Loading changes/ticket40165 0 → 100644 +5 −0 Original line number Diff line number Diff line o Minor features (compilation): - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these.) Closes ticket 40165. changes/ticket40170 0 → 100644 +3 −0 Original line number Diff line number Diff line o Minor bugfixes (tests): - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. configure.ac +18 −1 Original line number Diff line number Diff line Loading @@ -1065,13 +1065,30 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS" LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS" CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS" dnl Tor currently uses a number of APIs that are deprecated in OpenSSL 3.0.0 dnl and later. We want to migrate away from them, but that will be a lot of dnl work. (See ticket tor#40166.) For now, we disable the deprecation dnl warnings. AC_MSG_CHECKING([for OpenSSL >= 3.0.0]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L #error "you_have_version_3" #endif ]], [[]])], [ AC_MSG_RESULT([no]) ], [ AC_MSG_RESULT([yes]); AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl deprecated-function warnings]) ]) AC_MSG_CHECKING([for OpenSSL < 1.0.1]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL #error "too old" #endif ]], [[]])], [ : ], [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ Loading src/lib/crypt_ops/compat_openssl.h +0 −5 Original line number Diff line number Diff line Loading @@ -32,10 +32,6 @@ #define OPENSSL_1_1_API #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ #ifndef OPENSSL_VERSION #define OPENSSL_VERSION SSLEAY_VERSION #endif #ifndef OPENSSL_1_1_API #define OpenSSL_version(v) SSLeay_version(v) #define OpenSSL_version_num() SSLeay() Loading @@ -54,4 +50,3 @@ #endif /* defined(ENABLE_OPENSSL) */ #endif /* !defined(TOR_COMPAT_OPENSSL_H) */ src/lib/crypt_ops/crypto_openssl_mgt.c +11 −2 Original line number Diff line number Diff line Loading @@ -101,13 +101,22 @@ static char *crypto_openssl_version_str = NULL; const char * crypto_openssl_get_version_str(void) { #ifdef OPENSSL_VERSION const int query = OPENSSL_VERSION; #else /* This old name was changed around OpenSSL 1.1.0 */ const int query = SSLEAY_VERSION; #endif if (crypto_openssl_version_str == NULL) { const char *raw_version = OpenSSL_version(OPENSSL_VERSION); const char *raw_version = OpenSSL_version(query); crypto_openssl_version_str = parse_openssl_version_str(raw_version); } return crypto_openssl_version_str; } #undef QUERY_OPENSSL_VERSION static char *crypto_openssl_header_version_str = NULL; /* Return a human-readable version of the compile-time openssl version * number. */ Loading Loading @@ -214,7 +223,7 @@ crypto_openssl_early_init(void) setup_openssl_threading(); unsigned long version_num = OpenSSL_version_num(); const char *version_str = OpenSSL_version(OPENSSL_VERSION); const char *version_str = crypto_openssl_get_version_str(); if (version_num == OPENSSL_VERSION_NUMBER && !strcmp(version_str, OPENSSL_VERSION_TEXT)) { log_info(LD_CRYPTO, "OpenSSL version matches version from headers " Loading Loading
changes/ticket40165 0 → 100644 +5 −0 Original line number Diff line number Diff line o Minor features (compilation): - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these.) Closes ticket 40165.
changes/ticket40170 0 → 100644 +3 −0 Original line number Diff line number Diff line o Minor bugfixes (tests): - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.
configure.ac +18 −1 Original line number Diff line number Diff line Loading @@ -1065,13 +1065,30 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS" LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS" CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS" dnl Tor currently uses a number of APIs that are deprecated in OpenSSL 3.0.0 dnl and later. We want to migrate away from them, but that will be a lot of dnl work. (See ticket tor#40166.) For now, we disable the deprecation dnl warnings. AC_MSG_CHECKING([for OpenSSL >= 3.0.0]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L #error "you_have_version_3" #endif ]], [[]])], [ AC_MSG_RESULT([no]) ], [ AC_MSG_RESULT([yes]); AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl deprecated-function warnings]) ]) AC_MSG_CHECKING([for OpenSSL < 1.0.1]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL #error "too old" #endif ]], [[]])], [ : ], [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ Loading
src/lib/crypt_ops/compat_openssl.h +0 −5 Original line number Diff line number Diff line Loading @@ -32,10 +32,6 @@ #define OPENSSL_1_1_API #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ #ifndef OPENSSL_VERSION #define OPENSSL_VERSION SSLEAY_VERSION #endif #ifndef OPENSSL_1_1_API #define OpenSSL_version(v) SSLeay_version(v) #define OpenSSL_version_num() SSLeay() Loading @@ -54,4 +50,3 @@ #endif /* defined(ENABLE_OPENSSL) */ #endif /* !defined(TOR_COMPAT_OPENSSL_H) */
src/lib/crypt_ops/crypto_openssl_mgt.c +11 −2 Original line number Diff line number Diff line Loading @@ -101,13 +101,22 @@ static char *crypto_openssl_version_str = NULL; const char * crypto_openssl_get_version_str(void) { #ifdef OPENSSL_VERSION const int query = OPENSSL_VERSION; #else /* This old name was changed around OpenSSL 1.1.0 */ const int query = SSLEAY_VERSION; #endif if (crypto_openssl_version_str == NULL) { const char *raw_version = OpenSSL_version(OPENSSL_VERSION); const char *raw_version = OpenSSL_version(query); crypto_openssl_version_str = parse_openssl_version_str(raw_version); } return crypto_openssl_version_str; } #undef QUERY_OPENSSL_VERSION static char *crypto_openssl_header_version_str = NULL; /* Return a human-readable version of the compile-time openssl version * number. */ Loading Loading @@ -214,7 +223,7 @@ crypto_openssl_early_init(void) setup_openssl_threading(); unsigned long version_num = OpenSSL_version_num(); const char *version_str = OpenSSL_version(OPENSSL_VERSION); const char *version_str = crypto_openssl_get_version_str(); if (version_num == OPENSSL_VERSION_NUMBER && !strcmp(version_str, OPENSSL_VERSION_TEXT)) { log_info(LD_CRYPTO, "OpenSSL version matches version from headers " Loading
