From e9ec818c28c96ba1ca6f40c9ccc84c900a5b7265 Mon Sep 17 00:00:00 2001 From: rubiate Date: Thu, 2 Feb 2017 00:10:46 +1300 Subject: [PATCH 1/2] Support LibreSSL with opaque structures Determining if OpenSSL structures are opaque now uses an autoconf check instead of comparing the version number. Some definitions have been moved to their own check as assumptions which were true for OpenSSL with opaque structures did not hold for LibreSSL. Closes ticket 21359. --- changes/21359 | 8 ++++++++ configure.ac | 5 +++++ src/test/test_tortls.c | 43 +++++++++++++++++++++++------------------- 3 files changed, 37 insertions(+), 19 deletions(-) create mode 100644 changes/21359 diff --git a/changes/21359 b/changes/21359 new file mode 100644 index 000000000..3b54c9154 --- /dev/null +++ b/changes/21359 @@ -0,0 +1,8 @@ + o Testing + - tortls tests now use an autoconf check to determine if OpenSSL + structures are opaque, instead of an explicit version check. + See ticket 21359. + + o Minor bugfixes (compilation) + - Support building with recent LibreSSL code that uses opaque + structures. Closes ticket 21359. diff --git a/configure.ac b/configure.ac index 2134a41d3..f7bdd97e1 100644 --- a/configure.ac +++ b/configure.ac @@ -677,6 +677,11 @@ AC_CHECK_FUNCS([ \ dnl Check if OpenSSL has scrypt implementation. AC_CHECK_FUNCS([ EVP_PBE_scrypt ]) +dnl Check if OpenSSL structures are opaque +AC_CHECK_MEMBERS([SSL.state], , , +[#include +]) + LIBS="$save_LIBS" LDFLAGS="$save_LDFLAGS" CPPFLAGS="$save_CPPFLAGS" diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index 1cba617a3..47455cff8 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -38,9 +38,11 @@ ENABLE_GCC_WARNING(redundant-decls) #include "log_test_helpers.h" #define NS_MODULE tortls -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) \ - && !defined(LIBRESSL_VERSION_NUMBER) +#ifndef HAVE_SSL_STATE #define OPENSSL_OPAQUE +#endif + +#if defined(OPENSSL_OPAQUE) && !defined(LIBRESSL_VERSION_NUMBER) #define SSL_STATE_STR "before SSL initialization" #else #define SSL_STATE_STR "before/accept initialization" @@ -723,6 +725,26 @@ test_tortls_get_my_certs(void *ignored) (void)1; } +#ifndef HAVE_SSL_GET_CLIENT_CIPHERS +static SSL_CIPHER * +get_cipher_by_name(const char *name) +{ + int i; + const SSL_METHOD *method = SSLv23_method(); + int num = method->num_ciphers(); + + for (i = 0; i < num; ++i) { + const SSL_CIPHER *cipher = method->get_cipher(i); + const char *ciphername = SSL_CIPHER_get_name(cipher); + if (!strcmp(ciphername, name)) { + return (SSL_CIPHER *)cipher; + } + } + + return NULL; +} +#endif + #ifndef OPENSSL_OPAQUE static void test_tortls_get_ciphersuite_name(void *ignored) @@ -741,23 +763,6 @@ test_tortls_get_ciphersuite_name(void *ignored) tor_free(ctx); } -static SSL_CIPHER * -get_cipher_by_name(const char *name) -{ - int i; - const SSL_METHOD *method = SSLv23_method(); - int num = method->num_ciphers(); - for (i = 0; i < num; ++i) { - const SSL_CIPHER *cipher = method->get_cipher(i); - const char *ciphername = SSL_CIPHER_get_name(cipher); - if (!strcmp(ciphername, name)) { - return (SSL_CIPHER *)cipher; - } - } - - return NULL; -} - static SSL_CIPHER * get_cipher_by_id(uint16_t id) { From b928095afc757ab8616642b48e3f22a0b39520b9 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 1 Feb 2017 10:39:48 -0500 Subject: [PATCH 2/2] Rework 21359 changes file slightly. --- changes/21359 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/changes/21359 b/changes/21359 index 3b54c9154..cc9b377d5 100644 --- a/changes/21359 +++ b/changes/21359 @@ -1,8 +1,8 @@ - o Testing - - tortls tests now use an autoconf check to determine if OpenSSL - structures are opaque, instead of an explicit version check. - See ticket 21359. - o Minor bugfixes (compilation) + o Minor features (portability, compilationc) - Support building with recent LibreSSL code that uses opaque structures. Closes ticket 21359. + - Autoconf now check to determine if OpenSSL + structures are opaque, instead of explicitly checking for + OpenSSL version numbers. + Part of ticket 21359.