Promote set_tmp_dh and set_tmp_ecdh to functions.

BUG=404754

Change-Id: I7c75dd88fe9338b1d3b90745f742d15d6b84775a
Reviewed-on: https://boringssl-review.googlesource.com/4568
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-04-28 00:05:35 -04:00 committed by Adam Langley
parent 255fa1be81
commit 15a3b000cf
3 changed files with 72 additions and 66 deletions

View File

@ -3,6 +3,8 @@ SSL,function,101,SSL_CTX_new
SSL,function,102,SSL_CTX_set_cipher_list SSL,function,102,SSL_CTX_set_cipher_list
SSL,function,103,SSL_CTX_set_cipher_list_tls11 SSL,function,103,SSL_CTX_set_cipher_list_tls11
SSL,function,104,SSL_CTX_set_session_id_context SSL,function,104,SSL_CTX_set_session_id_context
SSL,function,268,SSL_CTX_set_tmp_dh
SSL,function,269,SSL_CTX_set_tmp_ecdh
SSL,function,105,SSL_CTX_use_PrivateKey SSL,function,105,SSL_CTX_use_PrivateKey
SSL,function,106,SSL_CTX_use_PrivateKey_ASN1 SSL,function,106,SSL_CTX_use_PrivateKey_ASN1
SSL,function,107,SSL_CTX_use_PrivateKey_file SSL,function,107,SSL_CTX_use_PrivateKey_file
@ -34,6 +36,8 @@ SSL,function,132,SSL_set_cipher_list
SSL,function,133,SSL_set_fd SSL,function,133,SSL_set_fd
SSL,function,134,SSL_set_rfd SSL,function,134,SSL_set_rfd
SSL,function,135,SSL_set_session_id_context SSL,function,135,SSL_set_session_id_context
SSL,function,270,SSL_set_tmp_dh
SSL,function,271,SSL_set_tmp_ecdh
SSL,function,136,SSL_set_wfd SSL,function,136,SSL_set_wfd
SSL,function,137,SSL_shutdown SSL,function,137,SSL_shutdown
SSL,function,138,SSL_use_PrivateKey SSL,function,138,SSL_use_PrivateKey

View File

@ -1573,9 +1573,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_ERROR_PENDING_SESSION 11 #define SSL_ERROR_PENDING_SESSION 11
#define SSL_ERROR_PENDING_CERTIFICATE 12 #define SSL_ERROR_PENDING_CERTIFICATE 12
#define SSL_CTRL_SET_TMP_DH 3
#define SSL_CTRL_SET_TMP_ECDH 4
#define SSL_CTRL_EXTRA_CHAIN_CERT 14 #define SSL_CTRL_EXTRA_CHAIN_CERT 14
/* see tls1.h for macros based on these */ /* see tls1.h for macros based on these */
@ -1651,27 +1648,29 @@ OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl);
* peformed by |ssl|. This includes the pending renegotiation, if any. */ * peformed by |ssl|. This includes the pending renegotiation, if any. */
OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
#define SSL_CTX_set_tmp_dh(ctx, dh) \ /* SSL_CTX_set_tmp_dh configures |ctx| to use the group from |dh| as the group
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, (char *)dh) * for DHE. Only the group is used, so |dh| needn't have a keypair. It returns
* one on success and zero on error. */
OPENSSL_EXPORT int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh);
/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| (a const /* SSL_set_tmp_dh configures |ssl| to use the group from |dh| as the group for
* EC_KEY *) as the curve for ephemeral ECDH keys. For historical reasons, this * DHE. Only the group is used, so |dh| needn't have a keypair. It returns one
* API expects an |EC_KEY|, but only the curve is used. It returns one on * on success and zero on error. */
* success and zero on error. If unset, an appropriate curve will be chosen OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh);
* automatically. (This is recommended.) */
#define SSL_CTX_set_tmp_ecdh(ctx, ecdh) \
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh)
#define SSL_set_tmp_dh(ssl, dh) \ /* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| as the
SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, (char *)dh) * curve for ephemeral ECDH keys. For historical reasons, this API expects an
* |EC_KEY|, but only the curve is used. It returns one on success and zero on
* error. If unset, an appropriate curve will be chosen automatically. (This is
* recommended.) */
OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key);
/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| (a const /* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve
* EC_KEY *) as the curve for ephemeral ECDH keys. For historical reasons, this * for ephemeral ECDH keys. For historical reasons, this API expects an
* API expects an |EC_KEY|, but only the curve is used. It returns one on * |EC_KEY|, but only the curve is used. It returns one on success and zero on
* success and zero on error. If unset, an appropriate curve will be chosen * error. If unset, an appropriate curve will be chosen automatically. (This is
* automatically. (This is recommended.) */ * recommended.) */
#define SSL_set_tmp_ecdh(ssl, ecdh) \ OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh)
/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS
* client IDs from clients, or configure a client to send TLS client IDs to * client IDs from clients, or configure a client to send TLS client IDs to
@ -2393,6 +2392,8 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_CTRL_NEED_TMP_RSA doesnt_exist #define SSL_CTRL_NEED_TMP_RSA doesnt_exist
#define SSL_CTRL_SET_TMP_RSA doesnt_exist #define SSL_CTRL_SET_TMP_RSA doesnt_exist
#define SSL_CTRL_SET_TMP_DH doesnt_exist
#define SSL_CTRL_SET_TMP_ECDH doesnt_exist
#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist #define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist
#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist #define SSL_CTRL_SET_TMP_DH_CB doesnt_exist
#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist #define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist
@ -2426,6 +2427,10 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_need_tmp_RSA SSL_need_tmp_RSA #define SSL_need_tmp_RSA SSL_need_tmp_RSA
#define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa #define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa
#define SSL_set_tmp_rsa SSL_set_tmp_rsa #define SSL_set_tmp_rsa SSL_set_tmp_rsa
#define SSL_CTX_set_tmp_dh SSL_CTX_set_tmp_dh
#define SSL_set_tmp_dh SSL_set_tmp_dh
#define SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_ecdh
#define SSL_set_tmp_ecdh SSL_set_tmp_ecdh
#define SSL_session_reused SSL_session_reused #define SSL_session_reused SSL_session_reused
#define SSL_num_renegotiations SSL_num_renegotiations #define SSL_num_renegotiations SSL_num_renegotiations
#define SSL_total_renegotiations SSL_total_renegotiations #define SSL_total_renegotiations SSL_total_renegotiations
@ -2657,6 +2662,10 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_F_dtls1_hm_fragment_new 265 #define SSL_F_dtls1_hm_fragment_new 265
#define SSL_F_ssl3_seal_record 266 #define SSL_F_ssl3_seal_record 266
#define SSL_F_ssl3_record_sequence_update 267 #define SSL_F_ssl3_record_sequence_update 267
#define SSL_F_SSL_CTX_set_tmp_dh 268
#define SSL_F_SSL_CTX_set_tmp_ecdh 269
#define SSL_F_SSL_set_tmp_dh 270
#define SSL_F_SSL_set_tmp_ecdh 271
#define SSL_R_APP_DATA_IN_HANDSHAKE 100 #define SSL_R_APP_DATA_IN_HANDSHAKE 100
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
#define SSL_R_BAD_ALERT 102 #define SSL_R_BAD_ALERT 102

View File

@ -605,34 +605,48 @@ int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) {
return 1; return 1;
} }
int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {
DH_free(ctx->cert->dh_tmp);
ctx->cert->dh_tmp = DHparams_dup(dh);
if (ctx->cert->dh_tmp == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_dh, ERR_R_DH_LIB);
return 0;
}
return 1;
}
int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
DH_free(ssl->cert->dh_tmp);
ssl->cert->dh_tmp = DHparams_dup(dh);
if (ssl->cert->dh_tmp == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_dh, ERR_R_DH_LIB);
return 0;
}
return 1;
}
int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) {
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
return 1;
}
int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_set_tmp_ecdh, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ssl->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
return 1;
}
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {
int ret = 0; int ret = 0;
switch (cmd) { switch (cmd) {
case SSL_CTRL_SET_TMP_DH:
DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = DHparams_dup((DH *)parg);
if (s->cert->dh_tmp == NULL) {
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
ret = 0;
break;
}
ret = 1;
break;
case SSL_CTRL_SET_TMP_ECDH: {
/* For historical reasons, this API expects an |EC_KEY|, but only the
* group is used. */
const EC_KEY *ec_key = (const EC_KEY *)parg;
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_PASSED_NULL_PARAMETER);
return ret;
}
s->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
ret = 1;
break;
}
case SSL_CTRL_SET_TLSEXT_HOSTNAME: case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) { if (larg == TLSEXT_NAMETYPE_host_name) {
OPENSSL_free(s->tlsext_hostname); OPENSSL_free(s->tlsext_hostname);
@ -808,27 +822,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {
cert = ctx->cert; cert = ctx->cert;
switch (cmd) { switch (cmd) {
case SSL_CTRL_SET_TMP_DH:
DH_free(cert->dh_tmp);
cert->dh_tmp = DHparams_dup((DH *)parg);
if (cert->dh_tmp == NULL) {
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_DH_LIB);
return 0;
}
return 1;
case SSL_CTRL_SET_TMP_ECDH: {
/* For historical reasons, this API expects an |EC_KEY|, but only the
* group is used. */
const EC_KEY *ec_key = (const EC_KEY *)parg;
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
return 1;
}
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg; ctx->tlsext_servername_arg = parg;
break; break;