Commit 0a3eed5f authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Merge branch 'bug17549'

parents 0d5a4392 05c34b33

changes/bug17549

0 → 100644
+3 −0
Original line number Diff line number Diff line 
  o Minor bugfixes (compilation):

    - Repair compilation with the most recent (unreleased, alpha)

      vesions of OpenSSL 1.1. Fixes bug 17549.

src/common/compat_openssl.h

0 → 100644
+37 −0
Original line number Diff line number Diff line 
/* Copyright (c) 2001, Matej Pfajfar.

 * Copyright (c) 2001-2004, Roger Dingledine.

 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.

 * Copyright (c) 2007-2015, The Tor Project, Inc. */

/* See LICENSE for licensing information */



#ifndef TOR_COMPAT_OPENSSL_H

#define TOR_COMPAT_OPENSSL_H



#include <openssl/opensslv.h>



/**

 * \file compat_openssl.h

 *

 * \brief compatability definitions for working with different openssl forks

 **/



#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)

#error "We require OpenSSL >= 1.0.0"

#endif



#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)

#define OPENSSL_VERSION SSLEAY_VERSION

#define OpenSSL_version(v) SSLeay_version(v)

#define OpenSSL_version_num() SSLeay()

#define RAND_OpenSSL() RAND_SSLeay()

#define STATE_IS_SW_SERVER_HELLO(st)       \

  (((st) == SSL3_ST_SW_SRVR_HELLO_A) ||    \

   ((st) == SSL3_ST_SW_SRVR_HELLO_B))

#define OSSL_HANDSHAKE_STATE int

#else

#define STATE_IS_SW_SERVER_HELLO(st) \

  ((st) == TLS_ST_SW_SRVR_HELLO)

#endif



#endif

src/common/crypto.c

+12 −21
Original line number Diff line number Diff line
@@ -21,18 +21,13 @@ 
#undef OCSP_RESPONSE

#endif



#include <openssl/opensslv.h>



#define CRYPTO_PRIVATE

#include "crypto.h"

#include "compat_openssl.h"

#include "crypto_curve25519.h"

#include "crypto_ed25519.h"

#include "crypto_format.h"



#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)

#error "We require OpenSSL >= 1.0.0"

#endif



#include <openssl/err.h>

#include <openssl/rsa.h>

#include <openssl/pem.h>
@@ -227,7 +222,7 @@ const char * 
crypto_openssl_get_version_str(void)

{

  if (crypto_openssl_version_str == NULL) {

    const char *raw_version = SSLeay_version(SSLEAY_VERSION);

    const char *raw_version = OpenSSL_version(OPENSSL_VERSION);

    crypto_openssl_version_str = parse_openssl_version_str(raw_version);

  }

  return crypto_openssl_version_str;
@@ -251,11 +246,13 @@ crypto_openssl_get_header_version_str(void) 
static int

crypto_force_rand_ssleay(void)

{

  if (RAND_get_rand_method() != RAND_SSLeay()) {

  RAND_METHOD *default_method;

  default_method = RAND_OpenSSL();

  if (RAND_get_rand_method() != default_method) {

    log_notice(LD_CRYPTO, "It appears that one of our engines has provided "

               "a replacement the OpenSSL RNG. Resetting it to the default "

               "implementation.");

    RAND_set_rand_method(RAND_SSLeay());

    RAND_set_rand_method(default_method);

    return 1;

  }

  return 0;
@@ -291,16 +288,18 @@ crypto_early_init(void) 


    setup_openssl_threading();



    if (SSLeay() == OPENSSL_VERSION_NUMBER &&

        !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {

    unsigned long version_num = OpenSSL_version_num();

    const char *version_str = OpenSSL_version(OPENSSL_VERSION);

    if (version_num == OPENSSL_VERSION_NUMBER &&

        !strcmp(version_str, OPENSSL_VERSION_TEXT)) {

      log_info(LD_CRYPTO, "OpenSSL version matches version from headers "

