On 2010-03-01 10:38, Simon Josefsson wrote:
Lars Nordin<[email protected]> writes:
This is a patch to use OpenSSL's version of aes_*_ctr functions and to
not use DSA-code if not supported by OpenSSL
Thanks. I applied your DSA-code patch as-is, but modified the AES-CTR
patch somewhat...
From version 0.9.8h, full support for aes_*_ctr was added. I have
tested with 0.9.8h, 0.9.8i (using the openssl version of ctr-functions
and 0.9.7f (with builtin ctr function). 0.9.8g is not working, but
it's the same with a non-patched libssh2.
...but did you test that AES-CTR worked and not just built?
As far as I can tell, your patch would disable AES-CTR completely with
newer OpenSSLs since it sets LIBSSH2_AES_CTR to 0 which causes crypt.c
to not register it.
+#if OPENSSL_VERSION_NUMBER>= 0x0090808fL
+# define LIBSSH2_AES_CTR 0
+#else
# define LIBSSH2_AES_CTR 1
+#endif
The internal LIBSSH2_AES_CTR shall NOT be used if openSSL supports
aes_ctr, there is nothing wrong in the patch. I have testcompiled and
check (using nm) if the LIBSSH2_AES_ctr function was used. I have also
tested both versions using example/ssh2 to a openssh server on localhost.
This is the part that seems wrong to me.
Please test the code in git now.
/Simon
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
