summaryrefslogtreecommitdiff
path: root/content/fetchers/about/certificate.c
diff options
context:
space:
mode:
Diffstat (limited to 'content/fetchers/about/certificate.c')
-rw-r--r--content/fetchers/about/certificate.c331
1 files changed, 28 insertions, 303 deletions
diff --git a/content/fetchers/about/certificate.c b/content/fetchers/about/certificate.c
index 554f06eb8..6f634d22a 100644
--- a/content/fetchers/about/certificate.c
+++ b/content/fetchers/about/certificate.c
@@ -134,26 +134,29 @@ static nserror free_ns_cert_info(struct ns_cert_info *cinfo)
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
-/* OpenSSL 1.0.x, 1.0.2, 1.1.0 and 1.1.1 API all changed
- * LibreSSL declares its OpenSSL version as 2.1 but only supports 1.0.x API
- */
-#if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
-/* 1.0.x */
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+/* OpenSSL 1.1.1 or LibreSSL */
+
+# if defined(LIBRESSL_VERSION_NUMBER)
+ /* LibreSSL */
+# if (LIBRESSL_VERSION_NUMBER < 0x3050000fL)
+ /* LibreSSL <3.5.0 */
-#if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1000200fL))
-/* pre 1.0.2 */
+# if (LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ /* LibreSSL <2.7.0 */
static int ns_X509_get_signature_nid(X509 *cert)
{
return OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
}
-#else
-#define ns_X509_get_signature_nid X509_get_signature_nid
-#endif
static const unsigned char *ns_ASN1_STRING_get0_data(ASN1_STRING *asn1str)
{
return (const unsigned char *)ASN1_STRING_data(asn1str);
}
+# else
+# define ns_X509_get_signature_nid X509_get_signature_nid
+# define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
+# endif
static const BIGNUM *ns_RSA_get0_n(const RSA *d)
{
@@ -164,298 +167,20 @@ static const BIGNUM *ns_RSA_get0_e(const RSA *d)
{
return d->e;
}
-
-static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
- const char *key_name, BIGNUM **bn) {
- RSA *rsa;
- BIGNUM *result = NULL;
-
- /* Check parameters: only support allocation-form *bn */
- if (pkey == NULL || key_name == NULL || bn == NULL || *bn != NULL)
- return 0;
-
- /* Only support RSA keys */
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
- return 0;
-
- rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) pkey);
- if (rsa == NULL)
- return 0;
-
- if (strcmp(key_name, "n") == 0) {
- const BIGNUM *n = ns_RSA_get0_n(rsa);
- if (n != NULL)
- result = BN_dup(n);
- } else if (strcmp(key_name, "e") == 0) {
- const BIGNUM *e = ns_RSA_get0_e(rsa);
- if (e != NULL)
- result = BN_dup(e);
- }
-
- RSA_free(rsa);
-
- *bn = result;
-
- return (result != NULL) ? 1 : 0;
-}
-
-static int ns_EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey,
- const char *key_name, char *str, size_t max_len,
- size_t *out_len)
-{
- const EC_GROUP *ecgroup;
- const char *group;
- EC_KEY *ec;
- int ret = 0;
-
- if (pkey == NULL || key_name == NULL)
- return 0;
-
- /* Only support EC keys */
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
- return 0;
-
- /* Only support fetching the group */
- if (strcmp(key_name, "group") != 0)
- return 0;
-
- ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
-
- ecgroup = EC_KEY_get0_group(ec);
- if (ecgroup == NULL) {
- group = "";
- } else {
- group = OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup));
- }
-
- if (str != NULL && max_len > strlen(group)) {
- strcpy(str, group);
- str[strlen(group)] = '\0';
- ret = 1;
- }
- if (out_len != NULL)
- *out_len = strlen(group);
-
- EC_KEY_free(ec);
-
- return ret;
-}
-
-static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
- const char *key_name, unsigned char *buf, size_t max_len,
- size_t *out_len)
-{
- const EC_GROUP *ecgroup;
- const EC_POINT *ecpoint;
- size_t len;
- BN_CTX *bnctx;
- EC_KEY *ec;
- int ret = 0;
-
- if (pkey == NULL || key_name == NULL)
- return 0;
-
- /* Only support EC keys */
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
- return 0;
-
- if (strcmp(key_name, "encoded-pub-key") != 0)
- return 0;
-
- ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
- if (ec == NULL)
- return 0;
-
- ecgroup = EC_KEY_get0_group(ec);
- if (ecgroup != NULL) {
- ecpoint = EC_KEY_get0_public_key(ec);
- if (ecpoint != NULL) {
- bnctx = BN_CTX_new();
- len = EC_POINT_point2oct(ecgroup,
- ecpoint,
- POINT_CONVERSION_UNCOMPRESSED,
- NULL,
- 0,
- bnctx);
- if (len != 0 && len <= max_len) {
- if (EC_POINT_point2oct(ecgroup,
- ecpoint,
- POINT_CONVERSION_UNCOMPRESSED,
- buf,
- len,
- bnctx) == len)
- ret = 1;
- }
- if (out_len != NULL)
- *out_len = len;
- BN_CTX_free(bnctx);
- }
- }
-
- EC_KEY_free(ec);
-
- return ret;
-}
-#elif (OPENSSL_VERSION_NUMBER < 0x1010100fL)
-/* 1.1.0 */
-#define ns_X509_get_signature_nid X509_get_signature_nid
-#define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
-
-static const BIGNUM *ns_RSA_get0_n(const RSA *r)
-{
- const BIGNUM *n;
- const BIGNUM *e;
- const BIGNUM *d;
- RSA_get0_key(r, &n, &e, &d);
- return n;
-}
-
-static const BIGNUM *ns_RSA_get0_e(const RSA *r)
-{
- const BIGNUM *n;
- const BIGNUM *e;
- const BIGNUM *d;
- RSA_get0_key(r, &n, &e, &d);
- return e;
-}
-
-static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
- const char *key_name, BIGNUM **bn) {
- RSA *rsa;
- BIGNUM *result = NULL;
-
- /* Check parameters: only support allocation-form *bn */
- if (pkey == NULL || key_name == NULL || bn == NULL || *bn != NULL)
- return 0;
-
- /* Only support RSA keys */
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
- return 0;
-
- rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) pkey);
- if (rsa == NULL)
- return 0;
-
- if (strcmp(key_name, "n") == 0) {
- const BIGNUM *n = ns_RSA_get0_n(rsa);
- if (n != NULL)
- result = BN_dup(n);
- } else if (strcmp(key_name, "e") == 0) {
- const BIGNUM *e = ns_RSA_get0_e(rsa);
- if (e != NULL)
- result = BN_dup(e);
- }
-
- RSA_free(rsa);
-
- *bn = result;
-
- return (result != NULL) ? 1 : 0;
-}
-
-static int ns_EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey,
- const char *key_name, char *str, size_t max_len,
- size_t *out_len)
-{
- const EC_GROUP *ecgroup;
- const char *group;
- EC_KEY *ec;
- int ret = 0;
-
- if (pkey == NULL || key_name == NULL)
- return 0;
-
- /* Only support EC keys */
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
- return 0;
-
- /* Only support fetching the group */
- if (strcmp(key_name, "group") != 0)
- return 0;
-
- ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
-
- ecgroup = EC_KEY_get0_group(ec);
- if (ecgroup == NULL) {
- group = "";
- } else {
- group = OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup));
- }
-
- if (str != NULL && max_len > strlen(group)) {
- strcpy(str, group);
- str[strlen(group)] = '\0';
- ret = 1;
- }
- if (out_len != NULL)
- *out_len = strlen(group);
-
- EC_KEY_free(ec);
-
- return ret;
-}
-
-static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
- const char *key_name, unsigned char *buf, size_t max_len,
- size_t *out_len)
-{
- const EC_GROUP *ecgroup;
- const EC_POINT *ecpoint;
- size_t len;
- BN_CTX *bnctx;
- EC_KEY *ec;
- int ret = 0;
-
- if (pkey == NULL || key_name == NULL)
- return 0;
-
- /* Only support EC keys */
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
- return 0;
-
- if (strcmp(key_name, "encoded-pub-key") != 0)
- return 0;
-
- ec = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) pkey);
- if (ec == NULL)
- return 0;
-
- ecgroup = EC_KEY_get0_group(ec);
- if (ecgroup != NULL) {
- ecpoint = EC_KEY_get0_public_key(ec);
- if (ecpoint != NULL) {
- bnctx = BN_CTX_new();
- len = EC_POINT_point2oct(ecgroup,
- ecpoint,
- POINT_CONVERSION_UNCOMPRESSED,
- NULL,
- 0,
- bnctx);
- if (len != 0 && len <= max_len) {
- if (EC_POINT_point2oct(ecgroup,
- ecpoint,
- POINT_CONVERSION_UNCOMPRESSED,
- buf,
- len,
- bnctx) == len)
- ret = 1;
- }
- if (out_len != NULL)
- *out_len = len;
- BN_CTX_free(bnctx);
- }
- }
-
- EC_KEY_free(ec);
-
- return ret;
-}
-#elif (OPENSSL_VERSION_NUMBER < 0x30000000L)
-/* 1.1.1 */
-#define ns_X509_get_signature_nid X509_get_signature_nid
-#define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
-#define ns_RSA_get0_n RSA_get0_n
-#define ns_RSA_get0_e RSA_get0_e
+# else
+ /* LibreSSL >= 3.5.0 */
+# define ns_X509_get_signature_nid X509_get_signature_nid
+# define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
+# define ns_RSA_get0_n RSA_get0_n
+# define ns_RSA_get0_e RSA_get0_e
+# endif
+# else
+ /* OpenSSL 1.1.1 */
+# define ns_X509_get_signature_nid X509_get_signature_nid
+# define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
+# define ns_RSA_get0_n RSA_get0_n
+# define ns_RSA_get0_e RSA_get0_e
+# endif
static int ns_EVP_PKEY_get_bn_param(const EVP_PKEY *pkey,
const char *key_name, BIGNUM **bn) {
@@ -589,7 +314,7 @@ static int ns_EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey,
return ret;
}
#else
-/* 3.x and later */
+/* OpenSSL 3.x and later */
#define ns_X509_get_signature_nid X509_get_signature_nid
#define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
#define ns_RSA_get0_n RSA_get0_n
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-28 12:21:01 +0000