/src/hpn-ssh/openbsd-compat/openssl-compat.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
3 | | * |
4 | | * Permission to use, copy, modify, and distribute this software for any |
5 | | * purpose with or without fee is hereby granted, provided that the above |
6 | | * copyright notice and this permission notice appear in all copies. |
7 | | * |
8 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
9 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
10 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
11 | | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
12 | | * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER |
13 | | * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
14 | | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | | */ |
16 | | |
17 | | #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS |
18 | | #include "includes.h" |
19 | | |
20 | | #ifdef WITH_OPENSSL |
21 | | |
22 | | #include <stdarg.h> |
23 | | #include <string.h> |
24 | | |
25 | | #ifdef USE_OPENSSL_ENGINE |
26 | | # include <openssl/engine.h> |
27 | | # include <openssl/conf.h> |
28 | | #endif |
29 | | |
30 | | #include "log.h" |
31 | | |
32 | | #include "openssl-compat.h" |
33 | | |
34 | | /* |
35 | | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status |
36 | | * Versions >=3 require only major versions to match. |
37 | | * For versions <3, we accept compatible fix versions (so we allow 1.0.1 |
38 | | * to work with 1.0.0). Going backwards is only allowed within a patch series. |
39 | | * See https://www.openssl.org/policies/releasestrat.html |
40 | | */ |
41 | | |
42 | | int |
43 | | ssh_compatible_openssl(long headerver, long libver) |
44 | 1 | { |
45 | 1 | long mask, hfix, lfix; |
46 | | |
47 | | /* exact match is always OK */ |
48 | 1 | if (headerver == libver) |
49 | 1 | return 1; |
50 | | |
51 | | /* |
52 | | * For versions >= 3.0, only the major and status must match. |
53 | | */ |
54 | 0 | if (headerver >= 0x3000000f) { |
55 | 0 | mask = 0xf000000fL; /* major,status */ |
56 | 0 | return (headerver & mask) == (libver & mask); |
57 | 0 | } |
58 | | |
59 | | /* |
60 | | * For versions >= 1.0.0, but <3, major,minor,status must match and |
61 | | * library fix version must be equal to or newer than the header. |
62 | | */ |
63 | 0 | mask = 0xfff0000fL; /* major,minor,status */ |
64 | 0 | hfix = (headerver & 0x000ff000) >> 12; |
65 | 0 | lfix = (libver & 0x000ff000) >> 12; |
66 | 0 | if ( (headerver & mask) == (libver & mask) && lfix >= hfix) |
67 | 0 | return 1; |
68 | 0 | return 0; |
69 | 0 | } |
70 | | |
71 | | void |
72 | | ssh_libcrypto_init(void) |
73 | 1 | { |
74 | | #if defined(HAVE_OPENSSL_INIT_CRYPTO) && \ |
75 | | defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ |
76 | | defined(OPENSSL_INIT_ADD_ALL_DIGESTS) |
77 | | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | |
78 | | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); |
79 | | #elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS) |
80 | | OpenSSL_add_all_algorithms(); |
81 | 1 | #endif |
82 | | |
83 | | #ifdef USE_OPENSSL_ENGINE |
84 | | /* Enable use of crypto hardware */ |
85 | | ENGINE_load_builtin_engines(); |
86 | | ENGINE_register_all_complete(); |
87 | | |
88 | | /* Load the libcrypto config file to pick up engines defined there */ |
89 | | # if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG) |
90 | | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | |
91 | | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); |
92 | | # else |
93 | | OPENSSL_config(NULL); |
94 | | # endif |
95 | | #endif /* USE_OPENSSL_ENGINE */ |
96 | 1 | } |
97 | | |
98 | | #endif /* WITH_OPENSSL */ |