Merge remote-tracking branch 'tor-gitlab/mr/186' into maint-0.3.5

This commit is contained in:
David Goulet 2021-01-28 12:04:37 -05:00
commit c6fb26695b
7 changed files with 39 additions and 12 deletions

5
changes/ticket40165 Normal file
View File

@ -0,0 +1,5 @@
o Minor features (compilation):
- Disable deprecation warnings when building with OpenSSL 3.0.0 or later.
There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor
still requires. (A later version of Tor will try to stop depending on
these.) Closes ticket 40165.

3
changes/ticket40170 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (tests):
- Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0.
Fixes bug 40170; bugfix on 0.2.8.1-alpha.

View File

@ -937,13 +937,30 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS" LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS" CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
dnl Tor currently uses a number of APIs that are deprecated in OpenSSL 3.0.0
dnl and later. We want to migrate away from them, but that will be a lot of
dnl work. (See ticket tor#40166.) For now, we disable the deprecation
dnl warnings.
AC_MSG_CHECKING([for OpenSSL >= 3.0.0])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L
#error "you_have_version_3"
#endif
]], [[]])],
[ AC_MSG_RESULT([no]) ],
[ AC_MSG_RESULT([yes]);
AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl deprecated-function warnings]) ])
AC_MSG_CHECKING([for OpenSSL < 1.0.1])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
#error "too old" #error "too old"
#endif #endif
]], [[]])], ]], [[]])],
[ : ], [ AC_MSG_RESULT([no]) ],
[ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[

View File

@ -32,10 +32,6 @@
#define OPENSSL_1_1_API #define OPENSSL_1_1_API
#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
#ifndef OPENSSL_VERSION
#define OPENSSL_VERSION SSLEAY_VERSION
#endif
#ifndef OPENSSL_1_1_API #ifndef OPENSSL_1_1_API
#define OpenSSL_version(v) SSLeay_version(v) #define OpenSSL_version(v) SSLeay_version(v)
#define OpenSSL_version_num() SSLeay() #define OpenSSL_version_num() SSLeay()
@ -54,4 +50,3 @@
#endif /* defined(ENABLE_OPENSSL) */ #endif /* defined(ENABLE_OPENSSL) */
#endif /* !defined(TOR_COMPAT_OPENSSL_H) */ #endif /* !defined(TOR_COMPAT_OPENSSL_H) */

View File

@ -101,13 +101,22 @@ static char *crypto_openssl_version_str = NULL;
const char * const char *
crypto_openssl_get_version_str(void) crypto_openssl_get_version_str(void)
{ {
#ifdef OPENSSL_VERSION
const int query = OPENSSL_VERSION;
#else
/* This old name was changed around OpenSSL 1.1.0 */
const int query = SSLEAY_VERSION;
#endif
if (crypto_openssl_version_str == NULL) { if (crypto_openssl_version_str == NULL) {
const char *raw_version = OpenSSL_version(OPENSSL_VERSION); const char *raw_version = OpenSSL_version(query);
crypto_openssl_version_str = parse_openssl_version_str(raw_version); crypto_openssl_version_str = parse_openssl_version_str(raw_version);
} }
return crypto_openssl_version_str; return crypto_openssl_version_str;
} }
#undef QUERY_OPENSSL_VERSION
static char *crypto_openssl_header_version_str = NULL; static char *crypto_openssl_header_version_str = NULL;
/* Return a human-readable version of the compile-time openssl version /* Return a human-readable version of the compile-time openssl version
* number. */ * number. */
@ -208,7 +217,7 @@ crypto_openssl_early_init(void)
setup_openssl_threading(); setup_openssl_threading();
unsigned long version_num = OpenSSL_version_num(); unsigned long version_num = OpenSSL_version_num();
const char *version_str = OpenSSL_version(OPENSSL_VERSION); const char *version_str = crypto_openssl_get_version_str();
if (version_num == OPENSSL_VERSION_NUMBER && if (version_num == OPENSSL_VERSION_NUMBER &&
!strcmp(version_str, OPENSSL_VERSION_TEXT)) { !strcmp(version_str, OPENSSL_VERSION_TEXT)) {
log_info(LD_CRYPTO, "OpenSSL version matches version from headers " log_info(LD_CRYPTO, "OpenSSL version matches version from headers "

View File

@ -16,8 +16,7 @@
#include "orconfig.h" #include "orconfig.h"
#ifdef ENABLE_OPENSSL #ifdef ENABLE_OPENSSL
#include <openssl/engine.h> #include <openssl/opensslv.h>
/* /*
Macro to create an arbitrary OpenSSL version number as used by Macro to create an arbitrary OpenSSL version number as used by
OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard

View File

@ -283,8 +283,7 @@ test_tortls_log_one_error(void *ignored)
mock_clean_saved_logs(); mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL); tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
expect_log_msg("TLS error with 127.hello: " expect_log_msg_containing("TLS error with 127.hello");
"BN lib (in unknown library:(null):---)\n");
mock_clean_saved_logs(); mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),