From 1fb6b0bf3e895c6b30f9c95a23284f93e4fa19b0 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Wed, 21 Mar 2018 16:01:24 -0400 Subject: [PATCH] Unify s_client/s_server srtp profiles option handling Add missing guards around STRP-related fields Remove two unneeded global variables: my 2'cents to #4679 Merge definition and instantiation of srpsrvparm global. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4908) --- apps/s_client.c | 5 +++-- apps/s_server.c | 11 ++--------- ssl/ssl_locl.h | 4 ++++ 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 4b7df0cef3..ce7366f8fe 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -367,8 +367,6 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) #endif -static char *srtp_profiles = NULL; - #ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { @@ -657,8 +655,10 @@ const OPTIONS s_client_options[] = { OPT_R_OPTIONS, {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"}, {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"}, +#ifndef OPENSSL_NO_SRTP {"use_srtp", OPT_USE_SRTP, 's', "Offer SRTP key management with a colon-separated profile list"}, +#endif {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', @@ -934,6 +934,7 @@ int s_client_main(int argc, char **argv) int srp_lateuser = 0; SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; #endif + char *srtp_profiles = NULL; #ifndef OPENSSL_NO_CT char *ctlog_file = NULL; int ct_validation = 0; diff --git a/apps/s_server.c b/apps/s_server.c index bfa1345e6c..9b5106d02f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -236,6 +236,7 @@ typedef struct srpsrvparm_st { SRP_VBASE *vb; SRP_user_pwd *user; } srpsrvparm; +static srpsrvparm srp_callback_parm; /* * This callback pretends to require some asynchronous logic in order to @@ -722,13 +723,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure) return is_forward_secure; } -#ifndef OPENSSL_NO_SRP -static srpsrvparm srp_callback_parm; -#endif -#ifndef OPENSSL_NO_SRTP -static char *srtp_profiles = NULL; -#endif - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, @@ -1024,6 +1018,7 @@ int s_server_main(int argc, char *argv[]) char *srpuserseed = NULL; char *srp_verifier_file = NULL; #endif + char *srtp_profiles = NULL; int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; int s_server_verify = SSL_VERIFY_NONE; int s_server_session_id_context = 1; /* anything will do */ @@ -1529,9 +1524,7 @@ int s_server_main(int argc, char *argv[]) alpn_in = opt_arg(); break; case OPT_SRTP_PROFILES: -#ifndef OPENSSL_NO_SRTP srtp_profiles = opt_arg(); -#endif break; case OPT_KEYMATEXPORT: keymatexportlabel = opt_arg(); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a28facdcc6..eae578818c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1019,8 +1019,10 @@ struct ssl_ctx_st { /* Shared DANE context */ struct dane_ctx_st dane; +# ifndef OPENSSL_NO_SRTP /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; +# endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. @@ -1358,10 +1360,12 @@ struct ssl_st { int scts_parsed; # endif SSL_CTX *session_ctx; /* initial ctx, used to store sessions */ +# ifndef OPENSSL_NO_SRTP /* What we'll do */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; +# endif /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake