xref: /freebsd/crypto/openssh/openbsd-compat/openssl-compat.h (revision f126890ac5386406dadf7c4cfa9566cbb56537c5)
1 /*
2  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
13  * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
14  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #ifndef _OPENSSL_COMPAT_H
18 #define _OPENSSL_COMPAT_H
19 
20 #include "includes.h"
21 #ifdef WITH_OPENSSL
22 
23 #include <openssl/opensslv.h>
24 #include <openssl/crypto.h>
25 #include <openssl/evp.h>
26 #include <openssl/rsa.h>
27 #include <openssl/dsa.h>
28 #ifdef OPENSSL_HAS_ECC
29 #include <openssl/ecdsa.h>
30 #endif
31 #include <openssl/dh.h>
32 
33 int ssh_compatible_openssl(long, long);
34 void ssh_libcrypto_init(void);
35 
36 #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
37 # error OpenSSL 1.1.0 or greater is required
38 #endif
39 #ifdef LIBRESSL_VERSION_NUMBER
40 # if LIBRESSL_VERSION_NUMBER < 0x3010000fL
41 #  error LibreSSL 3.1.0 or greater is required
42 # endif
43 #endif
44 
45 #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
46 # define OPENSSL_RSA_MAX_MODULUS_BITS	16384
47 #endif
48 #ifndef OPENSSL_DSA_MAX_MODULUS_BITS
49 # define OPENSSL_DSA_MAX_MODULUS_BITS	10000
50 #endif
51 
52 #ifdef LIBRESSL_VERSION_NUMBER
53 # if LIBRESSL_VERSION_NUMBER < 0x3010000fL
54 #  define HAVE_BROKEN_CHACHA20
55 # endif
56 #endif
57 
58 #ifdef OPENSSL_IS_BORINGSSL
59 /*
60  * BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with
61  * the entire BN_set_flags() interface.
62  * https://boringssl.googlesource.com/boringssl/+/0a211dfe9
63  */
64 # define BN_set_flags(a, b)
65 #endif
66 
67 #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
68 # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
69 #  define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
70 # else /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
71 int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
72     unsigned char *iv, size_t len);
73 # endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
74 #endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
75 
76 #ifndef HAVE_EVP_CIPHER_CTX_SET_IV
77 int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
78     const unsigned char *iv, size_t len);
79 #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
80 
81 #endif /* WITH_OPENSSL */
82 #endif /* _OPENSSL_COMPAT_H */
83