20865: Don't use getentropy() on OSX Sierra.

Tor 0.2.9 has a broader range of fixes and workarounds here, but for 0.2.8, we're just going to maintain the existing behavior. (The alternative would be to backport both 1eba088054 and 16fcbd21c9 , but the latter is kind of a subtle kludge in the configure.ac script, and I'm not a fan of backporting that kind of thing.)
2016-12-05 09:37:03 -05:00 · 2016-12-05 09:37:03 -05:00 · 714aeedc52
parent 1122137fa0
commit 714aeedc52
2 changed files with 16 additions and 0 deletions
--- a/changes/bug20865
+++ b/changes/bug20865
@ -0,0 +1,7 @@
+  o Minor bugfixes (portability):
+    - Avoid compilation errors when building on OSX Sierra. Sierra began
+      to support the getentropy() API, but created a few problems in
+      doing so. Tor 0.2.9 has a more thorough set of workarounds; in
+      0.2.8, we are just using the /dev/urandom interface. Fixes
+      bug 20865. Bugfix on 0.2.8.1-alpha.
+
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -88,6 +88,15 @@

 #include "keccak-tiny/keccak-tiny.h"

+#ifdef __APPLE__
+/* Apple messed up their getentropy definitions in Sierra.  It's not insecure
+ * or anything (as far as I know) but it makes compatible builds hard.  0.2.9
+ * contains the necessary tricks to do it right: in 0.2.8, we're just using
+ * this blunt instrument.
+ */
+#undef HAVE_GETENTROPY
+#endif
+
 #ifdef ANDROID
 /* Android's OpenSSL seems to have removed all of its Engine support. */
 #define DISABLE_ENGINES