Merge branch 'tor-gitlab/mr/186'

This commit is contained in:
David Goulet 2020-11-02 13:14:02 -05:00
commit 474369e3fa
7 changed files with 39 additions and 12 deletions

5
changes/ticket40165 Normal file
View File

@ -0,0 +1,5 @@
o Minor features (compilation):
- Disable deprecation warnings when building with OpenSSL 3.0.0 or later.
There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor
still requires. (A later version of Tor will try to stop depending on
these.) Closes ticket 40165.

3
changes/ticket40170 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (tests):
- Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0.
Fixes bug 40170; bugfix on 0.2.8.1-alpha.

View File

@ -1065,13 +1065,30 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
dnl Tor currently uses a number of APIs that are deprecated in OpenSSL 3.0.0
dnl and later. We want to migrate away from them, but that will be a lot of
dnl work. (See ticket tor#40166.) For now, we disable the deprecation
dnl warnings.
AC_MSG_CHECKING([for OpenSSL >= 3.0.0])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L
#error "you_have_version_3"
#endif
]], [[]])],
[ AC_MSG_RESULT([no]) ],
[ AC_MSG_RESULT([yes]);
AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl deprecated-function warnings]) ])
AC_MSG_CHECKING([for OpenSSL < 1.0.1])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
#error "too old"
#endif
]], [[]])],
[ : ],
[ AC_MSG_RESULT([no]) ],
[ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[

View File

@ -32,10 +32,6 @@
#define OPENSSL_1_1_API
#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
#ifndef OPENSSL_VERSION
#define OPENSSL_VERSION SSLEAY_VERSION
#endif
#ifndef OPENSSL_1_1_API
#define OpenSSL_version(v) SSLeay_version(v)
#define OpenSSL_version_num() SSLeay()
@ -54,4 +50,3 @@
#endif /* defined(ENABLE_OPENSSL) */
#endif /* !defined(TOR_COMPAT_OPENSSL_H) */

View File

@ -101,13 +101,22 @@ static char *crypto_openssl_version_str = NULL;
const char *
crypto_openssl_get_version_str(void)
{
#ifdef OPENSSL_VERSION
const int query = OPENSSL_VERSION;
#else
/* This old name was changed around OpenSSL 1.1.0 */
const int query = SSLEAY_VERSION;
#endif
if (crypto_openssl_version_str == NULL) {
const char *raw_version = OpenSSL_version(OPENSSL_VERSION);
const char *raw_version = OpenSSL_version(query);
crypto_openssl_version_str = parse_openssl_version_str(raw_version);
}
return crypto_openssl_version_str;
}
#undef QUERY_OPENSSL_VERSION
static char *crypto_openssl_header_version_str = NULL;
/* Return a human-readable version of the compile-time openssl version
* number. */
@ -214,7 +223,7 @@ crypto_openssl_early_init(void)
setup_openssl_threading();
unsigned long version_num = OpenSSL_version_num();
const char *version_str = OpenSSL_version(OPENSSL_VERSION);
const char *version_str = crypto_openssl_get_version_str();
if (version_num == OPENSSL_VERSION_NUMBER &&
!strcmp(version_str, OPENSSL_VERSION_TEXT)) {
log_info(LD_CRYPTO, "OpenSSL version matches version from headers "

View File

@ -16,8 +16,7 @@
#include "orconfig.h"
#ifdef ENABLE_OPENSSL
#include <openssl/engine.h>
#include <openssl/opensslv.h>
/*
Macro to create an arbitrary OpenSSL version number as used by
OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard

View File

@ -279,8 +279,7 @@ test_tortls_log_one_error(void *ignored)
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
expect_log_msg("TLS error with 127.hello: "
"BN lib (in unknown library:(null):---)\n");
expect_log_msg_containing("TLS error with 127.hello");
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),