libssl_compat.c revision 316722 
155682Smarkm/*
2233294Sstas * libssl_compat.c -- OpenSSL v1.1 compatibility functions
3233294Sstas *
4233294Sstas * ---------------------------------------------------------------------
555682Smarkm * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
6233294Sstas *
7233294Sstas * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
8233294Sstas *
955682Smarkm * ---------------------------------------------------------------------
10233294Sstas * This is a clean room implementation of shim functions that have
11233294Sstas * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
1255682Smarkm * while OpenSSL broke binary compatibility with v1.1, this shim module
13233294Sstas * should provide the necessary source code compatibility with older
14233294Sstas * versions of OpenSSL.
15233294Sstas * ---------------------------------------------------------------------
1655682Smarkm */
17233294Sstas#include "config.h"
18233294Sstas#include "ntp_types.h"
19233294Sstas
2055682Smarkm/* ----------------------------------------------------------------- */
21233294Sstas#ifdef OPENSSL
22233294Sstas# include <string.h>
23233294Sstas# include <openssl/bn.h>
24233294Sstas# include <openssl/evp.h>
25233294Sstas#endif
26233294Sstas/* ----------------------------------------------------------------- */
27233294Sstas
28233294Sstas/* ----------------------------------------------------------------- */
29233294Sstas#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
30233294Sstas/* ----------------------------------------------------------------- */
31233294Sstas
3255682Smarkm#include "libssl_compat.h"
3355682Smarkm#include "ntp_assert.h"
34233294Sstas
3555682Smarkm/* --------------------------------------------------------------------
36178825Sdfr * replace a BIGNUM owned by the caller with another one if it's not
37178825Sdfr * NULL, taking over the ownership of the new value. This clears & frees
38178825Sdfr * the old value -- the clear might be overkill, but it's better to err
39178825Sdfr * on the side of paranoia here.
40178825Sdfr */
41178825Sdfrstatic void
42178825Sdfrreplace_bn_nn(
43178825Sdfr	BIGNUM **	ps,
44233294Sstas	BIGNUM *	n
45178825Sdfr	)
46233294Sstas{
47233294Sstas	if (n) {
48233294Sstas		REQUIRE(*ps != n);
49233294Sstas		BN_clear_free(*ps);
50178825Sdfr		*ps = n;
51178825Sdfr	}
52178825Sdfr}
53178825Sdfr
54178825Sdfr/* --------------------------------------------------------------------
55178825Sdfr * allocation and deallocation of prime number callbacks
56178825Sdfr */
57178825SdfrBN_GENCB*
58178825SdfrsslshimBN_GENCB_new(void)
59178825Sdfr{
60178825Sdfr	return calloc(1,sizeof(BN_GENCB));
61178825Sdfr}
62178825Sdfr
63178825Sdfrvoid
64178825SdfrsslshimBN_GENCB_free(
65233294Sstas	BN_GENCB	*cb
66178825Sdfr	)
67178825Sdfr{
68178825Sdfr	free(cb);
69178825Sdfr}
70178825Sdfr
71178825Sdfr/* --------------------------------------------------------------------
72178825Sdfr * allocation and deallocation of message digests
73178825Sdfr */
74178825SdfrEVP_MD_CTX*
75178825Sdfrsslshim_EVP_MD_CTX_new(void)
76178825Sdfr{
77233294Sstas	return calloc(1, sizeof(EVP_MD_CTX));
78178825Sdfr}
79178825Sdfr
80178825Sdfrvoid
81178825Sdfrsslshim_EVP_MD_CTX_free(
82178825Sdfr	EVP_MD_CTX *	pctx
83178825Sdfr	)
84233294Sstas{
85233294Sstas	free(pctx);
86178825Sdfr}
87178825Sdfr
88178825Sdfr/* --------------------------------------------------------------------
89178825Sdfr * get EVP keys and key type
90178825Sdfr */
91233294Sstasint
92178825Sdfrsslshim_EVP_PKEY_id(
93233294Sstas	const EVP_PKEY *pkey
94178825Sdfr	)
95178825Sdfr{
96178825Sdfr	return (pkey) ? pkey->type : EVP_PKEY_NONE;
97178825Sdfr}
98178825Sdfr
99178825Sdfrint
100178825Sdfrsslshim_EVP_PKEY_base_id(
101178825Sdfr	const EVP_PKEY *pkey
102178825Sdfr	)
103178825Sdfr{
104233294Sstas	return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
105233294Sstas}
106233294Sstas
107233294SstasRSA*
108233294Sstassslshim_EVP_PKEY_get0_RSA(
109233294Sstas	EVP_PKEY *	pkey
110233294Sstas	)
111233294Sstas{
11255682Smarkm	return (pkey) ? pkey->pkey.rsa : NULL;
113233294Sstas}
114178825Sdfr
115178825SdfrDSA*
116233294Sstassslshim_EVP_PKEY_get0_DSA(
117178825Sdfr	EVP_PKEY *	pkey
118178825Sdfr	)
11955682Smarkm{
120233294Sstas	return (pkey) ? pkey->pkey.dsa : NULL;
12155682Smarkm}
122233294Sstas
123233294Sstas/* --------------------------------------------------------------------
124233294Sstas * set/get RSA params
12555682Smarkm */
126233294Sstasvoid
127233294Sstassslshim_RSA_get0_key(
128233294Sstas	const RSA *	prsa,
129178825Sdfr	const BIGNUM **	pn,
130178825Sdfr	const BIGNUM **	pe,
13155682Smarkm	const BIGNUM **	pd
132178825Sdfr	)
133178825Sdfr{
134178825Sdfr	REQUIRE(prsa != NULL);
135233294Sstas
136178825Sdfr	if (pn)
137233294Sstas		*pn = prsa->n;
138233294Sstas	if (pe)
139178825Sdfr		*pe = prsa->e;
140178825Sdfr	if (pd)
141178825Sdfr		*pd = prsa->d;
142233294Sstas}
143178825Sdfr
144233294Sstasint
145233294Sstassslshim_RSA_set0_key(
14655682Smarkm	RSA *		prsa,
147233294Sstas	BIGNUM *	n,
148233294Sstas	BIGNUM *	e,
149233294Sstas	BIGNUM *	d
150233294Sstas	)
151233294Sstas{
152233294Sstas	REQUIRE(prsa != NULL);
153233294Sstas	if (!((prsa->n || n) && (prsa->e || e)))
154178825Sdfr		return 0;
155178825Sdfr
156233294Sstas	replace_bn_nn(&prsa->n, n);
157233294Sstas	replace_bn_nn(&prsa->e, e);
158233294Sstas	replace_bn_nn(&prsa->d, d);
159233294Sstas
160233294Sstas	return 1;
161233294Sstas}
162233294Sstas
163233294Sstasvoid
164233294Sstassslshim_RSA_get0_factors(
165233294Sstas	const RSA *	prsa,
166178825Sdfr	const BIGNUM **	pp,
16755682Smarkm	const BIGNUM **	pq
168178825Sdfr	)
16955682Smarkm{
170233294Sstas	REQUIRE(prsa != NULL);
171233294Sstas
17255682Smarkm	if (pp)
173233294Sstas		*pp = prsa->p;
174178825Sdfr	if (pq)
175178825Sdfr		*pq = prsa->q;
176178825Sdfr}
177178825Sdfr
178103423Snectarint
179178825Sdfrsslshim_RSA_set0_factors(
180178825Sdfr	RSA    *	prsa,
181178825Sdfr	BIGNUM *	p,
182178825Sdfr	BIGNUM *	q
183178825Sdfr	)
184178825Sdfr{
185233294Sstas	REQUIRE(prsa != NULL);
186178825Sdfr	if (!((prsa->p || p) && (prsa->q || q)))
187178825Sdfr		return 0;
188178825Sdfr
