1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
* contributor license agreements. See the NOTICE file distributed with
3
* this work for additional information regarding copyright ownership.
4
* The ASF licenses this file to You under the Apache License, Version 2.0
5
* (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
17
#ifndef SSL_TOOLKIT_COMPAT_H
18
#define SSL_TOOLKIT_COMPAT_H
21
* @file ssl_toolkit_compat.h
22
* @brief this header file provides a compatiblity layer
23
* between OpenSSL and RSA sslc
25
* @defgroup MOD_SSL_TOOLKIT Toolkit
32
/** OpenSSL headers */
33
#include <openssl/ssl.h>
34
#include <openssl/err.h>
35
#include <openssl/x509.h>
36
#include <openssl/pem.h>
37
#include <openssl/crypto.h>
38
#include <openssl/evp.h>
39
#include <openssl/rand.h>
40
#include <openssl/x509v3.h>
41
/** Avoid tripping over an engine build installed globally and detected
42
* when the user points at an explicit non-engine flavor of OpenSSL
44
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
45
#include <openssl/engine.h>
49
* rsa sslc uses incomplete types for most structures
50
* so we macroize for OpenSSL those which cannot be dereferenced
51
* using the same sames as the sslc functions
54
#define EVP_PKEY_key_type(k) (EVP_PKEY_type(k->type))
56
#define X509_NAME_get_entries(xs) (xs->entries)
57
#define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
59
#define X509_get_signature_algorithm(xs) (xs->cert_info->signature->algorithm)
60
#define X509_get_key_algorithm(xs) (xs->cert_info->key->algor->algorithm)
62
#define X509_NAME_ENTRY_get_data_ptr(xs) (xs->value->data)
63
#define X509_NAME_ENTRY_get_data_len(xs) (xs->value->length)
65
#define SSL_CTX_get_extra_certs(ctx) (ctx->extra_certs)
66
#define SSL_CTX_set_extra_certs(ctx,value) {ctx->extra_certs = value;}
68
#define SSL_CIPHER_get_name(s) (s->name)
69
#define SSL_CIPHER_get_valid(s) (s->valid)
71
#define SSL_SESSION_get_session_id(s) (s->session_id)
72
#define SSL_SESSION_get_session_id_length(s) (s->session_id_length)
75
* Support for retrieving/overriding states
78
#define SSL_get_state(ssl) SSL_state(ssl)
81
#define SSL_set_state(ssl,val) (ssl)->state = val
83
#define MODSSL_BIO_CB_ARG_TYPE const char
84
#define MODSSL_CRYPTO_CB_ARG_TYPE const char
85
#if (OPENSSL_VERSION_NUMBER < 0x00907000)
86
# define MODSSL_INFO_CB_ARG_TYPE SSL*
88
# define MODSSL_INFO_CB_ARG_TYPE const SSL*
90
#define MODSSL_CLIENT_CERT_CB_ARG_TYPE X509
91
#define MODSSL_PCHAR_CAST
93
/** ...shifting sands of openssl... */
94
#if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
95
# define MODSSL_D2I_SSL_SESSION_CONST const
97
# define MODSSL_D2I_SSL_SESSION_CONST
100
#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
101
# define MODSSL_D2I_PrivateKey_CONST const
102
# define MODSSL_D2I_X509_CONST const
104
# define MODSSL_D2I_PrivateKey_CONST
105
# define MODSSL_D2I_X509_CONST
108
#define modssl_X509_verify_cert X509_verify_cert
110
typedef int (modssl_read_bio_cb_fn)(char*,int,int,void*);
112
#if (OPENSSL_VERSION_NUMBER < 0x00904000)
113
#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
115
#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb, arg)
118
#define modssl_PEM_X509_INFO_read_bio PEM_X509_INFO_read_bio
120
#define modssl_PEM_read_bio_PrivateKey PEM_read_bio_PrivateKey
122
#define modssl_set_cipher_list SSL_set_cipher_list
124
#define modssl_free OPENSSL_free
126
#define EVP_PKEY_reference_inc(pkey) \
127
CRYPTO_add(&((pkey)->references), +1, CRYPTO_LOCK_X509_PKEY)
129
#define X509_reference_inc(cert) \
130
CRYPTO_add(&((cert)->references), +1, CRYPTO_LOCK_X509)
132
#define HAVE_SSL_RAND_EGD /* since 9.5.1 */
134
#define HAVE_SSL_X509V3_EXT_d2i
136