                 "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));

                 "(%lx: %s).", version_num, version_str);

    } else {

      log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "

               "version we're running with. If you get weird crashes, that "

               "might be why. (Compiled with %lx: %s; running with %lx: %s).",

               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,

               SSLeay(), SSLeay_version(SSLEAY_VERSION));

               version_num, version_str);

    }



    crypto_force_rand_ssleay();
@@ -404,11 +403,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) 
void

crypto_thread_cleanup(void)

{

#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)

  ERR_remove_thread_state(NULL);

#else

  ERR_remove_state(0);

#endif

}



/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
@@ -2695,11 +2690,7 @@ int 
crypto_global_cleanup(void)

{

  EVP_cleanup();

#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)

  ERR_remove_thread_state(NULL);

#else

  ERR_remove_state(0);

#endif

  ERR_free_strings();



  if (dh_param_p)

src/common/include.am

+1 −0
Original line number Diff line number Diff line
@@ -118,6 +118,7 @@ COMMONHEADERS = \ 
  src/common/ciphers.inc			\

  src/common/compat.h				\

  src/common/compat_libevent.h			\

  src/common/compat_openssl.h			\

  src/common/compat_threads.h			\

  src/common/container.h			\

  src/common/crypto.h				\

src/common/tortls.c

+10 −11
Original line number Diff line number Diff line
@@ -40,9 +40,6 @@ 
#include <openssl/opensslv.h>

#include "crypto.h"



#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)

#error "We require OpenSSL >= 1.0.0"

#endif

#ifdef OPENSSL_NO_EC

#error "We require OpenSSL with ECC support"

#endif
@@ -384,7 +381,7 @@ tor_tls_init(void) 


#if (SIZEOF_VOID_P >= 8 &&                              \

     OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))

    long version = SSLeay();

    long version = OpenSSL_version_num();



    /* LCOV_EXCL_START : we can't test these lines on the same machine */

    if (version >= OPENSSL_V_SERIES(1,0,1)) {
@@ -1525,7 +1522,6 @@ STATIC void 
tor_tls_server_info_callback(const SSL *ssl, int type, int val)

{

  tor_tls_t *tls;

  int ssl_state;

  (void) val;



  tor_tls_debug_state_callback(ssl, type, val);
@@ -1533,9 +1529,8 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) 
  if (type != SSL_CB_ACCEPT_LOOP)

    return;



  ssl_state = SSL_state(ssl);

  if ((ssl_state != SSL3_ST_SW_SRVR_HELLO_A) &&

      (ssl_state != SSL3_ST_SW_SRVR_HELLO_B))

  OSSL_HANDSHAKE_STATE ssl_state = SSL_get_state(ssl);

  if (! STATE_IS_SW_SERVER_HELLO(ssl_state))

    return;

  tls = tor_tls_get_by_ssl(ssl);

  if (tls) {
@@ -1892,13 +1887,14 @@ int 
tor_tls_handshake(tor_tls_t *tls)

{

  int r;

  int oldstate;

  tor_assert(tls);

  tor_assert(tls->ssl);

  tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);



  check_no_tls_errors();

  oldstate = SSL_state(tls->ssl);



  OSSL_HANDSHAKE_STATE oldstate = SSL_get_state(tls->ssl);



  if (tls->isServer) {

    log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,

              SSL_state_string_long(tls->ssl));
@@ -1908,7 +1904,10 @@ tor_tls_handshake(tor_tls_t *tls) 
              SSL_state_string_long(tls->ssl));

    r = SSL_connect(tls->ssl);

  }

  if (oldstate != SSL_state(tls->ssl))



  OSSL_HANDSHAKE_STATE newstate = SSL_get_state(tls->ssl);



  if (oldstate != newstate)

    log_debug(LD_HANDSHAKE, "After call, %p was in state %s",

              tls, SSL_state_string_long(tls->ssl));

  /* We need to call this here and not earlier, since OpenSSL has a penchant