2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some engine and HMAC deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
13 #include <openssl/engine.h>
14 #include "ssl_local.h"
17 * Engine APIs are only used to support applications that still use ENGINEs.
18 * Once ENGINE is removed completely, all of this code can also be removed.
21 #ifndef OPENSSL_NO_ENGINE
22 void tls_engine_finish(ENGINE
*e
)
28 const EVP_CIPHER
*tls_get_cipher_from_engine(int nid
)
30 const EVP_CIPHER
*ret
= NULL
;
31 #ifndef OPENSSL_NO_ENGINE
35 * If there is an Engine available for this cipher we use the "implicit"
36 * form to ensure we use that engine later.
38 eng
= ENGINE_get_cipher_engine(nid
);
40 ret
= ENGINE_get_cipher(eng
, nid
);
47 const EVP_MD
*tls_get_digest_from_engine(int nid
)
49 const EVP_MD
*ret
= NULL
;
50 #ifndef OPENSSL_NO_ENGINE
54 * If there is an Engine available for this digest we use the "implicit"
55 * form to ensure we use that engine later.
57 eng
= ENGINE_get_digest_engine(nid
);
59 ret
= ENGINE_get_digest(eng
, nid
);
66 #ifndef OPENSSL_NO_ENGINE
67 int tls_engine_load_ssl_client_cert(SSL_CONNECTION
*s
, X509
**px509
,
70 SSL
*ssl
= SSL_CONNECTION_GET_SSL(s
);
72 return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s
)->client_cert_engine
,
74 SSL_get_client_CA_list(ssl
),
75 px509
, ppkey
, NULL
, NULL
, NULL
);
79 #ifndef OPENSSL_NO_ENGINE
80 int SSL_CTX_set_client_cert_engine(SSL_CTX
*ctx
, ENGINE
*e
)
82 if (!ENGINE_init(e
)) {
83 ERR_raise(ERR_LIB_SSL
, ERR_R_ENGINE_LIB
);
86 if (!ENGINE_get_ssl_client_cert_function(e
)) {
87 ERR_raise(ERR_LIB_SSL
, SSL_R_NO_CLIENT_CERT_METHOD
);
91 ctx
->client_cert_engine
= e
;
97 * The HMAC APIs below are only used to support the deprecated public API
98 * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
99 * takes an HMAC_CTX in its argument list. The preferred alternative is
100 * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once
101 * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also
104 #ifndef OPENSSL_NO_DEPRECATED_3_0
105 int ssl_hmac_old_new(SSL_HMAC
*ret
)
107 ret
->old_ctx
= HMAC_CTX_new();
108 if (ret
->old_ctx
== NULL
)
114 void ssl_hmac_old_free(SSL_HMAC
*ctx
)
116 HMAC_CTX_free(ctx
->old_ctx
);
119 int ssl_hmac_old_init(SSL_HMAC
*ctx
, void *key
, size_t len
, char *md
)
121 return HMAC_Init_ex(ctx
->old_ctx
, key
, len
, EVP_get_digestbyname(md
), NULL
);
124 int ssl_hmac_old_update(SSL_HMAC
*ctx
, const unsigned char *data
, size_t len
)
126 return HMAC_Update(ctx
->old_ctx
, data
, len
);
129 int ssl_hmac_old_final(SSL_HMAC
*ctx
, unsigned char *md
, size_t *len
)
133 if (HMAC_Final(ctx
->old_ctx
, md
, &l
) > 0) {
142 size_t ssl_hmac_old_size(const SSL_HMAC
*ctx
)
144 return HMAC_size(ctx
->old_ctx
);
147 HMAC_CTX
*ssl_hmac_get0_HMAC_CTX(SSL_HMAC
*ctx
)
152 /* Some deprecated public APIs pass DH objects */
153 EVP_PKEY
*ssl_dh_to_pkey(DH
*dh
)
155 # ifndef OPENSSL_NO_DH
160 ret
= EVP_PKEY_new();
161 if (EVP_PKEY_set1_DH(ret
, dh
) <= 0) {
171 /* Some deprecated public APIs pass EC_KEY objects */
172 int ssl_set_tmp_ecdh_groups(uint16_t **pext
, size_t *pextlen
,
175 # ifndef OPENSSL_NO_EC
176 const EC_GROUP
*group
= EC_KEY_get0_group((const EC_KEY
*)key
);
180 ERR_raise(ERR_LIB_SSL
, SSL_R_MISSING_PARAMETERS
);
183 nid
= EC_GROUP_get_curve_name(group
);
184 if (nid
== NID_undef
)
186 return tls1_set_groups(pext
, pextlen
, &nid
, 1);
193 * Set the callback for generating temporary DH keys.
194 * ctx: the SSL context.
197 # if !defined(OPENSSL_NO_DH)
198 void SSL_CTX_set_tmp_dh_callback(SSL_CTX
*ctx
,
199 DH
*(*dh
) (SSL
*ssl
, int is_export
,
202 SSL_CTX_callback_ctrl(ctx
, SSL_CTRL_SET_TMP_DH_CB
, (void (*)(void))dh
);
205 void SSL_set_tmp_dh_callback(SSL
*ssl
, DH
*(*dh
) (SSL
*ssl
, int is_export
,
208 SSL_callback_ctrl(ssl
, SSL_CTRL_SET_TMP_DH_CB
, (void (*)(void))dh
);
211 #endif /* OPENSSL_NO_DEPRECATED */