1 /* 2 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER 13 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 14 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS 18 #include "includes.h" 19 20 #ifdef WITH_OPENSSL 21 22 #include <stdarg.h> 23 #include <string.h> 24 25 #ifdef USE_OPENSSL_ENGINE 26 # include <openssl/engine.h> 27 # include <openssl/conf.h> 28 #endif 29 30 #include "log.h" 31 32 #include "openssl-compat.h" 33 34 /* 35 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status 36 * We match major, minor, fix and status (not patch) for <1.0.0. 37 * After that, we acceptable compatible fix versions (so we 38 * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed 39 * within a patch series. 40 */ 41 42 int 43 ssh_compatible_openssl(long headerver, long libver) 44 { 45 long mask, hfix, lfix; 46 47 /* exact match is always OK */ 48 if (headerver == libver) 49 return 1; 50 51 /* for versions < 1.0.0, major,minor,fix,status must match */ 52 if (headerver < 0x1000000f) { 53 mask = 0xfffff00fL; /* major,minor,fix,status */ 54 return (headerver & mask) == (libver & mask); 55 } 56 57 /* 58 * For versions >= 1.0.0, major,minor,status must match and library 59 * fix version must be equal to or newer than the header. 60 */ 61 mask = 0xfff0000fL; /* major,minor,status */ 62 hfix = (headerver & 0x000ff000) >> 12; 63 lfix = (libver & 0x000ff000) >> 12; 64 if ( (headerver & mask) == (libver & mask) && lfix >= hfix) 65 return 1; 66 return 0; 67 } 68 69 void 70 ssh_libcrypto_init(void) 71 { 72 #if defined(HAVE_OPENSSL_INIT_CRYPTO) && \ 73 defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ 74 defined(OPENSSL_INIT_ADD_ALL_DIGESTS) 75 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | 76 OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); 77 #elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS) 78 OpenSSL_add_all_algorithms(); 79 #endif 80 81 #ifdef USE_OPENSSL_ENGINE 82 /* Enable use of crypto hardware */ 83 ENGINE_load_builtin_engines(); 84 ENGINE_register_all_complete(); 85 86 /* Load the libcrypto config file to pick up engines defined there */ 87 # if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG) 88 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | 89 OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); 90 # else 91 OPENSSL_config(NULL); 92 # endif 93 #endif /* USE_OPENSSL_ENGINE */ 94 } 95 96 #endif /* WITH_OPENSSL */ 97