1*cdfa2a7eSchristos /* $NetBSD: libssl_compat.c,v 1.3 2020/05/25 20:47:24 christos Exp $ */
25645e8e7Schristos
35645e8e7Schristos /*
45645e8e7Schristos * libssl_compat.c -- OpenSSL v1.1 compatibility functions
55645e8e7Schristos *
65645e8e7Schristos * ---------------------------------------------------------------------
75645e8e7Schristos * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
85645e8e7Schristos *
95645e8e7Schristos * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
105645e8e7Schristos *
115645e8e7Schristos * ---------------------------------------------------------------------
125645e8e7Schristos * This is a clean room implementation of shim functions that have
135645e8e7Schristos * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
145645e8e7Schristos * while OpenSSL broke binary compatibility with v1.1, this shim module
155645e8e7Schristos * should provide the necessary source code compatibility with older
165645e8e7Schristos * versions of OpenSSL.
175645e8e7Schristos * ---------------------------------------------------------------------
185645e8e7Schristos */
195645e8e7Schristos #include "config.h"
205645e8e7Schristos #include "ntp_types.h"
215645e8e7Schristos
225645e8e7Schristos /* ----------------------------------------------------------------- */
233e3909feSchristos #ifdef OPENSSL
243e3909feSchristos # include <string.h>
253e3909feSchristos # include <openssl/bn.h>
263e3909feSchristos # include <openssl/evp.h>
273e3909feSchristos #endif
283e3909feSchristos /* ----------------------------------------------------------------- */
293e3909feSchristos
303e3909feSchristos /* ----------------------------------------------------------------- */
313e3909feSchristos #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
325645e8e7Schristos /* ----------------------------------------------------------------- */
335645e8e7Schristos
345645e8e7Schristos #include "libssl_compat.h"
355645e8e7Schristos #include "ntp_assert.h"
365645e8e7Schristos
375645e8e7Schristos /* --------------------------------------------------------------------
385645e8e7Schristos * replace a BIGNUM owned by the caller with another one if it's not
395645e8e7Schristos * NULL, taking over the ownership of the new value. This clears & frees
405645e8e7Schristos * the old value -- the clear might be overkill, but it's better to err
415645e8e7Schristos * on the side of paranoia here.
425645e8e7Schristos */
435645e8e7Schristos static void
replace_bn_nn(BIGNUM ** ps,BIGNUM * n)445645e8e7Schristos replace_bn_nn(
455645e8e7Schristos BIGNUM ** ps,
465645e8e7Schristos BIGNUM * n
475645e8e7Schristos )
485645e8e7Schristos {
495645e8e7Schristos if (n) {
505645e8e7Schristos REQUIRE(*ps != n);
515645e8e7Schristos BN_clear_free(*ps);
525645e8e7Schristos *ps = n;
535645e8e7Schristos }
545645e8e7Schristos }
555645e8e7Schristos
565645e8e7Schristos /* --------------------------------------------------------------------
575645e8e7Schristos * allocation and deallocation of prime number callbacks
585645e8e7Schristos */
595645e8e7Schristos BN_GENCB*
sslshimBN_GENCB_new(void)605645e8e7Schristos sslshimBN_GENCB_new(void)
615645e8e7Schristos {
625645e8e7Schristos return calloc(1,sizeof(BN_GENCB));
635645e8e7Schristos }
645645e8e7Schristos
655645e8e7Schristos void
sslshimBN_GENCB_free(BN_GENCB * cb)665645e8e7Schristos sslshimBN_GENCB_free(
675645e8e7Schristos BN_GENCB *cb
685645e8e7Schristos )
695645e8e7Schristos {
705645e8e7Schristos free(cb);
715645e8e7Schristos }
725645e8e7Schristos
735645e8e7Schristos /* --------------------------------------------------------------------
745645e8e7Schristos * allocation and deallocation of message digests
755645e8e7Schristos */
765645e8e7Schristos EVP_MD_CTX*
sslshim_EVP_MD_CTX_new(void)775645e8e7Schristos sslshim_EVP_MD_CTX_new(void)
785645e8e7Schristos {
7956f2724eSchristos EVP_MD_CTX * ctx;
8056f2724eSchristos if (NULL != (ctx = calloc(1, sizeof(EVP_MD_CTX))))
8156f2724eSchristos EVP_MD_CTX_init(ctx);
8256f2724eSchristos return ctx;
835645e8e7Schristos }
845645e8e7Schristos
855645e8e7Schristos void
sslshim_EVP_MD_CTX_free(EVP_MD_CTX * pctx)865645e8e7Schristos sslshim_EVP_MD_CTX_free(
875645e8e7Schristos EVP_MD_CTX * pctx
885645e8e7Schristos )
895645e8e7Schristos {
905645e8e7Schristos free(pctx);
915645e8e7Schristos }
925645e8e7Schristos
935645e8e7Schristos /* --------------------------------------------------------------------
945645e8e7Schristos * get EVP keys and key type
955645e8e7Schristos */
965645e8e7Schristos int
sslshim_EVP_PKEY_id(const EVP_PKEY * pkey)975645e8e7Schristos sslshim_EVP_PKEY_id(
985645e8e7Schristos const EVP_PKEY *pkey
995645e8e7Schristos )
1005645e8e7Schristos {
1015645e8e7Schristos return (pkey) ? pkey->type : EVP_PKEY_NONE;
1025645e8e7Schristos }
1035645e8e7Schristos
1045645e8e7Schristos int
sslshim_EVP_PKEY_base_id(const EVP_PKEY * pkey)1055645e8e7Schristos sslshim_EVP_PKEY_base_id(
1065645e8e7Schristos const EVP_PKEY *pkey
1075645e8e7Schristos )
1085645e8e7Schristos {
1095645e8e7Schristos return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
1105645e8e7Schristos }
1115645e8e7Schristos
1125645e8e7Schristos RSA*
sslshim_EVP_PKEY_get0_RSA(EVP_PKEY * pkey)1135645e8e7Schristos sslshim_EVP_PKEY_get0_RSA(
1145645e8e7Schristos EVP_PKEY * pkey
1155645e8e7Schristos )
1165645e8e7Schristos {
1175645e8e7Schristos return (pkey) ? pkey->pkey.rsa : NULL;
1185645e8e7Schristos }
1195645e8e7Schristos
1205645e8e7Schristos DSA*
sslshim_EVP_PKEY_get0_DSA(EVP_PKEY * pkey)1215645e8e7Schristos sslshim_EVP_PKEY_get0_DSA(
1225645e8e7Schristos EVP_PKEY * pkey
1235645e8e7Schristos )
1245645e8e7Schristos {
1255645e8e7Schristos return (pkey) ? pkey->pkey.dsa : NULL;
1265645e8e7Schristos }
1275645e8e7Schristos
1285645e8e7Schristos /* --------------------------------------------------------------------
1295645e8e7Schristos * set/get RSA params
1305645e8e7Schristos */
1315645e8e7Schristos void
sslshim_RSA_get0_key(const RSA * prsa,const BIGNUM ** pn,const BIGNUM ** pe,const BIGNUM ** pd)1325645e8e7Schristos sslshim_RSA_get0_key(
1335645e8e7Schristos const RSA * prsa,
1345645e8e7Schristos const BIGNUM ** pn,
1355645e8e7Schristos const BIGNUM ** pe,
1365645e8e7Schristos const BIGNUM ** pd
1375645e8e7Schristos )
1385645e8e7Schristos {
1395645e8e7Schristos REQUIRE(prsa != NULL);
1405645e8e7Schristos
1415645e8e7Schristos if (pn)
1425645e8e7Schristos *pn = prsa->n;
1435645e8e7Schristos if (pe)
1445645e8e7Schristos *pe = prsa->e;
1455645e8e7Schristos if (pd)
1465645e8e7Schristos *pd = prsa->d;
1475645e8e7Schristos }
1485645e8e7Schristos
1495645e8e7Schristos int
sslshim_RSA_set0_key(RSA * prsa,BIGNUM * n,BIGNUM * e,BIGNUM * d)1505645e8e7Schristos sslshim_RSA_set0_key(
1515645e8e7Schristos RSA * prsa,
1525645e8e7Schristos BIGNUM * n,
1535645e8e7Schristos BIGNUM * e,
1545645e8e7Schristos BIGNUM * d
1555645e8e7Schristos )
1565645e8e7Schristos {
1575645e8e7Schristos REQUIRE(prsa != NULL);
1585645e8e7Schristos if (!((prsa->n || n) && (prsa->e || e)))
1595645e8e7Schristos return 0;
1605645e8e7Schristos
1615645e8e7Schristos replace_bn_nn(&prsa->n, n);
1625645e8e7Schristos replace_bn_nn(&prsa->e, e);
1635645e8e7Schristos replace_bn_nn(&prsa->d, d);
