We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.
Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
- tor-gencert
- pbkdf2
I hope that the debian clang maintainers will look at debian bug
903709 soon. But until they do, this should keep our users and our
CI happy on sid with clang.
Closes ticket 26779.
If we're building for Windows, we want to use windows threads no
matter what, and we don't want to link a pthread library even if it
is present. Fixes bug 27081; bugfix on 1790dc6760 in 0.1.0.1-rc.
Based on a patch from Hello71 on ticket 20424.
This patch additionally fixes openbsd-malloc support, switches
our tcmalloc support to use pkgconfig, and tells the compiler to
omit system malloc implementations as appropriate.
squash! Add a --with-malloc option.
Edit changelog file to fix a typo and credit Alex Xu in preferred format.
Conditionalize the pragma that temporarily disables
-Wunused-const-variable. Some versions of gcc don't support it. We
need to do this because of an apparent bug in some libzstd headers.
Fixes bug 26785; bugfix on 0.3.2.11.
Work around two different bugs in the OS X 10.10 and later SDKs that would
prevent us from successfully targeting earlier versions of OS X.
Fixes bug 26876; bugfix on 0.3.3.1-alpha.
We have to check for ERR_load_KDF_strings() here, since that's the
only one that's actually a function rather than a macro.
Fixes compilation with LibreSSL. Fixes bug 26712; bug not in
any released Tor.
When we do redefine them, use inline functions instead of #define.
This fixes a latent code problem in our redefinition of these
functions, which was exposed by our refactoring: Previously, we
would #define strcasecmp after string.h was included, so nothing bad
would happen. But when we refactored, we would sometimes #define it
first, which was a problem on mingw, whose headers contain
(approximately):
inline int strcasecmp (const char *a, const char *b)
{ return _stricmp(a,b); }
Our define turned this into:
inline int _stricmp(const char *a, const char *b)
{ return _stricmp(a,b); }
And GCC would correctly infer that this function would loop forever,
rather than actually comparing anything. This caused bug 26594.
Fixes bug 26594; bug not in any released version of Tor.
We had accumulated a bunch of cruft here. Now let's only include
src and src/ext. (exception: src/trunnel is autogenerated code, and
need to include src/trunnel.)
This commit will break the build hard. The next commit will fix it.
We need this trick because some of our Rust tests depend on our C
code, which in turn depend on other native libraries, which thereby
pulls a whole mess of our build system into "cargo test".
To solve this, we add a build script (build.rs) to set most of the
options that we want based on the contents of config.rust. Some
options can't be set, and need to go to the linker directly: we use
a linker replacement (link_rust.sh) for these. Both config.rust and
link_rust.sh are generated by autoconf for us.
This patch on its own should enough to make the crypto test build,
but not necessarily enough to make it pass.
The --disable-module-* configure option removes code from the final binary but
we still build the unit tests with the disable module(s) so we can actually
test that code path all the time and not forget about it.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Make our build system support a disable dirauth module option. It can only be
disabled explicitly with:
$ ./configure --disable-module-dirauth
If *not* specified that is enabled, an automake conditional variable is set to
true and a defined value for the C code:
AM_CONDITIONAL: BUILD_MODULE_DIRAUTH
AC_DEFINE: HAVE_MODULE_DIRAUTH=1
This introduces the dirauth/ module directory in src/or/ for which .c files
are only compiled if the BUILD_MODULE_DIRAUTH is set.
All the header files are compiled in regardless of the support so we can use
the alternative entry point functions of the dirauth subsystem.
Signed-off-by: David Goulet <dgoulet@torproject.org>
When openssl is built with no-deprecated, the TLSv1_1_method()
function isn't visible in the headers. That's sad, because that
method is what we were looking at.
Instead, we now look at SSL_CIPHER_get_id(), which is present in
OpenSSL 1.0.1 and later, which is _not_ deprecated, and which is
also present in LibreSSL.
Fixes ticket 25353. Not a bugfix exactly -- we never really worked
with this configuration.
When merging the patches for #25310 the libc version requirement in
`GettingStartedRust.md` and `configure.ac` did not get updated to the
now needed 0.2.39.
Without this fix, we were just getting SRCDIR=`pwd`, which naturally
was breaking out-of-tree builds.
Bugfix on becae4c943969a4f4f14423cc897d39f41af7773; bug not in any
released Tor.
We'd been using crypto_digest_dup() and crypto_digest_assign() here,
but they aren't necessary. Instead we can just use the stack to
store the previous state of the SHA_CTX and avoid a malloc/free pair.
Closes ticket 24914.
For 23847, we want Tor to be able to shut down and then restart in
the same process. Here's a patch to make the Tor binary do that.
To test it, you need to build with --enable-restart-debugging, and
then you need to set the environment variable TOR_DEBUG_RESTART.
With this option, Tor will then run for 5 seconds, then restart
itself in-process without exiting. This only happens once.
You can change the 5-second interval using
TOR_DEBUG_RESTART_AFTER_SECONDS.
Implements ticket 24583.
* ADDS several `AC_MSG_RESULT`s which print the result of our checks
for our rust dependencies and a check for a suitable rustc compiler
version.
* FIXES#24612: https://bugs.torproject.org/24612
This patch adds support for Android's logging subsystem in Tor. When
debugging Android applications it is useful to be able to collect
information about the application running on the platform via the
various system services that is available on the platform.
This patch allows you to add "Log notice android" to your torrc and have
Tor send everything above and including the notice severity to Android's
ring buffer which can be inspected using the 'adb logcat' program.
See: https://bugs.torproject.org/24362
Modified -Wnormalized flag to nfkc option in configure.ac to avoid source code
identifier confusion.
Fixes#24467
Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
Previously we would detect the system openssl on OSX, and then fail
to use it, since we required Open 1.0.1 or later. That's silly!
Instead of looking for RAND_add(), look for TLSv1_1_method(): it was
introduced in 1.0.1, and is also present in LibreSSL.
Also, add the hombebrew path to our search path here.
Fixes bug 23602; bugfix on 0.2.7.2-alpha.
Add a detection for the KIST scheduler in our build system and set
HAVE_KIST_SUPPORT if available.
Adapt the should use kist function with this new compile option.
Signed-off-by: David Goulet <dgoulet@torproject.org>