diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:49:46 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:49:46 +0000 |
| commit | 0b6b94e6b6152f15cf4c2247c5974f539aae28cd (patch) | |
| tree | a7698198a1f527ede17a929af46e456e03d50600 /openbsd-compat/openssl-compat.h | |
| parent | Initial commit. (diff) | |
| download | openssh-0b6b94e6b6152f15cf4c2247c5974f539aae28cd.tar.xz openssh-0b6b94e6b6152f15cf4c2247c5974f539aae28cd.zip | |
Adding upstream version 1:9.6p1.upstream/1%9.6p1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'openbsd-compat/openssl-compat.h')
| -rw-r--r-- | openbsd-compat/openssl-compat.h | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h new file mode 100644 index 0000000..f6796b3 --- /dev/null +++ b/openbsd-compat/openssl-compat.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _OPENSSL_COMPAT_H +#define _OPENSSL_COMPAT_H + +#include "includes.h" +#ifdef WITH_OPENSSL + +#include <openssl/opensslv.h> +#include <openssl/crypto.h> +#include <openssl/evp.h> +#include <openssl/rsa.h> +#include <openssl/dsa.h> +#ifdef OPENSSL_HAS_ECC +#include <openssl/ecdsa.h> +#endif +#include <openssl/dh.h> + +int ssh_compatible_openssl(long, long); +void ssh_libcrypto_init(void); + +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +# error OpenSSL 1.1.0 or greater is required +#endif +#ifdef LIBRESSL_VERSION_NUMBER +# if LIBRESSL_VERSION_NUMBER < 0x3010000fL +# error LibreSSL 3.1.0 or greater is required +# endif +#endif + +#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +#endif +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif + +#ifdef LIBRESSL_VERSION_NUMBER +# if LIBRESSL_VERSION_NUMBER < 0x3010000fL +# define HAVE_BROKEN_CHACHA20 +# endif +#endif + +#ifdef OPENSSL_IS_BORINGSSL +/* + * BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with + * the entire BN_set_flags() interface. + * https://boringssl.googlesource.com/boringssl/+/0a211dfe9 + */ +# define BN_set_flags(a, b) +#endif + +#ifndef HAVE_EVP_CIPHER_CTX_GET_IV +# ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV +# define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv +# else /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */ +int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, + unsigned char *iv, size_t len); +# endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */ +#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ + +#ifndef HAVE_EVP_CIPHER_CTX_SET_IV +int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, + const unsigned char *iv, size_t len); +#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ + +#endif /* WITH_OPENSSL */ +#endif /* _OPENSSL_COMPAT_H */ |