1 files changed, 82 insertions, 0 deletions

diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
new file mode 100644
index 0000000..f6796b3
--- /dev/null
+++ b/openbsd-compat/openssl-compat.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _OPENSSL_COMPAT_H
+#define _OPENSSL_COMPAT_H
+
+#include "includes.h"
+#ifdef WITH_OPENSSL
+
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#ifdef OPENSSL_HAS_ECC
+#include <openssl/ecdsa.h>
+#endif
+#include <openssl/dh.h>
+
+int ssh_compatible_openssl(long, long);
+void ssh_libcrypto_init(void);
+
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+# error OpenSSL 1.1.0 or greater is required
+#endif
+#ifdef LIBRESSL_VERSION_NUMBER
+# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
+#  error LibreSSL 3.1.0 or greater is required
+# endif
+#endif
+
+#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+# define OPENSSL_RSA_MAX_MODULUS_BITS	16384
+#endif
+#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+# define OPENSSL_DSA_MAX_MODULUS_BITS	10000
+#endif
+
+#ifdef LIBRESSL_VERSION_NUMBER
+# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
+#  define HAVE_BROKEN_CHACHA20
+# endif
+#endif
+
+#ifdef OPENSSL_IS_BORINGSSL
+/*
+ * BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with
+ * the entire BN_set_flags() interface.
+ * https://boringssl.googlesource.com/boringssl/+/0a211dfe9
+ */
+# define BN_set_flags(a, b)
+#endif
+
+#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
+# ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
+#  define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
+# else /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
+int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
+    unsigned char *iv, size_t len);
+# endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
+#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
+
+#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
+int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
+    const unsigned char *iv, size_t len);
+#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
+
+#endif /* WITH_OPENSSL */
+#endif /* _OPENSSL_COMPAT_H */