OpenVPN
openssl_compat.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
34 #ifndef OPENSSL_COMPAT_H_
35 #define OPENSSL_COMPAT_H_
36 
37 #ifdef HAVE_CONFIG_H
38 #include "config.h"
39 #elif defined(_MSC_VER)
40 #include "config-msvc.h"
41 #endif
42 
43 #include "buffer.h"
44 
45 #include <openssl/rsa.h>
46 #include <openssl/ssl.h>
47 #include <openssl/x509.h>
48 
49 /* Functionality missing in 1.1.0 */
50 #if OPENSSL_VERSION_NUMBER < 0x10101000L && !defined(ENABLE_CRYPTO_WOLFSSL)
51 #define SSL_CTX_set1_groups SSL_CTX_set1_curves
52 #endif
53 
54 /* Functionality missing in LibreSSL and OpenSSL 1.0.2 */
55 #if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL)
56 
61 static inline void
62 X509_OBJECT_free(X509_OBJECT *obj)
63 {
64  if (obj)
65  {
66  X509_OBJECT_free_contents(obj);
67  OPENSSL_free(obj);
68  }
69 }
70 
71 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
72 #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
73 #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG
74 #endif
75 
76 
77 /* Functionality missing in 1.0.2 */
78 #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(ENABLE_CRYPTO_WOLFSSL)
79 
85 static inline int
86 EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
87 {
88  EVP_MD_CTX_cleanup(ctx);
89  return 1;
90 }
91 
97 static inline void
98 EVP_MD_CTX_free(EVP_MD_CTX *ctx)
99 {
100  free(ctx);
101 }
102 
108 static inline EVP_MD_CTX *
109 EVP_MD_CTX_new(void)
110 {
111  EVP_MD_CTX *ctx = NULL;
112  ALLOC_OBJ_CLEAR(ctx, EVP_MD_CTX);
113  return ctx;
114 }
115 
116 #define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_init
117 #define X509_get0_notBefore X509_get_notBefore
118 #define X509_get0_notAfter X509_get_notAfter
119 
135 static inline int
136 HMAC_CTX_reset(HMAC_CTX *ctx)
137 {
138  HMAC_CTX_cleanup(ctx);
139  HMAC_CTX_init(ctx);
140  return 1;
141 }
142 
148 static inline void
149 HMAC_CTX_free(HMAC_CTX *ctx)
150 {
151  HMAC_CTX_cleanup(ctx);
152  free(ctx);
153 }
154 
160 static inline HMAC_CTX *
161 HMAC_CTX_new(void)
162 {
163  HMAC_CTX *ctx = NULL;
164  ALLOC_OBJ_CLEAR(ctx, HMAC_CTX);
165  return ctx;
166 }
167 
174 static inline void *
175 SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
176 {
177  return ctx ? ctx->default_passwd_callback_userdata : NULL;
178 }
179 
186 static inline pem_password_cb *
187 SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
188 {
189  return ctx ? ctx->default_passwd_callback : NULL;
190 }
191 
198 static inline EVP_PKEY *
199 X509_get0_pubkey(const X509 *x)
200 {
201  return (x && x->cert_info && x->cert_info->key) ?
202  x->cert_info->key->pkey : NULL;
203 }
204 
211 static inline STACK_OF(X509_OBJECT)
212 *X509_STORE_get0_objects(X509_STORE *store)
213 {
214  return store ? store->objs : NULL;
215 }
216 
223 static inline int
224 X509_OBJECT_get_type(const X509_OBJECT *obj)
225 {
226  return obj ? obj->type : X509_LU_FAIL;
227 }
228 
235 static inline RSA *
236 EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
237 {
238  return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL;
239 }
240 
247 static inline EC_KEY *
248 EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
249 {
250  return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL;
251 }
252 
253 
260 static inline DSA *
261 EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
262 {
263  return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL;
264 }
265 
272 static inline void
273 RSA_set_flags(RSA *rsa, int flags)
274 {
275  if (rsa)
276  {
277  rsa->flags = flags;
278  }
279 }
280 
289 static inline void
290 RSA_get0_key(const RSA *rsa, const BIGNUM **n,
291  const BIGNUM **e, const BIGNUM **d)
292 {
293  if (n != NULL)
294  {
295  *n = rsa ? rsa->n : NULL;
296  }
297  if (e != NULL)
298  {
299  *e = rsa ? rsa->e : NULL;
300  }
301  if (d != NULL)
302  {
303  *d = rsa ? rsa->d : NULL;
304  }
305 }
306 
316 static inline int
317 RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
318 {
319  if ((rsa->n == NULL && n == NULL)
