[tor-commits] [tor/release-0.2.9] Support LibreSSL with opaque structures
nickm at torproject.org
nickm at torproject.org
Wed Feb 1 15:43:14 UTC 2017
commit e9ec818c28c96ba1ca6f40c9ccc84c900a5b7265
Author: rubiate <cb at viennan.net>
Date: Thu Feb 2 00:10:46 2017 +1300
Support LibreSSL with opaque structures
Determining if OpenSSL structures are opaque now uses an autoconf check
instead of comparing the version number. Some definitions have been
moved to their own check as assumptions which were true for OpenSSL
with opaque structures did not hold for LibreSSL. Closes ticket 21359.
---
changes/21359 | 8 ++++++++
configure.ac | 5 +++++
src/test/test_tortls.c | 43 ++++++++++++++++++++++++-------------------
3 files changed, 37 insertions(+), 19 deletions(-)
diff --git a/changes/21359 b/changes/21359
new file mode 100644
index 0000000..3b54c91
--- /dev/null
+++ b/changes/21359
@@ -0,0 +1,8 @@
+ o Testing
+ - tortls tests now use an autoconf check to determine if OpenSSL
+ structures are opaque, instead of an explicit version check.
+ See ticket 21359.
+
+ o Minor bugfixes (compilation)
+ - Support building with recent LibreSSL code that uses opaque
+ structures. Closes ticket 21359.
diff --git a/configure.ac b/configure.ac
index 2134a41..f7bdd97 100644
--- a/configure.ac
+++ b/configure.ac
@@ -677,6 +677,11 @@ AC_CHECK_FUNCS([ \
dnl Check if OpenSSL has scrypt implementation.
AC_CHECK_FUNCS([ EVP_PBE_scrypt ])
+dnl Check if OpenSSL structures are opaque
+AC_CHECK_MEMBERS([SSL.state], , ,
+[#include <openssl/ssl.h>
+])
+
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index 1cba617..47455cf 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -38,9 +38,11 @@ ENABLE_GCC_WARNING(redundant-decls)
#include "log_test_helpers.h"
#define NS_MODULE tortls
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) \
- && !defined(LIBRESSL_VERSION_NUMBER)
+#ifndef HAVE_SSL_STATE
#define OPENSSL_OPAQUE
+#endif
+
+#if defined(OPENSSL_OPAQUE) && !defined(LIBRESSL_VERSION_NUMBER)
#define SSL_STATE_STR "before SSL initialization"
#else
#define SSL_STATE_STR "before/accept initialization"
@@ -723,6 +725,26 @@ test_tortls_get_my_certs(void *ignored)
(void)1;
}
+#ifndef HAVE_SSL_GET_CLIENT_CIPHERS
+static SSL_CIPHER *
+get_cipher_by_name(const char *name)
+{
+ int i;
+ const SSL_METHOD *method = SSLv23_method();
+ int num = method->num_ciphers();
+
+ for (i = 0; i < num; ++i) {
+ const SSL_CIPHER *cipher = method->get_cipher(i);
+ const char *ciphername = SSL_CIPHER_get_name(cipher);
+ if (!strcmp(ciphername, name)) {
+ return (SSL_CIPHER *)cipher;
+ }
+ }
+
+ return NULL;
+}
+#endif
+
#ifndef OPENSSL_OPAQUE
static void
test_tortls_get_ciphersuite_name(void *ignored)
@@ -742,23 +764,6 @@ test_tortls_get_ciphersuite_name(void *ignored)
}
static SSL_CIPHER *
-get_cipher_by_name(const char *name)
-{
- int i;
- const SSL_METHOD *method = SSLv23_method();
- int num = method->num_ciphers();
- for (i = 0; i < num; ++i) {
- const SSL_CIPHER *cipher = method->get_cipher(i);
- const char *ciphername = SSL_CIPHER_get_name(cipher);
- if (!strcmp(ciphername, name)) {
- return (SSL_CIPHER *)cipher;
- }
- }
-
- return NULL;
-}
-
-static SSL_CIPHER *
get_cipher_by_id(uint16_t id)
{
int i;
More information about the tor-commits
mailing list