4 * This is free software; see Copyright file in the source
5 * distribution for preciese wording.
7 * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
13 #include <openssl/evp.h>
14 #include <openssl/rand.h>
16 #include <xmlsec/xmlsec.h>
17 #include <xmlsec/keys.h>
18 #include <xmlsec/keysmngr.h>
19 #include <xmlsec/transforms.h>
20 #include <xmlsec/errors.h>
21 #include <xmlsec/dl.h>
22 #include <xmlsec/private.h>
24 #include <xmlsec/openssl/app.h>
25 #include <xmlsec/openssl/crypto.h>
26 #include <xmlsec/openssl/x509.h>
28 static int xmlSecOpenSSLErrorsInit (void);
30 static xmlSecCryptoDLFunctionsPtr gXmlSecOpenSSLFunctions = NULL;
31 static xmlChar* gXmlSecOpenSSLTrustedCertsFolder = NULL;
34 * xmlSecCryptoGetFunctions_openssl:
36 * Gets the pointer to xmlsec-openssl functions table.
38 * Returns: the xmlsec-openssl functions table or NULL if an error occurs.
40 xmlSecCryptoDLFunctionsPtr
41 xmlSecCryptoGetFunctions_openssl(void) {
42 static xmlSecCryptoDLFunctions functions;
44 if(gXmlSecOpenSSLFunctions != NULL) {
45 return(gXmlSecOpenSSLFunctions);
48 memset(&functions, 0, sizeof(functions));
49 gXmlSecOpenSSLFunctions = &functions;
52 * Crypto Init/shutdown
54 gXmlSecOpenSSLFunctions->cryptoInit = xmlSecOpenSSLInit;
55 gXmlSecOpenSSLFunctions->cryptoShutdown = xmlSecOpenSSLShutdown;
56 gXmlSecOpenSSLFunctions->cryptoKeysMngrInit = xmlSecOpenSSLKeysMngrInit;
62 gXmlSecOpenSSLFunctions->keyDataAesGetKlass = xmlSecOpenSSLKeyDataAesGetKlass;
63 #endif /* XMLSEC_NO_AES */
66 gXmlSecOpenSSLFunctions->keyDataDesGetKlass = xmlSecOpenSSLKeyDataDesGetKlass;
67 #endif /* XMLSEC_NO_DES */
70 gXmlSecOpenSSLFunctions->keyDataDsaGetKlass = xmlSecOpenSSLKeyDataDsaGetKlass;
71 #endif /* XMLSEC_NO_DSA */
73 #ifndef XMLSEC_NO_HMAC
74 gXmlSecOpenSSLFunctions->keyDataHmacGetKlass = xmlSecOpenSSLKeyDataHmacGetKlass;
75 #endif /* XMLSEC_NO_HMAC */
78 gXmlSecOpenSSLFunctions->keyDataRsaGetKlass = xmlSecOpenSSLKeyDataRsaGetKlass;
79 #endif /* XMLSEC_NO_RSA */
81 #ifndef XMLSEC_NO_X509
82 gXmlSecOpenSSLFunctions->keyDataX509GetKlass = xmlSecOpenSSLKeyDataX509GetKlass;
83 gXmlSecOpenSSLFunctions->keyDataRawX509CertGetKlass = xmlSecOpenSSLKeyDataRawX509CertGetKlass;
84 #endif /* XMLSEC_NO_X509 */
89 #ifndef XMLSEC_NO_X509
90 gXmlSecOpenSSLFunctions->x509StoreGetKlass = xmlSecOpenSSLX509StoreGetKlass;
91 #endif /* XMLSEC_NO_X509 */
94 * Crypto transforms ids
96 /******************************* AES ********************************/
98 gXmlSecOpenSSLFunctions->transformAes128CbcGetKlass = xmlSecOpenSSLTransformAes128CbcGetKlass;
99 gXmlSecOpenSSLFunctions->transformAes192CbcGetKlass = xmlSecOpenSSLTransformAes192CbcGetKlass;
100 gXmlSecOpenSSLFunctions->transformAes256CbcGetKlass = xmlSecOpenSSLTransformAes256CbcGetKlass;
101 gXmlSecOpenSSLFunctions->transformKWAes128GetKlass = xmlSecOpenSSLTransformKWAes128GetKlass;
102 gXmlSecOpenSSLFunctions->transformKWAes192GetKlass = xmlSecOpenSSLTransformKWAes192GetKlass;
103 gXmlSecOpenSSLFunctions->transformKWAes256GetKlass = xmlSecOpenSSLTransformKWAes256GetKlass;
104 #endif /* XMLSEC_NO_AES */
106 /******************************* DES ********************************/
107 #ifndef XMLSEC_NO_DES
108 gXmlSecOpenSSLFunctions->transformDes3CbcGetKlass = xmlSecOpenSSLTransformDes3CbcGetKlass;
109 gXmlSecOpenSSLFunctions->transformKWDes3GetKlass = xmlSecOpenSSLTransformKWDes3GetKlass;
110 #endif /* XMLSEC_NO_DES */
113 /******************************* DSA ********************************/
114 #ifndef XMLSEC_NO_DSA
115 #ifndef XMLSEC_NO_SHA1
116 gXmlSecOpenSSLFunctions->transformDsaSha1GetKlass = xmlSecOpenSSLTransformDsaSha1GetKlass;
117 #endif /* XMLSEC_NO_SHA1 */
118 #endif /* XMLSEC_NO_DSA */
120 /******************************* HMAC ********************************/
121 #ifndef XMLSEC_NO_HMAC
122 #ifndef XMLSEC_NO_MD5
123 gXmlSecOpenSSLFunctions->transformHmacMd5GetKlass = xmlSecOpenSSLTransformHmacMd5GetKlass;
124 #endif /* XMLSEC_NO_MD5 */
126 #ifndef XMLSEC_NO_RIPEMD160
127 gXmlSecOpenSSLFunctions->transformHmacRipemd160GetKlass = xmlSecOpenSSLTransformHmacRipemd160GetKlass;
128 #endif /* XMLSEC_NO_RIPEMD160 */
130 #ifndef XMLSEC_NO_SHA1
131 gXmlSecOpenSSLFunctions->transformHmacSha1GetKlass = xmlSecOpenSSLTransformHmacSha1GetKlass;
132 #endif /* XMLSEC_NO_SHA1 */
134 #ifndef XMLSEC_NO_SHA224
135 gXmlSecOpenSSLFunctions->transformHmacSha224GetKlass = xmlSecOpenSSLTransformHmacSha224GetKlass;
136 #endif /* XMLSEC_NO_SHA224 */
138 #ifndef XMLSEC_NO_SHA256
139 gXmlSecOpenSSLFunctions->transformHmacSha256GetKlass = xmlSecOpenSSLTransformHmacSha256GetKlass;
140 #endif /* XMLSEC_NO_SHA256 */
142 #ifndef XMLSEC_NO_SHA384
143 gXmlSecOpenSSLFunctions->transformHmacSha384GetKlass = xmlSecOpenSSLTransformHmacSha384GetKlass;
144 #endif /* XMLSEC_NO_SHA384 */
146 #ifndef XMLSEC_NO_SHA512
147 gXmlSecOpenSSLFunctions->transformHmacSha512GetKlass = xmlSecOpenSSLTransformHmacSha512GetKlass;
148 #endif /* XMLSEC_NO_SHA512 */
151 #endif /* XMLSEC_NO_HMAC */
153 /******************************* MD5 ********************************/
154 #ifndef XMLSEC_NO_MD5
155 gXmlSecOpenSSLFunctions->transformMd5GetKlass = xmlSecOpenSSLTransformMd5GetKlass;
156 #endif /* XMLSEC_NO_MD5 */
158 /******************************* RIPEMD160 ********************************/
159 #ifndef XMLSEC_NO_RIPEMD160
160 gXmlSecOpenSSLFunctions->transformRipemd160GetKlass = xmlSecOpenSSLTransformRipemd160GetKlass;
161 #endif /* XMLSEC_NO_RIPEMD160 */
163 /******************************* RSA ********************************/
164 #ifndef XMLSEC_NO_RSA
165 #ifndef XMLSEC_NO_MD5
166 gXmlSecOpenSSLFunctions->transformRsaMd5GetKlass = xmlSecOpenSSLTransformRsaMd5GetKlass;
167 #endif /* XMLSEC_NO_MD5 */
169 #ifndef XMLSEC_NO_RIPEMD160
170 gXmlSecOpenSSLFunctions->transformRsaRipemd160GetKlass = xmlSecOpenSSLTransformRsaRipemd160GetKlass;
171 #endif /* XMLSEC_NO_RIPEMD160 */
173 #ifndef XMLSEC_NO_SHA1
174 gXmlSecOpenSSLFunctions->transformRsaSha1GetKlass = xmlSecOpenSSLTransformRsaSha1GetKlass;
175 #endif /* XMLSEC_NO_SHA1 */
177 #ifndef XMLSEC_NO_SHA224
178 gXmlSecOpenSSLFunctions->transformRsaSha224GetKlass = xmlSecOpenSSLTransformRsaSha224GetKlass;
179 #endif /* XMLSEC_NO_SHA224 */
181 #ifndef XMLSEC_NO_SHA256
182 gXmlSecOpenSSLFunctions->transformRsaSha256GetKlass = xmlSecOpenSSLTransformRsaSha256GetKlass;
183 #endif /* XMLSEC_NO_SHA256 */
185 #ifndef XMLSEC_NO_SHA384
186 gXmlSecOpenSSLFunctions->transformRsaSha384GetKlass = xmlSecOpenSSLTransformRsaSha384GetKlass;
187 #endif /* XMLSEC_NO_SHA384 */
189 #ifndef XMLSEC_NO_SHA512
190 gXmlSecOpenSSLFunctions->transformRsaSha512GetKlass = xmlSecOpenSSLTransformRsaSha512GetKlass;
191 #endif /* XMLSEC_NO_SHA512 */
193 gXmlSecOpenSSLFunctions->transformRsaPkcs1GetKlass = xmlSecOpenSSLTransformRsaPkcs1GetKlass;
194 gXmlSecOpenSSLFunctions->transformRsaOaepGetKlass = xmlSecOpenSSLTransformRsaOaepGetKlass;
195 #endif /* XMLSEC_NO_RSA */
197 /******************************* SHA ********************************/
198 #ifndef XMLSEC_NO_SHA1
199 gXmlSecOpenSSLFunctions->transformSha1GetKlass = xmlSecOpenSSLTransformSha1GetKlass;
200 #endif /* XMLSEC_NO_SHA1 */
201 #ifndef XMLSEC_NO_SHA224
202 gXmlSecOpenSSLFunctions->transformSha224GetKlass = xmlSecOpenSSLTransformSha224GetKlass;
203 #endif /* XMLSEC_NO_SHA224 */
204 #ifndef XMLSEC_NO_SHA256
205 gXmlSecOpenSSLFunctions->transformSha256GetKlass = xmlSecOpenSSLTransformSha256GetKlass;
206 #endif /* XMLSEC_NO_SHA256 */
207 #ifndef XMLSEC_NO_SHA384
208 gXmlSecOpenSSLFunctions->transformSha384GetKlass = xmlSecOpenSSLTransformSha384GetKlass;
209 #endif /* XMLSEC_NO_SHA384 */
210 #ifndef XMLSEC_NO_SHA512
211 gXmlSecOpenSSLFunctions->transformSha512GetKlass = xmlSecOpenSSLTransformSha512GetKlass;
212 #endif /* XMLSEC_NO_SHA512 */
215 * High level routines form xmlsec command line utility
217 gXmlSecOpenSSLFunctions->cryptoAppInit = xmlSecOpenSSLAppInit;
218 gXmlSecOpenSSLFunctions->cryptoAppShutdown = xmlSecOpenSSLAppShutdown;
219 gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrInit = xmlSecOpenSSLAppDefaultKeysMngrInit;
220 gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecOpenSSLAppDefaultKeysMngrAdoptKey;
221 gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecOpenSSLAppDefaultKeysMngrLoad;
222 gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrSave = xmlSecOpenSSLAppDefaultKeysMngrSave;
223 #ifndef XMLSEC_NO_X509
224 gXmlSecOpenSSLFunctions->cryptoAppKeysMngrCertLoad = xmlSecOpenSSLAppKeysMngrCertLoad;
225 gXmlSecOpenSSLFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecOpenSSLAppKeysMngrCertLoadMemory;
226 gXmlSecOpenSSLFunctions->cryptoAppPkcs12Load = xmlSecOpenSSLAppPkcs12Load;
227 gXmlSecOpenSSLFunctions->cryptoAppPkcs12LoadMemory = xmlSecOpenSSLAppPkcs12LoadMemory;
228 gXmlSecOpenSSLFunctions->cryptoAppKeyCertLoad = xmlSecOpenSSLAppKeyCertLoad;
229 gXmlSecOpenSSLFunctions->cryptoAppKeyCertLoadMemory = xmlSecOpenSSLAppKeyCertLoadMemory;
230 #endif /* XMLSEC_NO_X509 */
231 gXmlSecOpenSSLFunctions->cryptoAppKeyLoad = xmlSecOpenSSLAppKeyLoad;
232 gXmlSecOpenSSLFunctions->cryptoAppKeyLoadMemory = xmlSecOpenSSLAppKeyLoadMemory;
233 gXmlSecOpenSSLFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecOpenSSLAppGetDefaultPwdCallback();
235 return(gXmlSecOpenSSLFunctions);
241 * XMLSec library specific crypto engine initialization.
