Document them while I'm here. This adds a new 'preprocessor compatibility section' to avoid breaking #ifdefs. The CTRL values themselves are defined to 'doesnt_exist' to catch anything calling SSL_ctrl directly until that function can be unexported completely. BUG=404754 Change-Id: Ia157490ea8efe0215d4079556a0c7643273e7601 Reviewed-on: https://boringssl-review.googlesource.com/4553 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -69,7 +69,6 @@ SSL,function,164,dtls1_send_hello_verify_request | |||||
SSL,function,165,dtls1_write_app_data_bytes | SSL,function,165,dtls1_write_app_data_bytes | ||||
SSL,function,166,i2d_SSL_SESSION | SSL,function,166,i2d_SSL_SESSION | ||||
SSL,function,167,ssl3_accept | SSL,function,167,ssl3_accept | ||||
SSL,function,168,ssl3_callback_ctrl | |||||
SSL,function,169,ssl3_cert_verify_hash | SSL,function,169,ssl3_cert_verify_hash | ||||
SSL,function,170,ssl3_check_cert_and_algorithm | SSL,function,170,ssl3_check_cert_and_algorithm | ||||
SSL,function,171,ssl3_connect | SSL,function,171,ssl3_connect | ||||
@@ -610,12 +610,30 @@ OPENSSL_EXPORT void SSL_set_min_version(SSL *ssl, uint16_t version); | |||||
* |version|. */ | * |version|. */ | ||||
OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version); | OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version); | ||||
/* SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|. | |||||
* This callback will be called when sending or receiving low-level record | |||||
* headers, complete handshake messages, ChangeCipherSpec, and alerts. | |||||
* |write_p| is one for outgoing messages and zero for incoming messages. | |||||
* | |||||
* For each record header, |cb| is called with |version| = 0 and |content_type| | |||||
* = |SSL3_RT_HEADER|. The |len| bytes from |buf| contain the header. Note that | |||||
* this does not include the record body. If the record is sealed, the length | |||||
* in the header is the length of the ciphertext. | |||||
* | |||||
* For each handshake message, ChangeCipherSpec, and alert, |version| is the | |||||
* protocol version and |content_type| is the corresponding record type. The | |||||
* |len| bytes from |buf| contain the handshake message, one-byte | |||||
* ChangeCipherSpec body, and two-byte alert, respectively. */ | |||||
OPENSSL_EXPORT void SSL_CTX_set_msg_callback( | OPENSSL_EXPORT void SSL_CTX_set_msg_callback( | ||||
SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, | SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, | ||||
const void *buf, size_t len, SSL *ssl, void *arg)); | const void *buf, size_t len, SSL *ssl, void *arg)); | ||||
/* SSL_set_msg_callback installs |cb| as the message callback of |ssl|. See | |||||
* |SSL_CTX_set_msg_callback| for when this callback is called. */ | |||||
OPENSSL_EXPORT void SSL_set_msg_callback( | OPENSSL_EXPORT void SSL_set_msg_callback( | ||||
SSL *ssl, void (*cb)(int write_p, int version, int content_type, | SSL *ssl, void (*cb)(int write_p, int version, int content_type, | ||||
const void *buf, size_t len, SSL *ssl, void *arg)); | const void *buf, size_t len, SSL *ssl, void *arg)); | ||||
#define SSL_CTX_set_msg_callback_arg(ctx, arg) \ | #define SSL_CTX_set_msg_callback_arg(ctx, arg) \ | ||||
SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | ||||
#define SSL_set_msg_callback_arg(ssl, arg) \ | #define SSL_set_msg_callback_arg(ssl, arg) \ | ||||
@@ -1550,9 +1568,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |||||
#define SSL_CTRL_SET_TMP_RSA 2 | #define SSL_CTRL_SET_TMP_RSA 2 | ||||
#define SSL_CTRL_SET_TMP_DH 3 | #define SSL_CTRL_SET_TMP_DH 3 | ||||
#define SSL_CTRL_SET_TMP_ECDH 4 | #define SSL_CTRL_SET_TMP_ECDH 4 | ||||
#define SSL_CTRL_SET_TMP_RSA_CB 5 | |||||
#define SSL_CTRL_SET_TMP_DH_CB 6 | |||||
#define SSL_CTRL_SET_TMP_ECDH_CB 7 | |||||
#define SSL_CTRL_GET_SESSION_REUSED 8 | #define SSL_CTRL_GET_SESSION_REUSED 8 | ||||
#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 | ||||
@@ -1562,7 +1577,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |||||
#define SSL_CTRL_GET_FLAGS 13 | #define SSL_CTRL_GET_FLAGS 13 | ||||
#define SSL_CTRL_EXTRA_CHAIN_CERT 14 | #define SSL_CTRL_EXTRA_CHAIN_CERT 14 | ||||
#define SSL_CTRL_SET_MSG_CALLBACK 15 | |||||
#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 | ||||
/* only applies to datagram connections */ | /* only applies to datagram connections */ | ||||
@@ -1596,18 +1610,11 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |||||
