summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
authorjsing <>2020-09-17 15:42:14 +0000
committerjsing <>2020-09-17 15:42:14 +0000
commitc994273701191e583d96a1829697ca3e3a1706dc (patch)
treeb5f2020d1e938beeb3c8e8a25b9ef97cb893f7e2 /src/lib/libssl
parent8b329cf90019dcaa45de44d9c3b2eed853ec9429 (diff)
downloadopenbsd-c994273701191e583d96a1829697ca3e3a1706dc.tar.gz
openbsd-c994273701191e583d96a1829697ca3e3a1706dc.tar.bz2
openbsd-c994273701191e583d96a1829697ca3e3a1706dc.zip
Prepare to provide SSL_get_peer_tmp_key().
OpenSSL effectively renamed SSL_get_server_tmp_key() to SSL_get_peer_tmp_key() and removed the client-side restriction. Prepare for a matching rename. ok tb@
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/s3_lib.c17
-rw-r--r--src/lib/libssl/ssl.h12
2 files changed, 20 insertions, 9 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index fae70cc5c7..91bfb5f3b6 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.197 2020/09/14 18:34:12 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1652,17 +1652,15 @@ ssl3_clear(SSL *s)
1652 S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); 1652 S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
1653} 1653}
1654 1654
1655static long 1655long
1656ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) 1656_SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
1657{ 1657{
1658 EVP_PKEY *pkey = NULL; 1658 EVP_PKEY *pkey = NULL;
1659 SESS_CERT *sc; 1659 SESS_CERT *sc;
1660 int ret = 0; 1660 int ret = 0;
1661 1661
1662 *pkey_tmp = NULL; 1662 *key = NULL;
1663 1663
1664 if (s->server != 0)
1665 return 0;
1666 if (s->session == NULL || SSI(s)->sess_cert == NULL) 1664 if (s->session == NULL || SSI(s)->sess_cert == NULL)
1667 return 0; 1665 return 0;
1668 1666
@@ -1688,7 +1686,7 @@ ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
1688 goto err; 1686 goto err;
1689 } 1687 }
1690 1688
1691 *pkey_tmp = pkey; 1689 *key = pkey;
1692 pkey = NULL; 1690 pkey = NULL;
1693 1691
1694 ret = 1; 1692 ret = 1;
@@ -2016,8 +2014,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2016 case SSL_CTRL_SET_GROUPS_LIST: 2014 case SSL_CTRL_SET_GROUPS_LIST:
2017 return SSL_set1_groups_list(s, parg); 2015 return SSL_set1_groups_list(s, parg);
2018 2016
2017 /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */
2019 case SSL_CTRL_GET_SERVER_TMP_KEY: 2018 case SSL_CTRL_GET_SERVER_TMP_KEY:
2020 return ssl_ctrl_get_server_tmp_key(s, parg); 2019 if (s->server != 0)
2020 return 0;
2021 return _SSL_get_peer_tmp_key(s, parg);
2021 2022
2022 case SSL_CTRL_GET_MIN_PROTO_VERSION: 2023 case SSL_CTRL_GET_MIN_PROTO_VERSION:
2023 return SSL_get_min_proto_version(s); 2024 return SSL_get_min_proto_version(s);
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index eb288699b1..a783739c57 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.172 2020/09/13 16:49:05 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.173 2020/09/17 15:42:14 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1126,7 +1126,12 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
1126 1126
1127#define SSL_CTRL_SET_ECDH_AUTO 94 1127#define SSL_CTRL_SET_ECDH_AUTO 94
1128 1128
1129#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
1130#define SSL_CTRL_GET_PEER_TMP_KEY 109
1131#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
1132#else
1129#define SSL_CTRL_GET_SERVER_TMP_KEY 109 1133#define SSL_CTRL_GET_SERVER_TMP_KEY 109
1134#endif
1130 1135
1131#define SSL_CTRL_GET_CHAIN_CERTS 115 1136#define SSL_CTRL_GET_CHAIN_CERTS 115
1132 1137
@@ -1231,6 +1236,11 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
1231#define SSL_get_server_tmp_key(s, pk) \ 1236#define SSL_get_server_tmp_key(s, pk) \
1232 SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) 1237 SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
1233 1238
1239#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
1240#define SSL_get_peer_tmp_key(s, pk) \
1241 SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
1242#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */
1243
1234#ifndef LIBRESSL_INTERNAL 1244#ifndef LIBRESSL_INTERNAL
1235/* 1245/*
1236 * Also provide those functions as macros for compatibility with 1246 * Also provide those functions as macros for compatibility with