mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-21 13:34:59 +02:00
Merge remote-tracking branch 'github/ticket19429_034'
This commit is contained in:
commit
a9736f1f38
5
changes/feature19429
Normal file
5
changes/feature19429
Normal file
@ -0,0 +1,5 @@
|
||||
o Minor features (compatibility):
|
||||
- Tor now detects versions of OpenSSL 1.1.0 and later compiled with the
|
||||
no-deprecated option, and builds correctly with them. Closes
|
||||
tickets 19429, 19981, and 25353.
|
||||
|
15
configure.ac
15
configure.ac
@ -788,9 +788,18 @@ AC_ARG_WITH(ssl-dir,
|
||||
|
||||
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
|
||||
TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32],
|
||||
[#include <openssl/ssl.h>],
|
||||
[struct ssl_method_st; const struct ssl_method_st *TLSv1_1_method(void);],
|
||||
[TLSv1_1_method();], [],
|
||||
[#include <openssl/ssl.h>
|
||||
char *getenv(const char *);],
|
||||
[struct ssl_cipher_st;
|
||||
unsigned SSL_CIPHER_get_id(const struct ssl_cipher_st *);
|
||||
char *getenv(const char *);],
|
||||
dnl This funny-looking test program calls getenv, so that the compiler
|
||||
dnl will neither make code that call SSL_CIPHER_get_id(NULL) [producing
|
||||
dnl a crash], nor optimize out the call to SSL_CIPHER_get_id().
|
||||
dnl We look for SSL_cipher_get_id() because it is present in
|
||||
dnl OpenSSL >=1.0.1, because it is not deprecated, and because Tor
|
||||
dnl depends on it.
|
||||
[if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [],
|
||||
[/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
|
||||
|
||||
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
|
||||
|
@ -116,7 +116,11 @@ aes_cipher_free_(aes_cnt_cipher_t *cipher_)
|
||||
if (!cipher_)
|
||||
return;
|
||||
EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
|
||||
EVP_CIPHER_CTX_reset(cipher);
|
||||
#else
|
||||
EVP_CIPHER_CTX_cleanup(cipher);
|
||||
#endif
|
||||
EVP_CIPHER_CTX_free(cipher);
|
||||
}
|
||||
void
|
||||
|
@ -43,6 +43,7 @@ DISABLE_GCC_WARNING(redundant-decls)
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
ENABLE_GCC_WARNING(redundant-decls)
|
||||
|
||||
@ -204,8 +205,15 @@ crypto_early_init(void)
|
||||
|
||||
crypto_early_initialized_ = 1;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
|
||||
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
|
||||
OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
|
||||
OPENSSL_INIT_ADD_ALL_CIPHERS |
|
||||
OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
|
||||
#else
|
||||
ERR_load_crypto_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
#endif
|
||||
|
||||
setup_openssl_threading();
|
||||
|
||||
@ -1660,11 +1668,15 @@ memwipe(void *mem, uint8_t byte, size_t sz)
|
||||
int
|
||||
crypto_global_cleanup(void)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
|
||||
EVP_cleanup();
|
||||
#endif
|
||||
#ifndef NEW_THREAD_API
|
||||
ERR_remove_thread_state(NULL);
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
|
||||
ERR_free_strings();
|
||||
#endif
|
||||
|
||||
if (dh_param_p)
|
||||
BN_clear_free(dh_param_p);
|
||||
@ -1676,11 +1688,15 @@ crypto_global_cleanup(void)
|
||||
dh_param_p = dh_param_p_tls = dh_param_g = NULL;
|
||||
|
||||
#ifndef DISABLE_ENGINES
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
|
||||
ENGINE_cleanup();
|
||||
#endif
|
||||
#endif
|
||||
|
||||
CONF_modules_unload(1);
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
#endif
|
||||
|
||||
crypto_openssl_free_all();
|
||||
|
||||
|
@ -56,10 +56,25 @@ ENABLE_GCC_WARNING(redundant-decls)
|
||||
#include "container.h"
|
||||
#include <string.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
|
||||
#define X509_get_notBefore_const(cert) \
|
||||
X509_get0_notBefore(cert)
|
||||
#define X509_get_notAfter_const(cert) \
|
||||
X509_get0_notAfter(cert)
|
||||
#ifndef X509_get_notBefore
|
||||
#define X509_get_notBefore(cert) \
|
||||
X509_getm_notBefore(cert)
