[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Wed Mar 21 20:16:35 UTC 2018 

The branch master has been updated
       via  1fb6b0bf3e895c6b30f9c95a23284f93e4fa19b0 (commit)
      from  ab0a3914a64d8f1fce22795c02269e1288df52b1 (commit)


- Log -----------------------------------------------------------------
commit 1fb6b0bf3e895c6b30f9c95a23284f93e4fa19b0
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date:   Wed Mar 21 16:01:24 2018 -0400

    Unify s_client/s_server srtp profiles option handling
    
    Add missing guards around STRP-related fields
    Remove two unneeded global variables: my 2'cents to #4679
    Merge definition and instantiation of srpsrvparm global.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4908)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c |  5 +++--
 apps/s_server.c | 11 ++---------
 ssl/ssl_locl.h  |  4 ++++
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 4b7df0c..ce7366f 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -367,8 +367,6 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
 
 #endif
 
-static char *srtp_profiles = NULL;
-
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* This the context that we pass to next_proto_cb */
 typedef struct tlsextnextprotoctx_st {
@@ -657,8 +655,10 @@ const OPTIONS s_client_options[] = {
     OPT_R_OPTIONS,
     {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
     {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
+#ifndef OPENSSL_NO_SRTP
     {"use_srtp", OPT_USE_SRTP, 's',
      "Offer SRTP key management with a colon-separated profile list"},
+#endif
     {"keymatexport", OPT_KEYMATEXPORT, 's',
      "Export keying material using label"},
     {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
@@ -934,6 +934,7 @@ int s_client_main(int argc, char **argv)
     int srp_lateuser = 0;
     SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
 #endif
+    char *srtp_profiles = NULL;
 #ifndef OPENSSL_NO_CT
     char *ctlog_file = NULL;
     int ct_validation = 0;
diff --git a/apps/s_server.c b/apps/s_server.c
index bfa1345..9b5106d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -236,6 +236,7 @@ typedef struct srpsrvparm_st {
     SRP_VBASE *vb;
     SRP_user_pwd *user;
 } srpsrvparm;
+static srpsrvparm srp_callback_parm;
 
 /*
  * This callback pretends to require some asynchronous logic in order to
@@ -722,13 +723,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
     return is_forward_secure;
 }
 
-#ifndef OPENSSL_NO_SRP
-static srpsrvparm srp_callback_parm;
-#endif
-#ifndef OPENSSL_NO_SRTP
-static char *srtp_profiles = NULL;
-#endif
-
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
     OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
@@ -1024,6 +1018,7 @@ int s_server_main(int argc, char *argv[])
     char *srpuserseed = NULL;
     char *srp_verifier_file = NULL;
 #endif
+    char *srtp_profiles = NULL;
     int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
     int s_server_verify = SSL_VERIFY_NONE;
     int s_server_session_id_context = 1; /* anything will do */
@@ -1529,9 +1524,7 @@ int s_server_main(int argc, char *argv[])
             alpn_in = opt_arg();
             break;
         case OPT_SRTP_PROFILES:
-#ifndef OPENSSL_NO_SRTP
             srtp_profiles = opt_arg();
-#endif
             break;
         case OPT_KEYMATEXPORT:
             keymatexportlabel = opt_arg();
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a28facd..eae5788 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1019,8 +1019,10 @@ struct ssl_ctx_st {
     /* Shared DANE context */
     struct dane_ctx_st dane;
 
+# ifndef OPENSSL_NO_SRTP
     /* SRTP profiles we are willing to do from RFC 5764 */
     STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
     /*
      * Callback for disabling session caching and ticket support on a session
      * basis, depending on the chosen cipher.
@@ -1358,10 +1360,12 @@ struct ssl_st {
     int scts_parsed;
 # endif
     SSL_CTX *session_ctx;       /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_SRTP
     /* What we'll do */
     STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
     /* What's been chosen */
     SRTP_PROTECTION_PROFILE *srtp_profile;
+# endif
     /*-
      * 1 if we are renegotiating.
      * 2 if we are a server and are inside a handshake

More information about the openssl-commits mailing list