git: e8633bc76ad9 - main - openssh: Don't include an unused EVP_CIPHER_CTX_get_iv() stub

John Baldwin Fri, 08 Aug 2025 11:06:25 -0700

The branch main has been updated by jhb:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=e8633bc76ad935fa44156034713c608477bc3da0


commit e8633bc76ad935fa44156034713c608477bc3da0
Author:     John Baldwin <j...@freebsd.org>
AuthorDate: 2025-08-08 17:43:56 +0000
Commit:     John Baldwin <j...@freebsd.org>
CommitDate: 2025-08-08 17:43:56 +0000

    openssh: Don't include an unused EVP_CIPHER_CTX_get_iv() stub
    
    This stub isn't actually used on modern versions of OpenSSL for which
    OpenSSH uses EVP_CIPHER_CTX_get_updated_iv instead via a wrapper macro.
    
    However, the wrapper macro conflicted with the existing namespace
    macro triggering an error on GCC:
    
    In file included from crypto/openssh/sshd-session.c:65:
    crypto/openssh/openbsd-compat/openssl-compat.h:71:11: error: 
"EVP_CIPHER_CTX_get_iv" redefined [-Werror]
       71 | #  define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
          |           ^~~~~~~~~~~~~~~~~~~~~
    In file included from <command-line>:
    crypto/openssh/ssh_namespace.h:12:9: note: this is the location of the 
previous definition
       12 | #define EVP_CIPHER_CTX_get_iv                   
Fssh_EVP_CIPHER_CTX_get_iv
          |         ^~~~~~~~~~~~~~~~~~~~~
    
    The error was masked on clang due to MIT krb5 adding a blanket
    -Wno-macro-redefined.  Building sshd-session without Kerberos support
    was sufficient to trigger a warning from clang.
    
    Reviewed by:    des
    Differential Revision:  https://reviews.freebsd.org/D51810
---
 crypto/openssh/openbsd-compat/libressl-api-compat.c | 8 +++++---
 crypto/openssh/ssh_namespace.h                      | 1 -
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/crypto/openssh/openbsd-compat/libressl-api-compat.c 
b/crypto/openssh/openbsd-compat/libressl-api-compat.c
index 59be17397c56..2381df57ac2b 100644
--- a/crypto/openssh/openbsd-compat/libressl-api-compat.c
+++ b/crypto/openssh/openbsd-compat/libressl-api-compat.c
@@ -26,6 +26,7 @@
 #include <openssl/evp.h>
 
 #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
+# ifndef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
 int
 EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
 {
@@ -44,14 +45,15 @@ EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned 
char *iv, size_t len)
        if (len != 0) {
                if (iv == NULL)
                        return 0;
-# ifdef HAVE_EVP_CIPHER_CTX_IV
+#  ifdef HAVE_EVP_CIPHER_CTX_IV
                memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len);
-# else
+#  else
                memcpy(iv, ctx->iv, len);
-# endif /* HAVE_EVP_CIPHER_CTX_IV */
+#  endif /* HAVE_EVP_CIPHER_CTX_IV */
        }
        return 1;
 }
+# endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
 #endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
 
 #ifndef HAVE_EVP_CIPHER_CTX_SET_IV
diff --git a/crypto/openssh/ssh_namespace.h b/crypto/openssh/ssh_namespace.h
index 2b8cc8cabe5b..371303bb55f2 100644
--- a/crypto/openssh/ssh_namespace.h
+++ b/crypto/openssh/ssh_namespace.h
@@ -9,7 +9,6 @@
 #define Blowfish_initstate                     Fssh_Blowfish_initstate
 #define Blowfish_stream2word                   Fssh_Blowfish_stream2word
 #define Decode                                 Fssh_Decode
-#define EVP_CIPHER_CTX_get_iv                  Fssh_EVP_CIPHER_CTX_get_iv
 #define EVP_CIPHER_CTX_set_iv                  Fssh_EVP_CIPHER_CTX_set_iv
 #define Encode                                 Fssh_Encode
 #define Hide                                   Fssh_Hide

git: e8633bc76ad9 - main - openssh: Don't include an unused EVP_CIPHER_CTX_get_iv() stub

Reply via email to