OpenVPN
openssl_compat.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
34 #ifndef OPENSSL_COMPAT_H_
35 #define OPENSSL_COMPAT_H_
36 
37 #ifdef HAVE_CONFIG_H
38 #include "config.h"
39 #elif defined(_MSC_VER)
40 #include "config-msvc.h"
41 #endif
42 
43 #include "buffer.h"
44 
45 #include <openssl/rsa.h>
46 #include <openssl/ssl.h>
47 #include <openssl/x509.h>
48 
49 #if !defined(HAVE_EVP_MD_CTX_RESET)
50 
56 static inline int
57 EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
58 {
59  EVP_MD_CTX_cleanup(ctx);
60  return 1;
61 }
62 #endif
63 
64 #if !defined(HAVE_EVP_MD_CTX_FREE)
65 
70 static inline void
71 EVP_MD_CTX_free(EVP_MD_CTX *ctx)
72 {
73  free(ctx);
74 }
75 #endif
76 
77 #if !defined(HAVE_EVP_MD_CTX_NEW)
78 
83 static inline EVP_MD_CTX *
85 {
86  EVP_MD_CTX *ctx = NULL;
87  ALLOC_OBJ_CLEAR(ctx, EVP_MD_CTX);
88  return ctx;
89 }
90 #endif
91 
92 #if !defined(HAVE_HMAC_CTX_RESET)
93 
108 static inline int
109 HMAC_CTX_reset(HMAC_CTX *ctx)
110 {
111  HMAC_CTX_cleanup(ctx);
112  HMAC_CTX_init(ctx);
113  return 1;
114 }
115 #endif
116 
117 #if !defined(HAVE_HMAC_CTX_FREE)
118 
123 static inline void
124 HMAC_CTX_free(HMAC_CTX *ctx)
125 {
126  HMAC_CTX_cleanup(ctx);
127  free(ctx);
128 }
129 #endif
130 
131 #if !defined(HAVE_HMAC_CTX_NEW)
132 
137 static inline HMAC_CTX *
139 {
140  HMAC_CTX *ctx = NULL;
141  ALLOC_OBJ_CLEAR(ctx, HMAC_CTX);
142  return ctx;
143 }
144 #endif
145 
146 #if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA)
147 
153 static inline void *
155 {
156  return ctx ? ctx->default_passwd_callback_userdata : NULL;
157 }
158 #endif
159 
160 #if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB)
161 
167 static inline pem_password_cb *
169 {
170  return ctx ? ctx->default_passwd_callback : NULL;
171 }
172 #endif
173 
174 #if !defined(HAVE_X509_GET0_PUBKEY)
175 
181 static inline EVP_PKEY *
182 X509_get0_pubkey(const X509 *x)
183 {
184  return (x && x->cert_info && x->cert_info->key) ?
185  x->cert_info->key->pkey : NULL;
186 }
187 #endif
188 
189 #if !defined(HAVE_X509_STORE_GET0_OBJECTS)
190 
196 static inline STACK_OF(X509_OBJECT)
197 *X509_STORE_get0_objects(X509_STORE *store)
198 {
199  return store ? store->objs : NULL;
200 }
201 #endif
202 
203 #if !defined(HAVE_X509_OBJECT_FREE)
204 
209 static inline void
210 X509_OBJECT_free(X509_OBJECT *obj)
211 {
212  if (obj)
213  {
214  X509_OBJECT_free_contents(obj);
215  OPENSSL_free(obj);
216  }
217 }
218 #endif
219 
220 #if !defined(HAVE_X509_OBJECT_GET_TYPE)
221 
227 static inline int
228 X509_OBJECT_get_type(const X509_OBJECT *obj)
229 {
230  return obj ? obj->type : X509_LU_FAIL;
231 }
232 #endif
233 
234 #if !defined(HAVE_EVP_PKEY_GET0_RSA)
235 
241 static inline RSA *
242 EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
243 {
244  return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL;
245 }
246 #endif
247 
248 #if !defined(HAVE_EVP_PKEY_GET0_EC_KEY) && !defined(OPENSSL_NO_EC)
249 
255 static inline EC_KEY *
256 EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
257 {
258  return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL;
259 }
260 #endif
261 
262 #if !defined(HAVE_EVP_PKEY_ID)
263 
269 static inline int
270 EVP_PKEY_id(const EVP_PKEY *pkey)
271 {
272  return pkey ? pkey->type : EVP_PKEY_NONE;
273 }
274 #endif
275 
276 #if !defined(HAVE_EVP_PKEY_GET0_DSA)
277 
283 static inline DSA *
284 EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
285 {
286  return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL;
287 }
288 #endif
289 
290 #if !defined(HAVE_RSA_SET_FLAGS)
291 
297 static inline void
298 RSA_set_flags(RSA *rsa, int flags)
299 {
300  if (rsa)
301  {
302  rsa->flags = flags;
303  }
304 }
305 #endif
306 
307 #if !defined(HAVE_RSA_GET0_KEY)
308 
316 static inline void
317 RSA_get0_key(const RSA *rsa, const BIGNUM **n,
318  const BIGNUM **e, const BIGNUM **d)
319 {
320  if (n != NULL)
321  {
322  *n = rsa ? rsa->n : NULL;
323  }
324  if (e != NULL)
325  {
326  *e = rsa ? rsa->e : NULL;
327  }
328  if (d != NULL)
329  {
330  *d = rsa ? rsa->d : NULL;
331  }
332 }
333 #endif
334 
335 #if !defined(HAVE_RSA_SET0_KEY)
336 
345 static inline int
346 RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
347 {
348  if ((rsa->n == NULL && n == NULL)
349  || (rsa->e == NULL && e == NULL))
350  {
351  return 0;
352  }
353 
354  if (n != NULL)
355  {
356  BN_free(rsa->n);
357  rsa->n = n;
358  }
359  if (e != NULL)
360  {
361  BN_free(rsa->e);
362  rsa->e = e;
363  }
364  if (d != NULL)
365  {
366  BN_free(rsa->d);
367  rsa->d = d;
368  }
369 
370  return 1;
371 }
372 #endif /* if !defined(HAVE_RSA_SET0_KEY) */
373 
374 #if !defined(HAVE_RSA_BITS)
375 
381 static inline int
382 RSA_bits(const RSA *rsa)
383 {
384  const BIGNUM *n = NULL;
385  RSA_get0_key(rsa, &n, NULL, NULL);
386  return n ? BN_num_bits(n) : 0;
387 }
388 #endif
389 
390 #if !defined(HAVE_DSA_GET0_PQG)
391 
399 static inline void
400 DSA_get0_pqg(const DSA *dsa, const BIGNUM **p,
401  const BIGNUM **q, const BIGNUM **g)
402 {
403  if (p != NULL)
404  {
405  *p = dsa ? dsa->p : NULL;
406  }
407  if (q != NULL)
408  {
409  *q = dsa ? dsa->q : NULL;
410  }
411  if (g != NULL)
412  {
413  *g = dsa ? dsa->g : NULL;
414  }
415 }
416 #endif
417 
418 #if !defined(HAVE_DSA_BITS)
419 
425 static inline int
426 DSA_bits(const DSA *dsa)
427 {
428  const BIGNUM *p = NULL;
429  DSA_get0_pqg(dsa, &p, NULL, NULL);
430  return p ? BN_num_bits(p) : 0;
431 }
432 #endif
433 
434 #if !defined(HAVE_RSA_METH_NEW)
435 
442 static inline RSA_METHOD *
443 RSA_meth_new(const char *name, int flags)
444 {
445  RSA_METHOD *rsa_meth = NULL;
446  ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
447  rsa_meth->name = string_alloc(name, NULL);
448  rsa_meth->flags = flags;
449  return rsa_meth;
450 }
451 #endif
452 
453 #if !defined(HAVE_RSA_METH_FREE)
454 
459 static inline void
460 RSA_meth_free(RSA_METHOD *meth)
461 {
462  if (meth)
463  {
464  /* OpenSSL defines meth->name to be a const pointer, yet we
465  * feed it with an allocated string (from RSA_meth_new()).
466  * Thus we are allowed to free it here. In order to avoid a
467  * "passing 'const char *' to parameter of type 'void *' discards
468  * qualifiers" warning, we force the pointer to be a non-const value.
