[openssl-commits] [openssl] OpenSSL source code branch master updated. 32b07f5a80d22b34cfcd6df76d425bed771b0146
Matt Caswell
matt at openssl.org
Mon Jan 5 14:32:01 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".
The branch, master has been updated
via 32b07f5a80d22b34cfcd6df76d425bed771b0146 (commit)
via e783bae26ae50c1210d525f9c1a548e62066d670 (commit)
from cb2bc0543a27c48b165ca54069378155d69c41ee (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 32b07f5a80d22b34cfcd6df76d425bed771b0146
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 22 11:34:24 2014 +0000
Additional fix required for no-srtp to work
RT3638
Reviewed-by: Emilia Käsper <emilia at openssl.org>
commit e783bae26ae50c1210d525f9c1a548e62066d670
Author: Piotr Sikora <piotr at cloudflare.com>
Date: Mon Dec 22 11:15:51 2014 +0000
Fix building with no-srtp
RT3638
Reviewed-by: Emilia Käsper <emilia at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 10 ++++++++++
apps/s_server.c | 10 ++++++++++
ssl/d1_srtp.c | 2 +-
ssl/ssl_lib.c | 4 ++++
ssl/t1_lib.c | 8 ++++++++
5 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index fe14b36..d650cc4 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -368,7 +368,9 @@ static void sc_usage(void)
BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
#endif
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+#ifndef OPENSSL_NO_SRTP
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
}
@@ -508,7 +510,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
}
#endif
+#ifndef OPENSSL_NO_SRTP
char *srtp_profiles = NULL;
+#endif
# ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
@@ -1089,11 +1093,13 @@ static char *jpake_secret = NULL;
jpake_secret = *++argv;
}
#endif
+#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv,"-use_srtp") == 0)
{
if (--argc < 1) goto bad;
srtp_profiles = *(++argv);
}
+#endif
else if (strcmp(*argv,"-keymatexport") == 0)
{
if (--argc < 1) goto bad;
@@ -1323,6 +1329,8 @@ bad:
BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
}
+#endif
+#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
@@ -2300,6 +2308,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
}
#endif
+#ifndef OPENSSL_NO_SRTP
{
SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
@@ -2307,6 +2316,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
srtp_profile->name);
}
+#endif
SSL_SESSION_print(bio,SSL_get_session(s));
if (keymatexportlabel != NULL)
diff --git a/apps/s_server.c b/apps/s_server.c
index 1e40769..6690646 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -545,7 +545,9 @@ static void sv_usage(void)
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
# endif
+# ifndef OPENSSL_NO_SRTP
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+# endif
BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
@@ -965,7 +967,9 @@ static char *jpake_secret = NULL;
#ifndef OPENSSL_NO_SRP
static srpsrvparm srp_callback_parm;
#endif
+#ifndef OPENSSL_NO_SRTP
static char *srtp_profiles = NULL;
+#endif
int MAIN(int argc, char *argv[])
{
@@ -1488,11 +1492,13 @@ int MAIN(int argc, char *argv[])
jpake_secret = *(++argv);
}
#endif
+#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv,"-use_srtp") == 0)
{
if (--argc < 1) goto bad;
srtp_profiles = *(++argv);
}
+#endif
else if (strcmp(*argv,"-keymatexport") == 0)
{
if (--argc < 1) goto bad;
@@ -1774,8 +1780,10 @@ bad:
else
SSL_CTX_sess_set_cache_size(ctx,128);
+#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+#endif
#if 0
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -2727,6 +2735,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out, "\n");
}
#endif
+#ifndef OPENSSL_NO_SRTP
{
SRTP_PROTECTION_PROFILE *srtp_profile
= SSL_get_selected_srtp_profile(con);
@@ -2735,6 +2744,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
srtp_profile->name);
}
+#endif
if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index f18f4a0..ae51b58 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -115,12 +115,12 @@
Copyright (C) 2011, RTFM, Inc.
*/
-#ifndef OPENSSL_NO_SRTP
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SRTP
static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=
{
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d09bb7d..347ca5e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -631,8 +631,10 @@ void SSL_free(SSL *s)
OPENSSL_free(s->next_proto_negotiated);
#endif
+#ifndef OPENSSL_NO_SRTP
if (s->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
OPENSSL_free(s);
}
@@ -2145,8 +2147,10 @@ void SSL_CTX_free(SSL_CTX *a)
a->comp_methods = NULL;
#endif
+#ifndef OPENSSL_NO_SRTP
if (a->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
#ifndef OPENSSL_NO_PSK
if (a->psk_identity_hint)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2180c54..f399bc0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1501,6 +1501,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret += s->alpn_client_proto_list_len;
}
+#ifndef OPENSSL_NO_SRTP
if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
{
int el;
@@ -1519,6 +1520,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
}
ret += el;
}
+#endif
custom_ext_init(&s->cert->cli_ext);
/* Add custom TLS Extensions to ClientHello */
if (!custom_ext_add(s, 0, &ret, limit, al))
@@ -1681,6 +1683,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
}
#endif
+#ifndef OPENSSL_NO_SRTP
if(SSL_IS_DTLS(s) && s->srtp_profile)
{
int el;
@@ -1699,6 +1702,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
}
ret+=el;
}
+#endif
if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81)
&& (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
@@ -2470,6 +2474,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
}
/* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
&& type == TLSEXT_TYPE_use_srtp)
{
@@ -2477,6 +2482,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
al))
return 0;
}
+#endif
#ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
@@ -2813,12 +2819,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
}
}
#endif
+#ifndef OPENSSL_NO_SRTP
else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
{
if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
al))
return 0;
}
+#endif
#ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac)
{
hooks/post-receive
--
OpenSSL source code
More information about the openssl-commits
mailing list