On Mon, 14 Sep 2009, Peter Gutmann wrote: > Damien Miller <[email protected]> writes: > > >The seems unlikely, since we don't use OpenSSL for AES-CTR in OpenSSH. I > >don't think OpenSSL even supports a CTR mode through its EVP API. > > I first saw it reported on the Putty bugs list [0], a good place to track > interop problems with implementations since it's so widely used, which in turn > points to https://bugzilla.mindrot.org/show_bug.cgi?id=1291:
Actually, I'm half-wrong (or half-right) - there was a bug in OpenSSL, just not in AES-CTR specifically. It was a mildly obscure bug in the EVP interface that showed up when plugging in one's own ciphers. We now have automated interop regression tests againt PuTTY to catch this sort of thing... -d --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
