mirror of
https://github.com/libssh2/libssh2.git
synced 2026-01-27 00:18:12 +03:00
492bc543bb
Probably the biggest and potentially most controversial change we have to upstream. Because earlier versions of OpenSSL implemented the algorithm before standardization, using an older version of OpenSSL can cause problems connecting to OpenSSH servers. Because of this, we use the public domain reference implementation instead of the crypto backends, just like OpenSSH does. We've been holding this one for a few years. We were about to upstream it around the same time as aes128gcm landed upstream, and the two changes were completely incompatible. Honestly, it took me weeks to reconcile these two implementations, and it could be much better. Our original implementation changed every crypt method to decrypt the entire message at once. the AESGCM implementation instead went with this firstlast design, where a firstlast paramater indicates whether this is the first or last call to the crypt method for each message. That added a lot of bookkeeping overhead, and wasn't compatible with the chacha public domain implementation. As far as I could tell, OpenSSH uses the technique of decrypting the entire message in one go, and doesn't have anything like firstlast. However, I could not get out aes128gcm implementation to work that way, nor could I get the chacha implementation to work with firstlast, so I split it down the middle and let each implementation work differently. It's kind of a mess, and probably should be cleaned up, but I don't have the time to spend on it anymore, and it's probably better to have everything upstream. Fixes #584 Closes #1426