refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev

configure.ac

@@ -2671,8 +2671,8 @@ if test "x$openssl" = "xyes" ; then
 
 	AC_MSG_CHECKING([if programs using OpenSSL functions will link])
 	AC_LINK_IFELSE(
-		[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
-		[[ OpenSSL_add_all_algorithms(); ]])],
+		[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
+		[[ ERR_load_crypto_strings(); ]])],
 		[
 			AC_MSG_RESULT([yes])
 		],
@@ -2682,8 +2682,8 @@ if test "x$openssl" = "xyes" ; then
 			LIBS="$LIBS -ldl"
 			AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
 			AC_LINK_IFELSE(
-				[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
-				[[ OpenSSL_add_all_algorithms(); ]])],
+				[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
+				[[ ERR_load_crypto_strings(); ]])],
 				[
 					AC_MSG_RESULT([yes])
 				],
@@ -2698,15 +2698,16 @@ if test "x$openssl" = "xyes" ; then
 	AC_CHECK_FUNCS([ \
 		BN_is_prime_ex \
 		DSA_generate_parameters_ex \
-		EVP_DigestInit_ex \
+		EVP_CIPHER_CTX_ctrl \
 		EVP_DigestFinal_ex \
-		EVP_MD_CTX_init \
+		EVP_DigestInit_ex \
 		EVP_MD_CTX_cleanup \
 		EVP_MD_CTX_copy_ex \
+		EVP_MD_CTX_init \
 		HMAC_CTX_init \
+		OpenSSL_add_all_algorithms \
 		RSA_generate_key_ex \
 		RSA_get_default_method \
-		EVP_CIPHER_CTX_ctrl \
 	])
 	# LibreSSL/OpenSSL 1.1x API
 	AC_CHECK_FUNCS([ \

entropy.c

@@ -56,6 +56,8 @@
 #include "sshbuf.h"
 #include "ssherr.h"
 
+#define RANDOM_SEED_SIZE 48
+
 /*
  * Portable OpenSSH PRNG seeding:
  * If OpenSSL has not "internally seeded" itself (e.g. pulled data from
@@ -64,8 +66,6 @@
  */
 #ifndef OPENSSL_PRNG_ONLY
 
-#define RANDOM_SEED_SIZE 48
-
 /*
  * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
  * listening either on 'tcp_port', or via Unix domain socket at *
@@ -216,9 +216,11 @@ rexec_recv_rng_seed(struct sshbuf *m)
 void
 seed_rng(void)
 {
-#ifndef OPENSSL_PRNG_ONLY
 	unsigned char buf[RANDOM_SEED_SIZE];
-#endif
+
+	/* Initialise libcrypto */
+	ssh_libcrypto_init();
+
 	if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER,
 	    OpenSSL_version_num()))
 		fatal("OpenSSL version mismatch. Built against %lx, you "
@@ -226,27 +228,34 @@ seed_rng(void)
 		    OpenSSL_version_num());
 
 #ifndef OPENSSL_PRNG_ONLY
-	if (RAND_status() == 1) {
+	if (RAND_status() == 1)
 		debug3("RNG is ready, skipping seeding");
-		return;
+	else {
+		if (seed_from_prngd(buf, sizeof(buf)) == -1)
+			fatal("Could not obtain seed from PRNGd");
+		RAND_add(buf, sizeof(buf), sizeof(buf));
 	}
-
-	if (seed_from_prngd(buf, sizeof(buf)) == -1)
-		fatal("Could not obtain seed from PRNGd");
-	RAND_add(buf, sizeof(buf), sizeof(buf));
-	memset(buf, '\0', sizeof(buf));
-
 #endif /* OPENSSL_PRNG_ONLY */
+
 	if (RAND_status() != 1)
 		fatal("PRNG is not seeded");
+
+	/* Ensure arc4random() is primed */
+	arc4random_buf(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 #else /* WITH_OPENSSL */
 
