diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2020-09-17 15:42:15 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2020-09-17 15:42:15 +0000 |
| commit | d134def7f094f1c04290c15d98794eff718253d8 (patch) | |
| tree | e9b8f1075696f125d155854fc6174d5bc818ffe6 /lib | |
| parent | f54899523eb5d5d3b68a4401bf05ea642bb08754 (diff) | |
Prepare to provide SSL_get_peer_tmp_key().
OpenSSL effectively renamed SSL_get_server_tmp_key() to
SSL_get_peer_tmp_key() and removed the client-side restriction. Prepare
for a matching rename.
ok tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/s3_lib.c | 17 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 12 |
2 files changed, 20 insertions, 9 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index fae70cc5c78..91bfb5f3b62 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.197 2020/09/14 18:34:12 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1652,17 +1652,15 @@ ssl3_clear(SSL *s) S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); } -static long -ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) +long +_SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key) { EVP_PKEY *pkey = NULL; SESS_CERT *sc; int ret = 0; - *pkey_tmp = NULL; + *key = NULL; - if (s->server != 0) - return 0; if (s->session == NULL || SSI(s)->sess_cert == NULL) return 0; @@ -1688,7 +1686,7 @@ ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) goto err; } - *pkey_tmp = pkey; + *key = pkey; pkey = NULL; ret = 1; @@ -2016,8 +2014,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_GROUPS_LIST: return SSL_set1_groups_list(s, parg); + /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */ case SSL_CTRL_GET_SERVER_TMP_KEY: - return ssl_ctrl_get_server_tmp_key(s, parg); + if (s->server != 0) + return 0; + return _SSL_get_peer_tmp_key(s, parg); case SSL_CTRL_GET_MIN_PROTO_VERSION: return SSL_get_min_proto_version(s); diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index eb288699b1c..a783739c570 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.172 2020/09/13 16:49:05 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.173 2020/09/17 15:42:14 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1126,7 +1126,12 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_CTRL_SET_ECDH_AUTO 94 +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_CTRL_GET_PEER_TMP_KEY 109 +#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY +#else #define SSL_CTRL_GET_SERVER_TMP_KEY 109 +#endif #define SSL_CTRL_GET_CHAIN_CERTS 115 @@ -1231,6 +1236,11 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version); #define SSL_get_server_tmp_key(s, pk) \ SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk) +#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */ + #ifndef LIBRESSL_INTERNAL /* * Also provide those functions as macros for compatibility with |