Fix building with no-srtp

author Piotr Sikora <piotr@cloudflare.com>

Mon, 22 Dec 2014 11:15:51 +0000 (11:15 +0000)

committer Matt Caswell <matt@openssl.org>

Mon, 5 Jan 2015 14:17:22 +0000 (14:17 +0000)
author Piotr Sikora <piotr@cloudflare.com>
Mon, 22 Dec 2014 11:15:51 +0000 (11:15 +0000)
committer Matt Caswell <matt@openssl.org>
Mon, 5 Jan 2015 14:17:22 +0000 (14:17 +0000)
diff --git a/apps/s_client.c b/apps/s_client.c

index fe14b362ea45d454d914cc3b36af0ce0ec7823c0..d650cc40ce88b191976cd2c27cafd34cf72316df 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -368,7 +368,9 @@ static void sc_usage(void)
         BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
  #endif
         BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+#ifndef OPENSSL_NO_SRTP
         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+#endif
         BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
         BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
         }
@@ -508,7 +510,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
         }
  
  #endif
+#ifndef OPENSSL_NO_SRTP
         char *srtp_profiles = NULL;
+#endif
  
  # ifndef OPENSSL_NO_NEXTPROTONEG
  /* This the context that we pass to next_proto_cb */
@@ -1089,11 +1093,13 @@ static char *jpake_secret = NULL;
                         jpake_secret = *++argv;
                         }
  #endif
+#ifndef OPENSSL_NO_SRTP
                 else if (strcmp(*argv,"-use_srtp") == 0)
                         {
                         if (--argc < 1) goto bad;
                         srtp_profiles = *(++argv);
                         }
+#endif
                 else if (strcmp(*argv,"-keymatexport") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -1323,6 +1329,8 @@ bad:
                         BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
                 SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
                 }
+#endif
+#ifndef OPENSSL_NO_SRTP
         if (srtp_profiles != NULL)
                 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
  #endif
@@ -2300,6 +2308,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
         }
  #endif
  
+#ifndef OPENSSL_NO_SRTP
         {
         SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
   
@@ -2307,6 +2316,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                 BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
                            srtp_profile->name);
         }
+#endif
   
         SSL_SESSION_print(bio,SSL_get_session(s));
         if (keymatexportlabel != NULL)
diff --git a/apps/s_server.c b/apps/s_server.c

index 1e407696e7f4edc3e48d4da56c362be72e4cdbd7..6690646c8c590d8538246d6eeaa4fe6a380dfb9f 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -545,7 +545,9 @@ static void sv_usage(void)
  # ifndef OPENSSL_NO_NEXTPROTONEG
         BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
  # endif
+# ifndef OPENSSL_NO_SRTP
          BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+# endif
         BIO_printf(bio_err," -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
  #endif
         BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
@@ -965,7 +967,9 @@ static char *jpake_secret = NULL;
  #ifndef OPENSSL_NO_SRP
         static srpsrvparm srp_callback_parm;
  #endif
+#ifndef OPENSSL_NO_SRTP
  static char *srtp_profiles = NULL;
+#endif
  
  int MAIN(int argc, char *argv[])
         {
@@ -1488,11 +1492,13 @@ int MAIN(int argc, char *argv[])
                         jpake_secret = *(++argv);
                         }
  #endif
+#ifndef OPENSSL_NO_SRTP
                 else if (strcmp(*argv,"-use_srtp") == 0)
                         {
                         if (--argc < 1) goto bad;
                         srtp_profiles = *(++argv);
                         }
+#endif
                 else if (strcmp(*argv,"-keymatexport") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -1774,8 +1780,10 @@ bad:
         else
                 SSL_CTX_sess_set_cache_size(ctx,128);
  
+#ifndef OPENSSL_NO_SRTP
         if (srtp_profiles != NULL)
                 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+#endif
  
  #if 0
         if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -2727,6 +2735,7 @@ static int init_ssl_connection(SSL *con)
                 BIO_printf(bio_s_out, "\n");
                 }
  #endif
+#ifndef OPENSSL_NO_SRTP
         {
         SRTP_PROTECTION_PROFILE *srtp_profile
           = SSL_get_selected_srtp_profile(con);
@@ -2735,6 +2744,7 @@ static int init_ssl_connection(SSL *con)
                 BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
                            srtp_profile->name);
         }
+#endif
         if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
         if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
                 TLS1_FLAGS_TLS_PADDING_BUG)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index d09bb7dbb790cd39b8a5bd69c127222ef7a048ea..347ca5ebec7355fe89661daf60ea24df69ccee18 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -631,8 +631,10 @@ void SSL_free(SSL *s)
                 OPENSSL_free(s->next_proto_negotiated);
  #endif
  
+#ifndef OPENSSL_NO_SRTP
          if (s->srtp_profiles)
              sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
  
         OPENSSL_free(s);
         }
@@ -2145,8 +2147,10 @@ void SSL_CTX_free(SSL_CTX *a)
         a->comp_methods = NULL;
  #endif
  
+#ifndef OPENSSL_NO_SRTP
          if (a->srtp_profiles)
                  sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
  
  #ifndef OPENSSL_NO_PSK
         if (a->psk_identity_hint)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 2180c54254d5c0a791e5561005713c0ab1279d64..f399bc094820f99f9853752e0cc2d34c0e43a5a9 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1501,6 +1501,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
                 ret += s->alpn_client_proto_list_len;
                 }
  
+#ifndef OPENSSL_NO_SRTP
          if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
                  {
                  int el;
@@ -1519,6 +1520,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
                         }
                  ret += el;
                  }
+#endif
         custom_ext_init(&s->cert->cli_ext);
         /* Add custom TLS Extensions to ClientHello */
         if (!custom_ext_add(s, 0, &ret, limit, al))
@@ -1681,6 +1683,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
                 }
  #endif
  
+#ifndef OPENSSL_NO_SRTP
          if(SSL_IS_DTLS(s) && s->srtp_profile)
                  {
                  int el;
@@ -1699,6 +1702,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
                         }
                  ret+=el;
                  }
+#endif
  
         if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 
                 && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
@@ -2470,6 +2474,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                         }
  
                 /* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
                 else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
                                 && type == TLSEXT_TYPE_use_srtp)
                          {
@@ -2477,6 +2482,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                                                               al))
                                 return 0;
                          }
+#endif
  #ifdef TLSEXT_TYPE_encrypt_then_mac
                 else if (type == TLSEXT_TYPE_encrypt_then_mac)
                         s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
@@ -2813,12 +2819,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
                                 }
                         }
  #endif
+#ifndef OPENSSL_NO_SRTP
                 else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
                          {
                          if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
                                                               al))
                                  return 0;
                          }
+#endif
  #ifdef TLSEXT_TYPE_encrypt_then_mac
                 else if (type == TLSEXT_TYPE_encrypt_then_mac)
                         {
author	Piotr Sikora <piotr@cloudflare.com>
	Mon, 22 Dec 2014 11:15:51 +0000 (11:15 +0000)
committer	Matt Caswell <matt@openssl.org>
	Mon, 5 Jan 2015 14:17:22 +0000 (14:17 +0000)
apps/s_client.c		patch \| blob \| history
apps/s_server.c		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history