xref: /freebsd/contrib/ntp/libntp/libssl_compat.c (revision 0e6acb26) 
1 /*
2  * libssl_compat.c -- OpenSSL v1.1 compatibility functions
3  *
4  * ---------------------------------------------------------------------
5  * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
6  *
7  * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
8  *
9  * ---------------------------------------------------------------------
10  * This is a clean room implementation of shim functions that have
11  * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
12  * while OpenSSL broke binary compatibility with v1.1, this shim module
13  * should provide the necessary source code compatibility with older
14  * versions of OpenSSL.
15  * ---------------------------------------------------------------------
16  */
17 #include "config.h"
18 #include "ntp_types.h"
19 
20 /* ----------------------------------------------------------------- */
21 #ifdef OPENSSL
22 # include <string.h>
23 # include <openssl/bn.h>
24 # include <openssl/evp.h>
25 #endif
26 /* ----------------------------------------------------------------- */
27 
28 /* ----------------------------------------------------------------- */
29 #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
30 /* ----------------------------------------------------------------- */
31 
32 #include "libssl_compat.h"
33 #include "ntp_assert.h"
34 
35 /* --------------------------------------------------------------------
36  * replace a BIGNUM owned by the caller with another one if it's not
37  * NULL, taking over the ownership of the new value. This clears & frees
38  * the old value -- the clear might be overkill, but it's better to err
39  * on the side of paranoia here.
40  */
41 static void
42 replace_bn_nn(
43 	BIGNUM **	ps,
44 	BIGNUM *	n
45 	)
46 {
47 	if (n) {
48 		REQUIRE(*ps != n);
49 		BN_clear_free(*ps);
50 		*ps = n;
51 	}
52 }
53 
54 /* --------------------------------------------------------------------
55  * allocation and deallocation of prime number callbacks
56  */
57 BN_GENCB*
58 sslshimBN_GENCB_new(void)
59 {
60 	return calloc(1,sizeof(BN_GENCB));
61 }
62 
63 void
64 sslshimBN_GENCB_free(
65 	BN_GENCB	*cb
66 	)
67 {
68 	free(cb);
69 }
70 
71 /* --------------------------------------------------------------------
72  * allocation and deallocation of message digests
73  */
74 EVP_MD_CTX*
75 sslshim_EVP_MD_CTX_new(void)
76 {
77 	return calloc(1, sizeof(EVP_MD_CTX));
78 }
79 
80 void
81 sslshim_EVP_MD_CTX_free(
82 	EVP_MD_CTX *	pctx
83 	)
84 {
85 	free(pctx);
86 }
87 
88 /* --------------------------------------------------------------------
89  * get EVP keys and key type
90  */
91 int
92 sslshim_EVP_PKEY_id(
93 	const EVP_PKEY *pkey
94 	)
95 {
96 	return (pkey) ? pkey->type : EVP_PKEY_NONE;
97 }
98 
99 int
100 sslshim_EVP_PKEY_base_id(
101 	const EVP_PKEY *pkey
102 	)
103 {
104 	return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
105 }
106 
107 RSA*
108 sslshim_EVP_PKEY_get0_RSA(
109 	EVP_PKEY *	pkey
110 	)
111 {
112 	return (pkey) ? pkey->pkey.rsa : NULL;
113 }
114 
115 DSA*
116 sslshim_EVP_PKEY_get0_DSA(
117 	EVP_PKEY *	pkey
118 	)
119 {
120 	return (pkey) ? pkey->pkey.dsa : NULL;
121 }
122 
123 /* --------------------------------------------------------------------
124  * set/get RSA params
125  */
126 void
127 sslshim_RSA_get0_key(
128 	const RSA *	prsa,
129 	const BIGNUM **	pn,
130 	const BIGNUM **	pe,
131 	const BIGNUM **	pd
132 	)
133 {
134 	REQUIRE(prsa != NULL);
135 
136 	if (pn)
137 		*pn = prsa->n;
138 	if (pe)
139 		*pe = prsa->e;
140 	if (pd)
141 		*pd = prsa->d;
142 }
143 
144 int
145 sslshim_RSA_set0_key(
146 	RSA *		prsa,
147 	BIGNUM *	n,
148 	BIGNUM *	e,
149 	BIGNUM *	d
150 	)
151 {
152 	REQUIRE(prsa != NULL);
153 	if (!((prsa->n || n) && (prsa->e || e)))
154 		return 0;
155 
156 	replace_bn_nn(&prsa->n, n);
157 	replace_bn_nn(&prsa->e, e);
158 	replace_bn_nn(&prsa->d, d);
159 
160 	return 1;
161 }
162 
163 void
164 sslshim_RSA_get0_factors(
165 	const RSA *	prsa,
166 	const BIGNUM **	pp,
167 	const BIGNUM **	pq
168 	)
169 {
170 	REQUIRE(prsa != NULL);
171 
172 	if (pp)
173 		*pp = prsa->p;
174 	if (pq)
175 		*pq = prsa->q;
176 }
177 
178 int
179 sslshim_RSA_set0_factors(
180 	RSA    *	prsa,
181 	BIGNUM *	p,
182 	BIGNUM *	q
183 	)
184 {
185 	REQUIRE(prsa != NULL);
186 	if (!((prsa->p || p) && (prsa->q || q)))
187 		return 0;
188 
189 	replace_bn_nn(&prsa->p, p);
190 	replace_bn_nn(&prsa->q, q);
191 
192 	return 1;
193 }
194 
195 int
196 sslshim_RSA_set0_crt_params(
197 	RSA    *	prsa,
198 	BIGNUM *	dmp1,
199 	BIGNUM *	dmq1,
200 	BIGNUM *	iqmp
201 	)
202 {
203 	REQUIRE(prsa != NULL);
204 	if (!((prsa->dmp1 || dmp1) &&
205 	      (prsa->dmq1 || dmq1) &&
206 	      (prsa->iqmp || iqmp) ))
207 		return 0;
208 
209 	replace_bn_nn(&prsa->dmp1, dmp1);
210 	replace_bn_nn(&prsa->dmq1, dmq1);
211 	replace_bn_nn(&prsa->iqmp, iqmp);
212 
213 	return 1;
214 }
215 
216 /* --------------------------------------------------------------------
217  * set/get DSA signature parameters
218  */
219 void
220 sslshim_DSA_SIG_get0(
221 	const DSA_SIG *	psig,
222 	const BIGNUM **	pr,
223 	const BIGNUM **	ps
224 	)
225 {
226 	REQUIRE(psig != NULL);
227 
228 	if (pr != NULL)
229 		*pr = psig->r;
230 	if (ps != NULL)
231 		*ps = psig->s;
232 }
233 
234 int
235 sslshim_DSA_SIG_set0(
236 	DSA_SIG *	psig,
237 	BIGNUM *	r,
238 	BIGNUM *	s
239 	)
240 {
241 	REQUIRE(psig != NULL);
242 	if (!(r && s))
243 		return 0;
244 
245 	replace_bn_nn(&psig->r, r);
246 	replace_bn_nn(&psig->s, s);
247 
248 	return 1;
249 }
250 
251 /* --------------------------------------------------------------------
252  * get/set DSA parameters
253  */
254 void
255 sslshim_DSA_get0_pqg(
256 	const DSA *	pdsa,
257 	const BIGNUM **	pp,
258 	const BIGNUM **	pq,
259 	const BIGNUM **	pg
260 	)
261 {
262 	REQUIRE(pdsa != NULL);
263 
264 	if (pp != NULL)
265 		*pp = pdsa->p;
266 	if (pq != NULL)
267 		*pq = pdsa->q;
268 	if (pg != NULL)
269 		*pg = pdsa->g;
270 }
271 
272 int
273 sslshim_DSA_set0_pqg(
274 	DSA *		pdsa,
275 	BIGNUM *	p,
276 	BIGNUM *	q,
277 	BIGNUM *	g
278 	)
279 {
280 	if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
281 		return 0;
282 
283 	replace_bn_nn(&pdsa->p, p);
284 	replace_bn_nn(&pdsa->q, q);
285 	replace_bn_nn(&pdsa->g, g);
286 
287 	return 1;
288 }
289 
290 void
291 sslshim_DSA_get0_key(
292 	const DSA *	pdsa,
293 	const BIGNUM **	ppub_key,
294 	const BIGNUM **	ppriv_key
295 	)
296 {
297 	REQUIRE(pdsa != NULL);
298 
299 	if (ppub_key != NULL)
300 		*ppub_key = pdsa->pub_key;
301 	if (ppriv_key != NULL)
302 		*ppriv_key = pdsa->priv_key;
303 }
304 
305 int
306 sslshim_DSA_set0_key(
307 	DSA *		pdsa,
308 	BIGNUM *	pub_key,
309 	BIGNUM *	priv_key
310 	)
311 {
312 	REQUIRE(pdsa != NULL);
313 	if (!(pdsa->pub_key || pub_key))
314 		return 0;
315 
316 	replace_bn_nn(&pdsa->pub_key, pub_key);
317 	replace_bn_nn(&pdsa->priv_key, priv_key);
318 
319 	return 1;
320 }
321 
322 int
323 sslshim_X509_get_signature_nid(
324 	const X509 *x
325 	)
326 {
327 	return OBJ_obj2nid(x->sig_alg->algorithm);
328 }
329 
330 /* ----------------------------------------------------------------- */
331 #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
332 /* ----------------------------------------------------------------- */
333 
334 NONEMPTY_TRANSLATION_UNIT
335 
336 /* ----------------------------------------------------------------- */
337 #endif
338 /* ----------------------------------------------------------------- */
339