From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 9 Nov 2018 15:49:47 +0000 (-0500)
Subject: Merge branch 'maint-0.3.4' into maint-0.3.5
X-Git-Tag: tor-0.3.5.5-alpha~20^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2ac2d0a426d1cd0ba1b2004d349b28e7acda0666;p=thirdparty%2Ftor.git

Merge branch 'maint-0.3.4' into maint-0.3.5
---

2ac2d0a426d1cd0ba1b2004d349b28e7acda0666
diff --cc src/lib/tls/tortls_openssl.c
index 227225b96e,653bd66de5..235620714a
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@@ -632,13 -1278,28 +632,29 @@@ tor_tls_context_new(crypto_pk_t *identi
      if (!SSL_CTX_check_private_key(result->ctx))
        goto error;
    }
 +
    {
 -    crypto_dh_t *dh = crypto_dh_new(DH_TYPE_TLS);
 +    DH *dh = crypto_dh_new_openssl_tls();
      tor_assert(dh);
 -    SSL_CTX_set_tmp_dh(result->ctx, crypto_dh_get_dh_(dh));
 -    crypto_dh_free(dh);
 +    SSL_CTX_set_tmp_dh(result->ctx, dh);
 +    DH_free(dh);
    }
+ /* We check for this function in two ways, since it might be either a symbol
+  * or a macro. */
+ #if defined(SSL_CTX_set1_groups_list) || defined(HAVE_SSL_CTX_SET1_GROUPS_LIST)
+   {
+     const char *list;
+     if (flags & TOR_TLS_CTX_USE_ECDHE_P224)
+       list = "P-224:P-256";
+     else if (flags & TOR_TLS_CTX_USE_ECDHE_P256)
+       list = "P-256:P-224";
+     else
+       list = "P-256:P-224";
+     int r = SSL_CTX_set1_groups_list(result->ctx, list);
+     if (r < 0)
+       goto error;
+   }
+ #else
    if (! is_client) {
      int nid;
      EC_KEY *ec_key;