2 * libssl_compat.c -- OpenSSL v1.1 compatibility functions
4 * ---------------------------------------------------------------------
5 * Written by Juergen Perlinger <perlinger@ntp.org> for the NTP project
7 * Based on an idea by Kurt Roeckx <kurt@roeckx.be>
9 * ---------------------------------------------------------------------
10 * This is a clean room implementation of shim functions that have
11 * counterparts in the OpenSSL v1.1 API but not in earlier versions. So
12 * while OpenSSL broke binary compatibility with v1.1, this shim module
13 * should provide the necessary source code compatibility with older
14 * versions of OpenSSL.
15 * ---------------------------------------------------------------------
18 #include "ntp_types.h"
20 /* ----------------------------------------------------------------- */
23 # include <openssl/bn.h>
24 # include <openssl/evp.h>
26 /* ----------------------------------------------------------------- */
28 /* ----------------------------------------------------------------- */
29 #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
30 /* ----------------------------------------------------------------- */
32 #include "libssl_compat.h"
33 #include "ntp_assert.h"
35 /* --------------------------------------------------------------------
36 * replace a BIGNUM owned by the caller with another one if it's not
37 * NULL, taking over the ownership of the new value. This clears & frees
38 * the old value -- the clear might be overkill, but it's better to err
39 * on the side of paranoia here.
54 /* --------------------------------------------------------------------
55 * allocation and deallocation of prime number callbacks
58 sslshimBN_GENCB_new(void)
60 return calloc(1,sizeof(BN_GENCB));
71 /* --------------------------------------------------------------------
72 * allocation and deallocation of message digests
75 sslshim_EVP_MD_CTX_new(void)
77 return calloc(1, sizeof(EVP_MD_CTX));
81 sslshim_EVP_MD_CTX_free(
88 /* --------------------------------------------------------------------
89 * get EVP keys and key type
96 return (pkey) ? pkey->type : EVP_PKEY_NONE;
100 sslshim_EVP_PKEY_base_id(
104 return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
108 sslshim_EVP_PKEY_get0_RSA(
112 return (pkey) ? pkey->pkey.rsa : NULL;
116 sslshim_EVP_PKEY_get0_DSA(
120 return (pkey) ? pkey->pkey.dsa : NULL;
123 /* --------------------------------------------------------------------
127 sslshim_RSA_get0_key(
134 REQUIRE(prsa != NULL);
145 sslshim_RSA_set0_key(
152 REQUIRE(prsa != NULL);
153 if (!((prsa->n || n) && (prsa->e || e)))
156 replace_bn_nn(&prsa->n, n);
157 replace_bn_nn(&prsa->e, e);
158 replace_bn_nn(&prsa->d, d);
164 sslshim_RSA_get0_factors(
170 REQUIRE(prsa != NULL);
179 sslshim_RSA_set0_factors(
185 REQUIRE(prsa != NULL);
186 if (!((prsa->p || p) && (prsa->q || q)))
189 replace_bn_nn(&prsa->p, p);
190 replace_bn_nn(&prsa->q, q);
196 sslshim_RSA_set0_crt_params(
203 REQUIRE(prsa != NULL);
204 if (!((prsa->dmp1 || dmp1) &&
205 (prsa->dmq1 || dmq1) &&
206 (prsa->iqmp || iqmp) ))
209 replace_bn_nn(&prsa->dmp1, dmp1);
210 replace_bn_nn(&prsa->dmq1, dmq1);
211 replace_bn_nn(&prsa->iqmp, iqmp);
216 /* --------------------------------------------------------------------
217 * set/get DSA signature parameters
220 sslshim_DSA_SIG_get0(
221 const DSA_SIG * psig,
226 REQUIRE(psig != NULL);
235 sslshim_DSA_SIG_set0(
241 REQUIRE(psig != NULL);
245 replace_bn_nn(&psig->r, r);
246 replace_bn_nn(&psig->s, s);
251 /* --------------------------------------------------------------------
252 * get/set DSA parameters
255 sslshim_DSA_get0_pqg(
262 REQUIRE(pdsa != NULL);
273 sslshim_DSA_set0_pqg(
280 if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g)))
283 replace_bn_nn(&pdsa->p, p);
284 replace_bn_nn(&pdsa->q, q);
285 replace_bn_nn(&pdsa->g, g);
291 sslshim_DSA_get0_key(
293 const BIGNUM ** ppub_key,
294 const BIGNUM ** ppriv_key
297 REQUIRE(pdsa != NULL);
299 if (ppub_key != NULL)
300 *ppub_key = pdsa->pub_key;
301 if (ppriv_key != NULL)
302 *ppriv_key = pdsa->priv_key;
306 sslshim_DSA_set0_key(
312 REQUIRE(pdsa != NULL);
313 if (!(pdsa->pub_key || pub_key))
316 replace_bn_nn(&pdsa->pub_key, pub_key);
317 replace_bn_nn(&pdsa->priv_key, priv_key);
323 sslshim_X509_get_signature_nid(
327 return OBJ_obj2nid(x->sig_alg->algorithm);
330 /* ----------------------------------------------------------------- */
331 #else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
332 /* ----------------------------------------------------------------- */
334 NONEMPTY_TRANSLATION_UNIT
336 /* ----------------------------------------------------------------- */
338 /* ----------------------------------------------------------------- */