Merge branch 'bug16034_no_more_openssl_098_squashed'

Conflicts: src/test/testing_common.c
author: Nick Mathewson <nickm@torproject.org> 2015-05-20 15:33:22 -0400
committer: Nick Mathewson <nickm@torproject.org> 2015-05-20 15:33:22 -0400
commit: ed02a409cfdd51671ff1d80c86cfc7d6458f201f (patch)
tree: 527aeae3937418ca204426b682d7efd61c0ad57b /src/common/crypto.c
parent: 32bd533ddac5bd7d594a81119449b3d30206eedd (diff)
parent: e9677c8f8d3a24bc572d63dd85fa14e8d596ad78 (diff)
download: tor-ed02a409cfdd51671ff1d80c86cfc7d6458f201f.tar.gz
tor-ed02a409cfdd51671ff1d80c86cfc7d6458f201f.zip
1 files changed, 16 insertions, 32 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 8038631f18..28963f52cb 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -58,8 +58,8 @@
 #include "compat.h"
 #include "sandbox.h"
 
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
-#error "We require OpenSSL >= 0.9.8"
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
+#error "We require OpenSSL >= 1.0.0"
 #endif
 
 #ifdef ANDROID
@@ -300,16 +300,9 @@ crypto_early_init(void)
                SSLeay(), SSLeay_version(SSLEAY_VERSION));
     }
 
-    if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) {
-      log_notice(LD_CRYPTO,
-                 "Your OpenSSL version seems to be %s. We recommend 1.0.0 "
-                 "or later.",
-                 crypto_openssl_get_version_str());
-    }
-
     crypto_force_rand_ssleay();
 
-    if (crypto_seed_rng(1) < 0)
+    if (crypto_seed_rng() < 0)
       return -1;
     if (crypto_init_siphash_key() < 0)
       return -1;
@@ -391,7 +384,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
     }
 
     if (crypto_force_rand_ssleay()) {
-      if (crypto_seed_rng(1) < 0)
+      if (crypto_seed_rng() < 0)
         return -1;
     }
 
@@ -405,7 +398,11 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 void
 crypto_thread_cleanup(void)
 {
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+  ERR_remove_thread_state(NULL);
+#else
   ERR_remove_state(0);
+#endif
 }
 
 /** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
@@ -2246,15 +2243,6 @@ crypto_dh_free(crypto_dh_t *dh)
  * work for us too. */
 #define ADD_ENTROPY 32
 
-/** True iff it's safe to use RAND_poll after setup.
- *
- * Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
- * would allocate an fd_set on the stack, open a new file, and try to FD_SET
- * that fd without checking whether it fit in the fd_set.  Thus, if the
- * system has not just been started up, it is unsafe to call */
-#define RAND_POLL_IS_SAFE                       \
-  (OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c'))
-
 /** Set the seed of the weak RNG to a random value. */
 void
 crypto_seed_weak_rng(tor_weak_rng_t *rng)
@@ -2324,7 +2312,7 @@ crypto_strongest_rand(uint8_t *out, size_t out_len)
  * have not yet allocated a bunch of fds.  Return 0 on success, -1 on failure.
  */
 int
-crypto_seed_rng(int startup)
+crypto_seed_rng(void)
 {
   int rand_poll_ok = 0, load_entropy_ok = 0;
   uint8_t buf[ADD_ENTROPY];
@@ -2332,11 +2320,9 @@ crypto_seed_rng(int startup)
   /* OpenSSL has a RAND_poll function that knows about more kinds of
    * entropy than we do.  We'll try calling that, *and* calling our own entropy
    * functions.  If one succeeds, we'll accept the RNG as seeded. */
-  if (startup || RAND_POLL_IS_SAFE) {
-    rand_poll_ok = RAND_poll();
-    if (rand_poll_ok == 0)
-      log_warn(LD_CRYPTO, "RAND_poll() failed.");
-  }
+  rand_poll_ok = RAND_poll();
+  if (rand_poll_ok == 0)
+    log_warn(LD_CRYPTO, "RAND_poll() failed.");
 
   load_entropy_ok = !crypto_strongest_rand(buf, sizeof(buf));
   if (load_entropy_ok) {
@@ -3058,13 +3044,11 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v,
   tor_free(v);
 }
 
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
 static void
 tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
 {
   CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
 }
-#endif
 
 /** @{ */
 /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
@@ -3079,11 +3063,7 @@ setup_openssl_threading(void)
   for (i=0; i < n; ++i)
     openssl_mutexes_[i] = tor_mutex_new();
   CRYPTO_set_locking_callback(openssl_locking_cb_);
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
-  CRYPTO_set_id_callback(tor_get_thread_id);
-#else
   CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
-#endif
   CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_);
   CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_);
   CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy_cb_);
@@ -3096,7 +3076,11 @@ int
 crypto_global_cleanup(void)
 {
   EVP_cleanup();
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+  ERR_remove_thread_state(NULL);
+#else
   ERR_remove_state(0);
+#endif
   ERR_free_strings();
 
   if (dh_param_p)
author	Nick Mathewson <nickm@torproject.org>	2015-05-20 15:33:22 -0400
committer	Nick Mathewson <nickm@torproject.org>	2015-05-20 15:33:22 -0400
commit	ed02a409cfdd51671ff1d80c86cfc7d6458f201f (patch)
tree	527aeae3937418ca204426b682d7efd61c0ad57b /src/common/crypto.c
parent	32bd533ddac5bd7d594a81119449b3d30206eedd (diff)
parent	e9677c8f8d3a24bc572d63dd85fa14e8d596ad78 (diff)
download	tor-ed02a409cfdd51671ff1d80c86cfc7d6458f201f.tar.gz tor-ed02a409cfdd51671ff1d80c86cfc7d6458f201f.zip