tls_depr.c 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
  1. /*
  2. * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine and HMAC deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include <openssl/engine.h>
  12. #include "ssl_local.h"
  13. /*
  14. * Engine APIs are only used to support applications that still use ENGINEs.
  15. * Once ENGINE is removed completely, all of this code can also be removed.
  16. */
  17. #ifndef OPENSSL_NO_ENGINE
  18. void tls_engine_finish(ENGINE *e)
  19. {
  20. ENGINE_finish(e);
  21. }
  22. #endif
  23. const EVP_CIPHER *tls_get_cipher_from_engine(int nid)
  24. {
  25. #ifndef OPENSSL_NO_ENGINE
  26. ENGINE *eng;
  27. /*
  28. * If there is an Engine available for this cipher we use the "implicit"
  29. * form to ensure we use that engine later.
  30. */
  31. eng = ENGINE_get_cipher_engine(nid);
  32. if (eng != NULL) {
  33. ENGINE_finish(eng);
  34. return EVP_get_cipherbynid(nid);
  35. }
  36. #endif
  37. return NULL;
  38. }
  39. const EVP_MD *tls_get_digest_from_engine(int nid)
  40. {
  41. #ifndef OPENSSL_NO_ENGINE
  42. ENGINE *eng;
  43. /*
  44. * If there is an Engine available for this digest we use the "implicit"
  45. * form to ensure we use that engine later.
  46. */
  47. eng = ENGINE_get_digest_engine(nid);
  48. if (eng != NULL) {
  49. ENGINE_finish(eng);
  50. return EVP_get_digestbynid(nid);
  51. }
  52. #endif
  53. return NULL;
  54. }
  55. #ifndef OPENSSL_NO_ENGINE
  56. int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey)
  57. {
  58. return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
  59. SSL_get_client_CA_list(s),
  60. px509, ppkey, NULL, NULL, NULL);
  61. }
  62. #endif
  63. #ifndef OPENSSL_NO_ENGINE
  64. int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
  65. {
  66. if (!ENGINE_init(e)) {
  67. ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB);
  68. return 0;
  69. }
  70. if (!ENGINE_get_ssl_client_cert_function(e)) {
  71. ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD);
  72. ENGINE_finish(e);
  73. return 0;
  74. }
  75. ctx->client_cert_engine = e;
  76. return 1;
  77. }
  78. #endif
  79. /*
  80. * The HMAC APIs below are only used to support the deprecated public API
  81. * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
  82. * takes an HMAC_CTX in its argument list. The preferred alternative is
  83. * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once
  84. * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also
  85. * be removed.
  86. */
  87. #ifndef OPENSSL_NO_DEPRECATED_3_0
  88. int ssl_hmac_old_new(SSL_HMAC *ret)
  89. {
  90. ret->old_ctx = HMAC_CTX_new();
  91. if (ret->old_ctx == NULL)
  92. return 0;
  93. return 1;
  94. }
  95. void ssl_hmac_old_free(SSL_HMAC *ctx)
  96. {
  97. HMAC_CTX_free(ctx->old_ctx);
  98. }
  99. int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md)
  100. {
  101. return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL);
  102. }
  103. int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len)
  104. {
  105. return HMAC_Update(ctx->old_ctx, data, len);
  106. }
  107. int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len)
  108. {
  109. unsigned int l;
  110. if (HMAC_Final(ctx->old_ctx, md, &l) > 0) {
  111. if (len != NULL)
  112. *len = l;
  113. return 1;
  114. }
  115. return 0;
  116. }
  117. size_t ssl_hmac_old_size(const SSL_HMAC *ctx)
  118. {
  119. return HMAC_size(ctx->old_ctx);
  120. }
  121. HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx)
  122. {
  123. return ctx->old_ctx;
  124. }
  125. /* Some deprecated public APIs pass DH objects */
  126. EVP_PKEY *ssl_dh_to_pkey(DH *dh)
  127. {
  128. # ifndef OPENSSL_NO_DH
  129. EVP_PKEY *ret;
  130. if (dh == NULL)
  131. return NULL;
  132. ret = EVP_PKEY_new();
  133. if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
  134. EVP_PKEY_free(ret);
  135. return NULL;
  136. }
  137. return ret;
  138. # else
  139. return NULL;
  140. # endif
  141. }
  142. /* Some deprecated public APIs pass EC_KEY objects */
  143. int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
  144. void *key)
  145. {
  146. # ifndef OPENSSL_NO_EC
  147. const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
  148. int nid;
  149. if (group == NULL) {
  150. ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
  151. return 0;
  152. }
  153. nid = EC_GROUP_get_curve_name(group);
  154. if (nid == NID_undef)
  155. return 0;
  156. return tls1_set_groups(pext, pextlen, &nid, 1);
  157. # else
  158. return 0;
  159. # endif
  160. }
  161. /*
  162. * Set the callback for generating temporary DH keys.
  163. * ctx: the SSL context.
  164. * dh: the callback
  165. */
  166. # if !defined(OPENSSL_NO_DH)
  167. void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
  168. DH *(*dh) (SSL *ssl, int is_export,
  169. int keylength))
  170. {
  171. SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
  172. }
  173. void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
  174. int keylength))
  175. {
  176. SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
  177. }
  178. # endif
  179. #endif /* OPENSSL_NO_DEPRECATED */