Chiebot-Mirror
/
boringssl
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add SSL_CIPHER_get_protocol_id.

Browse Source 
This was introduced in OpenSSL 1.1.1, and wpa_supplicant expects us to
have it. We had this same function as SSL_CIPHER_get_value (to match
SSL_get_cipher_by_value). Align with upstream's name.

It seems we also had a ssl_cipher_get_value lying around, so fold them
together. (I've retained the assert in ssl_cipher_get_value as it seems
reasonable enough; casting a hypothetical SSLv2 cipher ID to uint16_t
would not behave correctly.)

Change-Id: Ifbec460435bbc483f2c3de988522e321f2708172
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42966
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
chromium-5359
David Benjamin 5 years ago committed by CQ bot account: commit-bot@chromium.org
parent 9adcb0aa7e
commit 3743aafdac
7 changed files with 23 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      include/openssl/ssl.h
  2. 2
      ssl/handshake_client.cc
  3. 2
      ssl/handshake_server.cc
  4. 3
      ssl/internal.h
  5. 17
      ssl/ssl_cipher.cc
  6. 4
      ssl/test/mock_quic_transport.cc
  7. 4
      ssl/tls13_server.cc

11
include/openssl/ssl.h
Unescape View File

@ -1293,8 +1293,8 @@ OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
// cast to a |uint16_t| to get it.
OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
// SSL_CIPHER_get_value returns |cipher|'s IANA-assigned number.
OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher);
// SSL_CIPHER_get_protocol_id returns |cipher|'s IANA-assigned number.
OPENSSL_EXPORT uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher);
// SSL_CIPHER_is_aead returns one if |cipher| uses an AEAD cipher.
OPENSSL_EXPORT int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher);
@ -4717,6 +4717,13 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE
#define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED
// SSL_CIPHER_get_value calls |SSL_CIPHER_get_protocol_id|.
//
// TODO(davidben): |SSL_CIPHER_get_value| was our name for this function, but
// upstream added it as |SSL_CIPHER_get_protocol_id|. Switch callers to the new
// name and remove this one.
OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher);
// Nodejs compatibility section (hidden).
//

2
ssl/handshake_client.cc
Unescape View File

@ -259,7 +259,7 @@ static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) {
continue;
}
any_enabled = true;
if (!CBB_add_u16(&child, ssl_cipher_get_value(cipher))) {
if (!CBB_add_u16(&child, SSL_CIPHER_get_protocol_id(cipher))) {
return false;
}
}

2
ssl/handshake_server.cc
Unescape View File

@ -908,7 +908,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
!CBB_add_u8_length_prefixed(&body, &session_id) ||
!CBB_add_bytes(&session_id, session->session_id,
session->session_id_length) ||
!CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
!CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
!CBB_add_u8(&body, 0 /* no compression */) ||
!ssl_add_serverhello_tlsext(hs, &body) ||
!ssl_add_message_cbb(ssl, cbb.get())) {

3
ssl/internal.h
Unescape View File

@ -634,9 +634,6 @@ const EVP_MD *ssl_get_handshake_digest(uint16_t version,
bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
const char *rule_str, bool strict);
// ssl_cipher_get_value returns the cipher suite id of |cipher|.
uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher);
// ssl_cipher_auth_mask_for_key returns the mask of cipher |algorithm_auth|
// values suitable for use with |key| in TLS 1.2 and below.
uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key);

17
ssl/ssl_cipher.cc
Unescape View File

@ -1279,14 +1279,6 @@ bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
return true;
}
uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) {
uint32_t id = cipher->id;
// All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
// to SSLv2 vs SSLv3.
assert((id & 0xff000000) == 0x03000000);
return id & 0xffff;
}
uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key) {
switch (EVP_PKEY_id(key)) {
case EVP_PKEY_RSA:
@ -1376,10 +1368,17 @@ const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }
uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher) {
uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher) {
// All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
// to SSLv2 vs SSLv3.
assert((cipher->id & 0xff000000) == 0x03000000);
return static_cast<uint16_t>(cipher->id);
}
uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher) {
return SSL_CIPHER_get_protocol_id(cipher);
}
int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher) {
return (cipher->algorithm_mac & SSL_AEAD) != 0;
}

4
ssl/test/mock_quic_transport.cc
Unescape View File

@ -38,7 +38,7 @@ bool MockQuicTransport::SetReadSecret(enum ssl_encryption_level_t level,
const uint8_t *secret,
size_t secret_len) {
// TODO(davidben): Assert the various encryption secret invariants.
read_levels_[level].cipher = SSL_CIPHER_get_value(cipher);
read_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher);
read_levels_[level].secret.assign(secret, secret + secret_len);
return true;
}
@ -48,7 +48,7 @@ bool MockQuicTransport::SetWriteSecret(enum ssl_encryption_level_t level,
const uint8_t *secret,
size_t secret_len) {
// TODO(davidben): Assert the various encryption secret invariants.
write_levels_[level].cipher = SSL_CIPHER_get_value(cipher);
write_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher);
write_levels_[level].secret.assign(secret, secret + secret_len);
return true;
}

4
ssl/tls13_server.cc
Unescape View File

@ -501,7 +501,7 @@ static enum ssl_hs_wait_t do_send_hello_retry_request(SSL_HANDSHAKE *hs) {
!CBB_add_bytes(&body, kHelloRetryRequest, SSL3_RANDOM_SIZE) ||
!CBB_add_u8_length_prefixed(&body, &session_id) ||
!CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
!CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
!CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
!CBB_add_u8(&body, 0 /* no compression */) ||
!tls1_get_shared_group(hs, &group_id) ||
!CBB_add_u16_length_prefixed(&body, &extensions) ||
@ -613,7 +613,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
!CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
!CBB_add_u8_length_prefixed(&body, &session_id) ||
!CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
!CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
!CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
!CBB_add_u8(&body, 0) ||
!CBB_add_u16_length_prefixed(&body, &extensions) ||
!ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) ||

Write Preview
Loading…
Cancel
Save