1 /* 2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some engine and HMAC deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <openssl/engine.h> 14 #include "ssl_local.h" 15 16 /* 17 * Engine APIs are only used to support applications that still use ENGINEs. 18 * Once ENGINE is removed completely, all of this code can also be removed. 19 */ 20 21 #ifndef OPENSSL_NO_ENGINE 22 void tls_engine_finish(ENGINE *e) 23 { 24 ENGINE_finish(e); 25 } 26 #endif 27 28 const EVP_CIPHER *tls_get_cipher_from_engine(int nid) 29 { 30 const EVP_CIPHER *ret = NULL; 31 #ifndef OPENSSL_NO_ENGINE 32 ENGINE *eng; 33 34 /* 35 * If there is an Engine available for this cipher we use the "implicit" 36 * form to ensure we use that engine later. 37 */ 38 eng = ENGINE_get_cipher_engine(nid); 39 if (eng != NULL) { 40 ret = ENGINE_get_cipher(eng, nid); 41 ENGINE_finish(eng); 42 } 43 #endif 44 return ret; 45 } 46 47 const EVP_MD *tls_get_digest_from_engine(int nid) 48 { 49 const EVP_MD *ret = NULL; 50 #ifndef OPENSSL_NO_ENGINE 51 ENGINE *eng; 52 53 /* 54 * If there is an Engine available for this digest we use the "implicit" 55 * form to ensure we use that engine later. 56 */ 57 eng = ENGINE_get_digest_engine(nid); 58 if (eng != NULL) { 59 ret = ENGINE_get_digest(eng, nid); 60 ENGINE_finish(eng); 61 } 62 #endif 63 return ret; 64 } 65 66 #ifndef OPENSSL_NO_ENGINE 67 int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey) 68 { 69 return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, 70 SSL_get_client_CA_list(s), 71 px509, ppkey, NULL, NULL, NULL); 72 } 73 #endif 74 75 #ifndef OPENSSL_NO_ENGINE 76 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) 77 { 78 if (!ENGINE_init(e)) { 79 ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB); 80 return 0; 81 } 82 if (!ENGINE_get_ssl_client_cert_function(e)) { 83 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD); 84 ENGINE_finish(e); 85 return 0; 86 } 87 ctx->client_cert_engine = e; 88 return 1; 89 } 90 #endif 91 92 /* 93 * The HMAC APIs below are only used to support the deprecated public API 94 * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback 95 * takes an HMAC_CTX in its argument list. The preferred alternative is 96 * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once 97 * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also 98 * be removed. 99 */ 100 #ifndef OPENSSL_NO_DEPRECATED_3_0 101 int ssl_hmac_old_new(SSL_HMAC *ret) 102 { 103 ret->old_ctx = HMAC_CTX_new(); 104 if (ret->old_ctx == NULL) 105 return 0; 106 107 return 1; 108 } 109 110 void ssl_hmac_old_free(SSL_HMAC *ctx) 111 { 112 HMAC_CTX_free(ctx->old_ctx); 113 } 114 115 int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md) 116 { 117 return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL); 118 } 119 120 int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len) 121 { 122 return HMAC_Update(ctx->old_ctx, data, len); 123 } 124 125 int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len) 126 { 127 unsigned int l; 128 129 if (HMAC_Final(ctx->old_ctx, md, &l) > 0) { 130 if (len != NULL) 131 *len = l; 132 return 1; 133 } 134 135 return 0; 136 } 137 138 size_t ssl_hmac_old_size(const SSL_HMAC *ctx) 139 { 140 return HMAC_size(ctx->old_ctx); 141 } 142 143 HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx) 144 { 145 return ctx->old_ctx; 146 } 147 148 /* Some deprecated public APIs pass DH objects */ 149 EVP_PKEY *ssl_dh_to_pkey(DH *dh) 150 { 151 # ifndef OPENSSL_NO_DH 152 EVP_PKEY *ret; 153 154 if (dh == NULL) 155 return NULL; 156 ret = EVP_PKEY_new(); 157 if (EVP_PKEY_set1_DH(ret, dh) <= 0) { 158 EVP_PKEY_free(ret); 159 return NULL; 160 } 161 return ret; 162 # else 163 return NULL; 164 # endif 165 } 166 167 /* Some deprecated public APIs pass EC_KEY objects */ 168 int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, 169 void *key) 170 { 171 # ifndef OPENSSL_NO_EC 172 const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key); 173 int nid; 174 175 if (group == NULL) { 176 ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS); 177 return 0; 178 } 179 nid = EC_GROUP_get_curve_name(group); 180 if (nid == NID_undef) 181 return 0; 182 return tls1_set_groups(pext, pextlen, &nid, 1); 183 # else 184 return 0; 185 # endif 186 } 187 188 /* 189 * Set the callback for generating temporary DH keys. 190 * ctx: the SSL context. 191 * dh: the callback 192 */ 193 # if !defined(OPENSSL_NO_DH) 194 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 195 DH *(*dh) (SSL *ssl, int is_export, 196 int keylength)) 197 { 198 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); 199 } 200 201 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, 202 int keylength)) 203 { 204 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); 205 } 206 # endif 207 #endif /* OPENSSL_NO_DEPRECATED */ 208
Indexes created Sat Feb 28 05:31:39 UTC 2026