Test for broken counter-mode at runtime

To solve bug 4779, we want to avoid OpenSSL 1.0.0's counter mode. But Fedora (and maybe others) lie about the actual OpenSSL version, so we can't trust the header to tell us if it's safe. Instead, let's do a run-time test to see whether it's safe, and if not, use our built-in version. fermenthor contributed a pretty essential fixup to this patch. Thanks!
author: Nick Mathewson <nickm@torproject.org> 2012-01-09 17:40:11 -0500
committer: Nick Mathewson <nickm@torproject.org> 2012-01-10 11:15:35 -0500
commit: d29a3907338bd012ce5707e0e052747da87b3ba4 (patch)
tree: 25d027ada04ec74bac40609ab9b2321a971b593e /changes/aes_ctr_test
parent: b443d6a4fbfaac8d4a944d8b2a763666d1683ada (diff)
download: tor-d29a3907338bd012ce5707e0e052747da87b3ba4.tar
tor-d29a3907338bd012ce5707e0e052747da87b3ba4.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/changes/aes_ctr_test b/changes/aes_ctr_test
new file mode 100644
index 000000000..8b5af4572
--- /dev/null
+++ b/changes/aes_ctr_test
@@ -0,0 +1,5 @@
+  o Minor bugfixes
+    - Test for the OpenSSL 1.0.0 counter mode bug at runtime, not compile
+      time. This is necessary because OpenSSL has been hacked to mis-report
+      its version on a few distributions.
+      Bugfix on Tor 0.2.3.11-alpha.
author	Nick Mathewson <nickm@torproject.org>	2012-01-09 17:40:11 -0500
committer	Nick Mathewson <nickm@torproject.org>	2012-01-10 11:15:35 -0500
commit	d29a3907338bd012ce5707e0e052747da87b3ba4 (patch)
tree	25d027ada04ec74bac40609ab9b2321a971b593e /changes/aes_ctr_test
parent	b443d6a4fbfaac8d4a944d8b2a763666d1683ada (diff)
download	tor-d29a3907338bd012ce5707e0e052747da87b3ba4.tar tor-d29a3907338bd012ce5707e0e052747da87b3ba4.tar.gz