From 991bec67ee41fd7f3c12e9194d96491b51bedd50 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 23 Aug 2018 11:30:18 -0400 Subject: When Tor is compiled with NSS, don't claim support for LinkAuth=1 Closes ticket 27288 --- src/lib/crypt_ops/crypto_init.c | 11 +++++++++++ src/lib/crypt_ops/crypto_init.h | 2 ++ src/lib/tls/tortls.h | 4 ++++ 3 files changed, 17 insertions(+) (limited to 'src/lib') diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c index c731662d49..9d6e2da0d0 100644 --- a/src/lib/crypt_ops/crypto_init.c +++ b/src/lib/crypt_ops/crypto_init.c @@ -191,3 +191,14 @@ crypto_get_header_version_string(void) return crypto_nss_get_header_version_str(); #endif } + +/** Return true iff Tor is using the NSS library. */ +int +tor_is_using_nss(void) +{ +#ifdef ENABLE_NSS + return 1; +#else + return 0; +#endif +} diff --git a/src/lib/crypt_ops/crypto_init.h b/src/lib/crypt_ops/crypto_init.h index 5b6d65d48c..b71f144276 100644 --- a/src/lib/crypt_ops/crypto_init.h +++ b/src/lib/crypt_ops/crypto_init.h @@ -31,4 +31,6 @@ const char *crypto_get_library_name(void); const char *crypto_get_library_version_string(void); const char *crypto_get_header_version_string(void); +int tor_is_using_nss(void); + #endif /* !defined(TOR_CRYPTO_H) */ diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h index 3f1098bbac..81db5ce5a9 100644 --- a/src/lib/tls/tortls.h +++ b/src/lib/tls/tortls.h @@ -126,6 +126,10 @@ int tor_tls_server_got_renegotiate(tor_tls_t *tls); MOCK_DECL(int,tor_tls_cert_matches_key,(const tor_tls_t *tls, const struct tor_x509_cert_t *cert)); MOCK_DECL(int,tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out)); +#ifdef ENABLE_OPENSSL +/* OpenSSL lets us see these master secrets; NSS sensibly does not. */ +#define HAVE_WORKING_TOR_TLS_GET_TLSSECRETS +#endif MOCK_DECL(int,tor_tls_export_key_material,( tor_tls_t *tls, uint8_t *secrets_out, const uint8_t *context, -- cgit v1.2.3-54-g00ecf