1 /*
2 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
13 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
14 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
18 #include "includes.h"
19
20 #ifdef WITH_OPENSSL
21
22 #include <stdarg.h>
23 #include <string.h>
24
25 #ifdef USE_OPENSSL_ENGINE
26 # include <openssl/engine.h>
27 # include <openssl/conf.h>
28 #endif
29
30 #include "log.h"
31
32 #include "openssl-compat.h"
33
34 /*
35 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
36 * Versions >=3 require only major versions to match.
37 * For versions <3, we accept compatible fix versions (so we allow 1.0.1
38 * to work with 1.0.0). Going backwards is only allowed within a patch series.
39 * See https://www.openssl.org/policies/releasestrat.html
40 */
41
42 int
ssh_compatible_openssl(long headerver,long libver)43 ssh_compatible_openssl(long headerver, long libver)
44 {
45 long mask, hfix, lfix;
46
47 /* exact match is always OK */
48 if (headerver == libver)
49 return 1;
50
51 /*
52 * For versions >= 3.0, only the major and status must match.
53 */
54 if (headerver >= 0x3000000f) {
55 mask = 0xf000000fL; /* major,status */
56 return (headerver & mask) == (libver & mask);
57 }
58
59 /*
60 * For versions >= 1.0.0, but <3, major,minor,status must match and
61 * library fix version must be equal to or newer than the header.
62 */
63 mask = 0xfff0000fL; /* major,minor,status */
64 hfix = (headerver & 0x000ff000) >> 12;
65 lfix = (libver & 0x000ff000) >> 12;
66 if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
67 return 1;
68 return 0;
69 }
70
71 void
ssh_libcrypto_init(void)72 ssh_libcrypto_init(void)
73 {
74 #if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
75 defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
76 defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
77 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
78 OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
79 #elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
80 OpenSSL_add_all_algorithms();
81 #endif
82
83 #ifdef USE_OPENSSL_ENGINE
84 /* Enable use of crypto hardware */
85 ENGINE_load_builtin_engines();
86 ENGINE_register_all_complete();
87
88 /* Load the libcrypto config file to pick up engines defined there */
89 # if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
90 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
91 OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
92 # else
93 OPENSSL_config(NULL);
94 # endif
95 #endif /* USE_OPENSSL_ENGINE */
96 }
97
98 #endif /* WITH_OPENSSL */
99