/src/njs/external/njs_openssl.h

Source

/*
 * Copyright (C) Dmitry Volyntsev
 * Copyright (C) NGINX, Inc.
 */


#ifndef _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
#define _NJS_EXTERNAL_OPENSSL_H_INCLUDED_


#define OPENSSL_SUPPRESS_DEPRECATED

#include <openssl/bn.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/evp.h>
#include <openssl/aes.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/hmac.h>
#include <openssl/crypto.h>

#ifdef EVP_PKEY_HKDF
#include <openssl/kdf.h>
#endif


#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
#undef OPENSSL_VERSION_NUMBER
#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
#define OPENSSL_VERSION_NUMBER  0x1010000fL
#else
#define OPENSSL_VERSION_NUMBER  0x1000107fL
#endif
#endif


#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
#define njs_evp_md_ctx_new()  EVP_MD_CTX_new()
#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_free(_ctx)
#else
#define njs_evp_md_ctx_new()  EVP_MD_CTX_create()
#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_destroy(_ctx)
#endif


#define njs_bio_new_mem_buf(b, len) BIO_new_mem_buf((void *) b, len)


#if (OPENSSL_VERSION_NUMBER < 0x30000000L && !defined ERR_peek_error_data)
#define ERR_peek_error_data(d, f)    ERR_peek_error_line_data(NULL, NULL, d, f)
#endif


njs_inline int
njs_bn_bn2binpad(const BIGNUM *bn, unsigned char *to, int tolen)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return BN_bn2binpad(bn, to, tolen);
#else
    int  len;

    len = BN_num_bytes(bn);

    if (tolen > len) {
        memset(to, 0, tolen - len);

    } else if (tolen < len) {
        return -1;
    }

    return BN_bn2bin(bn, &to[tolen - len]);
#endif
}


njs_inline int
njs_pkey_up_ref(EVP_PKEY *pkey)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return EVP_PKEY_up_ref(pkey);
#else
    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
    return 1;
#endif
}


njs_inline const RSA *
njs_pkey_get_rsa_key(EVP_PKEY *pkey)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return EVP_PKEY_get0_RSA(pkey);
#else
    return EVP_PKEY_get0(pkey);
#endif
}


njs_inline void
njs_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e,
    const BIGNUM **d)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    RSA_get0_key(rsa, n, e, d);
#else
    if (n != NULL) {
        *n = rsa->n;
    }

    if (e != NULL) {
        *e = rsa->e;
    }

    if (d != NULL) {
        *d = rsa->d;
    }
#endif
}


njs_inline void
njs_rsa_get0_factors(const RSA *rsa, const BIGNUM **p, const BIGNUM **q)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    RSA_get0_factors(rsa, p, q);
#else
    if (p != NULL) {
        *p = rsa->p;
    }

    if (q != NULL) {
        *q = rsa->q;
    }
#endif
}



njs_inline void
njs_rsa_get0_ctr_params(const RSA *rsa, const BIGNUM **dp, const BIGNUM **dq,
    const BIGNUM **qi)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    RSA_get0_crt_params(rsa, dp, dq, qi);
#else
    if (dp != NULL) {
        *dp = rsa->dmp1;
    }

    if (dq != NULL) {
        *dq = rsa->dmq1;
    }

    if (qi != NULL) {
        *qi = rsa->iqmp;
    }
#endif
}


njs_inline int
njs_rsa_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return RSA_set0_key(rsa, n, e, d);
#else
    if ((rsa->n == NULL && n == NULL) || (rsa->e == NULL && e == NULL)) {
        return 0;
    }

    if (n != NULL) {
        BN_free(rsa->n);
        rsa->n = n;
    }

    if (e != NULL) {
        BN_free(rsa->e);
        rsa->e = e;
    }

    if (d != NULL) {
        BN_clear_free(rsa->d);
        rsa->d = d;
        BN_set_flags(rsa->d, BN_FLG_CONSTTIME);
    }

    return 1;
#endif
}


njs_inline int
njs_rsa_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return RSA_set0_factors(rsa, p, q);
#else
    if ((rsa->p == NULL && p == NULL) || (rsa->q == NULL && q == NULL)) {
        return 0;
    }

