summaryrefslogtreecommitdiff
path: root/openbsd-compat/openssl-compat.c
diff options
context:
space:
mode:
Diffstat (limited to 'openbsd-compat/openssl-compat.c')
-rw-r--r--openbsd-compat/openssl-compat.c166
1 files changed, 32 insertions, 134 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 885c121f2..defd5fb61 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
1/* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */ 1/* $Id: openssl-compat.c,v 1.19 2014/07/02 05:28:07 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> 4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -16,6 +16,7 @@
16 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */ 17 */
18 18
19#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
19#include "includes.h" 20#include "includes.h"
20 21
21#include <stdarg.h> 22#include <stdarg.h>
@@ -26,147 +27,44 @@
26# include <openssl/conf.h> 27# include <openssl/conf.h>
27#endif 28#endif
28 29
29#ifndef HAVE_RSA_GET_DEFAULT_METHOD
30# include <openssl/rsa.h>
31#endif
32
33#include "log.h" 30#include "log.h"
34 31
35#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
36#include "openssl-compat.h" 32#include "openssl-compat.h"
37 33
38#ifdef SSH_OLD_EVP 34/*
39int 35 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
40ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, 36 * We match major, minor, fix and status (not patch) for <1.0.0.
41 unsigned char *key, unsigned char *iv, int enc) 37 * After that, we accept compatible fix and status versions (so we
42{ 38 * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
43 EVP_CipherInit(evp, type, key, iv, enc); 39 * within a patch series.
44 return 1; 40 */
45}
46
47int
48ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
49{
50 EVP_Cipher(evp, dst, src, len);
51 return 1;
52}
53
54int
55ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
56{
57 EVP_CIPHER_CTX_cleanup(evp);
58 return 1;
59}
60#endif
61
62#ifndef HAVE_EVP_DIGESTINIT_EX
63int
64EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, void *engine)
65{
66 if (engine != NULL)
67 fatal("%s: ENGINE is not supported", __func__);
68# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
69 EVP_DigestInit(ctx, md);
70 return 1;
71# else
72 return EVP_DigestInit(ctx, md);
73# endif
74}
75#endif
76
77#ifndef HAVE_EVP_DIGESTFINAL_EX
78int
79EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s)
80{
81# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
82 EVP_DigestFinal(ctx, md, s);
83 return 1;
84# else
85 return EVP_DigestFinal(ctx, md, s);
86# endif
87}
88#endif
89
90#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
91int
92ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
93{
94 EVP_DigestUpdate(ctx, d, cnt);
95 return 1;
96}
97#endif
98
99#ifndef HAVE_EVP_MD_CTX_COPY_EX
100int
101EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
102{
103 return EVP_MD_CTX_copy(out, in);
104}
105#endif
106
107#ifndef HAVE_BN_IS_PRIME_EX
108int
109BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb)
110{
111 if (cb != NULL)
112 fatal("%s: callback args not supported", __func__);
113 return BN_is_prime(p, nchecks, NULL, ctx, NULL);
114}
115#endif
116
117#ifndef HAVE_RSA_GENERATE_KEY_EX
118int
119RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb)
120{
121 RSA *new_rsa, tmp_rsa;
122 unsigned long e;
123
124 if (cb != NULL)
125 fatal("%s: callback args not supported", __func__);
126 e = BN_get_word(bn_e);
127 if (e == 0xffffffffL)
128 fatal("%s: value of e too large", __func__);
129 new_rsa = RSA_generate_key(bits, e, NULL, NULL);
130 if (new_rsa == NULL)
131 return 0;
132 /* swap rsa/new_rsa then free new_rsa */
133 tmp_rsa = *rsa;
134 *rsa = *new_rsa;
135 *new_rsa = tmp_rsa;
136 RSA_free(new_rsa);
137 return 1;
138}
139#endif
140 41
141#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
142int 42int
143DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, 43ssh_compatible_openssl(long headerver, long libver)
144 int seed_len, int *counter_ret, unsigned long *h_ret, void *cb)
145{ 44{
146 DSA *new_dsa, tmp_dsa; 45 long mask, hfix, lfix;
147 46
148 if (cb != NULL) 47 /* exact match is always OK */
149 fatal("%s: callback args not supported", __func__); 48 if (headerver == libver)
150 new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len, 49 return 1;
151 counter_ret, h_ret, NULL, NULL); 50
152 if (new_dsa == NULL) 51 /* for versions < 1.0.0, major,minor,fix,status must match */
153 return 0; 52 if (headerver < 0x1000000f) {
154 /* swap dsa/new_dsa then free new_dsa */ 53 mask = 0xfffff00fL; /* major,minor,fix,status */
155 tmp_dsa = *dsa; 54 return (headerver & mask) == (libver & mask);
156 *dsa = *new_dsa; 55 }
157 *new_dsa = tmp_dsa; 56
158 DSA_free(new_dsa); 57 /*
159 return 1; 58 * For versions >= 1.0.0, major,minor must match and library
160} 59 * fix version must be equal to or newer than the header.
161#endif 60 */
162 61 mask = 0xfff00000L; /* major,minor */
163#ifndef HAVE_RSA_GET_DEFAULT_METHOD 62 hfix = (headerver & 0x000ff000) >> 12;
164RSA_METHOD * 63 lfix = (libver & 0x000ff000) >> 12;
165RSA_get_default_method(void) 64 if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
166{ 65 return 1;
167 return RSA_PKCS1_SSLeay(); 66 return 0;
168} 67}
169#endif
170 68
171#ifdef USE_OPENSSL_ENGINE 69#ifdef USE_OPENSSL_ENGINE
172void 70void