2 * libssl_compat.c -- OpenSSL v1.1 compatibility functions
4 * ---------------------------------------------------------------------
5 * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
7 * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
9 * ---------------------------------------------------------------------
10 * This is a clean room implementation of shim functions that have
11 * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
12 * while OpenSSL broke binary compatibility with v1.1, this shim module
13 * should provide the necessary source code compatibility with older
14 * versions of OpenSSL.
15 * ---------------------------------------------------------------------
20 #include <openssl/bn.h>
21 #include <openssl/evp.h>
23 #include "ntp_types.h"
25 /* ----------------------------------------------------------------- */
26 #if OPENSSL_VERSION_NUMBER < 0x10100000L
27 /* ----------------------------------------------------------------- */
29 #include "libssl_compat.h"
30 #include "ntp_assert.h"
32 /* --------------------------------------------------------------------
33 * replace a BIGNUM owned by the caller with another one if it's not
34 * NULL, taking over the ownership of the new value. This clears & frees
35 * the old value -- the clear might be overkill, but it's better to err
36 * on the side of paranoia here.
51 /* --------------------------------------------------------------------
52 * allocation and deallocation of prime number callbacks
55 sslshimBN_GENCB_new(void)
57 return calloc(1,sizeof(BN_GENCB));
68 /* --------------------------------------------------------------------
69 * allocation and deallocation of message digests
72 sslshim_EVP_MD_CTX_new(void)
74 return calloc(1, sizeof(EVP_MD_CTX));
78 sslshim_EVP_MD_CTX_free(
85 /* --------------------------------------------------------------------
86 * get EVP keys and key type
93 return (pkey) ? pkey->type : EVP_PKEY_NONE;
97 sslshim_EVP_PKEY_base_id(
101 return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
105 sslshim_EVP_PKEY_get0_RSA(
109 return (pkey) ? pkey->pkey.rsa : NULL;
113 sslshim_EVP_PKEY_get0_DSA(
117 return (pkey) ? pkey->pkey.dsa : NULL;
120 /* --------------------------------------------------------------------
124 sslshim_RSA_get0_key(
131 REQUIRE(prsa != NULL);
142 sslshim_RSA_set0_key(
149 REQUIRE(prsa != NULL);
150 if (!((prsa->n || n) && (prsa->e || e)))
153 replace_bn_nn(&prsa->n, n);
154 replace_bn_nn(&prsa->e, e);
155 replace_bn_nn(&prsa->d, d);
161 sslshim_RSA_get0_factors(
167 REQUIRE(prsa != NULL);
176 sslshim_RSA_set0_factors(
182 REQUIRE(prsa != NULL);
183 if (!((prsa->p || p) && (prsa->q || q)))
186 replace_bn_nn(&prsa->p, p);
187 replace_bn_nn(&prsa->q, q);
193 sslshim_RSA_set0_crt_params(
200 REQUIRE(prsa != NULL);
201 if (!((prsa->dmp1 || dmp1) &&
202 (prsa->dmq1 || dmq1) &&
203 (prsa->iqmp || iqmp) ))
206 replace_bn_nn(&prsa->dmp1, dmp1);
207 replace_bn_nn(&prsa->dmq1, dmq1);
208 replace_bn_nn(&prsa->iqmp, iqmp);
213 /* --------------------------------------------------------------------
214 * set/get DSA signature parameters
217 sslshim_DSA_SIG_get0(
218 const DSA_SIG * psig,
223 REQUIRE(psig != NULL);
232 sslshim_DSA_SIG_set0(
238 REQUIRE(psig != NULL);
242 replace_bn_nn(&psig->r, r);
243 replace_bn_nn(&psig->s, s);
248 /* --------------------------------------------------------------------
249 * get/set DSA parameters
252 sslshim_DSA_get0_pqg(
259 REQUIRE(pdsa != NULL);
270 sslshim_DSA_set0_pqg(
277 if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
280 replace_bn_nn(&pdsa->p, p);
281 replace_bn_nn(&pdsa->q, q);
282 replace_bn_nn(&pdsa->g, g);
288 sslshim_DSA_get0_key(
290 const BIGNUM ** ppub_key,
291 const BIGNUM ** ppriv_key
294 REQUIRE(pdsa != NULL);
296 if (ppub_key != NULL)
297 *ppub_key = pdsa->pub_key;
298 if (ppriv_key != NULL)
299 *ppriv_key = pdsa->priv_key;
303 sslshim_DSA_set0_key(
309 REQUIRE(pdsa != NULL);
310 if (!(pdsa->pub_key || pub_key))
313 replace_bn_nn(&pdsa->pub_key, pub_key);
314 replace_bn_nn(&pdsa->priv_key, priv_key);
320 sslshim_X509_get_signature_nid(
324 return OBJ_obj2nid(x->sig_alg->algorithm);
327 /* ----------------------------------------------------------------- */
328 #else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */
329 /* ----------------------------------------------------------------- */
331 NONEMPTY_TRANSLATION_UNIT
333 /* ----------------------------------------------------------------- */
335 /* ----------------------------------------------------------------- */