- (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
openbsd-compat/openssl-compat.h] Check for and work around broken AES
ciphers >128bit on (some) Solaris 10 systems. ok djm@
diff --git a/configure.ac b/configure.ac
index df85e31..9325c43 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.315 2005/12/17 11:32:03 dtucker Exp $
+# $Id: configure.ac,v 1.316 2005/12/19 06:40:40 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -1803,6 +1803,24 @@
]
)
+# Check for OpenSSL without EVP_aes_{192,256}_cbc
+AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
+AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <string.h>
+#include <openssl/evp.h>
+int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)}
+ ]])],
+ [
+ AC_MSG_RESULT(no)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
+ [libcrypto is missing AES 192 and 256 bit functions])
+ ]
+)
+
# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
# because the system crypt() is more featureful.
if test "x$check_for_libcrypt_before" = "x1"; then