[or-cvs] r12191: Drop support for OpenSSL 0.9.6. (in tor/trunk: . src/common)
nickm at seul.org
nickm at seul.org
Thu Oct 25 16:54:56 UTC 2007
Author: nickm
Date: 2007-10-25 12:54:56 -0400 (Thu, 25 Oct 2007)
New Revision: 12191
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/common/crypto.c
tor/trunk/src/common/tortls.c
Log:
r16159 at catbus: nickm | 2007-10-25 12:53:38 -0400
Drop support for OpenSSL 0.9.6.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r16159] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-10-25 16:54:01 UTC (rev 12190)
+++ tor/trunk/ChangeLog 2007-10-25 16:54:56 UTC (rev 12191)
@@ -1,4 +1,8 @@
Changes in version 0.2.0.10-alpha - 2007-1?-??
+ o New requirements:
+ - Drop support for OpenSSL version 0.9.6. Just about nobody was using
+ it, it had no AES, and it hasn't seen any security patches since 2004.
+
o Minor bugfixes:
- Refuse to start if both ORPort and UseBridges are set. Bugfix
on 0.2.0.x.
Modified: tor/trunk/src/common/crypto.c
===================================================================
--- tor/trunk/src/common/crypto.c 2007-10-25 16:54:01 UTC (rev 12190)
+++ tor/trunk/src/common/crypto.c 2007-10-25 16:54:56 UTC (rev 12191)
@@ -53,15 +53,11 @@
#include "container.h"
#include "compat.h"
-#if OPENSSL_VERSION_NUMBER < 0x00905000l
-#error "We require openssl >= 0.9.5"
+#if OPENSSL_VERSION_NUMBER < 0x00907000l
+#error "We require openssl >= 0.9.7"
#endif
-#if OPENSSL_VERSION_NUMBER < 0x00907000l
-#define NO_ENGINES
-#else
#include <openssl/engine.h>
-#endif
/** Macro: is k a valid RSA public or private key? */
#define PUBLIC_KEY_OK(k) ((k) && (k)->key && (k)->key->n)
@@ -153,7 +149,6 @@
}
}
-#ifndef NO_ENGINES
/** Log any OpenSSL engines we're using at NOTICE. */
static void
log_engine(const char *fn, ENGINE *e)
@@ -168,7 +163,6 @@
log(LOG_INFO, LD_CRYPTO, "Using default implementation for %s", fn);
}
}
-#endif
/** Initialize the crypto library. Return 0 on success, -1 on failure.
*/
@@ -187,7 +181,6 @@
if (useAccel < 0) {
log_info(LD_CRYPTO, "Initializing OpenSSL via tor_tls_init().");
}
-#ifndef NO_ENGINES
if (useAccel > 0) {
log_info(LD_CRYPTO, "Initializing OpenSSL engine support.");
ENGINE_load_builtin_engines();
@@ -202,7 +195,6 @@
log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb));
log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb));
}
-#endif
}
return 0;
}
@@ -222,11 +214,9 @@
EVP_cleanup();
ERR_remove_state(0);
ERR_free_strings();
-#ifndef NO_ENGINES
ENGINE_cleanup();
CONF_modules_unload(1);
CRYPTO_cleanup_all_ex_data();
-#endif
#ifdef TOR_IS_MULTITHREADED
if (_n_openssl_mutexes) {
int n = _n_openssl_mutexes;
@@ -949,11 +939,7 @@
/* This ifdef suppresses a type warning. Take out the first case once
* everybody is using openssl 0.9.7 or later.
*/
-#if OPENSSL_VERSION_NUMBER < 0x00907000l
- unsigned char *cp;
-#else
const unsigned char *cp;
-#endif
cp = buf = tor_malloc(len);
memcpy(buf,str,len);
rsa = d2i_RSAPublicKey(NULL, &cp, len);
Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c 2007-10-25 16:54:01 UTC (rev 12190)
+++ tor/trunk/src/common/tortls.c 2007-10-25 16:54:56 UTC (rev 12191)
@@ -337,8 +337,7 @@
#define CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
#else
-/* We're running OpenSSL before 0.9.7. We only support 3DES. */
-#define CIPHER_LIST SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
+#error "Tor requires OpenSSL version 0.9.7 or later, for AES support."
#endif
/** Create a new TLS context for use with Tor TLS handshakes.
@@ -844,12 +843,6 @@
tor_tls_get_pending_bytes(tor_tls_t *tls)
{
tor_assert(tls);
-#if OPENSSL_VERSION_NUMBER < 0x0090700fl
- if (tls->ssl->rstate == SSL_ST_READ_BODY)
- return 0;
- if (tls->ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA)
- return 0;
-#endif
return SSL_pending(tls->ssl);
}
More information about the tor-commits
mailing list