diff options
| author | Matt Caswell <matt@openssl.org> | 2020-10-14 10:45:21 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-10-16 14:47:21 +0100 |
| commit | 301fcb284328902842ff363e6ad3a4144dae928c (patch) | |
| tree | 9c52e47f60e995df7617188dcd7ae2c6ff5952ce /ssl/t1_lib.c | |
| parent | 192d4b9ca6d7603ace714f7a21111d35be311170 (diff) | |
Concentrate deprecated libssl API usage in one file
We create a new file ssl/tls_depr.c to contain functions that need to call
deprecated APIs in libssl. This enables us to remove
OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files.
The deprecated API usage is either related to ENGINEs and is needed to
continue to support applications that use such ENGINEs. Or they are needed
to support some deprecated public libssl APIs.
One other file remains in libssl that still uses deprecated APIs: s3_cbc.c
This is needed to support the deprecated SSLv3.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13135)
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 33 |
1 files changed, 7 insertions, 26 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8005f4ee32..1971a8e0bc 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -7,9 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* We need access to the deprecated low level HMAC APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - #include <stdio.h> #include <stdlib.h> #include <openssl/objects.h> @@ -3387,8 +3384,7 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) #ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->ext.ticket_key_evp_cb == NULL && ctx->ext.ticket_key_cb != NULL) { - ret->old_ctx = HMAC_CTX_new(); - if (ret->old_ctx == NULL) + if (!ssl_hmac_old_new(ret)) goto err; return ret; } @@ -3410,19 +3406,12 @@ void ssl_hmac_free(SSL_HMAC *ctx) if (ctx != NULL) { EVP_MAC_CTX_free(ctx->ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 - HMAC_CTX_free(ctx->old_ctx); + ssl_hmac_old_free(ctx); #endif OPENSSL_free(ctx); } } -#ifndef OPENSSL_NO_DEPRECATED_3_0 -HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx) -{ - return ctx->old_ctx; -} -#endif - EVP_MAC_CTX *ssl_hmac_get0_EVP_MAC_CTX(SSL_HMAC *ctx) { return ctx->ctx; @@ -3441,8 +3430,7 @@ int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md) } #ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->old_ctx != NULL) - return HMAC_Init_ex(ctx->old_ctx, key, len, - EVP_get_digestbyname(md), NULL); + return ssl_hmac_old_init(ctx, key, len, md); #endif return 0; } @@ -3453,7 +3441,7 @@ int ssl_hmac_update(SSL_HMAC *ctx, const unsigned char *data, size_t len) return EVP_MAC_update(ctx->ctx, data, len); #ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->old_ctx != NULL) - return HMAC_Update(ctx->old_ctx, data, len); + return ssl_hmac_old_update(ctx, data, len); #endif return 0; } @@ -3464,15 +3452,8 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len, if (ctx->ctx != NULL) return EVP_MAC_final(ctx->ctx, md, len, max_size); #ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->old_ctx != NULL) { - unsigned int l; - - if (HMAC_Final(ctx->old_ctx, md, &l) > 0) { - if (len != NULL) - *len = l; - return 1; - } - } + if (ctx->old_ctx != NULL) + return ssl_hmac_old_final(ctx, md, len); #endif return 0; } @@ -3483,7 +3464,7 @@ size_t ssl_hmac_size(const SSL_HMAC *ctx) return EVP_MAC_size(ctx->ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 if (ctx->old_ctx != NULL) - return HMAC_size(ctx->old_ctx); + return ssl_hmac_old_size(ctx); #endif return 0; } |