Re: [PATCH] Remove support for OpenSSL <0.9.5

[Remco Rijnders]

On Fri, May 29, 2020 at 01:38:48PM -0700, Kevin wrote in <20200529203848.gd2...@afu.lan>:

This also removes the check for RAND_egd, which we still want.

Thank you for your patience Kevin, I know I am trying it!

Remco

From 07b1d1af4b431b26d32addd9a8ee2597cb7190a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Remco=20R=C4=B3nders?= <re...@webconquest.com>
Date: Fri, 29 May 2020 15:46:29 -0400
Subject: [PATCH] Remove support for OpenSSL <0.9.5

The current code provides a workaround for the absence of RAND_status in
OpenSSL versions before 0.9.5. The comments in the code indicate these
versions have to be supported, but as these versions are now more than
20 years old, this no longer applies. Removing this support simplifies the
code and on the small chance that anyone is still using such old versions,
breaking their build will actually be doing them a favor given the known
issues with these OpenSSL versions.
---
 configure.ac |  2 +-
 mutt_ssl.c   | 13 -------------
 2 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/configure.ac b/configure.ac
index 7906ce35..3496ffd7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -813,7 +813,7 @@ AC_ARG_WITH(ssl, 
AS_HELP_STRING([--with-ssl@<:@=PFX@:>@],[Enable TLS support usi
               AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs])
 
             LIBS="$LIBS $crypto_libs"
-            AC_CHECK_FUNCS(RAND_status RAND_egd)
+            AC_CHECK_FUNCS(RAND_egd)
             AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],,
               AC_MSG_ERROR([Unable to find decent SSL header]), [[#include 
<openssl/ssl.h>]])
 
diff --git a/mutt_ssl.c b/mutt_ssl.c
index 6978e4e4..9c91c084 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -62,17 +62,7 @@
 #define DEVRANDOM "/dev/urandom"
 #endif
 
-/* This is ugly, but as RAND_status came in on OpenSSL version 0.9.5
- * and the code has to support older versions too, this is seemed to
- * be cleaner way compared to having even uglier #ifdefs all around.
- */
-#ifdef HAVE_RAND_STATUS
 #define HAVE_ENTROPY() (RAND_status() == 1)
-#else
-static int entropy_byte_count = 0;
-/* OpenSSL fills the entropy pool from /dev/urandom if it exists */
-#define HAVE_ENTROPY() (!access(DEVRANDOM, R_OK) || entropy_byte_count >= 16)
-#endif
 
 /* index for storing hostname as application specific data in SSL structure */
 static int HostExDataIndex = -1;
@@ -403,9 +393,6 @@ static int add_entropy (const char *file)
   if (n <= 0)
     n = RAND_load_file (file, -1);
 
-#ifndef HAVE_RAND_STATUS
-  if (n > 0) entropy_byte_count += n;
-#endif
   return n;
 }
 
-- 
2.26.2

signature.asc
Description: PGP signature