xref: /freebsd/contrib/ntp/libntp/libssl_compat.c (revision 091002585974d17c9533f943ec351c13a69788ab)
1 /*
2  * libssl_compat.c -- OpenSSL v1.1 compatibility functions
3  *
4  * ---------------------------------------------------------------------
5  * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
6  *
7  * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
8  *
9  * ---------------------------------------------------------------------
10  * This is a clean room implementation of shim functions that have
11  * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
12  * while OpenSSL broke binary compatibility with v1.1, this shim module
13  * should provide the necessary source code compatibility with older
14  * versions of OpenSSL.
15  * ---------------------------------------------------------------------
16  */
17 #include "config.h"
18 #include "ntp_types.h"
19 
20 /* ----------------------------------------------------------------- */
21 #ifdef OPENSSL
22 # include <string.h>
23 # include <openssl/bn.h>
24 # include <openssl/evp.h>
25 #endif
26 /* ----------------------------------------------------------------- */
27 
28 /* ----------------------------------------------------------------- */
29 #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
30 /* ----------------------------------------------------------------- */
31 
32 #include "libssl_compat.h"
33 #include "ntp_assert.h"
34 
35 /* --------------------------------------------------------------------
36  * replace a BIGNUM owned by the caller with another one if it's not
37  * NULL, taking over the ownership of the new value. This clears & frees
38  * the old value -- the clear might be overkill, but it's better to err
39  * on the side of paranoia here.
40  */
41 static void
replace_bn_nn(BIGNUM ** ps,BIGNUM * n)42 replace_bn_nn(
43 	BIGNUM **	ps,
44 	BIGNUM *	n
45 	)
46 {
47 	if (n) {
48 		REQUIRE(*ps != n);
49 		BN_clear_free(*ps);
50 		*ps = n;
51 	}
52 }
53 
54 /* --------------------------------------------------------------------
55  * allocation and deallocation of prime number callbacks
56  */
57 BN_GENCB*
sslshimBN_GENCB_new(void)58 sslshimBN_GENCB_new(void)
59 {
60 	return calloc(1,sizeof(BN_GENCB));
61 }
62 
63 void
sslshimBN_GENCB_free(BN_GENCB * cb)64 sslshimBN_GENCB_free(
65 	BN_GENCB	*cb
66 	)
67 {
68 	free(cb);
69 }
70 
71 /* --------------------------------------------------------------------
72  * allocation and deallocation of message digests
73  */
74 EVP_MD_CTX*
sslshim_EVP_MD_CTX_new(void)75 sslshim_EVP_MD_CTX_new(void)
76 {
77 	EVP_MD_CTX *	ctx;
78 	if (NULL != (ctx = calloc(1, sizeof(EVP_MD_CTX))))
79 		EVP_MD_CTX_init(ctx);
80 	return ctx;
81 }
82 
83 void
sslshim_EVP_MD_CTX_free(EVP_MD_CTX * pctx)84 sslshim_EVP_MD_CTX_free(
85 	EVP_MD_CTX *	pctx
86 	)
87 {
88 	free(pctx);
89 }
90 
91 /* --------------------------------------------------------------------
92  * get EVP keys and key type
93  */
94 int
sslshim_EVP_PKEY_id(const EVP_PKEY * pkey)95 sslshim_EVP_PKEY_id(
96 	const EVP_PKEY *pkey
97 	)
98 {
99 	return (pkey) ? pkey->type : EVP_PKEY_NONE;
100 }
101 
102 int
sslshim_EVP_PKEY_base_id(const EVP_PKEY * pkey)103 sslshim_EVP_PKEY_base_id(
104 	const EVP_PKEY *pkey
105 	)
106 {
107 	return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
108 }
109 
110 RSA*
sslshim_EVP_PKEY_get0_RSA(EVP_PKEY * pkey)111 sslshim_EVP_PKEY_get0_RSA(
112 	EVP_PKEY *	pkey
113 	)
114 {
115 	return (pkey) ? pkey->pkey.rsa : NULL;
116 }
117 
118 DSA*
sslshim_EVP_PKEY_get0_DSA(EVP_PKEY * pkey)119 sslshim_EVP_PKEY_get0_DSA(
120 	EVP_PKEY *	pkey
121 	)
122 {
123 	return (pkey) ? pkey->pkey.dsa : NULL;
124 }
125 
126 /* --------------------------------------------------------------------
127  * set/get RSA params
128  */
129 void
sslshim_RSA_get0_key(const RSA * prsa,const BIGNUM ** pn,const BIGNUM ** pe,const BIGNUM ** pd)130 sslshim_RSA_get0_key(
131 	const RSA *	prsa,
132 	const BIGNUM **	pn,
133 	const BIGNUM **	pe,
134 	const BIGNUM **	pd
135 	)
136 {
137 	REQUIRE(prsa != NULL);
138 
139 	if (pn)
140 		*pn = prsa->n;
141 	if (pe)
142 		*pe = prsa->e;
143 	if (pd)
144 		*pd = prsa->d;
145 }
146 
147 int
sslshim_RSA_set0_key(RSA * prsa,BIGNUM * n,BIGNUM * e,BIGNUM * d)148 sslshim_RSA_set0_key(
149 	RSA *		prsa,
150 	BIGNUM *	n,
151 	BIGNUM *	e,
152 	BIGNUM *	d
153 	)
154 {
155 	REQUIRE(prsa != NULL);
156 	if (!((prsa->n || n) && (prsa->e || e)))
157 		return 0;
158 
159 	replace_bn_nn(&prsa->n, n);
160 	replace_bn_nn(&prsa->e, e);
161 	replace_bn_nn(&prsa->d, d);
162 
163 	return 1;
164 }
165 
166 void
sslshim_RSA_get0_factors(const RSA * prsa,const BIGNUM ** pp,const BIGNUM ** pq)167 sslshim_RSA_get0_factors(
168 	const RSA *	prsa,
169 	const BIGNUM **	pp,
170 	const BIGNUM **	pq
171 	)
172 {
173 	REQUIRE(prsa != NULL);
174 
175 	if (pp)
176 		*pp = prsa->p;
177 	if (pq)
178 		*pq = prsa->q;
179 }
180 
181 int
sslshim_RSA_set0_factors(RSA * prsa,BIGNUM * p,BIGNUM * q)182 sslshim_RSA_set0_factors(
183 	RSA    *	prsa,
184 	BIGNUM *	p,
185 	BIGNUM *	q
186 	)
187 {
188 	REQUIRE(prsa != NULL);
189 	if (!((prsa->p || p) && (prsa->q || q)))
190 		return 0;
191 
192 	replace_bn_nn(&prsa->p, p);
193 	replace_bn_nn(&prsa->q, q);
194 
195 	return 1;
196 }
197 
198 int
sslshim_RSA_set0_crt_params(RSA * prsa,BIGNUM * dmp1,BIGNUM * dmq1,BIGNUM * iqmp)199 sslshim_RSA_set0_crt_params(
200 	RSA    *	prsa,
201 	BIGNUM *	dmp1,
202 	BIGNUM *	dmq1,
203 	BIGNUM *	iqmp
204 	)
205 {
206 	REQUIRE(prsa != NULL);
207 	if (!((prsa->dmp1 || dmp1) &&
208 	      (prsa->dmq1 || dmq1) &&
209 	      (prsa->iqmp || iqmp) ))
210 		return 0;
211 
212 	replace_bn_nn(&prsa->dmp1, dmp1);
213 	replace_bn_nn(&prsa->dmq1, dmq1);
214 	replace_bn_nn(&prsa->iqmp, iqmp);
215 
216 	return 1;
217 }
218 
219 /* --------------------------------------------------------------------
220  * set/get DSA signature parameters
221  */
222 void
