Google Git
Sign in
boringssl/boringssl.git/3743aafdacff2f7b083615a043a37101f740fa53^!/.
commit
3743aafdacff2f7b083615a043a37101f740fa53
[log]
author
David Benjamin <davidben@google.com>
Mon Sep 21 13:55:16 2020 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Mon Sep 21 18:28:28 2020 +0000
tree
44c8818dc5c4f31130522cdb8be673611b30f3f5
parent
9adcb0aa7eb946bea9197276121412ef68776315 [diff]
Add SSL_CIPHER_get_protocol_id.

This was introduced in OpenSSL 1.1.1, and wpa_supplicant expects us to
have it. We had this same function as SSL_CIPHER_get_value (to match
SSL_get_cipher_by_value). Align with upstream's name.

It seems we also had a ssl_cipher_get_value lying around, so fold them
together. (I've retained the assert in ssl_cipher_get_value as it seems
reasonable enough; casting a hypothetical SSLv2 cipher ID to uint16_t
would not behave correctly.)

Change-Id: Ifbec460435bbc483f2c3de988522e321f2708172
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42966
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 96ba53b..3e4b638 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1293,8 +1293,8 @@
 // cast to a |uint16_t| to get it.
 OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
 
-// SSL_CIPHER_get_value returns |cipher|'s IANA-assigned number.
-OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher);
+// SSL_CIPHER_get_protocol_id returns |cipher|'s IANA-assigned number.
+OPENSSL_EXPORT uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher);
 
 // SSL_CIPHER_is_aead returns one if |cipher| uses an AEAD cipher.
 OPENSSL_EXPORT int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher);
@@ -4717,6 +4717,13 @@
   SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE
 #define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED
 
+// SSL_CIPHER_get_value calls |SSL_CIPHER_get_protocol_id|.
+//
+// TODO(davidben): |SSL_CIPHER_get_value| was our name for this function, but
+// upstream added it as |SSL_CIPHER_get_protocol_id|. Switch callers to the new
+// name and remove this one.
+OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher);
+
 
 // Nodejs compatibility section (hidden).
 //

diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 670e476..1b7bb1b 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc

@@ -259,7 +259,7 @@
         continue;
       }
       any_enabled = true;
-      if (!CBB_add_u16(&child, ssl_cipher_get_value(cipher))) {
+      if (!CBB_add_u16(&child, SSL_CIPHER_get_protocol_id(cipher))) {
         return false;
       }
     }

diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 2489428..26227d3 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc

@@ -908,7 +908,7 @@
       !CBB_add_u8_length_prefixed(&body, &session_id) ||
       !CBB_add_bytes(&session_id, session->session_id,
                      session->session_id_length) ||
-      !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
+      !CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
       !CBB_add_u8(&body, 0 /* no compression */) ||
       !ssl_add_serverhello_tlsext(hs, &body) ||
       !ssl_add_message_cbb(ssl, cbb.get())) {

diff --git a/ssl/internal.h b/ssl/internal.h
index 750bfe9..ffc18a5 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -634,9 +634,6 @@
 bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
                             const char *rule_str, bool strict);
 
-// ssl_cipher_get_value returns the cipher suite id of |cipher|.
-uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher);
-
 // ssl_cipher_auth_mask_for_key returns the mask of cipher |algorithm_auth|
 // values suitable for use with |key| in TLS 1.2 and below.
 uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key);

diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index c421292..4f5049c 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc

@@ -1279,14 +1279,6 @@
   return true;
 }
 
-uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) {
-  uint32_t id = cipher->id;
-  // All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
-  // to SSLv2 vs SSLv3.
-  assert((id & 0xff000000) == 0x03000000);
-  return id & 0xffff;
-}
-
 uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key) {
   switch (EVP_PKEY_id(key)) {
     case EVP_PKEY_RSA:
@@ -1376,10 +1368,17 @@
 
 uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }
 
-uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher) {
+uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher) {
+  // All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
+  // to SSLv2 vs SSLv3.
+  assert((cipher->id & 0xff000000) == 0x03000000);
   return static_cast<uint16_t>(cipher->id);
 }
 
+uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher) {
+  return SSL_CIPHER_get_protocol_id(cipher);
+}
+
 int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher) {
   return (cipher->algorithm_mac & SSL_AEAD) != 0;
 }

diff --git a/ssl/test/mock_quic_transport.cc b/ssl/test/mock_quic_transport.cc
index 0929432..6a3f0e8 100644
--- a/ssl/test/mock_quic_transport.cc
+++ b/ssl/test/mock_quic_transport.cc

@@ -38,7 +38,7 @@
                                       const uint8_t *secret,
                                       size_t secret_len) {
   // TODO(davidben): Assert the various encryption secret invariants.
-  read_levels_[level].cipher = SSL_CIPHER_get_value(cipher);
+  read_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher);
   read_levels_[level].secret.assign(secret, secret + secret_len);
   return true;
 }
@@ -48,7 +48,7 @@
                                        const uint8_t *secret,
                                        size_t secret_len) {
   // TODO(davidben): Assert the various encryption secret invariants.
-  write_levels_[level].cipher = SSL_CIPHER_get_value(cipher);
+  write_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher);
   write_levels_[level].secret.assign(secret, secret + secret_len);
   return true;
 }

diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 25c13ef..0105f1c 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc

@@ -501,7 +501,7 @@
       !CBB_add_bytes(&body, kHelloRetryRequest, SSL3_RANDOM_SIZE) ||
       !CBB_add_u8_length_prefixed(&body, &session_id) ||
       !CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
-      !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
+      !CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
       !CBB_add_u8(&body, 0 /* no compression */) ||
       !tls1_get_shared_group(hs, &group_id) ||
       !CBB_add_u16_length_prefixed(&body, &extensions) ||
@@ -613,7 +613,7 @@
       !CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
       !CBB_add_u8_length_prefixed(&body, &session_id) ||
       !CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
-      !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
+      !CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
       !CBB_add_u8(&body, 0) ||
       !CBB_add_u16_length_prefixed(&body, &extensions) ||
       !ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) ||