commit 78f43c5d033d5717b0da1cb0f4443188a264932c
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Tue Dec 27 20:31:23 2011 -0500
Require openssl 1.0.0a for using openssl's ctr-mode implementation
Previously we required 1.0.0, but there was a bug in the 1.0.0 counter
mode. Found by Pascal. Fixes bug 4779.
A more elegant solution would be good here if somebody has time to code
one.
---
changes/bug4779 | 4 ++++
src/common/aes.c | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/changes/bug4779 b/changes/bug4779
new file mode 100644
index 0000000..4535a2b
--- /dev/null
+++ b/changes/bug4779
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
+ that was fixed in OpenSSL 1.0.0a. Fixes bug 4779; bugfix on
+ Tor 0.2.3.9-alpha. Found by Pascal.
diff --git a/src/common/aes.c b/src/common/aes.c
index cec6899..9487cdd 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -17,7 +17,7 @@
#include <openssl/aes.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x1000001fL
/* See comments about which counter mode implementation to use below. */
#include <openssl/modes.h>
#define USE_OPENSSL_CTR
@@ -45,7 +45,9 @@
* Here we have a counter mode that's faster than the one shipping with
* OpenSSL pre-1.0 (by about 10%!). But OpenSSL 1.0.0 added a counter mode
* implementation faster than the one here (by about 7%). So we pick which
- * one to used based on the Openssl version above.
+ * one to used based on the Openssl version above. (OpenSSL 1.0.0a fixed a
+ * critical bug in that counter mode implementation, so we actually require
+ * that one.)
*/
/*======================================================================*/