2014-06-17 13:06:07 +00:00
|
|
|
/* $Id: openssl-compat.c,v 1.18 2014/06/17 13:06:08 dtucker Exp $ */
|
2005-06-09 11:45:10 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
|
|
|
*
|
|
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
|
|
|
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "includes.h"
|
|
|
|
|
2010-12-04 12:20:50 +00:00
|
|
|
#include <stdarg.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
2006-02-20 09:17:35 +00:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
|
|
|
# include <openssl/engine.h>
|
2010-11-22 06:59:00 +00:00
|
|
|
# include <openssl/conf.h>
|
2006-02-20 09:17:35 +00:00
|
|
|
#endif
|
|
|
|
|
2011-01-21 22:37:01 +00:00
|
|
|
#ifndef HAVE_RSA_GET_DEFAULT_METHOD
|
|
|
|
# include <openssl/rsa.h>
|
|
|
|
#endif
|
|
|
|
|
2010-12-04 12:20:50 +00:00
|
|
|
#include "log.h"
|
|
|
|
|
2008-02-28 08:13:52 +00:00
|
|
|
#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
|
|
|
|
#include "openssl-compat.h"
|
|
|
|
|
2014-06-17 13:06:07 +00:00
|
|
|
/*
|
|
|
|
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
|
|
|
|
* We match major, minor, fix and status (not patch) for <1.0.0.
|
|
|
|
* After that, we acceptable compatible fix versions (so we
|
|
|
|
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
|
|
|
|
* within a patch series.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int
|
|
|
|
ssh_compatible_openssl(long headerver, long libver)
|
|
|
|
{
|
|
|
|
long mask, hfix, lfix;
|
|
|
|
|
|
|
|
/* exact match is always OK */
|
|
|
|
if (headerver == libver)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
/* for versions < 1.0.0, major,minor,fix,status must match */
|
|
|
|
if (headerver < 0x1000000f) {
|
|
|
|
mask = 0xfffff00fL; /* major,minor,fix,status */
|
|
|
|
return (headerver & mask) == (libver & mask);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For versions >= 1.0.0, major,minor,status must match and library
|
|
|
|
* fix version must be equal to or newer than the header.
|
|
|
|
*/
|
|
|
|
mask = 0xfff0000fL; /* major,minor,status */
|
|
|
|
hfix = (headerver & 0x000ff000) >> 12;
|
|
|
|
lfix = (libver & 0x000ff000) >> 12;
|
|
|
|
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
|
|
|
|
return 1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-06-09 11:45:10 +00:00
|
|
|
#ifdef SSH_OLD_EVP
|
|
|
|
int
|
|
|
|
ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
|
|
|
|
unsigned char *key, unsigned char *iv, int enc)
|
|
|
|
{
|
|
|
|
EVP_CipherInit(evp, type, key, iv, enc);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
|
|
|
|
{
|
|
|
|
EVP_Cipher(evp, dst, src, len);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
|
|
|
|
{
|
|
|
|
EVP_CIPHER_CTX_cleanup(evp);
|
|
|
|
return 1;
|
|
|
|
}
|
2009-03-07 11:22:35 +00:00
|
|
|
#endif
|
2009-03-07 01:01:47 +00:00
|
|
|
|
2014-01-17 06:32:30 +00:00
|
|
|
#ifndef HAVE_EVP_DIGESTINIT_EX
|
|
|
|
int
|
|
|
|
EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, void *engine)
|
|
|
|
{
|
|
|
|
if (engine != NULL)
|
|
|
|
fatal("%s: ENGINE is not supported", __func__);
|
|
|
|
# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
|
|
|
|
EVP_DigestInit(ctx, md);
|
|
|
|
return 1;
|
|
|
|
# else
|
|
|
|
return EVP_DigestInit(ctx, md);
|
|
|
|
# endif
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2014-01-17 07:00:40 +00:00
|
|
|
#ifndef HAVE_EVP_DIGESTFINAL_EX
|
2014-01-17 06:32:30 +00:00
|
|
|
int
|
|
|
|
EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s)
|
|
|
|
{
|
|
|
|
# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
|
|
|
|
EVP_DigestFinal(ctx, md, s);
|
|
|
|
return 1;
|
|
|
|
# else
|
|
|
|
return EVP_DigestFinal(ctx, md, s);
|
|
|
|
# endif
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2009-03-07 11:22:35 +00:00
|
|
|
#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
|
2009-03-07 01:01:47 +00:00
|
|
|
int
|
|
|
|
ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
|
|
|
|
{
|
|
|
|
EVP_DigestUpdate(ctx, d, cnt);
|
|
|
|
return 1;
|
|
|
|
}
|
2005-06-09 11:45:10 +00:00
|
|
|
#endif
|
2006-02-20 09:17:35 +00:00
|
|
|
|
2014-02-13 05:38:32 +00:00
|
|
|
#ifndef HAVE_EVP_MD_CTX_COPY_EX
|
|
|
|
int
|
|
|
|
EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
|
|
|
|
{
|
|
|
|
return EVP_MD_CTX_copy(out, in);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2010-12-04 12:20:50 +00:00
|
|
|
#ifndef HAVE_BN_IS_PRIME_EX
|
|
|
|
int
|
|
|
|
BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb)
|
|
|
|
{
|
|
|
|
if (cb != NULL)
|
|
|
|
fatal("%s: callback args not supported", __func__);
|
|
|
|
return BN_is_prime(p, nchecks, NULL, ctx, NULL);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef HAVE_RSA_GENERATE_KEY_EX
|
|
|
|
int
|
|
|
|
RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb)
|
|
|
|
{
|
|
|
|
RSA *new_rsa, tmp_rsa;
|
|
|
|
unsigned long e;
|
|
|
|
|
|
|
|
if (cb != NULL)
|
|
|
|
fatal("%s: callback args not supported", __func__);
|
|
|
|
e = BN_get_word(bn_e);
|
|
|
|
if (e == 0xffffffffL)
|
|
|
|
fatal("%s: value of e too large", __func__);
|
|
|
|
new_rsa = RSA_generate_key(bits, e, NULL, NULL);
|
|
|
|
if (new_rsa == NULL)
|
|
|
|
return 0;
|
|
|
|
/* swap rsa/new_rsa then free new_rsa */
|
|
|
|
tmp_rsa = *rsa;
|
|
|
|
*rsa = *new_rsa;
|
|
|
|
*new_rsa = tmp_rsa;
|
|
|
|
RSA_free(new_rsa);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
|
|
|
|
int
|
|
|
|
DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed,
|
|
|
|
int seed_len, int *counter_ret, unsigned long *h_ret, void *cb)
|
|
|
|
{
|
|
|
|
DSA *new_dsa, tmp_dsa;
|
|
|
|
|
|
|
|
if (cb != NULL)
|
|
|
|
fatal("%s: callback args not supported", __func__);
|
|
|
|
new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len,
|
|
|
|
counter_ret, h_ret, NULL, NULL);
|
|
|
|
if (new_dsa == NULL)
|
|
|
|
return 0;
|
|
|
|
/* swap dsa/new_dsa then free new_dsa */
|
|
|
|
tmp_dsa = *dsa;
|
|
|
|
*dsa = *new_dsa;
|
|
|
|
*new_dsa = tmp_dsa;
|
|
|
|
DSA_free(new_dsa);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2011-01-21 22:37:01 +00:00
|
|
|
#ifndef HAVE_RSA_GET_DEFAULT_METHOD
|
|
|
|
RSA_METHOD *
|
|
|
|
RSA_get_default_method(void)
|
|
|
|
{
|
|
|
|
return RSA_PKCS1_SSLeay();
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2006-02-22 11:24:47 +00:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2006-02-20 09:17:35 +00:00
|
|
|
void
|
2011-05-10 01:13:36 +00:00
|
|
|
ssh_OpenSSL_add_all_algorithms(void)
|
2006-02-20 09:17:35 +00:00
|
|
|
{
|
2011-05-10 01:13:36 +00:00
|
|
|
OpenSSL_add_all_algorithms();
|
2006-02-20 09:17:35 +00:00
|
|
|
|
|
|
|
/* Enable use of crypto hardware */
|
|
|
|
ENGINE_load_builtin_engines();
|
|
|
|
ENGINE_register_all_complete();
|
2010-01-28 23:54:11 +00:00
|
|
|
OPENSSL_config(NULL);
|
2006-02-20 09:17:35 +00:00
|
|
|
}
|
2006-02-22 11:24:47 +00:00
|
|
|
#endif
|