[openssh-commits] [openssh] 02/03: Remove remaining OpenSSL_add_all_algorithms() calls.

Thu Nov 13 22:15:26 AEDT 2025

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 90501bc30ca94fa5443e2b7e2072d5d454587ef8
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Thu Nov 13 22:04:19 2025 +1100

    Remove remaining OpenSSL_add_all_algorithms() calls.
    
    We already have OPENSSL_init_crypto() in the compat layer (now with a
    check of its return code, prompted by tb@). Prompted by github PR#606
    from Dimitri John Ledkov.  ok beck@
---
 configure.ac                    |  9 ---------
 openbsd-compat/openssl-compat.c | 22 +++++++---------------
 2 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/configure.ac b/configure.ac
index f7e9d4184..60d45716b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3160,15 +3160,6 @@ if test "x$openssl" = "xyes" ; then
 		RSA_get_default_method \
 	])
 
-	# OpenSSL_add_all_algorithms may be a macro.
-	AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
-	    AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
-	    AC_CHECK_DECL(OpenSSL_add_all_algorithms,
-		AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
-		[[#include <openssl/evp.h>]]
-	    )
-	)
-
 	# LibreSSL/OpenSSL API differences
 	AC_CHECK_FUNCS([ \
 		EC_POINT_get_affine_coordinates \
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 48938920c..ffbb4439d 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -72,28 +72,20 @@ ssh_compatible_openssl(long headerver, long libver)
 void
 ssh_libcrypto_init(void)
 {
-#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
-      defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
-      defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
-	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
-	    OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
-#elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
-	OpenSSL_add_all_algorithms();
-#endif
+	uint64_t opts = OPENSSL_INIT_ADD_ALL_CIPHERS |
+	    OPENSSL_INIT_ADD_ALL_DIGESTS;
 
 #ifdef	USE_OPENSSL_ENGINE
 	/* Enable use of crypto hardware */
 	ENGINE_load_builtin_engines();
 	ENGINE_register_all_complete();
 
-	/* Load the libcrypto config file to pick up engines defined there */
-# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
-	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
-	    OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
-# else
-	OPENSSL_config(NULL);
-# endif
+	/* Tell libcrypto config file to pick up engines defined there */
+	opts |= OPENSSL_INIT_LOAD_CONFIG;
 #endif /* USE_OPENSSL_ENGINE */
+
+	if (OPENSSL_init_crypto(opts, NULL) != 1)
+		fatal("OPENSSL_init_crypto failed");
 }
 
 #ifndef HAVE_EVP_DIGESTSIGN

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
