updated comments and changed openssh integration script

aws · Aug 29, 2024 · bf49206 · bf49206
1 parent ed46cde
commit bf49206
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
@@ -236,28 +236,41 @@ OPENSSL_EXPORT const RSA_METHOD *RSA_get_method(const RSA *rsa);
 // RSA_meth_free frees the memory associated with |meth|
 OPENSSL_EXPORT void RSA_meth_free(RSA_METHOD *meth);
 
+// RSA_METHOD setters
 // The following functions set the corresponding fields on |meth|. Returns one
 // on success and zero on failure.
+
+// RSA_meth_set_init sets |init| on |meth|.
 OPENSSL_EXPORT int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa));
 
+// RSA_meth_set_finish sets |finish| on |meth|. The |finish| function
+// is called in |RSA_free| before freeing the key.
 OPENSSL_EXPORT int RSA_meth_set_finish(RSA_METHOD *meth,
                                        int (*finish) (RSA *rsa));
 
+// RSA_meth_set_priv_dec sets |priv_dec| on |meth|. The |priv_dec| function
+// should return the number of bytes written to the object |to| or -1 for error.
 OPENSSL_EXPORT int RSA_meth_set_priv_dec(RSA_METHOD *meth,
                           int (*priv_dec) (int max_out, const uint8_t *from,
                                            uint8_t *to, RSA *rsa,
                                            int padding));
 
+// RSA_meth_set_priv_enc sets |priv_enc| on |meth|. The |priv_enc| function
+// should return the number of bytes written to the object |to| or -1 for error.
 OPENSSL_EXPORT int RSA_meth_set_priv_enc(RSA_METHOD *meth,
                           int (*priv_enc) (int max_out, const uint8_t *from,
                                            uint8_t *to, RSA *rsa,
                                            int padding));
 
+// RSA_meth_set_pub_dec sets |pub_dec| on |meth|. The |pub_dec| function
+// should return the number of bytes written to the object |to| or -1 for error.
 OPENSSL_EXPORT int RSA_meth_set_pub_dec(RSA_METHOD *meth,
                          int (*pub_dec) (int max_out, const uint8_t *from,
                                          uint8_t *to, RSA *rsa,
                                          int padding));
 
+// RSA_meth_set_pub_enc sets |pub_enc| on |meth|. The |pub_enc| function
+// should return the number of bytes written to the object |to| or -1 for error.
 OPENSSL_EXPORT int RSA_meth_set_pub_enc(RSA_METHOD *meth,
                          int (*pub_enc) (int max_out, const uint8_t *from,
                                          uint8_t *to, RSA *rsa,

diff --git a/tests/ci/integration/run_openssh_integration.sh b/tests/ci/integration/run_openssh_integration.sh
@@ -52,7 +52,7 @@ function openssh_build() {
   # The RSA_meth_XXX functions are not implemented by AWS-LC, and the implementation provided by OpenSSH also doesn't compile for us.
   # Fortunately, these functions are only needed for pkcs11 support, which is disabled for our build.
   # See: https://github.com/openssh/openssh-portable/pull/385
-  export CFLAGS="-DAWS_LC_INTERNAL_IGNORE_BN_SET_FLAGS=1 -DHAVE_RSA_METH_FREE=1 -DHAVE_RSA_METH_DUP=1 -DHAVE_RSA_METH_SET1_NAME=1 -DHAVE_RSA_METH_SET_PRIV_ENC=1 -DHAVE_RSA_METH_SET_PRIV_DEC=1"
+  export CFLAGS="-DAWS_LC_INTERNAL_IGNORE_BN_SET_FLAGS=1 -DHAVE_RSA_METH_FREE=1 -DHAVE_RSA_METH_DUP=1 -DHAVE_RSA_METH_SET1_NAME=1 -DHAVE_RSA_METH_GET_FINISH=1 -DHAVE_RSA_METH_SET_PRIV_ENC=1 -DHAVE_RSA_METH_SET_PRIV_DEC=1 -DHAVE_RSA_METH_SET_FINISH=1 "
   ./configure --with-ssl-dir="${AWS_LC_INSTALL_FOLDER}" --prefix="${OPENSSH_INSTALL_FOLDER}" --disable-pkcs11
   make -j "$NUM_CPU_THREADS"
   make install