[openssh-commits] [openssh] 01/01: Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Oct 28 14:35:00 AEDT 2016


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 315d2a4e674d0b7115574645cb51f968420ebb34
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Oct 28 14:34:07 2016 +1100

    Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL
    
    ok dtucker@
---
 cipher.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cipher.c b/cipher.c
index 747b59b..2def333 100644
--- a/cipher.c
+++ b/cipher.c
@@ -617,7 +617,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
 			return SSH_ERR_INVALID_ARGUMENT;
 #ifndef OPENSSL_HAVE_EVPCTR
 		if (c->evptype == evp_aes_128_ctr)
-			ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
+			ssh_aes_ctr_iv(cc->evp, 0, iv, len);
 		else
 #endif
 		if (cipher_authlen(c)) {
@@ -659,6 +659,12 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
 		evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
 		if (evplen <= 0)
 			return SSH_ERR_LIBCRYPTO_ERROR;
+#ifndef OPENSSL_HAVE_EVPCTR
+		/* XXX iv arg is const, but ssh_aes_ctr_iv isn't */
+		if (c->evptype == evp_aes_128_ctr)
+			ssh_aes_ctr_iv(cc->evp, 1, (u_char *)iv, evplen);
+		else
+#endif
 		if (cipher_authlen(c)) {
 			/* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */
 			if (!EVP_CIPHER_CTX_ctrl(cc->evp,

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list