Promote set_tmp_dh and set_tmp_ecdh to functions.
BUG=404754 Change-Id: I7c75dd88fe9338b1d3b90745f742d15d6b84775a Reviewed-on: https://boringssl-review.googlesource.com/4568 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin
Adam Langley
parent
255fa1be81
commit
15a3b000cf
@ -3,6 +3,8 @@ SSL,function,101,SSL_CTX_new
|
||||
SSL,function,102,SSL_CTX_set_cipher_list
|
||||
SSL,function,103,SSL_CTX_set_cipher_list_tls11
|
||||
SSL,function,104,SSL_CTX_set_session_id_context
|
||||
SSL,function,268,SSL_CTX_set_tmp_dh
|
||||
SSL,function,269,SSL_CTX_set_tmp_ecdh
|
||||
SSL,function,105,SSL_CTX_use_PrivateKey
|
||||
SSL,function,106,SSL_CTX_use_PrivateKey_ASN1
|
||||
SSL,function,107,SSL_CTX_use_PrivateKey_file
|
||||
@ -34,6 +36,8 @@ SSL,function,132,SSL_set_cipher_list
|
||||
SSL,function,133,SSL_set_fd
|
||||
SSL,function,134,SSL_set_rfd
|
||||
SSL,function,135,SSL_set_session_id_context
|
||||
SSL,function,270,SSL_set_tmp_dh
|
||||
SSL,function,271,SSL_set_tmp_ecdh
|
||||
SSL,function,136,SSL_set_wfd
|
||||
SSL,function,137,SSL_shutdown
|
||||
SSL,function,138,SSL_use_PrivateKey
|
||||
|
||||
@ -1573,9 +1573,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
#define SSL_ERROR_PENDING_SESSION 11
|
||||
#define SSL_ERROR_PENDING_CERTIFICATE 12
|
||||
|
||||
#define SSL_CTRL_SET_TMP_DH 3
|
||||
#define SSL_CTRL_SET_TMP_ECDH 4
|
||||
|
||||
#define SSL_CTRL_EXTRA_CHAIN_CERT 14
|
||||
|
||||
/* see tls1.h for macros based on these */
|
||||
@ -1651,27 +1648,29 @@ OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl);
|
||||
* peformed by |ssl|. This includes the pending renegotiation, if any. */
|
||||
OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
|
||||
|
||||
#define SSL_CTX_set_tmp_dh(ctx, dh) \
|
||||
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, (char *)dh)
|
||||
/* SSL_CTX_set_tmp_dh configures |ctx| to use the group from |dh| as the group
|
||||
* for DHE. Only the group is used, so |dh| needn't have a keypair. It returns
|
||||
* one on success and zero on error. */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh);
|
||||
|
||||
/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| (a const
|
||||
* EC_KEY *) as the curve for ephemeral ECDH keys. For historical reasons, this
|
||||
* API expects an |EC_KEY|, but only the curve is used. It returns one on
|
||||
* success and zero on error. If unset, an appropriate curve will be chosen
|
||||
* automatically. (This is recommended.) */
|
||||
#define SSL_CTX_set_tmp_ecdh(ctx, ecdh) \
|
||||
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh)
|
||||
/* SSL_set_tmp_dh configures |ssl| to use the group from |dh| as the group for
|
||||
* DHE. Only the group is used, so |dh| needn't have a keypair. It returns one
|
||||
* on success and zero on error. */
|
||||
OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh);
|
||||
|
||||
#define SSL_set_tmp_dh(ssl, dh) \
|
||||
SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, (char *)dh)
|
||||
/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| as the
|
||||
* curve for ephemeral ECDH keys. For historical reasons, this API expects an
|
||||
* |EC_KEY|, but only the curve is used. It returns one on success and zero on
|
||||
* error. If unset, an appropriate curve will be chosen automatically. (This is
|
||||
* recommended.) */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key);
|
||||
|
||||
/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| (a const
|
||||
* EC_KEY *) as the curve for ephemeral ECDH keys. For historical reasons, this
|
||||
* API expects an |EC_KEY|, but only the curve is used. It returns one on
|
||||
* success and zero on error. If unset, an appropriate curve will be chosen
|
||||
* automatically. (This is recommended.) */
|
||||
#define SSL_set_tmp_ecdh(ssl, ecdh) \
|
||||
SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh)
|
||||
/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve
|
||||
* for ephemeral ECDH keys. For historical reasons, this API expects an
|
||||
* |EC_KEY|, but only the curve is used. It returns one on success and zero on
|
||||
* error. If unset, an appropriate curve will be chosen automatically. (This is
|
||||
* recommended.) */
|
||||
OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
|
||||
|
||||
/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS
|
||||
