Please disregard the first patchset. Here's an updated set, with the first two patches combined into one because that makes sense, and with a fix that prevented the second patch from actually working correctly. Oops.
Tested with OpenSSL and axTLS. //Peter
From e1cfccd60cda0abef3c80327bc56f4e398b15186 Mon Sep 17 00:00:00 2001 From: Peter Stuge <pe...@stuge.se> Date: Sun, 15 Apr 2018 01:54:43 +0200 Subject: [PATCH v2 1/2] src/crypt.c: Make all AES variants optional for crypto backends This allows limited backends to only implement some AES variants. --- src/crypt.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/src/crypt.c b/src/crypt.c index 4beb0aa..9df9e36 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -117,7 +117,7 @@ crypt_dtor(LIBSSH2_SESSION * session, void **abstract) return 0; } -#if LIBSSH2_AES_CTR +#ifdef _libssh2_cipher_aes128ctr static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = { "aes128-ctr", "", @@ -130,7 +130,9 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = { &crypt_dtor, _libssh2_cipher_aes128ctr }; +#endif +#ifdef _libssh2_cipher_aes192ctr static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_ctr = { "aes192-ctr", "", @@ -143,7 +145,9 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_ctr = { &crypt_dtor, _libssh2_cipher_aes192ctr }; +#endif +#ifdef _libssh2_cipher_aes256ctr static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = { "aes256-ctr", "", @@ -158,7 +162,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = { }; #endif -#if LIBSSH2_AES +#ifdef _libssh2_cipher_aes128 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = { "aes128-cbc", "DEK-Info: AES-128-CBC", @@ -171,7 +175,9 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = { &crypt_dtor, _libssh2_cipher_aes128 }; +#endif +#ifdef _libssh2_cipher_aes192 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = { "aes192-cbc", "DEK-Info: AES-192-CBC", @@ -184,7 +190,9 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = { &crypt_dtor, _libssh2_cipher_aes192 }; +#endif +#ifdef _libssh2_cipher_aes256 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_cbc = { "aes256-cbc", "DEK-Info: AES-256-CBC", @@ -212,7 +220,7 @@ static const LIBSSH2_CRYPT_METHOD &crypt_dtor, _libssh2_cipher_aes256 }; -#endif /* LIBSSH2_AES */ +#endif #if LIBSSH2_BLOWFISH static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_blowfish_cbc = { @@ -311,17 +319,25 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = { #endif static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = { -#if LIBSSH2_AES_CTR +#ifdef _libssh2_cipher_aes128ctr &libssh2_crypt_method_aes128_ctr, +#endif +#ifdef _libssh2_cipher_aes192ctr &libssh2_crypt_method_aes192_ctr, +#endif +#ifdef _libssh2_cipher_aes256ctr &libssh2_crypt_method_aes256_ctr, -#endif /* LIBSSH2_AES */ -#if LIBSSH2_AES +#endif +#ifdef _libssh2_cipher_aes256 &libssh2_crypt_method_aes256_cbc, &libssh2_crypt_method_rijndael_cbc_lysator_liu_se, /* == aes256-cbc */ +#endif +#ifdef _libssh2_cipher_aes192 &libssh2_crypt_method_aes192_cbc, +#endif +#ifdef _libssh2_cipher_aes128 &libssh2_crypt_method_aes128_cbc, -#endif /* LIBSSH2_AES */ +#endif #if LIBSSH2_BLOWFISH &libssh2_crypt_method_blowfish_cbc, #endif /* LIBSSH2_BLOWFISH */ --
From d3389c4c31a98a8c9b6ca7c3fa47074f4bf2a855 Mon Sep 17 00:00:00 2001 From: Peter Stuge <pe...@stuge.se> Date: Sun, 15 Apr 2018 01:57:21 +0200 Subject: [PATCH v2 2/2] src/crypt.c: Make AES algorithm list aes{256,192,128}-{ctr,cbc} The new order prefers larger keys and CTR over CBC for each key size: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc The order of the algorithm list determines the default KEX message. The default KEX message can, as before, be overridden using: libssh2_session_method_pref(..., LIBSSH2_METHOD_CRYPT_{CS,SC}, ...) --- src/crypt.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/crypt.c b/src/crypt.c index 9df9e36..eef5e59 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -319,12 +319,6 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = { #endif static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = { -#ifdef _libssh2_cipher_aes128ctr - &libssh2_crypt_method_aes128_ctr, -#endif -#ifdef _libssh2_cipher_aes192ctr - &libssh2_crypt_method_aes192_ctr, -#endif #ifdef _libssh2_cipher_aes256ctr &libssh2_crypt_method_aes256_ctr, #endif @@ -332,9 +326,15 @@ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = { &libssh2_crypt_method_aes256_cbc, &libssh2_crypt_method_rijndael_cbc_lysator_liu_se, /* == aes256-cbc */ #endif +#ifdef _libssh2_cipher_aes192ctr + &libssh2_crypt_method_aes192_ctr, +#endif #ifdef _libssh2_cipher_aes192 &libssh2_crypt_method_aes192_cbc, #endif +#ifdef _libssh2_cipher_aes128ctr + &libssh2_crypt_method_aes128_ctr, +#endif #ifdef _libssh2_cipher_aes128 &libssh2_crypt_method_aes128_cbc, #endif --
_______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel