Promote a few more macros.
Next batch. Mostly a bunch of deprecated things. This switches SSL_CTX_set_tmp_rsa from always failing to always succeeding. The latter is probably a safer behavior; a consumer may defensively set a temporary RSA key. We'll successfully "set it" and just never use the result. Change-Id: Idd3d6bf4fc1a20bc9a26605bb9c77c9f799f993c Reviewed-on: https://boringssl-review.googlesource.com/4566 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin
Adam Langley
parent
9f226a5f51
commit
c045469817
@ -1573,16 +1573,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
#define SSL_ERROR_PENDING_SESSION 11
|
||||
#define SSL_ERROR_PENDING_CERTIFICATE 12
|
||||
|
||||
#define SSL_CTRL_NEED_TMP_RSA 1
|
||||
#define SSL_CTRL_SET_TMP_RSA 2
|
||||
#define SSL_CTRL_SET_TMP_DH 3
|
||||
#define SSL_CTRL_SET_TMP_ECDH 4
|
||||
|
||||
#define SSL_CTRL_GET_SESSION_REUSED 8
|
||||
#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
|
||||
#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
|
||||
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
|
||||
#define SSL_CTRL_GET_FLAGS 13
|
||||
#define SSL_CTRL_EXTRA_CHAIN_CERT 14
|
||||
|
||||
/* see tls1.h for macros based on these */
|
||||
@ -1647,17 +1640,17 @@ OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL *ssl, OPENSSL_timeval *out);
|
||||
* WARNING: This function breaks the usual return value convention. */
|
||||
OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
|
||||
|
||||
#define SSL_session_reused(ssl) \
|
||||
SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)
|
||||
#define SSL_num_renegotiations(ssl) \
|
||||
SSL_ctrl((ssl), SSL_CTRL_GET_NUM_RENEGOTIATIONS, 0, NULL)
|
||||
#define SSL_total_renegotiations(ssl) \
|
||||
SSL_ctrl((ssl), SSL_CTRL_GET_TOTAL_RENEGOTIATIONS, 0, NULL)
|
||||
/* SSL_session_reused returns one if |ssl| performed an abbreviated handshake
|
||||
* and zero otherwise.
|
||||
*
|
||||
* TODO(davidben): Hammer down the semantics of this API while a handshake,
|
||||
* initial or renego, is in progress. */
|
||||
OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl);
|
||||
|
||||
/* SSL_total_renegotiations returns the total number of renegotiation handshakes
|
||||
* peformed by |ssl|. This includes the pending renegotiation, if any. */
|
||||
OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
|
||||
|
||||
#define SSL_CTX_need_tmp_RSA(ctx) \
|
||||
SSL_CTX_ctrl(ctx, SSL_CTRL_NEED_TMP_RSA, 0, NULL)
|
||||
#define SSL_CTX_set_tmp_rsa(ctx, rsa) \
|
||||
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_RSA, 0, (char *)rsa)
|
||||
#define SSL_CTX_set_tmp_dh(ctx, dh) \
|
||||
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, (char *)dh)
|
||||
|
||||
@ -1669,9 +1662,6 @@ OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
|
||||
#define SSL_CTX_set_tmp_ecdh(ctx, ecdh) \
|
||||
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh)
|
||||
|
||||
#define SSL_need_tmp_RSA(ssl) SSL_ctrl(ssl, SSL_CTRL_NEED_TMP_RSA, 0, NULL)
|
||||
#define SSL_set_tmp_rsa(ssl, rsa) \
|
||||
SSL_ctrl(ssl, SSL_CTRL_SET_TMP_RSA, 0, (char *)rsa)
|
||||
#define SSL_set_tmp_dh(ssl, dh) \
|
||||
SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, (char *)dh)
|
||||
|
||||
@ -2356,6 +2346,21 @@ OPENSSL_EXPORT int SSL_CTX_sess_cache_full(const SSL_CTX *ctx);
|
||||
/* SSL_cutthrough_complete calls |SSL_in_false_start|. */
|
||||
OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s);
|
||||
|
||||
/* SSL_num_renegotiations calls |SSL_total_renegotiations|. */
|
||||
OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl);
|
||||
|
||||
/* SSL_CTX_need_tmp_RSA returns zero. */
|
||||
OPENSSL_EXPORT int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx);
|
||||
|
||||
/* SSL_need_tmp_RSA returns zero. */
|
||||
OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl);
|
||||
|
||||
/* SSL_CTX_set_tmp_rsa returns one. */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa);
|
||||
|
||||
/* SSL_set_tmp_rsa returns one. */
|
||||
OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa);
|
||||
|
||||
|
||||
/* Android compatibility section.
