[Bug 3873] New: Don't include an unused EVP_CIPHER_CTX_get_iv() stub
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Oct 7 05:44:57 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3873
Bug ID: 3873
Summary: Don't include an unused EVP_CIPHER_CTX_get_iv() stub
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: FreeBSD
Status: NEW
Severity: trivial
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: jlduran at gmail.com
Created attachment 3902
--> https://bugzilla.mindrot.org/attachment.cgi?id=3902&action=edit
FreeBSD patch
Obtained from FreeBSD, verbatim commit message:
This stub isn't actually used on modern versions of OpenSSL for which
OpenSSH uses EVP_CIPHER_CTX_get_updated_iv instead via a wrapper macro.
However, the wrapper macro conflicted with the existing namespace
macro triggering an error on GCC:
In file included from crypto/openssh/sshd-session.c:65:
crypto/openssh/openbsd-compat/openssl-compat.h:71:11: error:
"EVP_CIPHER_CTX_get_iv" redefined [-Werror]
71 | # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
| ^~~~~~~~~~~~~~~~~~~~~
In file included from <command-line>:
crypto/openssh/ssh_namespace.h:12:9: note: this is the location of the
previous definition
12 | #define EVP_CIPHER_CTX_get_iv
Fssh_EVP_CIPHER_CTX_get_iv
| ^~~~~~~~~~~~~~~~~~~~~
The error was masked on clang due to MIT krb5 adding a blanket
-Wno-macro-redefined. Building sshd-session without Kerberos support
was sufficient to trigger a warning from clang.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list