From 71e048498e9e93d86d440a9a930c1c1566ea505d Mon Sep 17 00:00:00 2001 From: beck Date: Sat, 8 Jul 2023 16:40:13 +0000 Subject: [PATCH] Hide all public symbols in libssl With the guentherizer 9000 ok tb@ --- lib/libssl/bio_ssl.c | 6 +- lib/libssl/d1_srtp.c | 6 +- lib/libssl/hidden/openssl/srtp.h | 33 +++ lib/libssl/hidden/openssl/ssl.h | 366 ++++++++++++++++++++++++++++++- lib/libssl/hidden/openssl/tls1.h | 32 +++ lib/libssl/s3_lib.c | 18 +- lib/libssl/ssl_algs.c | 4 +- lib/libssl/ssl_asn1.c | 4 +- lib/libssl/ssl_cert.c | 13 +- lib/libssl/ssl_ciph.c | 39 +++- lib/libssl/ssl_clnt.c | 6 +- lib/libssl/ssl_err.c | 4 +- lib/libssl/ssl_init.c | 3 +- lib/libssl/ssl_lib.c | 197 ++++++++++++++++- lib/libssl/ssl_methods.c | 26 ++- lib/libssl/ssl_rsa.c | 23 +- lib/libssl/ssl_sess.c | 54 ++++- lib/libssl/ssl_srvr.c | 6 +- lib/libssl/ssl_stat.c | 10 +- lib/libssl/ssl_txt.c | 4 +- lib/libssl/tls12_record_layer.c | 7 +- 21 files changed, 828 insertions(+), 33 deletions(-) create mode 100644 lib/libssl/hidden/openssl/srtp.h create mode 100644 lib/libssl/hidden/openssl/tls1.h diff --git a/lib/libssl/bio_ssl.c b/lib/libssl/bio_ssl.c index 1a8cda84d65..08e47dbfac5 100644 --- a/lib/libssl/bio_ssl.c +++ b/lib/libssl/bio_ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_ssl.c,v 1.38 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: bio_ssl.c,v 1.39 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -120,6 +120,7 @@ ssl_new(BIO *bi) bi->flags = 0; return (1); } +LSSL_ALIAS(BIO_f_ssl); static int ssl_free(BIO *a) @@ -514,6 +515,7 @@ BIO_new_buffer_ssl_connect(SSL_CTX *ctx) BIO_free(ssl); return (NULL); } +LSSL_ALIAS(BIO_new_buffer_ssl_connect); BIO * BIO_new_ssl_connect(SSL_CTX *ctx) @@ -575,6 +577,7 @@ BIO_ssl_copy_session_id(BIO *t, BIO *f) return (0); return (1); } +LSSL_ALIAS(BIO_new_ssl_connect); void BIO_ssl_shutdown(BIO *b) @@ -590,3 +593,4 @@ BIO_ssl_shutdown(BIO *b) b = b->next_bio; } } +LSSL_ALIAS(BIO_ssl_shutdown); diff --git a/lib/libssl/d1_srtp.c b/lib/libssl/d1_srtp.c index 6073f0d2d46..67c4495a177 100644 --- a/lib/libssl/d1_srtp.c +++ b/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.32 2022/11/26 16:08:55 tb Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.33 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -229,12 +229,14 @@ SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) { return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); } +LSSL_ALIAS(SSL_CTX_set_tlsext_use_srtp); int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) { return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); } +LSSL_ALIAS(SSL_set_tlsext_use_srtp); STACK_OF(SRTP_PROTECTION_PROFILE) * @@ -251,6 +253,7 @@ SSL_get_srtp_profiles(SSL *s) return NULL; } +LSSL_ALIAS(SSL_get_srtp_profiles); SRTP_PROTECTION_PROFILE * SSL_get_selected_srtp_profile(SSL *s) @@ -258,5 +261,6 @@ SSL_get_selected_srtp_profile(SSL *s) /* XXX cast away the const */ return (SRTP_PROTECTION_PROFILE *)s->srtp_profile; } +LSSL_ALIAS(SSL_get_selected_srtp_profile); #endif diff --git a/lib/libssl/hidden/openssl/srtp.h b/lib/libssl/hidden/openssl/srtp.h new file mode 100644 index 00000000000..2440fc93d9e --- /dev/null +++ b/lib/libssl/hidden/openssl/srtp.h @@ -0,0 +1,33 @@ +/* $OpenBSD: srtp.h,v 1.1 2023/07/08 16:40:14 beck Exp $ */ +/* + * Copyright (c) 2023 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _LIBSSL_SRTP_H +#define _LIBSSL_SRTP_H + +#ifndef _MSC_VER +#include_next +#else +#include "../include/openssl/srtp.h" +#endif +#include "ssl_namespace.h" + +LSSL_USED(SSL_CTX_set_tlsext_use_srtp); +LSSL_USED(SSL_set_tlsext_use_srtp); +LSSL_USED(SSL_get_srtp_profiles); +LSSL_USED(SSL_get_selected_srtp_profile); + +#endif /* _LIBSSL_SRTP_H */ diff --git a/lib/libssl/hidden/openssl/ssl.h b/lib/libssl/hidden/openssl/ssl.h index 3bd2eed748f..acc99fe1382 100644 --- a/lib/libssl/hidden/openssl/ssl.h +++ b/lib/libssl/hidden/openssl/ssl.h @@ -1,6 +1,6 @@ -/* $OpenBSD: ssl.h,v 1.2 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: ssl.h,v 1.3 2023/07/08 16:40:14 beck Exp $ */ /* - * Copyright (c) 2022 Philip Guenther + * Copyright (c) 2023 Bob Beck * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,8 +15,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef _LIBSSL_SSL_H_ -#define _LIBSSL_SSL_H_ +#ifndef _LIBSSL_SSL_H +#define _LIBSSL_SSL_H #ifndef _MSC_VER #include_next @@ -25,11 +25,361 @@ #endif #include "ssl_namespace.h" +LSSL_USED(SSL_CTX_set_msg_callback); +LSSL_USED(SSL_set_msg_callback); +LSSL_USED(SSL_CTX_set_keylog_callback); +LSSL_USED(SSL_CTX_get_keylog_callback); +LSSL_USED(SSL_set_num_tickets); +LSSL_USED(SSL_get_num_tickets); +LSSL_USED(SSL_CTX_set_num_tickets); +LSSL_USED(SSL_CTX_get_num_tickets); +LSSL_USED(SSL_get0_verified_chain); +LSSL_USED(SSL_CTX_sessions); +LSSL_USED(SSL_CTX_sess_set_new_cb); +LSSL_USED(SSL_CTX_sess_get_new_cb); +LSSL_USED(SSL_CTX_sess_set_remove_cb); +LSSL_USED(SSL_CTX_sess_get_remove_cb); +LSSL_USED(SSL_CTX_sess_set_get_cb); +LSSL_USED(SSL_CTX_set_info_callback); +LSSL_USED(SSL_CTX_get_info_callback); +LSSL_USED(SSL_CTX_set_client_cert_cb); +LSSL_USED(SSL_CTX_get_client_cert_cb); +LSSL_USED(SSL_CTX_set_client_cert_engine); +LSSL_USED(SSL_CTX_set_cookie_generate_cb); +LSSL_USED(SSL_CTX_set_cookie_verify_cb); +LSSL_USED(SSL_CTX_set_next_protos_advertised_cb); +LSSL_USED(SSL_CTX_set_next_proto_select_cb); +LSSL_USED(SSL_select_next_proto); +LSSL_USED(SSL_get0_next_proto_negotiated); +LSSL_USED(SSL_CTX_set_alpn_protos); +LSSL_USED(SSL_set_alpn_protos); +LSSL_USED(SSL_CTX_set_alpn_select_cb); +LSSL_USED(SSL_get0_alpn_selected); +LSSL_USED(SSL_set_psk_use_session_callback); +LSSL_USED(SSL_get_finished); +LSSL_USED(SSL_get_peer_finished); +LSSL_USED(SSL_verify_client_post_handshake); +LSSL_USED(SSL_CTX_set_post_handshake_auth); +LSSL_USED(SSL_set_post_handshake_auth); +LSSL_USED(PEM_read_bio_SSL_SESSION); +LSSL_USED(PEM_read_SSL_SESSION); +LSSL_USED(PEM_write_bio_SSL_SESSION); +LSSL_USED(PEM_write_SSL_SESSION); +LSSL_USED(SSL_CTX_set0_chain); +LSSL_USED(SSL_CTX_set1_chain); +LSSL_USED(SSL_CTX_add0_chain_cert); +LSSL_USED(SSL_CTX_add1_chain_cert); +LSSL_USED(SSL_CTX_get0_chain_certs); +LSSL_USED(SSL_CTX_clear_chain_certs); +LSSL_USED(SSL_set0_chain); +LSSL_USED(SSL_set1_chain); +LSSL_USED(SSL_add0_chain_cert); +LSSL_USED(SSL_add1_chain_cert); +LSSL_USED(SSL_get0_chain_certs); +LSSL_USED(SSL_clear_chain_certs); +LSSL_USED(SSL_CTX_set1_groups); +LSSL_USED(SSL_CTX_set1_groups_list); +LSSL_USED(SSL_set1_groups); +LSSL_USED(SSL_set1_groups_list); +LSSL_USED(SSL_CTX_get_min_proto_version); +LSSL_USED(SSL_CTX_get_max_proto_version); +LSSL_USED(SSL_CTX_set_min_proto_version); +LSSL_USED(SSL_CTX_set_max_proto_version); +LSSL_USED(SSL_get_min_proto_version); +LSSL_USED(SSL_get_max_proto_version); +LSSL_USED(SSL_set_min_proto_version); +LSSL_USED(SSL_set_max_proto_version); +LSSL_USED(SSL_CTX_get_ssl_method); LSSL_USED(BIO_f_ssl); LSSL_USED(BIO_new_ssl); LSSL_USED(BIO_new_ssl_connect); -LSSL_UNUSED(BIO_new_buffer_ssl_connect); -LSSL_UNUSED(BIO_ssl_copy_session_id); -LSSL_UNUSED(BIO_ssl_shutdown); +LSSL_USED(BIO_new_buffer_ssl_connect); +LSSL_USED(BIO_ssl_copy_session_id); +LSSL_USED(BIO_ssl_shutdown); +LSSL_USED(SSL_CTX_get_ciphers); +LSSL_USED(SSL_CTX_set_cipher_list); +LSSL_USED(SSL_CTX_set_ciphersuites); +LSSL_USED(SSL_CTX_new); +LSSL_USED(SSL_CTX_free); +LSSL_USED(SSL_CTX_up_ref); +LSSL_USED(SSL_CTX_set_timeout); +LSSL_USED(SSL_CTX_get_timeout); +LSSL_USED(SSL_CTX_get_cert_store); +LSSL_USED(SSL_CTX_set_cert_store); +LSSL_USED(SSL_CTX_get0_certificate); +LSSL_USED(SSL_CTX_get0_privatekey); +LSSL_USED(SSL_want); +LSSL_USED(SSL_clear); +LSSL_USED(SSL_CTX_flush_sessions); +LSSL_USED(SSL_get_current_cipher); +LSSL_USED(SSL_CIPHER_get_by_id); +LSSL_USED(SSL_CIPHER_get_by_value); +LSSL_USED(SSL_CIPHER_get_bits); +LSSL_USED(SSL_CIPHER_get_version); +LSSL_USED(SSL_CIPHER_get_name); +LSSL_USED(SSL_CIPHER_get_id); +LSSL_USED(SSL_CIPHER_get_value); +LSSL_USED(SSL_CIPHER_find); +LSSL_USED(SSL_CIPHER_get_cipher_nid); +LSSL_USED(SSL_CIPHER_get_digest_nid); +LSSL_USED(SSL_CIPHER_get_kx_nid); +LSSL_USED(SSL_CIPHER_get_auth_nid); +LSSL_USED(SSL_CIPHER_is_aead); +LSSL_USED(SSL_get_fd); +LSSL_USED(SSL_get_rfd); +LSSL_USED(SSL_get_wfd); +LSSL_USED(SSL_get_cipher_list); +LSSL_USED(SSL_get_shared_ciphers); +LSSL_USED(SSL_get_read_ahead); +LSSL_USED(SSL_pending); +LSSL_USED(SSL_set_fd); +LSSL_USED(SSL_set_rfd); +LSSL_USED(SSL_set_wfd); +LSSL_USED(SSL_set_bio); +LSSL_USED(SSL_get_rbio); +LSSL_USED(SSL_set0_rbio); +LSSL_USED(SSL_get_wbio); +LSSL_USED(SSL_set_cipher_list); +LSSL_USED(SSL_set_ciphersuites); +LSSL_USED(SSL_set_read_ahead); +LSSL_USED(SSL_get_verify_mode); +LSSL_USED(SSL_get_verify_depth); +LSSL_USED(SSL_get_verify_callback); +LSSL_USED(SSL_set_verify); +LSSL_USED(SSL_set_verify_depth); +LSSL_USED(SSL_use_RSAPrivateKey); +LSSL_USED(SSL_use_RSAPrivateKey_ASN1); +LSSL_USED(SSL_use_PrivateKey); +LSSL_USED(SSL_use_PrivateKey_ASN1); +LSSL_USED(SSL_use_certificate); +LSSL_USED(SSL_use_certificate_ASN1); +LSSL_USED(SSL_use_RSAPrivateKey_file); +LSSL_USED(SSL_use_PrivateKey_file); +LSSL_USED(SSL_use_certificate_file); +LSSL_USED(SSL_use_certificate_chain_file); +LSSL_USED(SSL_CTX_use_RSAPrivateKey_file); +LSSL_USED(SSL_CTX_use_PrivateKey_file); +LSSL_USED(SSL_CTX_use_certificate_file); +LSSL_USED(SSL_CTX_use_certificate_chain_file); +LSSL_USED(SSL_CTX_use_certificate_chain_mem); +LSSL_USED(SSL_load_client_CA_file); +LSSL_USED(SSL_add_file_cert_subjects_to_stack); +LSSL_USED(SSL_add_dir_cert_subjects_to_stack); +LSSL_USED(SSL_load_error_strings); +LSSL_USED(SSL_state_string); +LSSL_USED(SSL_rstate_string); +LSSL_USED(SSL_state_string_long); +LSSL_USED(SSL_rstate_string_long); +LSSL_USED(SSL_SESSION_get0_cipher); +LSSL_USED(SSL_SESSION_get_master_key); +LSSL_USED(SSL_SESSION_get_protocol_version); +LSSL_USED(SSL_SESSION_get_time); +LSSL_USED(SSL_SESSION_set_time); +LSSL_USED(SSL_SESSION_get_timeout); +LSSL_USED(SSL_SESSION_set_timeout); +LSSL_USED(SSL_copy_session_id); +LSSL_USED(SSL_SESSION_get0_peer); +LSSL_USED(SSL_SESSION_set1_id); +LSSL_USED(SSL_SESSION_set1_id_context); +LSSL_USED(SSL_SESSION_is_resumable); +LSSL_USED(SSL_SESSION_new); +LSSL_USED(SSL_SESSION_free); +LSSL_USED(SSL_SESSION_up_ref); +LSSL_USED(SSL_SESSION_get_id); +LSSL_USED(SSL_SESSION_get0_id_context); +LSSL_USED(SSL_SESSION_get_max_early_data); +LSSL_USED(SSL_SESSION_set_max_early_data); +LSSL_USED(SSL_SESSION_get_ticket_lifetime_hint); +LSSL_USED(SSL_SESSION_has_ticket); +LSSL_USED(SSL_SESSION_get_compress_id); +LSSL_USED(SSL_SESSION_print_fp); +LSSL_USED(SSL_SESSION_print); +LSSL_USED(i2d_SSL_SESSION); +LSSL_USED(SSL_set_session); +LSSL_USED(SSL_CTX_add_session); +LSSL_USED(SSL_CTX_remove_session); +LSSL_USED(SSL_CTX_set_generate_session_id); +LSSL_USED(SSL_set_generate_session_id); +LSSL_USED(SSL_has_matching_session_id); +LSSL_USED(d2i_SSL_SESSION); +LSSL_USED(SSL_get_peer_cert_chain); +LSSL_USED(SSL_CTX_get_verify_mode); +LSSL_USED(SSL_CTX_get_verify_depth); +LSSL_USED(SSL_CTX_get_verify_callback); +LSSL_USED(SSL_CTX_set_verify); +LSSL_USED(SSL_CTX_set_verify_depth); +LSSL_USED(SSL_CTX_set_cert_verify_callback); +LSSL_USED(SSL_CTX_use_RSAPrivateKey); +LSSL_USED(SSL_CTX_use_RSAPrivateKey_ASN1); +LSSL_USED(SSL_CTX_use_PrivateKey); +LSSL_USED(SSL_CTX_use_PrivateKey_ASN1); +LSSL_USED(SSL_CTX_use_certificate); +LSSL_USED(SSL_CTX_use_certificate_ASN1); +LSSL_USED(SSL_CTX_get_default_passwd_cb); +LSSL_USED(SSL_CTX_set_default_passwd_cb); +LSSL_USED(SSL_CTX_get_default_passwd_cb_userdata); +LSSL_USED(SSL_CTX_set_default_passwd_cb_userdata); +LSSL_USED(SSL_CTX_check_private_key); +LSSL_USED(SSL_check_private_key); +LSSL_USED(SSL_CTX_set_session_id_context); +LSSL_USED(SSL_set_session_id_context); +LSSL_USED(SSL_CTX_set_purpose); +LSSL_USED(SSL_set_purpose); +LSSL_USED(SSL_CTX_set_trust); +LSSL_USED(SSL_set_trust); +LSSL_USED(SSL_set1_host); +LSSL_USED(SSL_set_hostflags); +LSSL_USED(SSL_get0_peername); +LSSL_USED(SSL_CTX_get0_param); +LSSL_USED(SSL_CTX_set1_param); +LSSL_USED(SSL_get0_param); +LSSL_USED(SSL_set1_param); +LSSL_USED(SSL_new); +LSSL_USED(SSL_free); +LSSL_USED(SSL_up_ref); +LSSL_USED(SSL_accept); +LSSL_USED(SSL_connect); +LSSL_USED(SSL_is_dtls); +LSSL_USED(SSL_is_server); +LSSL_USED(SSL_read); +LSSL_USED(SSL_peek); +LSSL_USED(SSL_write); +LSSL_USED(SSL_read_ex); +LSSL_USED(SSL_peek_ex); +LSSL_USED(SSL_write_ex); +LSSL_USED(SSL_CTX_get_max_early_data); +LSSL_USED(SSL_CTX_set_max_early_data); +LSSL_USED(SSL_get_max_early_data); +LSSL_USED(SSL_set_max_early_data); +LSSL_USED(SSL_get_early_data_status); +LSSL_USED(SSL_read_early_data); +LSSL_USED(SSL_write_early_data); +LSSL_USED(SSL_ctrl); +LSSL_USED(SSL_callback_ctrl); +LSSL_USED(SSL_CTX_ctrl); +LSSL_USED(SSL_CTX_callback_ctrl); +LSSL_USED(SSL_get_error); +LSSL_USED(SSL_get_version); +LSSL_USED(SSL_CTX_set_ssl_version); +LSSL_USED(SSLv23_method); +LSSL_USED(SSLv23_server_method); +LSSL_USED(SSLv23_client_method); +LSSL_USED(TLSv1_method); +LSSL_USED(TLSv1_server_method); +LSSL_USED(TLSv1_client_method); +LSSL_USED(TLSv1_1_method); +LSSL_USED(TLSv1_1_server_method); +LSSL_USED(TLSv1_1_client_method); +LSSL_USED(TLSv1_2_method); +LSSL_USED(TLSv1_2_server_method); +LSSL_USED(TLSv1_2_client_method); +LSSL_USED(TLS_method); +LSSL_USED(TLS_server_method); +LSSL_USED(TLS_client_method); +LSSL_USED(DTLSv1_method); +LSSL_USED(DTLSv1_server_method); +LSSL_USED(DTLSv1_client_method); +LSSL_USED(DTLSv1_2_method); +LSSL_USED(DTLSv1_2_server_method); +LSSL_USED(DTLSv1_2_client_method); +LSSL_USED(DTLS_method); +LSSL_USED(DTLS_server_method); +LSSL_USED(DTLS_client_method); +LSSL_USED(SSL_get_ciphers); +LSSL_USED(SSL_get_client_ciphers); +LSSL_USED(SSL_get1_supported_ciphers); +LSSL_USED(SSL_do_handshake); +LSSL_USED(SSL_renegotiate); +LSSL_USED(SSL_renegotiate_abbreviated); +LSSL_USED(SSL_renegotiate_pending); +LSSL_USED(SSL_shutdown); +LSSL_USED(SSL_get_ssl_method); +LSSL_USED(SSL_set_ssl_method); +LSSL_USED(SSL_alert_type_string_long); +LSSL_USED(SSL_alert_type_string); +LSSL_USED(SSL_alert_desc_string_long); +LSSL_USED(SSL_alert_desc_string); +LSSL_USED(SSL_set_client_CA_list); +LSSL_USED(SSL_CTX_set_client_CA_list); +LSSL_USED(SSL_get_client_CA_list); +LSSL_USED(SSL_CTX_get_client_CA_list); +LSSL_USED(SSL_add_client_CA); +LSSL_USED(SSL_CTX_add_client_CA); +LSSL_USED(SSL_set_connect_state); +LSSL_USED(SSL_set_accept_state); +LSSL_USED(SSL_get_default_timeout); +LSSL_USED(SSL_library_init); +LSSL_USED(SSL_CIPHER_description); +LSSL_USED(SSL_dup_CA_list); +LSSL_USED(SSL_dup); +LSSL_USED(SSL_get_certificate); +LSSL_USED(SSL_get_privatekey); +LSSL_USED(SSL_CTX_set_quiet_shutdown); +LSSL_USED(SSL_CTX_get_quiet_shutdown); +LSSL_USED(SSL_set_quiet_shutdown); +LSSL_USED(SSL_get_quiet_shutdown); +LSSL_USED(SSL_set_shutdown); +LSSL_USED(SSL_get_shutdown); +LSSL_USED(SSL_version); +LSSL_USED(SSL_CTX_set_default_verify_paths); +LSSL_USED(SSL_CTX_load_verify_locations); +LSSL_USED(SSL_CTX_load_verify_mem); +LSSL_USED(SSL_get_session); +LSSL_USED(SSL_get1_session); +LSSL_USED(SSL_get_SSL_CTX); +LSSL_USED(SSL_set_SSL_CTX); +LSSL_USED(SSL_set_info_callback); +LSSL_USED(SSL_get_info_callback); +LSSL_USED(SSL_state); +LSSL_USED(SSL_set_state); +LSSL_USED(SSL_set_verify_result); +LSSL_USED(SSL_get_verify_result); +LSSL_USED(SSL_set_ex_data); +LSSL_USED(SSL_get_ex_data); +LSSL_USED(SSL_get_ex_new_index); +LSSL_USED(SSL_SESSION_set_ex_data); +LSSL_USED(SSL_SESSION_get_ex_data); +LSSL_USED(SSL_SESSION_get_ex_new_index); +LSSL_USED(SSL_CTX_set_ex_data); +LSSL_USED(SSL_CTX_get_ex_data); +LSSL_USED(SSL_CTX_get_ex_new_index); +LSSL_USED(SSL_get_ex_data_X509_STORE_CTX_idx); +LSSL_USED(SSL_CTX_set_tmp_rsa_callback); +LSSL_USED(SSL_set_tmp_rsa_callback); +LSSL_USED(SSL_CTX_set_tmp_dh_callback); +LSSL_USED(SSL_set_tmp_dh_callback); +LSSL_USED(SSL_CTX_set_tmp_ecdh_callback); +LSSL_USED(SSL_set_tmp_ecdh_callback); +LSSL_USED(SSL_get_client_random); +LSSL_USED(SSL_get_server_random); +LSSL_USED(SSL_get_current_compression); +LSSL_USED(SSL_get_current_expansion); +LSSL_USED(SSL_get_peer_certificate); +LSSL_USED(SSL_COMP_get_name); +LSSL_USED(SSL_COMP_get_compression_methods); +LSSL_USED(SSL_COMP_add_compression_method); +LSSL_USED(SSL_set_session_ticket_ext); +LSSL_USED(SSL_set_session_ticket_ext_cb); +LSSL_USED(SSL_set_session_secret_cb); +LSSL_USED(SSL_set_debug); +LSSL_USED(SSL_cache_hit); +LSSL_USED(SSL_set_security_level); +LSSL_USED(SSL_get_security_level); +LSSL_USED(SSL_CTX_set_security_level); +LSSL_USED(SSL_CTX_get_security_level); +LSSL_USED(SSL_CTX_set_quic_method); +LSSL_USED(SSL_CTX_sess_get_get_cb); +LSSL_USED(SSL_set_quic_method); +LSSL_USED(SSL_is_quic); +LSSL_USED(SSL_quic_max_handshake_flight_len); +LSSL_USED(SSL_quic_read_level); +LSSL_USED(SSL_quic_write_level); +LSSL_USED(SSL_provide_quic_data); +LSSL_USED(SSL_process_quic_post_handshake); +LSSL_USED(SSL_set_quic_transport_params); +LSSL_USED(SSL_get_peer_quic_transport_params); +LSSL_USED(SSL_set_quic_use_legacy_codepoint); +LSSL_USED(ERR_load_SSL_strings); +LSSL_USED(OPENSSL_init_ssl); -#endif /* _LIBSSL_SSL_H_ */ +#endif /* _LIBSSL_SSL_H */ diff --git a/lib/libssl/hidden/openssl/tls1.h b/lib/libssl/hidden/openssl/tls1.h new file mode 100644 index 00000000000..de93f9aa2e4 --- /dev/null +++ b/lib/libssl/hidden/openssl/tls1.h @@ -0,0 +1,32 @@ +/* $OpenBSD: tls1.h,v 1.1 2023/07/08 16:40:14 beck Exp $ */ +/* + * Copyright (c) 2023 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _LIBSSL_TLS1_H +#define _LIBSSL_TLS1_H + +#ifndef _MSC_VER +#include_next +#else +#include "../include/openssl/tls1.h" +#endif +#include "ssl_namespace.h" + +LSSL_USED(SSL_get_servername); +LSSL_USED(SSL_get_servername_type); +LSSL_USED(SSL_export_keying_material); + +#endif /* _LIBSSL_TLS1_H */ diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 7561060120c..7ab6880131d 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.245 2023/07/02 17:21:32 beck Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.246 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1931,24 +1931,28 @@ SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain) { return ssl_cert_set0_chain(NULL, ssl, chain); } +LSSL_ALIAS(SSL_set0_chain); int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain) { return ssl_cert_set1_chain(NULL, ssl, chain); } +LSSL_ALIAS(SSL_set1_chain); int SSL_add0_chain_cert(SSL *ssl, X509 *x509) { return ssl_cert_add0_chain_cert(NULL, ssl, x509); } +LSSL_ALIAS(SSL_add0_chain_cert); int SSL_add1_chain_cert(SSL *ssl, X509 *x509) { return ssl_cert_add1_chain_cert(NULL, ssl, x509); } +LSSL_ALIAS(SSL_add1_chain_cert); int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) @@ -1960,12 +1964,14 @@ SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) return 1; } +LSSL_ALIAS(SSL_get0_chain_certs); int SSL_clear_chain_certs(SSL *ssl) { return ssl_cert_set0_chain(NULL, ssl, NULL); } +LSSL_ALIAS(SSL_clear_chain_certs); int SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) @@ -1973,6 +1979,7 @@ SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) return tls1_set_groups(&s->tlsext_supportedgroups, &s->tlsext_supportedgroups_length, groups, groups_len); } +LSSL_ALIAS(SSL_set1_groups); int SSL_set1_groups_list(SSL *s, const char *groups) @@ -1980,6 +1987,7 @@ SSL_set1_groups_list(SSL *s, const char *groups) return tls1_set_group_list(&s->tlsext_supportedgroups, &s->tlsext_supportedgroups_length, groups); } +LSSL_ALIAS(SSL_set1_groups_list); static int _SSL_get_signature_nid(SSL *s, int *nid) @@ -2322,24 +2330,28 @@ SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) { return ssl_cert_set0_chain(ctx, NULL, chain); } +LSSL_ALIAS(SSL_CTX_set0_chain); int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) { return ssl_cert_set1_chain(ctx, NULL, chain); } +LSSL_ALIAS(SSL_CTX_set1_chain); int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509) { return ssl_cert_add0_chain_cert(ctx, NULL, x509); } +LSSL_ALIAS(SSL_CTX_add0_chain_cert); int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509) { return ssl_cert_add1_chain_cert(ctx, NULL, x509); } +LSSL_ALIAS(SSL_CTX_add1_chain_cert); int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) @@ -2351,12 +2363,14 @@ SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain) return 1; } +LSSL_ALIAS(SSL_CTX_get0_chain_certs); int SSL_CTX_clear_chain_certs(SSL_CTX *ctx) { return ssl_cert_set0_chain(ctx, NULL, NULL); } +LSSL_ALIAS(SSL_CTX_clear_chain_certs); static int _SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *cert) @@ -2402,6 +2416,7 @@ SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) return tls1_set_groups(&ctx->tlsext_supportedgroups, &ctx->tlsext_supportedgroups_length, groups, groups_len); } +LSSL_ALIAS(SSL_CTX_set1_groups); int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) @@ -2409,6 +2424,7 @@ SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) return tls1_set_group_list(&ctx->tlsext_supportedgroups, &ctx->tlsext_supportedgroups_length, groups); } +LSSL_ALIAS(SSL_CTX_set1_groups_list); long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c index ab23f4bc453..684697df516 100644 --- a/lib/libssl/ssl_algs.c +++ b/lib/libssl/ssl_algs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_algs.c,v 1.31 2022/11/26 16:08:55 tb Exp $ */ +/* $OpenBSD: ssl_algs.c,v 1.32 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -122,4 +122,4 @@ SSL_library_init(void) return (1); } - +LSSL_ALIAS(SSL_library_init); diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c index 7684602129d..f4552f1c945 100644 --- a/lib/libssl/ssl_asn1.c +++ b/lib/libssl/ssl_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_asn1.c,v 1.66 2022/11/26 16:08:55 tb Exp $ */ +/* $OpenBSD: ssl_asn1.c,v 1.67 2023/07/08 16:40:13 beck Exp $ */ /* * Copyright (c) 2016 Joel Sing * @@ -238,6 +238,7 @@ i2d_SSL_SESSION(SSL_SESSION *ss, unsigned char **pp) return rv; } +LSSL_ALIAS(i2d_SSL_SESSION); SSL_SESSION * d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) @@ -416,3 +417,4 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) return (NULL); } +LSSL_ALIAS(d2i_SSL_SESSION); diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 8a333b42789..a288050269c 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.106 2023/05/26 13:44:05 tb Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.107 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -157,6 +157,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void) return ssl_x509_store_ctx_idx; } +LSSL_ALIAS(SSL_get_ex_data_X509_STORE_CTX_idx); SSL_CERT * ssl_cert_new(void) @@ -487,24 +488,28 @@ SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk) sk_X509_NAME_pop_free(ret, X509_NAME_free); return NULL; } +LSSL_ALIAS(SSL_dup_CA_list); void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) { set_client_CA_list(&(s->client_CA), name_list); } +LSSL_ALIAS(SSL_set_client_CA_list); void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) { set_client_CA_list(&(ctx->client_CA), name_list); } +LSSL_ALIAS(SSL_CTX_set_client_CA_list); STACK_OF(X509_NAME) * SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) { return (ctx->client_CA); } +LSSL_ALIAS(SSL_CTX_get_client_CA_list); STACK_OF(X509_NAME) * SSL_get_client_CA_list(const SSL *s) @@ -522,6 +527,7 @@ SSL_get_client_CA_list(const SSL *s) return (s->ctx->client_CA); } } +LSSL_ALIAS(SSL_get_client_CA_list); static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) @@ -548,12 +554,14 @@ SSL_add_client_CA(SSL *ssl, X509 *x) { return (add_client_CA(&(ssl->client_CA), x)); } +LSSL_ALIAS(SSL_add_client_CA); int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { return (add_client_CA(&(ctx->client_CA), x)); } +LSSL_ALIAS(SSL_CTX_add_client_CA); static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) @@ -628,6 +636,7 @@ SSL_load_client_CA_file(const char *file) return (ret); } +LSSL_ALIAS(SSL_load_client_CA_file); /*! * Add a file of certs to a stack. @@ -688,6 +697,7 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, return ret; } +LSSL_ALIAS(SSL_add_file_cert_subjects_to_stack); /*! * Add a directory of certs to a stack. @@ -728,3 +738,4 @@ SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) } return ret; } +LSSL_ALIAS(SSL_add_dir_cert_subjects_to_stack); diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index a71c5042c7d..b735cd7b30e 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.135 2022/11/26 16:08:55 tb Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.136 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -475,9 +475,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, case SSL_CAMELLIA256: *enc = EVP_camellia_256_cbc(); break; +#ifndef OPENSSL_NO_GOST case SSL_eGOST2814789CNT: *enc = EVP_gost2814789_cnt(); break; +#endif } switch (ss->cipher->algorithm_mac) { @@ -493,6 +495,7 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, case SSL_SHA384: *md = EVP_sha384(); break; +#ifndef OPENSSL_NO_GOST case SSL_GOST89MAC: *md = EVP_gost2814789imit(); break; @@ -502,8 +505,8 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, case SSL_STREEBOG256: *md = EVP_streebog256(); break; +#endif } - if (*enc == NULL || *md == NULL) return 0; @@ -515,15 +518,18 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, return 0; if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE) return 0; - +#ifndef OPENSSL_NO_GOST + /* XXX JFC. die in fire already */ if (ss->cipher->algorithm_mac == SSL_GOST89MAC) { *mac_pkey_type = EVP_PKEY_GOSTIMIT; *mac_secret_size = 32; /* XXX */ } else { +#endif *mac_pkey_type = EVP_PKEY_HMAC; *mac_secret_size = EVP_MD_size(*md); +#ifndef OPENSSL_NO_GOST } - +#endif return 1; } @@ -578,18 +584,20 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) case SSL_HANDSHAKE_MAC_DEFAULT: *md = EVP_md5_sha1(); return 1; +#ifndef OPENSSL_NO_GOST case SSL_HANDSHAKE_MAC_GOST94: *md = EVP_gostr341194(); return 1; + case SSL_HANDSHAKE_MAC_STREEBOG256: + *md = EVP_streebog256(); + return 1; +#endif case SSL_HANDSHAKE_MAC_SHA256: *md = EVP_sha256(); return 1; case SSL_HANDSHAKE_MAC_SHA384: *md = EVP_sha384(); return 1; - case SSL_HANDSHAKE_MAC_STREEBOG256: - *md = EVP_streebog256(); - return 1; default: break; } @@ -1406,12 +1414,14 @@ SSL_CIPHER_get_by_id(unsigned int id) { return ssl3_get_cipher_by_id(id); } +LSSL_ALIAS(SSL_CIPHER_get_by_id); const SSL_CIPHER * SSL_CIPHER_get_by_value(uint16_t value) { return ssl3_get_cipher_by_value(value); } +LSSL_ALIAS(SSL_CIPHER_get_by_value); char * SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) @@ -1565,6 +1575,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) return (ret); } +LSSL_ALIAS(SSL_CIPHER_description); const char * SSL_CIPHER_get_version(const SSL_CIPHER *c) @@ -1576,6 +1587,7 @@ SSL_CIPHER_get_version(const SSL_CIPHER *c) else return("unknown"); } +LSSL_ALIAS(SSL_CIPHER_get_version); /* return the actual cipher being used */ const char * @@ -1585,6 +1597,7 @@ SSL_CIPHER_get_name(const SSL_CIPHER *c) return (c->name); return("(NONE)"); } +LSSL_ALIAS(SSL_CIPHER_get_name); /* number of bits for symmetric cipher */ int @@ -1599,18 +1612,21 @@ SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) } return (ret); } +LSSL_ALIAS(SSL_CIPHER_get_bits); unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) { return c->id; } +LSSL_ALIAS(SSL_CIPHER_get_id); uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c) { return ssl3_cipher_get_value(c); } +LSSL_ALIAS(SSL_CIPHER_get_value); const SSL_CIPHER * SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr) @@ -1625,6 +1641,7 @@ SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr) return ssl3_get_cipher_by_value(cipher_value); } +LSSL_ALIAS(SSL_CIPHER_find); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) @@ -1658,6 +1675,7 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) return NID_undef; } } +LSSL_ALIAS(SSL_CIPHER_get_cipher_nid); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) @@ -1683,6 +1701,7 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) return NID_undef; } } +LSSL_ALIAS(SSL_CIPHER_get_digest_nid); int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) @@ -1700,6 +1719,7 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) return NID_undef; } } +LSSL_ALIAS(SSL_CIPHER_get_kx_nid); int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) @@ -1717,27 +1737,32 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) return NID_undef; } } +LSSL_ALIAS(SSL_CIPHER_get_auth_nid); int SSL_CIPHER_is_aead(const SSL_CIPHER *c) { return (c->algorithm_mac & SSL_AEAD) == SSL_AEAD; } +LSSL_ALIAS(SSL_CIPHER_is_aead); void * SSL_COMP_get_compression_methods(void) { return NULL; } +LSSL_ALIAS(SSL_COMP_get_compression_methods); int SSL_COMP_add_compression_method(int id, void *cm) { return 1; } +LSSL_ALIAS(SSL_COMP_add_compression_method); const char * SSL_COMP_get_name(const void *comp) { return NULL; } +LSSL_ALIAS(SSL_COMP_get_name); diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 6aea5901324..441da643fd5 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.160 2023/06/11 19:01:01 tb Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.161 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2123,12 +2123,14 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, SSLerror(s, ERR_R_EVP_LIB); goto err; } +#ifndef OPENSSL_NO_GOST if (sigalg->key_type == EVP_PKEY_GOSTR01 && EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { SSLerror(s, ERR_R_EVP_LIB); goto err; } +#endif if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { @@ -2267,11 +2269,13 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) SSLerror(s, ERR_R_EVP_LIB); goto err; } +#ifndef OPENSSL_NO_GOST if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { SSLerror(s, ERR_R_EVP_LIB); goto err; } +#endif if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) { SSLerror(s, ERR_R_EVP_LIB); goto err; diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c index 59d8119e10b..28097ea70a9 100644 --- a/lib/libssl/ssl_err.c +++ b/lib/libssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.45 2022/11/26 16:08:55 tb Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.46 2023/07/08 16:40:13 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -482,6 +482,7 @@ ERR_load_SSL_strings(void) } #endif } +LSSL_ALIAS(ERR_load_SSL_strings); void SSL_load_error_strings(void) @@ -491,6 +492,7 @@ SSL_load_error_strings(void) ERR_load_SSL_strings(); #endif } +LSSL_ALIAS(SSL_load_error_strings); int SSL_state_func_code(int state) { diff --git a/lib/libssl/ssl_init.c b/lib/libssl/ssl_init.c index 65f38e25db6..a8646cc092a 100644 --- a/lib/libssl/ssl_init.c +++ b/lib/libssl/ssl_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_init.c,v 1.3 2022/11/26 16:08:55 tb Exp $ */ +/* $OpenBSD: ssl_init.c,v 1.4 2023/07/08 16:40:13 beck Exp $ */ /* * Copyright (c) 2018 Bob Beck * @@ -49,3 +49,4 @@ OPENSSL_init_ssl(uint64_t opts, const void *settings) return 1; } +LSSL_ALIAS(OPENSSL_init_ssl); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index f6c94061391..b1169b02425 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.310 2023/05/26 13:44:05 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.311 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -218,6 +218,7 @@ SSL_clear(SSL *s) return (1); } +LSSL_ALIAS(SSL_clear); /* Used to change an SSL_CTXs default SSL method type */ int @@ -236,6 +237,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) } return (1); } +LSSL_ALIAS(SSL_CTX_set_ssl_version); SSL * SSL_new(SSL_CTX *ctx) @@ -360,6 +362,7 @@ SSL_new(SSL_CTX *ctx) SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); } +LSSL_ALIAS(SSL_new); int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, @@ -374,6 +377,7 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, return (1); } +LSSL_ALIAS(SSL_CTX_set_session_id_context); int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, @@ -388,6 +392,7 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, return (1); } +LSSL_ALIAS(SSL_set_session_id_context); int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) @@ -397,6 +402,7 @@ SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); return (1); } +LSSL_ALIAS(SSL_CTX_set_generate_session_id); int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) @@ -406,6 +412,7 @@ SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) CRYPTO_w_unlock(CRYPTO_LOCK_SSL); return (1); } +LSSL_ALIAS(SSL_set_generate_session_id); int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, @@ -432,30 +439,35 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); return (p != NULL); } +LSSL_ALIAS(SSL_has_matching_session_id); int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) { return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); } +LSSL_ALIAS(SSL_CTX_set_purpose); int SSL_set_purpose(SSL *s, int purpose) { return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); } +LSSL_ALIAS(SSL_set_purpose); int SSL_CTX_set_trust(SSL_CTX *s, int trust) { return (X509_VERIFY_PARAM_set_trust(s->param, trust)); } +LSSL_ALIAS(SSL_CTX_set_trust); int SSL_set_trust(SSL *s, int trust) { return (X509_VERIFY_PARAM_set_trust(s->param, trust)); } +LSSL_ALIAS(SSL_set_trust); int SSL_set1_host(SSL *s, const char *hostname) @@ -470,42 +482,49 @@ SSL_set1_host(SSL *s, const char *hostname) else return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); } +LSSL_ALIAS(SSL_set1_host); void SSL_set_hostflags(SSL *s, unsigned int flags) { X509_VERIFY_PARAM_set_hostflags(s->param, flags); } +LSSL_ALIAS(SSL_set_hostflags); const char * SSL_get0_peername(SSL *s) { return X509_VERIFY_PARAM_get0_peername(s->param); } +LSSL_ALIAS(SSL_get0_peername); X509_VERIFY_PARAM * SSL_CTX_get0_param(SSL_CTX *ctx) { return (ctx->param); } +LSSL_ALIAS(SSL_CTX_get0_param); int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) { return (X509_VERIFY_PARAM_set1(ctx->param, vpm)); } +LSSL_ALIAS(SSL_CTX_set1_param); X509_VERIFY_PARAM * SSL_get0_param(SSL *ssl) { return (ssl->param); } +LSSL_ALIAS(SSL_get0_param); int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) { return (X509_VERIFY_PARAM_set1(ssl->param, vpm)); } +LSSL_ALIAS(SSL_set1_param); void SSL_free(SSL *s) @@ -585,6 +604,7 @@ SSL_free(SSL *s) free(s); } +LSSL_ALIAS(SSL_free); int SSL_up_ref(SSL *s) @@ -592,6 +612,7 @@ SSL_up_ref(SSL *s) int refs = CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); return (refs > 1) ? 1 : 0; } +LSSL_ALIAS(SSL_up_ref); void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) @@ -611,12 +632,14 @@ SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) s->rbio = rbio; s->wbio = wbio; } +LSSL_ALIAS(SSL_set_bio); BIO * SSL_get_rbio(const SSL *s) { return (s->rbio); } +LSSL_ALIAS(SSL_get_rbio); void SSL_set0_rbio(SSL *s, BIO *rbio) @@ -624,18 +647,21 @@ SSL_set0_rbio(SSL *s, BIO *rbio) BIO_free_all(s->rbio); s->rbio = rbio; } +LSSL_ALIAS(SSL_set0_rbio); BIO * SSL_get_wbio(const SSL *s) { return (s->wbio); } +LSSL_ALIAS(SSL_get_wbio); int SSL_get_fd(const SSL *s) { return (SSL_get_rfd(s)); } +LSSL_ALIAS(SSL_get_fd); int SSL_get_rfd(const SSL *s) @@ -649,6 +675,7 @@ SSL_get_rfd(const SSL *s) BIO_get_fd(r, &ret); return (ret); } +LSSL_ALIAS(SSL_get_rfd); int SSL_get_wfd(const SSL *s) @@ -662,6 +689,7 @@ SSL_get_wfd(const SSL *s) BIO_get_fd(r, &ret); return (ret); } +LSSL_ALIAS(SSL_get_wfd); int SSL_set_fd(SSL *s, int fd) @@ -681,6 +709,7 @@ SSL_set_fd(SSL *s, int fd) err: return (ret); } +LSSL_ALIAS(SSL_set_fd); int SSL_set_wfd(SSL *s, int fd) @@ -704,6 +733,7 @@ SSL_set_wfd(SSL *s, int fd) err: return (ret); } +LSSL_ALIAS(SSL_set_wfd); int SSL_set_rfd(SSL *s, int fd) @@ -727,6 +757,7 @@ SSL_set_rfd(SSL *s, int fd) err: return (ret); } +LSSL_ALIAS(SSL_set_rfd); /* return length of latest Finished message we sent, copy to 'buf' */ @@ -741,6 +772,7 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) memcpy(buf, s->s3->hs.finished, count); return (ret); } +LSSL_ALIAS(SSL_get_finished); /* return length of latest Finished message we expected, copy to 'buf' */ size_t @@ -754,6 +786,7 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count) memcpy(buf, s->s3->hs.peer_finished, count); return (ret); } +LSSL_ALIAS(SSL_get_peer_finished); int @@ -761,30 +794,35 @@ SSL_get_verify_mode(const SSL *s) { return (s->verify_mode); } +LSSL_ALIAS(SSL_get_verify_mode); int SSL_get_verify_depth(const SSL *s) { return (X509_VERIFY_PARAM_get_depth(s->param)); } +LSSL_ALIAS(SSL_get_verify_depth); int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) { return (s->verify_callback); } +LSSL_ALIAS(SSL_get_verify_callback); void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) { ctx->keylog_callback = cb; } +LSSL_ALIAS(SSL_CTX_set_keylog_callback); SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) { return (ctx->keylog_callback); } +LSSL_ALIAS(SSL_CTX_get_keylog_callback); int SSL_set_num_tickets(SSL *s, size_t num_tickets) @@ -793,12 +831,14 @@ SSL_set_num_tickets(SSL *s, size_t num_tickets) return 1; } +LSSL_ALIAS(SSL_set_num_tickets); size_t SSL_get_num_tickets(const SSL *s) { return s->num_tickets; } +LSSL_ALIAS(SSL_get_num_tickets); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) @@ -807,30 +847,35 @@ SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) return 1; } +LSSL_ALIAS(SSL_CTX_set_num_tickets); size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) { return ctx->num_tickets; } +LSSL_ALIAS(SSL_CTX_get_num_tickets); int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { return (ctx->verify_mode); } +LSSL_ALIAS(SSL_CTX_get_verify_mode); int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) { return (X509_VERIFY_PARAM_get_depth(ctx->param)); } +LSSL_ALIAS(SSL_CTX_get_verify_depth); int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) { return (ctx->default_verify_callback); } +LSSL_ALIAS(SSL_CTX_get_verify_callback); void SSL_set_verify(SSL *s, int mode, @@ -840,30 +885,35 @@ SSL_set_verify(SSL *s, int mode, if (callback != NULL) s->verify_callback = callback; } +LSSL_ALIAS(SSL_set_verify); void SSL_set_verify_depth(SSL *s, int depth) { X509_VERIFY_PARAM_set_depth(s->param, depth); } +LSSL_ALIAS(SSL_set_verify_depth); void SSL_set_read_ahead(SSL *s, int yes) { s->read_ahead = yes; } +LSSL_ALIAS(SSL_set_read_ahead); int SSL_get_read_ahead(const SSL *s) { return (s->read_ahead); } +LSSL_ALIAS(SSL_get_read_ahead); int SSL_pending(const SSL *s) { return (s->method->ssl_pending(s)); } +LSSL_ALIAS(SSL_pending); X509 * SSL_get_peer_certificate(const SSL *s) @@ -880,6 +930,7 @@ SSL_get_peer_certificate(const SSL *s) return cert; } +LSSL_ALIAS(SSL_get_peer_certificate); STACK_OF(X509) * SSL_get_peer_cert_chain(const SSL *s) @@ -896,6 +947,7 @@ SSL_get_peer_cert_chain(const SSL *s) return s->s3->hs.peer_certs_no_leaf; } +LSSL_ALIAS(SSL_get_peer_cert_chain); STACK_OF(X509) * SSL_get0_verified_chain(const SSL *s) @@ -904,6 +956,7 @@ SSL_get0_verified_chain(const SSL *s) return NULL; return s->s3->hs.verified_chain; } +LSSL_ALIAS(SSL_get0_verified_chain); /* * Now in theory, since the calling process own 't' it should be safe to @@ -939,6 +992,7 @@ SSL_copy_session_id(SSL *t, const SSL *f) return 1; } +LSSL_ALIAS(SSL_copy_session_id); /* Fix this so it checks all the valid key/cert options */ int @@ -956,6 +1010,7 @@ SSL_CTX_check_private_key(const SSL_CTX *ctx) return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); } +LSSL_ALIAS(SSL_CTX_check_private_key); /* Fix this function so that it takes an optional type parameter */ int @@ -980,6 +1035,7 @@ SSL_check_private_key(const SSL *ssl) return (X509_check_private_key(ssl->cert->key->x509, ssl->cert->key->privatekey)); } +LSSL_ALIAS(SSL_check_private_key); int SSL_accept(SSL *s) @@ -989,6 +1045,7 @@ SSL_accept(SSL *s) return (s->method->ssl_accept(s)); } +LSSL_ALIAS(SSL_accept); int SSL_connect(SSL *s) @@ -998,18 +1055,21 @@ SSL_connect(SSL *s) return (s->method->ssl_connect(s)); } +LSSL_ALIAS(SSL_connect); int SSL_is_dtls(const SSL *s) { return s->method->dtls; } +LSSL_ALIAS(SSL_is_dtls); int SSL_is_server(const SSL *s) { return s->server; } +LSSL_ALIAS(SSL_is_server); static long ssl_get_default_timeout() @@ -1026,6 +1086,7 @@ SSL_get_default_timeout(const SSL *s) { return (ssl_get_default_timeout()); } +LSSL_ALIAS(SSL_get_default_timeout); int SSL_read(SSL *s, void *buf, int num) @@ -1051,6 +1112,7 @@ SSL_read(SSL *s, void *buf, int num) } return ssl3_read(s, buf, num); } +LSSL_ALIAS(SSL_read); int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read) @@ -1070,6 +1132,7 @@ SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read) return ret > 0; } +LSSL_ALIAS(SSL_read_ex); int SSL_peek(SSL *s, void *buf, int num) @@ -1094,6 +1157,7 @@ SSL_peek(SSL *s, void *buf, int num) } return ssl3_peek(s, buf, num); } +LSSL_ALIAS(SSL_peek); int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked) @@ -1113,6 +1177,7 @@ SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked) return ret > 0; } +LSSL_ALIAS(SSL_peek_ex); int SSL_write(SSL *s, const void *buf, int num) @@ -1139,6 +1204,7 @@ SSL_write(SSL *s, const void *buf, int num) } return ssl3_write(s, buf, num); } +LSSL_ALIAS(SSL_write); int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written) @@ -1164,36 +1230,42 @@ SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written) return ret > 0; } +LSSL_ALIAS(SSL_write_ex); uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) { return 0; } +LSSL_ALIAS(SSL_CTX_get_max_early_data); int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) { return 1; } +LSSL_ALIAS(SSL_CTX_set_max_early_data); uint32_t SSL_get_max_early_data(const SSL *s) { return 0; } +LSSL_ALIAS(SSL_get_max_early_data); int SSL_set_max_early_data(SSL *s, uint32_t max_early_data) { return 1; } +LSSL_ALIAS(SSL_set_max_early_data); int SSL_get_early_data_status(const SSL *s) { return SSL_EARLY_DATA_REJECTED; } +LSSL_ALIAS(SSL_get_early_data_status); int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) @@ -1207,6 +1279,7 @@ SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) return SSL_READ_EARLY_DATA_FINISH; } +LSSL_ALIAS(SSL_read_early_data); int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) @@ -1215,6 +1288,7 @@ SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } +LSSL_ALIAS(SSL_write_early_data); int SSL_shutdown(SSL *s) @@ -1236,6 +1310,7 @@ SSL_shutdown(SSL *s) return (1); } +LSSL_ALIAS(SSL_shutdown); int SSL_renegotiate(SSL *s) @@ -1247,6 +1322,7 @@ SSL_renegotiate(SSL *s) return (s->method->ssl_renegotiate(s)); } +LSSL_ALIAS(SSL_renegotiate); int SSL_renegotiate_abbreviated(SSL *s) @@ -1258,6 +1334,7 @@ SSL_renegotiate_abbreviated(SSL *s) return (s->method->ssl_renegotiate(s)); } +LSSL_ALIAS(SSL_renegotiate_abbreviated); int SSL_renegotiate_pending(SSL *s) @@ -1268,6 +1345,7 @@ SSL_renegotiate_pending(SSL *s) */ return (s->renegotiate != 0); } +LSSL_ALIAS(SSL_renegotiate_pending); long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) @@ -1325,6 +1403,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl3_ctrl(s, cmd, larg, parg); } } +LSSL_ALIAS(SSL_ctrl); long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) @@ -1338,12 +1417,14 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) return (ssl3_callback_ctrl(s, cmd, fp)); } } +LSSL_ALIAS(SSL_callback_ctrl); struct lhash_st_SSL_SESSION * SSL_CTX_sessions(SSL_CTX *ctx) { return (ctx->sessions); } +LSSL_ALIAS(SSL_CTX_sessions); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) @@ -1423,6 +1504,7 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (ssl3_ctx_ctrl(ctx, cmd, larg, parg)); } } +LSSL_ALIAS(SSL_CTX_ctrl); long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) @@ -1436,6 +1518,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return (ssl3_ctx_callback_ctrl(ctx, cmd, fp)); } } +LSSL_ALIAS(SSL_CTX_callback_ctrl); int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) @@ -1459,6 +1542,7 @@ SSL_get_ciphers(const SSL *s) return (s->ctx->cipher_list); } +LSSL_ALIAS(SSL_get_ciphers); STACK_OF(SSL_CIPHER) * SSL_get_client_ciphers(const SSL *s) @@ -1467,6 +1551,7 @@ SSL_get_client_ciphers(const SSL *s) return NULL; return s->session->ciphers; } +LSSL_ALIAS(SSL_get_client_ciphers); STACK_OF(SSL_CIPHER) * SSL_get1_supported_ciphers(SSL *s) @@ -1504,6 +1589,7 @@ SSL_get1_supported_ciphers(SSL *s) sk_SSL_CIPHER_free(supported_ciphers); return NULL; } +LSSL_ALIAS(SSL_get1_supported_ciphers); /* See if we have any ECC cipher suites. */ int @@ -1544,6 +1630,7 @@ SSL_get_cipher_list(const SSL *s, int n) return (cipher->name); } +LSSL_ALIAS(SSL_get_cipher_list); STACK_OF(SSL_CIPHER) * SSL_CTX_get_ciphers(const SSL_CTX *ctx) @@ -1552,6 +1639,7 @@ SSL_CTX_get_ciphers(const SSL_CTX *ctx) return NULL; return ctx->cipher_list; } +LSSL_ALIAS(SSL_CTX_get_ciphers); /* Specify the ciphers to be used by default by the SSL_CTX. */ int @@ -1576,6 +1664,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) } return (1); } +LSSL_ALIAS(SSL_CTX_set_cipher_list); int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) @@ -1590,6 +1679,7 @@ SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) return 1; } +LSSL_ALIAS(SSL_CTX_set_ciphersuites); /* Specify the ciphers to be used by the SSL. */ int @@ -1611,6 +1701,7 @@ SSL_set_cipher_list(SSL *s, const char *str) } return (1); } +LSSL_ALIAS(SSL_set_cipher_list); int SSL_set_ciphersuites(SSL *s, const char *str) @@ -1630,6 +1721,7 @@ SSL_set_ciphersuites(SSL *s, const char *str) return 1; } +LSSL_ALIAS(SSL_set_ciphersuites); char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len) @@ -1671,6 +1763,7 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len) *end = '\0'; return buf; } +LSSL_ALIAS(SSL_get_shared_ciphers); /* * Return a servername extension value if provided in Client Hello, or NULL. @@ -1686,6 +1779,7 @@ SSL_get_servername(const SSL *s, const int type) s->session->tlsext_hostname : s->tlsext_hostname); } +LSSL_ALIAS(SSL_get_servername); int SSL_get_servername_type(const SSL *s) @@ -1696,6 +1790,7 @@ SSL_get_servername_type(const SSL *s) return (TLSEXT_NAMETYPE_host_name); return (-1); } +LSSL_ALIAS(SSL_get_servername_type); /* * SSL_select_next_proto implements standard protocol selection. It is @@ -1749,6 +1844,7 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, *outlen = result[0]; return (status); } +LSSL_ALIAS(SSL_select_next_proto); /* SSL_get0_next_proto_negotiated is deprecated. */ void @@ -1758,6 +1854,7 @@ SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, *data = NULL; *len = 0; } +LSSL_ALIAS(SSL_get0_next_proto_negotiated); /* SSL_CTX_set_next_protos_advertised_cb is deprecated. */ void @@ -1765,6 +1862,7 @@ SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) { } +LSSL_ALIAS(SSL_CTX_set_next_protos_advertised_cb); /* SSL_CTX_set_next_proto_select_cb is deprecated. */ void @@ -1773,6 +1871,7 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned int inlen, void *arg), void *arg) { } +LSSL_ALIAS(SSL_CTX_set_next_proto_select_cb); /* * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified @@ -1806,6 +1905,7 @@ SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, /* NOTE: Return values are the reverse of what you expect. */ return failed; } +LSSL_ALIAS(SSL_CTX_set_alpn_protos); /* * SSL_set_alpn_protos sets the ALPN protocol list to the specified @@ -1839,6 +1939,7 @@ SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, /* NOTE: Return values are the reverse of what you expect. */ return failed; } +LSSL_ALIAS(SSL_set_alpn_protos); /* * SSL_CTX_set_alpn_select_cb sets a callback function that is called during @@ -1853,6 +1954,7 @@ SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, ctx->alpn_select_cb = cb; ctx->alpn_select_cb_arg = arg; } +LSSL_ALIAS(SSL_CTX_set_alpn_select_cb); /* * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return @@ -1867,12 +1969,14 @@ SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, *data = ssl->s3->alpn_selected; *len = ssl->s3->alpn_selected_len; } +LSSL_ALIAS(SSL_get0_alpn_selected); void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) { return; } +LSSL_ALIAS(SSL_set_psk_use_session_callback); int SSL_export_keying_material(SSL *s, unsigned char *out, size_t out_len, @@ -1891,6 +1995,7 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t out_len, return tls12_exporter(s, label, label_len, context, context_len, use_context, out, out_len); } +LSSL_ALIAS(SSL_export_keying_material); static unsigned long ssl_session_hash(const SSL_SESSION *a) @@ -2092,6 +2197,7 @@ SSL_CTX_new(const SSL_METHOD *meth) SSL_CTX_free(ret); return (NULL); } +LSSL_ALIAS(SSL_CTX_new); void SSL_CTX_free(SSL_CTX *ctx) @@ -2146,6 +2252,7 @@ SSL_CTX_free(SSL_CTX *ctx) free(ctx); } +LSSL_ALIAS(SSL_CTX_free); int SSL_CTX_up_ref(SSL_CTX *ctx) @@ -2153,30 +2260,35 @@ SSL_CTX_up_ref(SSL_CTX *ctx) int refs = CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); return ((refs > 1) ? 1 : 0); } +LSSL_ALIAS(SSL_CTX_up_ref); pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) { return (ctx->default_passwd_callback); } +LSSL_ALIAS(SSL_CTX_get_default_passwd_cb); void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) { ctx->default_passwd_callback = cb; } +LSSL_ALIAS(SSL_CTX_set_default_passwd_cb); void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) { return ctx->default_passwd_callback_userdata; } +LSSL_ALIAS(SSL_CTX_get_default_passwd_cb_userdata); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) { ctx->default_passwd_callback_userdata = u; } +LSSL_ALIAS(SSL_CTX_set_default_passwd_cb_userdata); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, @@ -2185,6 +2297,7 @@ SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, ctx->app_verify_callback = cb; ctx->app_verify_arg = arg; } +LSSL_ALIAS(SSL_CTX_set_cert_verify_callback); void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) @@ -2192,12 +2305,14 @@ SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) ctx->verify_mode = mode; ctx->default_verify_callback = cb; } +LSSL_ALIAS(SSL_CTX_set_verify); void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) { X509_VERIFY_PARAM_set_depth(ctx->param, depth); } +LSSL_ALIAS(SSL_CTX_set_verify_depth); void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher) @@ -2478,6 +2593,7 @@ SSL_get_ssl_method(SSL *s) { return (s->method); } +LSSL_ALIAS(SSL_get_ssl_method); int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) @@ -2504,6 +2620,7 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) return (ret); } +LSSL_ALIAS(SSL_set_ssl_method); int SSL_get_error(const SSL *s, int i) @@ -2583,6 +2700,7 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SYSCALL); } +LSSL_ALIAS(SSL_get_error); int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) @@ -2594,6 +2712,7 @@ SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) return 1; } +LSSL_ALIAS(SSL_CTX_set_quic_method); int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) @@ -2605,6 +2724,7 @@ SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) return 1; } +LSSL_ALIAS(SSL_set_quic_method); size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, @@ -2652,18 +2772,21 @@ SSL_quic_max_handshake_flight_len(const SSL *ssl, return 0; } +LSSL_ALIAS(SSL_quic_max_handshake_flight_len); enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl) { return ssl->s3->hs.tls13.quic_read_level; } +LSSL_ALIAS(SSL_quic_read_level); enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl) { return ssl->s3->hs.tls13.quic_write_level; } +LSSL_ALIAS(SSL_quic_write_level); int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, @@ -2697,6 +2820,7 @@ SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, */ return tls_buffer_append(ssl->s3->hs.tls13.quic_read_buffer, data, len); } +LSSL_ALIAS(SSL_provide_quic_data); int SSL_process_quic_post_handshake(SSL *ssl) @@ -2704,6 +2828,7 @@ SSL_process_quic_post_handshake(SSL *ssl) /* XXX - this needs to run PHH received. */ return 1; } +LSSL_ALIAS(SSL_process_quic_post_handshake); int SSL_do_handshake(SSL *s) @@ -2720,6 +2845,7 @@ SSL_do_handshake(SSL *s) return s->handshake_func(s); } +LSSL_ALIAS(SSL_do_handshake); /* * For the next 2 functions, SSL_clear() sets shutdown and so @@ -2734,6 +2860,7 @@ SSL_set_accept_state(SSL *s) s->handshake_func = s->method->ssl_accept; ssl_clear_cipher_state(s); } +LSSL_ALIAS(SSL_set_accept_state); void SSL_set_connect_state(SSL *s) @@ -2744,6 +2871,7 @@ SSL_set_connect_state(SSL *s) s->handshake_func = s->method->ssl_connect; ssl_clear_cipher_state(s); } +LSSL_ALIAS(SSL_set_connect_state); int ssl_undefined_function(SSL *s) @@ -2792,6 +2920,7 @@ SSL_get_version(const SSL *s) { return ssl_version_string(s->version); } +LSSL_ALIAS(SSL_get_version); SSL * SSL_dup(SSL *s) @@ -2915,6 +3044,7 @@ SSL_dup(SSL *s) SSL_free(ret); return NULL; } +LSSL_ALIAS(SSL_dup); void ssl_clear_cipher_state(SSL *s) @@ -2957,6 +3087,7 @@ SSL_get_certificate(const SSL *s) { return (s->cert->key->x509); } +LSSL_ALIAS(SSL_get_certificate); /* Fix this function so that it takes an optional type parameter */ EVP_PKEY * @@ -2964,6 +3095,7 @@ SSL_get_privatekey(const SSL *s) { return (s->cert->key->privatekey); } +LSSL_ALIAS(SSL_get_privatekey); const SSL_CIPHER * SSL_get_current_cipher(const SSL *s) @@ -2972,17 +3104,20 @@ SSL_get_current_cipher(const SSL *s) return (s->session->cipher); return (NULL); } +LSSL_ALIAS(SSL_get_current_cipher); const void * SSL_get_current_compression(SSL *s) { return (NULL); } +LSSL_ALIAS(SSL_get_current_compression); const void * SSL_get_current_expansion(SSL *s) { return (NULL); } +LSSL_ALIAS(SSL_get_current_expansion); size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out) @@ -2999,6 +3134,7 @@ SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out) return len; } +LSSL_ALIAS(SSL_get_client_random); size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out) @@ -3015,6 +3151,7 @@ SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out) return len; } +LSSL_ALIAS(SSL_get_server_random); int ssl_init_wbio_buffer(SSL *s, int push) @@ -3069,48 +3206,56 @@ SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) { ctx->quiet_shutdown = mode; } +LSSL_ALIAS(SSL_CTX_set_quiet_shutdown); int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) { return (ctx->quiet_shutdown); } +LSSL_ALIAS(SSL_CTX_get_quiet_shutdown); void SSL_set_quiet_shutdown(SSL *s, int mode) { s->quiet_shutdown = mode; } +LSSL_ALIAS(SSL_set_quiet_shutdown); int SSL_get_quiet_shutdown(const SSL *s) { return (s->quiet_shutdown); } +LSSL_ALIAS(SSL_get_quiet_shutdown); void SSL_set_shutdown(SSL *s, int mode) { s->shutdown = mode; } +LSSL_ALIAS(SSL_set_shutdown); int SSL_get_shutdown(const SSL *s) { return (s->shutdown); } +LSSL_ALIAS(SSL_get_shutdown); int SSL_version(const SSL *s) { return (s->version); } +LSSL_ALIAS(SSL_version); SSL_CTX * SSL_get_SSL_CTX(const SSL *ssl) { return (ssl->ctx); } +LSSL_ALIAS(SSL_get_SSL_CTX); SSL_CTX * SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) @@ -3133,12 +3278,14 @@ SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) return (ssl->ctx); } +LSSL_ALIAS(SSL_set_SSL_CTX); int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) { return (X509_STORE_set_default_paths(ctx->cert_store)); } +LSSL_ALIAS(SSL_CTX_set_default_verify_paths); int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, @@ -3146,18 +3293,21 @@ SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, { return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); } +LSSL_ALIAS(SSL_CTX_load_verify_locations); int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len) { return (X509_STORE_load_mem(ctx->cert_store, buf, len)); } +LSSL_ALIAS(SSL_CTX_load_verify_mem); void SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val)) { ssl->info_callback = cb; } +LSSL_ALIAS(SSL_set_info_callback); void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) { @@ -3169,42 +3319,49 @@ SSL_state(const SSL *ssl) { return (ssl->s3->hs.state); } +LSSL_ALIAS(SSL_state); void SSL_set_state(SSL *ssl, int state) { ssl->s3->hs.state = state; } +LSSL_ALIAS(SSL_set_state); void SSL_set_verify_result(SSL *ssl, long arg) { ssl->verify_result = arg; } +LSSL_ALIAS(SSL_set_verify_result); long SSL_get_verify_result(const SSL *ssl) { return (ssl->verify_result); } +LSSL_ALIAS(SSL_get_verify_result); int SSL_verify_client_post_handshake(SSL *ssl) { return 0; } +LSSL_ALIAS(SSL_verify_client_post_handshake); void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) { return; } +LSSL_ALIAS(SSL_CTX_set_post_handshake_auth); void SSL_set_post_handshake_auth(SSL *ssl, int val) { return; } +LSSL_ALIAS(SSL_set_post_handshake_auth); int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -3213,18 +3370,21 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, new_func, dup_func, free_func)); } +LSSL_ALIAS(SSL_get_ex_new_index); int SSL_set_ex_data(SSL *s, int idx, void *arg) { return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); } +LSSL_ALIAS(SSL_set_ex_data); void * SSL_get_ex_data(const SSL *s, int idx) { return (CRYPTO_get_ex_data(&s->ex_data, idx)); } +LSSL_ALIAS(SSL_get_ex_data); int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -3233,18 +3393,21 @@ SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, new_func, dup_func, free_func)); } +LSSL_ALIAS(SSL_CTX_get_ex_new_index); int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) { return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); } +LSSL_ALIAS(SSL_CTX_set_ex_data); void * SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) { return (CRYPTO_get_ex_data(&s->ex_data, idx)); } +LSSL_ALIAS(SSL_CTX_get_ex_data); int ssl_ok(SSL *s) @@ -3257,6 +3420,7 @@ SSL_CTX_get_cert_store(const SSL_CTX *ctx) { return (ctx->cert_store); } +LSSL_ALIAS(SSL_CTX_get_cert_store); void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) @@ -3264,6 +3428,7 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) X509_STORE_free(ctx->cert_store); ctx->cert_store = store; } +LSSL_ALIAS(SSL_CTX_set_cert_store); X509 * SSL_CTX_get0_certificate(const SSL_CTX *ctx) @@ -3273,6 +3438,7 @@ SSL_CTX_get0_certificate(const SSL_CTX *ctx) return ctx->cert->key->x509; } +LSSL_ALIAS(SSL_CTX_get0_certificate); EVP_PKEY * SSL_CTX_get0_privatekey(const SSL_CTX *ctx) @@ -3282,12 +3448,14 @@ SSL_CTX_get0_privatekey(const SSL_CTX *ctx) return ctx->cert->key->privatekey; } +LSSL_ALIAS(SSL_CTX_get0_privatekey); int SSL_want(const SSL *s) { return (s->rwstate); } +LSSL_ALIAS(SSL_want); void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, @@ -3295,6 +3463,7 @@ SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); } +LSSL_ALIAS(SSL_CTX_set_tmp_rsa_callback); void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, @@ -3302,6 +3471,7 @@ SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, { SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); } +LSSL_ALIAS(SSL_set_tmp_rsa_callback); void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, @@ -3309,6 +3479,7 @@ SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, { SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); } +LSSL_ALIAS(SSL_CTX_set_tmp_dh_callback); void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, @@ -3316,6 +3487,7 @@ SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, { SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); } +LSSL_ALIAS(SSL_set_tmp_dh_callback); void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, @@ -3324,6 +3496,7 @@ SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh); } +LSSL_ALIAS(SSL_CTX_set_tmp_ecdh_callback); void SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, @@ -3331,6 +3504,7 @@ SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, { SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); } +LSSL_ALIAS(SSL_set_tmp_ecdh_callback); void @@ -3340,6 +3514,7 @@ SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } +LSSL_ALIAS(SSL_CTX_set_msg_callback); void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, @@ -3347,24 +3522,28 @@ SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, { SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); } +LSSL_ALIAS(SSL_set_msg_callback); void SSL_set_debug(SSL *s, int debug) { s->debug = debug; } +LSSL_ALIAS(SSL_set_debug); int SSL_cache_hit(SSL *s) { return (s->hit); } +LSSL_ALIAS(SSL_cache_hit); int SSL_CTX_get_min_proto_version(SSL_CTX *ctx) { return ctx->min_proto_version; } +LSSL_ALIAS(SSL_CTX_get_min_proto_version); int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) @@ -3373,12 +3552,14 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) ctx->max_tls_version, &ctx->min_tls_version, &ctx->min_proto_version); } +LSSL_ALIAS(SSL_CTX_set_min_proto_version); int SSL_CTX_get_max_proto_version(SSL_CTX *ctx) { return ctx->max_proto_version; } +LSSL_ALIAS(SSL_CTX_get_max_proto_version); int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) @@ -3387,12 +3568,14 @@ SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) ctx->min_tls_version, &ctx->max_tls_version, &ctx->max_proto_version); } +LSSL_ALIAS(SSL_CTX_set_max_proto_version); int SSL_get_min_proto_version(SSL *ssl) { return ssl->min_proto_version; } +LSSL_ALIAS(SSL_get_min_proto_version); int SSL_set_min_proto_version(SSL *ssl, uint16_t version) @@ -3401,11 +3584,13 @@ SSL_set_min_proto_version(SSL *ssl, uint16_t version) ssl->max_tls_version, &ssl->min_tls_version, &ssl->min_proto_version); } +LSSL_ALIAS(SSL_set_min_proto_version); int SSL_get_max_proto_version(SSL *ssl) { return ssl->max_proto_version; } +LSSL_ALIAS(SSL_get_max_proto_version); int SSL_set_max_proto_version(SSL *ssl, uint16_t version) @@ -3414,42 +3599,49 @@ SSL_set_max_proto_version(SSL *ssl, uint16_t version) ssl->min_tls_version, &ssl->max_tls_version, &ssl->max_proto_version); } +LSSL_ALIAS(SSL_set_max_proto_version); const SSL_METHOD * SSL_CTX_get_ssl_method(const SSL_CTX *ctx) { return ctx->method; } +LSSL_ALIAS(SSL_CTX_get_ssl_method); int SSL_CTX_get_security_level(const SSL_CTX *ctx) { return ctx->cert->security_level; } +LSSL_ALIAS(SSL_CTX_get_security_level); void SSL_CTX_set_security_level(SSL_CTX *ctx, int level) { ctx->cert->security_level = level; } +LSSL_ALIAS(SSL_CTX_set_security_level); int SSL_get_security_level(const SSL *ssl) { return ssl->cert->security_level; } +LSSL_ALIAS(SSL_get_security_level); void SSL_set_security_level(SSL *ssl, int level) { ssl->cert->security_level = level; } +LSSL_ALIAS(SSL_set_security_level); int SSL_is_quic(const SSL *ssl) { return ssl->quic_method != NULL; } +LSSL_ALIAS(SSL_is_quic); int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, @@ -3468,6 +3660,7 @@ SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, return 1; } +LSSL_ALIAS(SSL_set_quic_transport_params); void SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, @@ -3476,12 +3669,14 @@ SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, *out_params = ssl->s3->peer_quic_transport_params; *out_params_len = ssl->s3->peer_quic_transport_params_len; } +LSSL_ALIAS(SSL_get_peer_quic_transport_params); void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) { /* Not supported. */ } +LSSL_ALIAS(SSL_set_quic_use_legacy_codepoint); static int ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index 8e89ef632e2..ca80da62fda 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.30 2023/07/06 07:56:32 beck Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.31 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -191,54 +191,63 @@ DTLSv1_client_method(void) { return &DTLSv1_client_method_data; } +LSSL_ALIAS(DTLSv1_client_method); const SSL_METHOD * DTLSv1_method(void) { return &DTLSv1_method_data; } +LSSL_ALIAS(DTLSv1_method); const SSL_METHOD * DTLSv1_server_method(void) { return &DTLSv1_method_data; } +LSSL_ALIAS(DTLSv1_server_method); const SSL_METHOD * DTLSv1_2_client_method(void) { return &DTLSv1_2_client_method_data; } +LSSL_ALIAS(DTLSv1_2_client_method); const SSL_METHOD * DTLSv1_2_method(void) { return &DTLSv1_2_method_data; } +LSSL_ALIAS(DTLSv1_2_method); const SSL_METHOD * DTLSv1_2_server_method(void) { return &DTLSv1_2_method_data; } +LSSL_ALIAS(DTLSv1_2_server_method); const SSL_METHOD * DTLS_client_method(void) { return &DTLS_client_method_data; } +LSSL_ALIAS(DTLS_client_method); const SSL_METHOD * DTLS_method(void) { return &DTLS_method_data; } +LSSL_ALIAS(DTLS_method); const SSL_METHOD * DTLS_server_method(void) { return &DTLS_method_data; } +LSSL_ALIAS(DTLS_server_method); static const SSL_METHOD TLS_method_data = { .dtls = 0, @@ -434,18 +443,21 @@ TLS_client_method(void) { return (&TLS_client_method_data); } +LSSL_ALIAS(TLS_client_method); const SSL_METHOD * TLS_method(void) { return (&TLS_method_data); } +LSSL_ALIAS(TLS_method); const SSL_METHOD * TLS_server_method(void) { return TLS_method(); } +LSSL_ALIAS(TLS_server_method); const SSL_METHOD * tls_legacy_method(void) @@ -458,72 +470,84 @@ SSLv23_client_method(void) { return TLS_client_method(); } +LSSL_ALIAS(SSLv23_client_method); const SSL_METHOD * SSLv23_method(void) { return TLS_method(); } +LSSL_ALIAS(SSLv23_method); const SSL_METHOD * SSLv23_server_method(void) { return TLS_method(); } +LSSL_ALIAS(SSLv23_server_method); const SSL_METHOD * TLSv1_client_method(void) { return (&TLSv1_client_method_data); } +LSSL_ALIAS(TLSv1_client_method); const SSL_METHOD * TLSv1_method(void) { return (&TLSv1_method_data); } +LSSL_ALIAS(TLSv1_method); const SSL_METHOD * TLSv1_server_method(void) { return (&TLSv1_method_data); } +LSSL_ALIAS(TLSv1_server_method); const SSL_METHOD * TLSv1_1_client_method(void) { return (&TLSv1_1_client_method_data); } +LSSL_ALIAS(TLSv1_1_client_method); const SSL_METHOD * TLSv1_1_method(void) { return (&TLSv1_1_method_data); } +LSSL_ALIAS(TLSv1_1_method); const SSL_METHOD * TLSv1_1_server_method(void) { return (&TLSv1_1_method_data); } +LSSL_ALIAS(TLSv1_1_server_method); const SSL_METHOD * TLSv1_2_client_method(void) { return (&TLSv1_2_client_method_data); } +LSSL_ALIAS(TLSv1_2_client_method); const SSL_METHOD * TLSv1_2_method(void) { return (&TLSv1_2_method_data); } +LSSL_ALIAS(TLSv1_2_method); const SSL_METHOD * TLSv1_2_server_method(void) { return (&TLSv1_2_method_data); } +LSSL_ALIAS(TLSv1_2_server_method); const SSL_METHOD * ssl_get_method(uint16_t version) diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c index f84315ba3e1..68137bc5fb5 100644 --- a/lib/libssl/ssl_rsa.c +++ b/lib/libssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.49 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.50 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -83,6 +83,7 @@ SSL_use_certificate(SSL *ssl, X509 *x) } return ssl_set_cert(NULL, ssl, x); } +LSSL_ALIAS(SSL_use_certificate); int SSL_use_certificate_file(SSL *ssl, const char *file, int type) @@ -126,6 +127,7 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) BIO_free(in); return (ret); } +LSSL_ALIAS(SSL_use_certificate_file); int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) @@ -143,6 +145,7 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) X509_free(x); return (ret); } +LSSL_ALIAS(SSL_use_certificate_ASN1); int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) @@ -166,6 +169,7 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) EVP_PKEY_free(pkey); return (ret); } +LSSL_ALIAS(SSL_use_RSAPrivateKey); static int ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey) @@ -259,6 +263,7 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) BIO_free(in); return (ret); } +LSSL_ALIAS(SSL_use_RSAPrivateKey_file); int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) @@ -275,6 +280,7 @@ SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) RSA_free(rsa); return (ret); } +LSSL_ALIAS(SSL_use_RSAPrivateKey_ASN1); int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) @@ -288,6 +294,7 @@ SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) ret = ssl_set_pkey(NULL, ssl, pkey); return (ret); } +LSSL_ALIAS(SSL_use_PrivateKey); int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) @@ -328,6 +335,7 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) BIO_free(in); return (ret); } +LSSL_ALIAS(SSL_use_PrivateKey_file); int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) @@ -344,6 +352,7 @@ SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) EVP_PKEY_free(pkey); return (ret); } +LSSL_ALIAS(SSL_use_PrivateKey_ASN1); int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) @@ -354,6 +363,7 @@ SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) } return ssl_set_cert(ctx, NULL, x); } +LSSL_ALIAS(SSL_CTX_use_certificate); static int ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl, @@ -475,6 +485,7 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) BIO_free(in); return (ret); } +LSSL_ALIAS(SSL_CTX_use_certificate_file); int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) @@ -492,6 +503,7 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) X509_free(x); return (ret); } +LSSL_ALIAS(SSL_CTX_use_certificate_ASN1); int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) @@ -515,6 +527,7 @@ SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) EVP_PKEY_free(pkey); return (ret); } +LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey); int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) @@ -555,6 +568,7 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) BIO_free(in); return (ret); } +LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey_file); int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) @@ -571,6 +585,7 @@ SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) RSA_free(rsa); return (ret); } +LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey_ASN1); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) @@ -581,6 +596,7 @@ SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) } return ssl_set_pkey(ctx, NULL, pkey); } +LSSL_ALIAS(SSL_CTX_use_PrivateKey); int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) @@ -621,6 +637,7 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) BIO_free(in); return (ret); } +LSSL_ALIAS(SSL_CTX_use_PrivateKey_file); int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, @@ -638,6 +655,7 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, EVP_PKEY_free(pkey); return (ret); } +LSSL_ALIAS(SSL_CTX_use_PrivateKey_ASN1); /* @@ -721,12 +739,14 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) { return ssl_use_certificate_chain_file(ctx, NULL, file); } +LSSL_ALIAS(SSL_CTX_use_certificate_chain_file); int SSL_use_certificate_chain_file(SSL *ssl, const char *file) { return ssl_use_certificate_chain_file(NULL, ssl, file); } +LSSL_ALIAS(SSL_use_certificate_chain_file); int SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) @@ -746,3 +766,4 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) BIO_free(in); return (ret); } +LSSL_ALIAS(SSL_CTX_use_certificate_chain_mem); diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 5847a43dcd7..aa6b08eae65 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.121 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.122 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -154,6 +154,7 @@ SSL_get_session(const SSL *ssl) { return (ssl->session); } +LSSL_ALIAS(SSL_get_session); /* variant of SSL_get_session: caller really gets something */ SSL_SESSION * @@ -174,6 +175,7 @@ SSL_get1_session(SSL *ssl) return (sess); } +LSSL_ALIAS(SSL_get1_session); int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -182,30 +184,35 @@ SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, new_func, dup_func, free_func); } +LSSL_ALIAS(SSL_SESSION_get_ex_new_index); int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) { return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); } +LSSL_ALIAS(SSL_SESSION_set_ex_data); void * SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) { return (CRYPTO_get_ex_data(&s->ex_data, idx)); } +LSSL_ALIAS(SSL_SESSION_get_ex_data); uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s) { return 0; } +LSSL_ALIAS(SSL_SESSION_get_max_early_data); int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) { return 1; } +LSSL_ALIAS(SSL_SESSION_set_max_early_data); SSL_SESSION * SSL_SESSION_new(void) @@ -241,6 +248,7 @@ SSL_SESSION_new(void) return (ss); } +LSSL_ALIAS(SSL_SESSION_new); SSL_SESSION * ssl_session_dup(SSL_SESSION *sess, int include_ticket) @@ -354,6 +362,7 @@ SSL_SESSION_get_id(const SSL_SESSION *ss, unsigned int *len) *len = (unsigned int)ss->session_id_length; return ss->session_id; } +LSSL_ALIAS(SSL_SESSION_get_id); const unsigned char * SSL_SESSION_get0_id_context(const SSL_SESSION *ss, unsigned int *len) @@ -362,24 +371,28 @@ SSL_SESSION_get0_id_context(const SSL_SESSION *ss, unsigned int *len) *len = (unsigned int)ss->sid_ctx_length; return ss->sid_ctx; } +LSSL_ALIAS(SSL_SESSION_get0_id_context); unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *ss) { return 0; } +LSSL_ALIAS(SSL_SESSION_get_compress_id); unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) { return s->tlsext_tick_lifetime_hint; } +LSSL_ALIAS(SSL_SESSION_get_ticket_lifetime_hint); int SSL_SESSION_has_ticket(const SSL_SESSION *s) { return (s->tlsext_ticklen > 0) ? 1 : 0; } +LSSL_ALIAS(SSL_SESSION_has_ticket); /* * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling @@ -815,12 +828,14 @@ SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); return (ret); } +LSSL_ALIAS(SSL_CTX_add_session); int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) { return remove_session_lock(ctx, c, 1); } +LSSL_ALIAS(SSL_CTX_remove_session); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) @@ -881,6 +896,7 @@ SSL_SESSION_free(SSL_SESSION *ss) freezero(ss, sizeof(*ss)); } +LSSL_ALIAS(SSL_SESSION_free); int SSL_SESSION_up_ref(SSL_SESSION *ss) @@ -888,6 +904,7 @@ SSL_SESSION_up_ref(SSL_SESSION *ss) int refs = CRYPTO_add(&ss->references, 1, CRYPTO_LOCK_SSL_SESSION); return (refs > 1) ? 