nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-13 06:33:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.2.8'

Browse Source
This commit is contained in:
Nick Mathewson 2016-04-05 10:06:18 -04:00
commit 6720628c97
3 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug18286 Normal file
View File

@ -0,0 +1,4 @@
o Minor features (build):
- Tor now again builds with the recent OpenSSL 1.1 development branch
(tested against 1.1.0-pre4 and 1.1.0-pre5-dev).

38
src/common/crypto.c
View File

@ -72,6 +72,16 @@
#define DISABLE_ENGINES #define DISABLE_ENGINES
#endif #endif
#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,4)
/* OpenSSL as of 1.1.0-pre4 has an "new" thread API, which doesn't require
* seting up various callbacks.
*
* Note: Yes, using OPENSSL_VER is naughty, but theis was introduced in the
* pre-release series.
*/
#define NEW_THREAD_API
#endif
/** Longest recognized */ /** Longest recognized */
#define MAX_DNS_LABEL_SIZE 63 #define MAX_DNS_LABEL_SIZE 63
@ -83,10 +93,12 @@
/** Macro: is k a valid RSA private key? */ /** Macro: is k a valid RSA private key? */
#define PRIVATE_KEY_OK(k) ((k) && (k)->key && (k)->key->p) #define PRIVATE_KEY_OK(k) ((k) && (k)->key && (k)->key->p)
#ifndef NEW_THREAD_API
/** A number of preallocated mutexes for use by OpenSSL. */ /** A number of preallocated mutexes for use by OpenSSL. */
static tor_mutex_t **openssl_mutexes_ = NULL; static tor_mutex_t **openssl_mutexes_ = NULL;
/** How many mutexes have we allocated for use by OpenSSL? */ /** How many mutexes have we allocated for use by OpenSSL? */
static int n_openssl_mutexes_ = 0; static int n_openssl_mutexes_ = 0;
#endif
/** A public key, or a public/private key-pair. */ /** A public key, or a public/private key-pair. */
struct crypto_pk_t struct crypto_pk_t
@ -417,7 +429,11 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
void void
crypto_thread_cleanup(void) crypto_thread_cleanup(void)
{ {
#ifdef NEW_THREAD_API
ERR_remove_thread_state();
#else
ERR_remove_thread_state(NULL); ERR_remove_thread_state(NULL);
#endif
} }
/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */ /** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
@ -3068,6 +3084,7 @@ memwipe(void *mem, uint8_t byte, size_t sz)
OpenSSL library with thread support enabled. OpenSSL library with thread support enabled.
#endif #endif
#ifndef NEW_THREAD_API
/** Helper: OpenSSL uses this callback to manipulate mutexes. */ /** Helper: OpenSSL uses this callback to manipulate mutexes. */
static void static void
openssl_locking_cb_(int mode, int n, const char *file, int line) openssl_locking_cb_(int mode, int n, const char *file, int line)
@ -3085,6 +3102,13 @@ openssl_locking_cb_(int mode, int n, const char *file, int line)
tor_mutex_release(openssl_mutexes_[n]); tor_mutex_release(openssl_mutexes_[n]);
} }
static void
tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
{
CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
}
#endif
#if 0 #if 0
/* This code is disabled, because OpenSSL never actually uses these callbacks. /* This code is disabled, because OpenSSL never actually uses these callbacks.
*/ */
@ -3135,18 +3159,13 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v,
} }
#endif #endif
static void
tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
{
CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
}
/** @{ */ /** @{ */
/** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
* multithreaded. Returns 0. */ * multithreaded. Returns 0. */
static int static int
setup_openssl_threading(void) setup_openssl_threading(void)
{ {
#ifndef NEW_THREAD_API
int i; int i;
int n = CRYPTO_num_locks(); int n = CRYPTO_num_locks();
n_openssl_mutexes_ = n; n_openssl_mutexes_ = n;
@ -3155,6 +3174,7 @@ setup_openssl_threading(void)
openssl_mutexes_[i] = tor_mutex_new(); openssl_mutexes_[i] = tor_mutex_new();
CRYPTO_set_locking_callback(openssl_locking_cb_); CRYPTO_set_locking_callback(openssl_locking_cb_);
CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id); CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
#endif
#if 0 #if 0
CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_); CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_);
CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_); CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_);
@ -3170,7 +3190,11 @@ int
crypto_global_cleanup(void) crypto_global_cleanup(void)
{ {
EVP_cleanup(); EVP_cleanup();
#ifdef NEW_THREAD_API
ERR_remove_thread_state();
#else
ERR_remove_thread_state(NULL); ERR_remove_thread_state(NULL);
#endif
ERR_free_strings(); ERR_free_strings();
if (dh_param_p) if (dh_param_p)
@ -3187,6 +3211,7 @@ crypto_global_cleanup(void)
CONF_modules_unload(1); CONF_modules_unload(1);
CRYPTO_cleanup_all_ex_data(); CRYPTO_cleanup_all_ex_data();
#ifndef NEW_THREAD_API
if (n_openssl_mutexes_) { if (n_openssl_mutexes_) {
int n = n_openssl_mutexes_; int n = n_openssl_mutexes_;
tor_mutex_t **ms = openssl_mutexes_; tor_mutex_t **ms = openssl_mutexes_;
@ -3198,6 +3223,7 @@ crypto_global_cleanup(void)
} }
tor_free(ms); tor_free(ms);
} }
#endif
tor_free(crypto_openssl_version_str); tor_free(crypto_openssl_version_str);
tor_free(crypto_openssl_header_version_str); tor_free(crypto_openssl_header_version_str);

10
src/common/tortls.c
View File

@ -2274,8 +2274,18 @@ tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
* save the original BIO for tls->ssl in the tor_tls_t structure, but * save the original BIO for tls->ssl in the tor_tls_t structure, but
* that would be tempting fate. */ * that would be tempting fate. */
wbio = SSL_get_wbio(tls->ssl); wbio = SSL_get_wbio(tls->ssl);
#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
/* BIO structure is opaque as of OpenSSL 1.1.0-pre5-dev. Again, not
* supposed to use this form of the version macro, but the OpenSSL developers
* introduced major API changes in the pre-release stage.
*/
if (BIO_method_type(wbio) == BIO_TYPE_BUFFER &&
(tmpbio = BIO_next(wbio)) != NULL)
wbio = tmpbio;
#else
if (wbio->method == BIO_f_buffer() && (tmpbio = BIO_next(wbio)) != NULL) if (wbio->method == BIO_f_buffer() && (tmpbio = BIO_next(wbio)) != NULL)
wbio = tmpbio; wbio = tmpbio;
#endif
w = BIO_number_written(wbio); w = BIO_number_written(wbio);
/* We are ok with letting these unsigned ints go "negative" here: /* We are ok with letting these unsigned ints go "negative" here: