[openssh-commits] [openssh] 02/03: Allow building with BoringSSL
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Mar 24 15:26:35 AEDT 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 3c527d55f906e6970d17c4cab6db90ae9e013235
Author: Damien Miller <djm at mindrot.org>
Date: Fri Mar 24 15:23:05 2023 +1100
Allow building with BoringSSL
---
openbsd-compat/openssl-compat.h | 9 +++++++++
sshkey.c | 6 ++++++
2 files changed, 15 insertions(+)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index d0dd2c34..f6796b3b 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -55,6 +55,15 @@ void ssh_libcrypto_init(void);
# endif
#endif
+#ifdef OPENSSL_IS_BORINGSSL
+/*
+ * BoringSSL (rightly) got rid of the BN_FLG_CONSTTIME flag, along with
+ * the entire BN_set_flags() interface.
+ * https://boringssl.googlesource.com/boringssl/+/0a211dfe9
+ */
+# define BN_set_flags(a, b)
+#endif
+
#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
# ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
# define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
diff --git a/sshkey.c b/sshkey.c
index 43712253..82af3184 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -3342,16 +3342,22 @@ translate_libcrypto_error(unsigned long pem_err)
case ERR_LIB_PEM:
switch (pem_reason) {
case PEM_R_BAD_PASSWORD_READ:
+#ifdef PEM_R_PROBLEMS_GETTING_PASSWORD
case PEM_R_PROBLEMS_GETTING_PASSWORD:
+#endif
+#ifdef PEM_R_BAD_DECRYPT
case PEM_R_BAD_DECRYPT:
+#endif
return SSH_ERR_KEY_WRONG_PASSPHRASE;
default:
return SSH_ERR_INVALID_FORMAT;
}
case ERR_LIB_EVP:
switch (pem_reason) {
+#ifdef EVP_R_BAD_DECRYPT
case EVP_R_BAD_DECRYPT:
return SSH_ERR_KEY_WRONG_PASSPHRASE;
+#endif
#ifdef EVP_R_BN_DECODE_ERROR
case EVP_R_BN_DECODE_ERROR:
#endif
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list