1 : 0; } +LSSL_ALIAS(SSL_SESSION_up_ref); int SSL_set_session(SSL *s, SSL_SESSION *session) @@ -916,6 +933,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session) return (1); } +LSSL_ALIAS(SSL_set_session); size_t SSL_SESSION_get_master_key(const SSL_SESSION *ss, unsigned char *out, @@ -933,6 +951,7 @@ SSL_SESSION_get_master_key(const SSL_SESSION *ss, unsigned char *out, return len; } +LSSL_ALIAS(SSL_SESSION_get_master_key); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) @@ -942,6 +961,7 @@ SSL_SESSION_set_timeout(SSL_SESSION *s, long t) s->timeout = t; return (1); } +LSSL_ALIAS(SSL_SESSION_set_timeout); long SSL_SESSION_get_timeout(const SSL_SESSION *s) @@ -950,6 +970,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s) return (0); return (s->timeout); } +LSSL_ALIAS(SSL_SESSION_get_timeout); /* XXX 2038 */ long @@ -959,6 +980,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s) return (0); return (s->time); } +LSSL_ALIAS(SSL_SESSION_get_time); /* XXX 2038 */ long @@ -969,24 +991,28 @@ SSL_SESSION_set_time(SSL_SESSION *s, long t) s->time = t; return (t); } +LSSL_ALIAS(SSL_SESSION_set_time); int SSL_SESSION_get_protocol_version(const SSL_SESSION *s) { return s->ssl_version; } +LSSL_ALIAS(SSL_SESSION_get_protocol_version); const SSL_CIPHER * SSL_SESSION_get0_cipher(const SSL_SESSION *s) { return s->cipher; } +LSSL_ALIAS(SSL_SESSION_get0_cipher); X509 * SSL_SESSION_get0_peer(SSL_SESSION *s) { return s->peer_cert; } +LSSL_ALIAS(SSL_SESSION_get0_peer); int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, @@ -1000,6 +1026,7 @@ SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, memmove(s->session_id, sid, sid_len); return 1; } +LSSL_ALIAS(SSL_SESSION_set1_id); int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, @@ -1014,12 +1041,14 @@ SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, return 1; } +LSSL_ALIAS(SSL_SESSION_set1_id_context); int SSL_SESSION_is_resumable(const SSL_SESSION *s) { return 0; } +LSSL_ALIAS(SSL_SESSION_is_resumable); long SSL_CTX_set_timeout(SSL_CTX *s, long t) @@ -1033,6 +1062,7 @@ SSL_CTX_set_timeout(SSL_CTX *s, long t) return (l); } +LSSL_ALIAS(SSL_CTX_set_timeout); long SSL_CTX_get_timeout(const SSL_CTX *s) @@ -1041,6 +1071,7 @@ SSL_CTX_get_timeout(const SSL_CTX *s) return (0); return (s->session_timeout); } +LSSL_ALIAS(SSL_CTX_get_timeout); int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, @@ -1053,6 +1084,7 @@ SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, s->tls_session_secret_cb_arg = arg; return (1); } +LSSL_ALIAS(SSL_set_session_secret_cb); int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, @@ -1064,6 +1096,7 @@ SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, s->tls_session_ticket_ext_cb_arg = arg; return (1); } +LSSL_ALIAS(SSL_set_session_ticket_ext_cb); int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) @@ -1093,6 +1126,7 @@ SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) return 0; } +LSSL_ALIAS(SSL_set_session_ticket_ext); typedef struct timeout_param_st { SSL_CTX *ctx; @@ -1145,6 +1179,7 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t) CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } +LSSL_ALIAS(SSL_CTX_flush_sessions); int ssl_clear_bad_session(SSL *s) @@ -1214,12 +1249,14 @@ SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { ctx->new_session_cb = cb; } +LSSL_ALIAS(SSL_CTX_sess_set_new_cb); int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) { return ctx->new_session_cb; } +LSSL_ALIAS(SSL_CTX_sess_get_new_cb); void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, @@ -1227,12 +1264,14 @@ SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, { ctx->remove_session_cb = cb; } +LSSL_ALIAS(SSL_CTX_sess_set_remove_cb); void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) { return ctx->remove_session_cb; } +LSSL_ALIAS(SSL_CTX_sess_get_remove_cb); void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl, @@ -1240,6 +1279,7 @@ SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl, { ctx->get_session_cb = cb; } +LSSL_ALIAS(SSL_CTX_sess_set_get_cb); SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char *data, @@ -1247,6 +1287,7 @@ SSL_SESSION * { return ctx->get_session_cb; } +LSSL_ALIAS(SSL_CTX_sess_get_get_cb); void SSL_CTX_set_info_callback(SSL_CTX *ctx, @@ -1254,12 +1295,14 @@ SSL_CTX_set_info_callback(SSL_CTX *ctx, { ctx->info_callback = cb; } +LSSL_ALIAS(SSL_CTX_set_info_callback); void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) { return ctx->info_callback; } +LSSL_ALIAS(SSL_CTX_get_info_callback); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, @@ -1267,6 +1310,7 @@ SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, { ctx->client_cert_cb = cb; } +LSSL_ALIAS(SSL_CTX_set_client_cert_cb); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509, @@ -1274,6 +1318,7 @@ int { return ctx->client_cert_cb; } +LSSL_ALIAS(SSL_CTX_get_client_cert_cb); #ifndef OPENSSL_NO_ENGINE int @@ -1291,6 +1336,7 @@ SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) ctx->client_cert_engine = e; return 1; } +LSSL_ALIAS(SSL_CTX_set_client_cert_engine); #endif void @@ -1299,6 +1345,7 @@ SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, { ctx->app_gen_cookie_cb = cb; } +LSSL_ALIAS(SSL_CTX_set_cookie_generate_cb); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, @@ -1306,6 +1353,7 @@ SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, { ctx->app_verify_cookie_cb = cb; } +LSSL_ALIAS(SSL_CTX_set_cookie_verify_cb); int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x) @@ -1313,6 +1361,7 @@ PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x) return PEM_ASN1_write((i2d_of_void *)i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, fp, x, NULL, NULL, 0, NULL, NULL); } +LSSL_ALIAS(PEM_write_SSL_SESSION); SSL_SESSION * PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, pem_password_cb *cb, void *u) @@ -1320,6 +1369,7 @@ PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, pem_password_cb *cb, void *u) return PEM_ASN1_read((d2i_of_void *)d2i_SSL_SESSION, PEM_STRING_SSL_SESSION, fp, (void **)x, cb, u); } +LSSL_ALIAS(PEM_read_SSL_SESSION); SSL_SESSION * PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x, pem_password_cb *cb, void *u) @@ -1327,6 +1377,7 @@ PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x, pem_password_cb *cb, void *u) return PEM_ASN1_read_bio((d2i_of_void *)d2i_SSL_SESSION, PEM_STRING_SSL_SESSION, bp, (void **)x, cb, u); } +LSSL_ALIAS(PEM_read_bio_SSL_SESSION); int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x) @@ -1334,3 +1385,4 @@ PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x) return PEM_ASN1_write_bio((i2d_of_void *)i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, bp, x, NULL, NULL, 0, NULL, NULL); } +LSSL_ALIAS(PEM_write_bio_SSL_SESSION); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 8edbf77156e..a518e1ac919 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.155 2023/06/11 19:01:01 tb Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.156 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1832,8 +1832,10 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) CBS gostblob; /* Get our certificate private key*/ +#ifndef OPENSSL_NO_GOST if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0) pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; +#endif if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) goto err; @@ -2047,6 +2049,7 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } +#ifndef OPENSSL_NO_GOST if (sigalg->key_type == EVP_PKEY_GOSTR01 && EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, @@ -2054,6 +2057,7 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } +#endif if (EVP_DigestVerify(mctx, CBS_data(&signature), CBS_len(&signature), hdata, hdatalen) <= 0) { SSLerror(s, ERR_R_EVP_LIB); diff --git a/lib/libssl/ssl_stat.c b/lib/libssl/ssl_stat.c index b423033e43d..803b83bb9f7 100644 --- a/lib/libssl/ssl_stat.c +++ b/lib/libssl/ssl_stat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_stat.c,v 1.20 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: ssl_stat.c,v 1.21 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -319,6 +319,7 @@ SSL_state_string_long(const SSL *s) } return (str); } +LSSL_ALIAS(SSL_state_string_long); const char * SSL_rstate_string_long(const SSL *s) @@ -341,6 +342,7 @@ SSL_rstate_string_long(const SSL *s) } return (str); } +LSSL_ALIAS(SSL_rstate_string_long); const char * SSL_state_string(const SSL *s) @@ -547,6 +549,7 @@ SSL_state_string(const SSL *s) } return (str); } +LSSL_ALIAS(SSL_state_string); const char * SSL_alert_type_string_long(int value) @@ -559,6 +562,7 @@ SSL_alert_type_string_long(int value) else return ("unknown"); } +LSSL_ALIAS(SSL_alert_type_string_long); const char * SSL_alert_type_string(int value) @@ -571,6 +575,7 @@ SSL_alert_type_string(int value) else return ("U"); } +LSSL_ALIAS(SSL_alert_type_string); const char * SSL_alert_desc_string(int value) @@ -668,6 +673,7 @@ SSL_alert_desc_string(int value) } return (str); } +LSSL_ALIAS(SSL_alert_desc_string); const char * SSL_alert_desc_string_long(int value) @@ -765,6 +771,7 @@ SSL_alert_desc_string_long(int value) } return (str); } +LSSL_ALIAS(SSL_alert_desc_string_long); const char * SSL_rstate_string(const SSL *s) @@ -787,3 +794,4 @@ SSL_rstate_string(const SSL *s) } return (str); } +LSSL_ALIAS(SSL_rstate_string); diff --git a/lib/libssl/ssl_txt.c b/lib/libssl/ssl_txt.c index 270e60a3891..ee3d218d68a 100644 --- a/lib/libssl/ssl_txt.c +++ b/lib/libssl/ssl_txt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_txt.c,v 1.36 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: ssl_txt.c,v 1.37 2023/07/08 16:40:13 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -103,6 +103,7 @@ SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) BIO_free(b); return ret; } +LSSL_ALIAS(SSL_SESSION_print_fp); int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) @@ -197,3 +198,4 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) err: return ret; } +LSSL_ALIAS(SSL_SESSION_print); diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c index 59f5d324522..e0601363f6b 100644 --- a/lib/libssl/tls12_record_layer.c +++ b/lib/libssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.38 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.39 2023/07/08 16:40:13 beck Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -485,6 +485,8 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key)) goto err; +#ifndef OPENSSL_NO_GOST + /* XXX die die die /* Special handling for GOST... */ if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) { if (CBS_len(mac_key) != 32) @@ -492,11 +494,14 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, mac_type = EVP_PKEY_GOSTIMIT; rp->stream_mac = 1; } else { +#endif if (CBS_len(mac_key) > INT_MAX) goto err; if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key)) goto err; +#ifndef OPENSSL_NO_GOST } +#endif if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) goto err; -- 2.20.1