]> jfr.im git - solanum.git/blame - librb/src/openssl_ratbox.h
projects / solanum.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
librb: Avoid unused variable warning
[solanum.git] / librb / src / openssl_ratbox.h
CommitLineData
73470f0b
AJ		 1/*
2 * libratbox: a library used by ircd-ratbox and other things
3 * openssl_ratbox.h: OpenSSL backend data
4 *
5 * Copyright (C) 2015-2016 Aaron Jones <aaronmdjones@gmail.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
20 * USA
21 *
22 */
23
24#ifndef LRB_OPENSSL_H_INC
25#define LRB_OPENSSL_H_INC 1
26
27#include <openssl/dh.h>
28#include <openssl/ec.h>
29#include <openssl/err.h>
30#include <openssl/evp.h>
31#include <openssl/rand.h>
32#include <openssl/ssl.h>
33
34#include <openssl/opensslv.h>
35
36/*
37 * A long time ago, in a world far away, OpenSSL had a well-established mechanism for ensuring compatibility with
38 * regards to added, changed, and removed functions, by having an SSLEAY_VERSION_NUMBER macro. This was then
39 * renamed to OPENSSL_VERSION_NUMBER, but the old macro was kept around for compatibility until OpenSSL version
40 * 1.1.0.
41 *
42 * Then the OpenBSD developers decided that having OpenSSL in their codebase was a bad idea. They forked it to
43 * create LibreSSL, gutted all of the functionality they didn't want or need, and generally improved the library
44 * a lot. Then, as the OpenBSD developers are want to do, they packaged up LibreSSL for release to other
45 * operating systems, as LibreSSL Portable. Think along the lines of OpenSSH where they have also done this.
46 *
47 * The fun part of this story ends there. LibreSSL has an OPENSSL_VERSION_NUMBER macro, but they have set it to a
48 * stupidly high value, version 2.0. OpenSSL version 2.0 does not exist, and LibreSSL 2.2 does not implement
49 * everything OpenSSL 1.0.2 or 1.1.0 do. This completely breaks the entire purpose of the macro.
50 *
51 * The ifdef soup below is for LibreSSL compatibility. Please find whoever thought setting OPENSSL_VERSION_NUMBER
52 * to a version that does not exist was a good idea. Encourage them to realise that it is not. -- amdj
53 */
54
55#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
56# define LRB_SSL_NO_EXPLICIT_INIT 1
57#endif
58
59#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10002000L)
60# define LRB_HAVE_TLS_SET_CURVES 1
61# if (OPENSSL_VERSION_NUMBER < 0x10100000L)
62# define LRB_HAVE_TLS_ECDH_AUTO 1
63# endif
64#endif
65
66#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
67# define LRB_HAVE_TLS_METHOD_API 1
68#else
69# if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
70# define LRB_HAVE_TLS_METHOD_API 1
71# endif
72#endif
73
74#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
75# define LRB_SSL_VTEXT_COMPILETIME OPENSSL_VERSION_TEXT
76# define LRB_SSL_VTEXT_RUNTIME OpenSSL_version(OPENSSL_VERSION)
77# define LRB_SSL_VNUM_COMPILETIME OPENSSL_VERSION_NUMBER
78# define LRB_SSL_VNUM_RUNTIME OpenSSL_version_num()
79# define LRB_SSL_FULL_VERSION_INFO 1
80#else
81# if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x20200000L)
82# define LRB_SSL_VTEXT_RUNTIME SSLeay_version(SSLEAY_VERSION)
83# define LRB_SSL_VNUM_COMPILETIME LIBRESSL_VERSION_NUMBER
84# else
85# define LRB_SSL_VTEXT_RUNTIME SSLeay_version(SSLEAY_VERSION)
86# define LRB_SSL_VNUM_COMPILETIME SSLEAY_VERSION_NUMBER
87# endif
88#endif
89
f7f1c504
AJ		 90#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER > 0x10101000L)
91# define LRB_HAVE_TLS_ECDH_X25519 1
92#else
93# if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER > 0x2050100fL)
94# define LRB_HAVE_TLS_ECDH_X25519 1
95# endif
96#endif
97
73470f0b
AJ		 98
99
100/*
42e6fbaa
AJ		 101 * Default supported ciphersuites (if the user does not provide any) and
102 * curves (OpenSSL 1.0.2+). Hardcoded secp384r1 (NIST P-384) is used on
103 * OpenSSL 1.0.0 and 1.0.1 (if available).
104 *
105 * We prefer AEAD ciphersuites first in order of strength, then SHA2
106 * ciphersuites, then remaining suites.
73470f0b
AJ		 107 */
108
42e6fbaa
AJ		 109static const char rb_default_ciphers[] = ""
110 "aECDSA+kEECDH+CHACHA20:"
111 "aRSA+kEECDH+CHACHA20:"
112 "aRSA+kEDH+CHACHA20:"
113 "aECDSA+kEECDH+AESGCM:"
114 "aRSA+kEECDH+AESGCM:"
115 "aRSA+kEDH+AESGCM:"
116 "aECDSA+kEECDH+AESCCM:"
117 "aRSA+kEECDH+AESCCM:"
118 "aRSA+kEDH+AESCCM:"
119 "@STRENGTH:"
120 "aECDSA+kEECDH+HIGH+SHA384:"
121 "aRSA+kEECDH+HIGH+SHA384:"
122 "aRSA+kEDH+HIGH+SHA384:"
123 "aECDSA+kEECDH+HIGH+SHA256:"
124 "aRSA+kEECDH+HIGH+SHA256:"
125 "aRSA+kEDH+HIGH+SHA256:"
126 "aECDSA+kEECDH+HIGH:"
127 "aRSA+kEECDH+HIGH:"
128 "aRSA+kEDH+HIGH:"
129 "HIGH:"
130 "!3DES:"
131 "!aNULL";
132
73470f0b 133#ifdef LRB_HAVE_TLS_SET_CURVES
f7f1c504
AJ		 134# ifdef LRB_HAVE_TLS_ECDH_X25519
135static char rb_default_curves[] = "X25519:P-521:P-384:P-256";
136# else
137static char rb_default_curves[] = "P-521:P-384:P-256";
138# endif
73470f0b
AJ		 139#endif
140
141#endif /* LRB_OPENSSL_H_INC */
Fork of solanum ircd, history is rebased regularly