469  */
470  free((char *)meth->name);
471  free(meth);
472  }
473 }
474 #endif
475 
476 #if !defined(HAVE_RSA_METH_SET_PUB_ENC)
477 
484 static inline int
485 RSA_meth_set_pub_enc(RSA_METHOD *meth,
486  int (*pub_enc)(int flen, const unsigned char *from,
487  unsigned char *to, RSA *rsa,
488  int padding))
489 {
490  if (meth)
491  {
492  meth->rsa_pub_enc = pub_enc;
493  return 1;
494  }
495  return 0;
496 }
497 #endif
498 
499 #if !defined(HAVE_RSA_METH_SET_PUB_DEC)
500 
507 static inline int
508 RSA_meth_set_pub_dec(RSA_METHOD *meth,
509  int (*pub_dec)(int flen, const unsigned char *from,
510  unsigned char *to, RSA *rsa,
511  int padding))
512 {
513  if (meth)
514  {
515  meth->rsa_pub_dec = pub_dec;
516  return 1;
517  }
518  return 0;
519 }
520 #endif
521 
522 #if !defined(HAVE_RSA_METH_SET_PRIV_ENC)
523 
530 static inline int
531 RSA_meth_set_priv_enc(RSA_METHOD *meth,
532  int (*priv_enc)(int flen, const unsigned char *from,
533  unsigned char *to, RSA *rsa,
534  int padding))
535 {
536  if (meth)
537  {
538  meth->rsa_priv_enc = priv_enc;
539  return 1;
540  }
541  return 0;
542 }
543 #endif
544 
545 #if !defined(HAVE_RSA_METH_SET_PRIV_DEC)
546 
553 static inline int
554 RSA_meth_set_priv_dec(RSA_METHOD *meth,
555  int (*priv_dec)(int flen, const unsigned char *from,
556  unsigned char *to, RSA *rsa,
557  int padding))
558 {
559  if (meth)
560  {
561  meth->rsa_priv_dec = priv_dec;
562  return 1;
563  }
564  return 0;
565 }
566 #endif
567 
568 #if !defined(HAVE_RSA_METH_SET_INIT)
569 
576 static inline int
577 RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa))
578 {
579  if (meth)
580  {
581  meth->init = init;
582  return 1;
583  }
584  return 0;
585 }
586 #endif
587 
588 #if !defined (HAVE_RSA_METH_SET_SIGN)
589 
596 static inline
597 int
598 RSA_meth_set_sign(RSA_METHOD *meth,
599  int (*sign)(int type, const unsigned char *m,
600  unsigned int m_length,
601  unsigned char *sigret, unsigned int *siglen,
602  const RSA *rsa))
603 {
604  meth->rsa_sign = sign;
605  return 1;
606 }
607 #endif
608 
609 #if !defined(HAVE_RSA_METH_SET_FINISH)
610 
617 static inline int
618 RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
619 {
620  if (meth)
621  {
622  meth->finish = finish;
623  return 1;
624  }
625  return 0;
626 }
627 #endif
628 
629 #if !defined(HAVE_RSA_METH_SET0_APP_DATA)
630 
637 static inline int
638 RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
639 {
640  if (meth)
641  {
642  meth->app_data = app_data;
643  return 1;
644  }
645  return 0;
646 }
647 #endif
648 
649 #if !defined(HAVE_RSA_METH_GET0_APP_DATA)
650 
656 static inline void *
657 RSA_meth_get0_app_data(const RSA_METHOD *meth)
658 {
659  return meth ? meth->app_data : NULL;
660 }
661 #endif
662 
663 #if !defined(HAVE_EC_GROUP_ORDER_BITS) && !defined(OPENSSL_NO_EC)
664 
670 static inline int
671 EC_GROUP_order_bits(const EC_GROUP *group)
672 {
673  BIGNUM *order = BN_new();
674  EC_GROUP_get_order(group, order, NULL);
675  int bits = BN_num_bits(order);
676  BN_free(order);
677  return bits;
678 }
679 #endif
680 
681 /* SSLeay symbols have been renamed in OpenSSL 1.1 */
682 #ifndef OPENSSL_VERSION
683 #define OPENSSL_VERSION SSLEAY_VERSION
684 #endif
685 
686 #ifndef HAVE_OPENSSL_VERSION
687 #define OpenSSL_version SSLeay_version
688 #endif
689 
690 #if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT)
691 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
692 #endif
693 
694 #ifndef SSL_CTX_get_min_proto_version
695 
697 static inline int
699 {
700  long sslopt = SSL_CTX_get_options(ctx);
701  if (!(sslopt & SSL_OP_NO_TLSv1))
702  {
703  return TLS1_VERSION;
704  }
705  if (!(sslopt & SSL_OP_NO_TLSv1_1))
706  {
707  return TLS1_1_VERSION;
708  }
709  if (!(sslopt & SSL_OP_NO_TLSv1_2))
710  {
711  return TLS1_2_VERSION;
712  }
713  return 0;
714 }
715 #endif /* SSL_CTX_get_min_proto_version */
716 
717 #ifndef SSL_CTX_get_max_proto_version
718 
720 static inline int
722 {
723  long sslopt = SSL_CTX_get_options(ctx);
724  if (!(sslopt & SSL_OP_NO_TLSv1_2))
725  {
726  return TLS1_2_VERSION;
727  }
728  if (!(sslopt & SSL_OP_NO_TLSv1_1))
729  {
730  return TLS1_1_VERSION;
731  }
732  if (!(sslopt & SSL_OP_NO_TLSv1))
733  {
734  return TLS1_VERSION;
735  }
736  return 0;
737 }
738 #endif /* SSL_CTX_get_max_proto_version */
739 
740 #ifndef SSL_CTX_set_min_proto_version
741 
742 static inline int
743 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
744 {
745  long sslopt = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; /* Never do < TLS 1.0 */
746 
747  if (tls_ver_min > TLS1_VERSION)
748  {
749  sslopt |= SSL_OP_NO_TLSv1;
750  }
751 #ifdef SSL_OP_NO_TLSv1_1
752  if (tls_ver_min > TLS1_1_VERSION)
