Coverage Report

Created: 2025-11-17 06:38

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/openssh/openbsd-compat/openssl-compat.c
Line
Count
Source
1
/*
2
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
3
 *
4
 * Permission to use, copy, modify, and distribute this software for any
5
 * purpose with or without fee is hereby granted, provided that the above
6
 * copyright notice and this permission notice appear in all copies.
7
 *
8
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12
 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
13
 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
14
 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15
 */
16
17
#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
18
#include "includes.h"
19
20
#ifdef WITH_OPENSSL
21
22
#include <stdarg.h>
23
#include <string.h>
24
25
#ifdef USE_OPENSSL_ENGINE
26
# include <openssl/engine.h>
27
# include <openssl/conf.h>
28
#endif
29
30
#include "log.h"
31
32
#include "openssl-compat.h"
33
34
/*
35
 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status.
36
 * See the OpenSSL_version_num(3ssl) man page.
37
 * Versions >=3 require only major versions to match.
38
 * For versions <3, we accept compatible fix versions (so we allow 1.0.1
39
 * to work with 1.0.0). Going backwards is only allowed within a patch series.
40
 * See https://www.openssl.org/policies/releasestrat.html
41
 */
42
43
int
44
ssh_compatible_openssl(long headerver, long libver)
45
1
{
46
1
  long mask, hfix, lfix;
47
48
  /* exact match is always OK */
49
1
  if (headerver == libver)
50
1
    return 1;
51
52
  /*
53
   * For versions >= 3.0, only the major must match.
54
   */
55
0
  if (headerver >= 0x30000000) {
56
0
    mask = 0xf0000000L; /* major only */
57
0
    return (headerver & mask) == (libver & mask);
58
0
  }
59
60
  /*
61
   * For versions >= 1.0.0, but <3, major,minor,status must match and
62
   * library fix version must be equal to or newer than the header.
63
   */
64
0
  mask = 0xfff0000fL; /* major,minor,status */
65
0
  hfix = (headerver & 0x000ff000) >> 12;
66
0
  lfix = (libver & 0x000ff000) >> 12;
67
0
  if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
68
0
    return 1;
69
0
  return 0;
70
0
}
71
72
int
73
ssh_libcrypto_init(void)
74
1
{
75
1
  uint64_t opts = OPENSSL_INIT_ADD_ALL_CIPHERS |
76
1
      OPENSSL_INIT_ADD_ALL_DIGESTS;
77
78
#ifdef  USE_OPENSSL_ENGINE
79
  /* Enable use of crypto hardware */
80
  ENGINE_load_builtin_engines();
81
  ENGINE_register_all_complete();
82
83
  /* Tell libcrypto config file to pick up engines defined there */
84
  opts |= OPENSSL_INIT_LOAD_CONFIG;
85
#endif /* USE_OPENSSL_ENGINE */
86
87
  return OPENSSL_init_crypto(opts, NULL);
88
1
}
89
90
#ifndef HAVE_EVP_DIGESTSIGN
91
int
92
EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
93
    const unsigned char *tbs, size_t tbslen)
94
{
95
  if (sigret != NULL) {
96
    if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
97
      return 0;
98
  }
99
100
  return EVP_DigestSignFinal(ctx, sigret, siglen);
101
}
102
#endif
103
104
#ifndef HAVE_EVP_DIGESTVERIFY
105
int
106
EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
107
    const unsigned char *tbs, size_t tbslen)
108
{
109
  if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
110
    return -1;
111
112
  return EVP_DigestVerifyFinal(ctx, sigret, siglen);
113
}
114
#endif
115
116
#endif /* WITH_OPENSSL */