1 files changed, 48 insertions, 20 deletions

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 315a767e9e..a6444b8188 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -149,6 +149,7 @@ typedef enum {
     TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED, TOR_TLS_ST_RENEGOTIATE,
     TOR_TLS_ST_BUFFEREVENT
 } tor_tls_state_t;
+#define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t)
 
 /** Holds a SSL object and its associated data.  Members are only
  * accessed from within tortls.c.
@@ -159,7 +160,7 @@ struct tor_tls_t {
   SSL *ssl; /**< An OpenSSL SSL object. */
   int socket; /**< The underlying file descriptor for this TLS connection. */
   char *address; /**< An address to log when describing this connection. */
-  ENUM_BF(tor_tls_state_t) state : 3; /**< The current SSL state,
+  tor_tls_state_bitfield_t state : 3; /**< The current SSL state,
                                        * depending on which operations
                                        * have completed successfully. */
   unsigned int isServer:1; /**< True iff this is a server-side connection */
@@ -711,31 +712,47 @@ tor_tls_create_certificate(crypto_pk_t *rsa,
 /** List of ciphers that servers should select from when we actually have
  * our choice of what cipher to use. */
 const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
-#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CHC_SHA
-       TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA ":"
-#endif
+  /* This list is autogenerated with the gen_server_ciphers.py script;
+   * don't hand-edit it. */
 #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ":"
 #endif
+#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+       TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+#endif
+#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
+       TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 ":"
+#endif
 #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
        TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 ":"
 #endif
+#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
+       TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA ":"
+#endif
 #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA ":"
 #endif
-#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-       TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
+       TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 ":"
+#endif
+#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
+       TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 ":"
 #endif
-//#if TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA
-//    TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA ":"
-//#endif
-  /* These next two are mandatory. */
-  TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
-  TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":"
+#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
+       TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 ":"
+#endif
+#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
+       TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 ":"
+#endif
+       /* Required */
+       TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
+       /* Required */
+       TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":"
 #ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA
        TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA ":"
 #endif
-  SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA;
+       /* Required */
+       SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA;
 
 /* Note: to set up your own private testing network with link crypto
  * disabled, set your Tors' cipher list to
@@ -1233,6 +1250,10 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
     goto error;
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
 
+  /* Prefer the server's ordering of ciphers: the client's ordering has
+  * historically been chosen for fingerprinting resistance. */
+  SSL_CTX_set_options(result->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+
   /* Disable TLS1.1 and TLS1.2 if they exist.  We need to do this to
    * workaround a bug present in all OpenSSL 1.0.1 versions (as of 1
    * June 2012), wherein renegotiating while using one of these TLS
@@ -2311,6 +2332,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
   char mytime[33];
   time_t now = time(NULL);
   struct tm tm;
+  size_t n;
 
   if (problem)
     tor_log(severity, LD_GENERAL,
@@ -2336,11 +2358,17 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
   BIO_get_mem_ptr(bio, &buf);
   s2 = tor_strndup(buf->data, buf->length);
 
-  strftime(mytime, 32, "%b %d %H:%M:%S %Y UTC", tor_gmtime_r(&now, &tm));
-
-  tor_log(severity, LD_GENERAL,
-      "(certificate lifetime runs from %s through %s. Your time is %s.)",
-      s1,s2,mytime);
+  n = strftime(mytime, 32, "%b %d %H:%M:%S %Y UTC", tor_gmtime_r(&now, &tm));
+  if (n > 0) {
+    tor_log(severity, LD_GENERAL,
+        "(certificate lifetime runs from %s through %s. Your time is %s.)",
+        s1,s2,mytime);
+  } else {
+    tor_log(severity, LD_GENERAL,
+        "(certificate lifetime runs from %s through %s. "
+        "Couldn't get your time.)",
+        s1, s2);
+  }
 
  end:
   /* Not expected to get invoked */
@@ -2555,8 +2583,8 @@ tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
 
 /** Return a ratio of the bytes that TLS has sent to the bytes that we've told
  * it to send. Used to track whether our TLS records are getting too tiny. */
-double
-tls_get_write_overhead_ratio(void)
+MOCK_IMPL(double,
+tls_get_write_overhead_ratio,(void))
 {
   if (total_bytes_written_over_tls == 0)
     return 1.0;