Go to the documentation of this file.
34 #ifndef OPENSSL_COMPAT_H_
35 #define OPENSSL_COMPAT_H_
43 #include <openssl/rsa.h>
44 #include <openssl/ssl.h>
45 #include <openssl/x509.h>
46 #include <openssl/err.h>
49 #if OPENSSL_VERSION_NUMBER < 0x10101000L && !defined(ENABLE_CRYPTO_WOLFSSL)
50 #define SSL_CTX_set1_groups SSL_CTX_set1_curves
54 #if (OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL)) && !defined(ENABLE_CRYPTO_WOLFSSL)
65 X509_OBJECT_free_contents(obj);
70 #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
71 #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG
74 #if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL)
75 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
78 #if (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(ENABLE_CRYPTO_WOLFSSL)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050400fL)
79 #define SSL_get_peer_tmp_key SSL_get_server_tmp_key
83 #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(ENABLE_CRYPTO_WOLFSSL)
93 EVP_MD_CTX_cleanup(ctx);
113 static inline EVP_MD_CTX *
116 EVP_MD_CTX *ctx = NULL;
121 #define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_init
122 #define X509_get0_notBefore X509_get_notBefore
123 #define X509_get0_notAfter X509_get_notAfter
143 HMAC_CTX_cleanup(ctx);
156 HMAC_CTX_cleanup(ctx);
165 static inline HMAC_CTX *
168 HMAC_CTX *ctx = NULL;
182 return ctx ? ctx->default_passwd_callback_userdata : NULL;
191 static inline pem_password_cb *
194 return ctx ? ctx->default_passwd_callback : NULL;
203 static inline EVP_PKEY *
206 return (x && x->cert_info && x->cert_info->key) ?
207 x->cert_info->key->pkey : NULL;
217 *X509_STORE_get0_objects(X509_STORE *store)
219 return store ? store->objs : NULL;
231 return obj ? obj->type : X509_LU_FAIL;
243 return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL;
252 static inline EC_KEY *
255 return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL;
268 return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL;
296 const BIGNUM **e,
const BIGNUM **d)
300 *n = rsa ? rsa->n : NULL;
304 *e = rsa ? rsa->e : NULL;
308 *d = rsa ? rsa->d : NULL;
324 if ((rsa->n == NULL && n == NULL)
325 || (rsa->e == NULL && e == NULL))
358 const BIGNUM *n = NULL;
360 return n ? BN_num_bits(n) : 0;
373 const BIGNUM **q,
const BIGNUM **g)
377 *p = dsa ? dsa->p : NULL;
381 *q = dsa ? dsa->q : NULL;
385 *g = dsa ? dsa->g : NULL;
398 const BIGNUM *p = NULL;
400 return p ? BN_num_bits(p) : 0;
410 static inline RSA_METHOD *
413 RSA_METHOD *rsa_meth = NULL;
416 rsa_meth->flags = flags;
436 free((
char *)meth->name);
450 int (*pub_enc)(
int flen,
const unsigned char *from,
451 unsigned char *to, RSA *rsa,
456 meth->rsa_pub_enc = pub_enc;
471 int (*pub_dec)(
int flen,
const unsigned char *from,
472 unsigned char *to, RSA *rsa,
477 meth->rsa_pub_dec = pub_dec;
492 int (*priv_enc)(
int flen,
const unsigned char *from,
493 unsigned char *to, RSA *rsa,
498 meth->rsa_priv_enc = priv_enc;
513 int (*priv_dec)(
int flen,
const unsigned char *from,
514 unsigned char *to, RSA *rsa,
519 meth->rsa_priv_dec = priv_dec;
553 int (*sign)(
int type,
const unsigned char *m,
554 unsigned int m_length,
555 unsigned char *sigret,
unsigned int *siglen,
558 meth->rsa_sign = sign;
574 meth->finish = finish;
592 meth->app_data = app_data;
607 return meth ? meth->app_data : NULL;
619 BIGNUM *order = BN_new();
620 EC_GROUP_get_order(group, order, NULL);
621 int bits = BN_num_bits(order);
627 #define OPENSSL_VERSION SSLEAY_VERSION
628 #define OpenSSL_version SSLeay_version
635 long sslopt = SSL_CTX_get_options(ctx);
636 if (!(sslopt & SSL_OP_NO_TLSv1))
640 if (!(sslopt & SSL_OP_NO_TLSv1_1))
642 return TLS1_1_VERSION;
644 if (!(sslopt & SSL_OP_NO_TLSv1_2))
646 return TLS1_2_VERSION;
656 long sslopt = SSL_CTX_get_options(ctx);
657 if (!(sslopt & SSL_OP_NO_TLSv1_2))
659 return TLS1_2_VERSION;
661 if (!(sslopt & SSL_OP_NO_TLSv1_1))
663 return TLS1_1_VERSION;
665 if (!(sslopt & SSL_OP_NO_TLSv1))
676 long sslopt = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
678 if (tls_ver_min > TLS1_VERSION)
680 sslopt |= SSL_OP_NO_TLSv1;
682 #ifdef SSL_OP_NO_TLSv1_1
683 if (tls_ver_min > TLS1_1_VERSION)
685 sslopt |= SSL_OP_NO_TLSv1_1;
688 #ifdef SSL_OP_NO_TLSv1_2
689 if (tls_ver_min > TLS1_2_VERSION)
691 sslopt |= SSL_OP_NO_TLSv1_2;
694 SSL_CTX_set_options(ctx, sslopt);
705 if (tls_ver_max < TLS1_VERSION)
707 sslopt |= SSL_OP_NO_TLSv1;
709 #ifdef SSL_OP_NO_TLSv1_1
710 if (tls_ver_max < TLS1_1_VERSION)
712 sslopt |= SSL_OP_NO_TLSv1_1;
715 #ifdef SSL_OP_NO_TLSv1_2
716 if (tls_ver_max < TLS1_2_VERSION)
718 sslopt |= SSL_OP_NO_TLSv1_2;
721 SSL_CTX_set_options(ctx, sslopt);
728 #if OPENSSL_VERSION_NUMBER < 0x30000000L && !defined(OPENSSL_NO_EC)
743 const EC_GROUP *group = EC_KEY_get0_group(ec);
744 int nid = EC_GROUP_get_curve_name(group);
