commit fa52b6f075a8bb90a3f3a014ef7423940f8a20b7 Author: Nick Mathewson <nickm@torproject.org> Date: Wed Feb 3 11:31:57 2016 -0500 Make tortls unit tests pass with LibreSSL. Part of the fix for 17921. --- src/common/tortls.c | 2 +- src/test/test_tortls.c | 24 +++++++++++++++++++----- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 5f84e5c..827abc4 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1338,7 +1338,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) return c != NULL; } # endif -# if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) +# ifndef OPENSSL_1_1_API if (m && m->get_cipher && m->num_ciphers) { /* It would seem that some of the "let's-clean-up-openssl" forks have * removed the get_cipher_by_char function. Okay, so now you get a diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index ce7e6bc..71b3863 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -1600,12 +1600,19 @@ test_tortls_block_renegotiation(void *ignored) tls = tor_malloc_zero(sizeof(tor_tls_t)); tls->ssl = tor_malloc_zero(sizeof(SSL)); tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE)); - tls->ssl->s3->flags = 0x0010; +#ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG +#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0 +#endif - tor_tls_block_renegotiation(tls); + tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; - tt_assert(!(SSL_get_options(tls->ssl) & 0x0010)); + tor_tls_block_renegotiation(tls); +#ifndef OPENSSL_1_1_API + tt_assert(!(tls->ssl->s3->flags & + SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); +#endif + done: tor_free(tls->ssl->s3); tor_free(tls->ssl); @@ -1622,7 +1629,9 @@ test_tortls_unblock_renegotiation(void *ignored) tls->ssl = tor_malloc_zero(sizeof(SSL)); tor_tls_unblock_renegotiation(tls); - tt_assert(SSL_get_options(tls->ssl) & 0x00040000L); + tt_uint_op(SSL_get_options(tls->ssl) & + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ, + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); done: tor_free(tls->ssl); @@ -1906,6 +1915,7 @@ fixed_ssl_shutdown(SSL *s) return fixed_ssl_shutdown_result; } +#ifndef LIBRESSL_VERSION_NUMBER static int fixed_ssl_state_to_set; static tor_tls_t *fixed_tls; @@ -1923,6 +1933,7 @@ setting_version_and_state_ssl_shutdown(SSL *s) s->version = SSL2_VERSION; return fixed_ssl_shutdown_result; } +#endif static int dummy_handshake_func(SSL *s) @@ -1956,6 +1967,7 @@ test_tortls_shutdown(void *ignored) ret = tor_tls_shutdown(tls); tt_int_op(ret, OP_EQ, -9); +#ifndef LIBRESSL_VERSION_NUMBER tls->ssl->handshake_func = dummy_handshake_func; fixed_ssl_read_result_index = 0; @@ -2017,6 +2029,7 @@ test_tortls_shutdown(void *ignored) method->ssl_shutdown = setting_version_and_state_ssl_shutdown; ret = tor_tls_shutdown(tls); tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC); +#endif done: teardown_capture_of_logs(previous_log); @@ -2079,6 +2092,7 @@ test_tortls_read(void *ignored) ret = tor_tls_read(tls, buf, 10); tt_int_op(negotiated_callback_called, OP_EQ, 1); +#ifndef LIBRESSL_VERSION_NUMBER fixed_ssl_read_result_index = 0; fixed_ssl_read_result[0] = 0; tls->ssl->version = SSL2_VERSION; @@ -2086,7 +2100,7 @@ test_tortls_read(void *ignored) ret = tor_tls_read(tls, buf, 10); tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE); tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED); - +#endif // TODO: fill up done: