On Fri, 12 Oct 2018, Jakub Jelen wrote: > Something like this can be used to properly initialize new OpenSSL > versions: > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver) > void > ssh_OpenSSL_add_all_algorithms(void) > { > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > OpenSSL_add_all_algorithms(); > > /* Enable use of crypto hardware */ > ENGINE_load_builtin_engines(); > +#if OPENSSL_VERSION_NUMBER < 0x10001000L > ENGINE_register_all_complete(); > +#endif > OPENSSL_config(NULL); > +#else > + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS | > + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, > NULL); > +#endif I don't think the #ifs match the #endifs properly here - it leaves the OPENSSL_init_crypto() call inside a #if OPENSSL_VERSION_NUMBER < 0x10100000L... IMO this is simpler and better preserves the current flow of the code. OpenSSL_add_all_algorithms() isn't marked as deprecated in the OpenSSL headers, is used elsewhere in OpenSSH and is still used in most of OpenSSL's demos/*, so I don't see any need to skip that ATM. diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 259fccbe..762358f0 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -75,7 +75,13 @@ ssh_OpenSSL_add_all_algorithms(void) /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); + +#if OPENSSL_VERSION_NUMBER < 0x10001000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG); +#endif } #endif _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev