xref: /freebsd/crypto/openssh/openbsd-compat/openssl-compat.c (revision 193d9e768ba63fcfb187cfd17f461f7d41345048) 
1 /* $Id: openssl-compat.c,v 1.19 2014/07/02 05:28:07 djm Exp $ */
2 
3 /*
4  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
15  * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
16  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
20 #include "includes.h"
21 
22 #ifdef WITH_OPENSSL
23 
24 #include <stdarg.h>
25 #include <string.h>
26 
27 #ifdef USE_OPENSSL_ENGINE
28 # include <openssl/engine.h>
29 # include <openssl/conf.h>
30 #endif
31 
32 #include "log.h"
33 
34 #include "openssl-compat.h"
35 
36 /*
37  * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
38  * We match major, minor, fix and status (not patch) for <1.0.0.
39  * After that, we acceptable compatible fix versions (so we
40  * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
41  * within a patch series.
42  */
43 
44 int
45 ssh_compatible_openssl(long headerver, long libver)
46 {
47 	long mask, hfix, lfix;
48 
49 	/* exact match is always OK */
50 	if (headerver == libver)
51 		return 1;
52 
53 	/* for versions < 1.0.0, major,minor,fix,status must match */
54 	if (headerver < 0x1000000f) {
55 		mask = 0xfffff00fL; /* major,minor,fix,status */
56 		return (headerver & mask) == (libver & mask);
57 	}
58 
59 	/*
60 	 * For versions >= 1.0.0, major,minor,status must match and library
61 	 * fix version must be equal to or newer than the header.
62 	 */
63 	mask = 0xfff0000fL; /* major,minor,status */
64 	hfix = (headerver & 0x000ff000) >> 12;
65 	lfix = (libver & 0x000ff000) >> 12;
66 	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
67 		return 1;
68 	return 0;
69 }
70 
71 #ifdef	USE_OPENSSL_ENGINE
72 void
73 ssh_OpenSSL_add_all_algorithms(void)
74 {
75 	OpenSSL_add_all_algorithms();
76 
77 	/* Enable use of crypto hardware */
78 	ENGINE_load_builtin_engines();
79 	ENGINE_register_all_complete();
80 	OPENSSL_config(NULL);
81 }
82 #endif
83 
84 #endif /* WITH_OPENSSL */
85