Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge remote-tracking branch 'origin/maint-0.2.5'

Nick Mathewson 9 years ago
parent
b448ec195d d315b8e8bc
commit
bbffd0a018
3 changed files with 46 additions and 10 deletions
Split View Show Diff Stats
  1. 4 0
      changes/bug13325
  2. 4 0
      configure.ac
  3. 38 10
      src/common/tortls.c

+ 4 - 0
changes/bug13325
View File 

@@ -0,0 +1,4 @@
 
+  o Compilation fixes:
 
+    - Build and run correctly on systems like OpenBSD-current that
 
+      have patched OpenSSL to remove get_cipher_by_char and/or its
 
+      implementations. Fixes issue 13325.

+ 4 - 0
configure.ac
View File 

@@ -582,6 +582,10 @@ else
 
 fi
 
 AC_SUBST(TOR_OPENSSL_LIBS)
 
 
+AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
 
+[#include <openssl/ssl.h>
 
+])
 
+
 
 dnl ------------------------------------------------------
 
 dnl Where do you live, zlib?  And how do we call you?

+ 38 - 10
src/common/tortls.c
View File 

@@ -1463,6 +1463,43 @@ static uint16_t v2_cipher_list[] = {
 
 /** Have we removed the unrecognized ciphers from v2_cipher_list yet? */
 
 static int v2_cipher_list_pruned = 0;
 
 
+/** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>;
 
+ * return 1 if it does support it, or if we have no way to tell. */
 
+static int
 
+find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
 
+{
 
+  const SSL_CIPHER *c;
 
+#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR
 
+  if (m && m->get_cipher_by_char) {
 
+    unsigned char cipherid[3];
 
+    set_uint16(cipherid, htons(cipher));
 
+    cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
 
+                      * with a two-byte 'cipherid', it may look for a v2
 
+                      * cipher with the appropriate 3 bytes. */
 
+    c = m->get_cipher_by_char(cipherid);
 
+    if (c)
 
+      tor_assert((c->id & 0xffff) == cipher);
 
+    return c != NULL;
 
+  } else
 
+#endif
 
+  if (m && m->get_cipher && m->num_ciphers) {
 
+    /* It would seem that some of the "let's-clean-up-openssl" forks have
 
+     * removed the get_cipher_by_char function.  Okay, so now you get a
 
+     * quadratic search.
 
+     */
 
+    int i;
 
+    for (i = 0; i < m->num_ciphers(); ++i) {
 
+      c = m->get_cipher(i);
 
+      if (c && (c->id & 0xffff) == cipher) {
 
+        return 1;
 
+      }
 
+    }
 
+    return 0;
 
+  } else {
 
+    return 1; /* No way to search */
 
+  }
 
+}
 
+
 
 /** Remove from v2_cipher_list every cipher that we don't support, so that
 
  * comparing v2_cipher_list to a client's cipher list will give a sensible
 
  * result. */
 
@@ -1474,16 +1511,7 @@ prune_v2_cipher_list(void)
 
 
   inp = outp = v2_cipher_list;
 
   while (*inp) {
 
-    unsigned char cipherid[3];
 
-    const SSL_CIPHER *cipher;
 
-    /* Is there no better way to do this? */
 
-    set_uint16(cipherid, htons(*inp));
 
-    cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
 
-                      * with a two-byte 'cipherid', it may look for a v2
 
-                      * cipher with the appropriate 3 bytes. */
 
-    cipher = m->get_cipher_by_char(cipherid);
 
-    if (cipher) {
 
-      tor_assert((cipher->id & 0xffff) == *inp);
 
+    if (find_cipher_by_id(m, *inp)) {
 
       *outp++ = *inp++;
 
     } else {
 
       inp++;