summaryrefslogtreecommitdiffstats
path: root/openbsd-compat/openssl-compat.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:26:58 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:26:58 +0000
commit999ae6be3243c7b4a815247199447b53c39a3d65 (patch)
tree1f35b42b5e5f462d35ba452e4dcfa188ce0543fd /openbsd-compat/openssl-compat.c
parentInitial commit. (diff)
downloadopenssh-upstream.tar.xz
openssh-upstream.zip
Adding upstream version 1:7.9p1.upstream/1%7.9p1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'openbsd-compat/openssl-compat.c')
-rw-r--r--openbsd-compat/openssl-compat.c88
1 files changed, 88 insertions, 0 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
new file mode 100644
index 0000000..8b4a362
--- /dev/null
+++ b/openbsd-compat/openssl-compat.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
+#include "includes.h"
+
+#ifdef WITH_OPENSSL
+
+#include <stdarg.h>
+#include <string.h>
+
+#ifdef USE_OPENSSL_ENGINE
+# include <openssl/engine.h>
+# include <openssl/conf.h>
+#endif
+
+#include "log.h"
+
+#include "openssl-compat.h"
+
+/*
+ * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+ * We match major, minor, fix and status (not patch) for <1.0.0.
+ * After that, we acceptable compatible fix versions (so we
+ * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
+ * within a patch series.
+ */
+
+int
+ssh_compatible_openssl(long headerver, long libver)
+{
+ long mask, hfix, lfix;
+
+ /* exact match is always OK */
+ if (headerver == libver)
+ return 1;
+
+ /* for versions < 1.0.0, major,minor,fix,status must match */
+ if (headerver < 0x1000000f) {
+ mask = 0xfffff00fL; /* major,minor,fix,status */
+ return (headerver & mask) == (libver & mask);
+ }
+
+ /*
+ * For versions >= 1.0.0, major,minor,status must match and library
+ * fix version must be equal to or newer than the header.
+ */
+ mask = 0xfff0000fL; /* major,minor,status */
+ hfix = (headerver & 0x000ff000) >> 12;
+ lfix = (libver & 0x000ff000) >> 12;
+ if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
+ return 1;
+ return 0;
+}
+
+#ifdef USE_OPENSSL_ENGINE
+void
+ssh_OpenSSL_add_all_algorithms(void)
+{
+ OpenSSL_add_all_algorithms();
+
+ /* Enable use of crypto hardware */
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
+ OPENSSL_config(NULL);
+#else
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
+ OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+}
+#endif
+
+#endif /* WITH_OPENSSL */