Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/ssl/tls_depr.c
48150 views
1
/*

2
 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
/* We need to use some engine and HMAC deprecated APIs */

11
#define OPENSSL_SUPPRESS_DEPRECATED

12


13
#include <openssl/engine.h>

14
#include "ssl_local.h"

15
#include "internal/ssl_unwrap.h"

16


17
/*

18
 * Engine APIs are only used to support applications that still use ENGINEs.

19
 * Once ENGINE is removed completely, all of this code can also be removed.

20
 */

21


22
#ifndef OPENSSL_NO_ENGINE

23
void tls_engine_finish(ENGINE *e)

24
{

25
    ENGINE_finish(e);

26
}

27
#endif

28


29
const EVP_CIPHER *tls_get_cipher_from_engine(int nid)

30
{

31
    const EVP_CIPHER *ret = NULL;

32
#ifndef OPENSSL_NO_ENGINE

33
    ENGINE *eng;

34


35
    /*

36
     * If there is an Engine available for this cipher we use the "implicit"

37
     * form to ensure we use that engine later.

38
     */

39
    eng = ENGINE_get_cipher_engine(nid);

40
    if (eng != NULL) {

41
        ret = ENGINE_get_cipher(eng, nid);

42
        ENGINE_finish(eng);

43
    }

44
#endif

45
    return ret;

46
}

47


48
const EVP_MD *tls_get_digest_from_engine(int nid)

49
{

50
    const EVP_MD *ret = NULL;

51
#ifndef OPENSSL_NO_ENGINE

52
    ENGINE *eng;

53


54
    /*

55
     * If there is an Engine available for this digest we use the "implicit"

56
     * form to ensure we use that engine later.

57
     */

58
    eng = ENGINE_get_digest_engine(nid);

59
    if (eng != NULL) {

60
        ret = ENGINE_get_digest(eng, nid);

61
        ENGINE_finish(eng);

62
    }

63
#endif

64
    return ret;

65
}

66


67
#ifndef OPENSSL_NO_ENGINE

68
int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,

69
                                    EVP_PKEY **ppkey)

70
{

71
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);

72


73
    return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s)->client_cert_engine,

74
                                       ssl,

75
                                       SSL_get_client_CA_list(ssl),

76
                                       px509, ppkey, NULL, NULL, NULL);

77
}

78
#endif

79


80
#ifndef OPENSSL_NO_ENGINE

81
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)

82
{

83
    if (!ENGINE_init(e)) {

84
        ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB);

85
        return 0;

86
    }

87
    if (!ENGINE_get_ssl_client_cert_function(e)) {

88
        ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD);

89
        ENGINE_finish(e);

90
        return 0;

91
    }

92
    ctx->client_cert_engine = e;

93
    return 1;

94
}

95
#endif

96


97
/*

98
 * The HMAC APIs below are only used to support the deprecated public API

99
 * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback

100
 * takes an HMAC_CTX in its argument list. The preferred alternative is

101
 * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once

102
 * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also

103
 * be removed.

104
 */

105
#ifndef OPENSSL_NO_DEPRECATED_3_0

106
int ssl_hmac_old_new(SSL_HMAC *ret)

107
{

108
    ret->old_ctx = HMAC_CTX_new();

109
    if (ret->old_ctx == NULL)

110
        return 0;

111


112
    return 1;

113
}

114


115
void ssl_hmac_old_free(SSL_HMAC *ctx)

116
{

117
    HMAC_CTX_free(ctx->old_ctx);

118
}

119


120
int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md)

121
{

122
    return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL);

123
}

124


125
int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len)

126
{

127
    return HMAC_Update(ctx->old_ctx, data, len);

128
}

129


130
int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len)

131
{

132
    unsigned int l;

133


134
    if (HMAC_Final(ctx->old_ctx, md, &l) > 0) {

135
        if (len != NULL)

136
            *len = l;

137
        return 1;

138
    }

139


140
    return 0;

141
}

142


143
size_t ssl_hmac_old_size(const SSL_HMAC *ctx)

144
{

145
    return HMAC_size(ctx->old_ctx);

146
}

147


148
HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx)

149
{

150
    return ctx->old_ctx;

151
}

152


153
/* Some deprecated public APIs pass DH objects */

154
EVP_PKEY *ssl_dh_to_pkey(DH *dh)

155
{

156
# ifndef OPENSSL_NO_DH

157
    EVP_PKEY *ret;

158


159
    if (dh == NULL)

160
        return NULL;

161
    ret = EVP_PKEY_new();

162
    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {

163
        EVP_PKEY_free(ret);

164
        return NULL;

165
    }

166
    return ret;

167
# else

168
    return NULL;

169
# endif

170
}

171


172
/* Some deprecated public APIs pass EC_KEY objects */

173
int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,

174
                            uint16_t **ksext, size_t *ksextlen,

175
                            size_t **tplext, size_t *tplextlen,

176
                            void *key)

177
{

178
# ifndef OPENSSL_NO_EC

179
    const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);

180
    int nid;

181


182
    if (group == NULL) {

183
        ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);

184
        return 0;

185
    }

186
    nid = EC_GROUP_get_curve_name(group);

187
    if (nid == NID_undef)

188
        return 0;

189
    return tls1_set_groups(pext, pextlen,

190
                           ksext, ksextlen,

191
                           tplext, tplextlen,

192
                           &nid, 1);

193
# else

194
    return 0;

195
# endif

196
}

197


198
/*

199
 * Set the callback for generating temporary DH keys.

200
 * ctx: the SSL context.

201
 * dh: the callback

202
 */

203
# if !defined(OPENSSL_NO_DH)

204
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,

205
                                 DH *(*dh) (SSL *ssl, int is_export,

206
                                            int keylength))

207
{

208
    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);

209
}

210


211
void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,

212
                                                  int keylength))

213
{

214
    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);

215
}

216
# endif

217
#endif /* OPENSSL_NO_DEPRECATED */

218


219