]>
Commit | Line | Data |
---|---|---|
301fcb28 | 1 | /* |
4333b89f | 2 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. |
301fcb28 MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* We need to use some engine and HMAC deprecated APIs */ | |
11 | #define OPENSSL_SUPPRESS_DEPRECATED | |
12 | ||
13 | #include <openssl/engine.h> | |
14 | #include "ssl_local.h" | |
15 | ||
16 | /* | |
17 | * Engine APIs are only used to support applications that still use ENGINEs. | |
18 | * Once ENGINE is removed completely, all of this code can also be removed. | |
19 | */ | |
20 | ||
21 | #ifndef OPENSSL_NO_ENGINE | |
22 | void tls_engine_finish(ENGINE *e) | |
23 | { | |
24 | ENGINE_finish(e); | |
25 | } | |
26 | #endif | |
27 | ||
28 | const EVP_CIPHER *tls_get_cipher_from_engine(int nid) | |
29 | { | |
30 | #ifndef OPENSSL_NO_ENGINE | |
31 | ENGINE *eng; | |
32 | ||
33 | /* | |
34 | * If there is an Engine available for this cipher we use the "implicit" | |
35 | * form to ensure we use that engine later. | |
36 | */ | |
37 | eng = ENGINE_get_cipher_engine(nid); | |
38 | if (eng != NULL) { | |
39 | ENGINE_finish(eng); | |
40 | return EVP_get_cipherbynid(nid); | |
41 | } | |
42 | #endif | |
43 | return NULL; | |
44 | } | |
45 | ||
46 | const EVP_MD *tls_get_digest_from_engine(int nid) | |
47 | { | |
48 | #ifndef OPENSSL_NO_ENGINE | |
49 | ENGINE *eng; | |
50 | ||
51 | /* | |
52 | * If there is an Engine available for this digest we use the "implicit" | |
53 | * form to ensure we use that engine later. | |
54 | */ | |
55 | eng = ENGINE_get_digest_engine(nid); | |
56 | if (eng != NULL) { | |
57 | ENGINE_finish(eng); | |
58 | return EVP_get_digestbynid(nid); | |
59 | } | |
60 | #endif | |
61 | return NULL; | |
62 | } | |
63 | ||
64 | #ifndef OPENSSL_NO_ENGINE | |
65 | int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey) | |
66 | { | |
67 | return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, | |
68 | SSL_get_client_CA_list(s), | |
69 | px509, ppkey, NULL, NULL, NULL); | |
70 | } | |
71 | #endif | |
72 | ||
73 | #ifndef OPENSSL_NO_ENGINE | |
74 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | |
75 | { | |
76 | if (!ENGINE_init(e)) { | |
6849b73c | 77 | ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB); |
301fcb28 MC |
78 | return 0; |
79 | } | |
80 | if (!ENGINE_get_ssl_client_cert_function(e)) { | |
6849b73c | 81 | ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD); |
301fcb28 MC |
82 | ENGINE_finish(e); |
83 | return 0; | |
84 | } | |
85 | ctx->client_cert_engine = e; | |
86 | return 1; | |
87 | } | |
88 | #endif | |
89 | ||
90 | /* | |
91 | * The HMAC APIs below are only used to support the deprecated public API | |
92 | * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback | |
93 | * takes an HMAC_CTX in its argument list. The preferred alternative is | |
94 | * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once | |
95 | * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also | |
96 | * be removed. | |
97 | */ | |
98 | #ifndef OPENSSL_NO_DEPRECATED_3_0 | |
99 | int ssl_hmac_old_new(SSL_HMAC *ret) | |
100 | { | |
101 | ret->old_ctx = HMAC_CTX_new(); | |
102 | if (ret->old_ctx == NULL) | |
103 | return 0; | |
104 | ||
105 | return 1; | |
106 | } | |
107 | ||
108 | void ssl_hmac_old_free(SSL_HMAC *ctx) | |
109 | { | |
110 | HMAC_CTX_free(ctx->old_ctx); | |
111 | } | |
112 | ||
113 | int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md) | |
114 | { | |
115 | return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL); | |
116 | } | |
117 | ||
118 | int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len) | |
119 | { | |
120 | return HMAC_Update(ctx->old_ctx, data, len); | |
121 | } | |
122 | ||
123 | int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len) | |
124 | { | |
125 | unsigned int l; | |
126 | ||
127 | if (HMAC_Final(ctx->old_ctx, md, &l) > 0) { | |
128 | if (len != NULL) | |
129 | *len = l; | |
130 | return 1; | |
131 | } | |
132 | ||
133 | return 0; | |
134 | } | |
135 | ||
136 | size_t ssl_hmac_old_size(const SSL_HMAC *ctx) | |
137 | { | |
138 | return HMAC_size(ctx->old_ctx); | |
139 | } | |
140 | ||
141 | HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx) | |
142 | { | |
143 | return ctx->old_ctx; | |
144 | } | |
1b2b4755 MC |
145 | |
146 | /* Some deprecated public APIs pass DH objects */ | |
1b2b4755 MC |
147 | EVP_PKEY *ssl_dh_to_pkey(DH *dh) |
148 | { | |
5b64ce89 | 149 | # ifndef OPENSSL_NO_DH |
1b2b4755 MC |
150 | EVP_PKEY *ret; |
151 | ||
152 | if (dh == NULL) | |
153 | return NULL; | |
154 | ret = EVP_PKEY_new(); | |
155 | if (EVP_PKEY_set1_DH(ret, dh) <= 0) { | |
156 | EVP_PKEY_free(ret); | |
157 | return NULL; | |
158 | } | |
159 | return ret; | |
5b64ce89 MC |
160 | # else |
161 | return NULL; | |
163f6dc1 | 162 | # endif |
5b64ce89 | 163 | } |
301fcb28 | 164 | |
5b5eea4b | 165 | /* Some deprecated public APIs pass EC_KEY objects */ |
0c8e98e6 TM |
166 | int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, |
167 | void *key) | |
5b5eea4b | 168 | { |
5b64ce89 | 169 | # ifndef OPENSSL_NO_EC |
0c8e98e6 TM |
170 | const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key); |
171 | int nid; | |
5b5eea4b | 172 | |
0c8e98e6 TM |
173 | if (group == NULL) { |
174 | ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS); | |
175 | return 0; | |
5b5eea4b | 176 | } |
0c8e98e6 TM |
177 | nid = EC_GROUP_get_curve_name(group); |
178 | if (nid == NID_undef) | |
179 | return 0; | |
180 | return tls1_set_groups(pext, pextlen, &nid, 1); | |
5b64ce89 MC |
181 | # else |
182 | return 0; | |
183 | # endif | |
184 | } | |
185 | ||
186 | /* | |
187 | * Set the callback for generating temporary DH keys. | |
188 | * ctx: the SSL context. | |
189 | * dh: the callback | |
190 | */ | |
191 | # if !defined(OPENSSL_NO_DH) | |
192 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, | |
193 | DH *(*dh) (SSL *ssl, int is_export, | |
194 | int keylength)) | |
195 | { | |
196 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); | |
197 | } | |
198 | ||
199 | void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, | |
200 | int keylength)) | |
201 | { | |
202 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); | |
5b5eea4b SL |
203 | } |
204 | # endif | |
5b64ce89 | 205 | #endif /* OPENSSL_NO_DEPRECATED */ |