freebsd-dev/crypto/openssh/openbsd-compat/openssl-compat.c

/*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
#include "includes.h"

#ifdef WITH_OPENSSL

#include <stdarg.h>
#include <string.h>

#ifdef USE_OPENSSL_ENGINE
# include <openssl/engine.h>
# include <openssl/conf.h>
#endif

#include "log.h"

#include "openssl-compat.h"

/*
 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
 * We match major, minor, fix and status (not patch) for <1.0.0.
 * After that, we acceptable compatible fix versions (so we
 * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
 * within a patch series.
 */

int
ssh_compatible_openssl(long headerver, long libver)
{
	long mask, hfix, lfix;

	/* exact match is always OK */
	if (headerver == libver)
		return 1;

	/* for versions < 1.0.0, major,minor,fix,status must match */
	if (headerver < 0x1000000f) {
		mask = 0xfffff00fL; /* major,minor,fix,status */
		return (headerver & mask) == (libver & mask);
	}

	/*
	 * For versions >= 1.0.0, major,minor,status must match and library
	 * fix version must be equal to or newer than the header.
	 */
	mask = 0xfff0000fL; /* major,minor,status */
	hfix = (headerver & 0x000ff000) >> 12;
	lfix = (libver & 0x000ff000) >> 12;
	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
		return 1;
	return 0;
}

void
ssh_libcrypto_init(void)
{
#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
      defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
      defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
	    OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
#elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
	OpenSSL_add_all_algorithms();
#endif

#ifdef	USE_OPENSSL_ENGINE
	/* Enable use of crypto hardware */
	ENGINE_load_builtin_engines();
	ENGINE_register_all_complete();

	/* Load the libcrypto config file to pick up engines defined there */
# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
	    OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
# else
	OPENSSL_config(NULL);
# endif
#endif /* USE_OPENSSL_ENGINE */
}

#endif /* WITH_OPENSSL */
Vendor import of OpenSSH 4.2p1. 2005-09-03 06:59:33 +00:00			`/*`
			`* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>`
			`*`
			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER`
			`* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING`
			`* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`*/`

Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS`
Vendor import of OpenSSH 4.2p1. 2005-09-03 06:59:33 +00:00			`#include "includes.h"`

Vendor import of OpenSSH 6.8p1. 2015-07-02 13:15:34 +00:00			`#ifdef WITH_OPENSSL`

Vendor import of OpenSSH 5.7p1 2011-02-17 11:47:40 +00:00			`#include <stdarg.h>`
			`#include <string.h>`

Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00			`#ifdef USE_OPENSSL_ENGINE`
			`# include <openssl/engine.h>`
Vendor import of OpenSSH 5.7p1 2011-02-17 11:47:40 +00:00			`# include <openssl/conf.h>`
			`#endif`

			`#include "log.h"`

Vendor import of OpenSSH 4.2p1. 2005-09-03 06:59:33 +00:00			`#include "openssl-compat.h"`

Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`/*`
			`* OpenSSL version numbers: MNNFFPPS: major minor fix patch status`
			`* We match major, minor, fix and status (not patch) for <1.0.0.`
			`* After that, we acceptable compatible fix versions (so we`
			`* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed`
			`* within a patch series.`
			`*/`
Vendor import of OpenSSH 5.7p1 2011-02-17 11:47:40 +00:00
			`int`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`ssh_compatible_openssl(long headerver, long libver)`
Vendor import of OpenSSH 5.7p1 2011-02-17 11:47:40 +00:00			`{`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`long mask, hfix, lfix;`

			`/* exact match is always OK */`
			`if (headerver == libver)`
			`return 1;`

			`/* for versions < 1.0.0, major,minor,fix,status must match */`
			`if (headerver < 0x1000000f) {`
			`mask = 0xfffff00fL; /* major,minor,fix,status */`
			`return (headerver & mask) == (libver & mask);`
			`}`
Vendor import of OpenSSH 7.4p1. 2017-01-31 12:33:47 +00:00
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`/*`
			`* For versions >= 1.0.0, major,minor,status must match and library`
			`* fix version must be equal to or newer than the header.`
			`*/`
			`mask = 0xfff0000fL; /* major,minor,status */`
			`hfix = (headerver & 0x000ff000) >> 12;`
			`lfix = (libver & 0x000ff000) >> 12;`
			`if ( (headerver & mask) == (libver & mask) && lfix >= hfix)`
			`return 1;`
			`return 0;`
Vendor import of OpenSSH 5.7p1 2011-02-17 11:47:40 +00:00			`}`

Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00			`void`
Vendor import of OpenSSH 8.0p1. 2020-02-14 19:47:15 +00:00			`ssh_libcrypto_init(void)`
Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00			`{`
Vendor import of OpenSSH 8.0p1. 2020-02-14 19:47:15 +00:00			`#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \`
			`defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \`
			`defined(OPENSSL_INIT_ADD_ALL_DIGESTS)`
			`OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \|`
			`OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);`
			`#elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)`
Vendor import of OpenSSH 5.9p1 2011-09-28 08:14:41 +00:00			`OpenSSL_add_all_algorithms();`
Vendor import of OpenSSH 8.0p1. 2020-02-14 19:47:15 +00:00			`#endif`
Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00
Vendor import of OpenSSH 8.0p1. 2020-02-14 19:47:15 +00:00			`#ifdef USE_OPENSSL_ENGINE`
Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00			`/* Enable use of crypto hardware */`
			`ENGINE_load_builtin_engines();`
			`ENGINE_register_all_complete();`
Vendor import of OpenSSH 7.9p1. 2019-02-05 15:03:53 +00:00
Vendor import of OpenSSH 8.0p1. 2020-02-14 19:47:15 +00:00			`/* Load the libcrypto config file to pick up engines defined there */`
			`# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)`
Vendor import of OpenSSH 7.9p1. 2019-02-05 15:03:53 +00:00			`OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \|`
			`OPENSSL_INIT_ADD_ALL_DIGESTS \| OPENSSL_INIT_LOAD_CONFIG, NULL);`
Vendor import of OpenSSH 8.0p1. 2020-02-14 19:47:15 +00:00			`# else`
			`OPENSSL_config(NULL);`
			`# endif`
			`#endif /* USE_OPENSSL_ENGINE */`
Vendor import of OpenSSH 4.4p1. 2006-09-30 13:29:51 +00:00			`}`
Vendor import of OpenSSH 6.8p1. 2015-07-02 13:15:34 +00:00
			`#endif /* WITH_OPENSSL */`