From 714aeedc5278fe50fb2b9ccafeefa4270eaf3391 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 5 Dec 2016 09:37:03 -0500 Subject: [PATCH] 20865: Don't use getentropy() on OSX Sierra. Tor 0.2.9 has a broader range of fixes and workarounds here, but for 0.2.8, we're just going to maintain the existing behavior. (The alternative would be to backport both 1eba088054eca1555b455ee4a2adfafecb888af9 and 16fcbd21c963a9a65bf55024680c8323c8b7175d , but the latter is kind of a subtle kludge in the configure.ac script, and I'm not a fan of backporting that kind of thing.) --- changes/bug20865 | 7 +++++++ src/common/crypto.c | 9 +++++++++ 2 files changed, 16 insertions(+) create mode 100644 changes/bug20865 diff --git a/changes/bug20865 b/changes/bug20865 new file mode 100644 index 000000000..575d886a3 --- /dev/null +++ b/changes/bug20865 @@ -0,0 +1,7 @@ + o Minor bugfixes (portability): + - Avoid compilation errors when building on OSX Sierra. Sierra began + to support the getentropy() API, but created a few problems in + doing so. Tor 0.2.9 has a more thorough set of workarounds; in + 0.2.8, we are just using the /dev/urandom interface. Fixes + bug 20865. Bugfix on 0.2.8.1-alpha. + diff --git a/src/common/crypto.c b/src/common/crypto.c index c5d07dfb6..f7bb8ff1f 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -88,6 +88,15 @@ #include "keccak-tiny/keccak-tiny.h" +#ifdef __APPLE__ +/* Apple messed up their getentropy definitions in Sierra. It's not insecure + * or anything (as far as I know) but it makes compatible builds hard. 0.2.9 + * contains the necessary tricks to do it right: in 0.2.8, we're just using + * this blunt instrument. + */ +#undef HAVE_GETENTROPY +#endif + #ifdef ANDROID /* Android's OpenSSL seems to have removed all of its Engine support. */ #define DISABLE_ENGINES