2 * libssl_compat.c -- OpenSSL v1.1 compatibility functions
4 * ---------------------------------------------------------------------
5 * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
7 * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
9 * ---------------------------------------------------------------------
10 * This is a clean room implementation of shim functions that have
11 * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
12 * while OpenSSL broke binary compatibility with v1.1, this shim module
13 * should provide the necessary source code compatibility with older
14 * versions of OpenSSL.
15 * ---------------------------------------------------------------------
18 #include "ntp_types.h"
20 /* ----------------------------------------------------------------- */
23 # include <openssl/bn.h>
24 # include <openssl/evp.h>
26 /* ----------------------------------------------------------------- */
28 /* ----------------------------------------------------------------- */
29 #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
30 /* ----------------------------------------------------------------- */
32 #include "libssl_compat.h"
33 #include "ntp_assert.h"
35 /* --------------------------------------------------------------------
36 * replace a BIGNUM owned by the caller with another one if it's not
37 * NULL, taking over the ownership of the new value. This clears & frees
38 * the old value -- the clear might be overkill, but it's better to err
39 * on the side of paranoia here.
54 /* --------------------------------------------------------------------
55 * allocation and deallocation of prime number callbacks
58 sslshimBN_GENCB_new(void)
60 return calloc(1,sizeof(BN_GENCB));
71 /* --------------------------------------------------------------------
72 * allocation and deallocation of message digests
75 sslshim_EVP_MD_CTX_new(void)
78 if (NULL != (ctx = calloc(1, sizeof(EVP_MD_CTX))))
84 sslshim_EVP_MD_CTX_free(
91 /* --------------------------------------------------------------------
92 * get EVP keys and key type
99 return (pkey) ? pkey->type : EVP_PKEY_NONE;
103 sslshim_EVP_PKEY_base_id(
107 return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
111 sslshim_EVP_PKEY_get0_RSA(
115 return (pkey) ? pkey->pkey.rsa : NULL;
119 sslshim_EVP_PKEY_get0_DSA(
123 return (pkey) ? pkey->pkey.dsa : NULL;
126 /* --------------------------------------------------------------------
130 sslshim_RSA_get0_key(
137 REQUIRE(prsa != NULL);
148 sslshim_RSA_set0_key(
155 REQUIRE(prsa != NULL);
156 if (!((prsa->n || n) && (prsa->e || e)))
159 replace_bn_nn(&prsa->n, n);
160 replace_bn_nn(&prsa->e, e);
161 replace_bn_nn(&prsa->d, d);
167 sslshim_RSA_get0_factors(
173 REQUIRE(prsa != NULL);
182 sslshim_RSA_set0_factors(
188 REQUIRE(prsa != NULL);
189 if (!((prsa->p || p) && (prsa->q || q)))
192 replace_bn_nn(&prsa->p, p);
193 replace_bn_nn(&prsa->q, q);
199 sslshim_RSA_set0_crt_params(
206 REQUIRE(prsa != NULL);
207 if (!((prsa->dmp1 || dmp1) &&
208 (prsa->dmq1 || dmq1) &&
209 (prsa->iqmp || iqmp) ))
212 replace_bn_nn(&prsa->dmp1, dmp1);
213 replace_bn_nn(&prsa->dmq1, dmq1);
214 replace_bn_nn(&prsa->iqmp, iqmp);
219 /* --------------------------------------------------------------------
220 * set/get DSA signature parameters
223 sslshim_DSA_SIG_get0(
224 const DSA_SIG * psig,
229 REQUIRE(psig != NULL);
238 sslshim_DSA_SIG_set0(
244 REQUIRE(psig != NULL);
248 replace_bn_nn(&psig->r, r);
249 replace_bn_nn(&psig->s, s);
254 /* --------------------------------------------------------------------
255 * get/set DSA parameters
258 sslshim_DSA_get0_pqg(
265 REQUIRE(pdsa != NULL);
276 sslshim_DSA_set0_pqg(
283 if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
286 replace_bn_nn(&pdsa->p, p);
287 replace_bn_nn(&pdsa->q, q);
288 replace_bn_nn(&pdsa->g, g);
294 sslshim_DSA_get0_key(
296 const BIGNUM ** ppub_key,
297 const BIGNUM ** ppriv_key
300 REQUIRE(pdsa != NULL);
302 if (ppub_key != NULL)
303 *ppub_key = pdsa->pub_key;
304 if (ppriv_key != NULL)
305 *ppriv_key = pdsa->priv_key;
309 sslshim_DSA_set0_key(
315 REQUIRE(pdsa != NULL);
316 if (!(pdsa->pub_key || pub_key))
319 replace_bn_nn(&pdsa->pub_key, pub_key);
320 replace_bn_nn(&pdsa->priv_key, priv_key);
326 sslshim_X509_get_signature_nid(
330 return OBJ_obj2nid(x->sig_alg->algorithm);
333 /* ----------------------------------------------------------------- */
334 #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
335 /* ----------------------------------------------------------------- */
337 NONEMPTY_TRANSLATION_UNIT
339 /* ----------------------------------------------------------------- */
341 /* ----------------------------------------------------------------- */