xref: /freebsd/contrib/ntp/libntp/libssl_compat.c (revision 9ff086544d5f85b58349e28ed36a9811b8fe5cf9) 
1 /*
2  * libssl_compat.c -- OpenSSL v1.1 compatibility functions
3  *
4  * ---------------------------------------------------------------------
5  * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
6  *
7  * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
8  *
9  * ---------------------------------------------------------------------
10  * This is a clean room implementation of shim functions that have
11  * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
12  * while OpenSSL broke binary compatibility with v1.1, this shim module
13  * should provide the necessary source code compatibility with older
14  * versions of OpenSSL.
15  * ---------------------------------------------------------------------
16  */
17 #include "config.h"
18 
19 #include <string.h>
20 #include <openssl/bn.h>
21 #include <openssl/evp.h>
22 
23 #include "ntp_types.h"
24 
25 /* ----------------------------------------------------------------- */
26 #if OPENSSL_VERSION_NUMBER < 0x10100000L
27 /* ----------------------------------------------------------------- */
28 
29 #include "libssl_compat.h"
30 #include "ntp_assert.h"
31 
32 /* --------------------------------------------------------------------
33  * replace a BIGNUM owned by the caller with another one if it's not
34  * NULL, taking over the ownership of the new value. This clears & frees
35  * the old value -- the clear might be overkill, but it's better to err
36  * on the side of paranoia here.
37  */
38 static void
39 replace_bn_nn(
40 	BIGNUM **	ps,
41 	BIGNUM *	n
42 	)
43 {
44 	if (n) {
45 		REQUIRE(*ps != n);
46 		BN_clear_free(*ps);
47 		*ps = n;
48 	}
49 }
50 
51 /* --------------------------------------------------------------------
52  * allocation and deallocation of prime number callbacks
53  */
54 BN_GENCB*
55 sslshimBN_GENCB_new(void)
56 {
57 	return calloc(1,sizeof(BN_GENCB));
58 }
59 
60 void
61 sslshimBN_GENCB_free(
62 	BN_GENCB	*cb
63 	)
64 {
65 	free(cb);
66 }
67 
68 /* --------------------------------------------------------------------
69  * allocation and deallocation of message digests
70  */
71 EVP_MD_CTX*
72 sslshim_EVP_MD_CTX_new(void)
73 {
74 	return calloc(1, sizeof(EVP_MD_CTX));
75 }
76 
77 void
78 sslshim_EVP_MD_CTX_free(
79 	EVP_MD_CTX *	pctx
80 	)
81 {
82 	free(pctx);
83 }
84 
85 /* --------------------------------------------------------------------
86  * get EVP keys and key type
87  */
88 int
89 sslshim_EVP_PKEY_id(
90 	const EVP_PKEY *pkey
91 	)
92 {
93 	return (pkey) ? pkey->type : EVP_PKEY_NONE;
94 }
95 
96 int
97 sslshim_EVP_PKEY_base_id(
98 	const EVP_PKEY *pkey
99 	)
100 {
101 	return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
102 }
103 
104 RSA*
105 sslshim_EVP_PKEY_get0_RSA(
106 	EVP_PKEY *	pkey
107 	)
108 {
109 	return (pkey) ? pkey->pkey.rsa : NULL;
110 }
111 
112 DSA*
113 sslshim_EVP_PKEY_get0_DSA(
114 	EVP_PKEY *	pkey
115 	)
116 {
117 	return (pkey) ? pkey->pkey.dsa : NULL;
118 }
119 
120 /* --------------------------------------------------------------------
121  * set/get RSA params
122  */
123 void
124 sslshim_RSA_get0_key(
125 	const RSA *	prsa,
126 	const BIGNUM **	pn,
127 	const BIGNUM **	pe,
128 	const BIGNUM **	pd
129 	)
130 {
131 	REQUIRE(prsa != NULL);
132 
133 	if (pn)
134 		*pn = prsa->n;
135 	if (pe)
136 		*pe = prsa->e;
137 	if (pd)
138 		*pd = prsa->d;
139 }
140 
141 int
142 sslshim_RSA_set0_key(
143 	RSA *		prsa,
144 	BIGNUM *	n,
145 	BIGNUM *	e,
146 	BIGNUM *	d
147 	)
148 {
149 	REQUIRE(prsa != NULL);
150 	if (!((prsa->n || n) && (prsa->e || e)))
151 		return 0;
152 
153 	replace_bn_nn(&prsa->n, n);
154 	replace_bn_nn(&prsa->e, e);
155 	replace_bn_nn(&prsa->d, d);
156 
157 	return 1;
158 }
159 
160 void
161 sslshim_RSA_get0_factors(
162 	const RSA *	prsa,
163 	const BIGNUM **	pp,
164 	const BIGNUM **	pq
165 	)
166 {
167 	REQUIRE(prsa != NULL);
168 
169 	if (pp)
170 		*pp = prsa->p;
171 	if (pq)
172 		*pq = prsa->q;
173 }
174 
175 int
176 sslshim_RSA_set0_factors(
177 	RSA    *	prsa,
178 	BIGNUM *	p,
179 	BIGNUM *	q
180 	)
181 {
182 	REQUIRE(prsa != NULL);
183 	if (!((prsa->p || p) && (prsa->q || q)))
184 		return 0;
185 
186 	replace_bn_nn(&prsa->p, p);
187 	replace_bn_nn(&prsa->q, q);
188 
189 	return 1;
190 }
191 
192 int
193 sslshim_RSA_set0_crt_params(
194 	RSA    *	prsa,
195 	BIGNUM *	dmp1,
196 	BIGNUM *	dmq1,
197 	BIGNUM *	iqmp
198 	)
199 {
200 	REQUIRE(prsa != NULL);
201 	if (!((prsa->dmp1 || dmp1) &&
202 	      (prsa->dmq1 || dmq1) &&
203 	      (prsa->iqmp || iqmp) ))
204 		return 0;
205 
206 	replace_bn_nn(&prsa->dmp1, dmp1);
207 	replace_bn_nn(&prsa->dmq1, dmq1);
208 	replace_bn_nn(&prsa->iqmp, iqmp);
209 
210 	return 1;
211 }
212 
213 /* --------------------------------------------------------------------
214  * set/get DSA signature parameters
215  */
216 void
217 sslshim_DSA_SIG_get0(
218 	const DSA_SIG *	psig,
219 	const BIGNUM **	pr,
220 	const BIGNUM **	ps
221 	)
222 {
223 	REQUIRE(psig != NULL);
224 
225 	if (pr != NULL)
226 		*pr = psig->r;
227 	if (ps != NULL)
228 		*ps = psig->s;
229 }
230 
231 int
232 sslshim_DSA_SIG_set0(
233 	DSA_SIG *	psig,
234 	BIGNUM *	r,
235 	BIGNUM *	s
236 	)
237 {
238 	REQUIRE(psig != NULL);
239 	if (!(r && s))
240 		return 0;
241 
242 	replace_bn_nn(&psig->r, r);
243 	replace_bn_nn(&psig->s, s);
244 
245 	return 1;
246 }
247 
248 /* --------------------------------------------------------------------
249  * get/set DSA parameters
250  */
251 void
252 sslshim_DSA_get0_pqg(
253 	const DSA *	pdsa,
254 	const BIGNUM **	pp,
255 	const BIGNUM **	pq,
256 	const BIGNUM **	pg
257 	)
258 {
259 	REQUIRE(pdsa != NULL);
260 
261 	if (pp != NULL)
262 		*pp = pdsa->p;
263 	if (pq != NULL)
264 		*pq = pdsa->q;
265 	if (pg != NULL)
266 		*pg = pdsa->g;
267 }
268 
269 int
270 sslshim_DSA_set0_pqg(
271 	DSA *		pdsa,
272 	BIGNUM *	p,
273 	BIGNUM *	q,
274 	BIGNUM *	g
275 	)
276 {
277 	if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
278 		return 0;
279 
280 	replace_bn_nn(&pdsa->p, p);
281 	replace_bn_nn(&pdsa->q, q);
282 	replace_bn_nn(&pdsa->g, g);
283 
284 	return 1;
285 }
286 
287 void
288 sslshim_DSA_get0_key(
289 	const DSA *	pdsa,
290 	const BIGNUM **	ppub_key,
291 	const BIGNUM **	ppriv_key
292 	)
293 {
294 	REQUIRE(pdsa != NULL);
295 
296 	if (ppub_key != NULL)
297 		*ppub_key = pdsa->pub_key;
298 	if (ppriv_key != NULL)
299 		*ppriv_key = pdsa->priv_key;
300 }
301 
302 int
303 sslshim_DSA_set0_key(
304 	DSA *		pdsa,
305 	BIGNUM *	pub_key,
306 	BIGNUM *	priv_key
307 	)
308 {
309 	REQUIRE(pdsa != NULL);
310 	if (!(pdsa->pub_key || pub_key))
311 		return 0;
312 
313 	replace_bn_nn(&pdsa->pub_key, pub_key);
314 	replace_bn_nn(&pdsa->priv_key, priv_key);
315 
316 	return 1;
317 }
318 
319 int
320 sslshim_X509_get_signature_nid(
321 	const X509 *x
322 	)
323 {
324 	return OBJ_obj2nid(x->sig_alg->algorithm);
325 }
326 
327 /* ----------------------------------------------------------------- */
328 #else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */
329 /* ----------------------------------------------------------------- */
330 
331 NONEMPTY_TRANSLATION_UNIT
332 
333 /* ----------------------------------------------------------------- */
334 #endif
335 /* ----------------------------------------------------------------- */
336