diff options
Diffstat (limited to 'libssh/wrapper.c')
-rw-r--r-- | libssh/wrapper.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/libssh/wrapper.c b/libssh/wrapper.c index 807f743a..c3a31237 100644 --- a/libssh/wrapper.c +++ b/libssh/wrapper.c @@ -614,6 +614,11 @@ static void aes_decrypt(struct crypto_struct *cipher, void *in, void *out, AES_cbc_encrypt(in, out, len, cipher->key, IV, AES_DECRYPT); } +#ifndef BROKEN_AES_CTR +/* OpenSSL until 0.9.7c has a broken AES_ctr128_encrypt implementation which + * increments the counter from 2^64 instead of 1. It's better not to use it + */ + /** @internal * @brief encrypts/decrypts data with stream cipher AES_ctr128. 128 bits is actually * the size of the CTR counter and incidentally the blocksize, but not the keysize. @@ -631,6 +636,7 @@ static void aes_ctr128_encrypt(struct crypto_struct *cipher, void *in, void *out */ AES_ctr128_encrypt(in, out, len, cipher->key, IV, tmp_buffer, &num); } +#endif /* BROKEN_AES_CTR */ #endif /* HAS_AES */ #ifdef HAS_DES @@ -722,6 +728,7 @@ static struct crypto_struct ssh_ciphertab[] = { }, #endif /* HAS_BLOWFISH */ #ifdef HAS_AES +#ifndef BROKEN_AES_CTR { "aes128-ctr", 16, @@ -755,6 +762,7 @@ static struct crypto_struct ssh_ciphertab[] = { aes_ctr128_encrypt, aes_ctr128_encrypt }, +#endif /* BROKEN_AES_CTR */ { "aes128-cbc", 16, |