OpenVPN
openssl_compat.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
34 #ifndef OPENSSL_COMPAT_H_
35 #define OPENSSL_COMPAT_H_
36 
37 #ifdef HAVE_CONFIG_H
38 #include "config.h"
39 #elif defined(_MSC_VER)
40 #include "config-msvc.h"
41 #endif
42 
43 #include "buffer.h"
44 
45 #include <openssl/rsa.h>
46 #include <openssl/ssl.h>
47 #include <openssl/x509.h>
48 
49 #if !defined(HAVE_EVP_MD_CTX_RESET)
50 
56 static inline int
57 EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
58 {
59  EVP_MD_CTX_cleanup(ctx);
60  return 1;
61 }
62 #endif
63 
64 #if !defined(HAVE_EVP_MD_CTX_FREE)
65 
70 static inline void
71 EVP_MD_CTX_free(EVP_MD_CTX *ctx)
72 {
73  free(ctx);
74 }
75 #endif
76 
77 #if !defined(HAVE_EVP_MD_CTX_NEW)
78 
83 static inline EVP_MD_CTX *
85 {
86  EVP_MD_CTX *ctx = NULL;
87  ALLOC_OBJ_CLEAR(ctx, EVP_MD_CTX);
88  return ctx;
89 }
90 #endif
91 
92 #if !defined(HAVE_EVP_CIPHER_CTX_RESET)
93 #define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_init
94 #endif
95 
96 #if !defined(HAVE_X509_GET0_NOTBEFORE)
97 #define X509_get0_notBefore X509_get_notBefore
98 #endif
99 
100 #if !defined(HAVE_X509_GET0_NOTAFTER)
101 #define X509_get0_notAfter X509_get_notAfter
102 #endif
103 
104 #if !defined(HAVE_HMAC_CTX_RESET)
105 
120 static inline int
121 HMAC_CTX_reset(HMAC_CTX *ctx)
122 {
123  HMAC_CTX_cleanup(ctx);
124  HMAC_CTX_init(ctx);
125  return 1;
126 }
127 #endif
128 
129 #if !defined(HAVE_HMAC_CTX_FREE)
130 
135 static inline void
136 HMAC_CTX_free(HMAC_CTX *ctx)
137 {
138  HMAC_CTX_cleanup(ctx);
139  free(ctx);
140 }
141 #endif
142 
143 #if !defined(HAVE_HMAC_CTX_NEW)
144 
149 static inline HMAC_CTX *
151 {
152  HMAC_CTX *ctx = NULL;
153  ALLOC_OBJ_CLEAR(ctx, HMAC_CTX);
154  return ctx;
155 }
156 #endif
157 
158 #if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA)
159 
165 static inline void *
167 {
168  return ctx ? ctx->default_passwd_callback_userdata : NULL;
169 }
170 #endif
171 
172 #if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB)
173 
179 static inline pem_password_cb *
181 {
182  return ctx ? ctx->default_passwd_callback : NULL;
183 }
184 #endif
185 
186 /* This function is implemented as macro, so the configure check for the
187  * function may fail, so we check for both variants here */
188 #if !defined(HAVE_SSL_CTX_SET1_GROUPS) && !defined(SSL_CTX_set1_groups)
189 #define SSL_CTX_set1_groups SSL_CTX_set1_curves
190 #endif
191 
192 #if !defined(HAVE_X509_GET0_PUBKEY)
193 
199 static inline EVP_PKEY *
200 X509_get0_pubkey(const X509 *x)
201 {
202  return (x && x->cert_info && x->cert_info->key) ?
