[tor-bugs] #16034 [Tor]: Drop support for OpenSSL < 1.0
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 20 19:01:55 UTC 2015
#16034: Drop support for OpenSSL < 1.0
-----------------------------+--------------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client tor-relay tls
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------------
Comment (by yawning):
Replying to [comment:5 nickm]:
> Replying to [comment:4 yawning]:
> > `src/common/aes.c` can use some minor cleanup as well (we always
should at least try to use OpenSSL's CTR implementation).
>
> Updated the branch.
`SSL_clear_mode` backward compatibility code can probably be removed
entirely, if it doesn't exist, OpenSSL is too old. Apart from that looks
good to me, though like I mentioned in #15760, we maybe should hold off on
backporting to anything till it bakes for a bit in master.
> We may still need our own crufty counter-mode code for two cases:
> * Unpatched OpenSSL 1.0.0. (1.0.0a fixed a bug in counter mode.)
> * Using accelerated AES. (We assume that AES-ECB exists, but not
necessarily counter.)
>
> I would be okay about forgetting the first one, but the second is less
easily ignored. So let's defer further changes to the AES code to another
ticket.
That's exactly what I had in mind for this for now.
> I think we can do that (could you please open a ticket?).
#16040
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16034#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list