_CTX *a)
 	a->comp_methods = NULL;
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if (a->srtp_profiles)
                 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
 
 #ifndef OPENSSL_NO_PSK
 	if (a->psk_identity_hint)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4deab88..a4bbb02 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1552,6 +1552,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
 		ret += s->alpn_client_proto_list_len;
 		}
 
+#ifndef OPENSSL_NO_SRTP
         if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
                 {
                 int el;
@@ -1570,6 +1571,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
 			}
                 ret += el;
                 }
+#endif
 	custom_ext_init(&s->cert->cli_ext);
 	/* Add custom TLS Extensions to ClientHello */
 	if (!custom_ext_add(s, 0, &ret, limit, al))
@@ -1726,6 +1728,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
 		}
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if(SSL_IS_DTLS(s) && s->srtp_profile)
                 {
                 int el;
@@ -1744,6 +1747,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
 			}
                 ret+=el;
                 }
+#endif
 
 	if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 
 		&& (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
@@ -2484,6 +2488,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 			}
 
 		/* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
 		else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
 				&& type == TLSEXT_TYPE_use_srtp)
                         {
@@ -2491,6 +2496,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 							      al))
 				return 0;
                         }
+#endif
 
 		data+=size;
 		}
@@ -2854,12 +2860,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 				}
 			}
 #endif
+#ifndef OPENSSL_NO_SRTP
 		else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
                         {
                         if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
 							      al))
                                 return 0;
                         }
+#endif
 		/* If this extension type was not otherwise handled, but 
 		 * matches a custom_cli_ext_record, then send it to the c
 		 * callback */


hooks/post-receive
-- 
OpenSSL source code


More information about the openssl-commits mailing list