Call for testing: OpenSSH 7.9
Jakub Jelen
jjelen at redhat.com
Tue Oct 16 21:04:56 AEDT 2018
On Mon, 2018-10-15 at 08:32 +0200, Corinna Vinschen wrote:
> On Oct 15 10:18, Damien Miller wrote:
> > On Fri, 12 Oct 2018, Jakub Jelen wrote:
> >
> > > Something like this can be used to properly initialize new
> > > OpenSSL
> > > versions:
> > >
> > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long
> > > libver)
> > > void
> > > ssh_OpenSSL_add_all_algorithms(void)
> > > {
> > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > > OpenSSL_add_all_algorithms();
> > >
> > > /* Enable use of crypto hardware */
> > > ENGINE_load_builtin_engines();
> > > +#if OPENSSL_VERSION_NUMBER < 0x10001000L
> > > ENGINE_register_all_complete();
> > > +#endif
> > > OPENSSL_config(NULL);
> > > +#else
> > > + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS |
> > > + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG,
> > > NULL);
> > > +#endif
> >
> > I don't think the #ifs match the #endifs properly here - it leaves
> > the OPENSSL_init_crypto() call inside a #if OPENSSL_VERSION_NUMBER
> > <
> > 0x10100000L...
>
> #if bracketing is correct, afaics:
>
> #if OPENSSL_VERSION_NUMBER < 0x10100000L
> #if OPENSSL_VERSION_NUMBER < 0x10001000L
> #endif
> #else
> #endif
You are right.
> There's only one OPENSSL_INIT_ADD_ALL_DIGESTS too many.
Good catch. The one of them should probably have been
OPENSSL_INIT_ENGINE_ALL_BUILTIN.
The OpenSSL_add_all_algorithms() is described as deprecated in the
official documentation [1] and matches the functionality of the new
call OPENSSL_init_crypto().
[1]
https://www.openssl.org/docs/man1.1.0/crypto/OpenSSL_add_all_algorithms.html
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
More information about the openssh-unix-dev
mailing list