On Mon, 2018-10-15 at 08:32 +0200, Corinna Vinschen wrote: > On Oct 15 10:18, Damien Miller wrote: > > On Fri, 12 Oct 2018, Jakub Jelen wrote: > > > > > Something like this can be used to properly initialize new > > > OpenSSL > > > versions: > > > > > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long > > > libver) > > > void > > > ssh_OpenSSL_add_all_algorithms(void) > > > { > > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > > > OpenSSL_add_all_algorithms(); > > > > > > /* Enable use of crypto hardware */ > > > ENGINE_load_builtin_engines(); > > > +#if OPENSSL_VERSION_NUMBER < 0x10001000L > > > ENGINE_register_all_complete(); > > > +#endif > > > OPENSSL_config(NULL); > > > +#else > > > + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS | > > > + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, > > > NULL); > > > +#endif > > > > I don't think the #ifs match the #endifs properly here - it leaves > > the OPENSSL_init_crypto() call inside a #if OPENSSL_VERSION_NUMBER > > < > > 0x10100000L... > > #if bracketing is correct, afaics: > > #if OPENSSL_VERSION_NUMBER < 0x10100000L > #if OPENSSL_VERSION_NUMBER < 0x10001000L > #endif > #else > #endif You are right. > There's only one OPENSSL_INIT_ADD_ALL_DIGESTS too many. Good catch. The one of them should probably have been OPENSSL_INIT_ENGINE_ALL_BUILTIN. The OpenSSL_add_all_algorithms() is described as deprecated in the official documentation [1] and matches the functionality of the new call OPENSSL_init_crypto(). [1] https://www.openssl.org/docs/man1.1.0/crypto/OpenSSL_add_all_algorithms.html -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev