From b95d4b4cb33fe9e84e0917772469530a552913f0 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 2 May 2018 16:11:34 -0400
Subject: [PATCH] Move srtp_profiles to SSL_CONFIG.

These are also not needed after the handshake.

Change-Id: I5de2d5cf18a3783a6c04c0a8fe311069fb51b939
Reviewed-on: https://boringssl-review.googlesource.com/27986
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
---
 ssl/d1_srtp.cc | 19 +++++++++----------
 ssl/internal.h |  8 ++++----
 ssl/ssl_lib.cc |  6 +++---
 3 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/ssl/d1_srtp.cc b/ssl/d1_srtp.cc
index f27c9ff4..69b693c0 100644
--- a/ssl/d1_srtp.cc
+++ b/ssl/d1_srtp.cc
@@ -198,23 +198,22 @@ int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx, const char *profiles) {
 }
 
 int SSL_set_srtp_profiles(SSL *ssl, const char *profiles) {
-  return ssl_ctx_make_profiles(profiles, &ssl->srtp_profiles);
+  return ssl->config != nullptr &&
+         ssl_ctx_make_profiles(profiles, &ssl->config->srtp_profiles);
 }
 
 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl) {
-  if (ssl == NULL) {
-    return NULL;
+  if (ssl == nullptr) {
+    return nullptr;
   }
 
-  if (ssl->srtp_profiles != NULL) {
-    return ssl->srtp_profiles;
+  if (ssl->config == nullptr) {
+    assert(0);
+    return nullptr;
   }
 
-  if (ssl->ctx->srtp_profiles != NULL) {
-    return ssl->ctx->srtp_profiles;
-  }
-
-  return NULL;
+  return ssl->config->srtp_profiles != nullptr ? ssl->config->srtp_profiles
+                                               : ssl->ctx->srtp_profiles;
 }
 
 const SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *ssl) {
diff --git a/ssl/internal.h b/ssl/internal.h
index 05a99b24..9840aa4f 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2665,6 +2665,10 @@ struct SSL_CONFIG {
   uint8_t *quic_transport_params = nullptr;
   size_t quic_transport_params_len = 0;
 
+  // srtp_profiles is the list of configured SRTP protection profiles for
+  // DTLS-SRTP.
+  STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles = nullptr;
+
   // verify_mode is a bitmask of |SSL_VERIFY_*| values.
   uint8_t verify_mode = SSL_VERIFY_NONE;
 
@@ -2763,10 +2767,6 @@ struct SSLConnection {
   uint32_t max_cert_list;
   char *tlsext_hostname;
 
-  // srtp_profiles is the list of configured SRTP protection profiles for
-  // DTLS-SRTP.
-  STACK_OF(SRTP_PROTECTION_PROFILE) * srtp_profiles;
-
   // renegotiate_mode controls how peer renegotiation attempts are handled.
   enum ssl_renegotiate_mode_t renegotiate_mode;
 
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 5a842acb..f67961da 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -806,12 +806,13 @@ SSL_CONFIG::~SSL_CONFIG() {
   }
   Delete(cipher_list);
   Delete(cert);
+  OPENSSL_free(psk_identity_hint);
   OPENSSL_free(supported_group_list);
+  EVP_PKEY_free(tlsext_channel_id_private);
   OPENSSL_free(alpn_client_proto_list);
   OPENSSL_free(token_binding_params);
   OPENSSL_free(quic_transport_params);
-  EVP_PKEY_free(tlsext_channel_id_private);
-  OPENSSL_free(psk_identity_hint);
+  sk_SRTP_PROTECTION_PROFILE_free(srtp_profiles);
   sk_CRYPTO_BUFFER_pop_free(client_CA, CRYPTO_BUFFER_free);
 }
 
@@ -831,7 +832,6 @@ void SSL_free(SSL *ssl) {
   SSL_SESSION_free(ssl->session);
 
   OPENSSL_free(ssl->tlsext_hostname);
-  sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles);
 
   if (ssl->method != NULL) {
     ssl->method->ssl_free(ssl);