Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Dev

ssh_SSLeay_add_all_algorithms()

  

 
OpenSSH dev RSS feed   Index | Next | Previous | View Threaded


rdugal at certicom

Sep 8, 2011, 6:33 AM

Post #1 of 6 (667 views)
Permalink
ssh_SSLeay_add_all_algorithms()
I am confused on how ssh_SSLeay_add_all_algorithms() get used in the ssh applications for openssh-5.7p1 and later releases.
I don't see any of the applications making calls to ssh_SSLeay_add_all_algorithms().
There is a macro that redefines SSLeay_add_all_algorithms() to ssh_SSLeay_add_all_algorithms() but I don't see any code calling SSLeay_add_all_algorithms().


In openssh-5.6p1 and earlier releases (I looked as far back as openssh-4.7p1) all these sources below have calls to SSLeay_add_all_algorithms(),
which means that when configured --with-ssl-engine would get replaced as ssh_SSLeay_add_all_algorithms():
ssh-add.c
ssh-agent.c
ssh-keygen.c
ssh-keysign.c
ssh.c
sshd.c

But starting with openssh-5.7p1 these calls are all gone.
Is this a bug or can anyone explain how this should work in 5.6p1 and later?

SSLeay_add_all_algorithms() is replaced with OpenSSL_add_all_algorithms().

--
Robert Dugal Team Lead SSL & PKI Group
Certicom Corp. A Subsidiary of Research In Motion
4701 Tahoe Blvd., Building A
Mississauga, ON
L4W 0B5

rdugal [at] certicom
direct        +1.289.261.4148
mobile       +1.416.276.8062
main          +1.905.507.4220
fax              +1.905.507.4230
www.certicom.com



---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


rdugal at certicom

Sep 8, 2011, 6:49 AM

Post #2 of 6 (652 views)
Permalink
RE: ssh_SSLeay_add_all_algorithms() [In reply to]
Please disregard my earlier post. I believe I have figured out the answer myself.

It looks like beginning with 5.7p1 calls to SSLeay_add_all_algorithms() were replaced with OpenSSL_add_all_algorithms().
In OpenSSL 1.0.0d the include file evp.h then redefines OpenSSL_add_all_algorithms() to either OPENSSL_add_all_algorithms_conf() or OPENSSL_add_all_algorithms_noconf() depending on whether OPENSSL_LOAD_CONF is defined. It also defines SSLeay_add_all_algorithms() as OpenSSL_add_all_algorithms().
OPENSSL_add_all_algorithms_conf() is basically equivalent to ssh_SSLeay_add_all_algorithms().

So ssh_SSLeay_add_all_algorithms() isn't needed with OpenSSL 1.0.0d and probably for several other versions of openssl.



--
Robert Dugal Team Lead SSL & PKI Group
Certicom Corp. A Subsidiary of Research In Motion
4701 Tahoe Blvd., Building A
Mississauga, ON
L4W 0B5

rdugal [at] certicom
direct        +1.289.261.4148
mobile       +1.416.276.8062
main          +1.905.507.4220
fax              +1.905.507.4230
www.certicom.com


-----Original Message-----
From: Robert Dugal
Sent: Thursday, September 08, 2011 9:33 AM
To: openssh-unix-dev [at] mindrot
Subject: ssh_SSLeay_add_all_algorithms()

I am confused on how ssh_SSLeay_add_all_algorithms() get used in the ssh applications for openssh-5.7p1 and later releases.
I don't see any of the applications making calls to ssh_SSLeay_add_all_algorithms().
There is a macro that redefines SSLeay_add_all_algorithms() to ssh_SSLeay_add_all_algorithms() but I don't see any code calling SSLeay_add_all_algorithms().


In openssh-5.6p1 and earlier releases (I looked as far back as openssh-4.7p1) all these sources below have calls to SSLeay_add_all_algorithms(),
which means that when configured --with-ssl-engine would get replaced as ssh_SSLeay_add_all_algorithms():
ssh-add.c
ssh-agent.c
ssh-keygen.c
ssh-keysign.c
ssh.c
sshd.c

But starting with openssh-5.7p1 these calls are all gone.
Is this a bug or can anyone explain how this should work in 5.6p1 and later?

SSLeay_add_all_algorithms() is replaced with OpenSSL_add_all_algorithms().

--
Robert Dugal Team Lead SSL & PKI Group
Certicom Corp. A Subsidiary of Research In Motion
4701 Tahoe Blvd., Building A
Mississauga, ON
L4W 0B5

rdugal [at] certicom
direct        +1.289.261.4148
mobile       +1.416.276.8062
main          +1.905.507.4220
fax              +1.905.507.4230
www.certicom.com



---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


openssh at roumenpetrov

Sep 8, 2011, 11:47 AM

Post #3 of 6 (663 views)
Permalink
Re: ssh_SSLeay_add_all_algorithms() [In reply to]
Robert Dugal wrote:
> Please disregard my earlier post. I believe I have figured out the answer myself.
>
> It looks like beginning with 5.7p1 calls to SSLeay_add_all_algorithms() were replaced with OpenSSL_add_all_algorithms().
> In OpenSSL 1.0.0d the include file evp.h then redefines OpenSSL_add_all_algorithms() to either OPENSSL_add_all_algorithms_conf() or OPENSSL_add_all_algorithms_noconf() depending on whether OPENSSL_LOAD_CONF is defined. It also defines SSLeay_add_all_algorithms() as OpenSSL_add_all_algorithms().
> OPENSSL_add_all_algorithms_conf() is basically equivalent to ssh_SSLeay_add_all_algorithms().
>
> So ssh_SSLeay_add_all_algorithms() isn't needed with OpenSSL 1.0.0d and probably for several other versions of openssl.
>

The difference is if you configure with --enable-engine (see
openssl-compat.h).

Roumen


--
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


openssh at roumenpetrov

Sep 8, 2011, 11:52 AM

Post #4 of 6 (654 views)
Permalink
Re: ssh_SSLeay_add_all_algorithms() [In reply to]
P.S. correction flag is --with-ssl-engine

Roumen Petrov wrote:
> Robert Dugal wrote:
>> Please disregard my earlier post. I believe I have figured out the
>> answer myself.
>>
>> It looks like beginning with 5.7p1 calls to
>> SSLeay_add_all_algorithms() were replaced with
>> OpenSSL_add_all_algorithms().
>> In OpenSSL 1.0.0d the include file evp.h then redefines
>> OpenSSL_add_all_algorithms() to either
>> OPENSSL_add_all_algorithms_conf() or
>> OPENSSL_add_all_algorithms_noconf() depending on whether
>> OPENSSL_LOAD_CONF is defined. It also defines
>> SSLeay_add_all_algorithms() as OpenSSL_add_all_algorithms().
>> OPENSSL_add_all_algorithms_conf() is basically equivalent to
>> ssh_SSLeay_add_all_algorithms().
>>
>> So ssh_SSLeay_add_all_algorithms() isn't needed with OpenSSL 1.0.0d
>> and probably for several other versions of openssl.
>
> The difference is if you configure with --enable-engine (see
> openssl-compat.h).
>
> Roumen


--
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


rdugal at certicom

Sep 9, 2011, 3:46 AM

Post #5 of 6 (655 views)
Permalink
RE: ssh_SSLeay_add_all_algorithms() [In reply to]
I am using the --with-ssl-engine option when I configure.
However, because the ssh apps no longer call SSLeay_add_all_algorithms() this option basically does nothing. The option will result in ssh_SSLeay_add_all_algorithms() code being compiled but because there are no references to that function in the ssh apps, in most cases it will get stripped from the ssh apps.

The ssh apps call OpenSSL_add_all_algorithms() which is not affected by the preprocessor definitions added by the --with-ssl-engine option.
I looked at openssl 1.0.0d and openssl 0.9.7a.
They both define OpenSSL_add_all_algorithms() as OPENSSL_add_all_algorithms_conf() or OPENSSL_add_all_algorithms_noconf() depending on whether OPENSSL_LOAD_CONF is defined.

--
Robert Dugal Team Lead SSL & PKI Group
Certicom Corp. A Subsidiary of Research In Motion
4701 Tahoe Blvd., Building A
Mississauga, ON
L4W 0B5

rdugal [at] certicom
direct        +1.289.261.4148
mobile       +1.416.276.8062
main          +1.905.507.4220
fax              +1.905.507.4230
www.certicom.com


-----Original Message-----
From: Roumen Petrov [mailto:openssh [at] roumenpetrov]
Sent: Thursday, September 08, 2011 2:52 PM
To: Robert Dugal
Cc: OpenSSH Devel List
Subject: Re: ssh_SSLeay_add_all_algorithms()

P.S. correction flag is --with-ssl-engine

Roumen Petrov wrote:
> Robert Dugal wrote:
>> Please disregard my earlier post. I believe I have figured out the
>> answer myself.
>>
>> It looks like beginning with 5.7p1 calls to
>> SSLeay_add_all_algorithms() were replaced with
>> OpenSSL_add_all_algorithms().
>> In OpenSSL 1.0.0d the include file evp.h then redefines
>> OpenSSL_add_all_algorithms() to either
>> OPENSSL_add_all_algorithms_conf() or
>> OPENSSL_add_all_algorithms_noconf() depending on whether
>> OPENSSL_LOAD_CONF is defined. It also defines
>> SSLeay_add_all_algorithms() as OpenSSL_add_all_algorithms().
>> OPENSSL_add_all_algorithms_conf() is basically equivalent to
>> ssh_SSLeay_add_all_algorithms().
>>
>> So ssh_SSLeay_add_all_algorithms() isn't needed with OpenSSL 1.0.0d
>> and probably for several other versions of openssl.
>
> The difference is if you configure with --enable-engine (see
> openssl-compat.h).
>
> Roumen


--
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/


---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


dtucker at zip

Sep 9, 2011, 8:58 PM

Post #6 of 6 (643 views)
Permalink
Re: ssh_SSLeay_add_all_algorithms() [In reply to]
On Fri, Sep 9, 2011 at 8:46 PM, Robert Dugal <rdugal [at] certicom> wrote:
> I am using the --with-ssl-engine option when I configure.
> However, because the ssh apps no longer call SSLeay_add_all_algorithms()
> this option basically does nothing.

FYI that was fixed for the 5.9p1 release:
http://anoncvs.mindrot.org/index.cgi/openssh/openbsd-compat/openssl-compat.c?r1=1.13&r2=1.14

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.