[tor-bugs] #20460 [Core Tor/Tor]: tortls test failures with recent LibreSSL (OpenBSD -current)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Nov 5 08:00:48 UTC 2016


#20460: tortls test failures with recent LibreSSL (OpenBSD -current)
------------------------------+----------------------------------------
 Reporter:  rubiate           |          Owner:
     Type:  defect            |         Status:  new
 Priority:  Medium            |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor      |        Version:  Tor: 0.3.0.0-alpha-dev
 Severity:  Normal            |     Resolution:
 Keywords:  libressl openbsd  |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+----------------------------------------

Comment (by rubiate):

 Replying to [comment:3 nickm]:
 > I think the right fix is to have the tests say "ECDHE" instead; they
 were probably supposed to in the first place.

 Sure, that makes them pass. I wasn't sure what the ->id refers to or if
 they need to be changed, guess not?

 {{{
 diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
 index 44961c8..e2fee81 100644
 --- a/src/test/test_tortls.c
 +++ b/src/test/test_tortls.c
 @@ -834,9 +834,9 @@ test_tortls_classify_client_ciphers(void *ignored)

    sk_SSL_CIPHER_zero(ciphers);

 -  one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
 +  one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
    one->id = 0x00ff;
 -  two = get_cipher_by_name("ECDH-RSA-AES128-GCM-SHA256");
 +  two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
    two->id = 0x0000;
    sk_SSL_CIPHER_push(ciphers, one);
    tls->client_cipher_list_type = 0;
 @@ -906,7 +906,7 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
    tt_int_op(ret, OP_EQ, 0);

    ciphers = sk_SSL_CIPHER_new_null();
 -  SSL_CIPHER *one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
 +  SSL_CIPHER *one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
    one->id = 0x00ff;
    sk_SSL_CIPHER_push(ciphers, one);
    sess->ciphers = ciphers;
 @@ -1551,7 +1551,7 @@ test_tortls_session_secret_cb(void *ignored)
    tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
    tt_assert(!tls->ssl->tls_session_secret_cb);

 -  one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
 +  one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
    one->id = 0x00ff;
    ciphers = sk_SSL_CIPHER_new_null();
    sk_SSL_CIPHER_push(ciphers, one);
 }}}

 Does this need a changes file? If so...

 {{{
 diff --git a/changes/20460 b/changes/20460
 new file mode 100644
 index 0000000..d51ec3a
 --- /dev/null
 +++ b/changes/20460
 @@ -0,0 +1,4 @@
 +  o Minor bugfixes (testing)
 +    - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has
 +      removed the ECDH ciphers which caused the tests to fail on
 +      platforms which use it. Closes ticket 20460.
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20460#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list