libssl_compat.c revision 316068 
1/*
2 * libssl_compat.c -- OpenSSL v1.1 compatibility functions
3 *
4 * ---------------------------------------------------------------------
5 * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
6 *
7 * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
8 *
9 * ---------------------------------------------------------------------
10 * This is a clean room implementation of shim functions that have
11 * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
12 * while OpenSSL broke binary compatibility with v1.1, this shim module
13 * should provide the necessary source code compatibility with older
14 * versions of OpenSSL.
15 * ---------------------------------------------------------------------
16 */
17#include "config.h"
18#include "ntp_types.h"
19
20/* ----------------------------------------------------------------- */
21#ifdef OPENSSL
22# include <string.h>
23# include <openssl/bn.h>
24# include <openssl/evp.h>
25#endif
26/* ----------------------------------------------------------------- */
27
28/* ----------------------------------------------------------------- */
29#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
30/* ----------------------------------------------------------------- */
31
32#include "libssl_compat.h"
33#include "ntp_assert.h"
34
35/* --------------------------------------------------------------------
36 * replace a BIGNUM owned by the caller with another one if it's not
37 * NULL, taking over the ownership of the new value. This clears & frees
38 * the old value -- the clear might be overkill, but it's better to err
39 * on the side of paranoia here.
40 */
41static void
42replace_bn_nn(
43	BIGNUM **	ps,
44	BIGNUM *	n
45	)
46{
47	if (n) {
48		REQUIRE(*ps != n);
49		BN_clear_free(*ps);
50		*ps = n;
51	}
52}
53
54/* --------------------------------------------------------------------
55 * allocation and deallocation of prime number callbacks
56 */
57BN_GENCB*
58sslshimBN_GENCB_new(void)
59{
60	return calloc(1,sizeof(BN_GENCB));
61}
62
63void
64sslshimBN_GENCB_free(
65	BN_GENCB	*cb
66	)
67{
68	free(cb);
69}
70
71/* --------------------------------------------------------------------
72 * allocation and deallocation of message digests
73 */
74EVP_MD_CTX*
75sslshim_EVP_MD_CTX_new(void)
76{
77	return calloc(1, sizeof(EVP_MD_CTX));
78}
79
80void
81sslshim_EVP_MD_CTX_free(
82	EVP_MD_CTX *	pctx
83	)
84{
85	free(pctx);
86}
87
88/* --------------------------------------------------------------------
89 * get EVP keys and key type
90 */
91int
92sslshim_EVP_PKEY_id(
93	const EVP_PKEY *pkey
94	)
95{
96	return (pkey) ? pkey->type : EVP_PKEY_NONE;
97}
98
99int
100sslshim_EVP_PKEY_base_id(
101	const EVP_PKEY *pkey
102	)
103{
104	return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
105}
106
107RSA*
108sslshim_EVP_PKEY_get0_RSA(
109	EVP_PKEY *	pkey
110	)
111{
112	return (pkey) ? pkey->pkey.rsa : NULL;
113}
114
115DSA*
116sslshim_EVP_PKEY_get0_DSA(
117	EVP_PKEY *	pkey
118	)
119{
120	return (pkey) ? pkey->pkey.dsa : NULL;
121}
122
123/* --------------------------------------------------------------------
124 * set/get RSA params
125 */
126void
127sslshim_RSA_get0_key(
128	const RSA *	prsa,
129	const BIGNUM **	pn,
130	const BIGNUM **	pe,
131	const BIGNUM **	pd
132	)
133{
134	REQUIRE(prsa != NULL);
135
136	if (pn)
137		*pn = prsa->n;
138	if (pe)
139		*pe = prsa->e;
140	if (pd)
141		*pd = prsa->d;
142}
143
144int
145sslshim_RSA_set0_key(
146	RSA *		prsa,
147	BIGNUM *	n,
148	BIGNUM *	e,
149	BIGNUM *	d
150	)
151{
152	REQUIRE(prsa != NULL);
153	if (!((prsa->n || n) && (prsa->e || e)))
154		return 0;
155
156	replace_bn_nn(&prsa->n, n);
157	replace_bn_nn(&prsa->e, e);
158	replace_bn_nn(&prsa->d, d);
159
160	return 1;
161}
162
163void
164sslshim_RSA_get0_factors(
165	const RSA *	prsa,
166	const BIGNUM **	pp,
167	const BIGNUM **	pq
168	)
169{
170	REQUIRE(prsa != NULL);
171
172	if (pp)
173		*pp = prsa->p;
174	if (pq)
175		*pq = prsa->q;
176}
177
178int
179sslshim_RSA_set0_factors(
180	RSA    *	prsa,
181	BIGNUM *	p,
182	BIGNUM *	q
183	)
184{
185	REQUIRE(prsa != NULL);
186	if (!((prsa->p || p) && (prsa->q || q)))
187		return 0;
188
189	replace_bn_nn(&prsa->p, p);
190	replace_bn_nn(&prsa->q, q);
191
192	return 1;
193}
194
195int
196sslshim_RSA_set0_crt_params(
197	RSA    *	prsa,
198	BIGNUM *	dmp1,
199	BIGNUM *	dmq1,
200	BIGNUM *	iqmp
201	)
202{
203	REQUIRE(prsa != NULL);
204	if (!((prsa->dmp1 || dmp1) &&
205	      (prsa->dmq1 || dmq1) &&
206	      (prsa->iqmp || iqmp) ))
207		return 0;
208
209	replace_bn_nn(&prsa->dmp1, dmp1);
210	replace_bn_nn(&prsa->dmq1, dmq1);
211	replace_bn_nn(&prsa->iqmp, iqmp);
212
213	return 1;
214}
215
216/* --------------------------------------------------------------------
217 * set/get DSA signature parameters
218 */
219void
220sslshim_DSA_SIG_get0(
221	const DSA_SIG *	psig,
222	const BIGNUM **	pr,
223	const BIGNUM **	ps
224	)
225{
226	REQUIRE(psig != NULL);
227
228	if (pr != NULL)
229		*pr = psig->r;
230	if (ps != NULL)
231		*ps = psig->s;
232}
233
234int
235sslshim_DSA_SIG_set0(
236	DSA_SIG *	psig,
237	BIGNUM *	r,
238	BIGNUM *	s
239	)
240{
241	REQUIRE(psig != NULL);
242	if (!(r && s))
243		return 0;
244
245	replace_bn_nn(&psig->r, r);
246	replace_bn_nn(&psig->s, s);
247
248	return 1;
249}
250
251/* --------------------------------------------------------------------
252 * get/set DSA parameters
253 */
254void
255sslshim_DSA_get0_pqg(
256	const DSA *	pdsa,
257	const BIGNUM **	pp,
258	const BIGNUM **	pq,
259	const BIGNUM **	pg
260	)
261{
262	REQUIRE(pdsa != NULL);
263
264	if (pp != NULL)
265		*pp = pdsa->p;
266	if (pq != NULL)
267		*pq = pdsa->q;
268	if (pg != NULL)
269		*pg = pdsa->g;
270}
271
272int
273sslshim_DSA_set0_pqg(
274	DSA *		pdsa,
275	BIGNUM *	p,
276	BIGNUM *	q,
277	BIGNUM *	g
278	)
279{
280	if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
281		return 0;
282
283	replace_bn_nn(&pdsa->p, p);
284	replace_bn_nn(&pdsa->q, q);
285	replace_bn_nn(&pdsa->g, g);
286
287	return 1;
288}
289
290void
291sslshim_DSA_get0_key(
292	const DSA *	pdsa,
293	const BIGNUM **	ppub_key,
294	const BIGNUM **	ppriv_key
295	)
296{
297	REQUIRE(pdsa != NULL);
298
299	if (ppub_key != NULL)
300		*ppub_key = pdsa->pub_key;
301	if (ppriv_key != NULL)
302		*ppriv_key = pdsa->priv_key;
303}
304
305int
306sslshim_DSA_set0_key(
307	DSA *		pdsa,
308	BIGNUM *	pub_key,
309	BIGNUM *	priv_key
310	)
311{
312	REQUIRE(pdsa != NULL);
313	if (!(pdsa->pub_key || pub_key))
314		return 0;
315
316	replace_bn_nn(&pdsa->pub_key, pub_key);
317	replace_bn_nn(&pdsa->priv_key, priv_key);
318
319	return 1;
320}
321
322int
323sslshim_X509_get_signature_nid(
324	const X509 *x
325	)
326{
327	return OBJ_obj2nid(x->sig_alg->algorithm);
328}
329
330/* ----------------------------------------------------------------- */
331#else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
332/* ----------------------------------------------------------------- */
333
334NONEMPTY_TRANSLATION_UNIT
335
336/* ----------------------------------------------------------------- */
337#endif
338/* ----------------------------------------------------------------- */
339