xref: /freebsd-src/contrib/ntp/libntp/libssl_compat.c (revision 091002585974d17c9533f943ec351c13a69788ab) 
1f391d6bcSXin LI /*
2f391d6bcSXin LI  * libssl_compat.c -- OpenSSL v1.1 compatibility functions
3f391d6bcSXin LI  *
4f391d6bcSXin LI  * ---------------------------------------------------------------------
5f391d6bcSXin LI  * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
6f391d6bcSXin LI  *
7f391d6bcSXin LI  * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
8f391d6bcSXin LI  *
9f391d6bcSXin LI  * ---------------------------------------------------------------------
10f391d6bcSXin LI  * This is a clean room implementation of shim functions that have
11f391d6bcSXin LI  * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
12f391d6bcSXin LI  * while OpenSSL broke binary compatibility with v1.1, this shim module
13f391d6bcSXin LI  * should provide the necessary source code compatibility with older
14f391d6bcSXin LI  * versions of OpenSSL.
15f391d6bcSXin LI  * ---------------------------------------------------------------------
16f391d6bcSXin LI  */
17f391d6bcSXin LI #include "config.h"
18f391d6bcSXin LI #include "ntp_types.h"
19f391d6bcSXin LI 
20f391d6bcSXin LI /* ----------------------------------------------------------------- */
21f0574f5cSXin LI #ifdef OPENSSL
22f0574f5cSXin LI # include <string.h>
23f0574f5cSXin LI # include <openssl/bn.h>
24f0574f5cSXin LI # include <openssl/evp.h>
25f0574f5cSXin LI #endif
26f0574f5cSXin LI /* ----------------------------------------------------------------- */
27f0574f5cSXin LI 
28f0574f5cSXin LI /* ----------------------------------------------------------------- */
29f0574f5cSXin LI #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
30f391d6bcSXin LI /* ----------------------------------------------------------------- */
31f391d6bcSXin LI 
32f391d6bcSXin LI #include "libssl_compat.h"
33f391d6bcSXin LI #include "ntp_assert.h"
34f391d6bcSXin LI 
35f391d6bcSXin LI /* --------------------------------------------------------------------
36f391d6bcSXin LI  * replace a BIGNUM owned by the caller with another one if it's not
37f391d6bcSXin LI  * NULL, taking over the ownership of the new value. This clears & frees
38f391d6bcSXin LI  * the old value -- the clear might be overkill, but it's better to err
39f391d6bcSXin LI  * on the side of paranoia here.
40f391d6bcSXin LI  */
41f391d6bcSXin LI static void
replace_bn_nn(BIGNUM ** ps,BIGNUM * n)42f391d6bcSXin LI replace_bn_nn(
43f391d6bcSXin LI 	BIGNUM **	ps,
44f391d6bcSXin LI 	BIGNUM *	n
45f391d6bcSXin LI 	)
46f391d6bcSXin LI {
47f391d6bcSXin LI 	if (n) {
48f391d6bcSXin LI 		REQUIRE(*ps != n);
49f391d6bcSXin LI 		BN_clear_free(*ps);
50f391d6bcSXin LI 		*ps = n;
51f391d6bcSXin LI 	}
52f391d6bcSXin LI }
53f391d6bcSXin LI 
54f391d6bcSXin LI /* --------------------------------------------------------------------
55f391d6bcSXin LI  * allocation and deallocation of prime number callbacks
56f391d6bcSXin LI  */
57f391d6bcSXin LI BN_GENCB*
sslshimBN_GENCB_new(void)58f391d6bcSXin LI sslshimBN_GENCB_new(void)
59f391d6bcSXin LI {
60f391d6bcSXin LI 	return calloc(1,sizeof(BN_GENCB));
61f391d6bcSXin LI }
62f391d6bcSXin LI 
63f391d6bcSXin LI void
sslshimBN_GENCB_free(BN_GENCB * cb)64f391d6bcSXin LI sslshimBN_GENCB_free(
65f391d6bcSXin LI 	BN_GENCB	*cb
66f391d6bcSXin LI 	)
67f391d6bcSXin LI {
68f391d6bcSXin LI 	free(cb);
69f391d6bcSXin LI }
70f391d6bcSXin LI 
71f391d6bcSXin LI /* --------------------------------------------------------------------
72f391d6bcSXin LI  * allocation and deallocation of message digests
73f391d6bcSXin LI  */
74f391d6bcSXin LI EVP_MD_CTX*
sslshim_EVP_MD_CTX_new(void)75f391d6bcSXin LI sslshim_EVP_MD_CTX_new(void)
76f391d6bcSXin LI {
77*09100258SXin LI 	EVP_MD_CTX *	ctx;
78*09100258SXin LI 	if (NULL != (ctx = calloc(1, sizeof(EVP_MD_CTX))))
79*09100258SXin LI 		EVP_MD_CTX_init(ctx);
80*09100258SXin LI 	return ctx;
81f391d6bcSXin LI }
82f391d6bcSXin LI 
83f391d6bcSXin LI void
sslshim_EVP_MD_CTX_free(EVP_MD_CTX * pctx)84f391d6bcSXin LI sslshim_EVP_MD_CTX_free(
85f391d6bcSXin LI 	EVP_MD_CTX *	pctx
86f391d6bcSXin LI 	)
87f391d6bcSXin LI {
88f391d6bcSXin LI 	free(pctx);
89f391d6bcSXin LI }
90f391d6bcSXin LI 
91f391d6bcSXin LI /* --------------------------------------------------------------------
92f391d6bcSXin LI  * get EVP keys and key type
93f391d6bcSXin LI  */
94f391d6bcSXin LI int
sslshim_EVP_PKEY_id(const EVP_PKEY * pkey)95f391d6bcSXin LI sslshim_EVP_PKEY_id(
96f391d6bcSXin LI 	const EVP_PKEY *pkey
97f391d6bcSXin LI 	)
98f391d6bcSXin LI {
99f391d6bcSXin LI 	return (pkey) ? pkey->type : EVP_PKEY_NONE;
100f391d6bcSXin LI }
101f391d6bcSXin LI 
102f391d6bcSXin LI int
sslshim_EVP_PKEY_base_id(const EVP_PKEY * pkey)103f391d6bcSXin LI sslshim_EVP_PKEY_base_id(
104f391d6bcSXin LI 	const EVP_PKEY *pkey
105f391d6bcSXin LI 	)
106f391d6bcSXin LI {
107f391d6bcSXin LI 	return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
108f391d6bcSXin LI }
109f391d6bcSXin LI 
110f391d6bcSXin LI RSA*
sslshim_EVP_PKEY_get0_RSA(EVP_PKEY * pkey)111f391d6bcSXin LI sslshim_EVP_PKEY_get0_RSA(
112f391d6bcSXin LI 	EVP_PKEY *	pkey
113f391d6bcSXin LI 	)
114f391d6bcSXin LI {
115f391d6bcSXin LI 	return (pkey) ? pkey->pkey.rsa : NULL;
116f391d6bcSXin LI }
117f391d6bcSXin LI 
118f391d6bcSXin LI DSA*
sslshim_EVP_PKEY_get0_DSA(EVP_PKEY * pkey)119f391d6bcSXin LI sslshim_EVP_PKEY_get0_DSA(
120f391d6bcSXin LI 	EVP_PKEY *	pkey
121f391d6bcSXin LI 	)
122f391d6bcSXin LI {
123f391d6bcSXin LI 	return (pkey) ? pkey->pkey.dsa : NULL;
124f391d6bcSXin LI }
125f391d6bcSXin LI 
126f391d6bcSXin LI /* --------------------------------------------------------------------
127f391d6bcSXin LI  * set/get RSA params
128f391d6bcSXin LI  */
129f391d6bcSXin LI void
sslshim_RSA_get0_key(const RSA * prsa,const BIGNUM ** pn,const BIGNUM ** pe,const BIGNUM ** pd)130f391d6bcSXin LI sslshim_RSA_get0_key(
131f391d6bcSXin LI 	const RSA *	prsa,
132f391d6bcSXin LI 	const BIGNUM **	pn,
133f391d6bcSXin LI 	const BIGNUM **	pe,
134f391d6bcSXin LI 	const BIGNUM **	pd
135f391d6bcSXin LI 	)
136f391d6bcSXin LI {
137f391d6bcSXin LI 	REQUIRE(prsa != NULL);
138f391d6bcSXin LI 
139f391d6bcSXin LI 	if (pn)
140f391d6bcSXin LI 		*pn = prsa->n;
141f391d6bcSXin LI 	if (pe)
142f391d6bcSXin LI 		*pe = prsa->e;
143f391d6bcSXin LI 	if (pd)
144f391d6bcSXin LI 		*pd = prsa->d;
145f391d6bcSXin LI }
146f391d6bcSXin LI 
147f391d6bcSXin LI int
sslshim_RSA_set0_key(RSA * prsa,BIGNUM * n,BIGNUM * e,BIGNUM * d)148f391d6bcSXin LI sslshim_RSA_set0_key(
149f391d6bcSXin LI 	RSA *		prsa,
150f391d6bcSXin LI 	BIGNUM *	n,
151f391d6bcSXin LI 	BIGNUM *	e,
152f391d6bcSXin LI 	BIGNUM *	d
153f391d6bcSXin LI 	)
154f391d6bcSXin LI {
155f391d6bcSXin LI 	REQUIRE(prsa != NULL);
156f391d6bcSXin LI 	if (!((prsa->n || n) && (prsa->e || e)))
157f391d6bcSXin LI 		return 0;
158f391d6bcSXin LI 
159f391d6bcSXin LI 	replace_bn_nn(&prsa->n, n);
160f391d6bcSXin LI 	replace_bn_nn(&prsa->e, e);
161f391d6bcSXin LI 	replace_bn_nn(&prsa->d, d);
162f391d6bcSXin LI 
163f391d6bcSXin LI 	return 1;
164f391d6bcSXin LI }
165f391d6bcSXin LI 
166f391d6bcSXin LI void
sslshim_RSA_get0_factors(const RSA * prsa,const BIGNUM ** pp,const BIGNUM ** pq)167f391d6bcSXin LI sslshim_RSA_get0_factors(
168f391d6bcSXin LI 	const RSA *	prsa,
169f391d6bcSXin LI 	const BIGNUM **	pp,
170f391d6bcSXin LI 	const BIGNUM **	pq
171f391d6bcSXin LI 	)
172f391d6bcSXin LI {
173f391d6bcSXin LI 	REQUIRE(prsa != NULL);
174f391d6bcSXin LI 
175f391d6bcSXin LI 	if (pp)
176f391d6bcSXin LI 		*pp = prsa->p;
177f391d6bcSXin LI 	if (pq)
178f391d6bcSXin LI 		*pq = prsa->q;
179f391d6bcSXin LI }
180f391d6bcSXin LI 
181f391d6bcSXin LI int
sslshim_RSA_set0_factors(RSA * prsa,BIGNUM * p,BIGNUM * q)182f391d6bcSXin LI sslshim_RSA_set0_factors(
183f391d6bcSXin LI 	RSA    *	prsa,
184f391d6bcSXin LI 	BIGNUM *	p,
185f391d6bcSXin LI 	BIGNUM *	q
186f391d6bcSXin LI 	)
187f391d6bcSXin LI {
188f391d6bcSXin LI 	REQUIRE(prsa != NULL);
189f391d6bcSXin LI 	if (!((prsa->p || p) && (prsa->q || q)))
190f391d6bcSXin LI 		return 0;
191f391d6bcSXin LI 
192f391d6bcSXin LI 	replace_bn_nn(&prsa->p, p);
193f391d6bcSXin LI 	replace_bn_nn(&prsa->q, q);
194f391d6bcSXin LI 
195f391d6bcSXin LI 	return 1;
196f391d6bcSXin LI }
197f391d6bcSXin LI 
198f391d6bcSXin LI int
sslshim_RSA_set0_crt_params(RSA * prsa,BIGNUM * dmp1,BIGNUM * dmq1,BIGNUM * iqmp)199f391d6bcSXin LI sslshim_RSA_set0_crt_params(
200f391d6bcSXin LI 	RSA    *	prsa,
201f391d6bcSXin LI 	BIGNUM *	dmp1,
202f391d6bcSXin LI 	BIGNUM *	dmq1,
203f391d6bcSXin LI 	BIGNUM *	iqmp
204f391d6bcSXin LI 	)
205f391d6bcSXin LI {
206f391d6bcSXin LI 	REQUIRE(prsa != NULL);
207f391d6bcSXin LI 	if (!((prsa->dmp1 || dmp1) &&
208f391d6bcSXin LI 	      (prsa->dmq1 || dmq1) &&
209f391d6bcSXin LI 	      (prsa->iqmp || iqmp) ))
210f391d6bcSXin LI 		return 0;
211f391d6bcSXin LI 
212f391d6bcSXin LI 	replace_bn_nn(&prsa->dmp1, dmp1);
213f391d6bcSXin LI 	replace_bn_nn(&prsa->dmq1, dmq1);
214f391d6bcSXin LI 	replace_bn_nn(&prsa->iqmp, iqmp);
215f391d6bcSXin LI 
216f391d6bcSXin LI 	return 1;
217f391d6bcSXin LI }
218f391d6bcSXin LI 
219f391d6bcSXin LI /* --------------------------------------------------------------------
220f391d6bcSXin LI  * set/get DSA signature parameters
221f391d6bcSXin LI  */
222f391d6bcSXin LI void
sslshim_DSA_SIG_get0(const DSA_SIG * psig,const BIGNUM ** pr,const BIGNUM ** ps)223f391d6bcSXin LI sslshim_DSA_SIG_get0(
224f391d6bcSXin LI 	const DSA_SIG *	psig,
225f391d6bcSXin LI 	const BIGNUM **	pr,
226f391d6bcSXin LI 	const BIGNUM **	ps
227f391d6bcSXin LI 	)
228f391d6bcSXin LI {
229f391d6bcSXin LI 	REQUIRE(psig != NULL);
230f391d6bcSXin LI 
231f391d6bcSXin LI 	if (pr != NULL)
232f391d6bcSXin LI 		*pr = psig->r;
233f391d6bcSXin LI 	if (ps != NULL)
234f391d6bcSXin LI 		*ps = psig->s;
235f391d6bcSXin LI }
236f391d6bcSXin LI 
237f391d6bcSXin LI int
sslshim_DSA_SIG_set0(DSA_SIG * psig,BIGNUM * r,BIGNUM * s)238f391d6bcSXin LI sslshim_DSA_SIG_set0(
239f391d6bcSXin LI 	DSA_SIG *	psig,
240f391d6bcSXin LI 	BIGNUM *	r,
241f391d6bcSXin LI 	BIGNUM *	s
242f391d6bcSXin LI 	)
243f391d6bcSXin LI {
244f391d6bcSXin LI 	REQUIRE(psig != NULL);
245f391d6bcSXin LI 	if (!(r && s))
246f391d6bcSXin LI 		return 0;
247f391d6bcSXin LI 
248f391d6bcSXin LI 	replace_bn_nn(&psig->r, r);
249f391d6bcSXin LI 	replace_bn_nn(&psig->s, s);
250f391d6bcSXin LI 
251f391d6bcSXin LI 	return 1;
252f391d6bcSXin LI }
253f391d6bcSXin LI 
254f391d6bcSXin LI /* --------------------------------------------------------------------
255f391d6bcSXin LI  * get/set DSA parameters
256f391d6bcSXin LI  */
257f391d6bcSXin LI void
sslshim_DSA_get0_pqg(const DSA * pdsa,const BIGNUM ** pp,const BIGNUM ** pq,const BIGNUM ** pg)258f391d6bcSXin LI sslshim_DSA_get0_pqg(
259f391d6bcSXin LI 	const DSA *	pdsa,
260f391d6bcSXin LI 	const BIGNUM **	pp,
261f391d6bcSXin LI 	const BIGNUM **	pq,
262f391d6bcSXin LI 	const BIGNUM **	pg
263f391d6bcSXin LI 	)
264f391d6bcSXin LI {
265f391d6bcSXin LI 	REQUIRE(pdsa != NULL);
266f391d6bcSXin LI 
267f391d6bcSXin LI 	if (pp != NULL)
268f391d6bcSXin LI 		*pp = pdsa->p;
269f391d6bcSXin LI 	if (pq != NULL)
270f391d6bcSXin LI 		*pq = pdsa->q;
271f391d6bcSXin LI 	if (pg != NULL)
272f391d6bcSXin LI 		*pg = pdsa->g;
273f391d6bcSXin LI }
274f391d6bcSXin LI 
275f391d6bcSXin LI int
sslshim_DSA_set0_pqg(DSA * pdsa,BIGNUM * p,BIGNUM * q,BIGNUM * g)276f391d6bcSXin LI sslshim_DSA_set0_pqg(
277f391d6bcSXin LI 	DSA *		pdsa,
278f391d6bcSXin LI 	BIGNUM *	p,
279f391d6bcSXin LI 	BIGNUM *	q,
280f391d6bcSXin LI 	BIGNUM *	g
281f391d6bcSXin LI 	)
282f391d6bcSXin LI {
283f391d6bcSXin LI 	if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
284f391d6bcSXin LI 		return 0;
285f391d6bcSXin LI 
286f391d6bcSXin LI 	replace_bn_nn(&pdsa->p, p);
287f391d6bcSXin LI 	replace_bn_nn(&pdsa->q, q);
288f391d6bcSXin LI 	replace_bn_nn(&pdsa->g, g);
289f391d6bcSXin LI 
290f391d6bcSXin LI 	return 1;
291f391d6bcSXin LI }
292f391d6bcSXin LI 
293f391d6bcSXin LI void
sslshim_DSA_get0_key(const DSA * pdsa,const BIGNUM ** ppub_key,const BIGNUM ** ppriv_key)294f391d6bcSXin LI sslshim_DSA_get0_key(
295f391d6bcSXin LI 	const DSA *	pdsa,
296f391d6bcSXin LI 	const BIGNUM **	ppub_key,
297f391d6bcSXin LI 	const BIGNUM **	ppriv_key
298f391d6bcSXin LI 	)
299f391d6bcSXin LI {
300f391d6bcSXin LI 	REQUIRE(pdsa != NULL);
301f391d6bcSXin LI 
302f391d6bcSXin LI 	if (ppub_key != NULL)
303f391d6bcSXin LI 		*ppub_key = pdsa->pub_key;
304f391d6bcSXin LI 	if (ppriv_key != NULL)
305f391d6bcSXin LI 		*ppriv_key = pdsa->priv_key;
306f391d6bcSXin LI }
307f391d6bcSXin LI 
308f391d6bcSXin LI int
sslshim_DSA_set0_key(DSA * pdsa,BIGNUM * pub_key,BIGNUM * priv_key)309f391d6bcSXin LI sslshim_DSA_set0_key(
310f391d6bcSXin LI 	DSA *		pdsa,
311f391d6bcSXin LI 	BIGNUM *	pub_key,
312f391d6bcSXin LI 	BIGNUM *	priv_key
313f391d6bcSXin LI 	)
314f391d6bcSXin LI {
315f391d6bcSXin LI 	REQUIRE(pdsa != NULL);
316f391d6bcSXin LI 	if (!(pdsa->pub_key || pub_key))
317f391d6bcSXin LI 		return 0;
318f391d6bcSXin LI 
319f391d6bcSXin LI 	replace_bn_nn(&pdsa->pub_key, pub_key);
320f391d6bcSXin LI 	replace_bn_nn(&pdsa->priv_key, priv_key);
321f391d6bcSXin LI 
322f391d6bcSXin LI 	return 1;
323f391d6bcSXin LI }
324f391d6bcSXin LI 
325f391d6bcSXin LI int
sslshim_X509_get_signature_nid(const X509 * x)326f391d6bcSXin LI sslshim_X509_get_signature_nid(
327f391d6bcSXin LI 	const X509 *x
328f391d6bcSXin LI 	)
329f391d6bcSXin LI {
330f391d6bcSXin LI 	return OBJ_obj2nid(x->sig_alg->algorithm);
331f391d6bcSXin LI }
332f391d6bcSXin LI 
333f391d6bcSXin LI /* ----------------------------------------------------------------- */
334f0574f5cSXin LI #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
335f391d6bcSXin LI /* ----------------------------------------------------------------- */
336f391d6bcSXin LI 
337f391d6bcSXin LI NONEMPTY_TRANSLATION_UNIT
338f391d6bcSXin LI 
339f391d6bcSXin LI /* ----------------------------------------------------------------- */
340f391d6bcSXin LI #endif
341f391d6bcSXin LI /* ----------------------------------------------------------------- */
342