1645645e8e7Schristos
1655645e8e7Schristos return 1;
1665645e8e7Schristos }
1675645e8e7Schristos
1685645e8e7Schristos void
sslshim_RSA_get0_factors(const RSA * prsa,const BIGNUM ** pp,const BIGNUM ** pq)1695645e8e7Schristos sslshim_RSA_get0_factors(
1705645e8e7Schristos const RSA * prsa,
1715645e8e7Schristos const BIGNUM ** pp,
1725645e8e7Schristos const BIGNUM ** pq
1735645e8e7Schristos )
1745645e8e7Schristos {
1755645e8e7Schristos REQUIRE(prsa != NULL);
1765645e8e7Schristos
1775645e8e7Schristos if (pp)
1785645e8e7Schristos *pp = prsa->p;
1795645e8e7Schristos if (pq)
1805645e8e7Schristos *pq = prsa->q;
1815645e8e7Schristos }
1825645e8e7Schristos
1835645e8e7Schristos int
sslshim_RSA_set0_factors(RSA * prsa,BIGNUM * p,BIGNUM * q)1845645e8e7Schristos sslshim_RSA_set0_factors(
1855645e8e7Schristos RSA * prsa,
1865645e8e7Schristos BIGNUM * p,
1875645e8e7Schristos BIGNUM * q
1885645e8e7Schristos )
1895645e8e7Schristos {
1905645e8e7Schristos REQUIRE(prsa != NULL);
1915645e8e7Schristos if (!((prsa->p || p) && (prsa->q || q)))
1925645e8e7Schristos return 0;
1935645e8e7Schristos
1945645e8e7Schristos replace_bn_nn(&prsa->p, p);
1955645e8e7Schristos replace_bn_nn(&prsa->q, q);
1965645e8e7Schristos
1975645e8e7Schristos return 1;
1985645e8e7Schristos }
1995645e8e7Schristos
2005645e8e7Schristos int
sslshim_RSA_set0_crt_params(RSA * prsa,BIGNUM * dmp1,BIGNUM * dmq1,BIGNUM * iqmp)2015645e8e7Schristos sslshim_RSA_set0_crt_params(
2025645e8e7Schristos RSA * prsa,
2035645e8e7Schristos BIGNUM * dmp1,
2045645e8e7Schristos BIGNUM * dmq1,
2055645e8e7Schristos BIGNUM * iqmp
2065645e8e7Schristos )
2075645e8e7Schristos {
2085645e8e7Schristos REQUIRE(prsa != NULL);
2095645e8e7Schristos if (!((prsa->dmp1 || dmp1) &&
2105645e8e7Schristos (prsa->dmq1 || dmq1) &&
2115645e8e7Schristos (prsa->iqmp || iqmp) ))
2125645e8e7Schristos return 0;
2135645e8e7Schristos
2145645e8e7Schristos replace_bn_nn(&prsa->dmp1, dmp1);
2155645e8e7Schristos replace_bn_nn(&prsa->dmq1, dmq1);
2165645e8e7Schristos replace_bn_nn(&prsa->iqmp, iqmp);
2175645e8e7Schristos
2185645e8e7Schristos return 1;
2195645e8e7Schristos }
2205645e8e7Schristos
2215645e8e7Schristos /* --------------------------------------------------------------------
2225645e8e7Schristos * set/get DSA signature parameters
2235645e8e7Schristos */
2245645e8e7Schristos void
sslshim_DSA_SIG_get0(const DSA_SIG * psig,const BIGNUM ** pr,const BIGNUM ** ps)2255645e8e7Schristos sslshim_DSA_SIG_get0(
2265645e8e7Schristos const DSA_SIG * psig,
2275645e8e7Schristos const BIGNUM ** pr,
2285645e8e7Schristos const BIGNUM ** ps
2295645e8e7Schristos )
2305645e8e7Schristos {
2315645e8e7Schristos REQUIRE(psig != NULL);
2325645e8e7Schristos
2335645e8e7Schristos if (pr != NULL)
2345645e8e7Schristos *pr = psig->r;
2355645e8e7Schristos if (ps != NULL)
2365645e8e7Schristos *ps = psig->s;
2375645e8e7Schristos }
2385645e8e7Schristos
2395645e8e7Schristos int
sslshim_DSA_SIG_set0(DSA_SIG * psig,BIGNUM * r,BIGNUM * s)2405645e8e7Schristos sslshim_DSA_SIG_set0(
2415645e8e7Schristos DSA_SIG * psig,
2425645e8e7Schristos BIGNUM * r,
2435645e8e7Schristos BIGNUM * s
2445645e8e7Schristos )
2455645e8e7Schristos {
2465645e8e7Schristos REQUIRE(psig != NULL);
2475645e8e7Schristos if (!(r && s))
2485645e8e7Schristos return 0;
2495645e8e7Schristos
2505645e8e7Schristos replace_bn_nn(&psig->r, r);
2515645e8e7Schristos replace_bn_nn(&psig->s, s);
2525645e8e7Schristos
2535645e8e7Schristos return 1;
2545645e8e7Schristos }
2555645e8e7Schristos
2565645e8e7Schristos /* --------------------------------------------------------------------
2575645e8e7Schristos * get/set DSA parameters
