Tor issueshttps://gitlab.torproject.org/tpo/core/tor/-/issues2022-09-01T21:42:49Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40166Stop using APIs deprecated in OpenSSL 3.0.02022-09-01T21:42:49ZNick MathewsonStop using APIs deprecated in OpenSSL 3.0.0In #34139, we note that these APIs are deprecated in OpenSSL 3.0.0:
* DH_compute_key
* DH_generate_key
* DH_size
* ECDH_compute_key
* EC_GFp_mont_method
* EC_GFp_nist_method
* EC_GFp_simple_method
* EC_GROUP_method_of
* ENGINE_by_id
* E...In #34139, we note that these APIs are deprecated in OpenSSL 3.0.0:
* DH_compute_key
* DH_generate_key
* DH_size
* ECDH_compute_key
* EC_GFp_mont_method
* EC_GFp_nist_method
* EC_GFp_simple_method
* EC_GROUP_method_of
* ENGINE_by_id
* ENGINE_ctrl_cmd_string
* ENGINE_free
* ENGINE_get_cipher_engine
* ENGINE_get_default_DH
* ENGINE_get_default_EC
* ENGINE_get_default_RAND
* ENGINE_get_default_RSA
* ENGINE_get_digest_engine
* ENGINE_get_id
* ENGINE_get_name
* ENGINE_load_builtin_engines
* ENGINE_register_all_complete
* ENGINE_set_default
* ERR_func_error_string
* HMAC
* RSA_check_key
* RSA_generate_key_ex
* RSA_private_decrypt
* RSA_private_encrypt
* RSA_public_decrypt
* RSA_public_encrypt
* RSA_size
We should stop using them.https://gitlab.torproject.org/tpo/core/tor/-/issues/19980Use OpenSSL 1.1.0 X5519 in Tor when available (if it's good)2022-09-01T21:32:18ZNick MathewsonUse OpenSSL 1.1.0 X5519 in Tor when available (if it's good)OpenSSL 1.1.0 says it now has X5519 support. If it's done well, we should consider using it in Tor when linking against OpenSSL 1.1.0.OpenSSL 1.1.0 says it now has X5519 support. If it's done well, we should consider using it in Tor when linking against OpenSSL 1.1.0.https://gitlab.torproject.org/tpo/core/tor/-/issues/13815Attempt to port tor to Google's BoringSSL2022-09-01T21:32:18ZteorAttempt to port tor to Google's BoringSSLSplit from legacy/trac#13415:
**nickm:**
Interesting. It looks like building with BoringSSL will require some actual porting to detect all the APIs they've removed, and to figure out whether we can replace them.
**teor:**
BoringSSL i...Split from legacy/trac#13415:
**nickm:**
Interesting. It looks like building with BoringSSL will require some actual porting to detect all the APIs they've removed, and to figure out whether we can replace them.
**teor:**
BoringSSL is even worse - it doesn't even have an openssl executable, only builds static libraries, and is a pain to configure correctly under our current config scripts.
I can't seem to stop it finding the system-supplied SSL, even when I provide it the BoringSSL directories.
I get the following warnings when I manually install BoringSSL into include/lib/bin dirs, and fake the openssl executable using the bssl executable:
(I've cleaned up some warnings that were irrelevant or trivial.)
CC src/common/crypto.o
src/common/crypto.c:170:12: warning: implicit declaration of function
'ENGINE_get_name' is invalid in C99 [-Wimplicit-function-declaration]
name = ENGINE_get_name(e);
src/common/crypto.c:171:10: warning: implicit declaration of function
'ENGINE_get_id' is invalid in C99 [-Wimplicit-function-declaration]
id = ENGINE_get_id(e);
src/common/crypto.c:186:15: warning: implicit declaration of function
'ENGINE_by_id' is invalid in C99 [-Wimplicit-function-declaration]
ENGINE *e = ENGINE_by_id("dynamic");
src/common/crypto.c:188:10: warning: implicit declaration of function
'ENGINE_ctrl_cmd_string' is invalid in C99
[-Wimplicit-function-declaration]
if (!ENGINE_ctrl_cmd_string(e, "ID", engine, 0)
src/common/crypto.c:227:31: warning: implicit declaration of function
'SSLeay_version' is invalid in C99 [-Wimplicit-function-declaration]
const char *raw_version = SSLeay_version(SSLEAY_VERSION);
src/common/crypto.c:227:46: error: use of undeclared identifier 'SSLEAY_VERSION'
const char *raw_version = SSLeay_version(SSLEAY_VERSION);
src/common/crypto.c:241:51: error: use of undeclared identifier
'OPENSSL_VERSION_TEXT'
parse_openssl_version_str(OPENSSL_VERSION_TEXT);
src/common/crypto.c:251:7: warning: implicit declaration of function
'RAND_get_rand_method' is invalid in C99 [-Wimplicit-function-declaration]
if (RAND_get_rand_method() != RAND_SSLeay()) {
src/common/crypto.c:251:33: warning: implicit declaration of function
'RAND_SSLeay' is invalid in C99 [-Wimplicit-function-declaration]
if (RAND_get_rand_method() != RAND_SSLeay()) {
src/common/crypto.c:255:5: warning: implicit declaration of function
'RAND_set_rand_method' is invalid in C99 [-Wimplicit-function-declaration]
RAND_set_rand_method(RAND_SSLeay());
src/common/crypto.c:291:9: warning: implicit declaration of function 'SSLeay' is
invalid in C99 [-Wimplicit-function-declaration]
if (SSLeay() == OPENSSL_VERSION_NUMBER &&
src/common/crypto.c:292:32: error: use of undeclared identifier 'SSLEAY_VERSION'
!strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
src/common/crypto.c:292:49: error: use of undeclared identifier
'OPENSSL_VERSION_TEXT'
!strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
CC src/common/crypto_s2k.o
src/common/crypto.c:294:57: error: use of undeclared identifier 'SSLEAY_VERSION'
"(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));
./src/common/../common/torlog.h:190:50: note: expanded from macro 'log_info'
log_fn_(LOG_INFO, domain, PRETTY_FUNCTION, args)
src/common/crypto.c:299:55: error: use of undeclared identifier
'OPENSSL_VERSION_TEXT'
(unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
./src/common/../common/torlog.h:194:50: note: expanded from macro 'log_warn'
log_fn_(LOG_WARN, domain, PRETTY_FUNCTION, args)
src/common/crypto.c:300:41: error: use of undeclared identifier 'SSLEAY_VERSION'
SSLeay(), SSLeay_version(SSLEAY_VERSION));
./src/common/../common/torlog.h:194:50: note: expanded from macro 'log_warn'
log_fn_(LOG_WARN, domain, PRETTY_FUNCTION, args)
src/common/crypto.c:339:7: warning: implicit declaration of function
'ENGINE_load_builtin_engines' is invalid in C99
[-Wimplicit-function-declaration]
ENGINE_load_builtin_engines();
src/common/crypto.c:340:7: warning: implicit declaration of function
'ENGINE_register_all_complete' is invalid in C99
[-Wimplicit-function-declaration]
ENGINE_register_all_complete();
src/common/crypto.c:350:13: warning: incompatible integer to pointer conversion
assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int'
[-Wint-conversion]
e = ENGINE_by_id(accelName);
~
src/common/crypto.c:363:9: warning: implicit declaration of function
'ENGINE_set_default' is invalid in C99 [-Wimplicit-function-declaration]
ENGINE_set_default(e, ENGINE_METHOD_ALL);
src/common/crypto.c:363:31: error: use of undeclared identifier
'ENGINE_METHOD_ALL'
ENGINE_set_default(e, ENGINE_METHOD_ALL);
src/common/crypto.c:367:25: warning: implicit declaration of function