320  || (rsa->e == NULL && e == NULL))
321  {
322  return 0;
323  }
324 
325  if (n != NULL)
326  {
327  BN_free(rsa->n);
328  rsa->n = n;
329  }
330  if (e != NULL)
331  {
332  BN_free(rsa->e);
333  rsa->e = e;
334  }
335  if (d != NULL)
336  {
337  BN_free(rsa->d);
338  rsa->d = d;
339  }
340 
341  return 1;
342 }
343 
350 static inline int
351 RSA_bits(const RSA *rsa)
352 {
353  const BIGNUM *n = NULL;
354  RSA_get0_key(rsa, &n, NULL, NULL);
355  return n ? BN_num_bits(n) : 0;
356 }
357 
366 static inline void
367 DSA_get0_pqg(const DSA *dsa, const BIGNUM **p,
368  const BIGNUM **q, const BIGNUM **g)
369 {
370  if (p != NULL)
371  {
372  *p = dsa ? dsa->p : NULL;
373  }
374  if (q != NULL)
375  {
376  *q = dsa ? dsa->q : NULL;
377  }
378  if (g != NULL)
379  {
380  *g = dsa ? dsa->g : NULL;
381  }
382 }
383 
390 static inline int
391 DSA_bits(const DSA *dsa)
392 {
393  const BIGNUM *p = NULL;
394  DSA_get0_pqg(dsa, &p, NULL, NULL);
395  return p ? BN_num_bits(p) : 0;
396 }
397 
405 static inline RSA_METHOD *
406 RSA_meth_new(const char *name, int flags)
407 {
408  RSA_METHOD *rsa_meth = NULL;
409  ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
410  rsa_meth->name = string_alloc(name, NULL);
411  rsa_meth->flags = flags;
412  return rsa_meth;
413 }
414 
420 static inline void
421 RSA_meth_free(RSA_METHOD *meth)
422 {
423  if (meth)
424  {
425  /* OpenSSL defines meth->name to be a const pointer, yet we
426  * feed it with an allocated string (from RSA_meth_new()).
427  * Thus we are allowed to free it here. In order to avoid a
428  * "passing 'const char *' to parameter of type 'void *' discards
429  * qualifiers" warning, we force the pointer to be a non-const value.
430  */
431  free((char *)meth->name);
432  free(meth);
433  }
434 }
435 
443 static inline int
444 RSA_meth_set_pub_enc(RSA_METHOD *meth,
445  int (*pub_enc)(int flen, const unsigned char *from,
446  unsigned char *to, RSA *rsa,
447  int padding))
448 {
449  if (meth)
450  {
451  meth->rsa_pub_enc = pub_enc;
452  return 1;
453  }
454  return 0;
455 }
456 
464 static inline int
465 RSA_meth_set_pub_dec(RSA_METHOD *meth,
466  int (*pub_dec)(int flen, const unsigned char *from,
467  unsigned char *to, RSA *rsa,
468  int padding))
469 {
470  if (meth)
471  {
472  meth->rsa_pub_dec = pub_dec;
473  return 1;
474  }
475  return 0;
476 }
477 
485 static inline int
486 RSA_meth_set_priv_enc(RSA_METHOD *meth,
487  int (*priv_enc)(int flen, const unsigned char *from,
488  unsigned char *to, RSA *rsa,
489  int padding))
490 {
491  if (meth)
492  {
493  meth->rsa_priv_enc = priv_enc;
494  return 1;
495  }
496  return 0;
497 }
498 
506 static inline int
507 RSA_meth_set_priv_dec(RSA_METHOD *meth,
508  int (*priv_dec)(int flen, const unsigned char *from,
509  unsigned char *to, RSA *rsa,
510  int padding))
511 {
512  if (meth)
513  {
514  meth->rsa_priv_dec = priv_dec;
515  return 1;
516  }
517  return 0;
518 }
519 
527 static inline int
528 RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa))
529 {
530  if (meth)
531  {
532  meth->init = init;
533  return 1;
534  }
535  return 0;
536 }
537 
545 static inline
546 int
547 RSA_meth_set_sign(RSA_METHOD *meth,
548  int (*sign)(int type, const unsigned char *m,
549  unsigned int m_length,
550  unsigned char *sigret, unsigned int *siglen,
551  const RSA *rsa))
552 {
553  meth->rsa_sign = sign;
554  return 1;
555 }
556 
564 static inline int
565 RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
566 {
567  if (meth)
568  {
569  meth->finish = finish;
570  return 1;
571  }
572  return 0;
573 }
574 
582 static inline int
583 RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
584 {
585  if (meth)
586  {
587  meth->app_data = app_data;
588  return 1;
589  }
590  return 0;
591 }
592 
599 static inline void *
600 RSA_meth_get0_app_data(const RSA_METHOD *meth)
601 {
602  return meth ? meth->app_data : NULL;
603 }
604 
611 static inline int
612 EC_GROUP_order_bits(const EC_GROUP *group)
613 {
614  BIGNUM *order = BN_new();
