1f391d6bcSXin LI /* 2f391d6bcSXin LI * libssl_compat.c -- OpenSSL v1.1 compatibility functions 3f391d6bcSXin LI * 4f391d6bcSXin LI * --------------------------------------------------------------------- 5f391d6bcSXin LI * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project 6f391d6bcSXin LI * 7f391d6bcSXin LI * Based on an idea by Kurt Roeckx <kurt@roeckx.be> 8f391d6bcSXin LI * 9f391d6bcSXin LI * --------------------------------------------------------------------- 10f391d6bcSXin LI * This is a clean room implementation of shim functions that have 11f391d6bcSXin LI * counterparts in the OpenSSL v1.1 API but not in earlier versions. So 12f391d6bcSXin LI * while OpenSSL broke binary compatibility with v1.1, this shim module 13f391d6bcSXin LI * should provide the necessary source code compatibility with older 14f391d6bcSXin LI * versions of OpenSSL. 15f391d6bcSXin LI * --------------------------------------------------------------------- 16f391d6bcSXin LI */ 17f391d6bcSXin LI #include "config.h" 18f391d6bcSXin LI #include "ntp_types.h" 19f391d6bcSXin LI 20f391d6bcSXin LI /* ----------------------------------------------------------------- */ 21*f0574f5cSXin LI #ifdef OPENSSL 22*f0574f5cSXin LI # include <string.h> 23*f0574f5cSXin LI # include <openssl/bn.h> 24*f0574f5cSXin LI # include <openssl/evp.h> 25*f0574f5cSXin LI #endif 26*f0574f5cSXin LI /* ----------------------------------------------------------------- */ 27*f0574f5cSXin LI 28*f0574f5cSXin LI /* ----------------------------------------------------------------- */ 29*f0574f5cSXin LI #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L 30f391d6bcSXin LI /* ----------------------------------------------------------------- */ 31f391d6bcSXin LI 32f391d6bcSXin LI #include "libssl_compat.h" 33f391d6bcSXin LI #include "ntp_assert.h" 34f391d6bcSXin LI 35f391d6bcSXin LI /* -------------------------------------------------------------------- 36f391d6bcSXin LI * replace a BIGNUM owned by the caller with another one if it's not 37f391d6bcSXin LI * NULL, taking over the ownership of the new value. This clears & frees 38f391d6bcSXin LI * the old value -- the clear might be overkill, but it's better to err 39f391d6bcSXin LI * on the side of paranoia here. 40f391d6bcSXin LI */ 41f391d6bcSXin LI static void 42f391d6bcSXin LI replace_bn_nn( 43f391d6bcSXin LI BIGNUM ** ps, 44f391d6bcSXin LI BIGNUM * n 45f391d6bcSXin LI ) 46f391d6bcSXin LI { 47f391d6bcSXin LI if (n) { 48f391d6bcSXin LI REQUIRE(*ps != n); 49f391d6bcSXin LI BN_clear_free(*ps); 50f391d6bcSXin LI *ps = n; 51f391d6bcSXin LI } 52f391d6bcSXin LI } 53f391d6bcSXin LI 54f391d6bcSXin LI /* -------------------------------------------------------------------- 55f391d6bcSXin LI * allocation and deallocation of prime number callbacks 56f391d6bcSXin LI */ 57f391d6bcSXin LI BN_GENCB* 58f391d6bcSXin LI sslshimBN_GENCB_new(void) 59f391d6bcSXin LI { 60f391d6bcSXin LI return calloc(1,sizeof(BN_GENCB)); 61f391d6bcSXin LI } 62f391d6bcSXin LI 63f391d6bcSXin LI void 64f391d6bcSXin LI sslshimBN_GENCB_free( 65f391d6bcSXin LI BN_GENCB *cb 66f391d6bcSXin LI ) 67f391d6bcSXin LI { 68f391d6bcSXin LI free(cb); 69f391d6bcSXin LI } 70f391d6bcSXin LI 71f391d6bcSXin LI /* -------------------------------------------------------------------- 72f391d6bcSXin LI * allocation and deallocation of message digests 73f391d6bcSXin LI */ 74f391d6bcSXin LI EVP_MD_CTX* 75f391d6bcSXin LI sslshim_EVP_MD_CTX_new(void) 76f391d6bcSXin LI { 77f391d6bcSXin LI return calloc(1, sizeof(EVP_MD_CTX)); 78f391d6bcSXin LI } 79f391d6bcSXin LI 80f391d6bcSXin LI void 81f391d6bcSXin LI sslshim_EVP_MD_CTX_free( 82f391d6bcSXin LI EVP_MD_CTX * pctx 83f391d6bcSXin LI ) 84f391d6bcSXin LI { 85f391d6bcSXin LI free(pctx); 86f391d6bcSXin LI } 87f391d6bcSXin LI 88f391d6bcSXin LI /* -------------------------------------------------------------------- 89f391d6bcSXin LI * get EVP keys and key type 90f391d6bcSXin LI */ 91f391d6bcSXin LI int 92f391d6bcSXin LI sslshim_EVP_PKEY_id( 93f391d6bcSXin LI const EVP_PKEY *pkey 94f391d6bcSXin LI ) 95f391d6bcSXin LI { 96f391d6bcSXin LI return (pkey) ? pkey->type : EVP_PKEY_NONE; 97f391d6bcSXin LI } 98f391d6bcSXin LI 99f391d6bcSXin LI int 100f391d6bcSXin LI sslshim_EVP_PKEY_base_id( 101f391d6bcSXin LI const EVP_PKEY *pkey 102f391d6bcSXin LI ) 103f391d6bcSXin LI { 104f391d6bcSXin LI return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; 105f391d6bcSXin LI } 106f391d6bcSXin LI 107f391d6bcSXin LI RSA* 108f391d6bcSXin LI sslshim_EVP_PKEY_get0_RSA( 109f391d6bcSXin LI EVP_PKEY * pkey 110f391d6bcSXin LI ) 111f391d6bcSXin LI { 112f391d6bcSXin LI return (pkey) ? pkey->pkey.rsa : NULL; 113f391d6bcSXin LI } 114f391d6bcSXin LI 115f391d6bcSXin LI DSA* 116f391d6bcSXin LI sslshim_EVP_PKEY_get0_DSA( 117f391d6bcSXin LI EVP_PKEY * pkey 118f391d6bcSXin LI ) 119f391d6bcSXin LI { 120f391d6bcSXin LI return (pkey) ? pkey->pkey.dsa : NULL; 121f391d6bcSXin LI } 122f391d6bcSXin LI 123f391d6bcSXin LI /* -------------------------------------------------------------------- 124f391d6bcSXin LI * set/get RSA params 125f391d6bcSXin LI */ 126f391d6bcSXin LI void 127f391d6bcSXin LI sslshim_RSA_get0_key( 128f391d6bcSXin LI const RSA * prsa, 129f391d6bcSXin LI const BIGNUM ** pn, 130f391d6bcSXin LI const BIGNUM ** pe, 131f391d6bcSXin LI const BIGNUM ** pd 132f391d6bcSXin LI ) 133f391d6bcSXin LI { 134f391d6bcSXin LI REQUIRE(prsa != NULL); 135f391d6bcSXin LI 136f391d6bcSXin LI if (pn) 137f391d6bcSXin LI *pn = prsa->n; 138f391d6bcSXin LI if (pe) 139f391d6bcSXin LI *pe = prsa->e; 140f391d6bcSXin LI if (pd) 141f391d6bcSXin LI *pd = prsa->d; 142f391d6bcSXin LI } 143f391d6bcSXin LI 144f391d6bcSXin LI int 145f391d6bcSXin LI sslshim_RSA_set0_key( 146f391d6bcSXin LI RSA * prsa, 147f391d6bcSXin LI BIGNUM * n, 148f391d6bcSXin LI BIGNUM * e, 149f391d6bcSXin LI BIGNUM * d 150f391d6bcSXin LI ) 151f391d6bcSXin LI { 152f391d6bcSXin LI REQUIRE(prsa != NULL); 153f391d6bcSXin LI if (!((prsa->n || n) && (prsa->e || e))) 154f391d6bcSXin LI return 0; 155f391d6bcSXin LI 156f391d6bcSXin LI replace_bn_nn(&prsa->n, n); 157f391d6bcSXin LI replace_bn_nn(&prsa->e, e); 158f391d6bcSXin LI replace_bn_nn(&prsa->d, d); 159f391d6bcSXin LI 160f391d6bcSXin LI return 1; 161f391d6bcSXin LI } 162f391d6bcSXin LI 163f391d6bcSXin LI void 164f391d6bcSXin LI sslshim_RSA_get0_factors( 165f391d6bcSXin LI const RSA * prsa, 166f391d6bcSXin LI const BIGNUM ** pp, 167f391d6bcSXin LI const BIGNUM ** pq 168f391d6bcSXin LI ) 169f391d6bcSXin LI { 170f391d6bcSXin LI REQUIRE(prsa != NULL); 171f391d6bcSXin LI 172f391d6bcSXin LI if (pp) 173f391d6bcSXin LI *pp = prsa->p; 174f391d6bcSXin LI if (pq) 175f391d6bcSXin LI *pq = prsa->q; 176f391d6bcSXin LI } 177f391d6bcSXin LI 178f391d6bcSXin LI int 179f391d6bcSXin LI sslshim_RSA_set0_factors( 180f391d6bcSXin LI RSA * prsa, 181f391d6bcSXin LI BIGNUM * p, 182f391d6bcSXin LI BIGNUM * q 183f391d6bcSXin LI ) 184f391d6bcSXin LI { 185f391d6bcSXin LI REQUIRE(prsa != NULL); 186f391d6bcSXin LI if (!((prsa->p || p) && (prsa->q || q))) 187f391d6bcSXin LI return 0; 188f391d6bcSXin LI 189f391d6bcSXin LI replace_bn_nn(&prsa->p, p); 190f391d6bcSXin LI replace_bn_nn(&prsa->q, q); 191f391d6bcSXin LI 192f391d6bcSXin LI return 1; 193f391d6bcSXin LI } 194f391d6bcSXin LI 195f391d6bcSXin LI int 196f391d6bcSXin LI sslshim_RSA_set0_crt_params( 197f391d6bcSXin LI RSA * prsa, 198f391d6bcSXin LI BIGNUM * dmp1, 199f391d6bcSXin LI BIGNUM * dmq1, 200f391d6bcSXin LI BIGNUM * iqmp 201f391d6bcSXin LI ) 202f391d6bcSXin LI { 203f391d6bcSXin LI REQUIRE(prsa != NULL); 204f391d6bcSXin LI if (!((prsa->dmp1 || dmp1) && 205f391d6bcSXin LI (prsa->dmq1 || dmq1) && 206f391d6bcSXin LI (prsa->iqmp || iqmp) )) 207f391d6bcSXin LI return 0; 208f391d6bcSXin LI 209f391d6bcSXin LI replace_bn_nn(&prsa->dmp1, dmp1); 210f391d6bcSXin LI replace_bn_nn(&prsa->dmq1, dmq1); 211f391d6bcSXin LI replace_bn_nn(&prsa->iqmp, iqmp); 212f391d6bcSXin LI 213f391d6bcSXin LI return 1; 214f391d6bcSXin LI } 215f391d6bcSXin LI 216f391d6bcSXin LI /* -------------------------------------------------------------------- 217f391d6bcSXin LI * set/get DSA signature parameters 218f391d6bcSXin LI */ 219f391d6bcSXin LI void 220f391d6bcSXin LI sslshim_DSA_SIG_get0( 221f391d6bcSXin LI const DSA_SIG * psig, 222f391d6bcSXin LI const BIGNUM ** pr, 223f391d6bcSXin LI const BIGNUM ** ps 224f391d6bcSXin LI ) 225f391d6bcSXin LI { 226f391d6bcSXin LI REQUIRE(psig != NULL); 227f391d6bcSXin LI 228f391d6bcSXin LI if (pr != NULL) 229f391d6bcSXin LI *pr = psig->r; 230f391d6bcSXin LI if (ps != NULL) 231f391d6bcSXin LI *ps = psig->s; 232f391d6bcSXin LI } 233f391d6bcSXin LI 234f391d6bcSXin LI int 235f391d6bcSXin LI sslshim_DSA_SIG_set0( 236f391d6bcSXin LI DSA_SIG * psig, 237f391d6bcSXin LI BIGNUM * r, 238f391d6bcSXin LI BIGNUM * s 239f391d6bcSXin LI ) 240f391d6bcSXin LI { 241f391d6bcSXin LI REQUIRE(psig != NULL); 242f391d6bcSXin LI if (!