1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#ifndef SSL_TOOLKIT_COMPAT_H 18#define SSL_TOOLKIT_COMPAT_H 19 20/** 21 * @file ssl_toolkit_compat.h 22 * @brief this header file provides a compatiblity layer 23 * between OpenSSL and RSA sslc 24 * 25 * @defgroup MOD_SSL_TOOLKIT Toolkit 26 * @ingroup MOD_SSL 27 * @{ 28 */ 29 30#ifdef HAVE_OPENSSL 31 32/** OpenSSL headers */ 33#include <openssl/ssl.h> 34#include <openssl/err.h> 35#include <openssl/x509.h> 36#include <openssl/pem.h> 37#include <openssl/crypto.h> 38#include <openssl/evp.h> 39#include <openssl/rand.h> 40#include <openssl/x509v3.h> 41 42/* ECC support came along in OpenSSL 1.0.0 */ 43#if (OPENSSL_VERSION_NUMBER < 0x10000000) 44#define OPENSSL_NO_EC 45#endif 46 47/** Avoid tripping over an engine build installed globally and detected 48 * when the user points at an explicit non-engine flavor of OpenSSL 49 */ 50#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) 51#include <openssl/engine.h> 52#endif 53 54/** 55 * rsa sslc uses incomplete types for most structures 56 * so we macroize for OpenSSL those which cannot be dereferenced 57 * using the same sames as the sslc functions 58 */ 59 60#define EVP_PKEY_key_type(k) (EVP_PKEY_type(k->type)) 61 62#define X509_NAME_get_entries(xs) (xs->entries) 63#define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber) 64 65#define X509_get_signature_algorithm(xs) (xs->cert_info->signature->algorithm) 66#define X509_get_key_algorithm(xs) (xs->cert_info->key->algor->algorithm) 67 68#define X509_NAME_ENTRY_get_data_ptr(xs) (xs->value->data) 69#define X509_NAME_ENTRY_get_data_len(xs) (xs->value->length) 70 71#define SSL_CTX_get_extra_certs(ctx) (ctx->extra_certs) 72#define SSL_CTX_set_extra_certs(ctx,value) {ctx->extra_certs = value;} 73 74#define SSL_CIPHER_get_name(s) (s->name) 75#define SSL_CIPHER_get_valid(s) (s->valid) 76 77#define SSL_SESSION_get_session_id(s) (s->session_id) 78#define SSL_SESSION_get_session_id_length(s) (s->session_id_length) 79 80/** 81 * Support for retrieving/overriding states 82 */ 83#ifndef SSL_get_state 84#define SSL_get_state(ssl) SSL_state(ssl) 85#endif 86 87#define SSL_set_state(ssl,val) (ssl)->state = val 88 89#define MODSSL_BIO_CB_ARG_TYPE const char 90#define MODSSL_CRYPTO_CB_ARG_TYPE const char 91#if (OPENSSL_VERSION_NUMBER < 0x00907000) 92# define MODSSL_INFO_CB_ARG_TYPE SSL* 93#else 94# define MODSSL_INFO_CB_ARG_TYPE const SSL* 95#endif 96#define MODSSL_CLIENT_CERT_CB_ARG_TYPE X509 97#define MODSSL_PCHAR_CAST 98 99/** ...shifting sands of openssl... */ 100#if (OPENSSL_VERSION_NUMBER >= 0x0090707f) 101# define MODSSL_D2I_SSL_SESSION_CONST const 102# define MODSSL_SSL_CIPHER_CONST const 103#else 104# define MODSSL_D2I_SSL_SESSION_CONST 105# define MODSSL_SSL_CIPHER_CONST 106#endif 107 108#if (OPENSSL_VERSION_NUMBER >= 0x00908000) 109# define MODSSL_D2I_PrivateKey_CONST const 110# define MODSSL_D2I_X509_CONST const 111#else 112# define MODSSL_D2I_PrivateKey_CONST 113# define MODSSL_D2I_X509_CONST 114#endif 115 116#if (OPENSSL_VERSION_NUMBER >= 0x00909000) 117# define MODSSL_SSL_METHOD_CONST const 118#else 119# define MODSSL_SSL_METHOD_CONST 120#endif 121 122#define modssl_X509_verify_cert X509_verify_cert 123 124typedef int (modssl_read_bio_cb_fn)(char*,int,int,void*); 125 126#if (OPENSSL_VERSION_NUMBER < 0x00904000) 127#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb) 128#else 129#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb, arg) 130#endif 131 132#define modssl_PEM_X509_INFO_read_bio PEM_X509_INFO_read_bio 133 134#define modssl_PEM_read_bio_PrivateKey PEM_read_bio_PrivateKey 135 136#define modssl_set_cipher_list SSL_set_cipher_list 137 138#define modssl_free OPENSSL_free 139 140#define EVP_PKEY_reference_inc(pkey) \ 141 CRYPTO_add(&((pkey)->references), +1, CRYPTO_LOCK_X509_PKEY) 142 143#define X509_reference_inc(cert) \ 144 CRYPTO_add(&((cert)->references), +1, CRYPTO_LOCK_X509) 145 146#define HAVE_SSL_RAND_EGD /* since 9.5.1 */ 147 148#define HAVE_SSL_X509V3_EXT_d2i 149 150#if (OPENSSL_VERSION_NUMBER >= 0x009080a0) && defined(OPENSSL_FIPS) 151#define HAVE_FIPS 152#endif 153 154#ifndef PEM_F_DEF_CALLBACK 155#ifdef PEM_F_PEM_DEF_CALLBACK 156/** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */ 157#define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK 158#endif 159#endif 160 161#elif defined(HAVE_SSLC) 162 163#include <bio.h> 164#include <ssl.h> 165#include <err.h> 166#include <x509.h> 167#include <pem.h> 168#include <evp.h> 169#include <objects.h> 170#include <sslc.h> 171 172/** sslc does not support this function, OpenSSL has since 9.5.1 */ 173#define RAND_status() 1 174 175/** sslc names this function a bit differently */ 176#define CRYPTO_num_locks() CRYPTO_get_num_locks() 177 178#ifndef STACK_OF 179#define STACK_OF(type) STACK 180#endif 181 182#define MODSSL_BIO_CB_ARG_TYPE char 183#define MODSSL_CRYPTO_CB_ARG_TYPE char 184#define MODSSL_INFO_CB_ARG_TYPE SSL* 185#define MODSSL_CLIENT_CERT_CB_ARG_TYPE void 186#define MODSSL_PCHAR_CAST (char *) 187#define MODSSL_D2I_SSL_SESSION_CONST 188#define MODSSL_D2I_PrivateKey_CONST 189#define MODSSL_D2I_X509_CONST 190 191typedef int (modssl_read_bio_cb_fn)(char*,int,int); 192 193#define modssl_X509_verify_cert(c) X509_verify_cert(c, NULL) 194 195#define modssl_PEM_read_bio_X509(b, x, cb, arg) \ 196 PEM_read_bio_X509(b, x, cb) 197 198#define modssl_PEM_X509_INFO_read_bio(b, x, cb, arg)\ 199 PEM_X509_INFO_read_bio(b, x, cb) 200 201#define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \ 202 PEM_read_bio_PrivateKey(b, k, cb) 203 204#ifndef HAVE_SSL_SET_STATE 205#define SSL_set_state(ssl, state) /** XXX: should throw an error */ 206#endif 207 208#define modssl_set_cipher_list(ssl, l) \ 209 SSL_set_cipher_list(ssl, (char *)l) 210 211#define modssl_free free 212 213#ifndef PEM_F_DEF_CALLBACK 214#define PEM_F_DEF_CALLBACK PEM_F_DEF_CB 215#endif 216 217#if SSLC_VERSION_NUMBER < 0x2000 218 219#define X509_STORE_CTX_set_depth(st, d) 220#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) 221#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) 222#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) 223#define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber) 224 225#define modssl_set_verify(ssl, verify, cb) \ 226 SSL_set_verify(ssl, verify) 227 228#else /** SSLC_VERSION_NUMBER >= 0x2000 */ 229 230#define CRYPTO_malloc_init R_malloc_init 231 232#define EVP_cleanup() 233 234#endif /** SSLC_VERSION_NUMBER >= 0x2000 */ 235 236typedef void (*modssl_popfree_fn)(char *data); 237 238#define sk_SSL_CIPHER_dup sk_dup 239#define sk_SSL_CIPHER_find(st, data) sk_find(st, (void *)data) 240#define sk_SSL_CIPHER_free sk_free 241#define sk_SSL_CIPHER_num sk_num 242#define sk_SSL_CIPHER_value (SSL_CIPHER *)sk_value 243#define sk_X509_num sk_num 244#define sk_X509_push sk_push 245#define sk_X509_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free)) 246#define sk_X509_value (X509 *)sk_value 247#define sk_X509_shift (X509 *)sk_shift 248#define sk_X509_INFO_free sk_free 249#define sk_X509_INFO_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free)) 250#define sk_X509_INFO_num sk_num 251#define sk_X509_INFO_new_null sk_new_null 252#define sk_X509_INFO_value (X509_INFO *)sk_value 253#define sk_X509_NAME_find(st, data) sk_find(st, (void *)data) 254#define sk_X509_NAME_free sk_free 255#define sk_X509_NAME_new sk_new 256#define sk_X509_NAME_num sk_num 257#define sk_X509_NAME_push(st, data) sk_push(st, (void *)data) 258#define sk_X509_NAME_value (X509_NAME *)sk_value 259#define sk_X509_NAME_ENTRY_num sk_num 260#define sk_X509_NAME_ENTRY_value (X509_NAME_ENTRY *)sk_value 261#define sk_X509_NAME_set_cmp_func sk_set_cmp_func 262#define sk_X509_REVOKED_num sk_num 263#define sk_X509_REVOKED_value (X509_REVOKED *)sk_value 264 265#else /** ! HAVE_OPENSSL && ! HAVE_SSLC */ 266 267#error "Unrecognized SSL Toolkit!" 268 269#endif /* ! HAVE_OPENSSL && ! HAVE_SSLC */ 270 271#ifndef modssl_set_verify 272#define modssl_set_verify(ssl, verify, cb) \ 273 SSL_set_verify(ssl, verify, cb) 274#endif 275 276#ifndef SSL_SESS_CACHE_NO_INTERNAL 277#define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 278#endif 279 280#ifndef OPENSSL_NO_TLSEXT 281#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME 282#define OPENSSL_NO_TLSEXT 283#endif 284#endif 285 286#endif /* SSL_TOOLKIT_COMPAT_H */ 287 288/** @} */ 289