]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/openssl-util.h
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #28398 from ddstreet/tpm2_specify_pcr_value
[thirdparty/systemd.git] / src / shared / openssl-util.h
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 #pragma once
3
4 #include "macro.h"
5 #include "sha256.h"
6
7 #define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE
8
9 #if HAVE_OPENSSL
10 # include <openssl/bio.h>
11 # include <openssl/bn.h>
12 # include <openssl/crypto.h>
13 # include <openssl/err.h>
14 # include <openssl/evp.h>
15 # include <openssl/opensslv.h>
16 # include <openssl/pkcs7.h>
17 # include <openssl/ssl.h>
18 # include <openssl/x509v3.h>
19 # ifndef OPENSSL_VERSION_MAJOR
20 /* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist, we must be before OpenSSL 3. */
21 # define OPENSSL_VERSION_MAJOR 1
22 # endif
23 # if OPENSSL_VERSION_MAJOR >= 3
24 # include <openssl/core_names.h>
25 # include <openssl/param_build.h>
26 # endif
27
28 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_MACRO(void*, OPENSSL_free, NULL);
29 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
30 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
31 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
32 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
33 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
34 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
35 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL);
36 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL);
37 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL);
38 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL);
39 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
40 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL);
41 #if OPENSSL_VERSION_MAJOR >= 3
42 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM*, OSSL_PARAM_free, NULL);
43 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM_BLD*, OSSL_PARAM_BLD_free, NULL);
44 #else
45 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
46 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
47 #endif
48
49 static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
50 if (!sk || !*sk)
51 return;
52
53 sk_X509_pop_free(*sk, X509_free);
54 }
55
56 int openssl_pkey_from_pem(const void *pem, size_t pem_size, EVP_PKEY **ret);
57
58 int openssl_hash(const EVP_MD *alg, const void *msg, size_t msg_len, uint8_t *ret_hash, size_t *ret_hash_len);
59
60 int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);
61
62 int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size);
63
64 int rsa_pkey_new(size_t bits, EVP_PKEY **ret);
65
66 int rsa_pkey_from_n_e(const void *n, size_t n_size, const void *e, size_t e_size, EVP_PKEY **ret);
67
68 int rsa_pkey_to_n_e(const EVP_PKEY *pkey, void **ret_n, size_t *ret_n_size, void **ret_e, size_t *ret_e_size);
69
70 int ecc_pkey_from_curve_x_y(int curve_id, const void *x, size_t x_size, const void *y, size_t y_size, EVP_PKEY **ret);
71
72 int ecc_pkey_to_curve_x_y(const EVP_PKEY *pkey, int *ret_curve_id, void **ret_x, size_t *ret_x_size, void **ret_y, size_t *ret_y_size);
73
74 int ecc_pkey_new(int curve_id, EVP_PKEY **ret);
75
76 int pubkey_fingerprint(EVP_PKEY *pk, const EVP_MD *md, void **ret, size_t *ret_size);
77
78 #else
79
80 typedef struct X509 X509;
81 typedef struct EVP_PKEY EVP_PKEY;
82
83 static inline void *X509_free(X509 *p) {
84 assert(p == NULL);
85 return NULL;
86 }
87
88 static inline void *EVP_PKEY_free(EVP_PKEY *p) {
89 assert(p == NULL);
90 return NULL;
91 }
92
93 #endif
94
95 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
96 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
97
98 int x509_fingerprint(X509 *cert, uint8_t buffer[static X509_FINGERPRINT_SIZE]);
99
100 #if PREFER_OPENSSL
101 /* The openssl definition */
102 typedef const EVP_MD* hash_md_t;
103 typedef const EVP_MD* hash_algorithm_t;
104 typedef int elliptic_curve_t;
105 typedef EVP_MD_CTX* hash_context_t;
106 # define OPENSSL_OR_GCRYPT(a, b) (a)
107
108 #elif HAVE_GCRYPT
109
110 # include <gcrypt.h>
111
112 /* The gcrypt definition */
113 typedef int hash_md_t;
114 typedef const char* hash_algorithm_t;
115 typedef const char* elliptic_curve_t;
116 typedef gcry_md_hd_t hash_context_t;
117 # define OPENSSL_OR_GCRYPT(a, b) (b)
118 #endif
119
120 #if PREFER_OPENSSL
121 int string_hashsum(const char *s, size_t len, hash_algorithm_t md_algorithm, char **ret);
122
123 static inline int string_hashsum_sha224(const char *s, size_t len, char **ret) {
124 return string_hashsum(s, len, EVP_sha224(), ret);
125 }
126
127 static inline int string_hashsum_sha256(const char *s, size_t len, char **ret) {
128 return string_hashsum(s, len, EVP_sha256(), ret);
129 }
130 #endif
Unnamed repository; edit this file 'description' to name the repository.