[Bug 138] Incorrect OpenSSL version requirment?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Mar 9 04:35:11 EST 2002


markus at openbsd.org changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |

------- Additional Comments From markus at openbsd.org  2002-03-09 04:35 -------
what happens if you additionally replace

cipher_init from cipher.c with

cipher_init(CipherContext *cc, Cipher *cipher,
    const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
    int encrypt) 
        static int dowarn = 1;
        EVP_CIPHER *type; 
        int klen;
        if (cipher->number == SSH_CIPHER_DES) {
                if (dowarn) { 
                        error("Warning: use of DES is strongly discouraged "
                            "due to cryptographic weaknesses");
                        dowarn = 0; 
                if (keylen > 8)
                        keylen = 8;
        cc->plaintext = (cipher->number == SSH_CIPHER_NONE);
        if (keylen < cipher->key_len)
                fatal("cipher_init: key length %d is insufficient for %s.",
                    keylen, cipher->name);
        if (iv != NULL && ivlen < cipher->block_size)
                fatal("cipher_init: iv length %d is insufficient for %s.",
                    ivlen, cipher->name);
        cc->cipher = cipher;

        type = (*cipher->evptype)();
        if (type->key_len < cipher->key_len)
                type->key_len = cipher->key_len;
        EVP_CipherInit(&cc->evp, type, (u_char *)key, (u_char *)iv,
            (encrypt == CIPHER_ENCRYPT));

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list