diff options
author | Damien Miller <djm@mindrot.org> | 2018-11-23 10:40:06 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-11-23 10:42:05 +1100 |
commit | 42c5ec4b97b6a1bae70f323952d0646af16ce710 (patch) | |
tree | 6d85f7daebb7241b80bc91126f433dca62e850e8 /openbsd-compat | |
parent | 5b60b6c02009547a3e2a99d4886965de2a4719da (diff) |
refactor libcrypto initialisation
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
Diffstat (limited to 'openbsd-compat')
-rw-r--r-- | openbsd-compat/openssl-compat.c | 23 | ||||
-rw-r--r-- | openbsd-compat/openssl-compat.h | 22 |
2 files changed, 15 insertions, 30 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 5ade8f0ba..d8c00ebcb 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c | |||
@@ -66,26 +66,31 @@ ssh_compatible_openssl(long headerver, long libver) | |||
66 | return 0; | 66 | return 0; |
67 | } | 67 | } |
68 | 68 | ||
69 | #ifdef USE_OPENSSL_ENGINE | ||
70 | void | 69 | void |
71 | ssh_OpenSSL_add_all_algorithms(void) | 70 | ssh_libcrypto_init(void) |
72 | { | 71 | { |
72 | #if defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS) | ||
73 | OpenSSL_add_all_algorithms(); | 73 | OpenSSL_add_all_algorithms(); |
74 | #elif defined(HAVE_OPENSSL_INIT_CRYPTO) && \ | ||
75 | defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ | ||
76 | defined(OPENSSL_INIT_ADD_ALL_DIGESTS) | ||
77 | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | | ||
78 | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); | ||
79 | #endif | ||
74 | 80 | ||
81 | #ifdef USE_OPENSSL_ENGINE | ||
75 | /* Enable use of crypto hardware */ | 82 | /* Enable use of crypto hardware */ |
76 | ENGINE_load_builtin_engines(); | 83 | ENGINE_load_builtin_engines(); |
77 | ENGINE_register_all_complete(); | 84 | ENGINE_register_all_complete(); |
78 | 85 | ||
79 | #if defined(HAVE_OPENSSL_INIT_CRYPTO) && \ | 86 | /* Load the libcrypto config file to pick up engines defined there */ |
80 | defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \ | 87 | # if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG) |
81 | defined(OPENSSL_INIT_ADD_ALL_DIGESTS) && \ | ||
82 | defined(OPENSSL_INIT_LOAD_CONFIG) | ||
83 | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | | 88 | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | |
84 | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); | 89 | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); |
85 | #else | 90 | # else |
86 | OPENSSL_config(NULL); | 91 | OPENSSL_config(NULL); |
87 | #endif | 92 | # endif |
93 | #endif /* USE_OPENSSL_ENGINE */ | ||
88 | } | 94 | } |
89 | #endif | ||
90 | 95 | ||
91 | #endif /* WITH_OPENSSL */ | 96 | #endif /* WITH_OPENSSL */ |
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index b87ce59e7..917bc6f7c 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h | |||
@@ -31,6 +31,7 @@ | |||
31 | #include <openssl/dh.h> | 31 | #include <openssl/dh.h> |
32 | 32 | ||
33 | int ssh_compatible_openssl(long, long); | 33 | int ssh_compatible_openssl(long, long); |
34 | void ssh_libcrypto_init(void); | ||
34 | 35 | ||
35 | #if (OPENSSL_VERSION_NUMBER < 0x1000100fL) | 36 | #if (OPENSSL_VERSION_NUMBER < 0x1000100fL) |
36 | # error OpenSSL 1.0.1 or greater is required | 37 | # error OpenSSL 1.0.1 or greater is required |
@@ -92,27 +93,6 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); | |||
92 | # endif | 93 | # endif |
93 | #endif | 94 | #endif |
94 | 95 | ||
95 | /* | ||
96 | * We overload some of the OpenSSL crypto functions with ssh_* equivalents | ||
97 | * to automatically handle OpenSSL engine initialisation. | ||
98 | * | ||
99 | * In order for the compat library to call the real functions, it must | ||
100 | * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and | ||
101 | * implement the ssh_* equivalents. | ||
102 | */ | ||
103 | #ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS | ||
104 | |||
105 | # ifdef USE_OPENSSL_ENGINE | ||
106 | # ifdef OpenSSL_add_all_algorithms | ||
107 | # undef OpenSSL_add_all_algorithms | ||
108 | # endif | ||
109 | # define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() | ||
110 | # endif | ||
111 | |||
112 | void ssh_OpenSSL_add_all_algorithms(void); | ||
113 | |||
114 | #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ | ||
115 | |||
116 | /* LibreSSL/OpenSSL 1.1x API compat */ | 96 | /* LibreSSL/OpenSSL 1.1x API compat */ |
117 | #ifndef HAVE_DSA_GET0_PQG | 97 | #ifndef HAVE_DSA_GET0_PQG |
118 | void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, | 98 | void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, |