[thirdparty/systemd.git] / src / shared / openssl-util.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include "macro.h"
#include "sha256.h"

#define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE

#if HAVE_OPENSSL
#  include <openssl/bio.h>
#  include <openssl/bn.h>
#  include <openssl/crypto.h>
#  include <openssl/err.h>
#  include <openssl/evp.h>
#  include <openssl/opensslv.h>
#  include <openssl/pkcs7.h>
#  include <openssl/ssl.h>
#  include <openssl/x509v3.h>
#  ifndef OPENSSL_VERSION_MAJOR
/* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist,  we must be before OpenSSL 3. */
#    define OPENSSL_VERSION_MAJOR 1
#  endif
#  if OPENSSL_VERSION_MAJOR >= 3
#    include <openssl/core_names.h>
#    include <openssl/param_build.h>
#  endif

DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_MACRO(void*, OPENSSL_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL);
#if OPENSSL_VERSION_MAJOR >= 3
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD*, EVP_MD_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM*, OSSL_PARAM_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM_BLD*, OSSL_PARAM_BLD_free, NULL);
#else
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
#endif

static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
        if (!sk || !*sk)
                return;

        sk_X509_pop_free(*sk, X509_free);
}

int openssl_pkey_from_pem(const void *pem, size_t pem_size, EVP_PKEY **ret);

int openssl_hash(const EVP_MD *alg, const void *msg, size_t msg_len, uint8_t *ret_hash, size_t *ret_hash_len);

int openssl_digest_size(const char *digest_alg, size_t *ret_digest_size);

int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);

int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size);

int rsa_pkey_new(size_t bits, EVP_PKEY **ret);

int rsa_pkey_from_n_e(const void *n, size_t n_size, const void *e, size_t e_size, EVP_PKEY **ret);

int rsa_pkey_to_n_e(const EVP_PKEY *pkey, void **ret_n, size_t *ret_n_size, void **ret_e, size_t *ret_e_size);

int ecc_pkey_from_curve_x_y(int curve_id, const void *x, size_t x_size, const void *y, size_t y_size, EVP_PKEY **ret);

int ecc_pkey_to_curve_x_y(const EVP_PKEY *pkey, int *ret_curve_id, void **ret_x, size_t *ret_x_size, void **ret_y, size_t *ret_y_size);

int ecc_pkey_new(int curve_id, EVP_PKEY **ret);

int pubkey_fingerprint(EVP_PKEY *pk, const EVP_MD *md, void **ret, size_t *ret_size);

int digest_and_sign(const EVP_MD *md, EVP_PKEY *privkey, const void *data, size_t size, void **ret, size_t *ret_size);

#else

typedef struct X509 X509;
typedef struct EVP_PKEY EVP_PKEY;

static inline void *X509_free(X509 *p) {
        assert(p == NULL);
        return NULL;
}

static inline void *EVP_PKEY_free(EVP_PKEY *p) {
        assert(p == NULL);
        return NULL;
}

#endif

DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);

int x509_fingerprint(X509 *cert, uint8_t buffer[static X509_FINGERPRINT_SIZE]);

#if PREFER_OPENSSL
/* The openssl definition */
typedef const EVP_MD* hash_md_t;
typedef const EVP_MD* hash_algorithm_t;
typedef int elliptic_curve_t;
typedef EVP_MD_CTX* hash_context_t;
#  define OPENSSL_OR_GCRYPT(a, b) (a)

#elif HAVE_GCRYPT

#  include <gcrypt.h>

/* The gcrypt definition */
typedef int hash_md_t;
typedef const char* hash_algorithm_t;
typedef const char* elliptic_curve_t;
typedef gcry_md_hd_t hash_context_t;
#  define OPENSSL_OR_GCRYPT(a, b) (b)
#endif

#if PREFER_OPENSSL
int string_hashsum(const char *s, size_t len, hash_algorithm_t md_algorithm, char **ret);

static inline int string_hashsum_sha224(const char *s, size_t len, char **ret) {
        return string_hashsum(s, len, EVP_sha224(), ret);
}

static inline int string_hashsum_sha256(const char *s, size_t len, char **ret) {
        return string_hashsum(s, len, EVP_sha256(), ret);
}
#endif
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
3f637019 LP	2	#pragma once
3f637019 LP	3
f2d5df8a	4	#include "macro.h"
8939d335 DDM	5	#include "sha256.h"
	6
	7	#define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE
f2d5df8a	8
b012a1f4	9	#if HAVE_OPENSSL
c2fa92e7	10	# include <openssl/bio.h>
57633d23	11	# include <openssl/bn.h>
900e73f8	12	# include <openssl/crypto.h>
57633d23	13	# include <openssl/err.h>
4ef65db3	14	# include <openssl/evp.h>
d9b5841d	15	# include <openssl/opensslv.h>
c2fa92e7 LP	16	# include <openssl/pkcs7.h>
	17	# include <openssl/ssl.h>
	18	# include <openssl/x509v3.h>
d9b5841d LP	19	# ifndef OPENSSL_VERSION_MAJOR
	20	/* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist, we must be before OpenSSL 3. */
	21	# define OPENSSL_VERSION_MAJOR 1
	22	# endif
	23	# if OPENSSL_VERSION_MAJOR >= 3
	24	# include <openssl/core_names.h>
dcec950c	25	# include <openssl/param_build.h>
d9b5841d	26	# endif
3f637019	27
900e73f8	28	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_MACRO(void*, OPENSSL_free, NULL);
fd421c4a ZJS	29	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
	30	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
	31	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
57633d23 ZJS	32	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
	33	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
	34	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
	35	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL);
	36	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL);
c2fa92e7 LP	37	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL);
	38	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL);
	39	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
18f568b8	40	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL);
dcec950c	41	#if OPENSSL_VERSION_MAJOR >= 3
c52a003d	42	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD*, EVP_MD_free, NULL);
dcec950c DS	43	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM*, OSSL_PARAM_free, NULL);
	44	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM_BLD*, OSSL_PARAM_BLD_free, NULL);
	45	#else
	46	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
	47	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
	48	#endif
c2fa92e7 LP	49
	50	static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
	51	if (!sk \|\| !*sk)
	52	return;
	53
	54	sk_X509_pop_free(*sk, X509_free);
	55	}
b012a1f4	56
4af788c7 DS	57	int openssl_pkey_from_pem(const void pem, size_t pem_size, EVP_PKEY *ret);
4af788c7 DS	58
fc169a6f KK	59	int openssl_hash(const EVP_MD alg, const void msg, size_t msg_len, uint8_t ret_hash, size_t ret_hash_len);
fc169a6f KK	60
c52a003d DS	61	int openssl_digest_size(const char digest_alg, size_t ret_digest_size);
c52a003d DS	62
f2d5df8a LP	63	int rsa_encrypt_bytes(EVP_PKEY pkey, const void decrypted_key, size_t decrypted_key_size, void *ret_encrypt_key, size_t ret_encrypt_key_size);
f2d5df8a LP	64
d041e4fc	65	int rsa_pkey_to_suitable_key_size(EVP_PKEY pkey, size_t ret_suitable_key_size);
e8ccb5c7	66
dcec950c DS	67	int rsa_pkey_new(size_t bits, EVP_PKEY **ret);
	68
	69	int rsa_pkey_from_n_e(const void n, size_t n_size, const void e, size_t e_size, EVP_PKEY **ret);
	70
	71	int rsa_pkey_to_n_e(const EVP_PKEY pkey, void ret_n, size_t ret_n_size, void *ret_e, size_t ret_e_size);
	72
900e73f8 DS	73	int ecc_pkey_from_curve_x_y(int curve_id, const void x, size_t x_size, const void y, size_t y_size, EVP_PKEY **ret);
	74
	75	int ecc_pkey_to_curve_x_y(const EVP_PKEY pkey, int ret_curve_id, void *ret_x, size_t ret_x_size, void *ret_y, size_t ret_y_size);
	76
	77	int ecc_pkey_new(int curve_id, EVP_PKEY **ret);
	78
e8ccb5c7 LP	79	int pubkey_fingerprint(EVP_PKEY pk, const EVP_MD md, void *ret, size_t ret_size);
e8ccb5c7 LP	80
ef65c0f6 LP	81	int digest_and_sign(const EVP_MD md, EVP_PKEY privkey, const void data, size_t size, void ret, size_t ret_size);
ef65c0f6 LP	82
bc958a19 DDM	83	#else
	84
	85	typedef struct X509 X509;
	86	typedef struct EVP_PKEY EVP_PKEY;
	87
	88	static inline void X509_free(X509 p) {
	89	assert(p == NULL);
	90	return NULL;
	91	}
	92
	93	static inline void EVP_PKEY_free(EVP_PKEY p) {
	94	assert(p == NULL);
	95	return NULL;
	96	}
	97
57633d23 ZJS	98	#endif
57633d23 ZJS	99
bc958a19 DDM	100	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
	101	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
	102
8939d335 DDM	103	int x509_fingerprint(X509 *cert, uint8_t buffer[static X509_FINGERPRINT_SIZE]);
8939d335 DDM	104
57633d23 ZJS	105	#if PREFER_OPENSSL
	106	/* The openssl definition */
	107	typedef const EVP_MD* hash_md_t;
	108	typedef const EVP_MD* hash_algorithm_t;
	109	typedef int elliptic_curve_t;
	110	typedef EVP_MD_CTX* hash_context_t;
	111	# define OPENSSL_OR_GCRYPT(a, b) (a)
	112
	113	#elif HAVE_GCRYPT
	114
	115	# include <gcrypt.h>
d041e4fc	116
57633d23 ZJS	117	/* The gcrypt definition */
	118	typedef int hash_md_t;
	119	typedef const char* hash_algorithm_t;
	120	typedef const char* elliptic_curve_t;
	121	typedef gcry_md_hd_t hash_context_t;
	122	# define OPENSSL_OR_GCRYPT(a, b) (b)
b012a1f4	123	#endif
7e8facb3 ZJS	124
	125	#if PREFER_OPENSSL
	126	int string_hashsum(const char s, size_t len, hash_algorithm_t md_algorithm, char *ret);
	127
	128	static inline int string_hashsum_sha224(const char s, size_t len, char *ret) {
	129	return string_hashsum(s, len, EVP_sha224(), ret);
	130	}
	131
	132	static inline int string_hashsum_sha256(const char s, size_t len, char *ret) {
	133	return string_hashsum(s, len, EVP_sha256(), ret);
	134	}
	135	#endif