mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-01-03 08:12:05 +00:00
8668706d0f
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.
NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.
81 lines
2.3 KiB
C
81 lines
2.3 KiB
C
/* $Id: openssl-compat.c,v 1.19 2014/07/02 05:28:07 djm Exp $ */
|
|
|
|
/*
|
|
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
|
*
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
|
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
|
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
|
|
#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
|
|
#include "includes.h"
|
|
|
|
#include <stdarg.h>
|
|
#include <string.h>
|
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
|
# include <openssl/engine.h>
|
|
# include <openssl/conf.h>
|
|
#endif
|
|
|
|
#include "log.h"
|
|
|
|
#include "openssl-compat.h"
|
|
|
|
/*
|
|
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
|
|
* We match major, minor, fix and status (not patch) for <1.0.0.
|
|
* After that, we acceptable compatible fix versions (so we
|
|
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
|
|
* within a patch series.
|
|
*/
|
|
|
|
int
|
|
ssh_compatible_openssl(long headerver, long libver)
|
|
{
|
|
long mask, hfix, lfix;
|
|
|
|
/* exact match is always OK */
|
|
if (headerver == libver)
|
|
return 1;
|
|
|
|
/* for versions < 1.0.0, major,minor,fix,status must match */
|
|
if (headerver < 0x1000000f) {
|
|
mask = 0xfffff00fL; /* major,minor,fix,status */
|
|
return (headerver & mask) == (libver & mask);
|
|
}
|
|
|
|
/*
|
|
* For versions >= 1.0.0, major,minor,status must match and library
|
|
* fix version must be equal to or newer than the header.
|
|
*/
|
|
mask = 0xfff0000fL; /* major,minor,status */
|
|
hfix = (headerver & 0x000ff000) >> 12;
|
|
lfix = (libver & 0x000ff000) >> 12;
|
|
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
|
void
|
|
ssh_OpenSSL_add_all_algorithms(void)
|
|
{
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
/* Enable use of crypto hardware */
|
|
ENGINE_load_builtin_engines();
|
|
ENGINE_register_all_complete();
|
|
OPENSSL_config(NULL);
|
|
}
|
|
#endif
|