203  x->cert_info->key->pkey : NULL;
204 }
205 #endif
206 
207 #if !defined(HAVE_X509_STORE_GET0_OBJECTS)
208 
214 static inline STACK_OF(X509_OBJECT)
215 *X509_STORE_get0_objects(X509_STORE *store)
216 {
217  return store ? store->objs : NULL;
218 }
219 #endif
220 
221 #if !defined(HAVE_X509_OBJECT_FREE)
222 
227 static inline void
228 X509_OBJECT_free(X509_OBJECT *obj)
229 {
230  if (obj)
231  {
232  X509_OBJECT_free_contents(obj);
233  OPENSSL_free(obj);
234  }
235 }
236 #endif
237 
238 #if !defined(HAVE_X509_OBJECT_GET_TYPE)
239 
245 static inline int
246 X509_OBJECT_get_type(const X509_OBJECT *obj)
247 {
248  return obj ? obj->type : X509_LU_FAIL;
249 }
250 #endif
251 
252 #if !defined(HAVE_EVP_PKEY_GET0_RSA)
253 
259 static inline RSA *
260 EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
261 {
262  return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL;
263 }
264 #endif
265 
266 #if !defined(HAVE_EVP_PKEY_GET0_EC_KEY) && !defined(OPENSSL_NO_EC)
267 
273 static inline EC_KEY *
274 EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
275 {
276  return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL;
277 }
278 #endif
279 
280 #if !defined(HAVE_EVP_PKEY_GET0_DSA)
281 
287 static inline DSA *
288 EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
289 {
290  return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL;
291 }
292 #endif
293 
294 #if !defined(HAVE_RSA_SET_FLAGS)
295 
301 static inline void
302 RSA_set_flags(RSA *rsa, int flags)
303 {
304  if (rsa)
305  {
306  rsa->flags = flags;
307  }
308 }
309 #endif
310 
311 #if !defined(HAVE_RSA_GET0_KEY)
312 
320 static inline void
321 RSA_get0_key(const RSA *rsa, const BIGNUM **n,
322  const BIGNUM **e, const BIGNUM **d)
323 {
324  if (n != NULL)
325  {
326  *n = rsa ? rsa->n : NULL;
327  }
328  if (e != NULL)
329  {
330  *e = rsa ? rsa->e : NULL;
331  }
332  if (d != NULL)
333  {
334  *d = rsa ? rsa->d : NULL;
335  }
336 }
337 #endif
338 
339 #if !defined(HAVE_RSA_SET0_KEY)
340 
349 static inline int
350 RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
351 {
352  if ((rsa->n == NULL && n == NULL)
353  || (rsa->e == NULL && e == NULL))
354  {
355  return 0;
356  }
357 
358  if (n != NULL)
359  {
360  BN_free(rsa->n);
361  rsa->n = n;
362  }
363  if (e != NULL)
364  {
365  BN_free(rsa->e);
366  rsa->e = e;
367  }
368  if (d != NULL)
369  {
370  BN_free(rsa->d);
371  rsa->d = d;
372  }
373 
374  return 1;
375 }
376 #endif /* if !defined(HAVE_RSA_SET0_KEY) */
377 
378 #if !defined(HAVE_RSA_BITS)
379 
385 static inline int
386 RSA_bits(const RSA *rsa)
387 {
388  const BIGNUM *n = NULL;
389  RSA_get0_key(rsa, &n, NULL, NULL);
390  return n ? BN_num_bits(n) : 0;
391 }
392 #endif
393 
394 #if !defined(HAVE_DSA_GET0_PQG)
395 
403 static inline void
404 DSA_get0_pqg(const DSA *dsa, const BIGNUM **p,
405  const BIGNUM **q, const BIGNUM **g)
406 {
407  if (p != NULL)
408  {
409  *p = dsa ? dsa->p : NULL;
410  }
411  if (q != NULL)
412  {
413  *q = dsa ? dsa->q : NULL;
414  }
415  if (g != NULL)
416  {
417  *g = dsa ? dsa->g : NULL;
418  }
419 }
420 #endif
421 
422 #if !defined(HAVE_DSA_BITS)
423 
429 static inline int
430 DSA_bits(const DSA *dsa)
431 {
432  const BIGNUM *p = NULL;
433  DSA_get0_pqg(dsa, &p, NULL, NULL);
434  return p ? BN_num_bits(p) : 0;
435 }
436 #endif
437 
438 #if !defined(HAVE_RSA_METH_NEW)
439 
446 static inline RSA_METHOD *
447 RSA_meth_new(const char *name, int flags)
448 {
449  RSA_METHOD *rsa_meth = NULL;
450  ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
451  rsa_meth->name = string_alloc(name, NULL);
452  rsa_meth->flags = flags;
453  return rsa_meth;
454 }
455 #endif
456 
457 #if !defined(HAVE_RSA_METH_FREE)
458 
463 static inline void
464 RSA_meth_free(RSA_METHOD *meth)
465 {
466  if (meth)
467  {
468  /* OpenSSL defines meth->name to be a const pointer, yet we
469  * feed it with an allocated string (from RSA_meth_new()).
470  * Thus we are allowed to free it here. In order to avoid a
471  * "passing 'const char *' to parameter of type 'void *' discards
472  * qualifiers" warning, we force the pointer to be a non-const value.