'ENGINE_get_default_RSA' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("RSA", ENGINE_get_default_RSA());
src/common/crypto.c:368:24: warning: implicit declaration of function
'ENGINE_get_default_DH' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("DH", ENGINE_get_default_DH());
src/common/crypto.c:369:26: warning: implicit declaration of function
'ENGINE_get_default_ECDH' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("ECDH", ENGINE_get_default_ECDH());
src/common/crypto.c:370:27: warning: implicit declaration of function
'ENGINE_get_default_ECDSA' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("ECDSA", ENGINE_get_default_ECDSA());
src/common/crypto.c:371:26: warning: implicit declaration of function
'ENGINE_get_default_RAND' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("RAND", ENGINE_get_default_RAND());
src/common/crypto.c:373:26: warning: implicit declaration of function
'ENGINE_get_digest_engine' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
src/common/crypto.c:374:30: warning: implicit declaration of function
'ENGINE_get_cipher_engine' is invalid in C99
[-Wimplicit-function-declaration]
log_engine("3DES-CBC", ENGINE_get_cipher_engine(NID_des_ede3_cbc));
src/common/crypto.c:408:3: warning: implicit declaration of function
'ERR_remove_state' is invalid in C99 [-Wimplicit-function-declaration]
ERR_remove_state(0);
src/common/crypto.c:691:25: error: incomplete definition of type
'struct buf_mem_st'
*dest = tor_malloc(buf->length+1);
~
./src/common/util.h:116:44: note: expanded from macro 'tor_malloc'
#define tor_malloc(size) tor_malloc_(size DMALLOC_ARGS)
/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward
declaration of 'struct buf_mem_st'
typedef struct buf_mem_st BUF_MEM;
src/common/crypto.c:692:20: error: incomplete definition of type
'struct buf_mem_st'
memcpy(*dest, buf->data, buf->length);
~
/usr/include/secure/_string.h:65:33: note: expanded from macro 'memcpy'
builtin_memcpy_chk (dest, src, len, darwin_obsz0 (dest))
/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward
declaration of 'struct buf_mem_st'
typedef struct buf_mem_st BUF_MEM;
src/common/crypto.c:692:31: error: incomplete definition of type
'struct buf_mem_st'
memcpy(*dest, buf->data, buf->length);
~
/usr/include/secure/_string.h:65:38: note: expanded from macro 'memcpy'
builtin_memcpy_chk (dest, src, len, darwin_obsz0 (dest))
/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward
declaration of 'struct buf_mem_st'
typedef struct buf_mem_st BUF_MEM;
src/common/crypto.c:693:14: error: incomplete definition of type
'struct buf_mem_st'
(*dest)[buf->length] = 0; /* nul terminate it */
~
/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward
declaration of 'struct buf_mem_st'
typedef struct buf_mem_st BUF_MEM;
src/common/crypto.c:694:13: error: incomplete definition of type
'struct buf_mem_st'
*len = buf->length;
~
/test/tor/boringssl-install/include/openssl/base.h:170:16: note: forward
declaration of 'struct buf_mem_st'
typedef struct buf_mem_st BUF_MEM;
src/common/crypto.c:695:3: warning: implicit declaration of function
'BUF_MEM_free' is invalid in C99 [-Wimplicit-function-declaration]
BUF_MEM_free(buf);
src/common/crypto.c:1783:19: warning: implicit declaration of function
'DH_generate_parameters' is invalid in C99
[-Wimplicit-function-declaration]
dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL, NULL);
src/common/crypto.c:2118:12: error: no member named 'length' in 'struct dh_st'
res->dh->length = DH_PRIVATE_KEY_BITS;
~
src/common/crypto.c:3046:2: error: OpenSSL has been built without thread
support. Tor requires an OpenSSL library with thread support enabled.
#error OpenSSL has been built without thread support. Tor requires an \
src/common/crypto.c:3149:3: warning: implicit declaration of function
'ENGINE_cleanup' is invalid in C99 [-Wimplicit-function-declaration]
ENGINE_cleanup();
src/common/crypto.c:3152:3: warning: implicit declaration of function
'CONF_modules_unload' is invalid in C99 [-Wimplicit-function-declaration]
CONF_modules_unload(1);