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 | #define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 | ||||
/* see tls1.h for macros based on these */ | /* see tls1.h for macros based on these */ | ||||
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 | |||||
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 | ||||
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 | #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 | ||||
#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 | #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 | ||||
#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 | ||||
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 | |||||
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 | |||||
#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 | |||||
#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 | |||||
#define SSL_CTRL_SET_SRP_ARG 78 | #define SSL_CTRL_SET_SRP_ARG 78 | ||||
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 | #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 | ||||
#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 | #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 | ||||
@@ -2038,9 +2045,7 @@ OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num); | |||||
OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num); | OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num); | ||||
OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); | OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); | ||||
OPENSSL_EXPORT long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); | OPENSSL_EXPORT long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); | ||||
OPENSSL_EXPORT long SSL_callback_ctrl(SSL *, int, void (*)(void)); | |||||
OPENSSL_EXPORT long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); | OPENSSL_EXPORT long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); | ||||
OPENSSL_EXPORT long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); | |||||
OPENSSL_EXPORT int SSL_get_error(const SSL *s, int ret_code); | OPENSSL_EXPORT int SSL_get_error(const SSL *s, int ret_code); | ||||
/* SSL_get_version returns a string describing the TLS version used by |s|. For | /* SSL_get_version returns a string describing the TLS version used by |s|. For | ||||
@@ -2173,15 +2178,23 @@ OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void); | |||||
#define SSL_set_max_send_fragment(ssl, m) \ | #define SSL_set_max_send_fragment(ssl, m) \ | ||||
SSL_ctrl(ssl, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) | SSL_ctrl(ssl, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) | ||||
/* NB: the keylength is only applicable when is_export is true */ | |||||
OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( | |||||
SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); | |||||
OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl, | |||||
RSA *(*cb)(SSL *ssl, int is_export, | |||||
int keylength)); | |||||
/* SSL_CTX_set_tmp_dh_callback configures |ctx| to use |callback| to determine | |||||
* the group for DHE ciphers. |callback| should ignore |is_export| and | |||||
* |keylength| and return a |DH| of the selected group or NULL on error. Only | |||||
* the parameters are used, so the |DH| needn't have a generated keypair. | |||||
* | |||||
* WARNING: The caller does not take ownership of the resulting |DH|, so | |||||
* |callback| must save and release the object elsewhere. */ | |||||
OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback( | OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback( | ||||
SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, int keylength)); | |||||
SSL_CTX *ctx, DH *(*callback)(SSL *ssl, int is_export, int keylength)); | |||||
/* SSL_set_tmp_dh_callback configures |ssl| to use |callback| to determine the | |||||
* group for DHE ciphers. |callback| should ignore |is_export| and |keylength| | |||||
* and return a |DH| of the selected group or NULL on error. Only the | |||||
* parameters are used, so the |DH| needn't have a generated keypair. | |||||
* | |||||
* WARNING: The caller does not take ownership of the resulting |DH|, so | |||||
* |callback| must save and release the object elsewhere. */ | |||||
OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl, | OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl, | ||||
DH *(*dh)(SSL *ssl, int is_export, | DH *(*dh)(SSL *ssl, int is_export, | ||||
int keylength)); | int keylength)); | ||||
@@ -2299,11 +2312,14 @@ OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void); | |||||
OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); | OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); | ||||
OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); | OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); | ||||
/* SSL_CTX_set_ecdh_auto returns one. */ | |||||
#define SSL_CTX_set_ecdh_auto(ctx, onoff) 1 | |||||
/* SSL_CTX_set_tmp_rsa_callback does nothing. */ | |||||
OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( | |||||
SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); | |||||
/* SSL_set_ecdh_auto returns one. */ | |||||
#define SSL_set_ecdh_auto(ssl, onoff) 1 | |||||
/* SSL_set_tmp_rsa_callback does nothing. */ | |||||
OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl, | |||||
RSA *(*cb)(SSL *ssl, int is_export, | |||||
int keylength)); | |||||
/* Android compatibility section. | /* Android compatibility section. | ||||
@@ -2329,6 +2345,24 @@ OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); | |||||
OPENSSL_EXPORT const char *SSLeay_version(int unused); | OPENSSL_EXPORT const char *SSLeay_version(int unused); | ||||
/* Preprocessor compatibility section. | |||||
* | |||||
* Historically, a number of APIs were implemented in OpenSSL as macros and | |||||
* constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this | |||||
* section defines a number of legacy macros. */ | |||||
#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist | |||||
#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist | |||||
#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist | |||||
#define SSL_CTRL_SET_MSG_CALLBACK doesnt_exist | |||||
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist | |||||
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist | |||||
#define SSL_CTX_set_tlsext_servername_callback \ | |||||
SSL_CTX_set_tlsext_servername_callback | |||||
#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb | |||||
#if defined(__cplusplus) | #if defined(__cplusplus) | ||||
} /* extern C */ | } /* extern C */ | ||||
#endif | #endif | ||||
@@ -2421,7 +2455,6 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused); | |||||
#define SSL_F_dtls1_write_app_data_bytes 165 | #define SSL_F_dtls1_write_app_data_bytes 165 | ||||
#define SSL_F_i2d_SSL_SESSION 166 | #define SSL_F_i2d_SSL_SESSION 166 | ||||
#define SSL_F_ssl3_accept 167 | #define SSL_F_ssl3_accept 167 | ||||
#define SSL_F_ssl3_callback_ctrl 168 | |||||
#define SSL_F_ssl3_cert_verify_hash 169 | #define SSL_F_ssl3_cert_verify_hash 169 | ||||
#define SSL_F_ssl3_check_cert_and_algorithm 170 | #define SSL_F_ssl3_check_cert_and_algorithm 170 | ||||
#define SSL_F_ssl3_connect 171 | #define SSL_F_ssl3_connect 171 | ||||
@@ -321,9 +321,15 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, | |||||
SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \ | SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \ | ||||
(char *)name) | (char *)name) | ||||
#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ | |||||
SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, \ | |||||
(void (*)(void))cb) | |||||
/* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on | |||||
* the server after ClientHello extensions have been parsed and returns one. | |||||
* |callback| may use |SSL_get_servername| to examine the server_name extension | |||||
* and return a |SSL_TLSEXT_ERR_*| value. If it returns |SSL_TLSEXT_ERR_NOACK|, | |||||
* the server_name extension is not acknowledged in the ServerHello. If the | |||||
* return value signals an alert, |callback| should set |*out_alert| to the | |||||
* alert to send. */ | |||||
OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( | |||||
SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)); | |||||
#define SSL_TLSEXT_ERR_OK 0 | #define SSL_TLSEXT_ERR_OK 0 | ||||
#define SSL_TLSEXT_ERR_ALERT_WARNING 1 | #define SSL_TLSEXT_ERR_ALERT_WARNING 1 | ||||
@@ -338,10 +344,33 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, | |||||
#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ | #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ | ||||
SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys)) | SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys)) | ||||
#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ | |||||
SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \ | |||||
(void (*)(void))cb) | |||||
/* SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to |callback| and | |||||