-/* Handled in arc4random() */
+/* Acutal initialisation is handled in arc4random() */
 void
 seed_rng(void)
 {
+	unsigned char buf[RANDOM_SEED_SIZE];
+
+	/* Ensure arc4random() is primed */
+	arc4random_buf(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 #endif /* WITH_OPENSSL */

openbsd-compat/openssl-compat.c

@@ -66,26 +66,31 @@ ssh_compatible_openssl(long headerver, long libver)
 	return 0;
 }
 
-#ifdef	USE_OPENSSL_ENGINE
 void
-ssh_OpenSSL_add_all_algorithms(void)
+ssh_libcrypto_init(void)
 {
+#if defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
 	OpenSSL_add_all_algorithms();
+#elif defined(HAVE_OPENSSL_INIT_CRYPTO) && \
+      defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
+      defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
+	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
+	    OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+#endif
 
+#ifdef	USE_OPENSSL_ENGINE
 	/* Enable use of crypto hardware */
 	ENGINE_load_builtin_engines();
 	ENGINE_register_all_complete();
 
-#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
-     defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
-     defined(OPENSSL_INIT_ADD_ALL_DIGESTS) && \
-     defined(OPENSSL_INIT_LOAD_CONFIG)
+	/* Load the libcrypto config file to pick up engines defined there */
+# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
 	    OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
-#else
+# else
 	OPENSSL_config(NULL);
-#endif
+# endif
+#endif /* USE_OPENSSL_ENGINE */
 }
-#endif
 
 #endif /* WITH_OPENSSL */

openbsd-compat/openssl-compat.h

@@ -31,6 +31,7 @@
 #include <openssl/dh.h>
 
 int ssh_compatible_openssl(long, long);
+void ssh_libcrypto_init(void);
 
 #if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
 # error OpenSSL 1.0.1 or greater is required
@@ -92,27 +93,6 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
 # endif
 #endif
 
-/*
- * We overload some of the OpenSSL crypto functions with ssh_* equivalents
- * to automatically handle OpenSSL engine initialisation.
- *
- * In order for the compat library to call the real functions, it must
- * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
- * implement the ssh_* equivalents.
- */
-#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS
-
-# ifdef USE_OPENSSL_ENGINE
-#  ifdef OpenSSL_add_all_algorithms
-#   undef OpenSSL_add_all_algorithms
-#  endif
-#  define OpenSSL_add_all_algorithms()  ssh_OpenSSL_add_all_algorithms()
-# endif
-
-void ssh_OpenSSL_add_all_algorithms(void);
-
-#endif	/* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
-
 /* LibreSSL/OpenSSL 1.1x API compat */
 #ifndef HAVE_DSA_GET0_PQG
 void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,

regress/unittests/sshkey/tests.c

@@ -7,8 +7,6 @@
 
 #include "includes.h"
 
-#include <openssl/evp.h>
-
 #include "../test_helper/test_helper.h"
 
 void sshkey_tests(void);
@@ -18,9 +16,6 @@ void sshkey_fuzz_tests(void);
 void
 tests(void)
 {
-	OpenSSL_add_all_algorithms();
-	ERR_load_CRYPTO_strings();
-
 	sshkey_tests();
 	sshkey_file_tests();
 	sshkey_fuzz_tests();

regress/unittests/test_helper/test_helper.c

@@ -35,11 +35,13 @@
 #include <signal.h>
 
 #include <openssl/bn.h>
+#include <openssl/err.h>
 
 #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
 # include <vis.h>
 #endif
 
+#include "entropy.h"
 #include "test_helper.h"
 #include "atomicio.h"
 
@@ -123,6 +125,9 @@ main(int argc, char **argv)
 {
 	int ch;
 
+	seed_rng();
+	ERR_load_CRYPTO_strings();
+
 	/* Handle systems without __progname */
 	if (__progname == NULL) {
 		__progname = strrchr(argv[0], '/');

scp.c

@@ -400,6 +400,8 @@ main(int argc, char **argv)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+	seed_rng();
+
 	msetlocale();
 
 	/* Copy argv, because we modify it */

sftp-server-main.c

@@ -43,6 +43,8 @@ main(int argc, char **argv)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+	seed_rng();
+
 	if ((user_pw = getpwuid(getuid())) == NULL) {
 		fprintf(stderr, "No user found for uid %lu\n",
 		    (u_long)getuid());

sftp.c

@@ -2367,6 +2367,8 @@ main(int argc, char **argv)
 	sanitise_stdfd();
 	msetlocale();
 
+	seed_rng();
+
 	__progname = ssh_get_progname(argv[0]);
 	memset(&args, '\0', sizeof(args));
 	args.list = NULL;

ssh-add.c

@@ -544,10 +544,6 @@ main(int argc, char **argv)
 	__progname = ssh_get_progname(argv[0]);
 	seed_rng();
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-#endif
-
 	setvbuf(stdout, NULL, _IOLBF, 0);
 
 	/* First, get a connection to the authentication agent. */

ssh-agent.c

@@ -1095,10 +1095,6 @@ main(int ac, char **av)
 	if (getrlimit(RLIMIT_NOFILE, &rlim) == -1)
 		fatal("%s: getrlimit: %s", __progname, strerror(errno));
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-#endif
-
 	__progname = ssh_get_progname(av[0]);
 	seed_rng();
 

ssh-keygen.c

@@ -2459,13 +2459,10 @@ main(int argc, char **argv)
 
 	__progname = ssh_get_progname(argv[0]);
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-#endif
-	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
-
 	seed_rng();
 
+	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+
 	msetlocale();
 
 	/* we need this for the home * directory.  */

ssh-keysign.c

@@ -174,9 +174,6 @@ main(int argc, char **argv)
 	u_char *signature, *data, rver;
 	char *host, *fp;
 	size_t slen, dlen;
-#ifdef WITH_OPENSSL
-	u_int32_t rnd[256];
-#endif
 
 	ssh_malloc_init();	/* must be called before any mallocs */
 	if (pledge("stdio rpath getpw dns id", NULL) != 0)
@@ -224,12 +221,6 @@ main(int argc, char **argv)
 	if (found == 0)
 		fatal("could not open any host key");
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-	arc4random_buf(rnd, sizeof(rnd));
-	RAND_seed(rnd, sizeof(rnd));
-#endif
-
 	found = 0;
 	for (i = 0; i < NUM_KEYTYPES; i++) {
 		keys[i] = NULL;

ssh.c

@@ -610,6 +610,8 @@ main(int ac, char **av)
 	av = saved_av;
 #endif
 
+	seed_rng();
+
 	/*
 	 * Discard other fds that are hanging around. These can cause problem
 	 * with backgrounded ssh processes started by ControlPersist.
@@ -1036,11 +1038,6 @@ main(int ac, char **av)
 
 	host_arg = xstrdup(host);
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-	ERR_load_crypto_strings();
-#endif
-
 	/* Initialize the command to execute on remote host. */
 	if ((command = sshbuf_new()) == NULL)
 		fatal("sshbuf_new failed");
@@ -1264,8 +1261,6 @@ main(int ac, char **av)
 		tty_flag = 0;
 	}
 
-	seed_rng();
-
 	if (options.user == NULL)
 		options.user = xstrdup(pw->pw_name);
 

ssh_api.c

@@ -81,9 +81,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 	int r;
 
 	if (!called) {
-#ifdef WITH_OPENSSL
-		OpenSSL_add_all_algorithms();
-#endif /* WITH_OPENSSL */
+		seed_rng();
 		called = 1;
 	}
 

sshd.c

@@ -1510,6 +1510,8 @@ main(int ac, char **av)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+	seed_rng();
+
 	/* Initialize configuration options to their default values. */
 	initialize_server_options(&options);
 
@@ -1631,10 +1633,6 @@ main(int ac, char **av)
 	else
 		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-#endif
-
 	/* If requested, redirect the logs to the specified logfile. */
 	if (logfile != NULL)
 		log_redirect_stderr_to(logfile);
@@ -1677,8 +1675,6 @@ main(int ac, char **av)
 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
 	    cfg, NULL);
 
-	seed_rng();
-
 	/* Fill in default values for those options not explicitly set. */
 	fill_default_server_options(&options);