750 const char *curve = OBJ_nid2sn(nid);
753 curve =
"(error fetching curve name)";
759 *gname_len = strlen(curve);
764 #if OPENSSL_VERSION_NUMBER < 0x30000000L
765 #define EVP_MD_get0_name EVP_MD_name
766 #define EVP_CIPHER_get0_name EVP_CIPHER_name
767 #define EVP_CIPHER_CTX_get_mode EVP_CIPHER_CTX_mode
770 #define SSL_CTX_new_ex(libctx, propq, method) \
771 SSL_CTX_new((method))
779 static inline const EVP_CIPHER *
784 return EVP_get_cipherbyname(algorithm);
787 static inline const EVP_MD *
792 return EVP_get_digestbyname(algorithm);
807 static inline unsigned long
810 const char **data,
int *flags)
812 static const char *empty =
"";
814 unsigned long err = ERR_get_error_line_data(file, line, data, flags);
static void EVP_CIPHER_free(const EVP_CIPHER *cipher)
static RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
Get the RSA object of a public key.
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static const EVP_MD * EVP_MD_fetch(void *ctx, const char *algorithm, const char *properties)
static int RSA_meth_set_priv_dec(RSA_METHOD *meth, int(*priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private decoding function of an RSA_METHOD object.
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static int DSA_bits(const DSA *dsa)
Number of significant DSA bits.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
static int RSA_meth_set_finish(RSA_METHOD *meth, int(*finish)(RSA *rsa))
Set the finish function of an RSA_METHOD object.
static void EVP_MD_free(const EVP_MD *md)
static const EVP_CIPHER * EVP_CIPHER_fetch(void *ctx, const char *algorithm, const char *properties)
static DSA * EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
Get the DSA object of a public key.
static int EC_GROUP_order_bits(const EC_GROUP *group)
Gets the number of bits of the order of an EC_GROUP.
static void RSA_set_flags(RSA *rsa, int flags)
Set the RSA flags.
char * string_alloc(const char *str, struct gc_arena *gc)
static RSA_METHOD * RSA_meth_new(const char *name, int flags)
Allocate a new RSA method object.
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store)
Fetch the X509 object stack from the X509 store.
static int RSA_meth_set_init(RSA_METHOD *meth, int(*init)(RSA *rsa))
Set the init function of an RSA_METHOD object.
static int RSA_meth_set_priv_enc(RSA_METHOD *meth, int(*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private encoding function of an RSA_METHOD object.
static int SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
Return the min SSL protocol version currently enabled in the context.
static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1.
static unsigned long ERR_get_error_all(const char **file, int *line, const char **func, const char **data, int *flags)
static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
Get the RSA parameters.
static EVP_PKEY * X509_get0_pubkey(const X509 *x)
Get the public key from a X509 certificate.
static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
Get the DSA parameters.
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
static int SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
Return the max SSL protocol version currently enabled in the context.
static int X509_OBJECT_get_type(const X509_OBJECT *obj)
Get the type of an X509 object.
static void * RSA_meth_get0_app_data(const RSA_METHOD *meth)
Get the application data of an RSA_METHOD object.
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
static void X509_OBJECT_free(X509_OBJECT *obj)
Destroy a X509 object.
static int init(void **state)
static int RSA_meth_set_pub_enc(RSA_METHOD *meth, int(*pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public encoding function of an RSA_METHOD object.
static int EVP_PKEY_get_group_name(EVP_PKEY *pkey, char *gname, size_t gname_sz, size_t *gname_len)
static int RSA_meth_set_pub_dec(RSA_METHOD *meth, int(*pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public decoding function of an RSA_METHOD object.
static void strncpynt(char *dest, const char *src, size_t maxlen)
static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
Set the RSA parameters.
static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1.
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
Get the EC_KEY object of a public key.
#define ALLOC_OBJ_CLEAR(dptr, type)
static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
Set the application data of an RSA_METHOD object.
static void RSA_meth_free(RSA_METHOD *meth)
Free an existing RSA_METHOD object.
static int RSA_bits(const RSA *rsa)
Number of significant RSA bits.
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
static int RSA_meth_set_sign(RSA_METHOD *meth, int(*sign)(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
Set the sign function of an RSA_METHOD object.