ssh_SSLeay_add_all_algorithms()
Robert Dugal
rdugal at certicom.com
Fri Sep 9 20:46:59 EST 2011
I am using the --with-ssl-engine option when I configure.
However, because the ssh apps no longer call SSLeay_add_all_algorithms() this option basically does nothing. The option will result in ssh_SSLeay_add_all_algorithms() code being compiled but because there are no references to that function in the ssh apps, in most cases it will get stripped from the ssh apps.
The ssh apps call OpenSSL_add_all_algorithms() which is not affected by the preprocessor definitions added by the --with-ssl-engine option.
I looked at openssl 1.0.0d and openssl 0.9.7a.
They both define OpenSSL_add_all_algorithms() as OPENSSL_add_all_algorithms_conf() or OPENSSL_add_all_algorithms_noconf() depending on whether OPENSSL_LOAD_CONF is defined.
--
Robert Dugal Team Lead SSL & PKI Group
Certicom Corp. A Subsidiary of Research In Motion
4701 Tahoe Blvd., Building A
Mississauga, ON
L4W 0B5
rdugal at certicom.com
direct +1.289.261.4148
mobile +1.416.276.8062
main +1.905.507.4220
fax +1.905.507.4230
www.certicom.com
-----Original Message-----
From: Roumen Petrov [mailto:openssh at roumenpetrov.info]
Sent: Thursday, September 08, 2011 2:52 PM
To: Robert Dugal
Cc: OpenSSH Devel List
Subject: Re: ssh_SSLeay_add_all_algorithms()
P.S. correction flag is --with-ssl-engine
Roumen Petrov wrote:
> Robert Dugal wrote:
>> Please disregard my earlier post. I believe I have figured out the
>> answer myself.
>>
>> It looks like beginning with 5.7p1 calls to
>> SSLeay_add_all_algorithms() were replaced with
>> OpenSSL_add_all_algorithms().
>> In OpenSSL 1.0.0d the include file evp.h then redefines
>> OpenSSL_add_all_algorithms() to either
>> OPENSSL_add_all_algorithms_conf() or
>> OPENSSL_add_all_algorithms_noconf() depending on whether
>> OPENSSL_LOAD_CONF is defined. It also defines
>> SSLeay_add_all_algorithms() as OpenSSL_add_all_algorithms().
>> OPENSSL_add_all_algorithms_conf() is basically equivalent to
>> ssh_SSLeay_add_all_algorithms().
>>
>> So ssh_SSLeay_add_all_algorithms() isn't needed with OpenSSL 1.0.0d
>> and probably for several other versions of openssl.
>
> The difference is if you configure with --enable-engine (see
> openssl-compat.h).
>
> Roumen
--
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
More information about the openssh-unix-dev
mailing list