From 4fbfe86ae3c5a829ea1a259330921bd5549223a5 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 16 Feb 2017 17:04:40 +0000
Subject: [PATCH] Don't use an enum in the return type for a public API
 function

We use an int instead. That means SSL_key_update() also should use an int.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
---
 doc/man3/SSL_key_update.pod | 13 ++-----------
 doc/man7/ssl.pod            |  4 ++--
 include/openssl/ssl.h       | 16 +++++++---------
 ssl/ssl_lib.c               |  4 ++--
 ssl/ssl_locl.h              |  2 +-
 test/ssl_test_ctx.h         |  2 +-
 6 files changed, 15 insertions(+), 26 deletions(-)

diff --git a/doc/man3/SSL_key_update.pod b/doc/man3/SSL_key_update.pod
index 3aab0d6dc0..5b62234350 100644
--- a/doc/man3/SSL_key_update.pod
+++ b/doc/man3/SSL_key_update.pod
@@ -13,17 +13,8 @@ SSL_renegotiate_pending
 
  #include <openssl/ssl.h>
 
- /* TLSv1.3 KeyUpdate message types */
- typedef enum {
-     /* -1 used so that this is an invalid value for the on-the-wire protocol */
-     SSL_KEY_UPDATE_NONE = -1,
-     /* Values as defined for the on-the-wire protocol */
-     SSL_KEY_UPDATE_NOT_REQUESTED = 0,
-     SSL_KEY_UPDATE_REQUESTED = 1
- } SSL_KEY_UPDATE;
-
- int SSL_key_update(SSL *s, SSL_KEY_UPDATE updatetype);
- SSL_KEY_UPDATE SSL_get_key_update_type(SSL *s);
+ int SSL_key_update(SSL *s, int updatetype);
+ int SSL_get_key_update_type(SSL *s);
 
  int SSL_renegotiate(SSL *s);
  int SSL_renegotiate_abbreviated(SSL *s);
diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod
index b15ae7c3b6..5812bc8052 100644
--- a/doc/man7/ssl.pod
+++ b/doc/man7/ssl.pod
@@ -552,7 +552,7 @@ fresh handle for each connection.
 
 =item void (*B<SSL_get_info_callback>(const SSL *ssl);)()
 
-=item SSL_KEY_UPDATE B<SSL_get_key_update_type>(SSL *s);
+=item int B<SSL_get_key_update_type>(SSL *s);
 
 =item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl);
 
@@ -602,7 +602,7 @@ fresh handle for each connection.
 
 =item int B<SSL_is_init_finished>(SSL *ssl);
 
-=item int B<SSL_key_update>(SSL *s, SSL_KEY_UPDATE updatetype);
+=item int B<SSL_key_update>(SSL *s, int updatetype);
 
 =item STACK *B<SSL_load_client_CA_file>(const char *file);
 
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index da5d1d09d2..5b8a0bbd68 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -826,13 +826,11 @@ DEFINE_STACK_OF(SSL_COMP)
 DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
 
 /* TLSv1.3 KeyUpdate message types */
-typedef enum {
-    /* -1 used so that this is an invalid value for the on-the-wire protocol */
-    SSL_KEY_UPDATE_NONE = -1,
-    /* Values as defined for the on-the-wire protocol */
-    SSL_KEY_UPDATE_NOT_REQUESTED = 0,
-    SSL_KEY_UPDATE_REQUESTED = 1
-} SSL_KEY_UPDATE;
+/* -1 used so that this is an invalid value for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NONE             -1
+/* Values as defined for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NOT_REQUESTED     0
+#define SSL_KEY_UPDATE_REQUESTED         1
 
 /*
  * The valid handshake states (one for each type message sent and one for each
@@ -1662,8 +1660,8 @@ __owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
 __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
 
 __owur int SSL_do_handshake(SSL *s);
-int SSL_key_update(SSL *s, SSL_KEY_UPDATE updatetype);
-SSL_KEY_UPDATE SSL_get_key_update_type(SSL *s);
+int SSL_key_update(SSL *s, int updatetype);
+int SSL_get_key_update_type(SSL *s);
 int SSL_renegotiate(SSL *s);
 int SSL_renegotiate_abbreviated(SSL *s);
 __owur int SSL_renegotiate_pending(SSL *s);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index cb5e0cfbc9..e8274a1c05 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1718,7 +1718,7 @@ int SSL_shutdown(SSL *s)
     }
 }
 
-int SSL_key_update(SSL *s, SSL_KEY_UPDATE updatetype)
+int SSL_key_update(SSL *s, int updatetype)
 {
     /*
      * TODO(TLS1.3): How will applications know whether TLSv1.3+ has been
@@ -1746,7 +1746,7 @@ int SSL_key_update(SSL *s, SSL_KEY_UPDATE updatetype)
     return 1;
 }
 
-SSL_KEY_UPDATE SSL_get_key_update_type(SSL *s)
+int SSL_get_key_update_type(SSL *s)
 {
     return s->key_update;
 }
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 991766f05b..70a47a8f54 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1177,7 +1177,7 @@ struct ssl_st {
      */
     int renegotiate;
     /* If sending a KeyUpdate is pending */
-    SSL_KEY_UPDATE key_update;
+    int key_update;
 # ifndef OPENSSL_NO_SRP
     /* ctx for SRP authentication */
     SRP_CTX srp_ctx;
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
index eaeee1fd3c..1c66740fb7 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -124,7 +124,7 @@ typedef struct {
     /* Maximum send fragment size. */
     int max_fragment_size;
     /* KeyUpdate type */
-    SSL_KEY_UPDATE key_update_type;
+    int key_update_type;
 
     /*
      * Extra server/client configurations. Per-handshake.
-- 
2.25.1