2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some engine and HMAC deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
13 #include <openssl/engine.h>
14 #include "ssl_local.h"
17 * Engine APIs are only used to support applications that still use ENGINEs.
18 * Once ENGINE is removed completely, all of this code can also be removed.
21 #ifndef OPENSSL_NO_ENGINE
22 void tls_engine_finish(ENGINE *e)
28 const EVP_CIPHER *tls_get_cipher_from_engine(int nid)
30 #ifndef OPENSSL_NO_ENGINE
34 * If there is an Engine available for this cipher we use the "implicit"
35 * form to ensure we use that engine later.
37 eng = ENGINE_get_cipher_engine(nid);
40 return EVP_get_cipherbynid(nid);
46 const EVP_MD *tls_get_digest_from_engine(int nid)
48 #ifndef OPENSSL_NO_ENGINE
52 * If there is an Engine available for this digest we use the "implicit"
53 * form to ensure we use that engine later.
55 eng = ENGINE_get_digest_engine(nid);
58 return EVP_get_digestbynid(nid);
64 #ifndef OPENSSL_NO_ENGINE
65 int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey)
67 return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
68 SSL_get_client_CA_list(s),
69 px509, ppkey, NULL, NULL, NULL);
73 #ifndef OPENSSL_NO_ENGINE
74 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
76 if (!ENGINE_init(e)) {
77 ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB);
80 if (!ENGINE_get_ssl_client_cert_function(e)) {
81 ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD);
85 ctx->client_cert_engine = e;
91 * The HMAC APIs below are only used to support the deprecated public API
92 * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
93 * takes an HMAC_CTX in its argument list. The preferred alternative is
94 * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once
95 * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also
98 #ifndef OPENSSL_NO_DEPRECATED_3_0
99 int ssl_hmac_old_new(SSL_HMAC *ret)
101 ret->old_ctx = HMAC_CTX_new();
102 if (ret->old_ctx == NULL)
108 void ssl_hmac_old_free(SSL_HMAC *ctx)
110 HMAC_CTX_free(ctx->old_ctx);
113 int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md)
115 return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL);
118 int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len)
120 return HMAC_Update(ctx->old_ctx, data, len);
123 int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len)
127 if (HMAC_Final(ctx->old_ctx, md, &l) > 0) {
136 size_t ssl_hmac_old_size(const SSL_HMAC *ctx)
138 return HMAC_size(ctx->old_ctx);
141 HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx)
146 /* Some deprecated public APIs pass DH objects */
147 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
149 # ifndef OPENSSL_NO_DH
154 ret = EVP_PKEY_new();
155 if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
165 /* Some deprecated public APIs pass EC_KEY objects */
166 int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
169 # ifndef OPENSSL_NO_EC
170 const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
174 ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
177 nid = EC_GROUP_get_curve_name(group);
178 if (nid == NID_undef)
180 return tls1_set_groups(pext, pextlen, &nid, 1);
187 * Set the callback for generating temporary DH keys.
188 * ctx: the SSL context.
191 # if !defined(OPENSSL_NO_DH)
192 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
193 DH *(*dh) (SSL *ssl, int is_export,
196 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
199 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
202 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
205 #endif /* OPENSSL_NO_DEPRECATED */