    if (p != NULL) {
        BN_clear_free(rsa->p);
        rsa->p = p;
        BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
    }

    if (q != NULL) {
        BN_clear_free(rsa->q);
        rsa->q = q;
        BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
    }

    return 1;
#endif
}


njs_inline int
njs_rsa_set0_ctr_params(RSA *rsa, BIGNUM *dp, BIGNUM *dq, BIGNUM *qi)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return RSA_set0_crt_params(rsa, dp, dq, qi);
#else
    if ((rsa->dmp1 == NULL && dp == NULL)
        || (rsa->dmq1 == NULL && dq == NULL)
        || (rsa->iqmp == NULL && qi == NULL))
    {
        return 0;
    }

    if (dp != NULL) {
        BN_clear_free(rsa->dmp1);
        rsa->dmp1 = dp;
        BN_set_flags(rsa->dmp1, BN_FLG_CONSTTIME);
    }

    if (dq != NULL) {
        BN_clear_free(rsa->dmq1);
        rsa->dmq1 = dq;
        BN_set_flags(rsa->dmq1, BN_FLG_CONSTTIME);
    }

    if (qi != NULL) {
        BN_clear_free(rsa->iqmp);
        rsa->iqmp = qi;
        BN_set_flags(rsa->iqmp, BN_FLG_CONSTTIME);
    }

    return 1;
#endif
}


njs_inline const EC_KEY *
njs_pkey_get_ec_key(EVP_PKEY *pkey)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return EVP_PKEY_get0_EC_KEY(pkey);
#else
    if (pkey->type != EVP_PKEY_EC) {
        return NULL;
    }

    return pkey->pkey.ec;
#endif
}


njs_inline int
njs_ec_group_order_bits(const EC_GROUP *group)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return EC_GROUP_order_bits(group);
#else
    int     bits;
    BIGNUM  *order;

    order = BN_new();
    if (order == NULL) {
        return 0;
    }

    if (EC_GROUP_get_order(group, order, NULL) == 0) {
        return 0;
    }

    bits = BN_num_bits(order);

    BN_free(order);

    return bits;
#endif
}


njs_inline int
njs_ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
    BIGNUM *x, BIGNUM *y)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10101001L)
    return EC_POINT_get_affine_coordinates(group, p, x, y, NULL);
#else
    return EC_POINT_get_affine_coordinates_GFp(group, p, x, y, NULL);
#endif
}


njs_inline int
njs_ecdsa_sig_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    return ECDSA_SIG_set0(sig, r, s);
#else
    if (r == NULL || s == NULL) {
        return 0;
    }

    BN_clear_free(sig->r);
    BN_clear_free(sig->s);

    sig->r = r;
    sig->s = s;

