xref: /freebsd/crypto/openssh/openbsd-compat/openssl-compat.c (revision 8ddb146abcdf061be9f2c0db7e391697dafad85c)
1 /*
2  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
13  * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
14  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
18 #include "includes.h"
19 
20 #ifdef WITH_OPENSSL
21 
22 #include <stdarg.h>
23 #include <string.h>
24 
25 #ifdef USE_OPENSSL_ENGINE
26 # include <openssl/engine.h>
27 # include <openssl/conf.h>
28 #endif
29 
30 #include "log.h"
31 
32 #include "openssl-compat.h"
33 
34 /*
35  * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
36  * We match major, minor, fix and status (not patch) for <1.0.0.
37  * After that, we acceptable compatible fix versions (so we
38  * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
39  * within a patch series.
40  */
41 
42 int
43 ssh_compatible_openssl(long headerver, long libver)
44 {
45 	long mask, hfix, lfix;
46 
47 	/* exact match is always OK */
48 	if (headerver == libver)
49 		return 1;
50 
51 	/* for versions < 1.0.0, major,minor,fix,status must match */
52 	if (headerver < 0x1000000f) {
53 		mask = 0xfffff00fL; /* major,minor,fix,status */
54 		return (headerver & mask) == (libver & mask);
55 	}
56 
57 	/*
58 	 * For versions >= 1.0.0, major,minor,status must match and library
59 	 * fix version must be equal to or newer than the header.
60 	 */
61 	mask = 0xfff0000fL; /* major,minor,status */
62 	hfix = (headerver & 0x000ff000) >> 12;
63 	lfix = (libver & 0x000ff000) >> 12;
64 	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
65 		return 1;
66 	return 0;
67 }
68 
69 void
70 ssh_libcrypto_init(void)
71 {
72 #if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
73       defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
74       defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
75 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
76 	    OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
77 #elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
78 	OpenSSL_add_all_algorithms();
79 #endif
80 
81 #ifdef	USE_OPENSSL_ENGINE
82 	/* Enable use of crypto hardware */
83 	ENGINE_load_builtin_engines();
84 	ENGINE_register_all_complete();
85 
86 	/* Load the libcrypto config file to pick up engines defined there */
87 # if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
88 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
89 	    OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
90 # else
91 	OPENSSL_config(NULL);
92 # endif
93 #endif /* USE_OPENSSL_ENGINE */
94 }
95 
96 #endif /* WITH_OPENSSL */
97