Subject: Re: Patch to use aes_*_ctr in newer versions of OpenSSL and #if LIBSSH2_DSA for more DSA-code

Re: Patch to use aes_*_ctr in newer versions of OpenSSL and #if LIBSSH2_DSA for more DSA-code

From: Simon Josefsson <simon_at_josefsson.org>
Date: Mon, 01 Mar 2010 10:38:10 +0100

Lars Nordin <Lars.Nordin_at_SDlabs.se> writes:

> This is a patch to use OpenSSL's version of aes_*_ctr functions and to
> not use DSA-code if not supported by OpenSSL

Thanks. I applied your DSA-code patch as-is, but modified the AES-CTR
patch somewhat...

> From version 0.9.8h, full support for aes_*_ctr was added. I have
> tested with 0.9.8h, 0.9.8i (using the openssl version of ctr-functions
> and 0.9.7f (with builtin ctr function). 0.9.8g is not working, but
> it's the same with a non-patched libssh2.

...but did you test that AES-CTR worked and not just built?

As far as I can tell, your patch would disable AES-CTR completely with
newer OpenSSLs since it sets LIBSSH2_AES_CTR to 0 which causes crypt.c
to not register it.

> +#if OPENSSL_VERSION_NUMBER >= 0x0090808fL
> +# define LIBSSH2_AES_CTR 0
> +#else
> # define LIBSSH2_AES_CTR 1
> +#endif

This is the part that seems wrong to me.

Please test the code in git now.

/Simon
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-01