Deprecate SSL_get_(peer_)finished.

The only reason you'd want it is to tls_unique, and we have a better API for that. (It has one caller and that is indeed what that caller uses it for.) Change-Id: I39f8e353f56f18becb63dd6f7205ad31f4192bfd Reviewed-on: https://boringssl-review.googlesource.com/6295 Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-17 12:51:52 -04:00 · 2015-10-17 12:51:52 -04:00 · 1a1b34d759
commit 1a1b34d759
parent 93d17499e9
2 changed files with 23 additions and 17 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -2702,13 +2702,6 @@ OPENSSL_EXPORT void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,
 * for the peer, but |SSL_read| will require the handshake to be completed. */
 OPENSSL_EXPORT int SSL_in_false_start(const SSL *s);

-/* Obtain latest Finished message
- *   -- that we sent (SSL_get_finished)
- *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-OPENSSL_EXPORT size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
 #define d2i_SSL_SESSION_bio(bp, s_id) \
  ASN1_d2i_bio_of(SSL_SESSION, SSL_SESSION_new, d2i_SSL_SESSION, bp, s_id)
 #define i2d_SSL_SESSION_bio(bp, s_id) \
@ -3120,6 +3113,21 @@ OPENSSL_EXPORT int SSL_want(const SSL *ssl);
 #define SSL_want_private_key_operation(ssl) \
  (SSL_want(ssl) == SSL_PRIVATE_KEY_OPERATION)

+ /* SSL_get_finished writes up to |count| bytes of the Finished message sent by
+  * |ssl| to |buf|. It returns the total untruncated length or zero if none has
+  * been sent yet.
+  *
+  * Use |SSL_get_tls_unique| instead. */
+OPENSSL_EXPORT size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count);
+
+ /* SSL_get_peer_finished writes up to |count| bytes of the Finished message
+  * received from |ssl|'s peer to |buf|. It returns the total untruncated length
+  * or zero if none has been received yet.
+  *
+  * Use |SSL_get_tls_unique| instead. */
+OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *ssl, void *buf,
+                                            size_t count);
+

 /* Private structures.
 *
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1163,31 +1163,29 @@ err:
  return ret;
 }

-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count) {
+size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
  size_t ret = 0;

-  if (s->s3 != NULL) {
-    ret = s->s3->tmp.finish_md_len;
+  if (ssl->s3 != NULL) {
+    ret = ssl->s3->tmp.finish_md_len;
    if (count > ret) {
      count = ret;
    }
-    memcpy(buf, s->s3->tmp.finish_md, count);
+    memcpy(buf, ssl->s3->tmp.finish_md, count);
  }

  return ret;
 }

-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) {
+size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
  size_t ret = 0;

-  if (s->s3 != NULL) {
-    ret = s->s3->tmp.peer_finish_md_len;
+  if (ssl->s3 != NULL) {
+    ret = ssl->s3->tmp.peer_finish_md_len;
    if (count > ret) {
      count = ret;
    }
-    memcpy(buf, s->s3->tmp.peer_finish_md, count);
+    memcpy(buf, ssl->s3->tmp.peer_finish_md, count);
  }

  return ret;