|
||||
*
|
||||
@ -2386,9 +2391,14 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
|
||||
* constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this
|
||||
* section defines a number of legacy macros. */
|
||||
|
||||
#define SSL_CTRL_NEED_TMP_RSA doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_RSA doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist
|
||||
#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist
|
||||
#define SSL_CTRL_GET_SESSION_REUSED doesnt_exist
|
||||
#define SSL_CTRL_GET_NUM_RENEGOTIATIONS doesnt_exist
|
||||
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS doesnt_exist
|
||||
#define SSL_CTRL_SET_MSG_CALLBACK doesnt_exist
|
||||
#define SSL_CTRL_SET_MSG_CALLBACK_ARG doesnt_exist
|
||||
#define SSL_CTRL_SET_MTU doesnt_exist
|
||||
@ -2412,6 +2422,13 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
|
||||
#define SSL_CTRL_CLEAR_OPTIONS doesnt_exist
|
||||
#define SSL_CTRL_CLEAR_MODE doesnt_exist
|
||||
|
||||
#define SSL_CTX_need_tmp_RSA SSL_CTX_need_tmp_RSA
|
||||
#define SSL_need_tmp_RSA SSL_need_tmp_RSA
|
||||
#define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa
|
||||
#define SSL_set_tmp_rsa SSL_set_tmp_rsa
|
||||
#define SSL_session_reused SSL_session_reused
|
||||
#define SSL_num_renegotiations SSL_num_renegotiations
|
||||
#define SSL_total_renegotiations SSL_total_renegotiations
|
||||
#define SSL_CTX_set_msg_callback_arg SSL_CTX_set_msg_callback_arg
|
||||
#define SSL_set_msg_callback_arg SSL_set_msg_callback_arg
|
||||
#define SSL_set_mtu SSL_set_mtu
|
||||
|
||||
62
ssl/s3_lib.c
62
ssl/s3_lib.c
@ -577,36 +577,38 @@ void ssl3_free(SSL *s) {
|
||||
|
||||
static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len);
|
||||
|
||||
int SSL_session_reused(const SSL *ssl) {
|
||||
return ssl->hit;
|
||||
}
|
||||
|
||||
int SSL_total_renegotiations(const SSL *ssl) {
|
||||
return ssl->s3->total_renegotiations;
|
||||
}
|
||||
|
||||
int SSL_num_renegotiations(const SSL *ssl) {
|
||||
return SSL_total_renegotiations(ssl);
|
||||
}
|
||||
|
||||
int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int SSL_need_rsa(const SSL *ssl) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {
|
||||
int ret = 0;
|
||||
|
||||
switch (cmd) {
|
||||
case SSL_CTRL_GET_SESSION_REUSED:
|
||||
ret = s->hit;
|
||||
break;
|
||||
|
||||
case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
|
||||
break;
|
||||
|
||||
case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
|
||||
case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
|
||||
ret = s->s3->total_renegotiations;
|
||||
break;
|
||||
|
||||
case SSL_CTRL_GET_FLAGS:
|
||||
ret = (int)(s->s3->flags);
|
||||
break;
|
||||
|
||||
case SSL_CTRL_NEED_TMP_RSA:
|
||||
/* Temporary RSA keys are never used. */
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
case SSL_CTRL_SET_TMP_RSA:
|
||||
/* Temporary RSA keys are never used. */
|
||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||
break;
|
||||
|
||||
case SSL_CTRL_SET_TMP_DH:
|
||||
DH_free(s->cert->dh_tmp);
|
||||
s->cert->dh_tmp = DHparams_dup((DH *)parg);
|
||||
@ -806,14 +808,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {
|
||||
cert = ctx->cert;
|
||||
|
||||
switch (cmd) {
|
||||
case SSL_CTRL_NEED_TMP_RSA:
|
||||
/* Temporary RSA keys are never used. */
|
||||
return 0;
|
||||
|
||||
case SSL_CTRL_SET_TMP_RSA:
|
||||
OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||
return 0;
|
||||
|
||||
case SSL_CTRL_SET_TMP_DH:
|
||||
DH_free(cert->dh_tmp);
|
||||
cert->dh_tmp = DHparams_dup((DH *)parg);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user