(r && s)) 243f391d6bcSXin LI return 0; 244f391d6bcSXin LI 245f391d6bcSXin LI replace_bn_nn(&psig->r, r); 246f391d6bcSXin LI replace_bn_nn(&psig->s, s); 247f391d6bcSXin LI 248f391d6bcSXin LI return 1; 249f391d6bcSXin LI } 250f391d6bcSXin LI 251f391d6bcSXin LI /* -------------------------------------------------------------------- 252f391d6bcSXin LI * get/set DSA parameters 253f391d6bcSXin LI */ 254f391d6bcSXin LI void 255f391d6bcSXin LI sslshim_DSA_get0_pqg( 256f391d6bcSXin LI const DSA * pdsa, 257f391d6bcSXin LI const BIGNUM ** pp, 258f391d6bcSXin LI const BIGNUM ** pq, 259f391d6bcSXin LI const BIGNUM ** pg 260f391d6bcSXin LI ) 261f391d6bcSXin LI { 262f391d6bcSXin LI REQUIRE(pdsa != NULL); 263f391d6bcSXin LI 264f391d6bcSXin LI if (pp != NULL) 265f391d6bcSXin LI *pp = pdsa->p; 266f391d6bcSXin LI if (pq != NULL) 267f391d6bcSXin LI *pq = pdsa->q; 268f391d6bcSXin LI if (pg != NULL) 269f391d6bcSXin LI *pg = pdsa->g; 270f391d6bcSXin LI } 271f391d6bcSXin LI 272f391d6bcSXin LI int 273f391d6bcSXin LI sslshim_DSA_set0_pqg( 274f391d6bcSXin LI DSA * pdsa, 275f391d6bcSXin LI BIGNUM * p, 276f391d6bcSXin LI BIGNUM * q, 277f391d6bcSXin LI BIGNUM * g 278f391d6bcSXin LI ) 279f391d6bcSXin LI { 280f391d6bcSXin LI if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g))) 281f391d6bcSXin LI return 0; 282f391d6bcSXin LI 283f391d6bcSXin LI replace_bn_nn(&pdsa->p, p); 284f391d6bcSXin LI replace_bn_nn(&pdsa->q, q); 285f391d6bcSXin LI replace_bn_nn(&pdsa->g, g); 286f391d6bcSXin LI 287f391d6bcSXin LI return 1; 288f391d6bcSXin LI } 289f391d6bcSXin LI 290f391d6bcSXin LI void 291f391d6bcSXin LI sslshim_DSA_get0_key( 292f391d6bcSXin LI const DSA * pdsa, 293f391d6bcSXin LI const BIGNUM ** ppub_key, 294f391d6bcSXin LI const BIGNUM ** ppriv_key 295f391d6bcSXin LI ) 296f391d6bcSXin LI { 297f391d6bcSXin LI REQUIRE(pdsa != NULL); 298f391d6bcSXin LI 299f391d6bcSXin LI if (ppub_key != NULL) 300f391d6bcSXin LI *ppub_key = pdsa->pub_key; 301f391d6bcSXin LI if (ppriv_key != NULL) 302f391d6bcSXin LI *ppriv_key = pdsa->priv_key; 303f391d6bcSXin LI } 304f391d6bcSXin LI 305f391d6bcSXin LI int 306f391d6bcSXin LI sslshim_DSA_set0_key( 307f391d6bcSXin LI DSA * pdsa, 308f391d6bcSXin LI BIGNUM * pub_key, 309f391d6bcSXin LI BIGNUM * priv_key 310f391d6bcSXin LI ) 311f391d6bcSXin LI { 312f391d6bcSXin LI REQUIRE(pdsa != NULL); 313f391d6bcSXin LI if (!(pdsa->pub_key || pub_key)) 314f391d6bcSXin LI return 0; 315f391d6bcSXin LI 316f391d6bcSXin LI replace_bn_nn(&pdsa->pub_key, pub_key); 317f391d6bcSXin LI replace_bn_nn(&pdsa->priv_key, priv_key); 318f391d6bcSXin LI 319f391d6bcSXin LI return 1; 320f391d6bcSXin LI } 321f391d6bcSXin LI 322f391d6bcSXin LI int 323f391d6bcSXin LI sslshim_X509_get_signature_nid( 324f391d6bcSXin LI const X509 *x 325f391d6bcSXin LI ) 326f391d6bcSXin LI { 327f391d6bcSXin LI return OBJ_obj2nid(x->sig_alg->algorithm); 328f391d6bcSXin LI } 329f391d6bcSXin LI 330f391d6bcSXin LI /* ----------------------------------------------------------------- */ 331*f0574f5cSXin LI #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */ 332f391d6bcSXin LI /* ----------------------------------------------------------------- */ 333f391d6bcSXin LI 334f391d6bcSXin LI NONEMPTY_TRANSLATION_UNIT 335f391d6bcSXin LI 336f391d6bcSXin LI /* ----------------------------------------------------------------- */ 337f391d6bcSXin LI #endif 338f391d6bcSXin LI /* ----------------------------------------------------------------- */ 339