Open
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new wolfSSL integration patch targeting OpenSSH 10.3p1, intended to let the codebase build and run OpenSSH’s test suite when configured with --with-wolfssl.
Changes:
- Introduces
openssh-10.3p1.patchwith updates to OpenSSH build/configure logic for wolfSSL detection and feature flags. - Adds wolfSSL initialization/logging + RNG seeding hook wiring in the patched OpenSSH sources.
- Updates patched OpenSSH test harness behavior to enable wolfSSL debugging in unit tests.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| + wolfssl_fips=no | ||
| +fi | ||
| +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
| + if test "x$wolfssl_fips" == "xyes" ; then |
Comment on lines
+837
to
+838
| + if test "x$wolfssl_fips" == "xyes" ; then | ||
| + AC_DEFINE([USING_WOLFSSL_FIPS], [1], [Defined if using wolfSSL FIPS]) |
Comment on lines
+482
to
+491
| + #if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,2) | ||
| + # error macro not defined | ||
| + #endif | ||
| + | ||
| +_ACEOF | ||
| +if ac_fn_c_try_compile "$LINENO" | ||
| +then : | ||
| + wolfssl_fips_gt_52=no | ||
| +else $as_nop | ||
| + wolfssl_fips_gt_52=yes |
Comment on lines
+1052
to
+1056
| +#ifdef USING_WOLFSSL | ||
| + wolfSSL_Debugging_ON(); | ||
| + wolfSSL_SetLoggingCb(Logging_cb); | ||
| + wolfSSL_Init(); | ||
| +#ifndef WC_RNG_SEED_CB |
Comment on lines
+1005
to
+1009
| @@ -186,6 +186,40 @@ log_verbose_reset(void) | ||
| nlog_verbose = 0; | ||
| } | ||
|
|
||
| +static void Logging_cb(const int logLevel, const char *const logMessage) { |
Comment on lines
+973
to
+978
| + echo "WARNING : The OS X sandbox for renderer processes does not allow " | ||
| + echo "/dev/urandom to be opened. wolfSSL relies on /dev/urandom for entropy" | ||
| + echo ", including the generation of keys used for the peer-to-peer SSH " | ||
| + echo "negotiation/session establishment. If you would use the sandboxing " | ||
| + echo "mechanism, you must enable the access on /dev/urandom by adding " | ||
| + echo "the two lines below at the end of the OS X system file " |
| + fi | ||
| + if test -d "${wolfssl_install_dir}/include"; then | ||
| + if test -d "${wolfssl_install_dir}/include/wolfssl"; then | ||
| + CPPFLAGS="$CPPFLAGS -I${wolfssl_install_dir}/include -I${wolfssl_install_dir}/include/wolfssl" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.