libssl_compat.c revision 316722
155682Smarkm/* 2233294Sstas * libssl_compat.c -- OpenSSL v1.1 compatibility functions 3233294Sstas * 4233294Sstas * --------------------------------------------------------------------- 555682Smarkm * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project 6233294Sstas * 7233294Sstas * Based on an idea by Kurt Roeckx <kurt@roeckx.be> 8233294Sstas * 955682Smarkm * --------------------------------------------------------------------- 10233294Sstas * This is a clean room implementation of shim functions that have 11233294Sstas * counterparts in the OpenSSL v1.1 API but not in earlier versions. So 1255682Smarkm * while OpenSSL broke binary compatibility with v1.1, this shim module 13233294Sstas * should provide the necessary source code compatibility with older 14233294Sstas * versions of OpenSSL. 15233294Sstas * --------------------------------------------------------------------- 1655682Smarkm */ 17233294Sstas#include "config.h" 18233294Sstas#include "ntp_types.h" 19233294Sstas 2055682Smarkm/* ----------------------------------------------------------------- */ 21233294Sstas#ifdef OPENSSL 22233294Sstas# include <string.h> 23233294Sstas# include <openssl/bn.h> 24233294Sstas# include <openssl/evp.h> 25233294Sstas#endif 26233294Sstas/* ----------------------------------------------------------------- */ 27233294Sstas 28233294Sstas/* ----------------------------------------------------------------- */ 29233294Sstas#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L 30233294Sstas/* ----------------------------------------------------------------- */ 31233294Sstas 3255682Smarkm#include "libssl_compat.h" 3355682Smarkm#include "ntp_assert.h" 34233294Sstas 3555682Smarkm/* -------------------------------------------------------------------- 36178825Sdfr * replace a BIGNUM owned by the caller with another one if it's not 37178825Sdfr * NULL, taking over the ownership of the new value. This clears & frees 38178825Sdfr * the old value -- the clear might be overkill, but it's better to err 39178825Sdfr * on the side of paranoia here. 40178825Sdfr */ 41178825Sdfrstatic void 42178825Sdfrreplace_bn_nn( 43178825Sdfr BIGNUM ** ps, 44233294Sstas BIGNUM * n 45178825Sdfr ) 46233294Sstas{ 47233294Sstas if (n) { 48233294Sstas REQUIRE(*ps != n); 49233294Sstas BN_clear_free(*ps); 50178825Sdfr *ps = n; 51178825Sdfr } 52178825Sdfr} 53178825Sdfr 54178825Sdfr/* -------------------------------------------------------------------- 55178825Sdfr * allocation and deallocation of prime number callbacks 56178825Sdfr */ 57178825SdfrBN_GENCB* 58178825SdfrsslshimBN_GENCB_new(void) 59178825Sdfr{ 60178825Sdfr return calloc(1,sizeof(BN_GENCB)); 61178825Sdfr} 62178825Sdfr 63178825Sdfrvoid 64178825SdfrsslshimBN_GENCB_free( 65233294Sstas BN_GENCB *cb 66178825Sdfr ) 67178825Sdfr{ 68178825Sdfr free(cb); 69178825Sdfr} 70178825Sdfr 71178825Sdfr/* -------------------------------------------------------------------- 72178825Sdfr * allocation and deallocation of message digests 73178825Sdfr */ 74178825SdfrEVP_MD_CTX* 75178825Sdfrsslshim_EVP_MD_CTX_new(void) 76178825Sdfr{ 77233294Sstas return calloc(1, sizeof(EVP_MD_CTX)); 78178825Sdfr} 79178825Sdfr 80178825Sdfrvoid 81178825Sdfrsslshim_EVP_MD_CTX_free( 82178825Sdfr EVP_MD_CTX * pctx 83178825Sdfr ) 84233294Sstas{ 85233294Sstas free(pctx); 86178825Sdfr} 87178825Sdfr 88178825Sdfr/* -------------------------------------------------------------------- 89178825Sdfr * get EVP keys and key type 90178825Sdfr */ 91233294Sstasint 92178825Sdfrsslshim_EVP_PKEY_id( 93233294Sstas const EVP_PKEY *pkey 94178825Sdfr ) 95178825Sdfr{ 96178825Sdfr return (pkey) ? pkey->type : EVP_PKEY_NONE; 97178825Sdfr} 98178825Sdfr 99178825Sdfrint 100178825Sdfrsslshim_EVP_PKEY_base_id( 101178825Sdfr const EVP_PKEY *pkey 102178825Sdfr ) 103178825Sdfr{ 104233294Sstas return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; 105233294Sstas} 106233294Sstas 107233294SstasRSA* 108233294Sstassslshim_EVP_PKEY_get0_RSA( 109233294Sstas EVP_PKEY * pkey 110233294Sstas ) 111233294Sstas{ 11255682Smarkm return (pkey) ? pkey->pkey.rsa : NULL; 113233294Sstas} 114178825Sdfr 115178825SdfrDSA* 116233294Sstassslshim_EVP_PKEY_get0_DSA( 117178825Sdfr EVP_PKEY * pkey 118178825Sdfr ) 11955682Smarkm{ 120233294Sstas return (pkey) ? pkey->pkey.dsa : NULL; 12155682Smarkm} 122233294Sstas 123233294Sstas/* -------------------------------------------------------------------- 124233294Sstas * set/get RSA params 12555682Smarkm */ 126233294Sstasvoid 127233294Sstassslshim_RSA_get0_key( 128233294Sstas const RSA * prsa, 129178825Sdfr const BIGNUM ** pn, 130178825Sdfr const BIGNUM ** pe, 13155682Smarkm const BIGNUM ** pd 132178825Sdfr ) 133178825Sdfr{ 134178825Sdfr REQUIRE(prsa != NULL); 135233294Sstas 136178825Sdfr if (pn) 137233294Sstas *pn = prsa->n; 138233294Sstas if (pe) 139178825Sdfr *pe = prsa->e; 140178825Sdfr if (pd) 141178825Sdfr *pd = prsa->d; 142233294Sstas} 143178825Sdfr 144233294Sstasint 145233294Sstassslshim_RSA_set0_key( 14655682Smarkm RSA * prsa, 147233294Sstas BIGNUM * n, 148233294Sstas BIGNUM * e, 149233294Sstas BIGNUM * d 150233294Sstas ) 151233294Sstas{ 152233294Sstas REQUIRE(prsa != NULL); 153233294Sstas if (!((prsa->n || n) && (prsa->e || e))) 154178825Sdfr return 0; 155178825Sdfr 156233294Sstas replace_bn_nn(&prsa->n, n); 157233294Sstas replace_bn_nn(&prsa->e, e); 158233294Sstas replace_bn_nn(&prsa->d, d); 159233294Sstas 160233294Sstas return 1; 161233294Sstas} 162233294Sstas 163233294Sstasvoid 164233294Sstassslshim_RSA_get0_factors( 165233294Sstas const RSA * prsa, 166178825Sdfr const BIGNUM ** pp, 16755682Smarkm const BIGNUM ** pq 168178825Sdfr ) 16955682Smarkm{ 170233294Sstas REQUIRE(prsa != NULL); 171233294Sstas 17255682Smarkm if (pp) 173233294Sstas *pp = prsa->p; 174178825Sdfr if (pq) 175178825Sdfr *pq = prsa->q; 176178825Sdfr} 177178825Sdfr 178103423Snectarint 179178825Sdfrsslshim_RSA_set0_factors( 180178825Sdfr RSA * prsa, 181178825Sdfr BIGNUM * p, 182178825Sdfr BIGNUM * q 183178825Sdfr ) 184178825Sdfr{ 185233294Sstas REQUIRE(prsa != NULL); 186178825Sdfr if (!((prsa->p || p) && (prsa->q || q))) 187178825Sdfr return 0; 188178825Sdfr 18955682Smarkm replace_bn_nn(&prsa->p, p); 190178825Sdfr replace_bn_nn(&prsa->q, q); 191178825Sdfr 19255682Smarkm return 1; 193233294Sstas} 194233294Sstas 195178825Sdfrint 19655682Smarkmsslshim_RSA_set0_crt_params( 197178825Sdfr RSA * prsa, 19855682Smarkm BIGNUM * dmp1, 199 BIGNUM * dmq1, 200 BIGNUM * iqmp 201 ) 202{ 203 REQUIRE(prsa != NULL); 204 if (!((prsa->dmp1 || dmp1) && 205 (prsa->dmq1 || dmq1) && 206 (prsa->iqmp || iqmp) )) 207 return 0; 208 209 replace_bn_nn(&prsa->dmp1, dmp1); 210 replace_bn_nn(&prsa->dmq1, dmq1); 211 replace_bn_nn(&prsa->iqmp, iqmp); 212 213 return 1; 214} 215 216/* -------------------------------------------------------------------- 217 * set/get DSA signature parameters 218 */ 219void 220sslshim_DSA_SIG_get0( 221 const DSA_SIG * psig, 222 const BIGNUM ** pr, 223 const BIGNUM ** ps 224 ) 225{ 226 REQUIRE(psig != NULL); 227 228 if (pr != NULL) 229 *pr = psig->r; 230 if (ps != NULL) 231 *ps = psig->s; 232} 233 234int 235sslshim_DSA_SIG_set0( 236 DSA_SIG * psig, 237 BIGNUM * r, 238 BIGNUM * s 239 ) 240{ 241 REQUIRE(psig != NULL); 242 if (!(r && s)) 243 return 0; 244 245 replace_bn_nn(&psig->r, r); 246 replace_bn_nn(&psig->s, s); 247 248 return 1; 249} 250 251/* -------------------------------------------------------------------- 252 * get/set DSA parameters 253 */ 254void 255sslshim_DSA_get0_pqg( 256 const DSA * pdsa, 257 const BIGNUM ** pp, 258 const BIGNUM ** pq, 259 const BIGNUM ** pg 260 ) 261{ 262 REQUIRE(pdsa != NULL); 263 264 if (pp != NULL) 265 *pp = pdsa->p; 266 if (pq != NULL) 267 *pq = pdsa->q; 268 if (pg != NULL) 269 *pg = pdsa->g; 270} 271 272int 273sslshim_DSA_set0_pqg( 274 DSA * pdsa, 275 BIGNUM * p, 276 BIGNUM * q, 277 BIGNUM * g 278 ) 279{ 280 if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g))) 281 return 0; 282 283 replace_bn_nn(&pdsa->p, p); 284 replace_bn_nn(&pdsa->q, q); 285 replace_bn_nn(&pdsa->g, g); 286 287 return 1; 288} 289 290void 291sslshim_DSA_get0_key( 292 const DSA * pdsa, 293 const BIGNUM ** ppub_key, 294 const BIGNUM ** ppriv_key 295 ) 296{ 297 REQUIRE(pdsa != NULL); 298 299 if (ppub_key != NULL) 300 *ppub_key = pdsa->pub_key; 301 if (ppriv_key != NULL) 302 *ppriv_key = pdsa->priv_key; 303} 304 305int 306sslshim_DSA_set0_key( 307 DSA * pdsa, 308 BIGNUM * pub_key, 309 BIGNUM * priv_key 310 ) 311{ 312 REQUIRE(pdsa != NULL); 313 if (!(pdsa->pub_key || pub_key)) 314 return 0; 315 316 replace_bn_nn(&pdsa->pub_key, pub_key); 317 replace_bn_nn(&pdsa->priv_key, priv_key); 318 319 return 1; 320} 321 322int 323sslshim_X509_get_signature_nid( 324 const X509 *x 325 ) 326{ 327 return OBJ_obj2nid(x->sig_alg->algorithm); 328} 329 330/* ----------------------------------------------------------------- */ 331#else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */ 332/* ----------------------------------------------------------------- */ 333 334NONEMPTY_TRANSLATION_UNIT 335 336/* ----------------------------------------------------------------- */ 337#endif 338/* ----------------------------------------------------------------- */ 339