243 * Returns: 0 on success or a negative value otherwise.
246 xmlSecOpenSSLInit (void) {
247 /* Check loaded xmlsec library version */
248 if(xmlSecCheckVersionExact() != 1) {
249 xmlSecError(XMLSEC_ERRORS_HERE,
251 "xmlSecCheckVersionExact",
252 XMLSEC_ERRORS_R_XMLSEC_FAILED,
253 XMLSEC_ERRORS_NO_MESSAGE);
257 if(xmlSecOpenSSLErrorsInit() < 0) {
258 xmlSecError(XMLSEC_ERRORS_HERE,
260 "xmlSecOpenSSLErrorsInit",
261 XMLSEC_ERRORS_R_XMLSEC_FAILED,
262 XMLSEC_ERRORS_NO_MESSAGE);
266 /* register our klasses */
267 if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_openssl()) < 0) {
268 xmlSecError(XMLSEC_ERRORS_HERE,
270 "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
271 XMLSEC_ERRORS_R_XMLSEC_FAILED,
272 XMLSEC_ERRORS_NO_MESSAGE);
280 * xmlSecOpenSSLShutdown:
282 * XMLSec library specific crypto engine shutdown.
284 * Returns: 0 on success or a negative value otherwise.
287 xmlSecOpenSSLShutdown(void) {
288 xmlSecOpenSSLSetDefaultTrustedCertsFolder(NULL);
293 * xmlSecOpenSSLKeysMngrInit:
294 * @mngr: the pointer to keys manager.
296 * Adds OpenSSL specific key data stores in keys manager.
298 * Returns: 0 on success or a negative value otherwise.
301 xmlSecOpenSSLKeysMngrInit(xmlSecKeysMngrPtr mngr) {
304 xmlSecAssert2(mngr != NULL, -1);
306 #ifndef XMLSEC_NO_X509
307 /* create x509 store if needed */
308 if(xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId) == NULL) {
309 xmlSecKeyDataStorePtr x509Store;
311 x509Store = xmlSecKeyDataStoreCreate(xmlSecOpenSSLX509StoreId);
312 if(x509Store == NULL) {
313 xmlSecError(XMLSEC_ERRORS_HERE,
315 "xmlSecKeyDataStoreCreate",
316 XMLSEC_ERRORS_R_XMLSEC_FAILED,
317 "xmlSecOpenSSLX509StoreId");
321 ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
323 xmlSecError(XMLSEC_ERRORS_HERE,
325 "xmlSecKeysMngrAdoptDataStore",
326 XMLSEC_ERRORS_R_XMLSEC_FAILED,
327 XMLSEC_ERRORS_NO_MESSAGE);
328 xmlSecKeyDataStoreDestroy(x509Store);
332 #endif /* XMLSEC_NO_X509 */
337 * xmlSecOpenSSLGenerateRandom:
338 * @buffer: the destination buffer.
339 * @size: the numer of bytes to generate.
341 * Generates @size random bytes and puts result in @buffer.
343 * Returns: 0 on success or a negative value otherwise.
346 xmlSecOpenSSLGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
349 xmlSecAssert2(buffer != NULL, -1);
350 xmlSecAssert2(size > 0, -1);
352 ret = xmlSecBufferSetSize(buffer, size);
354 xmlSecError(XMLSEC_ERRORS_HERE,
356 "xmlSecBufferSetSize",
357 XMLSEC_ERRORS_R_XMLSEC_FAILED,
362 /* get random data */
363 ret = RAND_bytes((xmlSecByte*)xmlSecBufferGetData(buffer), size);
365 xmlSecError(XMLSEC_ERRORS_HERE,
368 XMLSEC_ERRORS_R_CRYPTO_FAILED,
376 * xmlSecOpenSSLErrorsDefaultCallback:
377 * @file: the error location file name (__FILE__ macro).
378 * @line: the error location line number (__LINE__ macro).
379 * @func: the error location function name (__FUNCTION__ macro).
380 * @errorObject: the error specific error object
381 * @errorSubject: the error specific error subject.
382 * @reason: the error code.
383 * @msg: the additional error message.
385 * The default OpenSSL errors reporting callback function.
388 xmlSecOpenSSLErrorsDefaultCallback(const char* file, int line, const char* func,
389 const char* errorObject, const char* errorSubject,
390 int reason, const char* msg) {
392 ERR_put_error(XMLSEC_OPENSSL_ERRORS_LIB,
393 XMLSEC_OPENSSL_ERRORS_FUNCTION,
395 xmlSecErrorsDefaultCallback(file, line, func,
396 errorObject, errorSubject,
401 xmlSecOpenSSLErrorsInit(void) {
402 static ERR_STRING_DATA xmlSecOpenSSLStrReasons[XMLSEC_ERRORS_MAX_NUMBER + 1];
403 static ERR_STRING_DATA xmlSecOpenSSLStrLib[]= {
404 { ERR_PACK(XMLSEC_OPENSSL_ERRORS_LIB,0,0), "xmlsec routines"},
407 static ERR_STRING_DATA xmlSecOpenSSLStrDefReason[]= {
408 { XMLSEC_OPENSSL_ERRORS_LIB, "xmlsec lib"},
413 /* initialize reasons array */
414 memset(xmlSecOpenSSLStrReasons, 0, sizeof(xmlSecOpenSSLStrReasons));
415 for(pos = 0; (pos < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(pos) != NULL); ++pos) {
416 xmlSecOpenSSLStrReasons[pos].error = xmlSecErrorsGetCode(pos);
417 xmlSecOpenSSLStrReasons[pos].string = xmlSecErrorsGetMsg(pos);
420 /* finally load xmlsec strings in OpenSSL */
421 ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrLib); /* define xmlsec lib name */
422 ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrDefReason); /* define default reason */
423 ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrReasons);
425 /* and set default errors callback for xmlsec to us */
426 xmlSecErrorsSetCallback(xmlSecOpenSSLErrorsDefaultCallback);
432 * xmlSecOpenSSLSetDefaultTrustedCertsFolder:
433 * @path: the default trusted certs path.
435 * Sets the default trusted certs folder.
437 * Returns: 0 on success or a negative value if an error occurs.
440 xmlSecOpenSSLSetDefaultTrustedCertsFolder(const xmlChar* path) {
441 if(gXmlSecOpenSSLTrustedCertsFolder != NULL) {
442 xmlFree(gXmlSecOpenSSLTrustedCertsFolder);
443 gXmlSecOpenSSLTrustedCertsFolder = NULL;
447 gXmlSecOpenSSLTrustedCertsFolder = xmlStrdup(BAD_CAST path);
448 if(gXmlSecOpenSSLTrustedCertsFolder == NULL) {
449 xmlSecError(XMLSEC_ERRORS_HERE,
452 XMLSEC_ERRORS_R_MALLOC_FAILED,
453 XMLSEC_ERRORS_NO_MESSAGE);
462 * xmlSecOpenSSLGetDefaultTrustedCertsFolder:
464 * Gets the default trusted certs folder.
466 * Returns: the default trusted cert folder.
469 xmlSecOpenSSLGetDefaultTrustedCertsFolder(void) {
470 return(gXmlSecOpenSSLTrustedCertsFolder);