Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
| 3 | * |
| 4 | * Permission to use, copy, modify, and distribute this software for any |
| 5 | * purpose with or without fee is hereby granted, provided that the above |
| 6 | * copyright notice and this permission notice appear in all copies. |
| 7 | * |
| 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 12 | * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER |
| 13 | * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
| 14 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 15 | */ |
| 16 | |
Damien Miller | d7c81e2 | 2014-08-30 04:18:28 +1000 | [diff] [blame] | 17 | #ifndef _OPENSSL_COMPAT_H |
| 18 | #define _OPENSSL_COMPAT_H |
| 19 | |
Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 20 | #include "includes.h" |
Damien Miller | 72ef7c1 | 2015-01-15 02:21:31 +1100 | [diff] [blame] | 21 | #ifdef WITH_OPENSSL |
| 22 | |
Damien Miller | 9a3d0dc | 2010-10-07 22:06:42 +1100 | [diff] [blame] | 23 | #include <openssl/opensslv.h> |
Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 24 | #include <openssl/evp.h> |
Damien Miller | 4b1ec83 | 2010-05-12 17:49:59 +1000 | [diff] [blame] | 25 | #include <openssl/rsa.h> |
| 26 | #include <openssl/dsa.h> |
Damien Miller | 48f54b9 | 2018-09-13 12:13:50 +1000 | [diff] [blame] | 27 | #include <openssl/ecdsa.h> |
| 28 | #include <openssl/dh.h> |
Damien Miller | 4b1ec83 | 2010-05-12 17:49:59 +1000 | [diff] [blame] | 29 | |
Darren Tucker | 316fac6 | 2014-06-17 23:06:07 +1000 | [diff] [blame] | 30 | int ssh_compatible_openssl(long, long); |
| 31 | |
Damien Miller | 8668706 | 2014-07-02 15:28:02 +1000 | [diff] [blame] | 32 | #if (OPENSSL_VERSION_NUMBER <= 0x0090805fL) |
Damien Miller | d7c81e2 | 2014-08-30 04:18:28 +1000 | [diff] [blame] | 33 | # error OpenSSL 0.9.8f or greater is required |
Darren Tucker | cb52017 | 2007-06-14 23:21:32 +1000 | [diff] [blame] | 34 | #endif |
| 35 | |
Damien Miller | da5cc5d | 2013-01-20 22:31:29 +1100 | [diff] [blame] | 36 | #if OPENSSL_VERSION_NUMBER < 0x10000001L |
Damien Miller | 9a3d0dc | 2010-10-07 22:06:42 +1100 | [diff] [blame] | 37 | # define LIBCRYPTO_EVP_INL_TYPE unsigned int |
| 38 | #else |
| 39 | # define LIBCRYPTO_EVP_INL_TYPE size_t |
| 40 | #endif |
| 41 | |
Damien Miller | 51c77e2 | 2014-08-30 02:30:30 +1000 | [diff] [blame] | 42 | #ifndef OPENSSL_RSA_MAX_MODULUS_BITS |
| 43 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 |
| 44 | #endif |
| 45 | #ifndef OPENSSL_DSA_MAX_MODULUS_BITS |
| 46 | # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 |
| 47 | #endif |
| 48 | |
Darren Tucker | 5573171 | 2014-07-21 02:24:59 +1000 | [diff] [blame] | 49 | #ifndef OPENSSL_HAVE_EVPCTR |
Damien Miller | d7c81e2 | 2014-08-30 04:18:28 +1000 | [diff] [blame] | 50 | # define EVP_aes_128_ctr evp_aes_128_ctr |
| 51 | # define EVP_aes_192_ctr evp_aes_128_ctr |
| 52 | # define EVP_aes_256_ctr evp_aes_128_ctr |
Darren Tucker | 5573171 | 2014-07-21 02:24:59 +1000 | [diff] [blame] | 53 | const EVP_CIPHER *evp_aes_128_ctr(void); |
| 54 | void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); |
| 55 | #endif |
| 56 | |
Damien Miller | d522c68 | 2013-01-09 16:42:47 +1100 | [diff] [blame] | 57 | /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ |
| 58 | #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) |
| 59 | # define EVP_CTRL_GCM_SET_IV_FIXED -1 |
| 60 | # define EVP_CTRL_GCM_IV_GEN -1 |
| 61 | # define EVP_CTRL_GCM_SET_TAG -1 |
| 62 | # define EVP_CTRL_GCM_GET_TAG -1 |
| 63 | #endif |
| 64 | |
Damien Miller | b6f73b3 | 2013-02-11 10:39:12 +1100 | [diff] [blame] | 65 | /* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */ |
| 66 | #ifndef HAVE_EVP_CIPHER_CTX_CTRL |
| 67 | # ifdef OPENSSL_HAVE_EVPGCM |
| 68 | # error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */ |
| 69 | # else |
| 70 | # define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0) |
| 71 | # endif |
| 72 | #endif |
| 73 | |
Darren Tucker | a9ff395 | 2016-10-28 14:26:58 +1100 | [diff] [blame] | 74 | #if defined(HAVE_EVP_RIPEMD160) |
| 75 | # if defined(OPENSSL_NO_RIPEMD) || defined(OPENSSL_NO_RMD160) |
| 76 | # undef HAVE_EVP_RIPEMD160 |
| 77 | # endif |
| 78 | #endif |
| 79 | |
Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 80 | /* |
Darren Tucker | 4123636 | 2005-11-20 14:09:59 +1100 | [diff] [blame] | 81 | * We overload some of the OpenSSL crypto functions with ssh_* equivalents |
Damien Miller | 8668706 | 2014-07-02 15:28:02 +1000 | [diff] [blame] | 82 | * to automatically handle OpenSSL engine initialisation. |
Darren Tucker | 4123636 | 2005-11-20 14:09:59 +1100 | [diff] [blame] | 83 | * |
| 84 | * In order for the compat library to call the real functions, it must |
| 85 | * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and |
| 86 | * implement the ssh_* equivalents. |
Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 87 | */ |
Darren Tucker | fabdb6c | 2006-02-20 20:17:35 +1100 | [diff] [blame] | 88 | #ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS |
Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 89 | |
Darren Tucker | 3322e0d | 2006-02-22 00:00:27 +1100 | [diff] [blame] | 90 | # ifdef USE_OPENSSL_ENGINE |
Darren Tucker | d6548fe | 2011-05-10 11:13:36 +1000 | [diff] [blame] | 91 | # ifdef OpenSSL_add_all_algorithms |
| 92 | # undef OpenSSL_add_all_algorithms |
Darren Tucker | 3322e0d | 2006-02-22 00:00:27 +1100 | [diff] [blame] | 93 | # endif |
Darren Tucker | d6548fe | 2011-05-10 11:13:36 +1000 | [diff] [blame] | 94 | # define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() |
Darren Tucker | bfaaf96 | 2008-02-28 19:13:52 +1100 | [diff] [blame] | 95 | # endif |
Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 96 | |
Darren Tucker | d6548fe | 2011-05-10 11:13:36 +1000 | [diff] [blame] | 97 | void ssh_OpenSSL_add_all_algorithms(void); |
Darren Tucker | e9b3ad7 | 2012-01-17 14:03:34 +1100 | [diff] [blame] | 98 | |
Darren Tucker | fabdb6c | 2006-02-20 20:17:35 +1100 | [diff] [blame] | 99 | #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ |
Damien Miller | 4b1ec83 | 2010-05-12 17:49:59 +1000 | [diff] [blame] | 100 | |
Damien Miller | 48f54b9 | 2018-09-13 12:13:50 +1000 | [diff] [blame] | 101 | /* LibreSSL/OpenSSL 1.1x API compat */ |
| 102 | #ifndef HAVE_DSA_GET0_PQG |
| 103 | void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, |
| 104 | const BIGNUM **g); |
| 105 | #endif /* HAVE_DSA_GET0_PQG */ |
| 106 | |
| 107 | #ifndef HAVE_DSA_SET0_PQG |
| 108 | int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
| 109 | #endif /* HAVE_DSA_SET0_PQG */ |
| 110 | |
| 111 | #ifndef HAVE_DSA_GET0_KEY |
| 112 | void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, |
| 113 | const BIGNUM **priv_key); |
| 114 | #endif /* HAVE_DSA_GET0_KEY */ |
| 115 | |
| 116 | #ifndef HAVE_DSA_SET0_KEY |
| 117 | int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); |
| 118 | #endif /* HAVE_DSA_SET0_KEY */ |
| 119 | |
| 120 | #ifndef HAVE_EVP_CIPHER_CTX_GET_IV |
| 121 | int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, |
| 122 | unsigned char *iv, size_t len); |
| 123 | #endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ |
| 124 | |
| 125 | #ifndef HAVE_EVP_CIPHER_CTX_SET_IV |
| 126 | int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, |
| 127 | const unsigned char *iv, size_t len); |
| 128 | #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ |
| 129 | |
| 130 | #ifndef HAVE_RSA_GET0_KEY |
| 131 | void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, |
| 132 | const BIGNUM **d); |
| 133 | #endif /* HAVE_RSA_GET0_KEY */ |
| 134 | |
| 135 | #ifndef HAVE_RSA_SET0_KEY |
| 136 | int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); |
| 137 | #endif /* HAVE_RSA_SET0_KEY */ |
| 138 | |
| 139 | #ifndef HAVE_RSA_GET0_CRT_PARAMS |
| 140 | void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, |
| 141 | const BIGNUM **iqmp); |
| 142 | #endif /* HAVE_RSA_GET0_CRT_PARAMS */ |
| 143 | |
| 144 | #ifndef HAVE_RSA_SET0_CRT_PARAMS |
| 145 | int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); |
| 146 | #endif /* HAVE_RSA_SET0_CRT_PARAMS */ |
| 147 | |
| 148 | #ifndef HAVE_RSA_GET0_FACTORS |
| 149 | void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); |
| 150 | #endif /* HAVE_RSA_GET0_FACTORS */ |
| 151 | |
| 152 | #ifndef HAVE_RSA_SET0_FACTORS |
| 153 | int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); |
| 154 | #endif /* HAVE_RSA_SET0_FACTORS */ |
| 155 | |
| 156 | #ifndef DSA_SIG_GET0 |
| 157 | void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); |
| 158 | #endif /* DSA_SIG_GET0 */ |
| 159 | |
| 160 | #ifndef DSA_SIG_SET0 |
| 161 | int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); |
| 162 | #endif /* DSA_SIG_SET0 */ |
| 163 | |
| 164 | #ifndef HAVE_ECDSA_SIG_GET0 |
| 165 | void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); |
| 166 | #endif /* HAVE_ECDSA_SIG_GET0 */ |
| 167 | |
| 168 | #ifndef HAVE_ECDSA_SIG_SET0 |
| 169 | int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); |
| 170 | #endif /* HAVE_ECDSA_SIG_SET0 */ |
| 171 | |
| 172 | #ifndef HAVE_DH_GET0_PQG |
| 173 | void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, |
| 174 | const BIGNUM **g); |
| 175 | #endif /* HAVE_DH_GET0_PQG */ |
| 176 | |
| 177 | #ifndef HAVE_DH_SET0_PQG |
| 178 | int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
| 179 | #endif /* HAVE_DH_SET0_PQG */ |
| 180 | |
| 181 | #ifndef HAVE_DH_GET0_KEY |
| 182 | void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); |
| 183 | #endif /* HAVE_DH_GET0_KEY */ |
| 184 | |
| 185 | #ifndef HAVE_DH_SET0_KEY |
| 186 | int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); |
| 187 | #endif /* HAVE_DH_SET0_KEY */ |
| 188 | |
| 189 | #ifndef HAVE_DH_SET_LENGTH |
| 190 | int DH_set_length(DH *dh, long length); |
| 191 | #endif /* HAVE_DH_SET_LENGTH */ |
| 192 | |
| 193 | #ifndef HAVE_RSA_METH_FREE |
| 194 | void RSA_meth_free(RSA_METHOD *meth); |
| 195 | #endif /* HAVE_RSA_METH_FREE */ |
| 196 | |
| 197 | #ifndef HAVE_RSA_METH_DUP |
| 198 | RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); |
| 199 | #endif /* HAVE_RSA_METH_DUP */ |
| 200 | |
| 201 | #ifndef HAVE_RSA_METH_SET1_NAME |
| 202 | int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); |
| 203 | #endif /* HAVE_RSA_METH_SET1_NAME */ |
| 204 | |
| 205 | #ifndef HAVE_RSA_METH_GET_FINISH |
| 206 | int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); |
| 207 | #endif /* HAVE_RSA_METH_GET_FINISH */ |
| 208 | |
| 209 | #ifndef HAVE_RSA_METH_SET_PRIV_ENC |
| 210 | int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, |
| 211 | const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); |
| 212 | #endif /* HAVE_RSA_METH_SET_PRIV_ENC */ |
| 213 | |
| 214 | #ifndef HAVE_RSA_METH_SET_PRIV_DEC |
| 215 | int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, |
| 216 | const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); |
| 217 | #endif /* HAVE_RSA_METH_SET_PRIV_DEC */ |
| 218 | |
| 219 | #ifndef HAVE_RSA_METH_SET_FINISH |
| 220 | int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); |
| 221 | #endif /* HAVE_RSA_METH_SET_FINISH */ |
| 222 | |
| 223 | #ifndef HAVE_EVP_PKEY_GET0_RSA |
| 224 | RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); |
| 225 | #endif /* HAVE_EVP_PKEY_GET0_RSA */ |
| 226 | |
| 227 | #ifndef HAVE_EVP_MD_CTX_new |
| 228 | EVP_MD_CTX *EVP_MD_CTX_new(void); |
| 229 | #endif /* HAVE_EVP_MD_CTX_new */ |
| 230 | |
| 231 | #ifndef HAVE_EVP_MD_CTX_free |
| 232 | void EVP_MD_CTX_free(EVP_MD_CTX *ctx); |
| 233 | #endif /* HAVE_EVP_MD_CTX_free */ |
| 234 | |
Damien Miller | 72ef7c1 | 2015-01-15 02:21:31 +1100 | [diff] [blame] | 235 | #endif /* WITH_OPENSSL */ |
Damien Miller | d7c81e2 | 2014-08-30 04:18:28 +1000 | [diff] [blame] | 236 | #endif /* _OPENSSL_COMPAT_H */ |