Only use OpenSSL kdf support if it is present.

We have to check for ERR_load_KDF_strings() here, since that's the only one that's actually a function rather than a macro. Fixes compilation with LibreSSL. Fixes bug 26712; bug not in any released Tor.
author: Nick Mathewson <nickm@torproject.org> 2018-07-11 10:10:42 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-07-11 10:19:06 -0400
commit: 2b523604481f35571049a5cc80eaaaade168f2c8 (patch)
tree: d8cbd9a8ece87ca813f922bdfac7559aa5e1d06f
parent: 537092cdbb7f4be0e6d68f4e5d65ca2a403375f9 (diff)
download: tor-2b523604481f35571049a5cc80eaaaade168f2c8.tar.gz
tor-2b523604481f35571049a5cc80eaaaade168f2c8.zip
2 files changed, 3 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac
index 532476672a..2ababb03bb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -902,6 +902,7 @@ AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
 ])
 
 AC_CHECK_FUNCS([ \
+		ERR_load_KDF_strings \
 		SSL_SESSION_get_master_key \
 		SSL_get_server_random \
                 SSL_get_client_ciphers \
diff --git a/src/lib/crypt_ops/crypto_hkdf.c b/src/lib/crypt_ops/crypto_hkdf.c
index 0200d0fe9c..1873632a9d 100644
--- a/src/lib/crypt_ops/crypto_hkdf.c
+++ b/src/lib/crypt_ops/crypto_hkdf.c
@@ -19,9 +19,9 @@
 
 #include <openssl/opensslv.h>
 
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
-#define HAVE_OPENSSL_HKDF 1
+#if defined(HAVE_ERR_LOAD_KDF_STRINGS)
 #include <openssl/kdf.h>
+#define HAVE_OPENSSL_HKDF 1
 #endif
 
 #include <string.h>
author	Nick Mathewson <nickm@torproject.org>	2018-07-11 10:10:42 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-07-11 10:19:06 -0400
commit	2b523604481f35571049a5cc80eaaaade168f2c8 (patch)
tree	d8cbd9a8ece87ca813f922bdfac7559aa5e1d06f
parent	537092cdbb7f4be0e6d68f4e5d65ca2a403375f9 (diff)
download	tor-2b523604481f35571049a5cc80eaaaade168f2c8.tar.gz tor-2b523604481f35571049a5cc80eaaaade168f2c8.zip