Make SSL_set_tlsext_opaque_prf_input() a real function.

3 files changed, 29 insertions, 27 deletions

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 04c6ff42a8..fce65d491c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3416,6 +3416,32 @@ void SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp,
 	 s->tlsext_ocsp_resplen = resplen;
 	 }
 
+#ifdef TLSEXT_TYPE_opaque_prf_input
+int SSL_set_tlsext_opaque_prf_input(SSL *s, const void *src, size_t len)
+	 {
+	 if (len > 12288) /* actual internal limit is 2^16 for the
+		           * complete hello message (including the
+		           * cert chain and everything) */
+		 {
+		 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
+		 break;
+		 }
+	 if (s->tlsext_opaque_prf_input != NULL)
+		 OPENSSL_free(s->tlsext_opaque_prf_input);
+	 if (len == 0)
+		 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+	 else
+		 s->tlsext_opaque_prf_input = BUF_memdup(parg, len);
+	 if (s->tlsext_opaque_prf_input != NULL)
+		 {
+		 s->tlsext_opaque_prf_input_len = len;
+		 return 1;
+		 }
+	 s->tlsext_opaque_prf_input_len = 0;
+	 return 0;
+	 }
+#endif
+
 #endif  /* ndef OPENSSL_NO_TLSEXT */
 
 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -3580,30 +3606,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 #endif /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_TLSEXT
 
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
-		if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
-		                   * (including the cert chain and everything) */
-			{
-			SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
-			break;
-			}
-		if (s->tlsext_opaque_prf_input != NULL)
-			OPENSSL_free(s->tlsext_opaque_prf_input);
-		if ((size_t)larg == 0)
-			s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
-		else
-			s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
-		if (s->tlsext_opaque_prf_input != NULL)
-			{
-			s->tlsext_opaque_prf_input_len = (size_t)larg;
-			ret = 1;
-			}
-		else
-			s->tlsext_opaque_prf_input_len = 0;
-		break;
-#endif
-
 #ifndef OPENSSL_NO_HEARTBEATS
 	case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
 		if (SSL_IS_DTLS(s))
diff --git a/ssl/ssl.h b/ssl/ssl.h
index abc875bef3..f70c088eda 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1802,7 +1802,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG	54
 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS		58
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS		59
-#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT	60
 #define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB	61
 #define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB	63
diff --git a/ssl/tls1.h b/ssl/tls1.h
index f51b4c29bd..3799cba737 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -354,6 +354,9 @@ size_t SSL_get_tlsext_status_ocsp_resp(SSL *s, const unsigned char **resp);
  * any previously set value. FIXME? */
 void SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp,
 				     size_t resplen);
+# ifdef TLSEXT_TYPE_opaque_prf_input
+void SSL_set_tlsext_opaque_prf_input(SSL *s, const void *src, size_t len);
+# endif
 #endif  /* ndef OPENSSL_NO_TLSEXT */
 
 #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
@@ -378,8 +381,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
 #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
 SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
 
-#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
 #define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
 #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \