Call for testing: OpenSSH 7.9
Jakub Jelen
jjelen at redhat.com
Wed Oct 17 05:43:08 AEDT 2018
On Tue, 2018-10-16 at 20:13 +0200, Jakub Jelen wrote:
> On Mon, 2018-10-15 at 10:18 +1100, Damien Miller wrote:
> > On Fri, 12 Oct 2018, Jakub Jelen wrote:
> >
> > > Something like this can be used to properly initialize new
> > > OpenSSL
> > > versions:
> > >
> > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long
> > > libver)
> > > void
> > > ssh_OpenSSL_add_all_algorithms(void)
> > > {
> > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > > OpenSSL_add_all_algorithms();
> > >
> > > /* Enable use of crypto hardware */
> > > ENGINE_load_builtin_engines();
> > > +#if OPENSSL_VERSION_NUMBER < 0x10001000L
> > > ENGINE_register_all_complete();
> > > +#endif
> > > OPENSSL_config(NULL);
> > > +#else
> > > + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS |
> > > + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG,
> > > NULL);
> > > +#endif
> >
> > I don't think the #ifs match the #endifs properly here - it leaves
> > the OPENSSL_init_crypto() call inside a #if OPENSSL_VERSION_NUMBER
> > <
> > 0x10100000L...
> >
> > IMO this is simpler and better preserves the current flow of the
> > code.
> > OpenSSL_add_all_algorithms() isn't marked as deprecated in the
> > OpenSSL
> > headers, is used elsewhere in OpenSSH and is still used in most of
> > OpenSSL's demos/*, so I don't see any need to skip that ATM.
> >
> > diff --git a/openbsd-compat/openssl-compat.c b/openbsd-
> > compat/openssl-compat.c
> > index 259fccbe..762358f0 100644
> > --- a/openbsd-compat/openssl-compat.c
> > +++ b/openbsd-compat/openssl-compat.c
> > @@ -75,7 +75,13 @@ ssh_OpenSSL_add_all_algorithms(void)
> > /* Enable use of crypto hardware */
> > ENGINE_load_builtin_engines();
> > ENGINE_register_all_complete();
> > +
> > +#if OPENSSL_VERSION_NUMBER < 0x10001000L
> > OPENSSL_config(NULL);
> > +#else
> > + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
> > + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG);
> > +#endif
> > }
> > #endif
>
> The version in the last snap 20181017 (master commit [1]) is actually
> missing the last (NULL) argument so the master/snap does not compile
> at
> all now with new OpenSSL.
>
> [1] https://github.com/openssh/openssh-portable/commit/4e23deef
After fixing the missing argument above, all the tests pass for me on
Fedora 28 with OpenSSL 1.1.0
Thanks,
Jakub
More information about the openssh-unix-dev
mailing list