Deprecate SSL_get_(peer_)finished.
The only reason you'd want it is to tls_unique, and we have a better API
for that. (It has one caller and that is indeed what that caller uses it
for.)
Change-Id: I39f8e353f56f18becb63dd6f7205ad31f4192bfd
Reviewed-on: https://boringssl-review.googlesource.com/6295
Reviewed-by: Adam Langley <alangley@gmail.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 1cdb7ad..8174116 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2702,13 +2702,6 @@
* for the peer, but |SSL_read| will require the handshake to be completed. */
OPENSSL_EXPORT int SSL_in_false_start(const SSL *s);
-/* Obtain latest Finished message
- * -- that we sent (SSL_get_finished)
- * -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-OPENSSL_EXPORT size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
#define d2i_SSL_SESSION_bio(bp, s_id) \
ASN1_d2i_bio_of(SSL_SESSION, SSL_SESSION_new, d2i_SSL_SESSION, bp, s_id)
#define i2d_SSL_SESSION_bio(bp, s_id) \
@@ -3120,6 +3113,21 @@
#define SSL_want_private_key_operation(ssl) \
(SSL_want(ssl) == SSL_PRIVATE_KEY_OPERATION)
+ /* SSL_get_finished writes up to |count| bytes of the Finished message sent by
+ * |ssl| to |buf|. It returns the total untruncated length or zero if none has
+ * been sent yet.
+ *
+ * Use |SSL_get_tls_unique| instead. */
+OPENSSL_EXPORT size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count);
+
+ /* SSL_get_peer_finished writes up to |count| bytes of the Finished message
+ * received from |ssl|'s peer to |buf|. It returns the total untruncated length
+ * or zero if none has been received yet.
+ *
+ * Use |SSL_get_tls_unique| instead. */
+OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *ssl, void *buf,
+ size_t count);
+
/* Private structures.
*
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 4218dee..57a76fa 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1163,31 +1163,29 @@
return ret;
}
-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count) {
+size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
size_t ret = 0;
- if (s->s3 != NULL) {
- ret = s->s3->tmp.finish_md_len;
+ if (ssl->s3 != NULL) {
+ ret = ssl->s3->tmp.finish_md_len;
if (count > ret) {
count = ret;
}
- memcpy(buf, s->s3->tmp.finish_md, count);
+ memcpy(buf, ssl->s3->tmp.finish_md, count);
}
return ret;
}
-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) {
+size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
size_t ret = 0;
- if (s->s3 != NULL) {
- ret = s->s3->tmp.peer_finish_md_len;
+ if (ssl->s3 != NULL) {
+ ret = ssl->s3->tmp.peer_finish_md_len;
if (count > ret) {
count = ret;
}
- memcpy(buf, s->s3->tmp.peer_finish_md, count);
+ memcpy(buf, ssl->s3->tmp.peer_finish_md, count);
}
return ret;
