1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
7 #define X509_FINGERPRINT_SIZE SHA256_DIGEST_SIZE
10 # include <openssl/bio.h>
11 # include <openssl/bn.h>
12 # include <openssl/crypto.h>
13 # include <openssl/err.h>
14 # include <openssl/evp.h>
15 # include <openssl/opensslv.h>
16 # include <openssl/pkcs7.h>
17 # include <openssl/ssl.h>
18 # include <openssl/x509v3.h>
19 # ifndef OPENSSL_VERSION_MAJOR
20 /* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist, we must be before OpenSSL 3. */
21 # define OPENSSL_VERSION_MAJOR 1
23 # if OPENSSL_VERSION_MAJOR >= 3
24 # include <openssl/core_names.h>
25 # include <openssl/param_build.h>
28 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_MACRO(void*, OPENSSL_free
, NULL
);
29 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME
*, X509_NAME_free
, NULL
);
30 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX
*, EVP_PKEY_CTX_free
, NULL
);
31 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX
*, EVP_CIPHER_CTX_free
, NULL
);
32 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT
*, EC_POINT_free
, NULL
);
33 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP
*, EC_GROUP_free
, NULL
);
34 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM
*, BN_free
, NULL
);
35 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX
*, BN_CTX_free
, NULL
);
36 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG
*, ECDSA_SIG_free
, NULL
);
37 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7
*, PKCS7_free
, NULL
);
38 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL
*, SSL_free
, NULL
);
39 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO
*, BIO_free
, NULL
);
40 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX
*, EVP_MD_CTX_free
, NULL
);
41 #if OPENSSL_VERSION_MAJOR >= 3
42 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM
*, OSSL_PARAM_free
, NULL
);
43 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(OSSL_PARAM_BLD
*, OSSL_PARAM_BLD_free
, NULL
);
45 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY
*, EC_KEY_free
, NULL
);
46 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA
*, RSA_free
, NULL
);
49 static inline void sk_X509_free_allp(STACK_OF(X509
) **sk
) {
53 sk_X509_pop_free(*sk
, X509_free
);
56 int openssl_pkey_from_pem(const void *pem
, size_t pem_size
, EVP_PKEY
**ret
);
58 int openssl_hash(const EVP_MD
*alg
, const void *msg
, size_t msg_len
, uint8_t *ret_hash
, size_t *ret_hash_len
);
60 int rsa_encrypt_bytes(EVP_PKEY
*pkey
, const void *decrypted_key
, size_t decrypted_key_size
, void **ret_encrypt_key
, size_t *ret_encrypt_key_size
);
62 int rsa_pkey_to_suitable_key_size(EVP_PKEY
*pkey
, size_t *ret_suitable_key_size
);
64 int rsa_pkey_new(size_t bits
, EVP_PKEY
**ret
);
66 int rsa_pkey_from_n_e(const void *n
, size_t n_size
, const void *e
, size_t e_size
, EVP_PKEY
**ret
);
68 int rsa_pkey_to_n_e(const EVP_PKEY
*pkey
, void **ret_n
, size_t *ret_n_size
, void **ret_e
, size_t *ret_e_size
);
70 int ecc_pkey_from_curve_x_y(int curve_id
, const void *x
, size_t x_size
, const void *y
, size_t y_size
, EVP_PKEY
**ret
);
72 int ecc_pkey_to_curve_x_y(const EVP_PKEY
*pkey
, int *ret_curve_id
, void **ret_x
, size_t *ret_x_size
, void **ret_y
, size_t *ret_y_size
);
74 int ecc_pkey_new(int curve_id
, EVP_PKEY
**ret
);
76 int pubkey_fingerprint(EVP_PKEY
*pk
, const EVP_MD
*md
, void **ret
, size_t *ret_size
);
80 typedef struct X509 X509
;
81 typedef struct EVP_PKEY EVP_PKEY
;
83 static inline void *X509_free(X509
*p
) {
88 static inline void *EVP_PKEY_free(EVP_PKEY
*p
) {
95 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509
*, X509_free
, NULL
);
96 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY
*, EVP_PKEY_free
, NULL
);
98 int x509_fingerprint(X509
*cert
, uint8_t buffer
[static X509_FINGERPRINT_SIZE
]);
101 /* The openssl definition */
102 typedef const EVP_MD
* hash_md_t
;
103 typedef const EVP_MD
* hash_algorithm_t
;
104 typedef int elliptic_curve_t
;
105 typedef EVP_MD_CTX
* hash_context_t
;
106 # define OPENSSL_OR_GCRYPT(a, b) (a)
112 /* The gcrypt definition */
113 typedef int hash_md_t
;
114 typedef const char* hash_algorithm_t
;
115 typedef const char* elliptic_curve_t
;
116 typedef gcry_md_hd_t hash_context_t
;
117 # define OPENSSL_OR_GCRYPT(a, b) (b)
121 int string_hashsum(const char *s
, size_t len
, hash_algorithm_t md_algorithm
, char **ret
);
123 static inline int string_hashsum_sha224(const char *s
, size_t len
, char **ret
) {
124 return string_hashsum(s
, len
, EVP_sha224(), ret
);
127 static inline int string_hashsum_sha256(const char *s
, size_t len
, char **ret
) {
128 return string_hashsum(s
, len
, EVP_sha256(), ret
);