/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
const EVP_CIPHER *tls_get_cipher_from_engine(int nid)
{
+ const EVP_CIPHER *ret = NULL;
#ifndef OPENSSL_NO_ENGINE
ENGINE *eng;
*/
eng = ENGINE_get_cipher_engine(nid);
if (eng != NULL) {
+ ret = ENGINE_get_cipher(eng, nid);
ENGINE_finish(eng);
- return EVP_get_cipherbynid(nid);
}
#endif
- return NULL;
+ return ret;
}
const EVP_MD *tls_get_digest_from_engine(int nid)
{
+ const EVP_MD *ret = NULL;
#ifndef OPENSSL_NO_ENGINE
ENGINE *eng;
*/
eng = ENGINE_get_digest_engine(nid);
if (eng != NULL) {
+ ret = ENGINE_get_digest(eng, nid);
ENGINE_finish(eng);
- return EVP_get_digestbynid(nid);
}
#endif
- return NULL;
+ return ret;
}
#ifndef OPENSSL_NO_ENGINE
-int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,
+ EVP_PKEY **ppkey)
{
- return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
- SSL_get_client_CA_list(s),
+ SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+
+ return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s)->client_cert_engine,
+ ssl,
+ SSL_get_client_CA_list(ssl),
px509, ppkey, NULL, NULL, NULL);
}
#endif
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
{
if (!ENGINE_init(e)) {
- SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+ ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB);
return 0;
}
if (!ENGINE_get_ssl_client_cert_function(e)) {
- SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
- SSL_R_NO_CLIENT_CERT_METHOD);
+ ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD);
ENGINE_finish(e);
return 0;
}
{
return ctx->old_ctx;
}
-#endif
+/* Some deprecated public APIs pass DH objects */
+EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+{
+# ifndef OPENSSL_NO_DH
+ EVP_PKEY *ret;
+
+ if (dh == NULL)
+ return NULL;
+ ret = EVP_PKEY_new();
+ if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
+ EVP_PKEY_free(ret);
+ return NULL;
+ }
+ return ret;
+# else
+ return NULL;
+# endif
+}
+
+/* Some deprecated public APIs pass EC_KEY objects */
+int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+ void *key)
+{
+# ifndef OPENSSL_NO_EC
+ const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
+ int nid;
+
+ if (group == NULL) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
+ return 0;
+ }
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_groups(pext, pextlen, &nid, 1);
+# else
+ return 0;
+# endif
+}
+
+/*
+ * Set the callback for generating temporary DH keys.
+ * ctx: the SSL context.
+ * dh: the callback
+ */
+# if !defined(OPENSSL_NO_DH)
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+
+void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+# endif
+#endif /* OPENSSL_NO_DEPRECATED */
projects / openssl.git / blobdiff