diff options
| author | jsing <> | 2020-09-17 15:42:14 +0000 |
|---|---|---|
| committer | jsing <> | 2020-09-17 15:42:14 +0000 |
| commit | c994273701191e583d96a1829697ca3e3a1706dc (patch) | |
| tree | b5f2020d1e938beeb3c8e8a25b9ef97cb893f7e2 /src/lib/libssl | |
| parent | 8b329cf90019dcaa45de44d9c3b2eed853ec9429 (diff) | |
| download | openbsd-c994273701191e583d96a1829697ca3e3a1706dc.tar.gz openbsd-c994273701191e583d96a1829697ca3e3a1706dc.tar.bz2 openbsd-c994273701191e583d96a1829697ca3e3a1706dc.zip | |
Prepare to provide SSL_get_peer_tmp_key().
OpenSSL effectively renamed SSL_get_server_tmp_key() to
SSL_get_peer_tmp_key() and removed the client-side restriction. Prepare
for a matching rename.
ok tb@
Diffstat (limited to 'src/lib/libssl')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 17 | ||||
| -rw-r--r-- | src/lib/libssl/ssl.h | 12 |
2 files changed, 20 insertions, 9 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index fae70cc5c7..91bfb5f3b6 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.197 2020/09/14 18:34:12 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1652,17 +1652,15 @@ ssl3_clear(SSL *s) | |||
| 1652 | S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); | 1652 | S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); |
| 1653 | } | 1653 | } |
| 1654 | 1654 | ||
| 1655 | static long | 1655 | long |
| 1656 | ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) | 1656 | _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key) |
| 1657 | { | 1657 | { |
| 1658 | EVP_PKEY *pkey = NULL; | 1658 | EVP_PKEY *pkey = NULL; |
| 1659 | SESS_CERT *sc; | 1659 | SESS_CERT *sc; |
| 1660 | int ret = 0; | 1660 | int ret = 0; |
| 1661 | 1661 | ||
| 1662 | *pkey_tmp = NULL; | 1662 | *key = NULL; |
| 1663 | 1663 | ||
| 1664 | if (s->server != 0) | ||
| 1665 | return 0; | ||
| 1666 | if (s->session == NULL || SSI(s)->sess_cert == NULL) | 1664 | if (s->session == NULL || SSI(s)->sess_cert == NULL) |
| 1667 | return 0; | 1665 | return 0; |
| 1668 | 1666 | ||
| @@ -1688,7 +1686,7 @@ ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) | |||
| 1688 | goto err; | 1686 | goto err; |
| 1689 | } | 1687 | } |
| 1690 | 1688 | ||
| 1691 | *pkey_tmp = pkey; | 1689 | *key = pkey; |
| 1692 | pkey = NULL; | 1690 | pkey = NULL; |
| 1693 | 1691 | ||
| 1694 | ret = 1; | 1692 | ret = 1; |
| @@ -2016,8 +2014,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 2016 | case SSL_CTRL_SET_GROUPS_LIST: | 2014 | case SSL_CTRL_SET_GROUPS_LIST: |
| 2017 | return SSL_set1_groups_list(s, parg); | 2015 | return SSL_set1_groups_list(s, parg); |
| 2018 | 2016 | ||
| 2017 | /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */ | ||
| 2019 | case SSL_CTRL_GET_SERVER_TMP_KEY: | 2018 | case SSL_CTRL_GET_SERVER_TMP_KEY: |
| 2020 | return ssl_ctrl_get_server_tmp_key(s, parg); | 2019 | if (s->server != 0) |
| 2020 | return 0; | ||
| 2021 | return _SSL_get_peer_tmp_key(s, parg); | ||
| 2021 | 2022 | ||
| 2022 | case SSL_CTRL_GET_MIN_PROTO_VERSION: | 2023 | case SSL_CTRL_GET_MIN_PROTO_VERSION: |
| 2023 | return SSL_get_min_proto_version(s); | 2024 | return SSL_get_min_proto_version(s); |
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index eb288699b1..a783739c57 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.172 2020/09/13 16:49:05 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.173 2020/09/17 15:42:14 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1126,7 +1126,12 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); | |||
| 1126 | 1126 | ||
| 1127 | #define SSL_CTRL_SET_ECDH_AUTO 94 | 1127 | #define SSL_CTRL_SET_ECDH_AUTO 94 |
| 1128 | 1128 | ||
| 1129 | #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) | ||
| 1130 | #define SSL_CTRL_GET_PEER_TMP_KEY 109 | ||
| 1131 | #define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY | ||
| 1132 | #else | ||
| 1129 | #define SSL_CTRL_GET_SERVER_TMP_KEY 109 | 1133 | #define SSL_CTRL_GET_SERVER_TMP_KEY 109 |
| 1134 | #endif | ||
| 1130 | 1135 | ||
| 1131 | #define SSL_CTRL_GET_CHAIN_CERTS 115 | 1136 | #define SSL_CTRL_GET_CHAIN_CERTS 115 |
| 1132 | 1137 | ||
| @@ -1231,6 +1236,11 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version); | |||
| 1231 | #define SSL_get_server_tmp_key(s, pk) \ | 1236 | #define SSL_get_server_tmp_key(s, pk) \ |
| 1232 | SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) | 1237 | SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) |
| 1233 | 1238 | ||
| 1239 | #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) | ||
| 1240 | #define SSL_get_peer_tmp_key(s, pk) \ | ||
| 1241 | SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk) | ||
| 1242 | #endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */ | ||
| 1243 | |||
| 1234 | #ifndef LIBRESSL_INTERNAL | 1244 | #ifndef LIBRESSL_INTERNAL |
| 1235 | /* | 1245 | /* |
| 1236 | * Also provide those functions as macros for compatibility with | 1246 | * Also provide those functions as macros for compatibility with |