/src/openssl/ssl/tls_depr.c

Source
/*
 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* We need to use some HMAC deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED

#include "ssl_local.h"
#include "internal/ssl_unwrap.h"

/*
 * The HMAC APIs below are only used to support the deprecated public API
 * macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
 * takes an HMAC_CTX in its argument list. The preferred alternative is
 * SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once
 * SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also
 * be removed.
 */
#ifndef OPENSSL_NO_DEPRECATED_3_0
int ssl_hmac_old_new(SSL_HMAC *ret)
{
    ret->old_ctx = HMAC_CTX_new();
    if (ret->old_ctx == NULL)
        return 0;

    return 1;
}

void ssl_hmac_old_free(SSL_HMAC *ctx)
{
    HMAC_CTX_free(ctx->old_ctx);
}

int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md)
{
    return HMAC_Init_ex(ctx->old_ctx, key, (int)len, EVP_get_digestbyname(md), NULL);
}

int ssl_hmac_old_update(SSL_HMAC *ctx, const unsigned char *data, size_t len)
{
    return HMAC_Update(ctx->old_ctx, data, len);
}

int ssl_hmac_old_final(SSL_HMAC *ctx, unsigned char *md, size_t *len)
{
    unsigned int l;

    if (HMAC_Final(ctx->old_ctx, md, &l) > 0) {
        if (len != NULL)
            *len = l;
        return 1;
    }

    return 0;
}

size_t ssl_hmac_old_size(const SSL_HMAC *ctx)
{
    return HMAC_size(ctx->old_ctx);
}

HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx)
{
    return ctx->old_ctx;
}

/* Some deprecated public APIs pass DH objects */
EVP_PKEY *ssl_dh_to_pkey(DH *dh)
{
# ifndef OPENSSL_NO_DH
    EVP_PKEY *ret;

    if (dh == NULL)
        return NULL;
    ret = EVP_PKEY_new();
    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
        EVP_PKEY_free(ret);
        return NULL;
    }
    return ret;
# else
    return NULL;
# endif
}

/* Some deprecated public APIs pass EC_KEY objects */
int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
                            uint16_t **ksext, size_t *ksextlen,
                            size_t **tplext, size_t *tplextlen,
                            void *key)
{
# ifndef OPENSSL_NO_EC
    const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
    int nid;

    if (group == NULL) {
        ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
        return 0;
    }
    nid = EC_GROUP_get_curve_name(group);
    if (nid == NID_undef)
        return 0;
    return tls1_set_groups(pext, pextlen,
                           ksext, ksextlen,
                           tplext, tplextlen,
                           &nid, 1);
# else
    return 0;
# endif
}

/*
 * Set the callback for generating temporary DH keys.
 * ctx: the SSL context.
 * dh: the callback
 */
# if !defined(OPENSSL_NO_DH)
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
                                 DH *(*dh) (SSL *ssl, int is_export,
                                            int keylength))
{
    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
}

void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
                                                  int keylength))
{
    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
}
# endif
#endif /* OPENSSL_NO_DEPRECATED */

Line	Count	Source
1		/*
2		* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/* We need to use some HMAC deprecated APIs */
11		#define OPENSSL_SUPPRESS_DEPRECATED
12
13		#include "ssl_local.h"
14		#include "internal/ssl_unwrap.h"
15
16		/*
17		* The HMAC APIs below are only used to support the deprecated public API
18		* macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
19		* takes an HMAC_CTX in its argument list. The preferred alternative is
20		* SSL_CTX_set_tlsext_ticket_key_evp_cb(). Once
21		* SSL_CTX_set_tlsext_ticket_key_cb() is removed, then all of this code can also
22		* be removed.
23		*/
24		#ifndef OPENSSL_NO_DEPRECATED_3_0
25		int ssl_hmac_old_new(SSL_HMAC *ret)
26	0	{
27	0	ret->old_ctx = HMAC_CTX_new();
28	0	if (ret->old_ctx == NULL)
29	0	return 0;
30
31	0	return 1;
32	0	}
33
34		void ssl_hmac_old_free(SSL_HMAC *ctx)
35	0	{
36	0	HMAC_CTX_free(ctx->old_ctx);
37	0	}
38
39		int ssl_hmac_old_init(SSL_HMAC ctx, void key, size_t len, char *md)
40	0	{
41	0	return HMAC_Init_ex(ctx->old_ctx, key, (int)len, EVP_get_digestbyname(md), NULL);
42	0	}
43
44		int ssl_hmac_old_update(SSL_HMAC ctx, const unsigned char data, size_t len)
45	0	{
46	0	return HMAC_Update(ctx->old_ctx, data, len);
47	0	}
48
49		int ssl_hmac_old_final(SSL_HMAC ctx, unsigned char md, size_t *len)
50	0	{
51	0	unsigned int l;
52
53	0	if (HMAC_Final(ctx->old_ctx, md, &l) > 0) {
54	0	if (len != NULL)
55	0	*len = l;
56	0	return 1;
57	0	}
58
59	0	return 0;
60	0	}
61
62		size_t ssl_hmac_old_size(const SSL_HMAC *ctx)
63	0	{
64	0	return HMAC_size(ctx->old_ctx);
65	0	}
66
67		HMAC_CTX ssl_hmac_get0_HMAC_CTX(SSL_HMAC ctx)
68	0	{
69	0	return ctx->old_ctx;
70	0	}
71
72		/* Some deprecated public APIs pass DH objects */
73		EVP_PKEY ssl_dh_to_pkey(DH dh)
74	0	{
75	0	# ifndef OPENSSL_NO_DH
76	0	EVP_PKEY *ret;
77
78	0	if (dh == NULL)
79	0	return NULL;
80	0	ret = EVP_PKEY_new();
81	0	if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
82	0	EVP_PKEY_free(ret);
83	0	return NULL;
84	0	}
85	0	return ret;
86		# else
87		return NULL;
88		# endif
89	0	}
90
91		/* Some deprecated public APIs pass EC_KEY objects */
92		int ssl_set_tmp_ecdh_groups(uint16_t *pext, size_t pextlen,
93		uint16_t *ksext, size_t ksextlen,
94		size_t *tplext, size_t tplextlen,
95		void *key)
96	0	{
97	0	# ifndef OPENSSL_NO_EC
98	0	const EC_GROUP group = EC_KEY_get0_group((const EC_KEY )key);
99	0	int nid;
100
101	0	if (group == NULL) {
102	0	ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
103	0	return 0;
104	0	}
105	0	nid = EC_GROUP_get_curve_name(group);
106	0	if (nid == NID_undef)
107	0	return 0;
108	0	return tls1_set_groups(pext, pextlen,
109	0	ksext, ksextlen,
110	0	tplext, tplextlen,
111	0	&nid, 1);
112		# else
113		return 0;
114		# endif
115	0	}
116
117		/*
118		* Set the callback for generating temporary DH keys.
119		* ctx: the SSL context.
120		* dh: the callback
121		*/
122		# if !defined(OPENSSL_NO_DH)
123		void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
124		DH (dh) (SSL *ssl, int is_export,
125		int keylength))
126	0	{
127	0	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
128	0	}
129
130		void SSL_set_tmp_dh_callback(SSL ssl, DH (dh) (SSL ssl, int is_export,
131		int keylength))
132	0	{
133	0	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
134	0	}
135		# endif
136		#endif /* OPENSSL_NO_DEPRECATED */

Coverage Report

Created: 2025-12-08 06:22