2 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
13 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
14 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #ifndef _OPENSSL_COMPAT_H
18 #define _OPENSSL_COMPAT_H
23 #include <openssl/opensslv.h>
24 #include <openssl/crypto.h>
25 #include <openssl/evp.h>
26 #include <openssl/rsa.h>
27 #include <openssl/dsa.h>
28 #ifdef OPENSSL_HAS_ECC
29 #include <openssl/ecdsa.h>
31 #include <openssl/dh.h>
33 int ssh_compatible_openssl(long, long);
34 void ssh_libcrypto_init(void);
36 #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
37 # error OpenSSL 1.1.0 or greater is required
39 #ifdef LIBRESSL_VERSION_NUMBER
40 # if LIBRESSL_VERSION_NUMBER < 0x3010000fL
41 # error LibreSSL 3.1.0 or greater is required
45 #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
46 # define OPENSSL_RSA_MAX_MODULUS_BITS 16384
48 #ifndef OPENSSL_DSA_MAX_MODULUS_BITS
49 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000
52 #ifdef LIBRESSL_VERSION_NUMBER
53 # if LIBRESSL_VERSION_NUMBER < 0x3010000fL
54 # define HAVE_BROKEN_CHACHA20
58 #ifdef OPENSSL_IS_BORINGSSL
60 * BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with
61 * the entire BN_set_flags() interface.
62 * https://boringssl.googlesource.com/boringssl/+/0a211dfe9
64 # define BN_set_flags(a, b)
67 #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
68 # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
69 # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
70 # else /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
71 int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
72 unsigned char *iv, size_t len);
73 # endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
74 #endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
76 #ifndef HAVE_EVP_CIPHER_CTX_SET_IV
77 int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
78 const unsigned char *iv, size_t len);
79 #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
81 #endif /* WITH_OPENSSL */
82 #endif /* _OPENSSL_COMPAT_H */