* client IDs from clients, or configure a client to send TLS client IDs to
|
||||
@ -2393,6 +2392,8 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
|
||||
|
||||
#define SSL_CTRL_NEED_TMP_RSA doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_RSA doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_DH doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_ECDH doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist
|
||||
@ -2426,6 +2427,10 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
|
||||
#define SSL_need_tmp_RSA SSL_need_tmp_RSA
|
||||
#define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa
|
||||
#define SSL_set_tmp_rsa SSL_set_tmp_rsa
|
||||
#define SSL_CTX_set_tmp_dh SSL_CTX_set_tmp_dh
|
||||
#define SSL_set_tmp_dh SSL_set_tmp_dh
|
||||
#define SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_ecdh
|
||||
#define SSL_set_tmp_ecdh SSL_set_tmp_ecdh
|
||||
#define SSL_session_reused SSL_session_reused
|
||||
#define SSL_num_renegotiations SSL_num_renegotiations
|
||||
#define SSL_total_renegotiations SSL_total_renegotiations
|
||||
@ -2657,6 +2662,10 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
|
||||
#define SSL_F_dtls1_hm_fragment_new 265
|
||||
#define SSL_F_ssl3_seal_record 266
|
||||
#define SSL_F_ssl3_record_sequence_update 267
|
||||
#define SSL_F_SSL_CTX_set_tmp_dh 268
|
||||
#define SSL_F_SSL_CTX_set_tmp_ecdh 269
|
||||
#define SSL_F_SSL_set_tmp_dh 270
|
||||
#define SSL_F_SSL_set_tmp_ecdh 271
|
||||
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
|
||||
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
|
||||
#define SSL_R_BAD_ALERT 102
|
||||
|
||||
83
ssl/s3_lib.c
83
ssl/s3_lib.c
@ -605,34 +605,48 @@ int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {
|
||||
DH_free(ctx->cert->dh_tmp);
|
||||
ctx->cert->dh_tmp = DHparams_dup(dh);
|
||||
if (ctx->cert->dh_tmp == NULL) {
|
||||
OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_dh, ERR_R_DH_LIB);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
|
||||
DH_free(ssl->cert->dh_tmp);
|
||||
ssl->cert->dh_tmp = DHparams_dup(dh);
|
||||
if (ssl->cert->dh_tmp == NULL) {
|
||||
OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_dh, ERR_R_DH_LIB);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) {
|
||||
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
|
||||
OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
|
||||
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
|
||||
OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
ssl->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
|
||||
return 1;
|
||||
}
|
||||
|
||||
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {
|
||||
int ret = 0;
|
||||
|
||||
switch (cmd) {
|
||||
case SSL_CTRL_SET_TMP_DH:
|
||||
DH_free(s->cert->dh_tmp);
|
||||
s->cert->dh_tmp = DHparams_dup((DH *)parg);
|
||||
if (s->cert->dh_tmp == NULL) {
|
||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
ret = 1;
|
||||
break;
|
||||
|
||||
case SSL_CTRL_SET_TMP_ECDH: {
|
||||
/* For historical reasons, this API expects an |EC_KEY|, but only the
|
||||
* group is used. */
|
||||
const EC_KEY *ec_key = (const EC_KEY *)parg;
|
||||
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
|
||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return ret;
|
||||
}
|
||||
s->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
|
||||
ret = 1;
|
||||
break;
|
||||
}
|
||||
|
||||
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
|
||||
if (larg == TLSEXT_NAMETYPE_host_name) {
|
||||
OPENSSL_free(s->tlsext_hostname);
|
||||
@ -808,27 +822,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {
|
||||
cert = ctx->cert;
|
||||
|
||||
switch (cmd) {
|
||||
case SSL_CTRL_SET_TMP_DH:
|
||||
DH_free(cert->dh_tmp);
|
||||
cert->dh_tmp = DHparams_dup((DH *)parg);
|
||||
if (cert->dh_tmp == NULL) {
|
||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
||||
case SSL_CTRL_SET_TMP_ECDH: {
|
||||
/* For historical reasons, this API expects an |EC_KEY|, but only the
|
||||
* group is used. */
|
||||
const EC_KEY *ec_key = (const EC_KEY *)parg;
|
||||
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
|
||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
|
||||
return 1;
|
||||
}
|
||||
|
||||
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
|
||||
ctx->tlsext_servername_arg = parg;
|
||||
break;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user