[openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-139-g6ee7de1
Matt Caswell
matt at openssl.org
Mon Jan 5 14:32:12 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".
The branch, OpenSSL_1_0_2-stable has been updated
via 6ee7de1eb3cb3a47a824cf5de1e6a2522fb1e998 (commit)
via 7b0194db42bdbd2b060f730195fa4ffed630829f (commit)
from bfaf796241d60132442db35bebda88dbafef53a1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6ee7de1eb3cb3a47a824cf5de1e6a2522fb1e998
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 22 11:34:24 2014 +0000
Additional fix required for no-srtp to work
RT3638
Reviewed-by: Emilia Käsper <emilia at openssl.org>
commit 7b0194db42bdbd2b060f730195fa4ffed630829f
Author: Piotr Sikora <piotr at cloudflare.com>
Date: Mon Dec 22 11:15:51 2014 +0000
Fix building with no-srtp
RT3638
Reviewed-by: Emilia Käsper <emilia at openssl.org>
Conflicts:
ssl/t1_lib.c
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 10 ++++++++++
apps/s_server.c | 10 ++++++++++
ssl/d1_srtp.c | 2 +-
ssl/ssl_lib.c | 4 ++++
ssl/t1_lib.c | 8 ++++++++
5 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index e6e8a07..d27ee3d 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -375,7 +375,9 @@ static void sc_usage(void)
# endif
BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+#ifndef OPENSSL_NO_SRTP
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
}
@@ -515,7 +517,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
}
#endif
+#ifndef OPENSSL_NO_SRTP
char *srtp_profiles = NULL;
+#endif
# ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
@@ -1087,11 +1091,13 @@ static char *jpake_secret = NULL;
jpake_secret = *++argv;
}
#endif
+#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv,"-use_srtp") == 0)
{
if (--argc < 1) goto bad;
srtp_profiles = *(++argv);
}
+#endif
else if (strcmp(*argv,"-keymatexport") == 0)
{
if (--argc < 1) goto bad;
@@ -1313,6 +1319,8 @@ bad:
BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
}
+#endif
+#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
@@ -2332,6 +2340,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
}
#endif
+#ifndef OPENSSL_NO_SRTP
{
SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
@@ -2339,6 +2348,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
srtp_profile->name);
}
+#endif
SSL_SESSION_print(bio,SSL_get_session(s));
if (keymatexportlabel != NULL)
diff --git a/apps/s_server.c b/apps/s_server.c
index c608fbb..d824a83 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -583,7 +583,9 @@ static void sv_usage(void)
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
# endif
+# ifndef OPENSSL_NO_SRTP
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+# endif
BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
@@ -997,7 +999,9 @@ static char *jpake_secret = NULL;
#ifndef OPENSSL_NO_SRP
static srpsrvparm srp_callback_parm;
#endif
+#ifndef OPENSSL_NO_SRTP
static char *srtp_profiles = NULL;
+#endif
int MAIN(int argc, char *argv[])
{
@@ -1498,11 +1502,13 @@ int MAIN(int argc, char *argv[])
jpake_secret = *(++argv);
}
#endif
+#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv,"-use_srtp") == 0)
{
if (--argc < 1) goto bad;
srtp_profiles = *(++argv);
}
+#endif
else if (strcmp(*argv,"-keymatexport") == 0)
{
if (--argc < 1) goto bad;
@@ -1780,8 +1786,10 @@ bad:
else
SSL_CTX_sess_set_cache_size(ctx,128);
+#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+#endif
#if 0
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -2713,6 +2721,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out, "\n");
}
#endif
+#ifndef OPENSSL_NO_SRTP
{
SRTP_PROTECTION_PROFILE *srtp_profile
= SSL_get_selected_srtp_profile(con);
@@ -2721,6 +2730,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
srtp_profile->name);
}
+#endif
if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index ac1bef0..49bd9b1 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -115,13 +115,13 @@
Copyright (C) 2011, RTFM, Inc.
*/
-#ifndef OPENSSL_NO_SRTP
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
#include "srtp.h"
+#ifndef OPENSSL_NO_SRTP
static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=
{
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d56459f..cd4ea68 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -641,8 +641,10 @@ void SSL_free(SSL *s)
OPENSSL_free(s->next_proto_negotiated);
#endif
+#ifndef OPENSSL_NO_SRTP
if (s->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
OPENSSL_free(s);
}
@@ -2139,8 +2141,10 @@ void SSL_CTX_free(SSL_CTX *a)
a->comp_methods = NULL;
#endif
+#ifndef OPENSSL_NO_SRTP
if (a->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
#ifndef OPENSSL_NO_PSK
if (a->psk_identity_hint)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4deab88..a4bbb02 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1552,6 +1552,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
ret += s->alpn_client_proto_list_len;
}
+#ifndef OPENSSL_NO_SRTP
if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
{
int el;
@@ -1570,6 +1571,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
}
ret += el;
}
+#endif
custom_ext_init(&s->cert->cli_ext);
/* Add custom TLS Extensions to ClientHello */
if (!custom_ext_add(s, 0, &ret, limit, al))
@@ -1726,6 +1728,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
}
#endif
+#ifndef OPENSSL_NO_SRTP
if(SSL_IS_DTLS(s) && s->srtp_profile)
{
int el;
@@ -1744,6 +1747,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
}
ret+=el;
}
+#endif
if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81)
&& (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
@@ -2484,6 +2488,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
}
/* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
&& type == TLSEXT_TYPE_use_srtp)
{
@@ -2491,6 +2496,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
al))
return 0;
}
+#endif
data+=size;
}
@@ -2854,12 +2860,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
}
}
#endif
+#ifndef OPENSSL_NO_SRTP
else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
{
if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
al))
return 0;
}
+#endif
/* If this extension type was not otherwise handled, but
* matches a custom_cli_ext_record, then send it to the c
* callback */
hooks/post-receive
--
OpenSSL source code
More information about the openssl-commits
mailing list