From d29a3907338bd012ce5707e0e052747da87b3ba4 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 9 Jan 2012 17:40:11 -0500 Subject: Test for broken counter-mode at runtime To solve bug 4779, we want to avoid OpenSSL 1.0.0's counter mode. But Fedora (and maybe others) lie about the actual OpenSSL version, so we can't trust the header to tell us if it's safe. Instead, let's do a run-time test to see whether it's safe, and if not, use our built-in version. fermenthor contributed a pretty essential fixup to this patch. Thanks! --- src/common/crypto.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/common/crypto.c') diff --git a/src/common/crypto.c b/src/common/crypto.c index 35d6dfadc..364b6a778 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -281,6 +281,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) } evaluate_evp_for_aes(-1); + evaluate_ctr_for_aes(); return crypto_seed_rng(1); } -- cgit v1.2.3