/src/openssl32/ssl/tls_depr.c

Source (jump to first uncovered line)
/*
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* We need to use some engine and HMAC deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED

#include <openssl/engine.h>
#include "ssl_local.h"

/*
 * Engine APIs are only used to support applications that still use ENGINEs.
 * Once ENGINE is removed completely, all of this code can also be removed.
 */

#ifndef OPENSSL_NO_ENGINE
void tls_engine_finish(ENGINE *e)
{
    ENGINE_finish(e);
}
#endif

const EVP_CIPHER *tls_get_cipher_from_engine(int nid)
{
    const EVP_CIPHER *ret = NULL;
#ifndef OPENSSL_NO_ENGINE
    ENGINE *eng;

    /*
     * If there is an Engine available for this cipher we use the "implicit"
     * form to ensure we use that engine later.
     */
    eng = ENGINE_get_cipher_engine(nid);
    if (eng != NULL) {
        ret = ENGINE_get_cipher(eng, nid);
        ENGINE_finish(eng);
    }
#endif
    return ret;
}

const EVP_MD *tls_get_digest_from_engine(int nid)
{
    const EVP_MD *ret = NULL;
#ifndef OPENSSL_NO_ENGINE
    ENGINE *eng;

    /*
     * If there is an Engine available for this digest we use the "implicit"
     * form to ensure we use that engine later.
     */
    eng = ENGINE_get_digest_engine(nid);
    if (eng != NULL) {
        ret = ENGINE_get_digest(eng, nid);
        ENGINE_finish(eng);
    }
#endif
    return ret;
}

#ifndef OPENSSL_NO_ENGINE
int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,
                                    EVP_PKEY **ppkey)
{
    SSL *ssl = SSL_CONNECTION_GET_SSL(s);

    return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s)->client_cert_engine,
                                       ssl,
                                       SSL_get_client_CA_list(ssl),
                                       px509, ppkey, NULL, NULL, NULL);
}
#endif

#ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
{
    if (!ENGINE_init(e)) {
        ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB);
        return 0;
    }
    if (!ENGINE_get_ssl_client_cert_function(e)) {
        ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD);
        ENGINE_finish(e);
        return 0;
    }
    ctx->client_cert_engine = e;
    return 1;
}
#endif

/*
 * The HMAC APIs below are only used to support the deprecated public API
 * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
 * takes an HMAC_CTX in its argument list. The preferred alternative is
 * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once
 * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also
 * be removed.
 */
#ifndef OPENSSL_NO_DEPRECATED_3_0
int ssl_hmac_old_new(SSL_HMAC *ret)
{
    ret->old_ctx = HMAC_CTX_new();
    if (ret->old_ctx == NULL)
        return 0;

    return 1;
}

void ssl_hmac_old_free(SSL_HMAC *ctx)
{
    HMAC_CTX_free(ctx->old_ctx);
}

int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md)
{
    return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL);
}

int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len)
{
    return HMAC_Update(ctx->old_ctx, data, len);
}

int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len)
{
    unsigned int l;

    if (HMAC_Final(ctx->old_ctx, md, &l) > 0) {
        if (len != NULL)
            *len = l;
        return 1;
    }

    return 0;
}

size_t ssl_hmac_old_size(const SSL_HMAC *ctx)
{
    return HMAC_size(ctx->old_ctx);
}

HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx)
{
    return ctx->old_ctx;
}

/* Some deprecated public APIs pass DH objects */
EVP_PKEY *ssl_dh_to_pkey(DH *dh)
{
# ifndef OPENSSL_NO_DH
    EVP_PKEY *ret;

    if (dh == NULL)
        return NULL;
    ret = EVP_PKEY_new();
    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
        EVP_PKEY_free(ret);
        return NULL;
    }
    return ret;
# else
    return NULL;
# endif
}

/* Some deprecated public APIs pass EC_KEY objects */
int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
                            void *key)
{
#  ifndef OPENSSL_NO_EC
    const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
    int nid;

    if (group == NULL) {
        ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
        return 0;
    }
    nid = EC_GROUP_get_curve_name(group);
    if (nid == NID_undef)
        return 0;
    return tls1_set_groups(pext, pextlen, &nid, 1);
#  else
    return 0;
#  endif
}

/*
 * Set the callback for generating temporary DH keys.
 * ctx: the SSL context.
 * dh: the callback
 */
# if !defined(OPENSSL_NO_DH)
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
                                 DH *(*dh) (SSL *ssl, int is_export,
                                            int keylength))
{
    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
}

void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
                                                  int keylength))
{
    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
}
# endif
#endif /* OPENSSL_NO_DEPRECATED */

Coverage Report

Created: 2025-06-13 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/* We need to use some engine and HMAC deprecated APIs */
11		#define OPENSSL_SUPPRESS_DEPRECATED
12
13		#include <openssl/engine.h>
14		#include "ssl_local.h"
15
16		/*
17		* Engine APIs are only used to support applications that still use ENGINEs.
18		* Once ENGINE is removed completely, all of this code can also be removed.
19		*/
20
21		#ifndef OPENSSL_NO_ENGINE
22		void tls_engine_finish(ENGINE *e)
23	634k	{
24	634k	ENGINE_finish(e);
25	634k	}
26		#endif
27
28		const EVP_CIPHER *tls_get_cipher_from_engine(int nid)
29	1.82M	{
30	1.82M	const EVP_CIPHER *ret = NULL;
31	1.82M	#ifndef OPENSSL_NO_ENGINE
32	1.82M	ENGINE *eng;
33
34		/*
35		* If there is an Engine available for this cipher we use the "implicit"
36		* form to ensure we use that engine later.
37		*/
38	1.82M	eng = ENGINE_get_cipher_engine(nid);
39	1.82M	if (eng != NULL) {
40	0	ret = ENGINE_get_cipher(eng, nid);
41	0	ENGINE_finish(eng);
42	0	}
43	1.82M	#endif
44	1.82M	return ret;
45	1.82M	}
46
47		const EVP_MD *tls_get_digest_from_engine(int nid)
48	1.27M	{
49	1.27M	const EVP_MD *ret = NULL;
50	1.27M	#ifndef OPENSSL_NO_ENGINE
51	1.27M	ENGINE *eng;
52
53		/*
54		* If there is an Engine available for this digest we use the "implicit"
55		* form to ensure we use that engine later.
56		*/
57	1.27M	eng = ENGINE_get_digest_engine(nid);
58	1.27M	if (eng != NULL) {
59	0	ret = ENGINE_get_digest(eng, nid);
60	0	ENGINE_finish(eng);
61	0	}
62	1.27M	#endif
63	1.27M	return ret;
64	1.27M	}
65
66		#ifndef OPENSSL_NO_ENGINE
67		int tls_engine_load_ssl_client_cert(SSL_CONNECTION s, X509 *px509,
68		EVP_PKEY **ppkey)
69	0	{
70	0	SSL *ssl = SSL_CONNECTION_GET_SSL(s);
71
72	0	return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s)->client_cert_engine,
73	0	ssl,
74	0	SSL_get_client_CA_list(ssl),
75	0	px509, ppkey, NULL, NULL, NULL);
76	0	}
77		#endif
78
79		#ifndef OPENSSL_NO_ENGINE
80		int SSL_CTX_set_client_cert_engine(SSL_CTX ctx, ENGINE e)
81	0	{
82	0	if (!ENGINE_init(e)) {
83	0	ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB);
84	0	return 0;
85	0	}
86	0	if (!ENGINE_get_ssl_client_cert_function(e)) {
87	0	ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD);
88	0	ENGINE_finish(e);
89	0	return 0;
90	0	}
91	0	ctx->client_cert_engine = e;
92	0	return 1;
93	0	}
94		#endif
95
96		/*
97		* The HMAC APIs below are only used to support the deprecated public API
98		* macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
99		* takes an HMAC_CTX in its argument list. The preferred alternative is
100		* SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once
101		* SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also
102		* be removed.
103		*/
104		#ifndef OPENSSL_NO_DEPRECATED_3_0
105		int ssl_hmac_old_new(SSL_HMAC *ret)
106	0	{
107	0	ret->old_ctx = HMAC_CTX_new();
108	0	if (ret->old_ctx == NULL)
109	0	return 0;
110
111	0	return 1;
112	0	}
113
114		void ssl_hmac_old_free(SSL_HMAC *ctx)
115	1.20k	{
116	1.20k	HMAC_CTX_free(ctx->old_ctx);
117	1.20k	}
118
119		int ssl_hmac_old_init(SSL_HMAC ctx, void key, size_t len, char *md)
120	0	{
121	0	return HMAC_Init_ex(ctx->old_ctx, key, len, EVP_get_digestbyname(md), NULL);
122	0	}
123
124		int ssl_hmac_old_update(SSL_HMAC ctx, const unsigned char data, size_t len)
125	0	{
126	0	return HMAC_Update(ctx->old_ctx, data, len);
127	0	}
128
129		int ssl_hmac_old_final(SSL_HMAC ctx, unsigned char md, size_t *len)
130	0	{
131	0	unsigned int l;
132
133	0	if (HMAC_Final(ctx->old_ctx, md, &l) > 0) {
134	0	if (len != NULL)
135	0	*len = l;
136	0	return 1;
137	0	}
138
139	0	return 0;
140	0	}
141
142		size_t ssl_hmac_old_size(const SSL_HMAC *ctx)
143	0	{
144	0	return HMAC_size(ctx->old_ctx);
145	0	}
146
147		HMAC_CTX ssl_hmac_get0_HMAC_CTX(SSL_HMAC ctx)
148	0	{
149	0	return ctx->old_ctx;
150	0	}
151
152		/* Some deprecated public APIs pass DH objects */
153		EVP_PKEY ssl_dh_to_pkey(DH dh)
154	0	{
155	0	# ifndef OPENSSL_NO_DH
156	0	EVP_PKEY *ret;
157
158	0	if (dh == NULL)
159	0	return NULL;
160	0	ret = EVP_PKEY_new();
161	0	if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
162	0	EVP_PKEY_free(ret);
163	0	return NULL;
164	0	}
165	0	return ret;
166		# else
167		return NULL;
168		# endif
169	0	}
170
171		/* Some deprecated public APIs pass EC_KEY objects */
172		int ssl_set_tmp_ecdh_groups(uint16_t *pext, size_t pextlen,
173		void *key)
174	0	{
175	0	# ifndef OPENSSL_NO_EC
176	0	const EC_GROUP group = EC_KEY_get0_group((const EC_KEY )key);
177	0	int nid;
178
179	0	if (group == NULL) {
180	0	ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
181	0	return 0;
182	0	}
183	0	nid = EC_GROUP_get_curve_name(group);
184	0	if (nid == NID_undef)
185	0	return 0;
186	0	return tls1_set_groups(pext, pextlen, &nid, 1);
187		# else
188		return 0;
189		# endif
190	0	}
191
192		/*
193		* Set the callback for generating temporary DH keys.
194		* ctx: the SSL context.
195		* dh: the callback
196		*/
197		# if !defined(OPENSSL_NO_DH)
198		void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
199		DH (dh) (SSL *ssl, int is_export,
200		int keylength))
201	0	{
202	0	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
203	0	}
204
205		void SSL_set_tmp_dh_callback(SSL ssl, DH (dh) (SSL ssl, int is_export,
206		int keylength))
207	0	{
208	0	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
209	0	}
210		# endif
211		#endif /* OPENSSL_NO_DEPRECATED */