1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include "iovec-util.h"
8 typedef enum KeySourceType
{
9 OPENSSL_KEY_SOURCE_FILE
,
10 OPENSSL_KEY_SOURCE_ENGINE
,
11 OPENSSL_KEY_SOURCE_PROVIDER
,
12 _OPENSSL_KEY_SOURCE_MAX
,
13 _OPENSSL_KEY_SOURCE_INVALID
= -EINVAL
,
16 int parse_openssl_key_source_argument(const char *argument
, char **private_key_source
, KeySourceType
*private_key_source_type
);
18 #define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE
21 # include <openssl/bio.h>
22 # include <openssl/bn.h>
23 # include <openssl/crypto.h>
24 # include <openssl/engine.h>
25 # include <openssl/err.h>
26 # include <openssl/evp.h>
27 # include <openssl/opensslv.h>
28 # include <openssl/pkcs7.h>
29 # include <openssl/ssl.h>
30 # include <openssl/x509v3.h>
31 # ifndef OPENSSL_VERSION_MAJOR
32 /* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist, we must be before OpenSSL 3. */
33 # define OPENSSL_VERSION_MAJOR 1
35 # if OPENSSL_VERSION_MAJOR >= 3
36 # include <openssl/core_names.h>
37 # include <openssl/kdf.h>
38 # include <openssl/param_build.h>
39 # include <openssl/provider.h>
40 # include <openssl/store.h>
43 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_MACRO(void*, OPENSSL_free
, NULL
);
44 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME
*, X509_NAME_free
, NULL
);
45 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX
*, EVP_PKEY_CTX_free
, NULL
);
46 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX
*, EVP_CIPHER_CTX_free
, NULL
);
47 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT
*, EC_POINT_free
, NULL
);
48 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP
*, EC_GROUP_free
, NULL
);
49 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM
*, BN_free
, NULL
);
50 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX
*, BN_CTX_free
, NULL
);
51 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG
*, ECDSA_SIG_free
, NULL
);
52 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7
*, PKCS7_free
, NULL
);
53 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL
*, SSL_free
, NULL
);
54 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO
*, BIO_free
, NULL
);
55 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX
*, EVP_MD_CTX_free
, NULL
);
56 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ASN1_OCTET_STRING
*, ASN1_OCTET_STRING_free
, NULL
);
57 DISABLE_WARNING_DEPRECATED_DECLARATIONS
;
58 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ENGINE
*, ENGINE_free
, NULL
);
60 #if OPENSSL_VERSION_MAJOR >= 3
61 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER
*, EVP_CIPHER_free
, NULL
);
62 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_KDF
*, EVP_KDF_free
, NULL
);
63 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_KDF_CTX
*, EVP_KDF_CTX_free
, NULL
);
64 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MAC
*, EVP_MAC_free
, NULL
);
65 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MAC_CTX
*, EVP_MAC_CTX_free
, NULL
);
66 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD
*, EVP_MD_free
, NULL
);
67 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM
*, OSSL_PARAM_free
, NULL
);
68 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM_BLD
*, OSSL_PARAM_BLD_free
, NULL
);
69 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_STORE_CTX
*, OSSL_STORE_close
, NULL
);
70 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_STORE_INFO
*, OSSL_STORE_INFO_free
, NULL
);
72 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY
*, EC_KEY_free
, NULL
);
73 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(HMAC_CTX
*, HMAC_CTX_free
, NULL
);
74 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA
*, RSA_free
, NULL
);
77 static inline void sk_X509_free_allp(STACK_OF(X509
) **sk
) {
81 sk_X509_pop_free(*sk
, X509_free
);
84 int openssl_pkey_from_pem(const void *pem
, size_t pem_size
, EVP_PKEY
**ret
);
86 int openssl_digest_size(const char *digest_alg
, size_t *ret_digest_size
);
88 int openssl_digest_many(const char *digest_alg
, const struct iovec data
[], size_t n_data
, void **ret_digest
, size_t *ret_digest_size
);
90 static inline int openssl_digest(const char *digest_alg
, const void *buf
, size_t len
, void **ret_digest
, size_t *ret_digest_size
) {
91 return openssl_digest_many(digest_alg
, &IOVEC_MAKE((void*) buf
, len
), 1, ret_digest
, ret_digest_size
);
94 int openssl_hmac_many(const char *digest_alg
, const void *key
, size_t key_size
, const struct iovec data
[], size_t n_data
, void **ret_digest
, size_t *ret_digest_size
);
96 static inline int openssl_hmac(const char *digest_alg
, const void *key
, size_t key_size
, const void *buf
, size_t len
, void **ret_digest
, size_t *ret_digest_size
) {
97 return openssl_hmac_many(digest_alg
, key
, key_size
, &IOVEC_MAKE((void*) buf
, len
), 1, ret_digest
, ret_digest_size
);
100 int openssl_cipher_many(const char *alg
, size_t bits
, const char *mode
, const void *key
, size_t key_size
, const void *iv
, size_t iv_size
, const struct iovec data
[], size_t n_data
, void **ret
, size_t *ret_size
);
102 static inline int openssl_cipher(const char *alg
, size_t bits
, const char *mode
, const void *key
, size_t key_size
, const void *iv
, size_t iv_size
, const void *buf
, size_t len
, void **ret
, size_t *ret_size
) {
103 return openssl_cipher_many(alg
, bits
, mode
, key
, key_size
, iv
, iv_size
, &IOVEC_MAKE((void*) buf
, len
), 1, ret
, ret_size
);
106 int kdf_ss_derive(const char *digest
, const void *key
, size_t key_size
, const void *salt
, size_t salt_size
, const void *info
, size_t info_size
, size_t derive_size
, void **ret
);
108 int kdf_kb_hmac_derive(const char *mode
, const char *digest
, const void *key
, size_t key_size
, const void *salt
, size_t salt_size
, const void *info
, size_t info_size
, const void *seed
, size_t seed_size
, size_t derive_size
, void **ret
);
110 int rsa_encrypt_bytes(EVP_PKEY
*pkey
, const void *decrypted_key
, size_t decrypted_key_size
, void **ret_encrypt_key
, size_t *ret_encrypt_key_size
);
112 int rsa_oaep_encrypt_bytes(const EVP_PKEY
*pkey
, const char *digest_alg
, const char *label
, const void *decrypted_key
, size_t decrypted_key_size
, void **ret_encrypt_key
, size_t *ret_encrypt_key_size
);
114 int rsa_pkey_to_suitable_key_size(EVP_PKEY
*pkey
, size_t *ret_suitable_key_size
);
116 int rsa_pkey_new(size_t bits
, EVP_PKEY
**ret
);
118 int rsa_pkey_from_n_e(const void *n
, size_t n_size
, const void *e
, size_t e_size
, EVP_PKEY
**ret
);
120 int rsa_pkey_to_n_e(const EVP_PKEY
*pkey
, void **ret_n
, size_t *ret_n_size
, void **ret_e
, size_t *ret_e_size
);
122 int ecc_pkey_from_curve_x_y(int curve_id
, const void *x
, size_t x_size
, const void *y
, size_t y_size
, EVP_PKEY
**ret
);
124 int ecc_pkey_to_curve_x_y(const EVP_PKEY
*pkey
, int *ret_curve_id
, void **ret_x
, size_t *ret_x_size
, void **ret_y
, size_t *ret_y_size
);
126 int ecc_pkey_new(int curve_id
, EVP_PKEY
**ret
);
128 int ecc_ecdh(const EVP_PKEY
*private_pkey
, const EVP_PKEY
*peer_pkey
, void **ret_shared_secret
, size_t *ret_shared_secret_size
);
130 int pkey_generate_volume_keys(EVP_PKEY
*pkey
, void **ret_decrypted_key
, size_t *ret_decrypted_key_size
, void **ret_saved_key
, size_t *ret_saved_key_size
);
132 int pubkey_fingerprint(EVP_PKEY
*pk
, const EVP_MD
*md
, void **ret
, size_t *ret_size
);
134 int digest_and_sign(const EVP_MD
*md
, EVP_PKEY
*privkey
, const void *data
, size_t size
, void **ret
, size_t *ret_size
);
136 int openssl_load_key_from_token(KeySourceType private_key_source_type
, const char *private_key_source
, const char *private_key
, EVP_PKEY
**ret
);
140 typedef struct X509 X509
;
141 typedef struct EVP_PKEY EVP_PKEY
;
143 static inline void *X509_free(X509
*p
) {
148 static inline void *EVP_PKEY_free(EVP_PKEY
*p
) {
153 static inline int openssl_load_key_from_token(
154 KeySourceType private_key_source_type
,
155 const char *private_key_source
,
156 const char *private_key
,
164 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509
*, X509_free
, NULL
);
165 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY
*, EVP_PKEY_free
, NULL
);
167 int x509_fingerprint(X509
*cert
, uint8_t buffer
[static X509_FINGERPRINT_SIZE
]);
170 /* The openssl definition */
171 typedef const EVP_MD
* hash_md_t
;
172 typedef const EVP_MD
* hash_algorithm_t
;
173 typedef int elliptic_curve_t
;
174 typedef EVP_MD_CTX
* hash_context_t
;
175 # define OPENSSL_OR_GCRYPT(a, b) (a)
181 /* The gcrypt definition */
182 typedef int hash_md_t
;
183 typedef const char* hash_algorithm_t
;
184 typedef const char* elliptic_curve_t
;
185 typedef gcry_md_hd_t hash_context_t
;
186 # define OPENSSL_OR_GCRYPT(a, b) (b)
190 int string_hashsum(const char *s
, size_t len
, const char *md_algorithm
, char **ret
);
192 static inline int string_hashsum_sha224(const char *s
, size_t len
, char **ret
) {
193 return string_hashsum(s
, len
, "SHA224", ret
);
196 static inline int string_hashsum_sha256(const char *s
, size_t len
, char **ret
) {
197 return string_hashsum(s
, len
, "SHA256", ret
);