From 4e23deefd7959ef83c73ed9cce574423438f6133 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 16 Oct 2018 10:51:52 +1100 Subject: Avoid deprecated OPENSSL_config when using 1.1.x OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of OPENSSL_init_crypto; pointed out by Jakub Jelen --- openbsd-compat/openssl-compat.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'openbsd-compat/openssl-compat.c') diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 259fccbec..762358f06 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -75,7 +75,13 @@ ssh_OpenSSL_add_all_algorithms(void) /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); + +#if OPENSSL_VERSION_NUMBER < 0x10001000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG); +#endif } #endif -- cgit v1.2.3 From 08300c211409c212e010fe2e2f2883e573a04ce2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 Oct 2018 08:12:02 +1100 Subject: unbreak compilation with --with-ssl-engine Missing last argument to OPENSSL_init_crypto() --- openbsd-compat/openssl-compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openbsd-compat/openssl-compat.c') diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 762358f06..8b4a36274 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -80,7 +80,7 @@ ssh_OpenSSL_add_all_algorithms(void) OPENSSL_config(NULL); #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | - OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG); + OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); #endif } #endif -- cgit v1.2.3 From 690051b3aa4ff72af57e4a82d640858357eef820 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 9 Feb 2014 16:10:14 +0000 Subject: Don't check the status field of the OpenSSL version There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch --- openbsd-compat/openssl-compat.c | 6 +++--- openbsd-compat/regress/opensslvertest.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'openbsd-compat/openssl-compat.c') diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 8b4a36274..ea0b0c9fb 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -34,7 +34,7 @@ /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status * We match major, minor, fix and status (not patch) for <1.0.0. - * After that, we acceptable compatible fix versions (so we + * After that, we accept compatible fix and status versions (so we * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed * within a patch series. */ @@ -55,10 +55,10 @@ ssh_compatible_openssl(long headerver, long libver) } /* - * For versions >= 1.0.0, major,minor,status must match and library + * For versions >= 1.0.0, major,minor must match and library * fix version must be equal to or newer than the header. */ - mask = 0xfff0000fL; /* major,minor,status */ + mask = 0xfff00000L; /* major,minor */ hfix = (headerver & 0x000ff000) >> 12; lfix = (libver & 0x000ff000) >> 12; if ( (headerver & mask) == (libver & mask) && lfix >= hfix) diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c index 5d019b598..58474873d 100644 --- a/openbsd-compat/regress/opensslvertest.c +++ b/openbsd-compat/regress/opensslvertest.c @@ -35,6 +35,7 @@ struct version_test { /* built with 1.0.1b release headers */ { 0x1000101fL, 0x1000101fL, 1},/* exact match */ + { 0x1000101fL, 0x10001010L, 1}, /* different status: ok */ { 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */ { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */ { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */ -- cgit v1.2.3