1 /* $NetBSD: libssl_compat.c,v 1.3 2020/05/25 20:47:24 christos Exp $ */
2
3 /*
4 * libssl_compat.c -- OpenSSL v1.1 compatibility functions
5 *
6 * ---------------------------------------------------------------------
7 * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
8 *
9 * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
10 *
11 * ---------------------------------------------------------------------
12 * This is a clean room implementation of shim functions that have
13 * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
14 * while OpenSSL broke binary compatibility with v1.1, this shim module
15 * should provide the necessary source code compatibility with older
16 * versions of OpenSSL.
17 * ---------------------------------------------------------------------
18 */
19 #include "config.h"
20 #include "ntp_types.h"
21
22 /* ----------------------------------------------------------------- */
23 #ifdef OPENSSL
24 # include <string.h>
25 # include <openssl/bn.h>
26 # include <openssl/evp.h>
27 #endif
28 /* ----------------------------------------------------------------- */
29
30 /* ----------------------------------------------------------------- */
31 #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
32 /* ----------------------------------------------------------------- */
33
34 #include "libssl_compat.h"
35 #include "ntp_assert.h"
36
37 /* --------------------------------------------------------------------
38 * replace a BIGNUM owned by the caller with another one if it's not
39 * NULL, taking over the ownership of the new value. This clears & frees
40 * the old value -- the clear might be overkill, but it's better to err
41 * on the side of paranoia here.
42 */
43 static void
replace_bn_nn(BIGNUM ** ps,BIGNUM * n)44 replace_bn_nn(
45 BIGNUM ** ps,
46 BIGNUM * n
47 )
48 {
49 if (n) {
50 REQUIRE(*ps != n);
51 BN_clear_free(*ps);
52 *ps = n;
53 }
54 }
55
56 /* --------------------------------------------------------------------
57 * allocation and deallocation of prime number callbacks
58 */
59 BN_GENCB*
sslshimBN_GENCB_new(void)60 sslshimBN_GENCB_new(void)
61 {
62 return calloc(1,sizeof(BN_GENCB));
63 }
64
65 void
sslshimBN_GENCB_free(BN_GENCB * cb)66 sslshimBN_GENCB_free(
67 BN_GENCB *cb
68 )
69 {
70 free(cb);
71 }
72
73 /* --------------------------------------------------------------------
74 * allocation and deallocation of message digests
75 */
76 EVP_MD_CTX*
sslshim_EVP_MD_CTX_new(void)77 sslshim_EVP_MD_CTX_new(void)
78 {
79 EVP_MD_CTX * ctx;
80 if (NULL != (ctx = calloc(1, sizeof(EVP_MD_CTX))))
81 EVP_MD_CTX_init(ctx);
82 return ctx;
83 }
84
85 void
sslshim_EVP_MD_CTX_free(EVP_MD_CTX * pctx)86 sslshim_EVP_MD_CTX_free(
87 EVP_MD_CTX * pctx
88 )
89 {
90 free(pctx);
91 }
92
93 /* --------------------------------------------------------------------
94 * get EVP keys and key type
95 */
96 int
sslshim_EVP_PKEY_id(const EVP_PKEY * pkey)97 sslshim_EVP_PKEY_id(
98 const EVP_PKEY *pkey
99 )
100 {
101 return (pkey) ? pkey->type : EVP_PKEY_NONE;
102 }
103
104 int
sslshim_EVP_PKEY_base_id(const EVP_PKEY * pkey)105 sslshim_EVP_PKEY_base_id(
106 const EVP_PKEY *pkey
107 )
108 {
109 return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
110 }
111
112 RSA*
sslshim_EVP_PKEY_get0_RSA(EVP_PKEY * pkey)113 sslshim_EVP_PKEY_get0_RSA(
114 EVP_PKEY * pkey
115 )
116 {
117 return (pkey) ? pkey->pkey.rsa : NULL;
118 }
119
120 DSA*
sslshim_EVP_PKEY_get0_DSA(EVP_PKEY * pkey)121 sslshim_EVP_PKEY_get0_DSA(
122 EVP_PKEY * pkey
123 )
124 {
125 return (pkey) ? pkey->pkey.dsa : NULL;
126 }
127
128 /* --------------------------------------------------------------------
129 * set/get RSA params
130 */
131 void
sslshim_RSA_get0_key(const RSA * prsa,const BIGNUM ** pn,const BIGNUM ** pe,const BIGNUM ** pd)132 sslshim_RSA_get0_key(
133 const RSA * prsa,
134 const BIGNUM ** pn,
135 const BIGNUM ** pe,
136 const BIGNUM ** pd
137 )
138 {
139 REQUIRE(prsa != NULL);
140
141 if (pn)
142 *pn = prsa->n;
143 if (pe)
144 *pe = prsa->e;
145 if (pd)
146 *pd = prsa->d;
147 }
148
149 int
sslshim_RSA_set0_key(RSA * prsa,BIGNUM * n,BIGNUM * e,BIGNUM * d)150 sslshim_RSA_set0_key(
151 RSA * prsa,
152 BIGNUM * n,
153 BIGNUM * e,
154 BIGNUM * d
155 )
156 {
157 REQUIRE(prsa != NULL);
158 if (!((prsa->n || n) && (prsa->e || e)))
159 return 0;
160
161 replace_bn_nn(&prsa->n, n);
162 replace_bn_nn(&prsa->e, e);
163 replace_bn_nn(&prsa->d, d);
164
165 return 1;
166 }
167
168 void
sslshim_RSA_get0_factors(const RSA * prsa,const BIGNUM ** pp,const BIGNUM ** pq)169 sslshim_RSA_get0_factors(
170 const RSA * prsa,
171 const BIGNUM ** pp,
172 const BIGNUM ** pq
173 )
174 {
175 REQUIRE(prsa != NULL);
176
177 if (pp)
178 *pp = prsa->p;
179 if (pq)
180 *pq = prsa->q;
181 }
182
183 int
sslshim_RSA_set0_factors(RSA * prsa,BIGNUM * p,BIGNUM * q)184 sslshim_RSA_set0_factors(
185 RSA * prsa,
186 BIGNUM * p,
187 BIGNUM * q
188 )
189 {
190 REQUIRE(prsa != NULL);
191 if (!((prsa->p || p) && (prsa->q || q)))
192 return 0;
193
194 replace_bn_nn(&prsa->p, p);
195 replace_bn_nn(&prsa->q, q);
196
197 return 1;
198 }
199
200 int
sslshim_RSA_set0_crt_params(RSA * prsa,BIGNUM * dmp1,BIGNUM * dmq1,BIGNUM * iqmp)201 sslshim_RSA_set0_crt_params(
202 RSA * prsa,
203 BIGNUM * dmp1,
204 BIGNUM * dmq1,
205 BIGNUM * iqmp
206 )
207 {
208 REQUIRE(prsa != NULL);
209 if (!((prsa->dmp1 || dmp1) &&
210 (prsa->dmq1 || dmq1) &&
211 (prsa->iqmp || iqmp) ))
212 return 0;
213
214 replace_bn_nn(&prsa->dmp1, dmp1);
215 replace_bn_nn(&prsa->dmq1, dmq1);
216 replace_bn_nn(&prsa->iqmp, iqmp);
217
218 return 1;
219 }
220
221 /* --------------------------------------------------------------------
222 * set/get DSA signature parameters
223 */
224 void
sslshim_DSA_SIG_get0(const DSA_SIG * psig,const BIGNUM ** pr,const BIGNUM ** ps)225 sslshim_DSA_SIG_get0(
226 const DSA_SIG * psig,
227 const BIGNUM ** pr,
228 const BIGNUM ** ps
229 )
230 {
231 REQUIRE(psig != NULL);
232
233 if (pr != NULL)
234 *pr = psig->r;
235 if (ps != NULL)
236 *ps = psig->s;
237 }
238
239 int
sslshim_DSA_SIG_set0(DSA_SIG * psig,BIGNUM * r,BIGNUM * s)240 sslshim_DSA_SIG_set0(
241 DSA_SIG * psig,
242 BIGNUM * r,
243 BIGNUM * s
244 )
245 {
246 REQUIRE(psig != NULL);
247 if (!(r && s))
248 return 0;
249
250 replace_bn_nn(&psig->r, r);
251 replace_bn_nn(&psig->s, s);
252
253 return 1;
254 }
255
256 /* --------------------------------------------------------------------
257 * get/set DSA parameters
258 */
259 void
sslshim_DSA_get0_pqg(const DSA * pdsa,const BIGNUM ** pp,const BIGNUM ** pq,const BIGNUM ** pg)260 sslshim_DSA_get0_pqg(
261 const DSA * pdsa,
262 const BIGNUM ** pp,
263 const BIGNUM ** pq,
264 const BIGNUM ** pg
265 )
266 {
267 REQUIRE(pdsa != NULL);
268
269 if (pp != NULL)
270 *pp = pdsa->p;
271 if (pq != NULL)
272 *pq = pdsa->q;
273 if (pg != NULL)
274 *pg = pdsa->g;
275 }
276
277 int
sslshim_DSA_set0_pqg(DSA * pdsa,BIGNUM * p,BIGNUM * q,BIGNUM * g)278 sslshim_DSA_set0_pqg(
279 DSA * pdsa,
280 BIGNUM * p,
281 BIGNUM * q,
282 BIGNUM * g
283 )
284 {
285 if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
286 return 0;
287
288 replace_bn_nn(&pdsa->p, p);
289 replace_bn_nn(&pdsa->q, q);
290 replace_bn_nn(&pdsa->g, g);
291
292 return 1;
293 }
294
295 void
sslshim_DSA_get0_key(const DSA * pdsa,const BIGNUM ** ppub_key,const BIGNUM ** ppriv_key)296 sslshim_DSA_get0_key(
297 const DSA * pdsa,
298 const BIGNUM ** ppub_key,
299 const BIGNUM ** ppriv_key
300 )
301 {
302 REQUIRE(pdsa != NULL);
303
304 if (ppub_key != NULL)
305 *ppub_key = pdsa->pub_key;
306 if (ppriv_key != NULL)
307 *ppriv_key = pdsa->priv_key;
308 }
309
310 int
sslshim_DSA_set0_key(DSA * pdsa,BIGNUM * pub_key,BIGNUM * priv_key)311 sslshim_DSA_set0_key(
312 DSA * pdsa,
313 BIGNUM * pub_key,
314 BIGNUM * priv_key
315 )
316 {
317 REQUIRE(pdsa != NULL);
318 if (!(pdsa->pub_key || pub_key))
319 return 0;
320
321 replace_bn_nn(&pdsa->pub_key, pub_key);
322 replace_bn_nn(&pdsa->priv_key, priv_key);
323
324 return 1;
325 }
326
327 int
sslshim_X509_get_signature_nid(const X509 * x)328 sslshim_X509_get_signature_nid(
329 const X509 *x
330 )
331 {
332 return OBJ_obj2nid(x->sig_alg->algorithm);
333 }
334
335 /* ----------------------------------------------------------------- */
336 #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
337 /* ----------------------------------------------------------------- */
338
339 NONEMPTY_TRANSLATION_UNIT
340
341 /* ----------------------------------------------------------------- */
342 #endif
343 /* ----------------------------------------------------------------- */
344