With bounds checking patch for gcc-3.1 problems if using AES

Markus Friedl markus at openbsd.org
Tue Jul 16 19:53:19 EST 2002


On Tue, Jul 16, 2002 at 11:39:33AM +0200, Lutz Jaenicke wrote:
> On Tue, Jul 16, 2002 at 10:15:35AM +0200, Markus Friedl wrote:
> > On Mon, Jul 15, 2002 at 06:57:08PM +0000, Daniel Schröter wrote:
> > >         rijndal_cbc.cleanup = ssh_rijndael_cleanup;
> > >         rijndal_cbc.do_cipher = ssh_rijndael_cbc;
> > > #ifndef SSH_OLD_EVP
> > >         rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
> > >             EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
> > > #endif
> > >         return (&rijndal_cbc);
> > > }
> > 
> > thanks, i've added EVP_CIPH_CUSTOM_IV.
> > 
> > the only problem remains is systems with OpenSSL 0.9.5 (SSH_OLD_EVP)
> > they will probably still copy out of bounds.
> 
> It's a systematic problem as 0.9.5 is no longer maintained (and it would not
> make sense to further maintain it, as later versions contain the
> necessary means (EVP_CIPH_CUSTOM_IV) to handle the problem).

yes, but people still use it.



More information about the openssh-unix-dev mailing list