nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 12:23:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/maint-0.2.5'

Browse Source
This commit is contained in:
Nick Mathewson 2014-10-03 19:58:25 -04:00
commit bbffd0a018
3 changed files with 46 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug13325 Normal file
View File

@ -0,0 +1,4 @@
o Compilation fixes:
- Build and run correctly on systems like OpenBSD-current that
have patched OpenSSL to remove get_cipher_by_char and/or its
implementations. Fixes issue 13325.

4
configure.ac
View File

@ -582,6 +582,10 @@ else
fi fi
AC_SUBST(TOR_OPENSSL_LIBS) AC_SUBST(TOR_OPENSSL_LIBS)
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])
dnl ------------------------------------------------------ dnl ------------------------------------------------------
dnl Where do you live, zlib? And how do we call you? dnl Where do you live, zlib? And how do we call you?

48
src/common/tortls.c
View File

@ -1463,6 +1463,43 @@ static uint16_t v2_cipher_list[] = {
/** Have we removed the unrecognized ciphers from v2_cipher_list yet? */ /** Have we removed the unrecognized ciphers from v2_cipher_list yet? */
static int v2_cipher_list_pruned = 0; static int v2_cipher_list_pruned = 0;
/** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>;
* return 1 if it does support it, or if we have no way to tell. */
static int
find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
{
const SSL_CIPHER *c;
#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR
if (m && m->get_cipher_by_char) {
unsigned char cipherid[3];
set_uint16(cipherid, htons(cipher));
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
* with a two-byte 'cipherid', it may look for a v2
* cipher with the appropriate 3 bytes. */
c = m->get_cipher_by_char(cipherid);
if (c)
tor_assert((c->id & 0xffff) == cipher);
return c != NULL;
} else
#endif
if (m && m->get_cipher && m->num_ciphers) {
/* It would seem that some of the "let's-clean-up-openssl" forks have
* removed the get_cipher_by_char function. Okay, so now you get a
* quadratic search.
*/
int i;
for (i = 0; i < m->num_ciphers(); ++i) {
c = m->get_cipher(i);
if (c && (c->id & 0xffff) == cipher) {
return 1;
}
}
return 0;
} else {
return 1; /* No way to search */
}
}
/** Remove from v2_cipher_list every cipher that we don't support, so that /** Remove from v2_cipher_list every cipher that we don't support, so that
* comparing v2_cipher_list to a client's cipher list will give a sensible * comparing v2_cipher_list to a client's cipher list will give a sensible
* result. */ * result. */
@ -1474,16 +1511,7 @@ prune_v2_cipher_list(void)
inp = outp = v2_cipher_list; inp = outp = v2_cipher_list;
while (*inp) { while (*inp) {
unsigned char cipherid[3]; if (find_cipher_by_id(m, *inp)) {
const SSL_CIPHER *cipher;
/* Is there no better way to do this? */
set_uint16(cipherid, htons(*inp));
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
* with a two-byte 'cipherid', it may look for a v2
* cipher with the appropriate 3 bytes. */
cipher = m->get_cipher_by_char(cipherid);
if (cipher) {
tor_assert((cipher->id & 0xffff) == *inp);
*outp++ = *inp++; *outp++ = *inp++;
} else { } else {
inp++; inp++;