Re: Call for testing: OpenSSH 7.9

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 2018-10-15 at 08:32 +0200, Corinna Vinschen wrote:
> On Oct 15 10:18, Damien Miller wrote:
> > On Fri, 12 Oct 2018, Jakub Jelen wrote:
> > 
> > > Something like this can be used to properly initialize new
> > > OpenSSL
> > > versions:
> > > 
> > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long
> > > libver)
> > >  void
> > >  ssh_OpenSSL_add_all_algorithms(void)
> > >  {
> > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > >  	OpenSSL_add_all_algorithms();
> > >  
> > >  	/* Enable use of crypto hardware */
> > >  	ENGINE_load_builtin_engines();
> > > +#if OPENSSL_VERSION_NUMBER < 0x10001000L
> > >  	ENGINE_register_all_complete();
> > > +#endif
> > >  	OPENSSL_config(NULL);
> > > +#else
> > > +	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS |
> > > +	    OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG,
> > > NULL);
> > > +#endif
> > 
> > I don't think the #ifs match the #endifs properly here - it leaves
> > the OPENSSL_init_crypto() call inside a #if OPENSSL_VERSION_NUMBER
> > <
> > 0x10100000L...
> 
> #if bracketing is correct, afaics:
> 
> #if OPENSSL_VERSION_NUMBER < 0x10100000L
>   #if OPENSSL_VERSION_NUMBER < 0x10001000L
>   #endif
> #else
> #endif

You are right.

> There's only one OPENSSL_INIT_ADD_ALL_DIGESTS too many.

Good catch. The one of them should probably have been
OPENSSL_INIT_ENGINE_ALL_BUILTIN.

The OpenSSL_add_all_algorithms() is described as deprecated in the
official documentation [1] and matches the functionality of the new
call OPENSSL_init_crypto().

[1] 
https://www.openssl.org/docs/man1.1.0/crypto/OpenSSL_add_all_algorithms.html
 

-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux