[tor-commits] [tor/master] Drop support for OpenSSLs without AES_CTR
nickm at torproject.org
nickm at torproject.org
Wed May 20 19:35:55 UTC 2015
commit e9677c8f8d3a24bc572d63dd85fa14e8d596ad78
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed May 20 10:23:23 2015 -0400
Drop support for OpenSSLs without AES_CTR
---
src/common/aes.c | 28 ++--------------------------
1 file changed, 2 insertions(+), 26 deletions(-)
diff --git a/src/common/aes.c b/src/common/aes.c
index 7651f1d..d75a4a7 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -32,11 +32,7 @@
#include <openssl/evp.h>
#include <openssl/engine.h>
#include "crypto.h"
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
-/* See comments about which counter mode implementation to use below. */
#include <openssl/modes.h>
-#define CAN_USE_OPENSSL_CTR
-#endif
#include "compat.h"
#include "aes.h"
#include "util.h"
@@ -189,11 +185,9 @@ struct aes_cnt_cipher {
* we're testing it or because we have hardware acceleration configured */
static int should_use_EVP = 0;
-#ifdef CAN_USE_OPENSSL_CTR
/** True iff we have tested the counter-mode implementation and found that it
* doesn't have the counter-mode bug from OpenSSL 1.0.0. */
static int should_use_openssl_CTR = 0;
-#endif
/** Check whether we should use the EVP interface for AES. If <b>force_val</b>
* is nonnegative, we use use EVP iff it is true. Otherwise, we use EVP
@@ -235,7 +229,6 @@ evaluate_evp_for_aes(int force_val)
int
evaluate_ctr_for_aes(void)
{
-#ifdef CAN_USE_OPENSSL_CTR
/* Result of encrypting an all-zero block with an all-zero 128-bit AES key.
* This should be the same as encrypting an all-zero block with an all-zero
* 128-bit AES key in counter mode, starting at position 0 of the stream.
@@ -268,10 +261,6 @@ evaluate_ctr_for_aes(void)
"mode; using it.");
should_use_openssl_CTR = 1;
}
-#else
- log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
- "counter mode; not using it.");
-#endif
return 0;
}
@@ -356,11 +345,9 @@ aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
cipher->pos = 0;
-#ifdef CAN_USE_OPENSSL_CTR
if (should_use_openssl_CTR)
memset(cipher->buf, 0, sizeof(cipher->buf));
else
-#endif
aes_fill_buf_(cipher);
}
@@ -386,7 +373,6 @@ aes_cipher_free(aes_cnt_cipher_t *cipher)
#define UPDATE_CTR_BUF(c, n)
#endif
-#ifdef CAN_USE_OPENSSL_CTR
/* Helper function to use EVP with openssl's counter-mode wrapper. */
static void
evp_block128_fn(const uint8_t in[16],
@@ -397,7 +383,6 @@ evp_block128_fn(const uint8_t in[16],
int inl=16, outl=16;
EVP_EncryptUpdate(ctx, out, &outl, in, inl);
}
-#endif
/** Encrypt <b>len</b> bytes from <b>input</b>, storing the result in
* <b>output</b>. Uses the key in <b>cipher</b>, and advances the counter
@@ -407,7 +392,6 @@ void
aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
char *output)
{
-#ifdef CAN_USE_OPENSSL_CTR
if (should_use_openssl_CTR) {
if (cipher->using_evp) {
/* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h. If
@@ -431,9 +415,7 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
&cipher->pos);
}
return;
- } else
-#endif
- {
+ } else {
int c = cipher->pos;
if (PREDICT_UNLIKELY(!len)) return;
@@ -466,13 +448,10 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
void
aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
{
-#ifdef CAN_USE_OPENSSL_CTR
if (should_use_openssl_CTR) {
aes_crypt(cipher, data, len, data);
return;
- } else
-#endif
- {
+ } else {
int c = cipher->pos;
if (PREDICT_UNLIKELY(!len)) return;
@@ -512,11 +491,8 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv)
cipher->pos = 0;
memcpy(cipher->ctr_buf.buf, iv, 16);
-#ifdef CAN_USE_OPENSSL_CTR
if (!should_use_openssl_CTR)
-#endif
aes_fill_buf_(cipher);
}
#endif
-
More information about the tor-commits
mailing list