From e783bae26ae50c1210d525f9c1a548e62066d670 Mon Sep 17 00:00:00 2001 From: Piotr Sikora Date: Mon, 22 Dec 2014 11:15:51 +0000 Subject: [PATCH] Fix building with no-srtp MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit RT3638 Reviewed-by: Emilia Käsper --- apps/s_client.c | 10 ++++++++++ apps/s_server.c | 10 ++++++++++ ssl/ssl_lib.c | 4 ++++ ssl/t1_lib.c | 8 ++++++++ 4 files changed, 32 insertions(+) diff --git a/apps/s_client.c b/apps/s_client.c index fe14b362ea..d650cc40ce 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -368,7 +368,9 @@ static void sc_usage(void) BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +#ifndef OPENSSL_NO_SRTP BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +#endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } @@ -508,7 +510,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) } #endif +#ifndef OPENSSL_NO_SRTP char *srtp_profiles = NULL; +#endif # ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ @@ -1089,11 +1093,13 @@ static char *jpake_secret = NULL; jpake_secret = *++argv; } #endif +#ifndef OPENSSL_NO_SRTP else if (strcmp(*argv,"-use_srtp") == 0) { if (--argc < 1) goto bad; srtp_profiles = *(++argv); } +#endif else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; @@ -1323,6 +1329,8 @@ bad: BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } +#endif +#ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); #endif @@ -2300,6 +2308,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif +#ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s); @@ -2307,6 +2316,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n", srtp_profile->name); } +#endif SSL_SESSION_print(bio,SSL_get_session(s)); if (keymatexportlabel != NULL) diff --git a/apps/s_server.c b/apps/s_server.c index 1e407696e7..6690646c8c 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -545,7 +545,9 @@ static void sv_usage(void) # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); # endif +# ifndef OPENSSL_NO_SRTP BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +# endif BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); @@ -965,7 +967,9 @@ static char *jpake_secret = NULL; #ifndef OPENSSL_NO_SRP static srpsrvparm srp_callback_parm; #endif +#ifndef OPENSSL_NO_SRTP static char *srtp_profiles = NULL; +#endif int MAIN(int argc, char *argv[]) { @@ -1488,11 +1492,13 @@ int MAIN(int argc, char *argv[]) jpake_secret = *(++argv); } #endif +#ifndef OPENSSL_NO_SRTP else if (strcmp(*argv,"-use_srtp") == 0) { if (--argc < 1) goto bad; srtp_profiles = *(++argv); } +#endif else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; @@ -1774,8 +1780,10 @@ bad: else SSL_CTX_sess_set_cache_size(ctx,128); +#ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); +#endif #if 0 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); @@ -2727,6 +2735,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "\n"); } #endif +#ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(con); @@ -2735,6 +2744,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", srtp_profile->name); } +#endif if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d09bb7dbb7..347ca5ebec 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -631,8 +631,10 @@ void SSL_free(SSL *s) OPENSSL_free(s->next_proto_negotiated); #endif +#ifndef OPENSSL_NO_SRTP if (s->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); +#endif OPENSSL_free(s); } @@ -2145,8 +2147,10 @@ void SSL_CTX_free(SSL_CTX *a) a->comp_methods = NULL; #endif +#ifndef OPENSSL_NO_SRTP if (a->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); +#endif #ifndef OPENSSL_NO_PSK if (a->psk_identity_hint) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2180c54254..f399bc0948 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1501,6 +1501,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c ret += s->alpn_client_proto_list_len; } +#ifndef OPENSSL_NO_SRTP if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { int el; @@ -1519,6 +1520,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c } ret += el; } +#endif custom_ext_init(&s->cert->cli_ext); /* Add custom TLS Extensions to ClientHello */ if (!custom_ext_add(s, 0, &ret, limit, al)) @@ -1681,6 +1683,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } #endif +#ifndef OPENSSL_NO_SRTP if(SSL_IS_DTLS(s) && s->srtp_profile) { int el; @@ -1699,6 +1702,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } ret+=el; } +#endif if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) @@ -2470,6 +2474,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char } /* session ticket processed earlier */ +#ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) && type == TLSEXT_TYPE_use_srtp) { @@ -2477,6 +2482,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char al)) return 0; } +#endif #ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; @@ -2813,12 +2819,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char } } #endif +#ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) return 0; } +#endif #ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) { -- 2.25.1