sslshim_DSA_SIG_get0(const DSA_SIG * psig,const BIGNUM ** pr,const BIGNUM ** ps)223 sslshim_DSA_SIG_get0(
224 	const DSA_SIG *	psig,
225 	const BIGNUM **	pr,
226 	const BIGNUM **	ps
227 	)
228 {
229 	REQUIRE(psig != NULL);
230 
231 	if (pr != NULL)
232 		*pr = psig->r;
233 	if (ps != NULL)
234 		*ps = psig->s;
235 }
236 
237 int
sslshim_DSA_SIG_set0(DSA_SIG * psig,BIGNUM * r,BIGNUM * s)238 sslshim_DSA_SIG_set0(
239 	DSA_SIG *	psig,
240 	BIGNUM *	r,
241 	BIGNUM *	s
242 	)
243 {
244 	REQUIRE(psig != NULL);
245 	if (!(r && s))
246 		return 0;
247 
248 	replace_bn_nn(&psig->r, r);
249 	replace_bn_nn(&psig->s, s);
250 
251 	return 1;
252 }
253 
254 /* --------------------------------------------------------------------
255  * get/set DSA parameters
256  */
257 void
sslshim_DSA_get0_pqg(const DSA * pdsa,const BIGNUM ** pp,const BIGNUM ** pq,const BIGNUM ** pg)258 sslshim_DSA_get0_pqg(
259 	const DSA *	pdsa,
260 	const BIGNUM **	pp,
261 	const BIGNUM **	pq,
262 	const BIGNUM **	pg
263 	)
264 {
265 	REQUIRE(pdsa != NULL);
266 
267 	if (pp != NULL)
268 		*pp = pdsa->p;
269 	if (pq != NULL)
270 		*pq = pdsa->q;
271 	if (pg != NULL)
272 		*pg = pdsa->g;
273 }
274 
275 int
sslshim_DSA_set0_pqg(DSA * pdsa,BIGNUM * p,BIGNUM * q,BIGNUM * g)276 sslshim_DSA_set0_pqg(
277 	DSA *		pdsa,
278 	BIGNUM *	p,
279 	BIGNUM *	q,
280 	BIGNUM *	g
281 	)
282 {
283 	if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
284 		return 0;
285 
286 	replace_bn_nn(&pdsa->p, p);
287 	replace_bn_nn(&pdsa->q, q);
288 	replace_bn_nn(&pdsa->g, g);
289 
290 	return 1;
291 }
292 
293 void
sslshim_DSA_get0_key(const DSA * pdsa,const BIGNUM ** ppub_key,const BIGNUM ** ppriv_key)294 sslshim_DSA_get0_key(
295 	const DSA *	pdsa,
296 	const BIGNUM **	ppub_key,
297 	const BIGNUM **	ppriv_key
298 	)
299 {
300 	REQUIRE(pdsa != NULL);
301 
302 	if (ppub_key != NULL)
303 		*ppub_key = pdsa->pub_key;
304 	if (ppriv_key != NULL)
305 		*ppriv_key = pdsa->priv_key;
306 }
307 
308 int
sslshim_DSA_set0_key(DSA * pdsa,BIGNUM * pub_key,BIGNUM * priv_key)309 sslshim_DSA_set0_key(
310 	DSA *		pdsa,
311 	BIGNUM *	pub_key,
312 	BIGNUM *	priv_key
313 	)
314 {
315 	REQUIRE(pdsa != NULL);
316 	if (!(pdsa->pub_key || pub_key))
317 		return 0;
318 
319 	replace_bn_nn(&pdsa->pub_key, pub_key);
320 	replace_bn_nn(&pdsa->priv_key, priv_key);
321 
322 	return 1;
323 }
324 
325 int
sslshim_X509_get_signature_nid(const X509 * x)326 sslshim_X509_get_signature_nid(
327 	const X509 *x
328 	)
329 {
330 	return OBJ_obj2nid(x->sig_alg->algorithm);
331 }
332 
333 /* ----------------------------------------------------------------- */
334 #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
335 /* ----------------------------------------------------------------- */
336 
337 NONEMPTY_TRANSLATION_UNIT
338 
339 /* ----------------------------------------------------------------- */
340 #endif
341 /* ----------------------------------------------------------------- */
342