Call for testing: OpenSSH 7.9
Jakub Jelen
jjelen at redhat.com
Wed Oct 17 05:13:39 AEDT 2018
On Mon, 2018-10-15 at 10:18 +1100, Damien Miller wrote:
> On Fri, 12 Oct 2018, Jakub Jelen wrote:
>
> > Something like this can be used to properly initialize new OpenSSL
> > versions:
> >
> > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long
> > libver)
> > void
> > ssh_OpenSSL_add_all_algorithms(void)
> > {
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > OpenSSL_add_all_algorithms();
> >
> > /* Enable use of crypto hardware */
> > ENGINE_load_builtin_engines();
> > +#if OPENSSL_VERSION_NUMBER < 0x10001000L
> > ENGINE_register_all_complete();
> > +#endif
> > OPENSSL_config(NULL);
> > +#else
> > + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS |
> > + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG,
> > NULL);
> > +#endif
>
> I don't think the #ifs match the #endifs properly here - it leaves
> the OPENSSL_init_crypto() call inside a #if OPENSSL_VERSION_NUMBER <
> 0x10100000L...
>
> IMO this is simpler and better preserves the current flow of the
> code.
> OpenSSL_add_all_algorithms() isn't marked as deprecated in the
> OpenSSL
> headers, is used elsewhere in OpenSSH and is still used in most of
> OpenSSL's demos/*, so I don't see any need to skip that ATM.
>
> diff --git a/openbsd-compat/openssl-compat.c b/openbsd-
> compat/openssl-compat.c
> index 259fccbe..762358f0 100644
> --- a/openbsd-compat/openssl-compat.c
> +++ b/openbsd-compat/openssl-compat.c
> @@ -75,7 +75,13 @@ ssh_OpenSSL_add_all_algorithms(void)
> /* Enable use of crypto hardware */
> ENGINE_load_builtin_engines();
> ENGINE_register_all_complete();
> +
> +#if OPENSSL_VERSION_NUMBER < 0x10001000L
> OPENSSL_config(NULL);
> +#else
> + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
> + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG);
> +#endif
> }
> #endif
The version in the last snap 20181017 (master commit [1]) is actually
missing the last (NULL) argument so the master/snap does not compile at
all now with new OpenSSL.
[1] https://github.com/openssh/openssh-portable/commit/4e23deef
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
More information about the openssh-unix-dev
mailing list