Unify s_client/s_server srtp profiles option handling

Add missing guards around STRP-related fields
Remove two unneeded global variables: my 2'cents to #4679
Merge definition and instantiation of srpsrvparm global.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4908)
This commit is contained in:
FdaSilvaYY 2018-03-21 16:01:24 -04:00 committed by Rich Salz
parent ab0a3914a6
commit 1fb6b0bf3e
3 changed files with 9 additions and 11 deletions

View File

@ -367,8 +367,6 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
#endif
static char *srtp_profiles = NULL;
#ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
@ -657,8 +655,10 @@ const OPTIONS s_client_options[] = {
OPT_R_OPTIONS,
{"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
{"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
#ifndef OPENSSL_NO_SRTP
{"use_srtp", OPT_USE_SRTP, 's',
"Offer SRTP key management with a colon-separated profile list"},
#endif
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
@ -934,6 +934,7 @@ int s_client_main(int argc, char **argv)
int srp_lateuser = 0;
SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
#endif
char *srtp_profiles = NULL;
#ifndef OPENSSL_NO_CT
char *ctlog_file = NULL;
int ct_validation = 0;

View File

@ -236,6 +236,7 @@ typedef struct srpsrvparm_st {
SRP_VBASE *vb;
SRP_user_pwd *user;
} srpsrvparm;
static srpsrvparm srp_callback_parm;
/*
* This callback pretends to require some asynchronous logic in order to
@ -722,13 +723,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
return is_forward_secure;
}
#ifndef OPENSSL_NO_SRP
static srpsrvparm srp_callback_parm;
#endif
#ifndef OPENSSL_NO_SRTP
static char *srtp_profiles = NULL;
#endif
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
@ -1024,6 +1018,7 @@ int s_server_main(int argc, char *argv[])
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
#endif
char *srtp_profiles = NULL;
int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
int s_server_verify = SSL_VERIFY_NONE;
int s_server_session_id_context = 1; /* anything will do */
@ -1529,9 +1524,7 @@ int s_server_main(int argc, char *argv[])
alpn_in = opt_arg();
break;
case OPT_SRTP_PROFILES:
#ifndef OPENSSL_NO_SRTP
srtp_profiles = opt_arg();
#endif
break;
case OPT_KEYMATEXPORT:
keymatexportlabel = opt_arg();

View File

@ -1019,8 +1019,10 @@ struct ssl_ctx_st {
/* Shared DANE context */
struct dane_ctx_st dane;
# ifndef OPENSSL_NO_SRTP
/* SRTP profiles we are willing to do from RFC 5764 */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
# endif
/*
* Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher.
@ -1358,10 +1360,12 @@ struct ssl_st {
int scts_parsed;
# endif
SSL_CTX *session_ctx; /* initial ctx, used to store sessions */
# ifndef OPENSSL_NO_SRTP
/* What we'll do */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */
SRTP_PROTECTION_PROFILE *srtp_profile;
# endif
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake