On 2010-03-01 10:38, Simon Josefsson wrote:
> Lars Nordin<Lars.Nordin_at_SDlabs.se> writes:
>
>
>> This is a patch to use OpenSSL's version of aes_*_ctr functions and to
>> not use DSA-code if not supported by OpenSSL
>>
> Thanks. I applied your DSA-code patch as-is, but modified the AES-CTR
> patch somewhat...
>
>
>> From version 0.9.8h, full support for aes_*_ctr was added. I have
>> tested with 0.9.8h, 0.9.8i (using the openssl version of ctr-functions
>> and 0.9.7f (with builtin ctr function). 0.9.8g is not working, but
>> it's the same with a non-patched libssh2.
>>
> ...but did you test that AES-CTR worked and not just built?
>
> As far as I can tell, your patch would disable AES-CTR completely with
> newer OpenSSLs since it sets LIBSSH2_AES_CTR to 0 which causes crypt.c
> to not register it.
>
>
>> +#if OPENSSL_VERSION_NUMBER>= 0x0090808fL
>> +# define LIBSSH2_AES_CTR 0
>> +#else
>> # define LIBSSH2_AES_CTR 1
>> +#endif
>>
>
The internal LIBSSH2_AES_CTR shall NOT be used if openSSL supports
aes_ctr, there is nothing wrong in the patch. I have testcompiled and
check (using nm) if the LIBSSH2_AES_ctr function was used. I have also
tested both versions using example/ssh2 to a openssh server on localhost.
> This is the part that seems wrong to me.
>
> Please test the code in git now.
>
> /Simon
> _______________________________________________
> libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
>
>
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-01