[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Drop support for OpenSSLs without AES_CTR



commit e9677c8f8d3a24bc572d63dd85fa14e8d596ad78
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed May 20 10:23:23 2015 -0400

    Drop support for OpenSSLs without AES_CTR
---
 src/common/aes.c |   28 ++--------------------------
 1 file changed, 2 insertions(+), 26 deletions(-)

diff --git a/src/common/aes.c b/src/common/aes.c
index 7651f1d..d75a4a7 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -32,11 +32,7 @@
 #include <openssl/evp.h>
 #include <openssl/engine.h>
 #include "crypto.h"
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
-/* See comments about which counter mode implementation to use below. */
 #include <openssl/modes.h>
-#define CAN_USE_OPENSSL_CTR
-#endif
 #include "compat.h"
 #include "aes.h"
 #include "util.h"
@@ -189,11 +185,9 @@ struct aes_cnt_cipher {
  * we're testing it or because we have hardware acceleration configured */
 static int should_use_EVP = 0;
 
-#ifdef CAN_USE_OPENSSL_CTR
 /** True iff we have tested the counter-mode implementation and found that it
  * doesn't have the counter-mode bug from OpenSSL 1.0.0. */
 static int should_use_openssl_CTR = 0;
-#endif
 
 /** Check whether we should use the EVP interface for AES. If <b>force_val</b>
  * is nonnegative, we use use EVP iff it is true.  Otherwise, we use EVP
@@ -235,7 +229,6 @@ evaluate_evp_for_aes(int force_val)
 int
 evaluate_ctr_for_aes(void)
 {
-#ifdef CAN_USE_OPENSSL_CTR
   /* Result of encrypting an all-zero block with an all-zero 128-bit AES key.
    * This should be the same as encrypting an all-zero block with an all-zero
    * 128-bit AES key in counter mode, starting at position 0 of the stream.
@@ -268,10 +261,6 @@ evaluate_ctr_for_aes(void)
                "mode; using it.");
     should_use_openssl_CTR = 1;
   }
-#else
-  log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
-             "counter mode; not using it.");
-#endif
   return 0;
 }
 
@@ -356,11 +345,9 @@ aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
 
   cipher->pos = 0;
 
-#ifdef CAN_USE_OPENSSL_CTR
   if (should_use_openssl_CTR)
     memset(cipher->buf, 0, sizeof(cipher->buf));
   else
-#endif
     aes_fill_buf_(cipher);
 }
 
@@ -386,7 +373,6 @@ aes_cipher_free(aes_cnt_cipher_t *cipher)
 #define UPDATE_CTR_BUF(c, n)
 #endif
 
-#ifdef CAN_USE_OPENSSL_CTR
 /* Helper function to use EVP with openssl's counter-mode wrapper. */
 static void
 evp_block128_fn(const uint8_t in[16],
@@ -397,7 +383,6 @@ evp_block128_fn(const uint8_t in[16],
   int inl=16, outl=16;
   EVP_EncryptUpdate(ctx, out, &outl, in, inl);
 }
-#endif
 
 /** Encrypt <b>len</b> bytes from <b>input</b>, storing the result in
  * <b>output</b>.  Uses the key in <b>cipher</b>, and advances the counter
@@ -407,7 +392,6 @@ void
 aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
           char *output)
 {
-#ifdef CAN_USE_OPENSSL_CTR
   if (should_use_openssl_CTR) {
     if (cipher->using_evp) {
       /* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h.  If
@@ -431,9 +415,7 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
                          &cipher->pos);
     }
     return;
-  } else
-#endif
-  {
+  } else {
     int c = cipher->pos;
     if (PREDICT_UNLIKELY(!len)) return;
 
@@ -466,13 +448,10 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
 void
 aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
 {
-#ifdef CAN_USE_OPENSSL_CTR
   if (should_use_openssl_CTR) {
     aes_crypt(cipher, data, len, data);
     return;
-  } else
-#endif
-  {
+  } else {
     int c = cipher->pos;
     if (PREDICT_UNLIKELY(!len)) return;
 
@@ -512,11 +491,8 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv)
   cipher->pos = 0;
   memcpy(cipher->ctr_buf.buf, iv, 16);
 
-#ifdef CAN_USE_OPENSSL_CTR
   if (!should_use_openssl_CTR)
-#endif
     aes_fill_buf_(cipher);
 }
 
 #endif
-



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits