diff options
| author | Matt Caswell <matt@openssl.org> | 2021-01-13 12:39:40 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-02-05 15:20:36 +0000 |
| commit | 5b64ce89b0859956387cda1d56718d2a5f09d928 (patch) | |
| tree | 842aef9e8c3f1b2b0d86ff75414ed475d6ec7125 /ssl/tls_depr.c | |
| parent | 9ca08f91e9817892c3545612a91d38687e593e14 (diff) | |
Remove OPENSSL_NO_DH guards from libssl
This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged
in via providers it is no longer needed to disable DH at compile time in
libssl. Instead it should detect at runtime whether DH is available from
the loaded providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Diffstat (limited to 'ssl/tls_depr.c')
| -rw-r--r-- | ssl/tls_depr.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c index 7ecb61e79c..0b21ff7669 100644 --- a/ssl/tls_depr.c +++ b/ssl/tls_depr.c @@ -144,9 +144,9 @@ HMAC_CTX *ssl_hmac_get0_HMAC_CTX(SSL_HMAC *ctx) } /* Some deprecated public APIs pass DH objects */ -# ifndef OPENSSL_NO_DH EVP_PKEY *ssl_dh_to_pkey(DH *dh) { +# ifndef OPENSSL_NO_DH EVP_PKEY *ret; if (dh == NULL) @@ -157,14 +157,16 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh) return NULL; } return ret; -} +# else + return NULL; # endif +} /* Some deprecated public APIs pass EC_KEY objects */ -# ifndef OPENSSL_NO_EC int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, void *key) { +# ifndef OPENSSL_NO_EC const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key); int nid; @@ -176,6 +178,28 @@ int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, if (nid == NID_undef) return 0; return tls1_set_groups(pext, pextlen, &nid, 1); +# else + return 0; +# endif +} + +/* + * Set the callback for generating temporary DH keys. + * ctx: the SSL context. + * dh: the callback + */ +# if !defined(OPENSSL_NO_DH) +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)) +{ + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); +} + +void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, + int keylength)) +{ + SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); } # endif -#endif +#endif /* OPENSSL_NO_DEPRECATED */ |