[tor-commits] [tor/maint-0.2.9] Always Use EVP_aes_*_ctr() with openssl 1.1

nickm at torproject.org nickm at torproject.org
Mon Nov 7 14:09:24 UTC 2016


commit 0bd55ed96a3132918472326261e766ae0e9dc347
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sun Nov 6 21:01:25 2016 -0500

    Always Use EVP_aes_*_ctr() with openssl 1.1
    
    (OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
    for counter mode on more architectures.  So it won't work if we try
    the older approach, and it might help if we try the newer one.)
    
    Fixes bug 20588.
---
 changes/bug20588 | 3 +++
 src/common/aes.c | 9 ++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/changes/bug20588 b/changes/bug20588
new file mode 100644
index 0000000..be199b2
--- /dev/null
+++ b/changes/bug20588
@@ -0,0 +1,3 @@
+  o Minor bugfixes (portability):
+    - Fix compilation with OpenSSL 1.1 and less commonly-used
+      CPU architectures. Closes ticket 20588.
diff --git a/src/common/aes.c b/src/common/aes.c
index ef94d8a..35c2d1e 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -56,7 +56,14 @@ ENABLE_GCC_WARNING(redundant-decls)
  * gives us, and the best possible counter-mode implementation, and combine
  * them.
  */
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&               \
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
+
+/* With newer OpenSSL versions, the older fallback modes don't compile.  So
+ * don't use them, even if we lack specific acceleration. */
+
+#define USE_EVP_AES_CTR
+
+#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&               \
   (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||          \
    defined(__x86_64) || defined(__x86_64__) ||                          \
    defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))          \





More information about the tor-commits mailing list