From e06a74d5aa1e7ee085e6863f7359221a05b1198d Mon Sep 17 00:00:00 2001
From: Christian Hofstaedtler <zeha@debian.org>
Date: Mon, 27 Jun 2016 13:50:05 +0000
Subject: [PATCH] dns_random: Use CRYPTO_ctr128_encrypt when available

As AES_ctr128_encrypt is removed in OpenSSL 1.1.0.
---
 pdns/dns_random.cc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pdns/dns_random.cc b/pdns/dns_random.cc
index 415542b3b..623e3aa54 100644
--- a/pdns/dns_random.cc
+++ b/pdns/dns_random.cc
@@ -2,6 +2,12 @@
 #include "config.h"
 #endif
 #include <openssl/aes.h>
+#if OPENSSL_VERSION_NUMBER > 0x1000100fL
+// Older OpenSSL does not have CRYPTO_ctr128_encrypt. Before 1.1.0 the header
+// file did not have the necessary extern "C" wrapper. In 1.1.0, AES_ctr128_encrypt
+// was removed.
+#include <openssl/modes.h>
+#endif
 #include <iostream>
 #include <cstdlib>
 #include <cstring>
@@ -47,7 +53,11 @@ unsigned int dns_random(unsigned int n)
   if(!g_initialized)
     abort();
   uint32_t out;
+#if OPENSSL_VERSION_NUMBER > 0x1000100fL
+  CRYPTO_ctr128_encrypt((const unsigned char*)&g_in, (unsigned char*) &out, sizeof(g_in), &aes_key, g_counter, g_stream, &g_offset, (block128_f) AES_encrypt);
+#else
   AES_ctr128_encrypt((const unsigned char*)&g_in, (unsigned char*) &out, sizeof(g_in), &aes_key, g_counter, g_stream, &g_offset);
+#endif
   return out % n;
 }
 
-- 
2.49.0