/* * Copyright (c) 2005 Darren Tucker * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _OPENSSL_COMPAT_H #define _OPENSSL_COMPAT_H #include "includes.h" #ifdef WITH_OPENSSL #include #include #include #include #include #ifdef OPENSSL_HAS_ECC #include #endif #include int ssh_compatible_openssl(long, long); void ssh_libcrypto_init(void); #if (OPENSSL_VERSION_NUMBER < 0x10100000L) # error OpenSSL 1.1.0 or greater is required #endif #ifdef LIBRESSL_VERSION_NUMBER # if LIBRESSL_VERSION_NUMBER < 0x3010000fL # error LibreSSL 3.1.0 or greater is required # endif #endif #ifndef OPENSSL_RSA_MAX_MODULUS_BITS # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif #ifndef OPENSSL_DSA_MAX_MODULUS_BITS # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif #ifdef LIBRESSL_VERSION_NUMBER # if LIBRESSL_VERSION_NUMBER < 0x3010000fL # define HAVE_BROKEN_CHACHA20 # endif #endif #ifdef OPENSSL_IS_BORINGSSL /* * BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with * the entire BN_set_flags() interface. * https://boringssl.googlesource.com/boringssl/+/0a211dfe9 */ # define BN_set_flags(a, b) #endif #ifndef HAVE_EVP_CIPHER_CTX_GET_IV # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv # else /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */ int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len); # endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */ #endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ #ifndef HAVE_EVP_CIPHER_CTX_SET_IV int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len); #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ #ifndef HAVE_EVP_DIGESTSIGN int EVP_DigestSign(EVP_MD_CTX *, unsigned char *, size_t *, const unsigned char *, size_t); #endif #ifndef HAVE_EVP_DIGESTVERIFY int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t, const unsigned char *, size_t); #endif #endif /* WITH_OPENSSL */ #endif /* _OPENSSL_COMPAT_H */