[thirdparty/systemd.git] / src / shared / openssl-util.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include "macro.h"

#if HAVE_OPENSSL
#  include <openssl/bio.h>
#  include <openssl/bn.h>
#  include <openssl/err.h>
#  include <openssl/evp.h>
#  include <openssl/opensslv.h>
#  include <openssl/pkcs7.h>
#  include <openssl/ssl.h>
#  include <openssl/x509v3.h>
#  ifndef OPENSSL_VERSION_MAJOR
/* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist,  we must be before OpenSSL 3. */
#    define OPENSSL_VERSION_MAJOR 1
#  endif
#  if OPENSSL_VERSION_MAJOR >= 3
#    include <openssl/core_names.h>
#  endif

DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL);

static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
        if (!sk || !*sk)
                return;

        sk_X509_pop_free(*sk, X509_free);
}

int openssl_hash(const EVP_MD *alg, const void *msg, size_t msg_len, uint8_t *ret_hash, size_t *ret_hash_len);

int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);

int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size);

int pubkey_fingerprint(EVP_PKEY *pk, const EVP_MD *md, void **ret, size_t *ret_size);

#else

typedef struct X509 X509;
typedef struct EVP_PKEY EVP_PKEY;

static inline void *X509_free(X509 *p) {
        assert(p == NULL);
        return NULL;
}

static inline void *EVP_PKEY_free(EVP_PKEY *p) {
        assert(p == NULL);
        return NULL;
}

#endif

DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);

#if PREFER_OPENSSL
/* The openssl definition */
typedef const EVP_MD* hash_md_t;
typedef const EVP_MD* hash_algorithm_t;
typedef int elliptic_curve_t;
typedef EVP_MD_CTX* hash_context_t;
#  define OPENSSL_OR_GCRYPT(a, b) (a)

#elif HAVE_GCRYPT

#  include <gcrypt.h>

/* The gcrypt definition */
typedef int hash_md_t;
typedef const char* hash_algorithm_t;
typedef const char* elliptic_curve_t;
typedef gcry_md_hd_t hash_context_t;
#  define OPENSSL_OR_GCRYPT(a, b) (b)
#endif

#if PREFER_OPENSSL
int string_hashsum(const char *s, size_t len, hash_algorithm_t md_algorithm, char **ret);

static inline int string_hashsum_sha224(const char *s, size_t len, char **ret) {
        return string_hashsum(s, len, EVP_sha224(), ret);
}

static inline int string_hashsum_sha256(const char *s, size_t len, char **ret) {
        return string_hashsum(s, len, EVP_sha256(), ret);
}
#endif
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
3f637019 LP	2	#pragma once
3f637019 LP	3
f2d5df8a LP	4	#include "macro.h"
f2d5df8a LP	5
b012a1f4	6	#if HAVE_OPENSSL
c2fa92e7	7	# include <openssl/bio.h>
57633d23 ZJS	8	# include <openssl/bn.h>
57633d23 ZJS	9	# include <openssl/err.h>
4ef65db3	10	# include <openssl/evp.h>
d9b5841d	11	# include <openssl/opensslv.h>
c2fa92e7 LP	12	# include <openssl/pkcs7.h>
	13	# include <openssl/ssl.h>
	14	# include <openssl/x509v3.h>
d9b5841d LP	15	# ifndef OPENSSL_VERSION_MAJOR
	16	/* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist, we must be before OpenSSL 3. */
	17	# define OPENSSL_VERSION_MAJOR 1
	18	# endif
	19	# if OPENSSL_VERSION_MAJOR >= 3
	20	# include <openssl/core_names.h>
	21	# endif
3f637019	22
fd421c4a ZJS	23	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
	24	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
	25	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
57633d23 ZJS	26	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
	27	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
	28	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
	29	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL);
	30	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL);
c2fa92e7 LP	31	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL);
	32	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL);
	33	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
18f568b8	34	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL);
c2fa92e7 LP	35
	36	static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
	37	if (!sk \|\| !*sk)
	38	return;
	39
	40	sk_X509_pop_free(*sk, X509_free);
	41	}
b012a1f4	42
fc169a6f KK	43	int openssl_hash(const EVP_MD alg, const void msg, size_t msg_len, uint8_t ret_hash, size_t ret_hash_len);
fc169a6f KK	44
f2d5df8a LP	45	int rsa_encrypt_bytes(EVP_PKEY pkey, const void decrypted_key, size_t decrypted_key_size, void *ret_encrypt_key, size_t ret_encrypt_key_size);
f2d5df8a LP	46
d041e4fc	47	int rsa_pkey_to_suitable_key_size(EVP_PKEY pkey, size_t ret_suitable_key_size);
e8ccb5c7 LP	48
	49	int pubkey_fingerprint(EVP_PKEY pk, const EVP_MD md, void *ret, size_t ret_size);
	50
bc958a19 DDM	51	#else
	52
	53	typedef struct X509 X509;
	54	typedef struct EVP_PKEY EVP_PKEY;
	55
	56	static inline void X509_free(X509 p) {
	57	assert(p == NULL);
	58	return NULL;
	59	}
	60
	61	static inline void EVP_PKEY_free(EVP_PKEY p) {
	62	assert(p == NULL);
	63	return NULL;
	64	}
	65
57633d23 ZJS	66	#endif
57633d23 ZJS	67
bc958a19 DDM	68	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
	69	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
	70
57633d23 ZJS	71	#if PREFER_OPENSSL
	72	/* The openssl definition */
	73	typedef const EVP_MD* hash_md_t;
	74	typedef const EVP_MD* hash_algorithm_t;
	75	typedef int elliptic_curve_t;
	76	typedef EVP_MD_CTX* hash_context_t;
	77	# define OPENSSL_OR_GCRYPT(a, b) (a)
	78
	79	#elif HAVE_GCRYPT
	80
	81	# include <gcrypt.h>
d041e4fc	82
57633d23 ZJS	83	/* The gcrypt definition */
	84	typedef int hash_md_t;
	85	typedef const char* hash_algorithm_t;
	86	typedef const char* elliptic_curve_t;
	87	typedef gcry_md_hd_t hash_context_t;
	88	# define OPENSSL_OR_GCRYPT(a, b) (b)
b012a1f4	89	#endif
7e8facb3 ZJS	90
	91	#if PREFER_OPENSSL
	92	int string_hashsum(const char s, size_t len, hash_algorithm_t md_algorithm, char *ret);
	93
	94	static inline int string_hashsum_sha224(const char s, size_t len, char *ret) {
	95	return string_hashsum(s, len, EVP_sha224(), ret);
	96	}
	97
	98	static inline int string_hashsum_sha256(const char s, size_t len, char *ret) {
	99	return string_hashsum(s, len, EVP_sha256(), ret);
	100	}
	101	#endif