753  {
754  sslopt |= SSL_OP_NO_TLSv1_1;
755  }
756 #endif
757 #ifdef SSL_OP_NO_TLSv1_2
758  if (tls_ver_min > TLS1_2_VERSION)
759  {
760  sslopt |= SSL_OP_NO_TLSv1_2;
761  }
762 #endif
763  SSL_CTX_set_options(ctx, sslopt);
764 
765  return 1;
766 }
767 #endif /* SSL_CTX_set_min_proto_version */
768 
769 #ifndef SSL_CTX_set_max_proto_version
770 
771 static inline int
772 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
773 {
774  long sslopt = 0;
775 
776  if (tls_ver_max < TLS1_VERSION)
777  {
778  sslopt |= SSL_OP_NO_TLSv1;
779  }
780 #ifdef SSL_OP_NO_TLSv1_1
781  if (tls_ver_max < TLS1_1_VERSION)
782  {
783  sslopt |= SSL_OP_NO_TLSv1_1;
784  }
785 #endif
786 #ifdef SSL_OP_NO_TLSv1_2
787  if (tls_ver_max < TLS1_2_VERSION)
788  {
789  sslopt |= SSL_OP_NO_TLSv1_2;
790  }
791 #endif
792  SSL_CTX_set_options(ctx, sslopt);
793 
794  return 1;
795 }
796 #endif /* SSL_CTX_set_max_proto_version */
797 
798 #endif /* OPENSSL_COMPAT_H_ */
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:688
static int EVP_PKEY_id(const EVP_PKEY *pkey)
Get the PKEY type.
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
static DSA * EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
Get the DSA object of a public key.
static int RSA_meth_set_priv_dec(RSA_METHOD *meth, int(*priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private decoding function of an RSA_METHOD object.
static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1.
static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
Set the application data of an RSA_METHOD object.
static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
Get the DSA parameters.
static int RSA_meth_set_priv_enc(RSA_METHOD *meth, int(*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private encoding function of an RSA_METHOD object.
static int RSA_meth_set_pub_dec(RSA_METHOD *meth, int(*pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public decoding function of an RSA_METHOD object.
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
Get the EC_KEY object of a public key.
static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
Get the RSA parameters.
static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1.
static int RSA_bits(const RSA *rsa)
Number of significant RSA bits.
static void RSA_meth_free(RSA_METHOD *meth)
Free an existing RSA_METHOD object.
static void X509_OBJECT_free(X509_OBJECT *obj)
Destroy a X509 object.
list flags
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
static EVP_PKEY * X509_get0_pubkey(const X509 *x)
Get the public key from a X509 certificate.
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1050
static int RSA_meth_set_pub_enc(RSA_METHOD *meth, int(*pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public encoding function of an RSA_METHOD object.
static RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
Get the RSA object of a public key.
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store)
Fetch the X509 object stack from the X509 store.
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
static RSA_METHOD * RSA_meth_new(const char *name, int flags)
Allocate a new RSA method object.
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
static int DSA_bits(const DSA *dsa)
Number of significant DSA bits.
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
static int init(RSA *rsa)
Definition: cryptoapi.c:517
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
static int RSA_meth_set_sign(RSA_METHOD *meth, int(*sign)(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
Set the sign function of an RSA_METHOD object.
static int SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
Return the max SSL protocol version currently enabled in the context.
static int SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
Return the min SSL protocol version currently enabled in the context.
static int finish(RSA *rsa)
Definition: cryptoapi.c:525
#define free
Definition: cmocka.c:1850
static void * RSA_meth_get0_app_data(const RSA_METHOD *meth)
Get the application data of an RSA_METHOD object.
static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
Set the RSA parameters.
static int RSA_meth_set_init(RSA_METHOD *meth, int(*init)(RSA *rsa))
Set the init function of an RSA_METHOD object.
static int EC_GROUP_order_bits(const EC_GROUP *group)
Gets the number of bits of the order of an EC_GROUP.
static void RSA_set_flags(RSA *rsa, int flags)
Set the RSA flags.
static int X509_OBJECT_get_type(const X509_OBJECT *obj)
Get the type of an X509 object.
static int RSA_meth_set_finish(RSA_METHOD *meth, int(*finish)(RSA *rsa))
Set the finish function of an RSA_METHOD object.