diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index ac71dc298d66d9f60b065e7413befd1f65fcf3c4..e02485b288549805ed0f68b2e550e98c4a090632 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -349,6 +349,7 @@ pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98; #[cfg(ossl102)] pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; +#[cfg(ossl300)] pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109; #[cfg(ossl110)] pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122; @@ -360,6 +361,7 @@ pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124; pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130; #[cfg(any(ossl110g, libressl270))] pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; +#[cfg(ossl300)] pub const SSL_CTRL_GET_TMP_KEY: c_int = 133; pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long { @@ -508,13 +510,16 @@ cfg_if! { } } } +cfg_if! { + if #[cfg(ossl300)] { + pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_int { + SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, 0, key as *mut c_void) as c_int + } -pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_int { - SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, 0, key as *mut c_void) as c_int -} - -pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_int { - SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, 0, key as *mut c_void) as c_int + pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_int { + SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, 0, key as *mut c_void) as c_int + } + } } #[cfg(ossl111)] diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8bd6d945a1e869cd073082726a7fac8fe2bf0775..9d7ba0edc36a20c563ba95ab9ce5926af473fd95 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -3451,6 +3451,7 @@ impl SslRef { // We use an owned value because EVP_KEY free need to be called when it is // dropped #[corresponds(SSL_get_peer_tmp_key)] + #[cfg(ossl300)] pub fn peer_temp_key(&self) -> Result, ErrorStack> { unsafe { let mut key = ptr::null_mut(); @@ -3465,7 +3466,8 @@ impl SslRef { /// used during key exchange. // We use an owned value because EVP_KEY free need to be called when it is // dropped - #[corresponds(SSL_get_peer_tmp_key)] + #[corresponds(SSL_get_tmp_key)] + #[cfg(ossl300)] pub fn temp_key(&self) -> Result, ErrorStack> { unsafe { let mut key = ptr::null_mut(); diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs index 3c90e728be942ec5b796f02b1c6f548d852e0a19..b289f0fcc881c0e32ee293aba2c6ec60d1f6c110 100644 --- a/openssl/src/ssl/test/mod.rs +++ b/openssl/src/ssl/test/mod.rs @@ -322,9 +322,10 @@ fn state() { ); } -// when a connection uses ECDHE P-256 key exchange, then the temp key APIs -// return P-256 keys, and the peer and local keys are different. +// when a connection uses ECDHE P-384 key exchange, then the temp key APIs +// return P-384 keys, and the peer and local keys are different. #[test] +#[cfg(ossl300)] fn peer_temp_key_p384() { let mut server = Server::builder(); server.ctx().set_groups_list("P-384").unwrap(); @@ -348,6 +349,7 @@ fn peer_temp_key_p384() { // an Error because there is no temp key, and the local (client) temp key is the // temp key sent in the initial key share. #[test] +#[cfg(ossl300)] fn peer_temp_key_rsa() { let mut server = Server::builder(); server.ctx().set_cipher_list("RSA").unwrap();