openssl.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* OpenSSL API changed dramatically between 1.0.2 and 1.1.0, and
10  * compatibility was broken. Most of the structures became opaque,
11  * and access functions were created. There's no (safe) way to
12  * access the struct members any more, so the solution is to use
13  * the new API in the main code, and add the functions for older
14  * versions in compat/openssl.h.
15  * Once all the supported library versions use the new API, the shim
16  * can be dropped.
17  */
18 
19 #ifndef OPENSSL_COMPAT_H
20 #define OPENSSL_COMPAT_H
21 
22 #if !USE_OPENSSL
23 #error compat/openssl.h depends on USE_OPENSSL
24 #endif
25 
26 #if HAVE_OPENSSL_ASN1_H
27 #include <openssl/asn1.h>
28 #endif
29 #if HAVE_OPENSSL_BIO_H
30 #include <openssl/bio.h>
31 #endif
32 #if HAVE_OPENSSL_DH_H
33 #include <openssl/dh.h>
34 #endif
35 #if HAVE_OPENSSL_EVP_H
36 #include <openssl/evp.h>
37 #endif
38 #if HAVE_OPENSSL_LHASH_H
39 #include <openssl/lhash.h>
40 #endif
41 #if HAVE_OPENSSL_SSL_H
42 #include <openssl/ssl.h>
43 #endif
44 #if HAVE_OPENSSL_X509_H
45 #include <openssl/x509.h>
46 #endif
47 
48 extern "C" {
49 
50 #if !HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA
51  inline const unsigned char *
52  ASN1_STRING_get0_data(const ASN1_STRING *x)
53  {
54  return x->data;
55  }
56 #endif
57 
58 #if !HAVE_LIBCRYPTO_BIO_GET_DATA
59  inline void *
60  BIO_get_data(BIO *table)
61  {
62  return table->ptr;
63  }
64 
65  inline void
66  BIO_set_data(BIO *table, void *data)
67  {
68  table->ptr = data;
69  }
70 
71  inline void
72  BIO_set_init(BIO *table, int init)
73  {
74  table->init = init;
75  }
76 #endif
77 
78 #if !HAVE_LIBCRYPTO_BIO_GET_INIT
79  inline int
80  BIO_get_init(BIO *table)
81  {
82  return table->init;
83  }
84 #endif
85 
86 #if !HAVE_LIBCRYPTO_DH_UP_REF // OpenSSL 1.1 API
87 #if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0 API
88  inline int
89  DH_up_ref(DH *t)
90  {
91  if (t && (CRYPTO_add(&t->references, 1, CRYPTO_LOCK_DH) > 1))
92  return 1;
93  return 0;
94  }
95 #else
96 #error missing both OpenSSL API features DH_up_ref (v1.1) and CRYPTO_LOCK_DH (v1.0)
97 #endif /* OpenSSL 1.0 CRYPTO_LOCK_DH */
98 #endif /* OpenSSL 1.1 DH_up_ref */
99 
100 #if !HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA
101  inline RSA *
102  EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
103  {
104  if (pkey->type != EVP_PKEY_RSA)
105  return nullptr;
106  return pkey->pkey.rsa;
107  }
108 #endif
109 
110 #if !HAVE_LIBCRYPTO_EVP_PKEY_UP_REF
111 #if defined(CRYPTO_LOCK_EVP_PKEY) // OpenSSL 1.0
112  inline int
113  EVP_PKEY_up_ref(EVP_PKEY *t)
114  {
115  if (t && (CRYPTO_add(&t->references, 1, CRYPTO_LOCK_EVP_PKEY)) > 1)
116  return 1;
117  return 0;
118  }
119 
120 #else
121 #error missing both OpenSSL API features EVP_PKEY_up_ref (v1.1) and CRYPTO_LOCK_EVP_PKEY (v1.0)
122 #endif /* OpenSSL 1.0 CRYPTO_LOCK_EVP_PKEY */
123 #endif /* OpenSSL 1.1 EVP_PKEY_up_ref */
124 
125 #if !HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH
126 #define OPENSSL_LH_delete lh_delete
127 #define OPENSSL_LH_strhash lh_strhash
128 #endif
129 
130 #if !defined OPENSSL_VERSION
131 #define OPENSSL_VERSION SSLEAY_VERSION
132 #define OpenSSL_version SSLeay_version
133 #endif
134 
135 #if !HAVE_LIBSSL_SSL_CIPHER_FIND
136  inline const SSL_CIPHER *
137  SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
138  {
139  return ssl->method->get_cipher_by_char(ptr);
140  }
141 #endif
142 
143 #if !HAVE_LIBSSL_SSL_SESSION_GET_ID
144  inline const unsigned char *
145  SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
146  {
147  if (len)
148  *len = s->session_id_length;
149  return s->session_id;
150  }
151 #endif
152 
153 #if !HAVE_OPENSSL_TLS_CLIENT_METHOD
154 #define TLS_client_method SSLv23_client_method
155 #endif
156 
