xref: /netbsd-src/external/bsd/ntp/dist/libntp/libssl_compat.c (revision 181254a7b1bdde6873432bffef2d2decc4b5c22f) 
1 /*	$NetBSD: libssl_compat.c,v 1.3 2020/05/25 20:47:24 christos Exp $	*/
2 
3 /*
4  * libssl_compat.c -- OpenSSL v1.1 compatibility functions
5  *
6  * ---------------------------------------------------------------------
7  * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
8  *
9  * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
10  *
11  * ---------------------------------------------------------------------
12  * This is a clean room implementation of shim functions that have
13  * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
14  * while OpenSSL broke binary compatibility with v1.1, this shim module
15  * should provide the necessary source code compatibility with older
16  * versions of OpenSSL.
17  * ---------------------------------------------------------------------
18  */
19 #include "config.h"
20 #include "ntp_types.h"
21 
22 /* ----------------------------------------------------------------- */
23 #ifdef OPENSSL
24 # include <string.h>
25 # include <openssl/bn.h>
26 # include <openssl/evp.h>
27 #endif
28 /* ----------------------------------------------------------------- */
29 
30 /* ----------------------------------------------------------------- */
31 #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
32 /* ----------------------------------------------------------------- */
33 
34 #include "libssl_compat.h"
35 #include "ntp_assert.h"
36 
37 /* --------------------------------------------------------------------
38  * replace a BIGNUM owned by the caller with another one if it's not
39  * NULL, taking over the ownership of the new value. This clears & frees
40  * the old value -- the clear might be overkill, but it's better to err
41  * on the side of paranoia here.
42  */
43 static void
44 replace_bn_nn(
45 	BIGNUM **	ps,
46 	BIGNUM *	n
47 	)
48 {
49 	if (n) {
50 		REQUIRE(*ps != n);
51 		BN_clear_free(*ps);
52 		*ps = n;
53 	}
54 }
55 
56 /* --------------------------------------------------------------------
57  * allocation and deallocation of prime number callbacks
58  */
59 BN_GENCB*
60 sslshimBN_GENCB_new(void)
61 {
62 	return calloc(1,sizeof(BN_GENCB));
63 }
64 
65 void
66 sslshimBN_GENCB_free(
67 	BN_GENCB	*cb
68 	)
69 {
70 	free(cb);
71 }
72 
73 /* --------------------------------------------------------------------
74  * allocation and deallocation of message digests
75  */
76 EVP_MD_CTX*
77 sslshim_EVP_MD_CTX_new(void)
78 {
79 	EVP_MD_CTX *	ctx;
80 	if (NULL != (ctx = calloc(1, sizeof(EVP_MD_CTX))))
81 		EVP_MD_CTX_init(ctx);
82 	return ctx;
83 }
84 
85 void
86 sslshim_EVP_MD_CTX_free(
87 	EVP_MD_CTX *	pctx
88 	)
89 {
90 	free(pctx);
91 }
92 
93 /* --------------------------------------------------------------------
94  * get EVP keys and key type
95  */
96 int
97 sslshim_EVP_PKEY_id(
98 	const EVP_PKEY *pkey
99 	)
100 {
101 	return (pkey) ? pkey->type : EVP_PKEY_NONE;
102 }
103 
104 int
105 sslshim_EVP_PKEY_base_id(
106 	const EVP_PKEY *pkey
107 	)
108 {
109 	return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
110 }
111 
112 RSA*
113 sslshim_EVP_PKEY_get0_RSA(
114 	EVP_PKEY *	pkey
115 	)
116 {
117 	return (pkey) ? pkey->pkey.rsa : NULL;
118 }
119 
120 DSA*
121 sslshim_EVP_PKEY_get0_DSA(
122 	EVP_PKEY *	pkey
123 	)
124 {
125 	return (pkey) ? pkey->pkey.dsa : NULL;
126 }
127 
128 /* --------------------------------------------------------------------
129  * set/get RSA params
130  */
131 void
132 sslshim_RSA_get0_key(
133 	const RSA *	prsa,
134 	const BIGNUM **	pn,
135 	const BIGNUM **	pe,
136 	const BIGNUM **	pd
137 	)
138 {
139 	REQUIRE(prsa != NULL);
140 
141 	if (pn)
142 		*pn = prsa->n;
143 	if (pe)
144 		*pe = prsa->e;
145 	if (pd)
146 		*pd = prsa->d;
147 }
148 
149 int
150 sslshim_RSA_set0_key(
151 	RSA *		prsa,
152 	BIGNUM *	n,
153 	BIGNUM *	e,
154 	BIGNUM *	d
155 	)
156 {
157 	REQUIRE(prsa != NULL);
158 	if (!((prsa->n || n) && (prsa->e || e)))
159 		return 0;
160 
161 	replace_bn_nn(&prsa->n, n);
162 	replace_bn_nn(&prsa->e, e);
163 	replace_bn_nn(&prsa->d, d);
164 
165 	return 1;
166 }
167 
168 void
169 sslshim_RSA_get0_factors(
170 	const RSA *	prsa,
171 	const BIGNUM **	pp,
172 	const BIGNUM **	pq
173 	)
174 {
175 	REQUIRE(prsa != NULL);
176 
177 	if (pp)
178 		*pp = prsa->p;
179 	if (pq)
180 		*pq = prsa->q;
181 }
182 
183 int
184 sslshim_RSA_set0_factors(
185 	RSA    *	prsa,
186 	BIGNUM *	p,
187 	BIGNUM *	q
188 	)
189 {
190 	REQUIRE(prsa != NULL);
191 	if (!((prsa->p || p) && (prsa->q || q)))
192 		return 0;
193 
194 	replace_bn_nn(&prsa->p, p);
195 	replace_bn_nn(&prsa->q, q);
196 
197 	return 1;
198 }
199 
200 int
201 sslshim_RSA_set0_crt_params(
202 	RSA    *	prsa,
203 	BIGNUM *	dmp1,
204 	BIGNUM *	dmq1,
205 	BIGNUM *	iqmp
206 	)
207 {
208 	REQUIRE(prsa != NULL);
209 	if (!((prsa->dmp1 || dmp1) &&
210 	      (prsa->dmq1 || dmq1) &&
211 	      (prsa->iqmp || iqmp) ))
212 		return 0;
213 
214 	replace_bn_nn(&prsa->dmp1, dmp1);
215 	replace_bn_nn(&prsa->dmq1, dmq1);
216 	replace_bn_nn(&prsa->iqmp, iqmp);
217 
218 	return 1;
219 }
220 
221 /* --------------------------------------------------------------------
222  * set/get DSA signature parameters
223  */
224 void
225 sslshim_DSA_SIG_get0(
226 	const DSA_SIG *	psig,
227 	const BIGNUM **	pr,
228 	const BIGNUM **	ps
229 	)
230 {
231 	REQUIRE(psig != NULL);
232 
233 	if (pr != NULL)
234 		*pr = psig->r;
235 	if (ps != NULL)
236 		*ps = psig->s;
237 }
238 
239 int
240 sslshim_DSA_SIG_set0(
241 	DSA_SIG *	psig,
242 	BIGNUM *	r,
243 	BIGNUM *	s
244 	)
245 {
246 	REQUIRE(psig != NULL);
247 	if (!(r && s))
248 		return 0;
249 
250 	replace_bn_nn(&psig->r, r);
251 	replace_bn_nn(&psig->s, s);
252 
253 	return 1;
254 }
255 
256 /* --------------------------------------------------------------------
257  * get/set DSA parameters
258  */
259 void
260 sslshim_DSA_get0_pqg(
261 	const DSA *	pdsa,
262 	const BIGNUM **	pp,
263 	const BIGNUM **	pq,
264 	const BIGNUM **	pg
265 	)
266 {
267 	REQUIRE(pdsa != NULL);
268 
269 	if (pp != NULL)
270 		*pp = pdsa->p;
271 	if (pq != NULL)
272 		*pq = pdsa->q;
273 	if (pg != NULL)
274 		*pg = pdsa->g;
275 }
276 
277 int
278 sslshim_DSA_set0_pqg(
279 	DSA *		pdsa,
280 	BIGNUM *	p,
281 	BIGNUM *	q,
282 	BIGNUM *	g
283 	)
284 {
285 	if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
286 		return 0;
287 
288 	replace_bn_nn(&pdsa->p, p);
289 	replace_bn_nn(&pdsa->q, q);
290 	replace_bn_nn(&pdsa->g, g);
291 
292 	return 1;
293 }
294 
295 void
296 sslshim_DSA_get0_key(
297 	const DSA *	pdsa,
298 	const BIGNUM **	ppub_key,
299 	const BIGNUM **	ppriv_key
300 	)
301 {
302 	REQUIRE(pdsa != NULL);
303 
304 	if (ppub_key != NULL)
305 		*ppub_key = pdsa->pub_key;
306 	if (ppriv_key != NULL)
307 		*ppriv_key = pdsa->priv_key;
308 }
309 
310 int
311 sslshim_DSA_set0_key(
312 	DSA *		pdsa,
313 	BIGNUM *	pub_key,
314 	BIGNUM *	priv_key
315 	)
316 {
317 	REQUIRE(pdsa != NULL);
318 	if (!(pdsa->pub_key || pub_key))
319 		return 0;
320 
321 	replace_bn_nn(&pdsa->pub_key, pub_key);
322 	replace_bn_nn(&pdsa->priv_key, priv_key);
323 
324 	return 1;
325 }
326 
327 int
328 sslshim_X509_get_signature_nid(
329 	const X509 *x
330 	)
331 {
332 	return OBJ_obj2nid(x->sig_alg->algorithm);
333 }
334 
335 /* ----------------------------------------------------------------- */
336 #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
337 /* ----------------------------------------------------------------- */
338 
339 NONEMPTY_TRANSLATION_UNIT
340 
341 /* ----------------------------------------------------------------- */
342 #endif
343 /* ----------------------------------------------------------------- */
344