473  */
474  free((char *)meth->name);
475  free(meth);
476  }
477 }
478 #endif
479 
480 #if !defined(HAVE_RSA_METH_SET_PUB_ENC)
481 
488 static inline int
489 RSA_meth_set_pub_enc(RSA_METHOD *meth,
490  int (*pub_enc)(int flen, const unsigned char *from,
491  unsigned char *to, RSA *rsa,
492  int padding))
493 {
494  if (meth)
495  {
496  meth->rsa_pub_enc = pub_enc;
497  return 1;
498  }
499  return 0;
500 }
501 #endif
502 
503 #if !defined(HAVE_RSA_METH_SET_PUB_DEC)
504 
511 static inline int
512 RSA_meth_set_pub_dec(RSA_METHOD *meth,
513  int (*pub_dec)(int flen, const unsigned char *from,
514  unsigned char *to, RSA *rsa,
515  int padding))
516 {
517  if (meth)
518  {
519  meth->rsa_pub_dec = pub_dec;
520  return 1;
521  }
522  return 0;
523 }
524 #endif
525 
526 #if !defined(HAVE_RSA_METH_SET_PRIV_ENC)
527 
534 static inline int
535 RSA_meth_set_priv_enc(RSA_METHOD *meth,
536  int (*priv_enc)(int flen, const unsigned char *from,
537  unsigned char *to, RSA *rsa,
538  int padding))
539 {
540  if (meth)
541  {
542  meth->rsa_priv_enc = priv_enc;
543  return 1;
544  }
545  return 0;
546 }
547 #endif
548 
549 #if !defined(HAVE_RSA_METH_SET_PRIV_DEC)
550 
557 static inline int
558 RSA_meth_set_priv_dec(RSA_METHOD *meth,
559  int (*priv_dec)(int flen, const unsigned char *from,
560  unsigned char *to, RSA *rsa,
561  int padding))
562 {
563  if (meth)
564  {
565  meth->rsa_priv_dec = priv_dec;
566  return 1;
567  }
568  return 0;
569 }
570 #endif
571 
572 #if !defined(HAVE_RSA_METH_SET_INIT)
573 
580 static inline int
581 RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa))
582 {
583  if (meth)
584  {
585  meth->init = init;
586  return 1;
587  }
588  return 0;
589 }
590 #endif
591 
592 #if !defined (HAVE_RSA_METH_SET_SIGN)
593 
600 static inline
601 int
602 RSA_meth_set_sign(RSA_METHOD *meth,
603  int (*sign)(int type, const unsigned char *m,
604  unsigned int m_length,
605  unsigned char *sigret, unsigned int *siglen,
606  const RSA *rsa))
607 {
608  meth->rsa_sign = sign;
609  return 1;
610 }
611 #endif
612 
613 #if !defined(HAVE_RSA_METH_SET_FINISH)
614 
621 static inline int
622 RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
623 {
624  if (meth)
625  {
626  meth->finish = finish;
627  return 1;
628  }
629  return 0;
630 }
631 #endif
632 
633 #if !defined(HAVE_RSA_METH_SET0_APP_DATA)
634 
641 static inline int
642 RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
643 {
644  if (meth)
645  {
646  meth->app_data = app_data;
647  return 1;
648  }
649  return 0;
650 }
651 #endif
652 
653 #if !defined(HAVE_RSA_METH_GET0_APP_DATA)
654 
660 static inline void *
661 RSA_meth_get0_app_data(const RSA_METHOD *meth)
662 {
663  return meth ? meth->app_data : NULL;
664 }
665 #endif
666 
667 #if !defined(HAVE_EC_GROUP_ORDER_BITS) && !defined(OPENSSL_NO_EC)
668 
674 static inline int
675 EC_GROUP_order_bits(const EC_GROUP *group)
676 {
677  BIGNUM *order = BN_new();
678  EC_GROUP_get_order(group, order, NULL);
679  int bits = BN_num_bits(order);
680  BN_free(order);
681  return bits;
682 }
683 #endif
684 
685 /* SSLeay symbols have been renamed in OpenSSL 1.1 */
686 #ifndef OPENSSL_VERSION
687 #define OPENSSL_VERSION SSLEAY_VERSION
688 #endif
689 
690 #ifndef HAVE_OPENSSL_VERSION
691 #define OpenSSL_version SSLeay_version
692 #endif
693 
694 #if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT)
695 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
696 #endif
697 
698 #ifndef SSL_CTX_get_min_proto_version
699 
701 static inline int
703 {
704  long sslopt = SSL_CTX_get_options(ctx);
705  if (!(sslopt & SSL_OP_NO_TLSv1))
706  {
707  return TLS1_VERSION;
708  }
709  if (!(sslopt & SSL_OP_NO_TLSv1_1))
710  {
711  return TLS1_1_VERSION;
712  }
713  if (!(sslopt & SSL_OP_NO_TLSv1_2))
714  {
715  return TLS1_2_VERSION;
716  }
717  return 0;
718 }
719 #endif /* SSL_CTX_get_min_proto_version */
720 
721 #ifndef SSL_CTX_get_max_proto_version
722 
724 static inline int
726 {
727  long sslopt = SSL_CTX_get_options(ctx);
728  if (!(sslopt & SSL_OP_NO_TLSv1_2))
729  {
730  return TLS1_2_VERSION;
731  }
732  if (!(sslopt & SSL_OP_NO_TLSv1_1))
733  {
734  return TLS1_1_VERSION;
735  }
736  if (!(sslopt & SSL_OP_NO_TLSv1))
737  {
738  return TLS1_VERSION;
739  }
740  return 0;
741 }
742 #endif /* SSL_CTX_get_max_proto_version */
743 
744 #ifndef SSL_CTX_set_min_proto_version
745 
746 static inline int
747 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
748 {
749  long sslopt = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; /* Never do < TLS 1.0 */
750 
751  if (tls_ver_min > TLS1_VERSION)
752  {
753  sslopt |= SSL_OP_NO_TLSv1;
754  }
755 #ifdef SSL_OP_NO_TLSv1_1
756  if (tls_ver_min > TLS1_1_VERSION)
757  {
758  sslopt |= SSL_OP_NO_TLSv1_1;
759  }
760 #endif
761 #ifdef SSL_OP_NO_TLSv1_2
762  if (tls_ver_min > TLS1_2_VERSION)
763  {
764  sslopt |= SSL_OP_NO_TLSv1_2;
765  }
766 #endif
767  SSL_CTX_set_options(ctx, sslopt);
768 
769  return 1;
770 }
771 #endif /* SSL_CTX_set_min_proto_version */
772 
773 #ifndef SSL_CTX_set_max_proto_version
774 
775 static inline int
776 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
777 {
778  long sslopt = 0;
779 
780  if (tls_ver_max < TLS1_VERSION)
781  {
782  sslopt |= SSL_OP_NO_TLSv1;
783  }
784 #ifdef SSL_OP_NO_TLSv1_1
785  if (tls_ver_max < TLS1_1_VERSION)
786  {
787  sslopt |= SSL_OP_NO_TLSv1_1;
788  }
789 #endif
790 #ifdef SSL_OP_NO_TLSv1_2
791  if (tls_ver_max < TLS1_2_VERSION)
792  {
793  sslopt |= SSL_OP_NO_TLSv1_2;
794  }
795 #endif
796  SSL_CTX_set_options(ctx, sslopt);
797 
798  return 1;
799 }
800 #endif /* SSL_CTX_set_max_proto_version */
801 
802 #endif /* OPENSSL_COMPAT_H_ */
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:685
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
static DSA * EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
Get the DSA object of a public key.
static int RSA_meth_set_priv_dec(RSA_METHOD *meth, int(*priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private decoding function of an RSA_METHOD object.
static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1.
static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
Set the application data of an RSA_METHOD object.
static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
Get the DSA parameters.
static int RSA_meth_set_priv_enc(RSA_METHOD *meth, int(*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private encoding function of an RSA_METHOD object.
static int RSA_meth_set_pub_dec(RSA_METHOD *meth, int(*pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public decoding function of an RSA_METHOD object.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
Get the EC_KEY object of a public key.
static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
Get the RSA parameters.
static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1.
static int RSA_bits(const RSA *rsa)
Number of significant RSA bits.
static void RSA_meth_free(RSA_METHOD *meth)
Free an existing RSA_METHOD object.
static void X509_OBJECT_free(X509_OBJECT *obj)
Destroy a X509 object.
list flags
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
static EVP_PKEY * X509_get0_pubkey(const X509 *x)
Get the public key from a X509 certificate.
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1050
static int RSA_meth_set_pub_enc(RSA_METHOD *meth, int(*pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public encoding function of an RSA_METHOD object.
static RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
Get the RSA object of a public key.
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store)
Fetch the X509 object stack from the X509 store.
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
static RSA_METHOD * RSA_meth_new(const char *name, int flags)
Allocate a new RSA method object.
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
static int DSA_bits(const DSA *dsa)
Number of significant DSA bits.
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static int init(RSA *rsa)
Definition: cryptoapi.c:518
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static int RSA_meth_set_sign(RSA_METHOD *meth, int(*sign)(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
Set the sign function of an RSA_METHOD object.
static int SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
Return the max SSL protocol version currently enabled in the context.
static int SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
Return the min SSL protocol version currently enabled in the context.
static int finish(RSA *rsa)
Definition: cryptoapi.c:526
#define free
Definition: cmocka.c:1850
static void * RSA_meth_get0_app_data(const RSA_METHOD *meth)
Get the application data of an RSA_METHOD object.
static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
Set the RSA parameters.
static int RSA_meth_set_init(RSA_METHOD *meth, int(*init)(RSA *rsa))
Set the init function of an RSA_METHOD object.
static int EC_GROUP_order_bits(const EC_GROUP *group)
Gets the number of bits of the order of an EC_GROUP.
static void RSA_set_flags(RSA *rsa, int flags)
Set the RSA flags.
static int X509_OBJECT_get_type(const X509_OBJECT *obj)
Get the type of an X509 object.
static int RSA_meth_set_finish(RSA_METHOD *meth, int(*finish)(RSA *rsa))
Set the finish function of an RSA_METHOD object.