xref: /freebsd/crypto/openssh/openbsd-compat/openssl-compat.h (revision 7c1b51d6dc2e165ae7333373513b080f17cf79bd)
1 /*
2  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
13  * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
14  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #ifndef _OPENSSL_COMPAT_H
18 #define _OPENSSL_COMPAT_H
19 
20 #include "includes.h"
21 #ifdef WITH_OPENSSL
22 
23 #include <openssl/opensslv.h>
24 #include <openssl/evp.h>
25 #include <openssl/rsa.h>
26 #include <openssl/dsa.h>
27 
28 int ssh_compatible_openssl(long, long);
29 
30 #if (OPENSSL_VERSION_NUMBER <= 0x0090805fL)
31 # error OpenSSL 0.9.8f or greater is required
32 #endif
33 
34 #if OPENSSL_VERSION_NUMBER < 0x10000001L
35 # define LIBCRYPTO_EVP_INL_TYPE unsigned int
36 #else
37 # define LIBCRYPTO_EVP_INL_TYPE size_t
38 #endif
39 
40 #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
41 # define OPENSSL_RSA_MAX_MODULUS_BITS	16384
42 #endif
43 #ifndef OPENSSL_DSA_MAX_MODULUS_BITS
44 # define OPENSSL_DSA_MAX_MODULUS_BITS	10000
45 #endif
46 
47 #ifndef OPENSSL_HAVE_EVPCTR
48 # define EVP_aes_128_ctr evp_aes_128_ctr
49 # define EVP_aes_192_ctr evp_aes_128_ctr
50 # define EVP_aes_256_ctr evp_aes_128_ctr
51 const EVP_CIPHER *evp_aes_128_ctr(void);
52 void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
53 #endif
54 
55 /* Avoid some #ifdef. Code that uses these is unreachable without GCM */
56 #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED)
57 # define EVP_CTRL_GCM_SET_IV_FIXED -1
58 # define EVP_CTRL_GCM_IV_GEN -1
59 # define EVP_CTRL_GCM_SET_TAG -1
60 # define EVP_CTRL_GCM_GET_TAG -1
61 #endif
62 
63 /* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */
64 #ifndef HAVE_EVP_CIPHER_CTX_CTRL
65 # ifdef OPENSSL_HAVE_EVPGCM
66 #  error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */
67 # else
68 # define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0)
69 # endif
70 #endif
71 
72 #if defined(HAVE_EVP_RIPEMD160)
73 # if defined(OPENSSL_NO_RIPEMD) || defined(OPENSSL_NO_RMD160)
74 #  undef HAVE_EVP_RIPEMD160
75 # endif
76 #endif
77 
78 /*
79  * We overload some of the OpenSSL crypto functions with ssh_* equivalents
80  * to automatically handle OpenSSL engine initialisation.
81  *
82  * In order for the compat library to call the real functions, it must
83  * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
84  * implement the ssh_* equivalents.
85  */
86 #ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS
87 
88 # ifdef USE_OPENSSL_ENGINE
89 #  ifdef OpenSSL_add_all_algorithms
90 #   undef OpenSSL_add_all_algorithms
91 #  endif
92 #  define OpenSSL_add_all_algorithms()  ssh_OpenSSL_add_all_algorithms()
93 # endif
94 
95 void ssh_OpenSSL_add_all_algorithms(void);
96 
97 #endif	/* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
98 
99 #endif /* WITH_OPENSSL */
100 #endif /* _OPENSSL_COMPAT_H */
101