#ifndef PEM_F_DEF_CALLBACK
137
#ifdef PEM_F_PEM_DEF_CALLBACK
138
/** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
139
#define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
143
#elif defined(HAVE_SSLC)
154
/** sslc does not support this function, OpenSSL has since 9.5.1 */
155
#define RAND_status() 1
157
/** sslc names this function a bit differently */
158
#define CRYPTO_num_locks() CRYPTO_get_num_locks()
161
#define STACK_OF(type) STACK
164
#define MODSSL_BIO_CB_ARG_TYPE char
165
#define MODSSL_CRYPTO_CB_ARG_TYPE char
166
#define MODSSL_INFO_CB_ARG_TYPE SSL*
167
#define MODSSL_CLIENT_CERT_CB_ARG_TYPE void
168
#define MODSSL_PCHAR_CAST (char *)
169
#define MODSSL_D2I_SSL_SESSION_CONST
170
#define MODSSL_D2I_PrivateKey_CONST
171
#define MODSSL_D2I_X509_CONST
173
typedef int (modssl_read_bio_cb_fn)(char*,int,int);
175
#define modssl_X509_verify_cert(c) X509_verify_cert(c, NULL)
177
#define modssl_PEM_read_bio_X509(b, x, cb, arg) \
178
PEM_read_bio_X509(b, x, cb)
180
#define modssl_PEM_X509_INFO_read_bio(b, x, cb, arg)\
181
PEM_X509_INFO_read_bio(b, x, cb)
183
#define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \
184
PEM_read_bio_PrivateKey(b, k, cb)
186
#ifndef HAVE_SSL_SET_STATE
187
#define SSL_set_state(ssl, state) /** XXX: should throw an error */
190
#define modssl_set_cipher_list(ssl, l) \
191
SSL_set_cipher_list(ssl, (char *)l)
193
#define modssl_free free
195
#ifndef PEM_F_DEF_CALLBACK
196
#define PEM_F_DEF_CALLBACK PEM_F_DEF_CB
199
#if SSLC_VERSION_NUMBER < 0x2000
201
#define X509_STORE_CTX_set_depth(st, d)
202
#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
203
#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
204
#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
205
#define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
207
#define modssl_set_verify(ssl, verify, cb) \
208
SSL_set_verify(ssl, verify)
210
#else /** SSLC_VERSION_NUMBER >= 0x2000 */
212
#define CRYPTO_malloc_init R_malloc_init
214
#define EVP_cleanup()
216
#endif /** SSLC_VERSION_NUMBER >= 0x2000 */
218
typedef void (*modssl_popfree_fn)(char *data);
220
#define sk_SSL_CIPHER_dup sk_dup
221
#define sk_SSL_CIPHER_find(st, data) sk_find(st, (void *)data)
222
#define sk_SSL_CIPHER_free sk_free
223
#define sk_SSL_CIPHER_num sk_num
224
#define sk_SSL_CIPHER_value (SSL_CIPHER *)sk_value
225
#define sk_X509_num sk_num
226
#define sk_X509_push sk_push
227
#define sk_X509_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
228
#define sk_X509_value (X509 *)sk_value
229
#define sk_X509_INFO_free sk_free
230
#define sk_X509_INFO_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
231
#define sk_X509_INFO_num sk_num
232
#define sk_X509_INFO_new_null sk_new_null
233
#define sk_X509_INFO_value (X509_INFO *)sk_value
234
#define sk_X509_NAME_find(st, data) sk_find(st, (void *)data)
235
#define sk_X509_NAME_free sk_free
236
#define sk_X509_NAME_new sk_new
237
#define sk_X509_NAME_num sk_num
238
#define sk_X509_NAME_push(st, data) sk_push(st, (void *)data)
239
#define sk_X509_NAME_value (X509_NAME *)sk_value
240
#define sk_X509_NAME_ENTRY_num sk_num
241
#define sk_X509_NAME_ENTRY_value (X509_NAME_ENTRY *)sk_value
242
#define sk_X509_NAME_set_cmp_func sk_set_cmp_func
243
#define sk_X509_REVOKED_num sk_num
244
#define sk_X509_REVOKED_value (X509_REVOKED *)sk_value
246
#else /** ! HAVE_OPENSSL && ! HAVE_SSLC */
248
#error "Unrecognized SSL Toolkit!"
250
#endif /* ! HAVE_OPENSSL && ! HAVE_SSLC */
252
#ifndef modssl_set_verify
253
#define modssl_set_verify(ssl, verify, cb) \
254
SSL_set_verify(ssl, verify, cb)
257
#ifndef SSL_SESS_CACHE_NO_INTERNAL
258
#define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
261
#endif /* SSL_TOOLKIT_COMPAT_H */