Go back to internal OCB implementation #1198
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
achernya
approved these changes
Jun 23, 2022
There was a problem hiding this comment.
@bbarenblat addressed all of my code review comments while we were working on this together.
After further discussion, the Mosh maintainers have decided to stick with the internal OCB implementation for this release. Restore support for using OpenSSL’s AES but internal OCB. To make this commit easy to audit, restore the code exactly, including calls to AES functions that are deprecated in OpenSSL 3; a future commit will update ocb_internal.cc to use EVP instead of directly calling the AES primitives. In anticipation of future changes, preserve support for OpenSSL’s AES-OCB, but don’t compile it in. Add --with-crypto-library=openssl-with-openssl-ocb and --with-crypto-library=openssl-with-internal-ocb options to configure so that developers can easily test Mosh using OpenSSL’s AES-OCB. These options are intended only for testing, are undocumented, and are not subject to any API stability guarantees. Rework configure to look for all possible cryptography libraries first and then dispatch on --with-crypto-library as appropriate.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After further discussion, the Mosh maintainers have decided to stick with the internal OCB implementation for this release. Restore support for using OpenSSL’s AES but internal OCB. To make this commit easy to audit, restore the code exactly, including calls to AES functions that are deprecated in OpenSSL 3; a future commit will update ocb_internal.cc to use EVP instead of directly calling the AES primitives.
In anticipation of future changes, preserve support for OpenSSL’s AES-OCB, but don’t compile it in. Add
--with-crypto-library=openssl-with-openssl-ocband--with-crypto-library=openssl-with-internal-ocboptions to configure so that developers can easily test Mosh using OpenSSL’s AES-OCB. These options are intended only for testing, are undocumented, and are not subject to any API stability guarantees.Rework configure to look for all possible cryptography libraries first and then dispatch on
--with-crypto-libraryas appropriate.Bug: #1174