* returns one. |callback| will be called when encrypting a new ticket and when | |||||
* decrypting a ticket from the client. | |||||
* | |||||
* In both modes, |ctx| and |hmac_ctx| will already have been initialized with | |||||
* |EVP_CIPHER_CTX_init| and |HMAC_CTX_init|, respectively. |callback| | |||||
* configures |hmac_ctx| with an HMAC digest and key, and configures |ctx| | |||||
* for encryption or decryption, based on the mode. | |||||
* | |||||
* When encrypting a new ticket, |encrypt| will be one. It writes a public | |||||
* 16-byte key name to |key_name| and a fresh IV to |iv|. The output IV length | |||||
* must match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, | |||||
* |callback| returns 1 on success and -1 on error. | |||||
* | |||||
* When decrypting a ticket, |encrypt| will be zero. |key_name| will point to a | |||||
* 16-byte key name and |iv| points to an IV. The length of the IV consumed must | |||||
* match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, | |||||
* |callback| returns -1 to abort the handshake, 0 if decrypting the ticket | |||||
* failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed. | |||||
* This may be used to re-key the ticket. | |||||
* | |||||
* WARNING: |callback| wildly breaks the usual return value convention and is | |||||
* called in two different modes. */ | |||||
OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( | |||||
SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, | |||||
EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, | |||||
int encrypt)); | |||||
/* PSK ciphersuites from 4279 */ | /* PSK ciphersuites from 4279 */ | ||||
#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A | #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A | ||||
@@ -79,8 +79,6 @@ static const SSL_PROTOCOL_METHOD DTLS_protocol_method = { | |||||
ssl3_pending, | ssl3_pending, | ||||
ssl3_num_ciphers, | ssl3_num_ciphers, | ||||
dtls1_get_cipher, | dtls1_get_cipher, | ||||
ssl3_callback_ctrl, | |||||
ssl3_ctx_callback_ctrl, | |||||
DTLS1_HM_HEADER_LENGTH, | DTLS1_HM_HEADER_LENGTH, | ||||
dtls1_set_handshake_header, | dtls1_set_handshake_header, | ||||
dtls1_handshake_write, | dtls1_handshake_write, | ||||
@@ -579,8 +579,6 @@ struct ssl_protocol_method_st { | |||||
int (*ssl_pending)(const SSL *s); | int (*ssl_pending)(const SSL *s); | ||||
size_t (*num_ciphers)(void); | size_t (*num_ciphers)(void); | ||||
const SSL_CIPHER *(*get_cipher)(size_t i); | const SSL_CIPHER *(*get_cipher)(size_t i); | ||||
long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); | |||||
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); | |||||
/* Handshake header length */ | /* Handshake header length */ | ||||
unsigned int hhlen; | unsigned int hhlen; | ||||
/* Set the handshake header */ | /* Set the handshake header */ | ||||
@@ -782,8 +780,6 @@ int ssl3_write(SSL *s, const void *buf, int len); | |||||
int ssl3_shutdown(SSL *s); | int ssl3_shutdown(SSL *s); | ||||
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); | long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); | ||||
long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); | long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); | ||||
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); | |||||
long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); | |||||
int ssl3_pending(const SSL *s); | int ssl3_pending(const SSL *s); | ||||
/* ssl3_record_sequence_update increments the sequence number in |seq|. It | /* ssl3_record_sequence_update increments the sequence number in |seq|. It | ||||
@@ -615,10 +615,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { | |||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||||
break; | break; | ||||
case SSL_CTRL_SET_TMP_RSA_CB: | |||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |||||
return ret; | |||||
case SSL_CTRL_SET_TMP_DH: { | case SSL_CTRL_SET_TMP_DH: { | ||||
DH *dh = (DH *)parg; | DH *dh = (DH *)parg; | ||||
if (dh == NULL) { | if (dh == NULL) { | ||||
@@ -641,10 +637,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { | |||||
break; | break; | ||||
} | } | ||||
case SSL_CTRL_SET_TMP_DH_CB: | |||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |||||
return ret; | |||||
case SSL_CTRL_SET_TMP_ECDH: { | case SSL_CTRL_SET_TMP_ECDH: { | ||||
/* For historical reasons, this API expects an |EC_KEY|, but only the | /* For historical reasons, this API expects an |EC_KEY|, but only the | ||||
* group is used. */ | * group is used. */ | ||||
@@ -658,10 +650,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { | |||||
break; | break; | ||||
} | } | ||||
case SSL_CTRL_SET_TMP_ECDH_CB: | |||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |||||
return ret; | |||||
case SSL_CTRL_SET_TLSEXT_HOSTNAME: | case SSL_CTRL_SET_TLSEXT_HOSTNAME: | ||||
if (larg == TLSEXT_NAMETYPE_host_name) { | if (larg == TLSEXT_NAMETYPE_host_name) { | ||||
OPENSSL_free(s->tlsext_hostname); | OPENSSL_free(s->tlsext_hostname); | ||||
@@ -831,29 +819,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { | |||||
return ret; | return ret; | ||||
} | } | ||||
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { | |||||
int ret = 0; | |||||
switch (cmd) { | |||||
case SSL_CTRL_SET_TMP_RSA_CB: | |||||
/* Ignore the callback; temporary RSA keys are never used. */ | |||||
break; | |||||
case SSL_CTRL_SET_TMP_DH_CB: | |||||
s->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int))fp; | |||||
break; | |||||
case SSL_CTRL_SET_TMP_ECDH_CB: | |||||
s->cert->ecdh_tmp_cb = (EC_KEY * (*)(SSL *, int, int))fp; | |||||
break; | |||||
default: | |||||
break; | |||||
} | |||||
return ret; | |||||
} | |||||
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | ||||
CERT *cert; | CERT *cert; | ||||
@@ -868,10 +833,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | |||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||||
return 0; | return 0; | ||||
case SSL_CTRL_SET_TMP_RSA_CB: | |||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |||||
return 0; | |||||
case SSL_CTRL_SET_TMP_DH: { | case SSL_CTRL_SET_TMP_DH: { | ||||
DH *new = NULL, *dh; | DH *new = NULL, *dh; | ||||
@@ -891,10 +852,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | |||||
return 1; | return 1; | ||||
} | } | ||||
case SSL_CTRL_SET_TMP_DH_CB: | |||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |||||
return 0; | |||||
case SSL_CTRL_SET_TMP_ECDH: { | case SSL_CTRL_SET_TMP_ECDH: { | ||||
/* For historical reasons, this API expects an |EC_KEY|, but only the | /* For historical reasons, this API expects an |EC_KEY|, but only the | ||||
* group is used. */ | * group is used. */ | ||||
@@ -907,10 +864,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | |||||
return 1; | return 1; | ||||
} | } | ||||
case SSL_CTRL_SET_TMP_ECDH_CB: | |||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |||||
return 0; | |||||
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: | case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: | ||||
ctx->tlsext_servername_arg = parg; | ctx->tlsext_servername_arg = parg; | ||||
break; | break; | ||||
@@ -1024,37 +977,17 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | |||||
return 1; | return 1; | ||||
} | } | ||||
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { | |||||
CERT *cert; | |||||
cert = ctx->cert; | |||||
switch (cmd) { | |||||
case SSL_CTRL_SET_TMP_RSA_CB: | |||||
/* Ignore the callback; temporary RSA keys are never used. */ | |||||
break; | |||||
case SSL_CTRL_SET_TMP_DH_CB: | |||||
cert->dh_tmp_cb = (DH * (*)(SSL *, int, int))fp; | |||||
break; | |||||
case SSL_CTRL_SET_TMP_ECDH_CB: | |||||
cert->ecdh_tmp_cb = (EC_KEY * (*)(SSL *, int, int))fp; | |||||
break; | |||||
case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: | |||||
ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; | |||||
break; | |||||
case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: | |||||
ctx->tlsext_ticket_key_cb = (int ( | |||||
*)(SSL *, uint8_t *, uint8_t *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; | |||||
break; | |||||
default: | |||||
return 0; | |||||
} | |||||
int SSL_CTX_set_tlsext_servername_callback( | |||||
SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) { | |||||
ctx->tlsext_servername_callback = callback; | |||||
return 1; | |||||
} | |||||
int SSL_CTX_set_tlsext_ticket_key_cb( | |||||
SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, | |||||
EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, | |||||
int encrypt)) { | |||||
ctx->tlsext_ticket_key_cb = callback; | |||||
return 1; | return 1; | ||||
} | } | ||||
@@ -78,8 +78,6 @@ static const SSL_PROTOCOL_METHOD TLS_protocol_method = { | |||||
ssl3_pending, | ssl3_pending, | ||||
ssl3_num_ciphers, | ssl3_num_ciphers, | ||||
ssl3_get_cipher, | ssl3_get_cipher, | ||||
ssl3_callback_ctrl, | |||||
ssl3_ctx_callback_ctrl, | |||||
SSL3_HM_HEADER_LENGTH, | SSL3_HM_HEADER_LENGTH, | ||||
ssl3_set_handshake_header, | ssl3_set_handshake_header, | ||||
ssl3_handshake_write, | ssl3_handshake_write, | ||||
@@ -1034,19 +1034,6 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) { | |||||
} | } | ||||
} | } | ||||
long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { | |||||
switch (cmd) { | |||||
case SSL_CTRL_SET_MSG_CALLBACK: | |||||
s->msg_callback = | |||||
(void (*)(int write_p, int version, int content_type, const void *buf, | |||||
size_t len, SSL *ssl, void *arg))(fp); | |||||
return 1; | |||||
default: | |||||
return s->method->ssl_callback_ctrl(s, cmd, fp); | |||||
} | |||||
} | |||||
LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; } | LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; } | ||||
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | ||||
@@ -1131,19 +1118,6 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { | |||||
} | } | ||||
} | } | ||||
long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { | |||||
switch (cmd) { | |||||
case SSL_CTRL_SET_MSG_CALLBACK: | |||||
ctx->msg_callback = | |||||
(void (*)(int write_p, int version, int content_type, const void *buf, | |||||
size_t len, SSL *ssl, void *arg))(fp); | |||||
return 1; | |||||
default: | |||||
return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp); | |||||
} | |||||
} | |||||
int ssl_cipher_id_cmp(const void *in_a, const void *in_b) { | int ssl_cipher_id_cmp(const void *in_a, const void *in_b) { | ||||
long l; | long l; | ||||
const SSL_CIPHER *a = in_a; | const SSL_CIPHER *a = in_a; | ||||
@@ -2480,36 +2454,33 @@ int SSL_want(const SSL *s) { return s->rwstate; } | |||||
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, | ||||
RSA *(*cb)(SSL *ssl, int is_export, | RSA *(*cb)(SSL *ssl, int is_export, | ||||
int keylength)) { | int keylength)) { | ||||
SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); | |||||
} | } | ||||
void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, | void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, | ||||
int keylength)) { | int keylength)) { | ||||
SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); | |||||
} | } | ||||
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, | ||||
DH *(*dh)(SSL *ssl, int is_export, | |||||
int keylength)) { | |||||
SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); | |||||
DH *(*callback)(SSL *ssl, int is_export, | |||||
int keylength)) { | |||||
ctx->cert->dh_tmp_cb = callback; | |||||
} | } | ||||
void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, | |||||
int keylength)) { | |||||
SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); | |||||
void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export, | |||||
int keylength)) { | |||||
ssl->cert->dh_tmp_cb = callback; | |||||
} | } | ||||
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, | ||||
EC_KEY *(*callback)(SSL *ssl, int is_export, | EC_KEY *(*callback)(SSL *ssl, int is_export, | ||||
int keylength)) { | int keylength)) { | ||||
SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, | |||||
(void (*)(void))callback); | |||||
ctx->cert->ecdh_tmp_cb = callback; | |||||
} | } | ||||
void SSL_set_tmp_ecdh_callback(SSL *ssl, | void SSL_set_tmp_ecdh_callback(SSL *ssl, | ||||
EC_KEY *(*callback)(SSL *ssl, int is_export, | EC_KEY *(*callback)(SSL *ssl, int is_export, | ||||
int keylength)) { | int keylength)) { | ||||
SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))callback); | |||||
ssl->cert->ecdh_tmp_cb = callback; | |||||
} | } | ||||
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { | ||||
@@ -2619,13 +2590,13 @@ void SSL_CTX_set_msg_callback(SSL_CTX *ctx, | |||||
void (*cb)(int write_p, int version, | void (*cb)(int write_p, int version, | ||||
int content_type, const void *buf, | int content_type, const void *buf, | ||||
size_t len, SSL *ssl, void *arg)) { | size_t len, SSL *ssl, void *arg)) { | ||||
SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | |||||
ctx->msg_callback = cb; | |||||
} | } | ||||
void SSL_set_msg_callback(SSL *ssl, | void SSL_set_msg_callback(SSL *ssl, | ||||
void (*cb)(int write_p, int version, int content_type, | void (*cb)(int write_p, int version, int content_type, | ||||
const void *buf, size_t len, SSL *ssl, | const void *buf, size_t len, SSL *ssl, | ||||
void *arg)) { | void *arg)) { | ||||
SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | |||||
ssl->msg_callback = cb; | |||||
} | } | ||||
void SSL_CTX_set_keylog_bio(SSL_CTX *ctx, BIO *keylog_bio) { | void SSL_CTX_set_keylog_bio(SSL_CTX *ctx, BIO *keylog_bio) { | ||||