Mailing List Archive

[PATCH] ssh: Add missing openssl-compat.h where needed
OpenSSL_add_all_algorithms has been deprecated with 1.1. Compatibility
is needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
ssh-keysign.c | 1 +
ssh_api.c | 2 ++
2 files changed, 3 insertions(+)

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 744ecb4f..bcd1508c 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -40,6 +40,7 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
+#include "openbsd-compat/openssl-compat.h"
#endif

#include "xmalloc.h"
diff --git a/ssh_api.c b/ssh_api.c
index c84b4e71..e727c0d6 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -29,6 +29,8 @@
#include "ssherr.h"
#include "sshbuf.h"

+#include "openbsd-compat/openssl-compat.h"
+
#include <string.h>

int _ssh_exchange_banner(struct ssh *);
--
2.19.1

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: [PATCH] ssh: Add missing openssl-compat.h where needed [ In reply to ]
On 22 October 2018 at 14:39, Rosen Penev <rosenp@gmail.com> wrote:

> OpenSSL_add_all_algorithms has been deprecated with 1.1. Compatibility
> is needed.
>

Applied, thanks (master and the 7.9 branch) and will be in the next release.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: [PATCH] ssh: Add missing openssl-compat.h where needed [ In reply to ]
On Mon, Oct 22, 2018 at 2:13 AM Darren Tucker <dtucker@dtucker.net> wrote:
>
> On 22 October 2018 at 14:39, Rosen Penev <rosenp@gmail.com> wrote:
>>
>> OpenSSL_add_all_algorithms has been deprecated with 1.1. Compatibility
>> is needed.
>
>
> Applied, thanks (master and the 7.9 branch) and will be in the next release.
Thanks.

Embarrassingly, this is not the patch I meant to send. That is, this
patch is incomplete.

If engine support for OpenSSL is enabled, OpenSSL_add_all_algorithms
gets converted to the ssh_ equivalent, which itself uses that
function.

I don't compile in engine or deprecated API support, making the whole
thing fail. I don't know what the proper solution is in the context of
OpenSSH. I just #ifdef it all out.
>
> --
> Darren Tucker (dtucker at dtucker.net)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev