[tor-commits] [tor/release-0.3.3] LibreSSL compatibility fixes.

Wed May 9 12:29:07 UTC 2018

commit 75f3fbaa3c7316fcef3509ef1e3813b94d8c4c8a
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed May 2 08:18:48 2018 -0400

    LibreSSL compatibility fixes.
    
    LibreSSL, despite not having the OpenSSL 1.1 API, does define
    OPENSSL_VERSION in crypto.h.  Additionally, it apparently annotates
    some functions as returning NULL, so that our unit tests need to be
    more careful about checking for NULL so they don't get compilation
    warnings.
    
    Closes ticket 26006.
---
 changes/ticket26006         | 4 ++++
 src/common/compat_openssl.h | 7 ++++++-
 src/test/test_tortls.c      | 3 +++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/changes/ticket26006 b/changes/ticket26006
new file mode 100644
index 000000000..e33e3f1cd
--- /dev/null
+++ b/changes/ticket26006
@@ -0,0 +1,4 @@
+  o Minor features (compilation, portability):
+    - Avoid some compilation warnings with recent versions
+      of LibreSSL. Closes ticket 26006.
+
diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
index 1bfe18807..76679872b 100644
--- a/src/common/compat_openssl.h
+++ b/src/common/compat_openssl.h
@@ -8,6 +8,8 @@
 #define TOR_COMPAT_OPENSSL_H
 
 #include <openssl/opensslv.h>
+// workaround for libressl; not needed in later Tor versions.
+#include <openssl/crypto.h>
 
 /**
  * \file compat_openssl.h
@@ -27,8 +29,11 @@
 #define OPENSSL_1_1_API
 #endif
 
-#ifndef OPENSSL_1_1_API
+#ifndef OPENSSL_VERSION
 #define OPENSSL_VERSION SSLEAY_VERSION
+#endif
+
+#ifndef OPENSSL_1_1_API
 #define OpenSSL_version(v) SSLeay_version(v)
 #define OpenSSL_version_num() SSLeay()
 #define RAND_OpenSSL() RAND_SSLeay()
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index 47455cff8..5028a9540 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -840,8 +840,10 @@ test_tortls_classify_client_ciphers(void *ignored)
   sk_SSL_CIPHER_zero(ciphers);
 
   one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
+  tt_assert(one);
   one->id = 0x00ff;
   two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
+  tt_assert(two);
   two->id = 0x0000;
   sk_SSL_CIPHER_push(ciphers, one);
   tls->client_cipher_list_type = 0;
@@ -912,6 +914,7 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
 
   ciphers = sk_SSL_CIPHER_new_null();
   SSL_CIPHER *one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
+  tt_assert(one);
   one->id = 0x00ff;
   sk_SSL_CIPHER_push(ciphers, one);
   sess->ciphers = ciphers;