18955682Smarkm	replace_bn_nn(&prsa->p, p);
190178825Sdfr	replace_bn_nn(&prsa->q, q);
191178825Sdfr
19255682Smarkm	return 1;
193233294Sstas}
194233294Sstas
195178825Sdfrint
19655682Smarkmsslshim_RSA_set0_crt_params(
197178825Sdfr	RSA    *	prsa,
19855682Smarkm	BIGNUM *	dmp1,
199	BIGNUM *	dmq1,
200	BIGNUM *	iqmp
201	)
202{
203	REQUIRE(prsa != NULL);
204	if (!((prsa->dmp1 || dmp1) &&
205	      (prsa->dmq1 || dmq1) &&
206	      (prsa->iqmp || iqmp) ))
207		return 0;
208
209	replace_bn_nn(&prsa->dmp1, dmp1);
210	replace_bn_nn(&prsa->dmq1, dmq1);
211	replace_bn_nn(&prsa->iqmp, iqmp);
212
213	return 1;
214}
215
216/* --------------------------------------------------------------------
217 * set/get DSA signature parameters
218 */
219void
220sslshim_DSA_SIG_get0(
221	const DSA_SIG *	psig,
222	const BIGNUM **	pr,
223	const BIGNUM **	ps
224	)
225{
226	REQUIRE(psig != NULL);
227
228	if (pr != NULL)
229		*pr = psig->r;
230	if (ps != NULL)
231		*ps = psig->s;
232}
233
234int
235sslshim_DSA_SIG_set0(
236	DSA_SIG *	psig,
237	BIGNUM *	r,
238	BIGNUM *	s
239	)
240{
241	REQUIRE(psig != NULL);
242	if (!(r && s))
243		return 0;
244
245	replace_bn_nn(&psig->r, r);
246	replace_bn_nn(&psig->s, s);
247
248	return 1;
249}
250
251/* --------------------------------------------------------------------
252 * get/set DSA parameters
253 */
254void
255sslshim_DSA_get0_pqg(
256	const DSA *	pdsa,
257	const BIGNUM **	pp,
258	const BIGNUM **	pq,
259	const BIGNUM **	pg
260	)
261{
262	REQUIRE(pdsa != NULL);
263
264	if (pp != NULL)
265		*pp = pdsa->p;
266	if (pq != NULL)
267		*pq = pdsa->q;
268	if (pg != NULL)
269		*pg = pdsa->g;
270}
271
272int
273sslshim_DSA_set0_pqg(
274	DSA *		pdsa,
275	BIGNUM *	p,
276	BIGNUM *	q,
277	BIGNUM *	g
278	)
279{
280	if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
281		return 0;
282
283	replace_bn_nn(&pdsa->p, p);
284	replace_bn_nn(&pdsa->q, q);
285	replace_bn_nn(&pdsa->g, g);
286
287	return 1;
288}
289
290void
291sslshim_DSA_get0_key(
292	const DSA *	pdsa,
293	const BIGNUM **	ppub_key,
294	const BIGNUM **	ppriv_key
295	)
296{
297	REQUIRE(pdsa != NULL);
298
299	if (ppub_key != NULL)
300		*ppub_key = pdsa->pub_key;
301	if (ppriv_key != NULL)
302		*ppriv_key = pdsa->priv_key;
303}
304
305int
306sslshim_DSA_set0_key(
307	DSA *		pdsa,
308	BIGNUM *	pub_key,
309	BIGNUM *	priv_key
310	)
311{
312	REQUIRE(pdsa != NULL);
313	if (!(pdsa->pub_key || pub_key))
314		return 0;
315
316	replace_bn_nn(&pdsa->pub_key, pub_key);
317	replace_bn_nn(&pdsa->priv_key, priv_key);
318
319	return 1;
320}
321
322int
323sslshim_X509_get_signature_nid(
324	const X509 *x
325	)
326{
327	return OBJ_obj2nid(x->sig_alg->algorithm);
328}
329
330/* ----------------------------------------------------------------- */
331#else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
332/* ----------------------------------------------------------------- */
333
334NONEMPTY_TRANSLATION_UNIT
335
336/* ----------------------------------------------------------------- */
337#endif
338/* ----------------------------------------------------------------- */
339