xref: /freebsd/crypto/openssh/openbsd-compat/openssl-compat.c (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1 /*
2  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
13  * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
14  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
18 #include "includes.h"
19 
20 #ifdef WITH_OPENSSL
21 
22 #include <stdarg.h>
23 #include <string.h>
24 
25 #ifdef USE_OPENSSL_ENGINE
26 # include <openssl/engine.h>
27 # include <openssl/conf.h>
28 #endif
29 
30 #include "log.h"
31 
32 #include "openssl-compat.h"
33 
34 /*
35  * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
36  * Versions >=3 require only major versions to match.
37  * For versions <3, we accept compatible fix versions (so we allow 1.0.1
38  * to work with 1.0.0). Going backwards is only allowed within a patch series.
39  * See https://www.openssl.org/policies/releasestrat.html
40  */
41 
42 int
43 ssh_compatible_openssl(long headerver, long libver)
44 {
45 	long mask, hfix, lfix;
46 
47 	/* exact match is always OK */
48 	if (headerver == libver)
49 		return 1;
50 
51 	/*
52 	 * For versions >= 3.0, only the major and status must match.
53 	 */
54 	if (headerver >= 0x3000000f) {
55 		mask = 0xf000000fL; /* major,status */
56 		return (headerver & mask) == (libver & mask);
57 	}
58 
59 	/*
60 	 * For versions >= 1.0.0, but <3, major,minor,status must match and
61 	 * library fix version must be equal to or newer than the header.
62 	 */
63 	mask = 0xfff0000fL; /* major,minor,status */
64 	hfix = (headerver & 0x000ff000) >> 12;
65 	lfix = (libver & 0x000ff000) >> 12;
66 	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
67 		return 1;
68 	return 0;
69 }
70 
71 void
72 ssh_libcrypto_init(void)
73 {
74 #if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
75       defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
76       defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
77 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
78 	    OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
79 #elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
80 	OpenSSL_add_all_algorithms();
81 #endif
82 
83 #ifdef	USE_OPENSSL_ENGINE
84 	/* Enable use of crypto hardware */
85 	ENGINE_load_builtin_engines();
86 	ENGINE_register_all_complete();
87 
88 	/* Load the libcrypto config file to pick up engines defined there */
89 # if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
90 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
91 	    OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
92 # else
93 	OPENSSL_config(NULL);
94 # endif
95 #endif /* USE_OPENSSL_ENGINE */
96 }
97 
98 #endif /* WITH_OPENSSL */
99