From 7e99867533cd70d7e1f67b668c7aef064afd3b24 Mon Sep 17 00:00:00 2001
From: Dirkjan Bussink <d.bussink@gmail.com>
Date: Fri, 18 Dec 2020 13:53:06 +0100
Subject: [PATCH] Cleanup old OpenSSL 0.9.7 compatibility code

OpenSSL 0.9.7 is already not supported, so clean up the old legacy bits
for that as well.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 include/libssh/libcrypto.h | 4 ----
 src/kex.c                  | 9 ++-------
 src/libcrypto.c            | 5 -----
 3 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
index 4117942c..a89cbd05 100644
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -60,10 +60,6 @@ typedef void *EVPCTX;
 
 #include <openssl/bn.h>
 #include <openssl/opensslv.h>
-#define OPENSSL_0_9_7b 0x0090702fL
-#if (OPENSSL_VERSION_NUMBER <= OPENSSL_0_9_7b)
-#define BROKEN_AES_CTR
-#endif
 typedef BIGNUM*  bignum;
 typedef const BIGNUM* const_bignum;
 typedef BN_CTX* bignum_CTX;
diff --git a/src/kex.c b/src/kex.c
index 95948136..98558e97 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -80,13 +80,8 @@
 #  else
 #   define GCM ""
 #  endif /* HAVE_OPENSSL_EVP_AES_GCM */
-#  ifdef BROKEN_AES_CTR
-#   define AES GCM
-#   define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
-#  else /* BROKEN_AES_CTR */
-#   define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
-#   define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
-#  endif /* BROKEN_AES_CTR */
+#  define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
+#  define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
 # else /* HAVE_OPENSSL_AES_H */
 #  define AES ""
 #  define AES_CBC ""
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 96abec14..edfd799b 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -1304,10 +1304,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
   },
 #endif
 #ifdef HAS_AES
-#ifndef BROKEN_AES_CTR
-/* OpenSSL until 0.9.7c has a broken AES_ctr128_encrypt implementation which
- * increments the counter from 2^64 instead of 1. It's better not to use it
- */
 #ifdef HAVE_OPENSSL_EVP_AES_CTR
   {
     .name = "aes128-ctr",
@@ -1377,7 +1373,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .cleanup = aes_ctr_cleanup
   },
 #endif /* HAVE_OPENSSL_EVP_AES_CTR */
-#endif /* BROKEN_AES_CTR */
   {
     .name = "aes128-cbc",
     .blocksize = AES_BLOCK_SIZE,