1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #ifndef SSL_TOOLKIT_COMPAT_H
18 #define SSL_TOOLKIT_COMPAT_H
21 * @file ssl_toolkit_compat.h
22 * @brief this header file provides a compatiblity layer
23 * between OpenSSL and RSA sslc
25 * @defgroup MOD_SSL_TOOLKIT Toolkit
32 /** OpenSSL headers */
33 #include <openssl/ssl.h>
34 #include <openssl/err.h>
35 #include <openssl/x509.h>
36 #include <openssl/pem.h>
37 #include <openssl/crypto.h>
38 #include <openssl/evp.h>
39 #include <openssl/rand.h>
40 #include <openssl/x509v3.h>
42 /* hack for non-configure platforms (NetWare, Win32) */
43 #if !defined(HAVE_OCSP) && (OPENSSL_VERSION_NUMBER >= 0x00907000)
47 #include <openssl/x509_vfy.h>
48 #include <openssl/ocsp.h>
51 /* ECC support came along in OpenSSL 1.0.0 */
52 #if (OPENSSL_VERSION_NUMBER < 0x10000000)
56 /** Avoid tripping over an engine build installed globally and detected
57 * when the user points at an explicit non-engine flavor of OpenSSL
59 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
60 #include <openssl/engine.h>
64 * rsa sslc uses incomplete types for most structures
65 * so we macroize for OpenSSL those which cannot be dereferenced
66 * using the same sames as the sslc functions
69 #define EVP_PKEY_key_type(k) (EVP_PKEY_type(k->type))
71 #define X509_NAME_get_entries(xs) (xs->entries)
72 #define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
74 #define X509_get_signature_algorithm(xs) (xs->cert_info->signature->algorithm)
75 #define X509_get_key_algorithm(xs) (xs->cert_info->key->algor->algorithm)
77 #define X509_NAME_ENTRY_get_data_ptr(xs) (xs->value->data)
78 #define X509_NAME_ENTRY_get_data_len(xs) (xs->value->length)
80 #define SSL_CTX_get_extra_certs(ctx) (ctx->extra_certs)
81 #define SSL_CTX_set_extra_certs(ctx,value) {ctx->extra_certs = value;}
83 #define SSL_CIPHER_get_name(s) (s->name)
84 #define SSL_CIPHER_get_valid(s) (s->valid)
86 #define SSL_SESSION_get_session_id(s) (s->session_id)
87 #define SSL_SESSION_get_session_id_length(s) (s->session_id_length)
90 * Support for retrieving/overriding states
93 #define SSL_get_state(ssl) SSL_state(ssl)
96 #define SSL_set_state(ssl,val) (ssl)->state = val
98 #define MODSSL_BIO_CB_ARG_TYPE const char
99 #define MODSSL_CRYPTO_CB_ARG_TYPE const char
100 #if (OPENSSL_VERSION_NUMBER < 0x00907000)
101 # define MODSSL_INFO_CB_ARG_TYPE SSL*
103 # define MODSSL_INFO_CB_ARG_TYPE const SSL*
105 #define MODSSL_CLIENT_CERT_CB_ARG_TYPE X509
106 #define MODSSL_PCHAR_CAST
108 /** ...shifting sands of openssl... */
109 #if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
110 # define MODSSL_D2I_SSL_SESSION_CONST const
111 # define MODSSL_SSL_CIPHER_CONST const
113 # define MODSSL_D2I_SSL_SESSION_CONST
114 # define MODSSL_SSL_CIPHER_CONST
117 #if (OPENSSL_VERSION_NUMBER >= 0x00908000)
118 # define MODSSL_D2I_PrivateKey_CONST const
119 # define MODSSL_D2I_X509_CONST const
121 # define MODSSL_D2I_PrivateKey_CONST
122 # define MODSSL_D2I_X509_CONST
125 #if (OPENSSL_VERSION_NUMBER >= 0x00909000)
126 # define MODSSL_SSL_METHOD_CONST const
128 # define MODSSL_SSL_METHOD_CONST
131 #define modssl_X509_verify_cert X509_verify_cert
133 typedef int (modssl_read_bio_cb_fn)(char*,int,int,void*);
135 #if (OPENSSL_VERSION_NUMBER < 0x00904000)
136 #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
138 #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb, arg)
141 #define modssl_PEM_X509_INFO_read_bio PEM_X509_INFO_read_bio
143 #define modssl_PEM_read_bio_PrivateKey PEM_read_bio_PrivateKey
145 #define modssl_set_cipher_list SSL_set_cipher_list
147 #define modssl_free OPENSSL_free
149 #define EVP_PKEY_reference_inc(pkey) \
150 CRYPTO_add(&((pkey)->references), +1, CRYPTO_LOCK_X509_PKEY)
152 #define X509_reference_inc(cert) \
153 CRYPTO_add(&((cert)->references), +1, CRYPTO_LOCK_X509)
155 #define HAVE_SSL_RAND_EGD /* since 9.5.1 */
157 #define HAVE_SSL_X509V3_EXT_d2i
159 #if OPENSSL_VERSION_NUMBER >= 0x00908080 && defined(HAVE_OCSP) \
160 && !defined(OPENSSL_NO_TLSEXT)
161 #define HAVE_OCSP_STAPLING
164 #if (OPENSSL_VERSION_NUMBER >= 0x009080a0) && defined(OPENSSL_FIPS)
168 #ifndef PEM_F_DEF_CALLBACK
169 #ifdef PEM_F_PEM_DEF_CALLBACK
170 /** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
171 #define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
175 #elif defined(HAVE_SSLC)
186 /** sslc does not support this function, OpenSSL has since 9.5.1 */
187 #define RAND_status() 1
189 /** sslc names this function a bit differently */
190 #define CRYPTO_num_locks() CRYPTO_get_num_locks()
193 #define STACK_OF(type) STACK
196 #define MODSSL_BIO_CB_ARG_TYPE char
197 #define MODSSL_CRYPTO_CB_ARG_TYPE char
198 #define MODSSL_INFO_CB_ARG_TYPE SSL*
199 #define MODSSL_CLIENT_CERT_CB_ARG_TYPE void
200 #define MODSSL_PCHAR_CAST (char *)
201 #define MODSSL_D2I_SSL_SESSION_CONST
202 #define MODSSL_D2I_PrivateKey_CONST
203 #define MODSSL_D2I_X509_CONST
205 typedef int (modssl_read_bio_cb_fn)(char*,int,int);
207 #define modssl_X509_verify_cert(c) X509_verify_cert(c, NULL)
209 #define modssl_PEM_read_bio_X509(b, x, cb, arg) \
210 PEM_read_bio_X509(b, x, cb)
212 #define modssl_PEM_X509_INFO_read_bio(b, x, cb, arg)\
213 PEM_X509_INFO_read_bio(b, x, cb)
215 #define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \
216 PEM_read_bio_PrivateKey(b, k, cb)
218 #ifndef HAVE_SSL_SET_STATE
219 #define SSL_set_state(ssl, state) /** XXX: should throw an error */
222 #define modssl_set_cipher_list(ssl, l) \
223 SSL_set_cipher_list(ssl, (char *)l)
225 #define modssl_free free
227 #ifndef PEM_F_DEF_CALLBACK
228 #define PEM_F_DEF_CALLBACK PEM_F_DEF_CB
231 #if SSLC_VERSION_NUMBER < 0x2000
233 #define X509_STORE_CTX_set_depth(st, d)
234 #define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
235 #define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
236 #define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
237 #define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
239 #define modssl_set_verify(ssl, verify, cb) \
240 SSL_set_verify(ssl, verify)
242 #else /** SSLC_VERSION_NUMBER >= 0x2000 */
244 #define CRYPTO_malloc_init R_malloc_init
246 #define EVP_cleanup()
248 #endif /** SSLC_VERSION_NUMBER >= 0x2000 */
250 typedef void (*modssl_popfree_fn)(char *data);
252 #define sk_SSL_CIPHER_dup sk_dup
253 #define sk_SSL_CIPHER_find(st, data) sk_find(st, (void *)data)
254 #define sk_SSL_CIPHER_free sk_free
255 #define sk_SSL_CIPHER_num sk_num
256 #define sk_SSL_CIPHER_value (SSL_CIPHER *)sk_value
257 #define sk_X509_num sk_num
258 #define sk_X509_push sk_push
259 #define sk_X509_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
260 #define sk_X509_value (X509 *)sk_value
261 #define sk_X509_INFO_free sk_free
262 #define sk_X509_INFO_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
263 #define sk_X509_INFO_num sk_num
264 #define sk_X509_INFO_new_null sk_new_null
265 #define sk_X509_INFO_value (X509_INFO *)sk_value
266 #define sk_X509_NAME_find(st, data) sk_find(st, (void *)data)
267 #define sk_X509_NAME_free sk_free
268 #define sk_X509_NAME_new sk_new
269 #define sk_X509_NAME_num sk_num
270 #define sk_X509_NAME_push(st, data) sk_push(st, (void *)data)
271 #define sk_X509_NAME_value (X509_NAME *)sk_value
272 #define sk_X509_NAME_ENTRY_num sk_num
273 #define sk_X509_NAME_ENTRY_value (X509_NAME_ENTRY *)sk_value
274 #define sk_X509_NAME_set_cmp_func sk_set_cmp_func
275 #define sk_X509_REVOKED_num sk_num
276 #define sk_X509_REVOKED_value (X509_REVOKED *)sk_value
278 #else /** ! HAVE_OPENSSL && ! HAVE_SSLC */
280 #error "Unrecognized SSL Toolkit!"
282 #endif /* ! HAVE_OPENSSL && ! HAVE_SSLC */
284 #ifndef modssl_set_verify
285 #define modssl_set_verify(ssl, verify, cb) \
286 SSL_set_verify(ssl, verify, cb)
289 #ifndef SSL_SESS_CACHE_NO_INTERNAL
290 #define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
293 #ifndef OPENSSL_NO_TLSEXT
294 #ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
295 #define OPENSSL_NO_TLSEXT
299 #ifndef sk_STRING_pop
300 #define sk_STRING_pop sk_pop
303 #endif /* SSL_TOOLKIT_COMPAT_H */