Loading changes/readable_ssl_versions 0 → 100644 +6 −0 Original line number Diff line number Diff line o Code simplification and refactoring: - Use macros to indicate OpenSSL versions, so we don't need to worry about accidental hexadecimal bit shifts. - Remove some workaround code for OpenSSL 0.9.6, which is no longer supported. src/common/aes.c +2 −1 Original line number Diff line number Diff line Loading @@ -17,7 +17,8 @@ #include <openssl/aes.h> #include <openssl/evp.h> #include <openssl/engine.h> #if OPENSSL_VERSION_NUMBER >= 0x1000001fL #include "crypto.h" #if OPENSSL_VERSION_NUMBER >= OPENSSL_V(1,0,0,'a') /* See comments about which counter mode implementation to use below. */ #include <openssl/modes.h> #define USE_OPENSSL_CTR Loading src/common/crypto.c +8 −17 Original line number Diff line number Diff line Loading @@ -60,7 +60,7 @@ #include "container.h" #include "compat.h" #if OPENSSL_VERSION_NUMBER < 0x00907000l #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,7) #error "We require OpenSSL >= 0.9.7" #endif Loading @@ -72,7 +72,7 @@ /** Longest recognized */ #define MAX_DNS_LABEL_SIZE 63 #if OPENSSL_VERSION_NUMBER < 0x00908000l #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8) /** @{ */ /** On OpenSSL versions before 0.9.8, there is no working SHA256 * implementation, so we use Tom St Denis's nice speedy one, slightly adapted Loading Loading @@ -452,7 +452,7 @@ crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits) if (env->key) RSA_free(env->key); #if OPENSSL_VERSION_NUMBER < 0x00908000l #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8) /* In OpenSSL 0.9.7, RSA_generate_key is all we have. */ env->key = RSA_generate_key(bits, 65537, NULL, NULL); #else Loading Loading @@ -1723,7 +1723,7 @@ crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len) { #if (OPENSSL_VERSION_NUMBER >= 0x00908000l) #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,8) /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */ tor_assert(key_len < INT_MAX); tor_assert(msg_len < INT_MAX); Loading Loading @@ -2360,13 +2360,6 @@ crypto_dh_free(crypto_dh_env_t *dh) * work for us too. */ #define ADD_ENTROPY 32 /** True iff we should use OpenSSL's RAND_poll function to add entropy to its * pool. * * Use RAND_poll if OpenSSL is 0.9.6 release or later. (The "f" means *"release".) */ #define HAVE_RAND_POLL (OPENSSL_VERSION_NUMBER >= 0x0090600fl) /** True iff it's safe to use RAND_poll after setup. * * Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll Loading @@ -2374,9 +2367,9 @@ crypto_dh_free(crypto_dh_env_t *dh) * that fd without checking whether it fit in the fd_set. Thus, if the * system has not just been started up, it is unsafe to call */ #define RAND_POLL_IS_SAFE \ ((OPENSSL_VERSION_NUMBER >= 0x009070afl && \ OPENSSL_VERSION_NUMBER <= 0x00907fffl) || \ (OPENSSL_VERSION_NUMBER >= 0x0090803fl)) ((OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,7,'j') && \ OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)) || \ OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c')) /** Set the seed of the weak RNG to a random value. */ static void Loading Loading @@ -2410,8 +2403,7 @@ crypto_seed_rng(int startup) size_t n; #endif #if HAVE_RAND_POLL /* OpenSSL 0.9.6 adds a RAND_poll function that knows about more kinds of /* OpenSSL has a RAND_poll function that knows about more kinds of * entropy than we do. We'll try calling that, *and* calling our own entropy * functions. If one succeeds, we'll accept the RNG as seeded. */ if (startup || RAND_POLL_IS_SAFE) { Loading @@ -2419,7 +2411,6 @@ crypto_seed_rng(int startup) if (rand_poll_status == 0) log_warn(LD_CRYPTO, "RAND_poll() failed."); } #endif #ifdef MS_WINDOWS if (!provider_set) { Loading src/common/crypto.h +32 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,38 @@ #include <stdio.h> #include "torint.h" /* Macro to create an arbitrary OpenSSL version number as used by OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard to read. Don't use this directly, instead use one of the other OPENSSL_V macros below. The format is: 4 bits major, 8 bits minor, 8 bits fix, 8 bits patch, 4 bit status. */ #define OPENSSL_VER(a,b,c,d,e) \ (((a)<<28) | \ ((b)<<20) | \ ((c)<<12) | \ ((d)<< 4) | \ (e)) /** An openssl release number. For example, OPENSSL_V(0,9,8,'j') is the * version for the released version of 0.9.8j */ #define OPENSSL_V(a,b,c,d) \ OPENSSL_VER((a),(b),(c),(d)-'a'+1,0xf) /** An openssl release number for the first release in the series. For * example, OPENSSL_V_NOPATCH(1,0,0) is the first released version of OpenSSL * 1.0.0. */ #define OPENSSL_V_NOPATCH(a,b,c) \ OPENSSL_VER((a),(b),(c),0,0xf) /** The first version that would occur for any alpha or beta in an openssl * series. For example, OPENSSL_V_SERIES(0,9,8) is greater than any released * 0.9.7, and less than any released 0.9.8. */ #define OPENSSL_V_SERIES(a,b,c) \ OPENSSL_VER((a),(b),(c),0,0) /** Length of the output of our message digest. */ #define DIGEST_LEN 20 /** Length of the output of our second (improved) message digests. (For now Loading src/common/tortls.c +14 −14 Original line number Diff line number Diff line Loading @@ -44,10 +44,6 @@ #include <openssl/bio.h> #include <openssl/opensslv.h> #if OPENSSL_VERSION_NUMBER < 0x00907000l #error "We require OpenSSL >= 0.9.7" #endif #ifdef USE_BUFFEREVENTS #include <event2/bufferevent_ssl.h> #include <event2/buffer.h> Loading @@ -65,6 +61,10 @@ #include "container.h" #include <string.h> #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,7) #error "We require OpenSSL >= 0.9.7" #endif /* Enable the "v2" TLS handshake. */ #define V2_HANDSHAKE_SERVER Loading @@ -79,9 +79,9 @@ #define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer") #if (OPENSSL_VERSION_NUMBER < 0x0090813fL || \ (OPENSSL_VERSION_NUMBER >= 0x00909000L && \ OPENSSL_VERSION_NUMBER < 0x1000006fL)) #if (OPENSSL_VERSION_NUMBER < OPENSSL_V(0,9,8,'s') || \ (OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) && \ OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f'))) /* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have * the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and * SSL3 safely at the same time. Loading Loading @@ -474,18 +474,18 @@ tor_tls_init(void) * program should be allowed to use renegotiation unless it first passed * a test of intelligence and determination. */ if (version >= 0x009080c0L && version < 0x009080d0L) { if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; " "I will try SSL3_FLAGS to enable renegotation.", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_flag = 1; use_unsafe_renegotiation_op = 1; } else if (version >= 0x009080d0L) { } else if (version > OPENSSL_V(0,9,8,'l')) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; " "I will try SSL_OP to enable renegotiation", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_op = 1; } else if (version < 0x009080c0L) { } else if (version <= OPENSSL_V(0,9,8,'k')) { log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than " "0.9.8l, but some vendors have backported 0.9.8l's " "renegotiation code to earlier versions, and some have " Loading Loading @@ -770,7 +770,7 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len) if (certificate_len > INT_MAX) return NULL; #if OPENSSL_VERSION_NUMBER < 0x00908000l #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8) /* This ifdef suppresses a type warning. Take out this case once everybody * is using OpenSSL 0.9.8 or later. */ x509 = d2i_X509(NULL, (unsigned char**)&cp, (int)certificate_len); Loading Loading @@ -1177,9 +1177,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime, #ifdef DISABLE_SSL3_HANDSHAKE 1 || #endif SSLeay() < 0x0090813fL || (SSLeay() >= 0x00909000L && SSLeay() < 0x1000006fL)) { SSLeay() < OPENSSL_V(0,9,8,'s') || (SSLeay() >= OPENSSL_V_SERIES(0,9,9) && SSLeay() < OPENSSL_V(1,0,0,'f'))) { /* And not SSL3 if it's subject to CVE-2011-4657. */ log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version " "might otherwise be vulnerable to CVE-2011-4657 " Loading Loading
changes/readable_ssl_versions 0 → 100644 +6 −0 Original line number Diff line number Diff line o Code simplification and refactoring: - Use macros to indicate OpenSSL versions, so we don't need to worry about accidental hexadecimal bit shifts. - Remove some workaround code for OpenSSL 0.9.6, which is no longer supported.
src/common/aes.c +2 −1 Original line number Diff line number Diff line Loading @@ -17,7 +17,8 @@ #include <openssl/aes.h> #include <openssl/evp.h> #include <openssl/engine.h> #if OPENSSL_VERSION_NUMBER >= 0x1000001fL #include "crypto.h" #if OPENSSL_VERSION_NUMBER >= OPENSSL_V(1,0,0,'a') /* See comments about which counter mode implementation to use below. */ #include <openssl/modes.h> #define USE_OPENSSL_CTR Loading
src/common/crypto.c +8 −17 Original line number Diff line number Diff line Loading @@ -60,7 +60,7 @@ #include "container.h" #include "compat.h" #if OPENSSL_VERSION_NUMBER < 0x00907000l #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,7) #error "We require OpenSSL >= 0.9.7" #endif Loading @@ -72,7 +72,7 @@ /** Longest recognized */ #define MAX_DNS_LABEL_SIZE 63 #if OPENSSL_VERSION_NUMBER < 0x00908000l #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8) /** @{ */ /** On OpenSSL versions before 0.9.8, there is no working SHA256 * implementation, so we use Tom St Denis's nice speedy one, slightly adapted Loading Loading @@ -452,7 +452,7 @@ crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits) if (env->key) RSA_free(env->key); #if OPENSSL_VERSION_NUMBER < 0x00908000l #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8) /* In OpenSSL 0.9.7, RSA_generate_key is all we have. */ env->key = RSA_generate_key(bits, 65537, NULL, NULL); #else Loading Loading @@ -1723,7 +1723,7 @@ crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len) { #if (OPENSSL_VERSION_NUMBER >= 0x00908000l) #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,8) /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */ tor_assert(key_len < INT_MAX); tor_assert(msg_len < INT_MAX); Loading Loading @@ -2360,13 +2360,6 @@ crypto_dh_free(crypto_dh_env_t *dh) * work for us too. */ #define ADD_ENTROPY 32 /** True iff we should use OpenSSL's RAND_poll function to add entropy to its * pool. * * Use RAND_poll if OpenSSL is 0.9.6 release or later. (The "f" means *"release".) */ #define HAVE_RAND_POLL (OPENSSL_VERSION_NUMBER >= 0x0090600fl) /** True iff it's safe to use RAND_poll after setup. * * Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll Loading @@ -2374,9 +2367,9 @@ crypto_dh_free(crypto_dh_env_t *dh) * that fd without checking whether it fit in the fd_set. Thus, if the * system has not just been started up, it is unsafe to call */ #define RAND_POLL_IS_SAFE \ ((OPENSSL_VERSION_NUMBER >= 0x009070afl && \ OPENSSL_VERSION_NUMBER <= 0x00907fffl) || \ (OPENSSL_VERSION_NUMBER >= 0x0090803fl)) ((OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,7,'j') && \ OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)) || \ OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c')) /** Set the seed of the weak RNG to a random value. */ static void Loading Loading @@ -2410,8 +2403,7 @@ crypto_seed_rng(int startup) size_t n; #endif #if HAVE_RAND_POLL /* OpenSSL 0.9.6 adds a RAND_poll function that knows about more kinds of /* OpenSSL has a RAND_poll function that knows about more kinds of * entropy than we do. We'll try calling that, *and* calling our own entropy * functions. If one succeeds, we'll accept the RNG as seeded. */ if (startup || RAND_POLL_IS_SAFE) { Loading @@ -2419,7 +2411,6 @@ crypto_seed_rng(int startup) if (rand_poll_status == 0) log_warn(LD_CRYPTO, "RAND_poll() failed."); } #endif #ifdef MS_WINDOWS if (!provider_set) { Loading
src/common/crypto.h +32 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,38 @@ #include <stdio.h> #include "torint.h" /* Macro to create an arbitrary OpenSSL version number as used by OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard to read. Don't use this directly, instead use one of the other OPENSSL_V macros below. The format is: 4 bits major, 8 bits minor, 8 bits fix, 8 bits patch, 4 bit status. */ #define OPENSSL_VER(a,b,c,d,e) \ (((a)<<28) | \ ((b)<<20) | \ ((c)<<12) | \ ((d)<< 4) | \ (e)) /** An openssl release number. For example, OPENSSL_V(0,9,8,'j') is the * version for the released version of 0.9.8j */ #define OPENSSL_V(a,b,c,d) \ OPENSSL_VER((a),(b),(c),(d)-'a'+1,0xf) /** An openssl release number for the first release in the series. For * example, OPENSSL_V_NOPATCH(1,0,0) is the first released version of OpenSSL * 1.0.0. */ #define OPENSSL_V_NOPATCH(a,b,c) \ OPENSSL_VER((a),(b),(c),0,0xf) /** The first version that would occur for any alpha or beta in an openssl * series. For example, OPENSSL_V_SERIES(0,9,8) is greater than any released * 0.9.7, and less than any released 0.9.8. */ #define OPENSSL_V_SERIES(a,b,c) \ OPENSSL_VER((a),(b),(c),0,0) /** Length of the output of our message digest. */ #define DIGEST_LEN 20 /** Length of the output of our second (improved) message digests. (For now Loading
src/common/tortls.c +14 −14 Original line number Diff line number Diff line Loading @@ -44,10 +44,6 @@ #include <openssl/bio.h> #include <openssl/opensslv.h> #if OPENSSL_VERSION_NUMBER < 0x00907000l #error "We require OpenSSL >= 0.9.7" #endif #ifdef USE_BUFFEREVENTS #include <event2/bufferevent_ssl.h> #include <event2/buffer.h> Loading @@ -65,6 +61,10 @@ #include "container.h" #include <string.h> #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,7) #error "We require OpenSSL >= 0.9.7" #endif /* Enable the "v2" TLS handshake. */ #define V2_HANDSHAKE_SERVER Loading @@ -79,9 +79,9 @@ #define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer") #if (OPENSSL_VERSION_NUMBER < 0x0090813fL || \ (OPENSSL_VERSION_NUMBER >= 0x00909000L && \ OPENSSL_VERSION_NUMBER < 0x1000006fL)) #if (OPENSSL_VERSION_NUMBER < OPENSSL_V(0,9,8,'s') || \ (OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) && \ OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f'))) /* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have * the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and * SSL3 safely at the same time. Loading Loading @@ -474,18 +474,18 @@ tor_tls_init(void) * program should be allowed to use renegotiation unless it first passed * a test of intelligence and determination. */ if (version >= 0x009080c0L && version < 0x009080d0L) { if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; " "I will try SSL3_FLAGS to enable renegotation.", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_flag = 1; use_unsafe_renegotiation_op = 1; } else if (version >= 0x009080d0L) { } else if (version > OPENSSL_V(0,9,8,'l')) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; " "I will try SSL_OP to enable renegotiation", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_op = 1; } else if (version < 0x009080c0L) { } else if (version <= OPENSSL_V(0,9,8,'k')) { log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than " "0.9.8l, but some vendors have backported 0.9.8l's " "renegotiation code to earlier versions, and some have " Loading Loading @@ -770,7 +770,7 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len) if (certificate_len > INT_MAX) return NULL; #if OPENSSL_VERSION_NUMBER < 0x00908000l #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8) /* This ifdef suppresses a type warning. Take out this case once everybody * is using OpenSSL 0.9.8 or later. */ x509 = d2i_X509(NULL, (unsigned char**)&cp, (int)certificate_len); Loading Loading @@ -1177,9 +1177,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime, #ifdef DISABLE_SSL3_HANDSHAKE 1 || #endif SSLeay() < 0x0090813fL || (SSLeay() >= 0x00909000L && SSLeay() < 0x1000006fL)) { SSLeay() < OPENSSL_V(0,9,8,'s') || (SSLeay() >= OPENSSL_V_SERIES(0,9,9) && SSLeay() < OPENSSL_V(1,0,0,'f'))) { /* And not SSL3 if it's subject to CVE-2011-4657. */ log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version " "might otherwise be vulnerable to CVE-2011-4657 " Loading
