Introduce SSL_CTX_new_with_libex()

author Matt Caswell <matt@openssl.org>

Thu, 16 Jan 2020 12:13:09 +0000 (12:13 +0000)

committer Matt Caswell <matt@openssl.org>

Wed, 22 Jan 2020 10:47:12 +0000 (10:47 +0000)
author Matt Caswell <matt@openssl.org>
Thu, 16 Jan 2020 12:13:09 +0000 (12:13 +0000)
committer Matt Caswell <matt@openssl.org>
Wed, 22 Jan 2020 10:47:12 +0000 (10:47 +0000)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h

index 972e2ef82726b8291032a0a59819921893753ff5..3b52f864125cb0765333631f6eb066d7cc167f98 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1524,6 +1524,8 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
  
  __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
  __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+__owur SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
+                                        const SSL_METHOD *meth);
  int SSL_CTX_up_ref(SSL_CTX *ctx);
  void SSL_CTX_free(SSL_CTX *);
  __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 74161b0cb7069cea6bc64a3514ecb4905b868aea..384c28e76b83aa196f274b317acf29bfa26ecc36 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3032,12 +3032,13 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
   * via ssl.h.
   */
  
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
+                                 const SSL_METHOD *meth)
  {
      SSL_CTX *ret = NULL;
  
      if (meth == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
+        SSLerr(0, SSL_R_NULL_SSL_METHOD_PASSED);
          return NULL;
      }
  
@@ -3045,13 +3046,20 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
          return NULL;
  
      if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+        SSLerr(0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
          goto err;
      }
      ret = OPENSSL_zalloc(sizeof(*ret));
      if (ret == NULL)
          goto err;
  
+    ret->libctx = libctx;
+    if (propq != NULL) {
+        ret->propq = OPENSSL_strdup(propq);
+        if (ret->propq == NULL)
+            goto err;
+    }
+
      ret->method = meth;
      ret->min_proto_version = 0;
      ret->max_proto_version = 0;
@@ -3063,7 +3071,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
      ret->references = 1;
      ret->lock = CRYPTO_THREAD_lock_new();
      if (ret->lock == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        SSLerr(0, ERR_R_MALLOC_FAILURE);
          OPENSSL_free(ret);
          return NULL;
      }
@@ -3092,7 +3100,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
                                  &ret->cipher_list, &ret->cipher_list_by_id,
                                  OSSL_default_cipher_list(), ret->cert)
          || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+        SSLerr(0, SSL_R_LIBRARY_HAS_NO_CIPHERS);
          goto err2;
      }
  
@@ -3101,11 +3109,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
          goto err;
  
      if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+        SSLerr(0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
          goto err2;
      }
      if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+        SSLerr(0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
          goto err2;
      }
  
@@ -3215,12 +3223,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
  
      return ret;
   err:
-    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+    SSLerr(0, ERR_R_MALLOC_FAILURE);
   err2:
      SSL_CTX_free(ret);
      return NULL;
  }
  
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+{
+    return SSL_CTX_new_with_libctx(NULL, NULL, meth);
+}
+
  int SSL_CTX_up_ref(SSL_CTX *ctx)
  {
      int i;
@@ -3294,6 +3307,8 @@ void SSL_CTX_free(SSL_CTX *a)
  
      CRYPTO_THREAD_lock_free(a->lock);
  
+    OPENSSL_free(a->propq);
+
      OPENSSL_free(a);
  }
  
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h

index c6f0af7922487358664b5a919a6d088ba330af7f..14515cadfe336a4a07395df46e22418e91f48047 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -738,6 +738,8 @@ typedef struct ssl_ctx_ext_secure_st {
  } SSL_CTX_EXT_SECURE;
  
  struct ssl_ctx_st {
+    OPENSSL_CTX *libctx;
+
      const SSL_METHOD *method;
      STACK_OF(SSL_CIPHER) *cipher_list;
      /* same as above but sorted for lookup */
@@ -1073,6 +1075,8 @@ struct ssl_ctx_st {
      /* Callback for SSL async handling */
      SSL_async_callback_fn async_cb;
      void *async_cb_arg;
+
+    char *propq;
  };
  
  typedef struct cert_pkey_st CERT_PKEY;
diff --git a/util/libssl.num b/util/libssl.num

index f24cdd7834a4d1a35748eaf445f2705a2e439e93..29d8af6258fbaac4ab7ecc2e18b95412c6d4faf1 100644 (file)
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -511,3 +511,4 @@ SSL_CTX_set_default_verify_store        ?   3_0_0   EXIST::FUNCTION:
  SSL_CTX_load_verify_file                ?      3_0_0   EXIST::FUNCTION:
  SSL_CTX_load_verify_dir                 ?      3_0_0   EXIST::FUNCTION:
  SSL_CTX_load_verify_store               ?      3_0_0   EXIST::FUNCTION:
+SSL_CTX_new_with_libctx                 ?      3_0_0   EXIST::FUNCTION:
author	Matt Caswell <matt@openssl.org>
	Thu, 16 Jan 2020 12:13:09 +0000 (12:13 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 22 Jan 2020 10:47:12 +0000 (10:47 +0000)
include/openssl/ssl.h		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
ssl/ssl_local.h		patch \| blob \| history
util/libssl.num		patch \| blob \| history