2585645e8e7Schristos */
2595645e8e7Schristos void
sslshim_DSA_get0_pqg(const DSA * pdsa,const BIGNUM ** pp,const BIGNUM ** pq,const BIGNUM ** pg)2605645e8e7Schristos sslshim_DSA_get0_pqg(
2615645e8e7Schristos const DSA * pdsa,
2625645e8e7Schristos const BIGNUM ** pp,
2635645e8e7Schristos const BIGNUM ** pq,
2645645e8e7Schristos const BIGNUM ** pg
2655645e8e7Schristos )
2665645e8e7Schristos {
2675645e8e7Schristos REQUIRE(pdsa != NULL);
2685645e8e7Schristos
2695645e8e7Schristos if (pp != NULL)
2705645e8e7Schristos *pp = pdsa->p;
2715645e8e7Schristos if (pq != NULL)
2725645e8e7Schristos *pq = pdsa->q;
2735645e8e7Schristos if (pg != NULL)
2745645e8e7Schristos *pg = pdsa->g;
2755645e8e7Schristos }
2765645e8e7Schristos
2775645e8e7Schristos int
sslshim_DSA_set0_pqg(DSA * pdsa,BIGNUM * p,BIGNUM * q,BIGNUM * g)2785645e8e7Schristos sslshim_DSA_set0_pqg(
2795645e8e7Schristos DSA * pdsa,
2805645e8e7Schristos BIGNUM * p,
2815645e8e7Schristos BIGNUM * q,
2825645e8e7Schristos BIGNUM * g
2835645e8e7Schristos )
2845645e8e7Schristos {
2855645e8e7Schristos if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
2865645e8e7Schristos return 0;
2875645e8e7Schristos
2885645e8e7Schristos replace_bn_nn(&pdsa->p, p);
2895645e8e7Schristos replace_bn_nn(&pdsa->q, q);
2905645e8e7Schristos replace_bn_nn(&pdsa->g, g);
2915645e8e7Schristos
2925645e8e7Schristos return 1;
2935645e8e7Schristos }
2945645e8e7Schristos
2955645e8e7Schristos void
sslshim_DSA_get0_key(const DSA * pdsa,const BIGNUM ** ppub_key,const BIGNUM ** ppriv_key)2965645e8e7Schristos sslshim_DSA_get0_key(
2975645e8e7Schristos const DSA * pdsa,
2985645e8e7Schristos const BIGNUM ** ppub_key,
2995645e8e7Schristos const BIGNUM ** ppriv_key
3005645e8e7Schristos )
3015645e8e7Schristos {
3025645e8e7Schristos REQUIRE(pdsa != NULL);
3035645e8e7Schristos
3045645e8e7Schristos if (ppub_key != NULL)
3055645e8e7Schristos *ppub_key = pdsa->pub_key;
3065645e8e7Schristos if (ppriv_key != NULL)
3075645e8e7Schristos *ppriv_key = pdsa->priv_key;
3085645e8e7Schristos }
3095645e8e7Schristos
3105645e8e7Schristos int
sslshim_DSA_set0_key(DSA * pdsa,BIGNUM * pub_key,BIGNUM * priv_key)3115645e8e7Schristos sslshim_DSA_set0_key(
3125645e8e7Schristos DSA * pdsa,
3135645e8e7Schristos BIGNUM * pub_key,
3145645e8e7Schristos BIGNUM * priv_key
3155645e8e7Schristos )
3165645e8e7Schristos {
3175645e8e7Schristos REQUIRE(pdsa != NULL);
3185645e8e7Schristos if (!(pdsa->pub_key || pub_key))
3195645e8e7Schristos return 0;
3205645e8e7Schristos
3215645e8e7Schristos replace_bn_nn(&pdsa->pub_key, pub_key);
3225645e8e7Schristos replace_bn_nn(&pdsa->priv_key, priv_key);
3235645e8e7Schristos
3245645e8e7Schristos return 1;
3255645e8e7Schristos }
3265645e8e7Schristos
3275645e8e7Schristos int
sslshim_X509_get_signature_nid(const X509 * x)3285645e8e7Schristos sslshim_X509_get_signature_nid(
3295645e8e7Schristos const X509 *x
3305645e8e7Schristos )
3315645e8e7Schristos {
3325645e8e7Schristos return OBJ_obj2nid(x->sig_alg->algorithm);
3335645e8e7Schristos }
3345645e8e7Schristos
3355645e8e7Schristos /* ----------------------------------------------------------------- */
3363e3909feSchristos #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
3375645e8e7Schristos /* ----------------------------------------------------------------- */
3385645e8e7Schristos
3395645e8e7Schristos NONEMPTY_TRANSLATION_UNIT
3405645e8e7Schristos
3415645e8e7Schristos /* ----------------------------------------------------------------- */
3425645e8e7Schristos #endif
3435645e8e7Schristos /* ----------------------------------------------------------------- */
344