diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:40:04 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:40:04 +0000 |
commit | 25505898530a333011f4fd5cbc841ad6b26c089c (patch) | |
tree | 333a33fdd60930bcccc3f177ed9467d535e9bac6 /openbsd-compat/openssl-compat.c | |
parent | Initial commit. (diff) | |
download | openssh-25505898530a333011f4fd5cbc841ad6b26c089c.tar.xz openssh-25505898530a333011f4fd5cbc841ad6b26c089c.zip |
Adding upstream version 1:9.2p1.upstream/1%9.2p1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'openbsd-compat/openssl-compat.c')
-rw-r--r-- | openbsd-compat/openssl-compat.c | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c new file mode 100644 index 0000000..a37ca61 --- /dev/null +++ b/openbsd-compat/openssl-compat.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include <stdarg.h> +#include <string.h> + +#ifdef USE_OPENSSL_ENGINE +# include <openssl/engine.h> +# include <openssl/conf.h> +#endif + +#include "log.h" + +#include "openssl-compat.h" + +/* + * OpenSSL version numbers: MNNFFPPS: major minor fix patch status + * We match major, minor, fix and status (not patch) for <1.0.0. + * After that, we acceptable compatible fix versions (so we + * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed + * within a patch series. + */ + +int +ssh_compatible_openssl(long headerver, long libver) +{ + long mask, hfix, lfix; + + /* exact match is always OK */ + if (headerver == libver) + return 1; + + /* for versions < 1.0.0, major,minor,fix,status must match */ + if (headerver < 0x1000000f) { + mask = 0xfffff00fL; /* major,minor,fix,status */ + return (headerver & mask) == (libver & mask); + } + + /* + * For versions >= 1.0.0, major,minor,status must match and library + * fix version must be equal to or newer than the header. + */ + mask = 0xfff0000fL; /* major,minor,status */ + hfix = (headerver & 0x000ff000) >> 12; + lfix = (libver & 0x000ff000) >> 12; + if ( (headerver & mask) == (libver & mask) && lfix >= hfix) + return 1; + return 0; +} + +void +ssh_libcrypto_init(void) +{ +#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \ + defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ + defined(OPENSSL_INIT_ADD_ALL_DIGESTS) + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | + OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); +#elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS) + OpenSSL_add_all_algorithms(); +#endif + +#ifdef USE_OPENSSL_ENGINE + /* Enable use of crypto hardware */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + + /* Load the libcrypto config file to pick up engines defined there */ +# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG) + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); +# else + OPENSSL_config(NULL); +# endif +#endif /* USE_OPENSSL_ENGINE */ +} + +#endif /* WITH_OPENSSL */ |