diff --git a/ChangeLog b/ChangeLog index 1bdeea275..9a17b25ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20091107 + - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private + keys when built with OpenSSL versions that don't do AES. + 20091105 - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with older versions of OpenSSL. diff --git a/authfile.c b/authfile.c index fc12c00c7..3fbe11b0e 100644 --- a/authfile.c +++ b/authfile.c @@ -187,7 +187,11 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase, int success = 0; int len = strlen(_passphrase); u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; +#if (OPENSSL_VERSION_NUMBER < 0x00907000L) + const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; +#else const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; +#endif if (len > 0 && len <= 4) { error("passphrase too short: have %d bytes, need > 4", len);