From 5e560020555ada31c393092e07dd581bfc29a728 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 20 Apr 2023 13:55:30 +0000 Subject: [PATCH] crypto: add `LIBSSH2_NO_AES_CBC` option Also rename internal `LIBSSH2_AES` to `LIBSSH2_AES_CBC`. Follow-up to 857e431648df6edcb3e17138d877f2e65d2d769d Closes #990 --- src/crypt.c | 10 +++++----- src/crypto.h | 5 +++++ src/libgcrypt.h | 2 +- src/mbedtls.h | 2 +- src/openssl.h | 4 ++-- src/os400qc3.h | 2 +- src/wincng.h | 2 +- 7 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/crypt.c b/src/crypt.c index fb47e19c..9652e6cd 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -195,7 +195,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = { }; #endif -#if LIBSSH2_AES +#if LIBSSH2_AES_CBC static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = { "aes128-cbc", "DEK-Info: AES-128-CBC", @@ -249,7 +249,7 @@ static const LIBSSH2_CRYPT_METHOD &crypt_dtor, _libssh2_cipher_aes256 }; -#endif /* LIBSSH2_AES */ +#endif /* LIBSSH2_AES_CBC */ #if LIBSSH2_BLOWFISH static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_blowfish_cbc = { @@ -359,13 +359,13 @@ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = { &libssh2_crypt_method_aes256_ctr, &libssh2_crypt_method_aes192_ctr, &libssh2_crypt_method_aes128_ctr, -#endif /* LIBSSH2_AES */ -#if LIBSSH2_AES +#endif /* LIBSSH2_AES_CTR */ +#if LIBSSH2_AES_CBC &libssh2_crypt_method_aes256_cbc, &libssh2_crypt_method_rijndael_cbc_lysator_liu_se, /* == aes256-cbc */ &libssh2_crypt_method_aes192_cbc, &libssh2_crypt_method_aes128_cbc, -#endif /* LIBSSH2_AES */ +#endif /* LIBSSH2_AES_CBC */ #if LIBSSH2_BLOWFISH &libssh2_crypt_method_blowfish_cbc, #endif /* LIBSSH2_BLOWFISH */ diff --git a/src/crypto.h b/src/crypto.h index b517b16f..381af8bc 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -87,6 +87,11 @@ #define LIBSSH2_AES_CTR 0 #endif +#ifdef LIBSSH2_NO_AES_CBC +#undef LIBSSH2_AES_CBC +#define LIBSSH2_AES_CBC 0 +#endif + #ifdef LIBSSH2_NO_BLOWFISH #undef LIBSSH2_BLOWFISH #define LIBSSH2_BLOWFISH 0 diff --git a/src/libgcrypt.h b/src/libgcrypt.h index f750f9b4..761f446c 100644 --- a/src/libgcrypt.h +++ b/src/libgcrypt.h @@ -49,7 +49,7 @@ #define LIBSSH2_HMAC_SHA256 1 #define LIBSSH2_HMAC_SHA512 1 -#define LIBSSH2_AES 1 +#define LIBSSH2_AES_CBC 1 #define LIBSSH2_AES_CTR 1 #define LIBSSH2_AES_GCM 0 #define LIBSSH2_BLOWFISH 1 diff --git a/src/mbedtls.h b/src/mbedtls.h index 5053b101..80658440 100644 --- a/src/mbedtls.h +++ b/src/mbedtls.h @@ -65,7 +65,7 @@ #define LIBSSH2_HMAC_SHA256 1 #define LIBSSH2_HMAC_SHA512 1 -#define LIBSSH2_AES 1 +#define LIBSSH2_AES_CBC 1 #define LIBSSH2_AES_CTR 1 #define LIBSSH2_AES_GCM 0 #ifdef MBEDTLS_CIPHER_BLOWFISH_CBC diff --git a/src/openssl.h b/src/openssl.h index 3cd0deb0..1487af11 100644 --- a/src/openssl.h +++ b/src/openssl.h @@ -153,10 +153,10 @@ #if (OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)) || \ (defined(LIBSSH2_WOLFSSL) && defined(WOLFSSL_AES_COUNTER)) # define LIBSSH2_AES_CTR 1 -# define LIBSSH2_AES 1 +# define LIBSSH2_AES_CBC 1 #else # define LIBSSH2_AES_CTR 0 -# define LIBSSH2_AES 0 +# define LIBSSH2_AES_CBC 0 #endif #if (OPENSSL_VERSION_NUMBER >= 0x01010100fL && !defined(OPENSSL_NO_AES)) diff --git a/src/os400qc3.h b/src/os400qc3.h index 297503b1..5d1ba48a 100644 --- a/src/os400qc3.h +++ b/src/os400qc3.h @@ -169,7 +169,7 @@ #define LIBSSH2_HMAC_SHA256 1 #define LIBSSH2_HMAC_SHA512 1 -#define LIBSSH2_AES 1 +#define LIBSSH2_AES_CBC 1 #define LIBSSH2_AES_CTR 1 #define LIBSSH2_AES_GCM 0 #define LIBSSH2_BLOWFISH 0 diff --git a/src/wincng.h b/src/wincng.h index 558adda6..21b25605 100644 --- a/src/wincng.h +++ b/src/wincng.h @@ -57,7 +57,7 @@ #define LIBSSH2_HMAC_SHA256 1 #define LIBSSH2_HMAC_SHA512 1 -#define LIBSSH2_AES 1 +#define LIBSSH2_AES_CBC 1 #define LIBSSH2_AES_CTR 1 #define LIBSSH2_AES_GCM 0 #define LIBSSH2_BLOWFISH 0