mirror of git://anongit.mindrot.org/openssh.git
83 lines
2.5 KiB
C
83 lines
2.5 KiB
C
/*
|
|
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
|
*
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
|
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
|
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
|
|
#ifndef _OPENSSL_COMPAT_H
|
|
#define _OPENSSL_COMPAT_H
|
|
|
|
#include "includes.h"
|
|
#ifdef WITH_OPENSSL
|
|
|
|
#include <openssl/opensslv.h>
|
|
#include <openssl/crypto.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rsa.h>
|
|
#include <openssl/dsa.h>
|
|
#ifdef OPENSSL_HAS_ECC
|
|
#include <openssl/ecdsa.h>
|
|
#endif
|
|
#include <openssl/dh.h>
|
|
|
|
int ssh_compatible_openssl(long, long);
|
|
void ssh_libcrypto_init(void);
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
|
# error OpenSSL 1.1.0 or greater is required
|
|
#endif
|
|
#ifdef LIBRESSL_VERSION_NUMBER
|
|
# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
|
|
# error LibreSSL 3.1.0 or greater is required
|
|
# endif
|
|
#endif
|
|
|
|
#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
|
|
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
|
|
#endif
|
|
#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
|
|
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
|
|
#endif
|
|
|
|
#ifdef LIBRESSL_VERSION_NUMBER
|
|
# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
|
|
# define HAVE_BROKEN_CHACHA20
|
|
# endif
|
|
#endif
|
|
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
/*
|
|
* BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with
|
|
* the entire BN_set_flags() interface.
|
|
* https://boringssl.googlesource.com/boringssl/+/0a211dfe9
|
|
*/
|
|
# define BN_set_flags(a, b)
|
|
#endif
|
|
|
|
#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
|
|
# ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
|
|
# define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
|
|
# else /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
|
|
int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
|
|
unsigned char *iv, size_t len);
|
|
# endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
|
|
#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
|
|
|
|
#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
|
|
int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
|
|
const unsigned char *iv, size_t len);
|
|
#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
|
|
|
|
#endif /* WITH_OPENSSL */
|
|
#endif /* _OPENSSL_COMPAT_H */
|