615  EC_GROUP_get_order(group, order, NULL);
616  int bits = BN_num_bits(order);
617  BN_free(order);
618  return bits;
619 }
620 
621 /* SSLeay symbols have been renamed in OpenSSL 1.1 */
622 #define OPENSSL_VERSION SSLEAY_VERSION
623 #define OpenSSL_version SSLeay_version
624 
627 static inline int
628 SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
629 {
630  long sslopt = SSL_CTX_get_options(ctx);
631  if (!(sslopt & SSL_OP_NO_TLSv1))
632  {
633  return TLS1_VERSION;
634  }
635  if (!(sslopt & SSL_OP_NO_TLSv1_1))
636  {
637  return TLS1_1_VERSION;
638  }
639  if (!(sslopt & SSL_OP_NO_TLSv1_2))
640  {
641  return TLS1_2_VERSION;
642  }
643  return 0;
644 }
645 
648 static inline int
649 SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
650 {
651  long sslopt = SSL_CTX_get_options(ctx);
652  if (!(sslopt & SSL_OP_NO_TLSv1_2))
653  {
654  return TLS1_2_VERSION;
655  }
656  if (!(sslopt & SSL_OP_NO_TLSv1_1))
657  {
658  return TLS1_1_VERSION;
659  }
660  if (!(sslopt & SSL_OP_NO_TLSv1))
661  {
662  return TLS1_VERSION;
663  }
664  return 0;
665 }
666 
668 static inline int
669 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
670 {
671  long sslopt = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; /* Never do < TLS 1.0 */
672 
673  if (tls_ver_min > TLS1_VERSION)
674  {
675  sslopt |= SSL_OP_NO_TLSv1;
676  }
677 #ifdef SSL_OP_NO_TLSv1_1
678  if (tls_ver_min > TLS1_1_VERSION)
679  {
680  sslopt |= SSL_OP_NO_TLSv1_1;
681  }
682 #endif
683 #ifdef SSL_OP_NO_TLSv1_2
684  if (tls_ver_min > TLS1_2_VERSION)
685  {
686  sslopt |= SSL_OP_NO_TLSv1_2;
687  }
688 #endif
689  SSL_CTX_set_options(ctx, sslopt);
690 
691  return 1;
692 }
693 
695 static inline int
696 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
697 {
698  long sslopt = 0;
699 
700  if (tls_ver_max < TLS1_VERSION)
701  {
702  sslopt |= SSL_OP_NO_TLSv1;
703  }
704 #ifdef SSL_OP_NO_TLSv1_1
705  if (tls_ver_max < TLS1_1_VERSION)
706  {
707  sslopt |= SSL_OP_NO_TLSv1_1;
708  }
709 #endif
710 #ifdef SSL_OP_NO_TLSv1_2
711  if (tls_ver_max < TLS1_2_VERSION)
712  {
713  sslopt |= SSL_OP_NO_TLSv1_2;
714  }
715 #endif
716  SSL_CTX_set_options(ctx, sslopt);
717 
718  return 1;
719 }
720 #endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(ENABLE_CRYPTO_WOLFSSL) */
721 #endif /* OPENSSL_COMPAT_H_ */
SSL_CTX_get_default_passwd_cb_userdata
static void * SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
Fetch the default password callback user data from the SSL context.
Definition: openssl_compat.h:175
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:685
SSL_CTX_get_default_passwd_cb
static pem_password_cb * SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
Fetch the default password callback from the SSL context.
Definition: openssl_compat.h:187
EVP_PKEY_get0_DSA
static DSA * EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
Get the DSA object of a public key.
Definition: openssl_compat.h:261
RSA_meth_set_priv_dec
static int RSA_meth_set_priv_dec(RSA_METHOD *meth, int(*priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private decoding function of an RSA_METHOD object.
Definition: openssl_compat.h:507
SSL_CTX_set_min_proto_version
static int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1.
Definition: openssl_compat.h:669
RSA_meth_set0_app_data
static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
Set the application data of an RSA_METHOD object.
Definition: openssl_compat.h:583
DSA_get0_pqg
static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
Get the DSA parameters.
Definition: openssl_compat.h:367
RSA_meth_set_priv_enc
static int RSA_meth_set_priv_enc(RSA_METHOD *meth, int(*priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the private encoding function of an RSA_METHOD object.
Definition: openssl_compat.h:486
RSA_meth_set_pub_dec
static int RSA_meth_set_pub_dec(RSA_METHOD *meth, int(*pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public decoding function of an RSA_METHOD object.
