[openssh-commits] [openssh] 02/02: Prefer OpenSSL's SHA256 in sk-dummy.so

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Jul 27 10:30:25 AEST 2023


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 0fa803a1dd1c7b546c166000e23a869cf6c4ec10
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Thu Jul 27 02:25:09 2023 +1000

    Prefer OpenSSL's SHA256 in sk-dummy.so
    
    Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be
    built without OpenSSL.  In many cases, however, including both libc's
    and OpenSSL's headers together caused conflicting definitions.
    
    We tried working around this (on OpenSSL <1.1 you could define
    OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with
    varying levels of success.  Since OpenSSL >=1.1 removed OPENSSL_NO_SHA
    and including most OpenSSL headers would bring sha.h in, even if it
    wasn't used directly this was a constant hassle.
    
    Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at
    all.  ok djm@
---
 regress/misc/sk-dummy/sk-dummy.c | 39 +++++++++------------------------------
 1 file changed, 9 insertions(+), 30 deletions(-)

diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c
index 79593956..347b2122 100644
--- a/regress/misc/sk-dummy/sk-dummy.c
+++ b/regress/misc/sk-dummy/sk-dummy.c
@@ -24,41 +24,11 @@
 #include <stdio.h>
 #include <stddef.h>
 #include <stdarg.h>
-#ifdef HAVE_SHA2_H
-#include <sha2.h>
-#endif
 
 #include "crypto_api.h"
 #include "sk-api.h"
 
-#if defined(WITH_OPENSSL) && !defined(OPENSSL_HAS_ECC)
-# undef WITH_OPENSSL
-#endif
-
 #ifdef WITH_OPENSSL
-/*
- * We use native (or compat) SHA2, but some bits of OpenSSL conflict with
- * some native sha2 implementations.  SHA2 is no longer optional in OpenSSL,
- * so prevent conflicts as best we can.
- */
-#define USE_LIBC_SHA2	/* NetBSD 9 */
-#define SHA256_CTX	openssl_SHA256_CTX
-#define SHA512_CTX	openssl_SHA512_CTX
-#ifdef SHA1
-# undef SHA1
-#endif
-#ifdef SHA224
-# undef SHA224
-#endif
-#ifdef SHA256
-# undef SHA256
-#endif
-#ifdef SHA384
-# undef SHA384
-#endif
-#ifdef SHA512
-# undef SHA512
-#endif
 #include <openssl/opensslv.h>
 #include <openssl/sha.h>
 #include <openssl/crypto.h>
@@ -67,6 +37,15 @@
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/pem.h>
+
+/* Use OpenSSL SHA256 instead of libc */
+#define SHA256Init(x)		SHA256_Init(x)
+#define SHA256Update(x, y, z)	SHA256_Update(x, y, z)
+#define SHA256Final(x, y)	SHA256_Final(x, y)
+#define SHA2_CTX		SHA256_CTX
+
+#elif defined(HAVE_SHA2_H)
+#include <sha2.h>
 #endif /* WITH_OPENSSL */
 
 /* #define SK_DEBUG 1 */

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list