Unify s_client/s_server srtp profiles option handling

Add missing guards around STRP-related fields Remove two unneeded global variables: my 2'cents to #4679 Merge definition and instantiation of srpsrvparm global. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4908)
2018-03-21 16:01:24 -04:00 · 2018-03-21 16:01:24 -04:00 · 1fb6b0bf3e
commit 1fb6b0bf3e
parent ab0a3914a6
3 changed files with 9 additions and 11 deletions
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -367,8 +367,6 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)

 #endif

-static char *srtp_profiles = NULL;
-
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* This the context that we pass to next_proto_cb */
 typedef struct tlsextnextprotoctx_st {
@ -657,8 +655,10 @@ const OPTIONS s_client_options[] = {
    OPT_R_OPTIONS,
    {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
    {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
+#ifndef OPENSSL_NO_SRTP
    {"use_srtp", OPT_USE_SRTP, 's',
     "Offer SRTP key management with a colon-separated profile list"},
+#endif
    {"keymatexport", OPT_KEYMATEXPORT, 's',
     "Export keying material using label"},
    {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
@ -934,6 +934,7 @@ int s_client_main(int argc, char **argv)
    int srp_lateuser = 0;
    SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
 #endif
+    char *srtp_profiles = NULL;
 #ifndef OPENSSL_NO_CT
    char *ctlog_file = NULL;
    int ct_validation = 0;
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -236,6 +236,7 @@ typedef struct srpsrvparm_st {
    SRP_VBASE *vb;
    SRP_user_pwd *user;
 } srpsrvparm;
+static srpsrvparm srp_callback_parm;

 /*
 * This callback pretends to require some asynchronous logic in order to
@ -722,13 +723,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
    return is_forward_secure;
 }

-#ifndef OPENSSL_NO_SRP
-static srpsrvparm srp_callback_parm;
-#endif
-#ifndef OPENSSL_NO_SRTP
-static char *srtp_profiles = NULL;
-#endif
-
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
    OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
@ -1024,6 +1018,7 @@ int s_server_main(int argc, char *argv[])
    char *srpuserseed = NULL;
    char *srp_verifier_file = NULL;
 #endif
+    char *srtp_profiles = NULL;
    int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
    int s_server_verify = SSL_VERIFY_NONE;
    int s_server_session_id_context = 1; /* anything will do */
@ -1529,9 +1524,7 @@ int s_server_main(int argc, char *argv[])
            alpn_in = opt_arg();
            break;
        case OPT_SRTP_PROFILES:
-#ifndef OPENSSL_NO_SRTP
            srtp_profiles = opt_arg();
-#endif
            break;
        case OPT_KEYMATEXPORT:
            keymatexportlabel = opt_arg();
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -1019,8 +1019,10 @@ struct ssl_ctx_st {
    /* Shared DANE context */
    struct dane_ctx_st dane;

+# ifndef OPENSSL_NO_SRTP
    /* SRTP profiles we are willing to do from RFC 5764 */
    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
    /*
     * Callback for disabling session caching and ticket support on a session
     * basis, depending on the chosen cipher.
@ -1358,10 +1360,12 @@ struct ssl_st {
    int scts_parsed;
 # endif
    SSL_CTX *session_ctx;       /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_SRTP
    /* What we'll do */
    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
    /* What's been chosen */
    SRTP_PROTECTION_PROFILE *srtp_profile;
+# endif
    /*-
     * 1 if we are renegotiating.
     * 2 if we are a server and are inside a handshake