diff options
-rw-r--r-- | include/libssh/libcrypto.h | 4 | ||||
-rw-r--r-- | src/kex.c | 9 | ||||
-rw-r--r-- | src/libcrypto.c | 5 |
3 files changed, 2 insertions, 16 deletions
diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h index 4117942c..a89cbd05 100644 --- a/include/libssh/libcrypto.h +++ b/include/libssh/libcrypto.h @@ -60,10 +60,6 @@ typedef void *EVPCTX; #include <openssl/bn.h> #include <openssl/opensslv.h> -#define OPENSSL_0_9_7b 0x0090702fL -#if (OPENSSL_VERSION_NUMBER <= OPENSSL_0_9_7b) -#define BROKEN_AES_CTR -#endif typedef BIGNUM* bignum; typedef const BIGNUM* const_bignum; typedef BN_CTX* bignum_CTX; @@ -80,13 +80,8 @@ # else # define GCM "" # endif /* HAVE_OPENSSL_EVP_AES_GCM */ -# ifdef BROKEN_AES_CTR -# define AES GCM -# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc," -# else /* BROKEN_AES_CTR */ -# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr," -# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc," -# endif /* BROKEN_AES_CTR */ +# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr," +# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc," # else /* HAVE_OPENSSL_AES_H */ # define AES "" # define AES_CBC "" diff --git a/src/libcrypto.c b/src/libcrypto.c index 96abec14..edfd799b 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -1304,10 +1304,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = { }, #endif #ifdef HAS_AES -#ifndef BROKEN_AES_CTR -/* OpenSSL until 0.9.7c has a broken AES_ctr128_encrypt implementation which - * increments the counter from 2^64 instead of 1. It's better not to use it - */ #ifdef HAVE_OPENSSL_EVP_AES_CTR { .name = "aes128-ctr", @@ -1377,7 +1373,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = { .cleanup = aes_ctr_cleanup }, #endif /* HAVE_OPENSSL_EVP_AES_CTR */ -#endif /* BROKEN_AES_CTR */ { .name = "aes128-cbc", .blocksize = AES_BLOCK_SIZE, |