diff options
author | Matt Caswell <matt@openssl.org> | 2020-01-16 12:13:09 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-01-22 10:47:12 +0000 |
commit | ba18627e4ac813ef7461241663be6a366ed61c8a (patch) | |
tree | c42485291ef7909bfe2b113270d14607ab1afc22 /ssl | |
parent | 7b131de2bb2be8582c6dfc50bdd3cbc49e1a08be (diff) |
Introduce SSL_CTX_new_with_libex()
We add the ability to specify an OPENSSL_CTX (which may be NULL for the
default context) and a property query string for use during algorithm
fetch operations.
For example, in this way one SSL_CTX could be used the default provider,
and another one could be used with the FIPS provider.
At this stage we don't use these values. That will come later.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10866)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 31 | ||||
-rw-r--r-- | ssl/ssl_local.h | 4 |
2 files changed, 27 insertions, 8 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 74161b0cb7..384c28e76b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3032,12 +3032,13 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) * via ssl.h. */ -SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) +SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, + const SSL_METHOD *meth) { SSL_CTX *ret = NULL; if (meth == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); + SSLerr(0, SSL_R_NULL_SSL_METHOD_PASSED); return NULL; } @@ -3045,13 +3046,20 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return NULL; if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); + SSLerr(0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) goto err; + ret->libctx = libctx; + if (propq != NULL) { + ret->propq = OPENSSL_strdup(propq); + if (ret->propq == NULL) + goto err; + } + ret->method = meth; ret->min_proto_version = 0; ret->max_proto_version = 0; @@ -3063,7 +3071,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); + SSLerr(0, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } @@ -3092,7 +3100,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) &ret->cipher_list, &ret->cipher_list_by_id, OSSL_default_cipher_list(), ret->cert) || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); + SSLerr(0, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } @@ -3101,11 +3109,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) goto err; if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); + SSLerr(0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; } if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); + SSLerr(0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); goto err2; } @@ -3215,12 +3223,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return ret; err: - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); + SSLerr(0, ERR_R_MALLOC_FAILURE); err2: SSL_CTX_free(ret); return NULL; } +SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) +{ + return SSL_CTX_new_with_libctx(NULL, NULL, meth); +} + int SSL_CTX_up_ref(SSL_CTX *ctx) { int i; @@ -3294,6 +3307,8 @@ void SSL_CTX_free(SSL_CTX *a) CRYPTO_THREAD_lock_free(a->lock); + OPENSSL_free(a->propq); + OPENSSL_free(a); } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index c6f0af7922..14515cadfe 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -738,6 +738,8 @@ typedef struct ssl_ctx_ext_secure_st { } SSL_CTX_EXT_SECURE; struct ssl_ctx_st { + OPENSSL_CTX *libctx; + const SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; /* same as above but sorted for lookup */ @@ -1073,6 +1075,8 @@ struct ssl_ctx_st { /* Callback for SSL async handling */ SSL_async_callback_fn async_cb; void *async_cb_arg; + + char *propq; }; typedef struct cert_pkey_st CERT_PKEY; |