Make tortls unit tests pass with LibreSSL.

Part of the fix for 17921.

2 files changed, 20 insertions, 6 deletions

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 5f84e5cf4d..827abc428d 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1338,7 +1338,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
     return c != NULL;
   }
 # endif
-# if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
+# ifndef OPENSSL_1_1_API
   if (m && m->get_cipher && m->num_ciphers) {
     /* It would seem that some of the "let's-clean-up-openssl" forks have
      * removed the get_cipher_by_char function.  Okay, so now you get a
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index ce7e6bcde4..71b3863963 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -1600,12 +1600,19 @@ test_tortls_block_renegotiation(void *ignored)
   tls = tor_malloc_zero(sizeof(tor_tls_t));
   tls->ssl = tor_malloc_zero(sizeof(SSL));
   tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
-  tls->ssl->s3->flags = 0x0010;
+#ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
+#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
+#endif
 
-  tor_tls_block_renegotiation(tls);
+  tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
 
-  tt_assert(!(SSL_get_options(tls->ssl) & 0x0010));
+  tor_tls_block_renegotiation(tls);
 
+#ifndef OPENSSL_1_1_API
+  tt_assert(!(tls->ssl->s3->flags &
+              SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
+#endif
+  
  done:
   tor_free(tls->ssl->s3);
   tor_free(tls->ssl);
@@ -1622,7 +1629,9 @@ test_tortls_unblock_renegotiation(void *ignored)
   tls->ssl = tor_malloc_zero(sizeof(SSL));
   tor_tls_unblock_renegotiation(tls);
 
-  tt_assert(SSL_get_options(tls->ssl) & 0x00040000L);
+  tt_uint_op(SSL_get_options(tls->ssl) &
+             SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ,
+             SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
 
  done:
   tor_free(tls->ssl);
@@ -1906,6 +1915,7 @@ fixed_ssl_shutdown(SSL *s)
   return fixed_ssl_shutdown_result;
 }
 
+#ifndef LIBRESSL_VERSION_NUMBER
 static int fixed_ssl_state_to_set;
 static tor_tls_t *fixed_tls;
 
@@ -1923,6 +1933,7 @@ setting_version_and_state_ssl_shutdown(SSL *s)
   s->version = SSL2_VERSION;
   return fixed_ssl_shutdown_result;
 }
+#endif
 
 static int
 dummy_handshake_func(SSL *s)
@@ -1956,6 +1967,7 @@ test_tortls_shutdown(void *ignored)
   ret = tor_tls_shutdown(tls);
   tt_int_op(ret, OP_EQ, -9);
 
+#ifndef LIBRESSL_VERSION_NUMBER
   tls->ssl->handshake_func = dummy_handshake_func;
 
   fixed_ssl_read_result_index = 0;
@@ -2017,6 +2029,7 @@ test_tortls_shutdown(void *ignored)
   method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
   ret = tor_tls_shutdown(tls);
   tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+#endif
 
  done:
   teardown_capture_of_logs(previous_log);
@@ -2079,6 +2092,7 @@ test_tortls_read(void *ignored)
   ret = tor_tls_read(tls, buf, 10);
   tt_int_op(negotiated_callback_called, OP_EQ, 1);
 
+#ifndef LIBRESSL_VERSION_NUMBER
   fixed_ssl_read_result_index = 0;
   fixed_ssl_read_result[0] = 0;
   tls->ssl->version = SSL2_VERSION;
@@ -2086,7 +2100,7 @@ test_tortls_read(void *ignored)
   ret = tor_tls_read(tls, buf, 10);
   tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
   tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
-
+#endif
   // TODO: fill up
 
  done: