Always Use EVP_aes_*_ctr() with openssl 1.1

(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration for counter mode on more architectures. So it won't work if we try the older approach, and it might help if we try the newer one.) Fixes bug 20588.
author: Nick Mathewson <nickm@torproject.org> 2016-11-06 21:01:25 -0500
committer: Nick Mathewson <nickm@torproject.org> 2016-11-06 21:01:25 -0500
commit: 0bd55ed96a3132918472326261e766ae0e9dc347 (patch)
tree: 4c5b22147a3ab3640da18d605d5fad76e30e48d1 /src
parent: f6a3d213e4ace95bbe0361878705d9a889f92974 (diff)
download: tor-0bd55ed96a3132918472326261e766ae0e9dc347.tar.gz
tor-0bd55ed96a3132918472326261e766ae0e9dc347.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/common/aes.c b/src/common/aes.c
index ef94d8a75c..35c2d1e3a5 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -56,7 +56,14 @@ ENABLE_GCC_WARNING(redundant-decls)
  * gives us, and the best possible counter-mode implementation, and combine
  * them.
  */
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&               \
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
+
+/* With newer OpenSSL versions, the older fallback modes don't compile.  So
+ * don't use them, even if we lack specific acceleration. */
+
+#define USE_EVP_AES_CTR
+
+#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&               \
   (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||          \
    defined(__x86_64) || defined(__x86_64__) ||                          \
    defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))          \
author	Nick Mathewson <nickm@torproject.org>	2016-11-06 21:01:25 -0500
committer	Nick Mathewson <nickm@torproject.org>	2016-11-06 21:01:25 -0500
commit	0bd55ed96a3132918472326261e766ae0e9dc347 (patch)
tree	4c5b22147a3ab3640da18d605d5fad76e30e48d1 /src
parent	f6a3d213e4ace95bbe0361878705d9a889f92974 (diff)
download	tor-0bd55ed96a3132918472326261e766ae0e9dc347.tar.gz tor-0bd55ed96a3132918472326261e766ae0e9dc347.zip