[tor-commits] [tor/master] We no longer need to detect openssl without RAND_poll()

nickm at torproject.org nickm at torproject.org
Tue Jan 10 15:39:14 UTC 2012 

commit 5741aef3dc0dc245ab930c21b277a5a829c9970d
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Jan 5 15:08:05 2012 -0500

    We no longer need to detect openssl without RAND_poll()
    
    We require openssl 0.9.7 or later, and RAND_poll() was first added in
    openssl 0.9.6.
---
 changes/readable_ssl_versions |    2 ++
 src/common/crypto.c           |   10 +---------
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/changes/readable_ssl_versions b/changes/readable_ssl_versions
index 8c8e06c..f34998c 100644
--- a/changes/readable_ssl_versions
+++ b/changes/readable_ssl_versions
@@ -1,4 +1,6 @@
   o Code simplification and refactoring:
     - Use macros to indicate OpenSSL versions, so we don't need to worry
       about accidental hexadecimal bit shifts.
+    - Remove some workaround code for OpenSSL 0.9.6, which is no longer
+      supported.
 
diff --git a/src/common/crypto.c b/src/common/crypto.c
index aa8ceed..35d6dfa 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2360,12 +2360,6 @@ crypto_dh_free(crypto_dh_env_t *dh)
  * work for us too. */
 #define ADD_ENTROPY 32
 
-/** True iff we should use OpenSSL's RAND_poll function to add entropy to its
- * pool.
- *
- * Use RAND_poll if OpenSSL is 0.9.6 release or later. */
-#define HAVE_RAND_POLL (OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(0,9,6))
-
 /** True iff it's safe to use RAND_poll after setup.
  *
  * Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
@@ -2409,8 +2403,7 @@ crypto_seed_rng(int startup)
   size_t n;
 #endif
 
-#if HAVE_RAND_POLL
-  /* OpenSSL 0.9.6 adds a RAND_poll function that knows about more kinds of
+  /* OpenSSL has a RAND_poll function that knows about more kinds of
    * entropy than we do.  We'll try calling that, *and* calling our own entropy
    * functions.  If one succeeds, we'll accept the RNG as seeded. */
   if (startup || RAND_POLL_IS_SAFE) {
@@ -2418,7 +2411,6 @@ crypto_seed_rng(int startup)
     if (rand_poll_status == 0)
       log_warn(LD_CRYPTO, "RAND_poll() failed.");
   }
-#endif
 
 #ifdef MS_WINDOWS
   if (!provider_set) {

More information about the tor-commits mailing list