Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 1 | /* $Id: openssl-compat.c,v 1.19 2014/07/02 05:28:07 djm Exp $ */ |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 2 | |
| 3 | /* |
| 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
| 5 | * |
| 6 | * Permission to use, copy, modify, and distribute this software for any |
| 7 | * purpose with or without fee is hereby granted, provided that the above |
| 8 | * copyright notice and this permission notice appear in all copies. |
| 9 | * |
| 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 14 | * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER |
| 15 | * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
| 16 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 17 | */ |
| 18 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 19 | #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 20 | #include "includes.h" |
| 21 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 22 | #ifdef WITH_OPENSSL |
| 23 | |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 24 | #include <stdarg.h> |
| 25 | #include <string.h> |
| 26 | |
| 27 | #ifdef USE_OPENSSL_ENGINE |
| 28 | # include <openssl/engine.h> |
| 29 | # include <openssl/conf.h> |
| 30 | #endif |
| 31 | |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 32 | #include "log.h" |
| 33 | |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 34 | #include "openssl-compat.h" |
| 35 | |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 36 | /* |
| 37 | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status |
| 38 | * We match major, minor, fix and status (not patch) for <1.0.0. |
| 39 | * After that, we acceptable compatible fix versions (so we |
| 40 | * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed |
| 41 | * within a patch series. |
| 42 | */ |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 43 | |
| 44 | int |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 45 | ssh_compatible_openssl(long headerver, long libver) |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 46 | { |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 47 | long mask, hfix, lfix; |
| 48 | |
| 49 | /* exact match is always OK */ |
| 50 | if (headerver == libver) |
| 51 | return 1; |
| 52 | |
| 53 | /* for versions < 1.0.0, major,minor,fix,status must match */ |
| 54 | if (headerver < 0x1000000f) { |
| 55 | mask = 0xfffff00fL; /* major,minor,fix,status */ |
| 56 | return (headerver & mask) == (libver & mask); |
| 57 | } |
| 58 | |
| 59 | /* |
| 60 | * For versions >= 1.0.0, major,minor,status must match and library |
| 61 | * fix version must be equal to or newer than the header. |
| 62 | */ |
| 63 | mask = 0xfff0000fL; /* major,minor,status */ |
| 64 | hfix = (headerver & 0x000ff000) >> 12; |
| 65 | lfix = (libver & 0x000ff000) >> 12; |
| 66 | if ( (headerver & mask) == (libver & mask) && lfix >= hfix) |
| 67 | return 1; |
| 68 | return 0; |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 69 | } |
| 70 | |
Greg Hartman | bd77cf7 | 2015-02-25 13:21:06 -0800 | [diff] [blame] | 71 | #ifdef USE_OPENSSL_ENGINE |
| 72 | void |
| 73 | ssh_OpenSSL_add_all_algorithms(void) |
| 74 | { |
| 75 | OpenSSL_add_all_algorithms(); |
| 76 | |
| 77 | /* Enable use of crypto hardware */ |
| 78 | ENGINE_load_builtin_engines(); |
| 79 | ENGINE_register_all_complete(); |
| 80 | OPENSSL_config(NULL); |
| 81 | } |
| 82 | #endif |
Adam Langley | d059297 | 2015-03-30 14:49:51 -0700 | [diff] [blame] | 83 | |
| 84 | #endif /* WITH_OPENSSL */ |