    return 1;
#endif
}


#endif /* _NJS_EXTERNAL_OPENSSL_H_INCLUDED_ */

Coverage Report

Created: 2025-11-01 06:08

Line	Count	Source
1
2		/*
3		* Copyright (C) Dmitry Volyntsev
4		* Copyright (C) NGINX, Inc.
5		*/
6
7
8		#ifndef _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
9		#define _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
10
11
12		#define OPENSSL_SUPPRESS_DEPRECATED
13
14		#include <openssl/bn.h>
15		#include <openssl/bio.h>
16		#include <openssl/x509.h>
17		#include <openssl/evp.h>
18		#include <openssl/aes.h>
19		#include <openssl/rsa.h>
20		#include <openssl/err.h>
21		#include <openssl/rand.h>
22		#include <openssl/hmac.h>
23		#include <openssl/crypto.h>
24
25		#ifdef EVP_PKEY_HKDF
26		#include <openssl/kdf.h>
27		#endif
28
29
30		#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
31		#undef OPENSSL_VERSION_NUMBER
32		#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
33		#define OPENSSL_VERSION_NUMBER 0x1010000fL
34		#else
35		#define OPENSSL_VERSION_NUMBER 0x1000107fL
36		#endif
37		#endif
38
39
40		#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
41	0	#define njs_evp_md_ctx_new() EVP_MD_CTX_new()
42	0	#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_free(_ctx)
43		#else
44		#define njs_evp_md_ctx_new() EVP_MD_CTX_create()
45		#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_destroy(_ctx)
46		#endif
47
48
49	0	#define njs_bio_new_mem_buf(b, len) BIO_new_mem_buf((void *) b, len)
50
51
52		#if (OPENSSL_VERSION_NUMBER < 0x30000000L && !defined ERR_peek_error_data)
53	0	#define ERR_peek_error_data(d, f) ERR_peek_error_line_data(NULL, NULL, d, f)
54		#endif
55
56
57		njs_inline int
58		njs_bn_bn2binpad(const BIGNUM bn, unsigned char to, int tolen)
59	0	{
60	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
61	0	return BN_bn2binpad(bn, to, tolen);
62		#else
63		int len;
64
65		len = BN_num_bytes(bn);
66
67		if (tolen > len) {
68		memset(to, 0, tolen - len);
69
70		} else if (tolen < len) {
71		return -1;
72		}
73
74		return BN_bn2bin(bn, &to[tolen - len]);
75		#endif
76	0	}
77
78
79		njs_inline int
80		njs_pkey_up_ref(EVP_PKEY *pkey)
81	0	{
82	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
83	0	return EVP_PKEY_up_ref(pkey);
84		#else
85		CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
86		return 1;
87		#endif
88	0	}
89
90
91		njs_inline const RSA *
92		njs_pkey_get_rsa_key(EVP_PKEY *pkey)
93	0	{
94	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
95	0	return EVP_PKEY_get0_RSA(pkey);
96		#else
97		return EVP_PKEY_get0(pkey);
98		#endif
99	0	}
100
101
102		njs_inline void
103		njs_rsa_get0_key(const RSA rsa, const BIGNUM n, const BIGNUM *e,
104		const BIGNUM **d)
105	0	{
106	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
107	0	RSA_get0_key(rsa, n, e, d);
108		#else
109		if (n != NULL) {
110		*n = rsa->n;
111		}
112
113		if (e != NULL) {
114		*e = rsa->e;
115		}
116
117		if (d != NULL) {
118		*d = rsa->d;
119		}
120		#endif
121	0	}
122
123
124		njs_inline void
125		njs_rsa_get0_factors(const RSA rsa, const BIGNUM p, const BIGNUM *q)
126	0	{
127	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
128	0	RSA_get0_factors(rsa, p, q);
129		#else
130		if (p != NULL) {
131		*p = rsa->p;
132		}
133
134		if (q != NULL) {
135		*q = rsa->q;
136		}
137		#endif
138	0	}
139
140
141
142		njs_inline void
143		njs_rsa_get0_ctr_params(const RSA rsa, const BIGNUM dp, const BIGNUM *dq,
144		const BIGNUM **qi)
145	0	{
146	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
147	0	RSA_get0_crt_params(rsa, dp, dq, qi);
148		#else
149		if (dp != NULL) {
150		*dp = rsa->dmp1;
151		}
152
153		if (dq != NULL) {
154		*dq = rsa->dmq1;
155		}
156
157		if (qi != NULL) {
158		*qi = rsa->iqmp;
159		}
160		#endif
161	0	}
162
163
164		njs_inline int
165		njs_rsa_set0_key(RSA rsa, BIGNUM n, BIGNUM e, BIGNUM d)
166	0	{
167	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
168	0	return RSA_set0_key(rsa, n, e, d);
169		#else
170		if ((rsa->n == NULL && n == NULL) \|\| (rsa->e == NULL && e == NULL)) {
171		return 0;
172		}
173
174		if (n != NULL) {
175		BN_free(rsa->n);
176		rsa->n = n;
177		}
178
179		if (e != NULL) {
180		BN_free(rsa->e);
181		rsa->e = e;
182		}
183
184		if (d != NULL) {
185		BN_clear_free(rsa->d);
186		rsa->d = d;
187		BN_set_flags(rsa->d, BN_FLG_CONSTTIME);
188		}
189
190		return 1;
191		#endif
192	0	}
193
194
195		njs_inline int
196		njs_rsa_set0_factors(RSA rsa, BIGNUM p, BIGNUM *q)
197	0	{
198	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
199	0	return RSA_set0_factors(rsa, p, q);
200		#else
201		if ((rsa->p == NULL && p == NULL) \|\| (rsa->q == NULL && q == NULL)) {
202		return 0;
203		}
204
205		if (p != NULL) {
206		BN_clear_free(rsa->p);
207		rsa->p = p;
208		BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
209		}
210
211		if (q != NULL) {
212		BN_clear_free(rsa->q);
213		rsa->q = q;
214		BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
215		}
216
217		return 1;
218		#endif
219	0	}
220
221
222		njs_inline int
223		njs_rsa_set0_ctr_params(RSA rsa, BIGNUM dp, BIGNUM dq, BIGNUM qi)
224	0	{
225	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
226	0	return RSA_set0_crt_params(rsa, dp, dq, qi);
227		#else
228		if ((rsa->dmp1 == NULL && dp == NULL)
229		\|\| (rsa->dmq1 == NULL && dq == NULL)
230		\|\| (rsa->iqmp == NULL && qi == NULL))
231		{
232		return 0;
233		}
234
235		if (dp != NULL) {
236		BN_clear_free(rsa->dmp1);
237		rsa->dmp1 = dp;
238		BN_set_flags(rsa->dmp1, BN_FLG_CONSTTIME);
239		}
240
241		if (dq != NULL) {
242		BN_clear_free(rsa->dmq1);
243		rsa->dmq1 = dq;
244		BN_set_flags(rsa->dmq1, BN_FLG_CONSTTIME);
245		}
246
247		if (qi != NULL) {
248		BN_clear_free(rsa->iqmp);
249		rsa->iqmp = qi;
250		BN_set_flags(rsa->iqmp, BN_FLG_CONSTTIME);
251		}
252
253		return 1;
254		#endif
255	0	}
256
257
258		njs_inline const EC_KEY *
259		njs_pkey_get_ec_key(EVP_PKEY *pkey)
260	0	{
261	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
262	0	return EVP_PKEY_get0_EC_KEY(pkey);
263		#else
264		if (pkey->type != EVP_PKEY_EC) {
265		return NULL;
266		}
267
268		return pkey->pkey.ec;
269		#endif
270	0	}
271
272
273		njs_inline int
274		njs_ec_group_order_bits(const EC_GROUP *group)
275	0	{
276	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
277	0	return EC_GROUP_order_bits(group);
278		#else
279		int bits;
280		BIGNUM *order;
281
282		order = BN_new();
283		if (order == NULL) {
284		return 0;
285		}
286
287		if (EC_GROUP_get_order(group, order, NULL) == 0) {
288		return 0;
289		}
290
291		bits = BN_num_bits(order);
292
293		BN_free(order);
294
295		return bits;
296		#endif
297	0	}
298
299
300		njs_inline int
301		njs_ec_point_get_affine_coordinates(const EC_GROUP group, const EC_POINT p,
302		BIGNUM x, BIGNUM y)
303	0	{
304	0	#if (OPENSSL_VERSION_NUMBER >= 0x10101001L)
305	0	return EC_POINT_get_affine_coordinates(group, p, x, y, NULL);
306		#else
307		return EC_POINT_get_affine_coordinates_GFp(group, p, x, y, NULL);
308		#endif
309	0	}
310
311
312		njs_inline int
313		njs_ecdsa_sig_set0(ECDSA_SIG sig, BIGNUM r, BIGNUM *s)
314	0	{
315	0	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
316	0	return ECDSA_SIG_set0(sig, r, s);
317		#else
318		if (r == NULL \|\| s == NULL) {
319		return 0;
320		}
321
322		BN_clear_free(sig->r);
323		BN_clear_free(sig->s);
324
325		sig->r = r;
326		sig->s = s;
327
328		return 1;
329		#endif
330	0	}
331
332
333		#endif /* _NJS_EXTERNAL_OPENSSL_H_INCLUDED_ */