With bounds checking patch for gcc-3.1 problems if using AES
Lutz Jaenicke
Lutz.Jaenicke at aet.TU-Cottbus.DE
Tue Jul 16 19:39:33 EST 2002
On Tue, Jul 16, 2002 at 10:15:35AM +0200, Markus Friedl wrote:
> On Mon, Jul 15, 2002 at 06:57:08PM +0000, Daniel Schröter wrote:
> > rijndal_cbc.cleanup = ssh_rijndael_cleanup;
> > rijndal_cbc.do_cipher = ssh_rijndael_cbc;
> > #ifndef SSH_OLD_EVP
> > rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
> > EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
> > #endif
> > return (&rijndal_cbc);
> > }
>
> thanks, i've added EVP_CIPH_CUSTOM_IV.
>
> the only problem remains is systems with OpenSSL 0.9.5 (SSH_OLD_EVP)
> they will probably still copy out of bounds.
It's a systematic problem as 0.9.5 is no longer maintained (and it would not
make sense to further maintain it, as later versions contain the
necessary means (EVP_CIPH_CUSTOM_IV) to handle the problem).
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
More information about the openssh-unix-dev
mailing list