diff options
Diffstat (limited to 'openbsd-compat')
-rw-r--r-- | openbsd-compat/openssl-compat.c | 141 | ||||
-rw-r--r-- | openbsd-compat/openssl-compat.h | 118 |
2 files changed, 6 insertions, 253 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 0e5f2cea5..36570e4ad 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openssl-compat.c,v 1.18 2014/06/17 13:06:08 dtucker Exp $ */ | 1 | /* $Id: openssl-compat.c,v 1.19 2014/07/02 05:28:07 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
@@ -16,6 +16,7 @@ | |||
16 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 16 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
17 | */ | 17 | */ |
18 | 18 | ||
19 | #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS | ||
19 | #include "includes.h" | 20 | #include "includes.h" |
20 | 21 | ||
21 | #include <stdarg.h> | 22 | #include <stdarg.h> |
@@ -26,13 +27,8 @@ | |||
26 | # include <openssl/conf.h> | 27 | # include <openssl/conf.h> |
27 | #endif | 28 | #endif |
28 | 29 | ||
29 | #ifndef HAVE_RSA_GET_DEFAULT_METHOD | ||
30 | # include <openssl/rsa.h> | ||
31 | #endif | ||
32 | |||
33 | #include "log.h" | 30 | #include "log.h" |
34 | 31 | ||
35 | #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS | ||
36 | #include "openssl-compat.h" | 32 | #include "openssl-compat.h" |
37 | 33 | ||
38 | /* | 34 | /* |
@@ -70,139 +66,6 @@ ssh_compatible_openssl(long headerver, long libver) | |||
70 | return 0; | 66 | return 0; |
71 | } | 67 | } |
72 | 68 | ||
73 | #ifdef SSH_OLD_EVP | ||
74 | int | ||
75 | ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, | ||
76 | unsigned char *key, unsigned char *iv, int enc) | ||
77 | { | ||
78 | EVP_CipherInit(evp, type, key, iv, enc); | ||
79 | return 1; | ||
80 | } | ||
81 | |||
82 | int | ||
83 | ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len) | ||
84 | { | ||
85 | EVP_Cipher(evp, dst, src, len); | ||
86 | return 1; | ||
87 | } | ||
88 | |||
89 | int | ||
90 | ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) | ||
91 | { | ||
92 | EVP_CIPHER_CTX_cleanup(evp); | ||
93 | return 1; | ||
94 | } | ||
95 | #endif | ||
96 | |||
97 | #ifndef HAVE_EVP_DIGESTINIT_EX | ||
98 | int | ||
99 | EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, void *engine) | ||
100 | { | ||
101 | if (engine != NULL) | ||
102 | fatal("%s: ENGINE is not supported", __func__); | ||
103 | # ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
104 | EVP_DigestInit(ctx, md); | ||
105 | return 1; | ||
106 | # else | ||
107 | return EVP_DigestInit(ctx, md); | ||
108 | # endif | ||
109 | } | ||
110 | #endif | ||
111 | |||
112 | #ifndef HAVE_EVP_DIGESTFINAL_EX | ||
113 | int | ||
114 | EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s) | ||
115 | { | ||
116 | # ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
117 | EVP_DigestFinal(ctx, md, s); | ||
118 | return 1; | ||
119 | # else | ||
120 | return EVP_DigestFinal(ctx, md, s); | ||
121 | # endif | ||
122 | } | ||
123 | #endif | ||
124 | |||
125 | #ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
126 | int | ||
127 | ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) | ||
128 | { | ||
129 | EVP_DigestUpdate(ctx, d, cnt); | ||
130 | return 1; | ||
131 | } | ||
132 | #endif | ||
133 | |||
134 | #ifndef HAVE_EVP_MD_CTX_COPY_EX | ||
135 | int | ||
136 | EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | ||
137 | { | ||
138 | return EVP_MD_CTX_copy(out, in); | ||
139 | } | ||
140 | #endif | ||
141 | |||
142 | #ifndef HAVE_BN_IS_PRIME_EX | ||
143 | int | ||
144 | BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb) | ||
145 | { | ||
146 | if (cb != NULL) | ||
147 | fatal("%s: callback args not supported", __func__); | ||
148 | return BN_is_prime(p, nchecks, NULL, ctx, NULL); | ||
149 | } | ||
150 | #endif | ||
151 | |||
152 | #ifndef HAVE_RSA_GENERATE_KEY_EX | ||
153 | int | ||
154 | RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb) | ||
155 | { | ||
156 | RSA *new_rsa, tmp_rsa; | ||
157 | unsigned long e; | ||
158 | |||
159 | if (cb != NULL) | ||
160 | fatal("%s: callback args not supported", __func__); | ||
161 | e = BN_get_word(bn_e); | ||
162 | if (e == 0xffffffffL) | ||
163 | fatal("%s: value of e too large", __func__); | ||
164 | new_rsa = RSA_generate_key(bits, e, NULL, NULL); | ||
165 | if (new_rsa == NULL) | ||
166 | return 0; | ||
167 | /* swap rsa/new_rsa then free new_rsa */ | ||
168 | tmp_rsa = *rsa; | ||
169 | *rsa = *new_rsa; | ||
170 | *new_rsa = tmp_rsa; | ||
171 | RSA_free(new_rsa); | ||
172 | return 1; | ||
173 | } | ||
174 | #endif | ||
175 | |||
176 | #ifndef HAVE_DSA_GENERATE_PARAMETERS_EX | ||
177 | int | ||
178 | DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, | ||
179 | int seed_len, int *counter_ret, unsigned long *h_ret, void *cb) | ||
180 | { | ||
181 | DSA *new_dsa, tmp_dsa; | ||
182 | |||
183 | if (cb != NULL) | ||
184 | fatal("%s: callback args not supported", __func__); | ||
185 | new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len, | ||
186 | counter_ret, h_ret, NULL, NULL); | ||
187 | if (new_dsa == NULL) | ||
188 | return 0; | ||
189 | /* swap dsa/new_dsa then free new_dsa */ | ||
190 | tmp_dsa = *dsa; | ||
191 | *dsa = *new_dsa; | ||
192 | *new_dsa = tmp_dsa; | ||
193 | DSA_free(new_dsa); | ||
194 | return 1; | ||
195 | } | ||
196 | #endif | ||
197 | |||
198 | #ifndef HAVE_RSA_GET_DEFAULT_METHOD | ||
199 | RSA_METHOD * | ||
200 | RSA_get_default_method(void) | ||
201 | { | ||
202 | return RSA_PKCS1_SSLeay(); | ||
203 | } | ||
204 | #endif | ||
205 | |||
206 | #ifdef USE_OPENSSL_ENGINE | 69 | #ifdef USE_OPENSSL_ENGINE |
207 | void | 70 | void |
208 | ssh_OpenSSL_add_all_algorithms(void) | 71 | ssh_OpenSSL_add_all_algorithms(void) |
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 199dcc882..d088d2962 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openssl-compat.h,v 1.27 2014/06/17 13:06:08 dtucker Exp $ */ | 1 | /* $Id: openssl-compat.h,v 1.28 2014/07/02 05:28:07 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
@@ -24,22 +24,8 @@ | |||
24 | 24 | ||
25 | int ssh_compatible_openssl(long, long); | 25 | int ssh_compatible_openssl(long, long); |
26 | 26 | ||
27 | /* Only in 0.9.8 */ | 27 | #if (OPENSSL_VERSION_NUMBER <= 0x0090805fL) |
28 | #ifndef OPENSSL_DSA_MAX_MODULUS_BITS | 28 | #error OpenSSL 0.9.8f or greater is required |
29 | # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 | ||
30 | #endif | ||
31 | #ifndef OPENSSL_RSA_MAX_MODULUS_BITS | ||
32 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | ||
33 | #endif | ||
34 | |||
35 | /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ | ||
36 | #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) | ||
37 | # define OPENSSL_free(x) Free(x) | ||
38 | #endif | ||
39 | |||
40 | #if OPENSSL_VERSION_NUMBER < 0x00906000L | ||
41 | # define SSH_OLD_EVP | ||
42 | # define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) | ||
43 | #endif | 29 | #endif |
44 | 30 | ||
45 | #if OPENSSL_VERSION_NUMBER < 0x10000001L | 31 | #if OPENSSL_VERSION_NUMBER < 0x10000001L |
@@ -48,31 +34,6 @@ int ssh_compatible_openssl(long, long); | |||
48 | # define LIBCRYPTO_EVP_INL_TYPE size_t | 34 | # define LIBCRYPTO_EVP_INL_TYPE size_t |
49 | #endif | 35 | #endif |
50 | 36 | ||
51 | #if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES) | ||
52 | # define USE_BUILTIN_RIJNDAEL | ||
53 | #endif | ||
54 | |||
55 | #ifdef USE_BUILTIN_RIJNDAEL | ||
56 | # include "rijndael.h" | ||
57 | # define AES_KEY rijndael_ctx | ||
58 | # define AES_BLOCK_SIZE 16 | ||
59 | # define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b) | ||
60 | # define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1) | ||
61 | # define EVP_aes_128_cbc evp_rijndael | ||
62 | # define EVP_aes_192_cbc evp_rijndael | ||
63 | # define EVP_aes_256_cbc evp_rijndael | ||
64 | const EVP_CIPHER *evp_rijndael(void); | ||
65 | void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); | ||
66 | #endif | ||
67 | |||
68 | #ifndef OPENSSL_HAVE_EVPCTR | ||
69 | #define EVP_aes_128_ctr evp_aes_128_ctr | ||
70 | #define EVP_aes_192_ctr evp_aes_128_ctr | ||
71 | #define EVP_aes_256_ctr evp_aes_128_ctr | ||
72 | const EVP_CIPHER *evp_aes_128_ctr(void); | ||
73 | void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); | ||
74 | #endif | ||
75 | |||
76 | /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ | 37 | /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ |
77 | #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) | 38 | #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) |
78 | # define EVP_CTRL_GCM_SET_IV_FIXED -1 | 39 | # define EVP_CTRL_GCM_SET_IV_FIXED -1 |
@@ -90,26 +51,9 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); | |||
90 | # endif | 51 | # endif |
91 | #endif | 52 | #endif |
92 | 53 | ||
93 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
94 | #define EVP_X_STATE(evp) &(evp).c | ||
95 | #define EVP_X_STATE_LEN(evp) sizeof((evp).c) | ||
96 | #else | ||
97 | #define EVP_X_STATE(evp) (evp).cipher_data | ||
98 | #define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size | ||
99 | #endif | ||
100 | |||
101 | /* OpenSSL 0.9.8e returns cipher key len not context key len */ | ||
102 | #if (OPENSSL_VERSION_NUMBER == 0x0090805fL) | ||
103 | # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) | ||
104 | #endif | ||
105 | |||
106 | #ifndef HAVE_RSA_GET_DEFAULT_METHOD | ||
107 | RSA_METHOD *RSA_get_default_method(void); | ||
108 | #endif | ||
109 | |||
110 | /* | 54 | /* |
111 | * We overload some of the OpenSSL crypto functions with ssh_* equivalents | 55 | * We overload some of the OpenSSL crypto functions with ssh_* equivalents |
112 | * which cater for older and/or less featureful OpenSSL version. | 56 | * to automatically handle OpenSSL engine initialisation. |
113 | * | 57 | * |
114 | * In order for the compat library to call the real functions, it must | 58 | * In order for the compat library to call the real functions, it must |
115 | * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and | 59 | * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and |
@@ -117,19 +61,6 @@ RSA_METHOD *RSA_get_default_method(void); | |||
117 | */ | 61 | */ |
118 | #ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS | 62 | #ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS |
119 | 63 | ||
120 | # ifdef SSH_OLD_EVP | ||
121 | # ifdef EVP_Cipher | ||
122 | # undef EVP_Cipher | ||
123 | # endif | ||
124 | # define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) | ||
125 | # define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) | ||
126 | # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) | ||
127 | # endif /* SSH_OLD_EVP */ | ||
128 | |||
129 | # ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
130 | # define EVP_DigestUpdate(a,b,c) ssh_EVP_DigestUpdate((a),(b),(c)) | ||
131 | # endif | ||
132 | |||
133 | # ifdef USE_OPENSSL_ENGINE | 64 | # ifdef USE_OPENSSL_ENGINE |
134 | # ifdef OpenSSL_add_all_algorithms | 65 | # ifdef OpenSSL_add_all_algorithms |
135 | # undef OpenSSL_add_all_algorithms | 66 | # undef OpenSSL_add_all_algorithms |
@@ -137,48 +68,7 @@ RSA_METHOD *RSA_get_default_method(void); | |||
137 | # define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() | 68 | # define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() |
138 | # endif | 69 | # endif |
139 | 70 | ||
140 | # ifndef HAVE_BN_IS_PRIME_EX | ||
141 | int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, void *); | ||
142 | # endif | ||
143 | |||
144 | # ifndef HAVE_DSA_GENERATE_PARAMETERS_EX | ||
145 | int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *, | ||
146 | unsigned long *, void *); | ||
147 | # endif | ||
148 | |||
149 | # ifndef HAVE_RSA_GENERATE_KEY_EX | ||
150 | int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *); | ||
151 | # endif | ||
152 | |||
153 | # ifndef HAVE_EVP_DIGESTINIT_EX | ||
154 | int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, void *); | ||
155 | # endif | ||
156 | |||
157 | # ifndef HAVE_EVP_DISESTFINAL_EX | ||
158 | int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *); | ||
159 | # endif | ||
160 | |||
161 | # ifndef EVP_MD_CTX_COPY_EX | ||
162 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *); | ||
163 | # endif | ||
164 | |||
165 | int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, | ||
166 | unsigned char *, int); | ||
167 | int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); | ||
168 | int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); | ||
169 | void ssh_OpenSSL_add_all_algorithms(void); | 71 | void ssh_OpenSSL_add_all_algorithms(void); |
170 | 72 | ||
171 | # ifndef HAVE_HMAC_CTX_INIT | ||
172 | # define HMAC_CTX_init(a) | ||
173 | # endif | ||
174 | |||
175 | # ifndef HAVE_EVP_MD_CTX_INIT | ||
176 | # define EVP_MD_CTX_init(a) | ||
177 | # endif | ||
178 | |||
179 | # ifndef HAVE_EVP_MD_CTX_CLEANUP | ||
180 | # define EVP_MD_CTX_cleanup(a) | ||
181 | # endif | ||
182 | |||
183 | #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ | 73 | #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ |
184 | 74 | ||