Definition: openssl_compat.h:465
EVP_MD_CTX_reset
static int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
Reset a message digest context.
Definition: openssl_compat.h:86
EVP_PKEY_get0_EC_KEY
static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
Get the EC_KEY object of a public key.
Definition: openssl_compat.h:248
RSA_get0_key
static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
Get the RSA parameters.
Definition: openssl_compat.h:290
SSL_CTX_set_max_proto_version
static int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1.
Definition: openssl_compat.h:696
RSA_bits
static int RSA_bits(const RSA *rsa)
Number of significant RSA bits.
Definition: openssl_compat.h:351
RSA_meth_free
static void RSA_meth_free(RSA_METHOD *meth)
Free an existing RSA_METHOD object.
Definition: openssl_compat.h:421
X509_OBJECT_free
static void X509_OBJECT_free(X509_OBJECT *obj)
Destroy a X509 object.
Definition: openssl_compat.h:62
flags
list flags
Definition: .ycm_extra_conf.py:4
HMAC_CTX_new
static HMAC_CTX * HMAC_CTX_new(void)
Allocate a new HMAC context object.
Definition: openssl_compat.h:161
X509_get0_pubkey
static EVP_PKEY * X509_get0_pubkey(const X509 *x)
Get the public key from a X509 certificate.
Definition: openssl_compat.h:199
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1050
RSA_meth_set_pub_enc
static int RSA_meth_set_pub_enc(RSA_METHOD *meth, int(*pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
Set the public encoding function of an RSA_METHOD object.
Definition: openssl_compat.h:444
EVP_PKEY_get0_RSA
static RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
Get the RSA object of a public key.
Definition: openssl_compat.h:236
STACK_OF
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store)
Fetch the X509 object stack from the X509 store.
Definition: openssl_compat.h:211
EVP_MD_CTX_free
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
Free an existing message digest context.
Definition: openssl_compat.h:98
RSA_meth_new
static RSA_METHOD * RSA_meth_new(const char *name, int flags)
Allocate a new RSA method object.
Definition: openssl_compat.h:406
HMAC_CTX_reset
static int HMAC_CTX_reset(HMAC_CTX *ctx)
Reset a HMAC context.
Definition: openssl_compat.h:136
DSA_bits
static int DSA_bits(const DSA *dsa)
Number of significant DSA bits.
Definition: openssl_compat.h:391
EVP_MD_CTX_new
static EVP_MD_CTX * EVP_MD_CTX_new(void)
Allocate a new message digest object.
Definition: openssl_compat.h:109
init
static int init(RSA *rsa)
Definition: cryptoapi.c:518
HMAC_CTX_free
static void HMAC_CTX_free(HMAC_CTX *ctx)
Cleanup and free an existing HMAC context.
Definition: openssl_compat.h:149
RSA_meth_set_sign
static int RSA_meth_set_sign(RSA_METHOD *meth, int(*sign)(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
Set the sign function of an RSA_METHOD object.
Definition: openssl_compat.h:547
SSL_CTX_get_max_proto_version
static int SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
Return the max SSL protocol version currently enabled in the context.
Definition: openssl_compat.h:649
SSL_CTX_get_min_proto_version
static int SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
Return the min SSL protocol version currently enabled in the context.
Definition: openssl_compat.h:628
finish
static int finish(RSA *rsa)
Definition: cryptoapi.c:526
free
#define free
Definition: cmocka.c:1850
RSA_meth_get0_app_data
static void * RSA_meth_get0_app_data(const RSA_METHOD *meth)
Get the application data of an RSA_METHOD object.
Definition: openssl_compat.h:600
RSA_set0_key
static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
Set the RSA parameters.
Definition: openssl_compat.h:317
RSA_meth_set_init
static int RSA_meth_set_init(RSA_METHOD *meth, int(*init)(RSA *rsa))
Set the init function of an RSA_METHOD object.
Definition: openssl_compat.h:528
EC_GROUP_order_bits
static int EC_GROUP_order_bits(const EC_GROUP *group)
Gets the number of bits of the order of an EC_GROUP.
Definition: openssl_compat.h:612
RSA_set_flags
static void RSA_set_flags(RSA *rsa, int flags)
Set the RSA flags.
Definition: openssl_compat.h:273
X509_OBJECT_get_type
static int X509_OBJECT_get_type(const X509_OBJECT *obj)
Get the type of an X509 object.
Definition: openssl_compat.h:224
RSA_meth_set_finish
static int RSA_meth_set_finish(RSA_METHOD *meth, int(*finish)(RSA *rsa))
Set the finish function of an RSA_METHOD object.
Definition: openssl_compat.h:565
Generated by   doxygen 1.8.13