157 #if !HAVE_OPENSSL_TLS_SERVER_METHOD
158 #define TLS_server_method SSLv23_server_method
159 #endif
160 
161 #if !HAVE_LIBCRYPTO_X509_CRL_UP_REF // OpenSSL 1.1 API
162 #if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0 API
163  inline int
164  X509_CRL_up_ref(X509_CRL *t)
165  {
166  if (t && (CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509_CRL) > 1))
167  return 1;
168  return 0;
169  }
170 #else
171 #error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
172 #endif /* CRYPTO_LOCK_X509_CRL */
173 #endif /* X509_CRL_up_ref */
174 
175 #if !HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
176  inline void
177  X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x)
178  {
179  if (psig)
180  *psig = (ASN1_BIT_STRING *)&x->signature;
181  if (palg)
182  *palg = (X509_ALGOR *)&x->sig_alg;
183  }
184 #endif
185 
186 #if !HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT
187  inline X509 *
188  X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
189  {
190  return ctx->cert;
191  }
192 #endif
193 
194 #if !HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED
195  inline STACK_OF(X509) *
196  X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
197  {
198  return ctx->untrusted;
199  }
200 
204 #define X509_STORE_CTX_set0_untrusted X509_STORE_CTX_set_chain
205 #define X509_getm_notAfter X509_get_notAfter
206 #define X509_getm_notBefore X509_get_notBefore
207 #define X509_set1_notAfter X509_set_notAfter
208 #define X509_set1_notBefore X509_set_notBefore
209 #endif /* !HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED */
210 
211 #if !HAVE_LIBCRYPTO_X509_UP_REF // OpenSSL 1.1 API
212 #if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0 API
213  inline int
214  X509_up_ref(X509 *t)
215  {
216  if (t && (CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509)) > 1)
217  return 1;
218  return 0;
219  }
220 #else
221 #error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
222 #endif /* CRYPTO_LOCK_X509 */
223 #endif /* X509_up_ref */
224 
225 #if !HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH
226  inline int
227  X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
228  {
229  return param->depth;
230  }
231 #endif
232 
233 } /* extern "C" */
234 
235 inline void
237 {
238 #if HAVE_LIBSSL_OPENSSL_INIT_SSL
239  // OpenSSL will properly auto-initialize itself (in Squid context).
240  // No explicit initialization is required.
241  //OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, nullptr);
242 #else
243  SSL_load_error_strings();
244  SSLeay_add_ssl_algorithms();
245 #endif
246 }
247 
248 #endif /* OPENSSL_COMPAT_H */
249 
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
Definition: openssl.h:227
const SSL_CIPHER * SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
Definition: openssl.h:137
X509 * X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
Definition: openssl.h:188
void BIO_set_init(BIO *table, int init)
Definition: openssl.h:72
void * BIO_get_data(BIO *table)
Definition: openssl.h:60
void const char HLPCB void * data
Definition: stub_helper.cc:16
const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x)
Definition: openssl.h:52
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x)
Definition: openssl.h:177
STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
Definition: openssl.h:195
void BIO_set_data(BIO *table, void *data)
Definition: openssl.h:66
const unsigned char * SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
Definition: openssl.h:145
int unsigned int const char *desc STUB void int len
Definition: stub_fd.cc:20
void SQUID_OPENSSL_init_ssl(void)
Definition: openssl.h:236
RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
Definition: openssl.h:102
int BIO_get_init(BIO *table)
Definition: openssl.h:80

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors