git: 79041942fa9a - stable/14 - openssh: Don't include an unused EVP_CIPHER_CTX_get_iv() stub
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 20 Jan 2026 19:43:38 UTC
The branch stable/14 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=79041942fa9a4496c11f437e323fb0fc767fcce5
commit 79041942fa9a4496c11f437e323fb0fc767fcce5
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2025-08-08 17:43:56 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2026-01-20 19:42:08 +0000
openssh: Don't include an unused EVP_CIPHER_CTX_get_iv() stub
This stub isn't actually used on modern versions of OpenSSL for which
OpenSSH uses EVP_CIPHER_CTX_get_updated_iv instead via a wrapper macro.
However, the wrapper macro conflicted with the existing namespace
macro triggering an error on GCC:
In file included from crypto/openssh/sshd-session.c:65:
crypto/openssh/openbsd-compat/openssl-compat.h:71:11: error: "EVP_CIPHER_CTX_get_iv" redefined [-Werror]
71 | # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
| ^~~~~~~~~~~~~~~~~~~~~
In file included from <command-line>:
crypto/openssh/ssh_namespace.h:12:9: note: this is the location of the previous definition
12 | #define EVP_CIPHER_CTX_get_iv Fssh_EVP_CIPHER_CTX_get_iv
| ^~~~~~~~~~~~~~~~~~~~~
The error was masked on clang due to MIT krb5 adding a blanket
-Wno-macro-redefined. Building sshd-session without Kerberos support
was sufficient to trigger a warning from clang.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D51810
(cherry picked from commit e8633bc76ad935fa44156034713c608477bc3da0)
---
crypto/openssh/openbsd-compat/libressl-api-compat.c | 8 +++++---
crypto/openssh/ssh_namespace.h | 1 -
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/crypto/openssh/openbsd-compat/libressl-api-compat.c b/crypto/openssh/openbsd-compat/libressl-api-compat.c
index 59be17397c56..2381df57ac2b 100644
--- a/crypto/openssh/openbsd-compat/libressl-api-compat.c
+++ b/crypto/openssh/openbsd-compat/libressl-api-compat.c
@@ -26,6 +26,7 @@
#include <openssl/evp.h>
#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
+# ifndef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
int
EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
{
@@ -44,14 +45,15 @@ EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
if (len != 0) {
if (iv == NULL)
return 0;
-# ifdef HAVE_EVP_CIPHER_CTX_IV
+# ifdef HAVE_EVP_CIPHER_CTX_IV
memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len);
-# else
+# else
memcpy(iv, ctx->iv, len);
-# endif /* HAVE_EVP_CIPHER_CTX_IV */
+# endif /* HAVE_EVP_CIPHER_CTX_IV */
}
return 1;
}
+# endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
diff --git a/crypto/openssh/ssh_namespace.h b/crypto/openssh/ssh_namespace.h
index 7a0c73f2d312..0fa812218c06 100644
--- a/crypto/openssh/ssh_namespace.h
+++ b/crypto/openssh/ssh_namespace.h
@@ -9,7 +9,6 @@
#define Blowfish_initstate Fssh_Blowfish_initstate
#define Blowfish_stream2word Fssh_Blowfish_stream2word
#define Decode Fssh_Decode
-#define EVP_CIPHER_CTX_get_iv Fssh_EVP_CIPHER_CTX_get_iv
#define EVP_CIPHER_CTX_set_iv Fssh_EVP_CIPHER_CTX_set_iv
#define Encode Fssh_Encode
#define Hide Fssh_Hide