mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Merge remote-tracking branch 'origin/maint-0.2.5'
This commit is contained in:
commit
bbffd0a018
4
changes/bug13325
Normal file
4
changes/bug13325
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
o Compilation fixes:
|
||||||
|
- Build and run correctly on systems like OpenBSD-current that
|
||||||
|
have patched OpenSSL to remove get_cipher_by_char and/or its
|
||||||
|
implementations. Fixes issue 13325.
|
@ -582,6 +582,10 @@ else
|
|||||||
fi
|
fi
|
||||||
AC_SUBST(TOR_OPENSSL_LIBS)
|
AC_SUBST(TOR_OPENSSL_LIBS)
|
||||||
|
|
||||||
|
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
|
||||||
|
[#include <openssl/ssl.h>
|
||||||
|
])
|
||||||
|
|
||||||
dnl ------------------------------------------------------
|
dnl ------------------------------------------------------
|
||||||
dnl Where do you live, zlib? And how do we call you?
|
dnl Where do you live, zlib? And how do we call you?
|
||||||
|
|
||||||
|
@ -1463,6 +1463,43 @@ static uint16_t v2_cipher_list[] = {
|
|||||||
/** Have we removed the unrecognized ciphers from v2_cipher_list yet? */
|
/** Have we removed the unrecognized ciphers from v2_cipher_list yet? */
|
||||||
static int v2_cipher_list_pruned = 0;
|
static int v2_cipher_list_pruned = 0;
|
||||||
|
|
||||||
|
/** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>;
|
||||||
|
* return 1 if it does support it, or if we have no way to tell. */
|
||||||
|
static int
|
||||||
|
find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
|
||||||
|
{
|
||||||
|
const SSL_CIPHER *c;
|
||||||
|
#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR
|
||||||
|
if (m && m->get_cipher_by_char) {
|
||||||
|
unsigned char cipherid[3];
|
||||||
|
set_uint16(cipherid, htons(cipher));
|
||||||
|
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
|
||||||
|
* with a two-byte 'cipherid', it may look for a v2
|
||||||
|
* cipher with the appropriate 3 bytes. */
|
||||||
|
c = m->get_cipher_by_char(cipherid);
|
||||||
|
if (c)
|
||||||
|
tor_assert((c->id & 0xffff) == cipher);
|
||||||
|
return c != NULL;
|
||||||
|
} else
|
||||||
|
#endif
|
||||||
|
if (m && m->get_cipher && m->num_ciphers) {
|
||||||
|
/* It would seem that some of the "let's-clean-up-openssl" forks have
|
||||||
|
* removed the get_cipher_by_char function. Okay, so now you get a
|
||||||
|
* quadratic search.
|
||||||
|
*/
|
||||||
|
int i;
|
||||||
|
for (i = 0; i < m->num_ciphers(); ++i) {
|
||||||
|
c = m->get_cipher(i);
|
||||||
|
if (c && (c->id & 0xffff) == cipher) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
return 1; /* No way to search */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/** Remove from v2_cipher_list every cipher that we don't support, so that
|
/** Remove from v2_cipher_list every cipher that we don't support, so that
|
||||||
* comparing v2_cipher_list to a client's cipher list will give a sensible
|
* comparing v2_cipher_list to a client's cipher list will give a sensible
|
||||||
* result. */
|
* result. */
|
||||||
@ -1474,16 +1511,7 @@ prune_v2_cipher_list(void)
|
|||||||
|
|
||||||
inp = outp = v2_cipher_list;
|
inp = outp = v2_cipher_list;
|
||||||
while (*inp) {
|
while (*inp) {
|
||||||
unsigned char cipherid[3];
|
if (find_cipher_by_id(m, *inp)) {
|
||||||
const SSL_CIPHER *cipher;
|
|
||||||
/* Is there no better way to do this? */
|
|
||||||
set_uint16(cipherid, htons(*inp));
|
|
||||||
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
|
|
||||||
* with a two-byte 'cipherid', it may look for a v2
|
|
||||||
* cipher with the appropriate 3 bytes. */
|
|
||||||
cipher = m->get_cipher_by_char(cipherid);
|
|
||||||
if (cipher) {
|
|
||||||
tor_assert((cipher->id & 0xffff) == *inp);
|
|
||||||
*outp++ = *inp++;
|
*outp++ = *inp++;
|
||||||
} else {
|
} else {
|
||||||
inp++;
|
inp++;
|
||||||
|
Loading…
Reference in New Issue
Block a user