summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-08-23 11:30:18 -0400
committerNick Mathewson <nickm@torproject.org>2018-09-16 13:28:29 -0400
commit991bec67ee41fd7f3c12e9194d96491b51bedd50 (patch)
treeca97cfe01e65293ee523bb7e8de3c007801ea9af /src/lib
parent035166e7bf30645f6da9d39374f5e9c9efe867f8 (diff)
downloadtor-991bec67ee41fd7f3c12e9194d96491b51bedd50.tar.gz
tor-991bec67ee41fd7f3c12e9194d96491b51bedd50.zip
When Tor is compiled with NSS, don't claim support for LinkAuth=1
Closes ticket 27288
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/crypt_ops/crypto_init.c11
-rw-r--r--src/lib/crypt_ops/crypto_init.h2
-rw-r--r--src/lib/tls/tortls.h4
3 files changed, 17 insertions, 0 deletions
diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c
index c731662d49..9d6e2da0d0 100644
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@@ -191,3 +191,14 @@ crypto_get_header_version_string(void)
return crypto_nss_get_header_version_str();
#endif
}
+
+/** Return true iff Tor is using the NSS library. */
+int
+tor_is_using_nss(void)
+{
+#ifdef ENABLE_NSS
+ return 1;
+#else
+ return 0;
+#endif
+}
diff --git a/src/lib/crypt_ops/crypto_init.h b/src/lib/crypt_ops/crypto_init.h
index 5b6d65d48c..b71f144276 100644
--- a/src/lib/crypt_ops/crypto_init.h
+++ b/src/lib/crypt_ops/crypto_init.h
@@ -31,4 +31,6 @@ const char *crypto_get_library_name(void);
const char *crypto_get_library_version_string(void);
const char *crypto_get_header_version_string(void);
+int tor_is_using_nss(void);
+
#endif /* !defined(TOR_CRYPTO_H) */
diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h
index 3f1098bbac..81db5ce5a9 100644
--- a/src/lib/tls/tortls.h
+++ b/src/lib/tls/tortls.h
@@ -126,6 +126,10 @@ int tor_tls_server_got_renegotiate(tor_tls_t *tls);
MOCK_DECL(int,tor_tls_cert_matches_key,(const tor_tls_t *tls,
const struct tor_x509_cert_t *cert));
MOCK_DECL(int,tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out));
+#ifdef ENABLE_OPENSSL
+/* OpenSSL lets us see these master secrets; NSS sensibly does not. */
+#define HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
+#endif
MOCK_DECL(int,tor_tls_export_key_material,(
tor_tls_t *tls, uint8_t *secrets_out,
const uint8_t *context,