libssh  0.11.0
The SSH library
Loading...
Searching...
No Matches
libcrypto.h
1/*
2 * This file is part of the SSH Library
3 *
4 * Copyright (c) 2009 by Aris Adamantiadis
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21#ifndef LIBCRYPTO_H_
22#define LIBCRYPTO_H_
23
24#include "config.h"
25
26#ifdef HAVE_LIBCRYPTO
27
28#include "libssh/libssh.h"
29#include <openssl/rsa.h>
30#include <openssl/sha.h>
31#include <openssl/md5.h>
32#include <openssl/hmac.h>
33#include <openssl/evp.h>
34#include <openssl/crypto.h>
35#include <openssl/ec.h>
36
37typedef EVP_MD_CTX* SHACTX;
38typedef EVP_MD_CTX* SHA256CTX;
39typedef EVP_MD_CTX* SHA384CTX;
40typedef EVP_MD_CTX* SHA512CTX;
41typedef EVP_MD_CTX* MD5CTX;
42typedef EVP_MD_CTX* HMACCTX;
43
44#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
45#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
46#define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH
47#define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH
48#ifdef MD5_DIGEST_LEN
49 #undef MD5_DIGEST_LEN
50#endif
51#define MD5_DIGEST_LEN MD5_DIGEST_LENGTH
52
53#ifdef HAVE_OPENSSL_ECC
54#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
55#endif
56
57/* Use ssh_crypto_free() to release memory allocated by bignum_bn2dec(),
58 bignum_bn2hex() and other functions that use crypto-library functions that
59 are documented to allocate memory that needs to be de-allocate with
60 OPENSSL_free. */
61#define ssh_crypto_free(x) OPENSSL_free(x)
62
63#include <openssl/bn.h>
64#include <openssl/opensslv.h>
65
66typedef BIGNUM* bignum;
67typedef const BIGNUM* const_bignum;
68typedef BN_CTX* bignum_CTX;
69
70#define bignum_new() BN_new()
71#define bignum_safe_free(num) do { \
72 if ((num) != NULL) { \
73 BN_clear_free((num)); \
74 (num)=NULL; \
75 } \
76 } while(0)
77#define bignum_set_word(bn,n) BN_set_word(bn,n)
78#define bignum_bin2bn(data, datalen, dest) \
79 do { \
80 (*dest) = BN_new(); \
81 if ((*dest) != NULL) { \
82 BN_bin2bn(data,datalen,(*dest)); \
83 } \
84 } while(0)
85#define bignum_bn2dec(num) BN_bn2dec(num)
86#define bignum_dec2bn(data, bn) BN_dec2bn(bn, data)
87#define bignum_hex2bn(data, bn) BN_hex2bn(bn, data)
88#define bignum_bn2hex(num, dest) (*dest)=(unsigned char *)BN_bn2hex(num)
89#define bignum_rand(rnd, bits) BN_rand(rnd, bits, 0, 1)
90#define bignum_rand_range(rnd, max) BN_rand_range(rnd, max)
91#define bignum_ctx_new() BN_CTX_new()
92#define bignum_ctx_free(num) BN_CTX_free(num)
93#define bignum_ctx_invalid(ctx) ((ctx) == NULL)
94#define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx)
95#define bignum_add(dest, a, b) BN_add(dest, a, b)
96#define bignum_sub(dest, a, b) BN_sub(dest, a, b)
97#define bignum_mod(dest, a, b, ctx) BN_mod(dest, a, b, ctx)
98#define bignum_num_bytes(num) (size_t)BN_num_bytes(num)
99#define bignum_num_bits(num) (size_t)BN_num_bits(num)
100#define bignum_is_bit_set(num,bit) BN_is_bit_set(num, (int)bit)
101#define bignum_bn2bin(num,len, ptr) BN_bn2bin(num, ptr)
102#define bignum_cmp(num1,num2) BN_cmp(num1,num2)
103#define bignum_rshift1(dest, src) BN_rshift1(dest, src)
104#define bignum_dup(orig, dest) do { \
105 if (*(dest) == NULL) { \
106 *(dest) = BN_dup(orig); \
107 } else { \
108 BN_copy(*(dest), orig); \
109 } \
110 } while(0)
111
112
113/* Returns true if the OpenSSL is operating in FIPS mode */
114#ifdef HAVE_OPENSSL_FIPS_MODE
115#define ssh_fips_mode() (FIPS_mode() != 0)
116#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
117#define ssh_fips_mode() EVP_default_properties_is_fips_enabled(NULL)
118#else
119#define ssh_fips_mode() false
120#endif
121
122ssh_string pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p);
123int pki_key_ecgroup_name_to_nid(const char *group);
124#endif /* HAVE_LIBCRYPTO */
125
126#endif /* LIBCRYPTO_H_ */