Deprecate SSL_want*.

This is redundant with SSL_get_error. Neither is very good API, but
SSL_get_error is more common. SSL_get_error also takes a return code
which makes it harder to accidentally call it at some a point other than
immediately after an operation. (Any other point is confusing since you
can have SSL_read and SSL_write operations going on in parallel and
they'll get mixed up.)

Change-Id: I5818527c30daac28edb552c6c550c05c8580292d
Reviewed-on: https://boringssl-review.googlesource.com/6294
Reviewed-by: Adam Langley <alangley@gmail.com>

include/openssl/ssl.h

@@ -2663,27 +2663,6 @@ OPENSSL_EXPORT void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,
                                                                int type,
                                                                int val);
 
-#define SSL_NOTHING 1
-#define SSL_WRITING 2
-#define SSL_READING 3
-#define SSL_X509_LOOKUP 4
-#define SSL_CHANNEL_ID_LOOKUP 5
-#define SSL_PENDING_SESSION 7
-#define SSL_CERTIFICATE_SELECTION_PENDING 8
-#define SSL_PRIVATE_KEY_OPERATION 9
-
-/* These will only be used when doing non-blocking IO */
-#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
-#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
-#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
-#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
-#define SSL_want_session(s) (SSL_want(s) == SSL_PENDING_SESSION)
-#define SSL_want_certificate(s) \
-  (SSL_want(s) == SSL_CERTIFICATE_SELECTION_PENDING)
-#define SSL_want_private_key_operation(s) \
-  (SSL_want(s) == SSL_PRIVATE_KEY_OPERATION)
-
 /* The following are the possible values for ssl->state are are used to
  * indicate where we are up to in the SSL connection establishment. The macros
  * that follow are about the only things you should need to use and even then,
@@ -2780,8 +2759,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
  * peformed by |ssl|. This includes the pending renegotiation, if any. */
 OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
 
-OPENSSL_EXPORT int SSL_want(const SSL *s);
-
 OPENSSL_EXPORT int SSL_get_fd(const SSL *s);
 OPENSSL_EXPORT int SSL_get_rfd(const SSL *s);
 OPENSSL_EXPORT int SSL_get_wfd(const SSL *s);
@@ -3119,6 +3096,30 @@ OPENSSL_EXPORT void SSL_CTX_set_client_cert_cb(
 OPENSSL_EXPORT int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(
       SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey);
 
+#define SSL_NOTHING 1
+#define SSL_WRITING 2
+#define SSL_READING 3
+#define SSL_X509_LOOKUP 4
+#define SSL_CHANNEL_ID_LOOKUP 5
+#define SSL_PENDING_SESSION 7
+#define SSL_CERTIFICATE_SELECTION_PENDING 8
+#define SSL_PRIVATE_KEY_OPERATION 9
+
+/* SSL_want returns one of the above values to determine what the most recent
+ * operation on |ssl| was blocked on. Use |SSL_get_error| instead. */
+OPENSSL_EXPORT int SSL_want(const SSL *ssl);
+
+#define SSL_want_nothing(ssl) (SSL_want(ssl) == SSL_NOTHING)
+#define SSL_want_read(ssl) (SSL_want(ssl) == SSL_READING)
+#define SSL_want_write(ssl) (SSL_want(ssl) == SSL_WRITING)
+#define SSL_want_x509_lookup(ssl) (SSL_want(ssl) == SSL_X509_LOOKUP)
+#define SSL_want_channel_id_lookup(ssl) (SSL_want(ssl) == SSL_CHANNEL_ID_LOOKUP)
+#define SSL_want_session(ssl) (SSL_want(ssl) == SSL_PENDING_SESSION)
+#define SSL_want_certificate(ssl) \
+  (SSL_want(ssl) == SSL_CERTIFICATE_SELECTION_PENDING)
+#define SSL_want_private_key_operation(ssl) \
+  (SSL_want(ssl) == SSL_PRIVATE_KEY_OPERATION)
+
 
 /* Private structures.
  *

ssl/ssl_lib.c

@@ -2163,7 +2163,7 @@ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
   ctx->cert_store = store;
 }
 
-int SSL_want(const SSL *s) { return s->rwstate; }
+int SSL_want(const SSL *ssl) { return ssl->rwstate; }
 
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
                                   RSA *(*cb)(SSL *ssl, int is_export,