diff options
Diffstat (limited to 'crypto_openssl.c')
-rw-r--r-- | crypto_openssl.c | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/crypto_openssl.c b/crypto_openssl.c index 9e547b4..9edcf40 100644 --- a/crypto_openssl.c +++ b/crypto_openssl.c @@ -51,6 +51,127 @@ /* * + * Workarounds for incompatibilites between OpenSSL libraries. + * Right now we accept OpenSSL libraries from 0.9.5 to 0.9.7. + * + */ + +#if SSLEAY_VERSION_NUMBER < 0x00907000L + +#endif + +#if SSLEAY_VERSION_NUMBER < 0x00906000 + +static inline bool +cipher_ok (const char* name) +{ + const int i = strlen (name) - 4; + if (i >= 0) + return !strcmp (name + i, "-CBC"); + else + return false; +} + +#else + +static inline bool +cipher_ok (const char* name) +{ + return true; +} + +#endif + +#if SSLEAY_VERSION_NUMBER < 0x0090581f + +#endif + +void +show_available_ciphers () +{ + int nid; + +#ifndef ENABLE_SMALL + printf ("The following ciphers and cipher modes are available\n" + "for use with " PACKAGE_NAME ". Each cipher shown below may be\n" + "used as a parameter to the --cipher option. The default\n" + "key size is shown as well as whether or not it can be\n" + "changed with the --keysize directive. Using a CBC mode\n" + "is recommended.\n\n"); +#endif + + for (nid = 0; nid < 10000; ++nid) /* is there a better way to get the size of the nid list? */ + { + const EVP_CIPHER *cipher = EVP_get_cipherbynid (nid); + if (cipher && cipher_ok (OBJ_nid2sn (nid))) + { + const unsigned int mode = EVP_CIPHER_mode (cipher); + if (mode == EVP_CIPH_CBC_MODE +#ifdef ALLOW_NON_CBC_CIPHERS + || mode == EVP_CIPH_CFB_MODE || mode == EVP_CIPH_OFB_MODE +#endif + ) + printf ("%s %d bit default key (%s)\n", + OBJ_nid2sn (nid), + EVP_CIPHER_key_length (cipher) * 8, + ((EVP_CIPHER_flags (cipher) & EVP_CIPH_VARIABLE_LENGTH) ? + "variable" : "fixed")); + } + } + printf ("\n"); +} + +void +show_available_digests () +{ + int nid; + +#ifndef ENABLE_SMALL + printf ("The following message digests are available for use with\n" + PACKAGE_NAME ". A message digest is used in conjunction with\n" + "the HMAC function, to authenticate received packets.\n" + "You can specify a message digest as parameter to\n" + "the --auth option.\n\n"); +#endif + + for (nid = 0; nid < 10000; ++nid) + { + const EVP_MD *digest = EVP_get_digestbynid (nid); + if (digest) + { + printf ("%s %d bit digest size\n", + OBJ_nid2sn (nid), EVP_MD_size (digest) * 8); + } + } + printf ("\n"); +} + +void +show_available_engines () +{ +#if CRYPTO_ENGINE /* Only defined for OpenSSL */ + ENGINE *e; + + printf ("OpenSSL Crypto Engines\n\n"); + + ENGINE_load_builtin_engines (); + + e = ENGINE_get_first (); + while (e) + { + printf ("%s [%s]\n", + ENGINE_get_name (e), + ENGINE_get_id (e)); + e = ENGINE_get_next (e); + } + ENGINE_cleanup (); +#else + printf ("Sorry, OpenSSL hardware crypto engine functionality is not available.\n"); +#endif +} + +/* + * * Random number functions, used in cases where we want * reasonably strong cryptographic random number generation * without depleting our entropy pool. Used for random |