From 570e4ab90f4cd78ac7fef92fbb56aab29321dc2c Mon Sep 17 00:00:00 2001 From: delphij Date: Thu, 22 Dec 2016 16:19:05 +0000 Subject: Fix multiple vulnerabilities of ntp. Approved by: so --- contrib/ntp/include/libssl_compat.h | 100 ++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 contrib/ntp/include/libssl_compat.h (limited to 'contrib/ntp/include/libssl_compat.h') diff --git a/contrib/ntp/include/libssl_compat.h b/contrib/ntp/include/libssl_compat.h new file mode 100644 index 0000000..a8938a1 --- /dev/null +++ b/contrib/ntp/include/libssl_compat.h @@ -0,0 +1,100 @@ +/* + * libssl_compat.h -- OpenSSL v1.1 compatibility shims + * + * --------------------------------------------------------------------- + * + * Written by Juergen Perlinger for the NTP project + * + * Based on an idea by Kurt Roeckx + * + * --------------------------------------------------------------------- + * This is a clean room implementation of shim functions that have + * counterparts in the OpenSSL v1.1 API but not in earlier versions. + * + * If the OpenSSL version used for compilation needs the shims (that is, + * does not provide the new functions) the names of these functions are + * redirected to our shims. + * --------------------------------------------------------------------- + */ + +#ifndef NTP_LIBSSL_COMPAT_H +#define NTP_LIBSSL_COMPAT_H + +#include "openssl/evp.h" +#include "openssl/dsa.h" +#include "openssl/rsa.h" + +/* ----------------------------------------------------------------- */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +/* ----------------------------------------------------------------- */ + +# include +# include + +/* shim the new-style API on an old-style OpenSSL */ + +extern BN_GENCB* sslshimBN_GENCB_new(void); +extern void sslshimBN_GENCB_free(BN_GENCB*); + +extern EVP_MD_CTX* sslshim_EVP_MD_CTX_new(void); +extern void sslshim_EVP_MD_CTX_free(EVP_MD_CTX *ctx); + +extern int sslshim_EVP_PKEY_id(const EVP_PKEY * pkey); +extern int sslshim_EVP_PKEY_base_id(const EVP_PKEY * pkey); +extern RSA* sslshim_EVP_PKEY_get0_RSA(EVP_PKEY * pkey); +extern DSA* sslshim_EVP_PKEY_get0_DSA(EVP_PKEY * pkey); + +extern void sslshim_RSA_get0_key(const RSA *prsa, const BIGNUM **pn, + const BIGNUM **pe, const BIGNUM **pd); +extern int sslshim_RSA_set0_key(RSA *prsa, BIGNUM *n, + BIGNUM *e, BIGNUM *d); +extern void sslshim_RSA_get0_factors(const RSA *prsa, const BIGNUM **pp, + const BIGNUM **pq); +extern int sslshim_RSA_set0_factors(RSA *prsar, BIGNUM *p, BIGNUM *q); +extern int sslshim_RSA_set0_crt_params(RSA *prsa, BIGNUM *dmp1, + BIGNUM *dmq1, BIGNUM *iqmp); + +extern void sslshim_DSA_SIG_get0(const DSA_SIG *psig, const BIGNUM **pr, + const BIGNUM **ps); +extern int sslshim_DSA_SIG_set0(DSA_SIG *psig, BIGNUM *r, BIGNUM *s); +extern void sslshim_DSA_get0_pqg(const DSA *pdsa, const BIGNUM **pp, + const BIGNUM **pq, const BIGNUM **pg); +extern int sslshim_DSA_set0_pqg(DSA *pdsa, BIGNUM *p, BIGNUM *q, BIGNUM *g); +extern void sslshim_DSA_get0_key(const DSA *pdsa, const BIGNUM **ppub_key, + const BIGNUM **ppriv_key); +extern int sslshim_DSA_set0_key(DSA *pdsa, BIGNUM *pub_key, + BIGNUM *priv_key); + +extern int sslshim_X509_get_signature_nid(const X509 *x); + +#define BN_GENCB_new sslshimBN_GENCB_new +#define BN_GENCB_free sslshimBN_GENCB_free + +#define EVP_MD_CTX_new sslshim_EVP_MD_CTX_new +#define EVP_MD_CTX_free sslshim_EVP_MD_CTX_free + +#define EVP_PKEY_id sslshim_EVP_PKEY_id +#define EVP_PKEY_base_id sslshim_EVP_PKEY_base_id +#define EVP_PKEY_get0_RSA sslshim_EVP_PKEY_get0_RSA +#define EVP_PKEY_get0_DSA sslshim_EVP_PKEY_get0_DSA + +#define RSA_get0_key sslshim_RSA_get0_key +#define RSA_set0_key sslshim_RSA_set0_key +#define RSA_get0_factors sslshim_RSA_get0_factors +#define RSA_set0_factors sslshim_RSA_set0_factors +#define RSA_set0_crt_params sslshim_RSA_set0_crt_params + +#define DSA_SIG_get0 sslshim_DSA_SIG_get0 +#define DSA_SIG_set0 sslshim_DSA_SIG_set0 +#define DSA_get0_pqg sslshim_DSA_get0_pqg +#define DSA_set0_pqg sslshim_DSA_set0_pqg +#define DSA_get0_key sslshim_DSA_get0_key +#define DSA_set0_key sslshim_DSA_set0_key + +#define X509_get_signature_nid sslshim_X509_get_signature_nid + +/* ----------------------------------------------------------------- */ +#endif /* OPENSSL_VERSION_NUMBER < v1.1.0 */ +/* ----------------------------------------------------------------- */ + +#endif /* NTP_LIBSSL_COMPAT_H */ -- cgit v1.1