/src/openssh/openbsd-compat/openssl-compat.c

Source
/*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
#include "includes.h"

#ifdef WITH_OPENSSL

#include <stdarg.h>
#include <string.h>

#ifdef USE_OPENSSL_ENGINE
# include <openssl/engine.h>
# include <openssl/conf.h>
#endif

#include "log.h"

#include "openssl-compat.h"

/*
 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status.
 * See the OpenSSL_version_num(3ssl) man page.
 * Versions >=3 require only major versions to match.
 * For versions <3, we accept compatible fix versions (so we allow 1.0.1
 * to work with 1.0.0). Going backwards is only allowed within a patch series.
 * See https://www.openssl.org/policies/releasestrat.html
 */

int
ssh_compatible_openssl(long headerver, long libver)
{
  long mask, hfix, lfix;

  /* exact match is always OK */
  if (headerver == libver)
    return 1;

  /*
   * For versions >= 3.0, only the major must match.
   */
  if (headerver >= 0x30000000) {
    mask = 0xf0000000L; /* major only */
    return (headerver & mask) == (libver & mask);
  }

  /*
   * For versions >= 1.0.0, but <3, major,minor,status must match and
   * library fix version must be equal to or newer than the header.
   */
  mask = 0xfff0000fL; /* major,minor,status */
  hfix = (headerver & 0x000ff000) >> 12;
  lfix = (libver & 0x000ff000) >> 12;
  if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
    return 1;
  return 0;
}

void
ssh_libcrypto_init(void)
{
#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
      defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
      defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
  OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
      OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
#elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
  OpenSSL_add_all_algorithms();
#endif

#ifdef  USE_OPENSSL_ENGINE
  /* Enable use of crypto hardware */
  ENGINE_load_builtin_engines();
  ENGINE_register_all_complete();

  /* Load the libcrypto config file to pick up engines defined there */
# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
  OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
      OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
# else
  OPENSSL_config(NULL);
# endif
#endif /* USE_OPENSSL_ENGINE */
}

#ifndef HAVE_EVP_DIGESTSIGN
int
EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
    const unsigned char *tbs, size_t tbslen)
{
  if (sigret != NULL) {
    if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
      return 0;
  }

  return EVP_DigestSignFinal(ctx, sigret, siglen);
}
#endif

#ifndef HAVE_EVP_DIGESTVERIFY
int
EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
    const unsigned char *tbs, size_t tbslen)
{
  if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
    return -1;

  return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}
#endif

#endif /* WITH_OPENSSL */

Line	Count	Source
1		/*
2		* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
3		*
4		* Permission to use, copy, modify, and distribute this software for any
5		* purpose with or without fee is hereby granted, provided that the above
6		* copyright notice and this permission notice appear in all copies.
7		*
8		* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9		* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10		* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11		* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12		* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
13		* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
14		* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15		*/
16
17		#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
18		#include "includes.h"
19
20		#ifdef WITH_OPENSSL
21
22		#include <stdarg.h>
23		#include <string.h>
24
25		#ifdef USE_OPENSSL_ENGINE
26		# include <openssl/engine.h>
27		# include <openssl/conf.h>
28		#endif
29
30		#include "log.h"
31
32		#include "openssl-compat.h"
33
34		/*
35		* OpenSSL version numbers: MNNFFPPS: major minor fix patch status.
36		* See the OpenSSL_version_num(3ssl) man page.
37		* Versions >=3 require only major versions to match.
38		* For versions <3, we accept compatible fix versions (so we allow 1.0.1
39		* to work with 1.0.0). Going backwards is only allowed within a patch series.
40		* See https://www.openssl.org/policies/releasestrat.html
41		*/
42
43		int
44		ssh_compatible_openssl(long headerver, long libver)
45	1	{
46	1	long mask, hfix, lfix;
47
48		/* exact match is always OK */
49	1	if (headerver == libver)
50	1	return 1;
51
52		/*
53		* For versions >= 3.0, only the major must match.
54		*/
55	0	if (headerver >= 0x30000000) {
56	0	mask = 0xf0000000L; /* major only */
57	0	return (headerver & mask) == (libver & mask);
58	0	}
59
60		/*
61		* For versions >= 1.0.0, but <3, major,minor,status must match and
62		* library fix version must be equal to or newer than the header.
63		*/
64	0	mask = 0xfff0000fL; /* major,minor,status */
65	0	hfix = (headerver & 0x000ff000) >> 12;
66	0	lfix = (libver & 0x000ff000) >> 12;
67	0	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
68	0	return 1;
69	0	return 0;
70	0	}
71
72		void
73		ssh_libcrypto_init(void)
74	1	{
75		#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
76		defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
77		defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
78		OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \|
79		OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
80		#elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
81	1	OpenSSL_add_all_algorithms();
82	1	#endif
83
84		#ifdef USE_OPENSSL_ENGINE
85		/* Enable use of crypto hardware */
86		ENGINE_load_builtin_engines();
87		ENGINE_register_all_complete();
88
89		/* Load the libcrypto config file to pick up engines defined there */
90		# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
91		OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \|
92		OPENSSL_INIT_ADD_ALL_DIGESTS \| OPENSSL_INIT_LOAD_CONFIG, NULL);
93		# else
94		OPENSSL_config(NULL);
95		# endif
96		#endif /* USE_OPENSSL_ENGINE */
97	1	}
98
99		#ifndef HAVE_EVP_DIGESTSIGN
100		int
101		EVP_DigestSign(EVP_MD_CTX ctx, unsigned char sigret, size_t *siglen,
102		const unsigned char *tbs, size_t tbslen)
103		{
104		if (sigret != NULL) {
105		if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
106		return 0;
107		}
108
109		return EVP_DigestSignFinal(ctx, sigret, siglen);
110		}
111		#endif
112
113		#ifndef HAVE_EVP_DIGESTVERIFY
114		int
115		EVP_DigestVerify(EVP_MD_CTX ctx, const unsigned char sigret, size_t siglen,
116		const unsigned char *tbs, size_t tbslen)
117		{
118		if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
119		return -1;
120
121		return EVP_DigestVerifyFinal(ctx, sigret, siglen);
122		}
123		#endif
124
125		#endif /* WITH_OPENSSL */

Coverage Report

Created: 2025-10-13 06:57