1 /* 2 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER 13 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 14 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #ifndef _OPENSSL_COMPAT_H 18 #define _OPENSSL_COMPAT_H 19 20 #include "includes.h" 21 #ifdef WITH_OPENSSL 22 23 #include <openssl/opensslv.h> 24 #include <openssl/crypto.h> 25 #include <openssl/evp.h> 26 #include <openssl/rsa.h> 27 #include <openssl/dsa.h> 28 #ifdef OPENSSL_HAS_ECC 29 #include <openssl/ecdsa.h> 30 #endif 31 #include <openssl/dh.h> 32 33 int ssh_compatible_openssl(long, long); 34 void ssh_libcrypto_init(void); 35 36 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) 37 # error OpenSSL 1.1.0 or greater is required 38 #endif 39 #ifdef LIBRESSL_VERSION_NUMBER 40 # if LIBRESSL_VERSION_NUMBER < 0x3010000fL 41 # error LibreSSL 3.1.0 or greater is required 42 # endif 43 #endif 44 45 #ifndef OPENSSL_RSA_MAX_MODULUS_BITS 46 # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 47 #endif 48 #ifndef OPENSSL_DSA_MAX_MODULUS_BITS 49 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 50 #endif 51 52 #ifdef LIBRESSL_VERSION_NUMBER 53 # if LIBRESSL_VERSION_NUMBER < 0x3010000fL 54 # define HAVE_BROKEN_CHACHA20 55 # endif 56 #endif 57 58 #ifdef OPENSSL_IS_BORINGSSL 59 /* 60 * BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with 61 * the entire BN_set_flags() interface. 62 * https://boringssl.googlesource.com/boringssl/+/0a211dfe9 63 */ 64 # define BN_set_flags(a, b) 65 #endif 66 67 #ifndef HAVE_EVP_CIPHER_CTX_GET_IV 68 # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV 69 # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv 70 # else /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */ 71 int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, 72 unsigned char *iv, size_t len); 73 # endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */ 74 #endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ 75 76 #ifndef HAVE_EVP_CIPHER_CTX_SET_IV 77 int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, 78 const unsigned char *iv, size_t len); 79 #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ 80 81 #endif /* WITH_OPENSSL */ 82 #endif /* _OPENSSL_COMPAT_H */ 83