Commit Graph

28 Commits

Author SHA1 Message Date
Darren Tucker 16fb23f254 Reverse order of OpenSSL init functions.
Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).
2018-11-25 14:05:57 +11:00
Damien Miller 42c5ec4b97 refactor libcrypto initialisation
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev
2018-11-23 10:42:05 +11:00
Darren Tucker d0d1dfa55b Test for OPENSSL_init_crypto before using.
Check for the presence of OPENSSL_init_crypto and all the flags we want
before trying to use it (bz#2931).
2018-11-16 14:11:44 +11:00
Damien Miller c0a3526590 fix compile for openssl 1.0.x w/ --with-ssl-engine
bz#2921, patch from cotequeiroz
2018-10-23 16:19:56 +11:00
Damien Miller 08300c2114 unbreak compilation with --with-ssl-engine
Missing last argument to OPENSSL_init_crypto()
2018-10-17 08:12:02 +11:00
Damien Miller 4e23deefd7 Avoid deprecated OPENSSL_config when using 1.1.x
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
OPENSSL_init_crypto; pointed out by Jakub Jelen
2018-10-16 10:54:37 +11:00
Darren Tucker 1e8013a17f Remove obsolete CVS $Id from source files.
Since -portable switched to git the CVS $Id tags are no longer being
updated and are becoming increasingly misleading.  Remove them.
2016-08-17 14:08:42 +10:00
Darren Tucker c20dccb561 Strip trailing whitespace.
Mechanically strip trailing whitespace on files not synced with OpenBSD
(or in the case of bsd-snprint.c, rsync).
2016-08-02 09:44:25 +10:00
Damien Miller 72ef7c148c support --without-openssl at configure time
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.

Considered highly experimental for now.
2015-01-15 02:28:36 +11:00
Damien Miller 8668706d0f - djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
2014-07-02 15:28:02 +10:00
Darren Tucker 316fac6f18 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
   Move the OpenSSL header/library version test into its own function and add
   tests for it. Fix it to allow fix version upgrades (but not downgrades).
   Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
   ok djm@ chl@
2014-06-17 23:06:07 +10:00
Darren Tucker 4a20959d2e - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-13 16:38:32 +11:00
Darren Tucker 1357d71d7b - (dtucker) Fix typo in #ifndef. 2014-01-17 18:00:40 +11:00
Darren Tucker d23a91ffb2 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
openbsd-compat/openssl-compat.h]  Add compatibility layer for older
   openssl versions.  ok djm@
2014-01-17 17:32:30 +11:00
Darren Tucker d6548fe4cf - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
--with-ssl-engine which was broken with the change from deprecated
   SSLeay_add_all_algorithms().  ok djm
2011-05-10 11:13:36 +10:00
Darren Tucker 79241377df - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
RSA_get_default_method() for the benefit of openssl versions that don't
   have it (at least openssl-engine-0.9.6b).  Found and tested by Kevin Brott,
   ok djm@.
2011-01-22 09:37:01 +11:00
Darren Tucker 37bb7568ab - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
debugging.  Spotted by djm.
2010-12-05 08:46:05 +11:00
Darren Tucker ebdef76b5d - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
shims for the new, non-deprecated OpenSSL key generation functions for
   platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Darren Tucker 9e0ff7afc8 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00
Darren Tucker 19d32cb934 - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config()
after registering the hardware engines, which causes the openssl.cnf file to
   be processed.  See OpenSSL's man page for OPENSSL_config(3) for details.
   Patch from Solomon Peachy, ok djm@.
2010-01-29 10:54:11 +11:00
Darren Tucker 3e7e15f1bd - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
   in openssl 0.9.6) so add an explicit test for it.
2009-03-07 22:22:35 +11:00
Darren Tucker 8aae6ff0d9 - (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
   to use them.  Allows building with older OpenSSL versions.
2009-03-07 12:01:47 +11:00
Darren Tucker bfaaf960a0 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
   header to after OpenSSL headers, since some versions of OpenSSL have
   SSLeay_add_all_algorithms as a macro already.
2008-02-28 19:13:52 +11:00
Darren Tucker 935e20a3f0 - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle
headers so ./configure --with-ssl-engine actually works.  Patch from
   Ian Lister.
2008-02-25 21:13:47 +11:00
Darren Tucker 94413cf32b - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
compile in compat code if required.
2006-02-22 22:24:47 +11:00
Darren Tucker fabdb6c290 - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
Add optional enabling of OpenSSL's (hardware) Engine support, via
   configure --with-ssl-engine.  Based in part on a diff by michal at
   logix.cz.
2006-02-20 20:17:35 +11:00
Darren Tucker f0bd352429 - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
openbsd-compat/openssl-compat.c] only include openssl compat stuff where
   it's needed as it can cause conflicts elsewhere (eg xcrypt.c).  Found by
   and ok tim@
----------------------------------------------------------------------
automatically CVS: CVS: Committing in .  CVS: CVS: Modified Files:
----------------------------------------------------------------------
2005-06-17 21:15:20 +10:00
Darren Tucker a55ec77013 - (dtucker) [cipher.c openbsd-compat/Makefile.in
openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h]
   Move compatibility code for supporting older OpenSSL versions to the
   compat layer.  Suggested by and "no objection" djm@
2005-06-09 21:45:10 +10:00