xref: /netbsd-src/external/bsd/ntp/dist/libntp/libssl_compat.c (revision 3e3909fe3ffe5d33a1ab87329085041d20fd552e) 
1 /*	$NetBSD: libssl_compat.c,v 1.1.1.2 2017/04/13 19:17:27 christos Exp $	*/
2 
3 /*
4  * libssl_compat.c -- OpenSSL v1.1 compatibility functions
5  *
6  * ---------------------------------------------------------------------
7  * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
8  *
9  * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
10  *
11  * ---------------------------------------------------------------------
12  * This is a clean room implementation of shim functions that have
13  * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
14  * while OpenSSL broke binary compatibility with v1.1, this shim module
15  * should provide the necessary source code compatibility with older
16  * versions of OpenSSL.
17  * ---------------------------------------------------------------------
18  */
19 #include "config.h"
20 #include "ntp_types.h"
21 
22 /* ----------------------------------------------------------------- */
23 #ifdef OPENSSL
24 # include <string.h>
25 # include <openssl/bn.h>
26 # include <openssl/evp.h>
27 #endif
28 /* ----------------------------------------------------------------- */
29 
30 /* ----------------------------------------------------------------- */
31 #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
32 /* ----------------------------------------------------------------- */
33 
34 #include "libssl_compat.h"
35 #include "ntp_assert.h"
36 
37 /* --------------------------------------------------------------------
38  * replace a BIGNUM owned by the caller with another one if it's not
39  * NULL, taking over the ownership of the new value. This clears & frees
40  * the old value -- the clear might be overkill, but it's better to err
41  * on the side of paranoia here.
42  */
43 static void
44 replace_bn_nn(
45 	BIGNUM **	ps,
46 	BIGNUM *	n
47 	)
48 {
49 	if (n) {
50 		REQUIRE(*ps != n);
51 		BN_clear_free(*ps);
52 		*ps = n;
53 	}
54 }
55 
56 /* --------------------------------------------------------------------
57  * allocation and deallocation of prime number callbacks
58  */
59 BN_GENCB*
60 sslshimBN_GENCB_new(void)
61 {
62 	return calloc(1,sizeof(BN_GENCB));
63 }
64 
65 void
66 sslshimBN_GENCB_free(
67 	BN_GENCB	*cb
68 	)
69 {
70 	free(cb);
71 }
72 
73 /* --------------------------------------------------------------------
74  * allocation and deallocation of message digests
75  */
76 EVP_MD_CTX*
77 sslshim_EVP_MD_CTX_new(void)
78 {
79 	return calloc(1, sizeof(EVP_MD_CTX));
80 }
81 
82 void
83 sslshim_EVP_MD_CTX_free(
84 	EVP_MD_CTX *	pctx
85 	)
86 {
87 	free(pctx);
88 }
89 
90 /* --------------------------------------------------------------------
91  * get EVP keys and key type
92  */
93 int
94 sslshim_EVP_PKEY_id(
95 	const EVP_PKEY *pkey
96 	)
97 {
98 	return (pkey) ? pkey->type : EVP_PKEY_NONE;
99 }
100 
101 int
102 sslshim_EVP_PKEY_base_id(
103 	const EVP_PKEY *pkey
104 	)
105 {
106 	return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
107 }
108 
109 RSA*
110 sslshim_EVP_PKEY_get0_RSA(
111 	EVP_PKEY *	pkey
112 	)
113 {
114 	return (pkey) ? pkey->pkey.rsa : NULL;
115 }
116 
117 DSA*
118 sslshim_EVP_PKEY_get0_DSA(
119 	EVP_PKEY *	pkey
120 	)
121 {
122 	return (pkey) ? pkey->pkey.dsa : NULL;
123 }
124 
125 /* --------------------------------------------------------------------
126  * set/get RSA params
127  */
128 void
129 sslshim_RSA_get0_key(
130 	const RSA *	prsa,
131 	const BIGNUM **	pn,
132 	const BIGNUM **	pe,
133 	const BIGNUM **	pd
134 	)
135 {
136 	REQUIRE(prsa != NULL);
137 
138 	if (pn)
139 		*pn = prsa->n;
140 	if (pe)
141 		*pe = prsa->e;
142 	if (pd)
143 		*pd = prsa->d;
144 }
145 
146 int
147 sslshim_RSA_set0_key(
148 	RSA *		prsa,
149 	BIGNUM *	n,