|
||||
#endif
|
||||
#ifndef X509_get_notAfter
|
||||
#define X509_get_notAfter(cert) \
|
||||
X509_getm_notAfter(cert)
|
||||
#endif
|
||||
#else /* ! OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) */
|
||||
#define X509_get_notBefore_const(cert) \
|
||||
((const ASN1_TIME*) X509_get_notBefore((X509 *)cert))
|
||||
#define X509_get_notAfter_const(cert) \
|
||||
((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
|
||||
#endif
|
||||
|
||||
/* Copied from or.h */
|
||||
#define LEGAL_NICKNAME_CHARACTERS \
|
||||
@ -355,8 +370,12 @@ tor_tls_init(void)
|
||||
check_no_tls_errors();
|
||||
|
||||
if (!tls_library_is_initialized) {
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
|
||||
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
|
||||
#else
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
#endif
|
||||
|
||||
#if (SIZEOF_VOID_P >= 8 && \
|
||||
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
|
||||
|
@ -202,6 +202,17 @@ test_tortls_tor_tls_get_error(void *data)
|
||||
tor_tls_free(tls);
|
||||
}
|
||||
|
||||
static void
|
||||
library_init(void)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
|
||||
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
|
||||
#else
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
test_tortls_get_state_description(void *ignored)
|
||||
{
|
||||
@ -210,9 +221,7 @@ test_tortls_get_state_description(void *ignored)
|
||||
char *buf;
|
||||
SSL_CTX *ctx;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
library_init();
|
||||
ctx = SSL_CTX_new(SSLv23_method());
|
||||
|
||||
buf = tor_malloc_zero(1000);
|
||||
@ -274,8 +283,7 @@ test_tortls_get_by_ssl(void *ignored)
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
library_init();
|
||||
tor_tls_allocate_tor_tls_object_ex_data_index();
|
||||
|
||||
ctx = SSL_CTX_new(SSLv23_method());
|
||||
@ -322,8 +330,7 @@ test_tortls_log_one_error(void *ignored)
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl = NULL;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
library_init();
|
||||
|
||||
ctx = SSL_CTX_new(SSLv23_method());
|
||||
tls = tor_malloc_zero(sizeof(tor_tls_t));
|
||||
@ -415,8 +422,7 @@ test_tortls_get_error(void *ignored)
|
||||
int ret;
|
||||
SSL_CTX *ctx;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
library_init();
|
||||
|
||||
ctx = SSL_CTX_new(SSLv23_method());
|
||||
setup_capture_of_logs(LOG_INFO);
|
||||
@ -792,8 +798,8 @@ test_tortls_classify_client_ciphers(void *ignored)
|
||||
STACK_OF(SSL_CIPHER) *ciphers;
|
||||
SSL_CIPHER *tmp_cipher;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
library_init();
|
||||
|
||||
tor_tls_allocate_tor_tls_object_ex_data_index();
|
||||
|
||||
tls = tor_malloc_zero(sizeof(tor_tls_t));
|
||||
@ -897,8 +903,7 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
|
||||
SSL_SESSION *sess;
|
||||
STACK_OF(SSL_CIPHER) *ciphers;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
library_init();
|
||||
|
||||
ctx = SSL_CTX_new(TLSv1_method());
|
||||
ssl = SSL_new(ctx);
|
||||
@ -1541,8 +1546,8 @@ test_tortls_session_secret_cb(void *ignored)
|
||||
STACK_OF(SSL_CIPHER) *ciphers = NULL;
|
||||
SSL_CIPHER *one;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
library_init();
|
||||
|
||||
tor_tls_allocate_tor_tls_object_ex_data_index();
|
||||
|
||||
tls = tor_malloc_zero(sizeof(tor_tls_t));
|
||||
@ -1733,8 +1738,7 @@ test_tortls_find_cipher_by_id(void *ignored)
|
||||
fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
|
||||
fixed_cipher2->id = 0xC00A;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
library_init();
|
||||
|
||||
ctx = SSL_CTX_new(m);
|
||||
ssl = SSL_new(ctx);
|
||||
@ -1825,8 +1829,7 @@ test_tortls_server_info_callback(void *ignored)
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
library_init();
|
||||
|
||||
ctx = SSL_CTX_new(TLSv1_method());
|
||||
ssl = SSL_new(ctx);
|
||||
|
Loading…
Reference in New Issue
Block a user