Subject: Re: Patch to use aes_*_ctr in newer versions of OpenSSL and #if LIBSSH2_DSA for more DSA-code

Re: Patch to use aes_*_ctr in newer versions of OpenSSL and #if LIBSSH2_DSA for more DSA-code

From: Simon Josefsson <simon_at_josefsson.org>
Date: Mon, 01 Mar 2010 15:14:22 +0100

Lars Nordin <Lars.Nordin_at_SDlabs.se> writes:

> The internal LIBSSH2_AES_CTR shall NOT be used if openSSL supports
> aes_ctr, there is nothing wrong in the patch.

As far as I can tell, your patch would set LIBSSH2_AES_CTR to 0 if a new
OpenSSL is used. In crypt.c, that would disable AES-CTR because of this
code:

static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
#if LIBSSH2_AES_CTR
  &libssh2_crypt_method_aes128_ctr,
  &libssh2_crypt_method_aes192_ctr,
  &libssh2_crypt_method_aes256_ctr,
#endif /* LIBSSH2_AES */

> I have testcompiled and check (using nm) if the LIBSSH2_AES_ctr
> function was used. I have also tested both versions using example/ssh2
> to a openssh server on localhost.

Did you verify that AES-CTR was negotiated, instead of just AES?

Anyway, please test libssh2 from git!

/Simon
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-01