150 	BIGNUM *	e,
151 	BIGNUM *	d
152 	)
153 {
154 	REQUIRE(prsa != NULL);
155 	if (!((prsa->n || n) && (prsa->e || e)))
156 		return 0;
157 
158 	replace_bn_nn(&prsa->n, n);
159 	replace_bn_nn(&prsa->e, e);
160 	replace_bn_nn(&prsa->d, d);
161 
162 	return 1;
163 }
164 
165 void
166 sslshim_RSA_get0_factors(
167 	const RSA *	prsa,
168 	const BIGNUM **	pp,
169 	const BIGNUM **	pq
170 	)
171 {
172 	REQUIRE(prsa != NULL);
173 
174 	if (pp)
175 		*pp = prsa->p;
176 	if (pq)
177 		*pq = prsa->q;
178 }
179 
180 int
181 sslshim_RSA_set0_factors(
182 	RSA    *	prsa,
183 	BIGNUM *	p,
184 	BIGNUM *	q
185 	)
186 {
187 	REQUIRE(prsa != NULL);
188 	if (!((prsa->p || p) && (prsa->q || q)))
189 		return 0;
190 
191 	replace_bn_nn(&prsa->p, p);
192 	replace_bn_nn(&prsa->q, q);
193 
194 	return 1;
195 }
196 
197 int
198 sslshim_RSA_set0_crt_params(
199 	RSA    *	prsa,
200 	BIGNUM *	dmp1,
201 	BIGNUM *	dmq1,
202 	BIGNUM *	iqmp
203 	)
204 {
205 	REQUIRE(prsa != NULL);
206 	if (!((prsa->dmp1 || dmp1) &&
207 	      (prsa->dmq1 || dmq1) &&
208 	      (prsa->iqmp || iqmp) ))
209 		return 0;
210 
211 	replace_bn_nn(&prsa->dmp1, dmp1);
212 	replace_bn_nn(&prsa->dmq1, dmq1);
213 	replace_bn_nn(&prsa->iqmp, iqmp);
214 
215 	return 1;
216 }
217 
218 /* --------------------------------------------------------------------
219  * set/get DSA signature parameters
220  */
221 void
222 sslshim_DSA_SIG_get0(
223 	const DSA_SIG *	psig,
224 	const BIGNUM **	pr,
225 	const BIGNUM **	ps
226 	)
227 {
228 	REQUIRE(psig != NULL);
229 
230 	if (pr != NULL)
231 		*pr = psig->r;
232 	if (ps != NULL)
233 		*ps = psig->s;
234 }
235 
236 int
237 sslshim_DSA_SIG_set0(
238 	DSA_SIG *	psig,
239 	BIGNUM *	r,
240 	BIGNUM *	s
241 	)
242 {
243 	REQUIRE(psig != NULL);
244 	if (!(r && s))
245 		return 0;
246 
247 	replace_bn_nn(&psig->r, r);
248 	replace_bn_nn(&psig->s, s);
249 
250 	return 1;
251 }
252 
253 /* --------------------------------------------------------------------
254  * get/set DSA parameters
255  */
256 void
257 sslshim_DSA_get0_pqg(
258 	const DSA *	pdsa,
259 	const BIGNUM **	pp,
260 	const BIGNUM **	pq,
261 	const BIGNUM **	pg
262 	)
263 {
264 	REQUIRE(pdsa != NULL);
265 
266 	if (pp != NULL)
267 		*pp = pdsa->p;
268 	if (pq != NULL)
269 		*pq = pdsa->q;
270 	if (pg != NULL)
271 		*pg = pdsa->g;
272 }
273 
274 int
275 sslshim_DSA_set0_pqg(
276 	DSA *		pdsa,
277 	BIGNUM *	p,
278 	BIGNUM *	q,
279 	BIGNUM *	g
280 	)
281 {
282 	if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
283 		return 0;
284 
285 	replace_bn_nn(&pdsa->p, p);
286 	replace_bn_nn(&pdsa->q, q);
287 	replace_bn_nn(&pdsa->g, g);
288 
289 	return 1;
290 }
291 
292 void
293 sslshim_DSA_get0_key(
294 	const DSA *	pdsa,
295 	const BIGNUM **	ppub_key,
296 	const BIGNUM **	ppriv_key
297 	)
298 {
299 	REQUIRE(pdsa != NULL);
300 
301 	if (ppub_key != NULL)
302 		*ppub_key = pdsa->pub_key;
303 	if (ppriv_key != NULL)
304 		*ppriv_key = pdsa->priv_key;
305 }
306 
307 int
308 sslshim_DSA_set0_key(
309 	DSA *		pdsa,
310 	BIGNUM *	pub_key,
311 	BIGNUM *	priv_key
312 	)
313 {
314 	REQUIRE(pdsa != NULL);
315 	if (!(pdsa->pub_key || pub_key))
316 		return 0;
317 
318 	replace_bn_nn(&pdsa->pub_key, pub_key);
319 	replace_bn_nn(&pdsa->priv_key, priv_key);
320 
321 	return 1;
322 }
323 
324 int
325 sslshim_X509_get_signature_nid(
326 	const X509 *x
327 	)
328 {
329 	return OBJ_obj2nid(x->sig_alg->algorithm);
330 }
331 
332 /* ----------------------------------------------------------------- */
333 #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
334 /* ----------------------------------------------------------------- */
335 
336 NONEMPTY_TRANSLATION_UNIT
337 
338 /* ----------------------------------------------------------------- */
339 #endif
340 /* ----------------------------------------------------------------- */
341