[tor-commits] [tor/master] Make tortls unit tests pass with LibreSSL.
nickm at torproject.org
nickm at torproject.org
Wed Feb 3 19:46:51 UTC 2016
commit fa52b6f075a8bb90a3f3a014ef7423940f8a20b7
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Feb 3 11:31:57 2016 -0500
Make tortls unit tests pass with LibreSSL.
Part of the fix for 17921.
---
src/common/tortls.c | 2 +-
src/test/test_tortls.c | 24 +++++++++++++++++++-----
2 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 5f84e5c..827abc4 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1338,7 +1338,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
return c != NULL;
}
# endif
-# if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
+# ifndef OPENSSL_1_1_API
if (m && m->get_cipher && m->num_ciphers) {
/* It would seem that some of the "let's-clean-up-openssl" forks have
* removed the get_cipher_by_char function. Okay, so now you get a
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index ce7e6bc..71b3863 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -1600,12 +1600,19 @@ test_tortls_block_renegotiation(void *ignored)
tls = tor_malloc_zero(sizeof(tor_tls_t));
tls->ssl = tor_malloc_zero(sizeof(SSL));
tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
- tls->ssl->s3->flags = 0x0010;
+#ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
+#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
+#endif
- tor_tls_block_renegotiation(tls);
+ tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- tt_assert(!(SSL_get_options(tls->ssl) & 0x0010));
+ tor_tls_block_renegotiation(tls);
+#ifndef OPENSSL_1_1_API
+ tt_assert(!(tls->ssl->s3->flags &
+ SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
+#endif
+
done:
tor_free(tls->ssl->s3);
tor_free(tls->ssl);
@@ -1622,7 +1629,9 @@ test_tortls_unblock_renegotiation(void *ignored)
tls->ssl = tor_malloc_zero(sizeof(SSL));
tor_tls_unblock_renegotiation(tls);
- tt_assert(SSL_get_options(tls->ssl) & 0x00040000L);
+ tt_uint_op(SSL_get_options(tls->ssl) &
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ,
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
done:
tor_free(tls->ssl);
@@ -1906,6 +1915,7 @@ fixed_ssl_shutdown(SSL *s)
return fixed_ssl_shutdown_result;
}
+#ifndef LIBRESSL_VERSION_NUMBER
static int fixed_ssl_state_to_set;
static tor_tls_t *fixed_tls;
@@ -1923,6 +1933,7 @@ setting_version_and_state_ssl_shutdown(SSL *s)
s->version = SSL2_VERSION;
return fixed_ssl_shutdown_result;
}
+#endif
static int
dummy_handshake_func(SSL *s)
@@ -1956,6 +1967,7 @@ test_tortls_shutdown(void *ignored)
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, -9);
+#ifndef LIBRESSL_VERSION_NUMBER
tls->ssl->handshake_func = dummy_handshake_func;
fixed_ssl_read_result_index = 0;
@@ -2017,6 +2029,7 @@ test_tortls_shutdown(void *ignored)
method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+#endif
done:
teardown_capture_of_logs(previous_log);
@@ -2079,6 +2092,7 @@ test_tortls_read(void *ignored)
ret = tor_tls_read(tls, buf, 10);
tt_int_op(negotiated_callback_called, OP_EQ, 1);
+#ifndef LIBRESSL_VERSION_NUMBER
fixed_ssl_read_result_index = 0;
fixed_ssl_read_result[0] = 0;
tls->ssl->version = SSL2_VERSION;
@@ -2086,7 +2100,7 @@ test_tortls_read(void *ignored)
ret = tor_tls_read(tls, buf, 10);
tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
-
+#endif
// TODO: fill up
done:
More information about the tor-commits
mailing list