From 386c36a87db6b8ccd67112400a3083ee8b4ca1d6 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Mon, 30 Oct 2023 19:08:19 +0000 Subject: [PATCH] gate temp key on ossl 3.0.0 --- openssl-sys/src/ssl.rs | 17 +++++++++++------ openssl/src/ssl/mod.rs | 4 +++- openssl/src/ssl/test/mod.rs | 6 ++++-- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index ac71dc298..e02485b28 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -349,6 +349,7 @@ pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94; pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98; #[cfg(ossl102)] pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106; +#[cfg(ossl300)] pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109; #[cfg(ossl110)] pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122; @@ -360,6 +361,7 @@ pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124; pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130; #[cfg(any(ossl110g, libressl270))] pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; +#[cfg(ossl300)] pub const SSL_CTRL_GET_TMP_KEY: c_int = 133; pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long { @@ -508,13 +510,16 @@ cfg_if! { } } } +cfg_if! { + if #[cfg(ossl300)] { + pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_int { + SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, 0, key as *mut c_void) as c_int + } -pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_int { - SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, 0, key as *mut c_void) as c_int -} - -pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_int { - SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, 0, key as *mut c_void) as c_int + pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_int { + SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, 0, key as *mut c_void) as c_int + } + } } #[cfg(ossl111)] diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 8bd6d945a..9d7ba0edc 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -3451,6 +3451,7 @@ impl SslRef { // We use an owned value because EVP_KEY free need to be called when it is // dropped #[corresponds(SSL_get_peer_tmp_key)] + #[cfg(ossl300)] pub fn peer_temp_key(&self) -> Result, ErrorStack> { unsafe { let mut key = ptr::null_mut(); @@ -3465,7 +3466,8 @@ impl SslRef { /// used during key exchange. // We use an owned value because EVP_KEY free need to be called when it is // dropped - #[corresponds(SSL_get_peer_tmp_key)] + #[corresponds(SSL_get_tmp_key)] + #[cfg(ossl300)] pub fn temp_key(&self) -> Result, ErrorStack> { unsafe { let mut key = ptr::null_mut(); diff --git a/openssl/src/ssl/test/mod.rs b/openssl/src/ssl/test/mod.rs index 3c90e728b..b289f0fcc 100644 --- a/openssl/src/ssl/test/mod.rs +++ b/openssl/src/ssl/test/mod.rs @@ -322,9 +322,10 @@ fn state() { ); } -// when a connection uses ECDHE P-256 key exchange, then the temp key APIs -// return P-256 keys, and the peer and local keys are different. +// when a connection uses ECDHE P-384 key exchange, then the temp key APIs +// return P-384 keys, and the peer and local keys are different. #[test] +#[cfg(ossl300)] fn peer_temp_key_p384() { let mut server = Server::builder(); server.ctx().set_groups_list("P-384").unwrap(); @@ -348,6 +349,7 @@ fn peer_temp_key_p384() { // an Error because there is no temp key, and the local (client) temp key is the // temp key sent in the initial key share. #[test] +#[cfg(ossl300)] fn peer_temp_key_rsa() { let mut server = Server::builder(); server.ctx().set_cipher_list("RSA").unwrap(); -- GitLab