]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/tls_depr.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Concentrate deprecated libssl API usage in one file
[thirdparty/openssl.git] / ssl / tls_depr.c
1 /*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some engine and HMAC deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <openssl/engine.h>
14 #include "ssl_local.h"
15
16 /*
17 * Engine APIs are only used to support applications that still use ENGINEs.
18 * Once ENGINE is removed completely, all of this code can also be removed.
19 */
20
21 #ifndef OPENSSL_NO_ENGINE
22 void tls_engine_finish(ENGINE *e)
23 {
24 ENGINE_finish(e);
25 }
26 #endif
27
28 const EVP_CIPHER *tls_get_cipher_from_engine(int nid)
29 {
30 #ifndef OPENSSL_NO_ENGINE
31 ENGINE *eng;
32
33 /*
34 * If there is an Engine available for this cipher we use the "implicit"
35 * form to ensure we use that engine later.
36 */
37 eng = ENGINE_get_cipher_engine(nid);
38 if (eng != NULL) {
39 ENGINE_finish(eng);
40 return EVP_get_cipherbynid(nid);
41 }
42 #endif
43 return NULL;
44 }
45
46 const EVP_MD *tls_get_digest_from_engine(int nid)
47 {
48 #ifndef OPENSSL_NO_ENGINE
49 ENGINE *eng;
50
51 /*
52 * If there is an Engine available for this digest we use the "implicit"
53 * form to ensure we use that engine later.
54 */
55 eng = ENGINE_get_digest_engine(nid);
56 if (eng != NULL) {
57 ENGINE_finish(eng);
58 return EVP_get_digestbynid(nid);
59 }
60 #endif
61 return NULL;
62 }
63
64 #ifndef OPENSSL_NO_ENGINE
65 int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey)
66 {
67 return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
68 SSL_get_client_CA_list(s),
69 px509, ppkey, NULL, NULL, NULL);
70 }
71 #endif
72
73 #ifndef OPENSSL_NO_ENGINE
74 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
75 {
76 if (!ENGINE_init(e)) {
77 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
78 return 0;
79 }
80 if (!ENGINE_get_ssl_client_cert_function(e)) {
81 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
82 SSL_R_NO_CLIENT_CERT_METHOD);
83 ENGINE_finish(e);
84 return 0;
85 }
86 ctx->client_cert_engine = e;
87 return 1;
88 }
89 #endif
90
91 /*
92 * The HMAC APIs below are only used to support the deprecated public API
93 * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
94 * takes an HMAC_CTX in its argument list. The preferred alternative is
95 * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once
96 * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also
97 * be removed.
98 */
99 #ifndef OPENSSL_NO_DEPRECATED_3_0
100 int ssl_hmac_old_new(SSL_HMAC *ret)
101 {
102 ret->old_ctx = HMAC_CTX_new();
103 if (ret->old_ctx == NULL)
104 return 0;
105
106 return 1;
107 }
108
109 void ssl_hmac_old_free(SSL_HMAC *ctx)
110 {
111 HMAC_CTX_free(ctx->old_ctx);
112 }
113
114 int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md)
115 {
116 return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL);
117 }
118
119 int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len)
120 {
121 return HMAC_Update(ctx->old_ctx, data, len);
122 }
123
124 int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len)
125 {
126 unsigned int l;
127
128 if (HMAC_Final(ctx->old_ctx, md, &l) > 0) {
129 if (len != NULL)
130 *len = l;
131 return 1;
132 }
133
134 return 0;
135 }
136
137 size_t ssl_hmac_old_size(const SSL_HMAC *ctx)
138 {
139 return HMAC_size(ctx->old_ctx);
140 }
141
142 HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx)
143 {
144 return ctx->old_ctx;
145 }
146 #endif
147
A mirror of the official openssl repository