refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
author: Damien Miller <djm@mindrot.org> 2018-11-23 10:40:06 +1100
committer: Damien Miller <djm@mindrot.org> 2018-11-23 10:42:05 +1100
commit: 42c5ec4b97b6a1bae70f323952d0646af16ce710 (patch)
tree: 6d85f7daebb7241b80bc91126f433dca62e850e8 /openbsd-compat/openssl-compat.h
parent: 5b60b6c02009547a3e2a99d4886965de2a4719da (diff)
1 files changed, 1 insertions, 21 deletions
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index b87ce59e7..917bc6f7c 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -31,6 +31,7 @@
 #include <openssl/dh.h>
 int ssh_compatible_openssl(long, long);
+void ssh_libcrypto_init(void);
 #if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
 # error OpenSSL 1.0.1 or greater is required
@@ -92,27 +93,6 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
 # endif
 #endif
-/*
- * We overload some of the OpenSSL crypto functions with ssh_* equivalents
- * to automatically handle OpenSSL engine initialisation.
- *
- * In order for the compat library to call the real functions, it must
- * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
- * implement the ssh_* equivalents.
- */
-#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS
-# ifdef USE_OPENSSL_ENGINE
-#  ifdef OpenSSL_add_all_algorithms
-#   undef OpenSSL_add_all_algorithms
-#  endif
-#  define OpenSSL_add_all_algorithms()  ssh_OpenSSL_add_all_algorithms()
-# endif
-void ssh_OpenSSL_add_all_algorithms(void);
-#endif  /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
 /* LibreSSL/OpenSSL 1.1x API compat */
 #ifndef HAVE_DSA_GET0_PQG
 void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
author	Damien Miller <djm@mindrot.org>	2018-11-23 10:40:06 +1100
committer	Damien Miller <djm@mindrot.org>	2018-11-23 10:42:05 +1100
commit	42c5ec4b97b6a1bae70f323952d0646af16ce710 (patch)
tree	6d85f7daebb7241b80bc91126f433dca62e850e8 /openbsd-compat/openssl-compat.h
parent	5b60b6c02009547a3e2a99d4886965de2a4719da (diff)

diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index b87ce59e7..917bc6f7c 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h
@@ -31,6 +31,7 @@
31	#include <openssl/dh.h>	31	#include <openssl/dh.h>
32		32
33	int ssh_compatible_openssl(long, long);	33	int ssh_compatible_openssl(long, long);
		34	void ssh_libcrypto_init(void);
34		35
35	#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)	36	#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
36	# error OpenSSL 1.0.1 or greater is required	37	# error OpenSSL 1.0.1 or greater is required
@@ -92,27 +93,6 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX , int, u_char , size_t);
92	# endif	93	# endif
93	#endif	94	#endif
94		95
95	/*
96	* We overload some of the OpenSSL crypto functions with ssh_* equivalents
97	* to automatically handle OpenSSL engine initialisation.
98	*
99	* In order for the compat library to call the real functions, it must
100	* define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
101	* implement the ssh_* equivalents.
102	*/
103	#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS
104
105	# ifdef USE_OPENSSL_ENGINE
106	# ifdef OpenSSL_add_all_algorithms
107	# undef OpenSSL_add_all_algorithms
108	# endif
109	# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms()
110	# endif
111
112	void ssh_OpenSSL_add_all_algorithms(void);
113
114	#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
115
116	/* LibreSSL/OpenSSL 1.1x API compat */	96	/* LibreSSL/OpenSSL 1.1x API compat */
117	#ifndef HAVE_DSA_GET0_PQG	97	#ifndef HAVE_DSA_GET0_PQG
118	void DSA_get0_pqg(const DSA d, const BIGNUM p, const BIGNUM *q,	98	void DSA_get0_pqg(const DSA d, const BIGNUM p, const BIGNUM *q,