mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Remove code to support OpenSSL 0.9.8
This commit is contained in:
parent
f0a0568e7f
commit
971f0f8e18
6
changes/ticket16034
Normal file
6
changes/ticket16034
Normal file
@ -0,0 +1,6 @@
|
||||
o Removed features:
|
||||
|
||||
- Tor no longer supports versions of OpenSSL before 1.0. (If you
|
||||
are on an operating system that has not upgraded to OpenSSL 1.0
|
||||
or later, and you compile Tor from source, you will need to
|
||||
install a more recent OpenSSL to link Tor against.)
|
@ -58,8 +58,8 @@
|
||||
#include "compat.h"
|
||||
#include "sandbox.h"
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
|
||||
#error "We require OpenSSL >= 0.9.8"
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
|
||||
#error "We require OpenSSL >= 1.0.0"
|
||||
#endif
|
||||
|
||||
#ifdef ANDROID
|
||||
@ -300,13 +300,6 @@ crypto_early_init(void)
|
||||
SSLeay(), SSLeay_version(SSLEAY_VERSION));
|
||||
}
|
||||
|
||||
if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) {
|
||||
log_notice(LD_CRYPTO,
|
||||
"Your OpenSSL version seems to be %s. We recommend 1.0.0 "
|
||||
"or later.",
|
||||
crypto_openssl_get_version_str());
|
||||
}
|
||||
|
||||
crypto_force_rand_ssleay();
|
||||
|
||||
if (crypto_seed_rng(1) < 0)
|
||||
@ -2423,15 +2416,6 @@ crypto_dh_free(crypto_dh_t *dh)
|
||||
* work for us too. */
|
||||
#define ADD_ENTROPY 32
|
||||
|
||||
/** True iff it's safe to use RAND_poll after setup.
|
||||
*
|
||||
* Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
|
||||
* would allocate an fd_set on the stack, open a new file, and try to FD_SET
|
||||
* that fd without checking whether it fit in the fd_set. Thus, if the
|
||||
* system has not just been started up, it is unsafe to call */
|
||||
#define RAND_POLL_IS_SAFE \
|
||||
(OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c'))
|
||||
|
||||
/** Set the seed of the weak RNG to a random value. */
|
||||
void
|
||||
crypto_seed_weak_rng(tor_weak_rng_t *rng)
|
||||
@ -2506,14 +2490,14 @@ crypto_seed_rng(int startup)
|
||||
int rand_poll_ok = 0, load_entropy_ok = 0;
|
||||
uint8_t buf[ADD_ENTROPY];
|
||||
|
||||
(void) startup;
|
||||
|
||||
/* OpenSSL has a RAND_poll function that knows about more kinds of
|
||||
* entropy than we do. We'll try calling that, *and* calling our own entropy
|
||||
* functions. If one succeeds, we'll accept the RNG as seeded. */
|
||||
if (startup || RAND_POLL_IS_SAFE) {
|
||||
rand_poll_ok = RAND_poll();
|
||||
if (rand_poll_ok == 0)
|
||||
log_warn(LD_CRYPTO, "RAND_poll() failed.");
|
||||
}
|
||||
rand_poll_ok = RAND_poll();
|
||||
if (rand_poll_ok == 0)
|
||||
log_warn(LD_CRYPTO, "RAND_poll() failed.");
|
||||
|
||||
load_entropy_ok = !crypto_strongest_rand(buf, sizeof(buf));
|
||||
if (load_entropy_ok) {
|
||||
@ -3123,13 +3107,11 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v,
|
||||
tor_free(v);
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
|
||||
static void
|
||||
tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
|
||||
{
|
||||
CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
|
||||
}
|
||||
#endif
|
||||
|
||||
/** @{ */
|
||||
/** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
|
||||
@ -3144,11 +3126,7 @@ setup_openssl_threading(void)
|
||||
for (i=0; i < n; ++i)
|
||||
openssl_mutexes_[i] = tor_mutex_new();
|
||||
CRYPTO_set_locking_callback(openssl_locking_cb_);
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
|
||||
CRYPTO_set_id_callback(tor_get_thread_id);
|
||||
#else
|
||||
CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
|
||||
#endif
|
||||
CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_);
|
||||
CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_);
|
||||
CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy_cb_);
|
||||
|
@ -75,8 +75,8 @@
|
||||
#include "container.h"
|
||||
#include <string.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
|
||||
#error "We require OpenSSL >= 0.9.8"
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
|
||||
#error "We require OpenSSL >= 1.0.0"
|
||||
#endif
|
||||
|
||||
/* Enable the "v2" TLS handshake.
|
||||
@ -93,10 +93,8 @@
|
||||
|
||||
#define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < OPENSSL_V(0,9,8,'s') || \
|
||||
(OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) && \
|
||||
OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f')))
|
||||
/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f')
|
||||
/* This is a version of OpenSSL before 1.0.0f. It does not have
|
||||
* the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and
|
||||
* SSL3 safely at the same time.
|
||||
*/
|
||||
@ -114,20 +112,6 @@
|
||||
#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
|
||||
#endif
|
||||
|
||||
/** Does the run-time openssl version look like we need
|
||||
* SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */
|
||||
static int use_unsafe_renegotiation_op = 0;
|
||||
/** Does the run-time openssl version look like we need
|
||||
* SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */
|
||||
static int use_unsafe_renegotiation_flag = 0;
|
||||
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
|
||||
/* If we have openssl 1.1, we just trust that the "mode" will work, and don't
|
||||
* use the "flag" at all. Nobody would forward-port that weird little glitch
|
||||
* from 0.9.8l to 1.1, would they?
|
||||
*/
|
||||
#define SUPPORT_UNSAFE_RENEGOTIATION_FLAG
|
||||
#endif
|
||||
|
||||
/** Structure that we use for a single certificate. */
|
||||
struct tor_cert_t {
|
||||
X509 *cert;
|
||||
@ -492,56 +476,6 @@ tor_tls_init(void)
|
||||
|
||||
version = SSLeay();
|
||||
|
||||
/* OpenSSL 0.9.8l introduced SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
|
||||
* here, but without thinking too hard about it: it turns out that the
|
||||
* flag in question needed to be set at the last minute, and that it
|
||||
* conflicted with an existing flag number that had already been added
|
||||
* in the OpenSSL 1.0.0 betas. OpenSSL 0.9.8m thoughtfully replaced
|
||||
* the flag with an option and (it seems) broke anything that used
|
||||
* SSL3_FLAGS_* for the purpose. So we need to know how to do both,
|
||||
* and we mustn't use the SSL3_FLAGS option with anything besides
|
||||
* OpenSSL 0.9.8l.
|
||||
*
|
||||
* No, we can't just set flag 0x0010 everywhere. It breaks Tor with
|
||||
* OpenSSL 1.0.0beta3 and later. On the other hand, we might be able to
|
||||
* set option 0x00040000L everywhere.
|
||||
*
|
||||
* No, we can't simply detect whether the flag or the option is present
|
||||
* in the headers at build-time: some vendors (notably Apple) like to
|
||||
* leave their headers out of sync with their libraries.
|
||||
*
|
||||
* Yes, it _is_ almost as if the OpenSSL developers decided that no
|
||||
* program should be allowed to use renegotiation unless it first passed
|
||||
* a test of intelligence and determination.
|
||||
*/
|
||||
if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
|
||||
log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
|
||||
"some vendors have backported renegotiation code from "
|
||||
"0.9.8m without updating the version number. "
|
||||
"I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
|
||||
SSLeay_version(SSLEAY_VERSION));
|
||||
use_unsafe_renegotiation_flag = 1;
|
||||
use_unsafe_renegotiation_op = 1;
|
||||
} else if (version > OPENSSL_V(0,9,8,'l')) {
|
||||
log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
|
||||
"I will try SSL_OP to enable renegotiation",
|
||||
SSLeay_version(SSLEAY_VERSION));
|
||||
use_unsafe_renegotiation_op = 1;
|
||||
} else if (version <= OPENSSL_V(0,9,8,'k')) {
|
||||
log_info(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
|
||||
"0.9.8l, but some vendors have backported 0.9.8l's "
|
||||
"renegotiation code to earlier versions, and some have "
|
||||
"backported the code from 0.9.8m or 0.9.8n. I'll set both "
|
||||
"SSL3_FLAGS and SSL_OP just to be safe.",
|
||||
SSLeay_version(SSLEAY_VERSION), version);
|
||||
use_unsafe_renegotiation_flag = 1;
|
||||
use_unsafe_renegotiation_op = 1;
|
||||
} else {
|
||||
/* this is dead code, yes? */
|
||||
log_info(LD_GENERAL, "OpenSSL %s has version %lx",
|
||||
SSLeay_version(SSLEAY_VERSION), version);
|
||||
}
|
||||
|
||||
#if (SIZEOF_VOID_P >= 8 && \
|
||||
!defined(OPENSSL_NO_EC) && \
|
||||
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
|
||||
@ -1333,24 +1267,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||
}
|
||||
#endif
|
||||
|
||||
/* XXX This block is now obsolete. */
|
||||
if (
|
||||
#ifdef DISABLE_SSL3_HANDSHAKE
|
||||
1 ||
|
||||
#endif
|
||||
SSLeay() < OPENSSL_V(0,9,8,'s') ||
|
||||
(SSLeay() >= OPENSSL_V_SERIES(0,9,9) &&
|
||||
SSLeay() < OPENSSL_V(1,0,0,'f'))) {
|
||||
/* And not SSL3 if it's subject to CVE-2011-4576. */
|
||||
log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
|
||||
"might otherwise be vulnerable to CVE-2011-4576 "
|
||||
"(compile-time version %08lx (%s); "
|
||||
"runtime version %08lx (%s))",
|
||||
(unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
|
||||
(unsigned long)SSLeay(), SSLeay_version(SSLEAY_VERSION));
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
|
||||
}
|
||||
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_ECDH_USE);
|
||||
|
||||
@ -1361,7 +1277,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||
/* Yes, we know what we are doing here. No, we do not treat a renegotiation
|
||||
* as authenticating any earlier-received data.
|
||||
*/
|
||||
if (use_unsafe_renegotiation_op) {
|
||||
{
|
||||
SSL_CTX_set_options(result->ctx,
|
||||
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
|
||||
}
|
||||
@ -1410,8 +1326,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||
SSL_CTX_set_tmp_dh(result->ctx, crypto_dh_get_dh_(dh));
|
||||
crypto_dh_free(dh);
|
||||
}
|
||||
#if (!defined(OPENSSL_NO_EC) && \
|
||||
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0))
|
||||
#if !defined(OPENSSL_NO_EC)
|
||||
if (! is_client) {
|
||||
int nid;
|
||||
EC_KEY *ec_key;
|
||||
@ -1769,10 +1684,6 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
|
||||
|
||||
if (tls) {
|
||||
tls->wasV2Handshake = 1;
|
||||
#if (defined(USE_BUFFEREVENTS) && defined(SUPPORT_UNSAFE_RENEGOTATION_FLAG))
|
||||
if (use_unsafe_renegotiation_flag)
|
||||
tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
|
||||
#endif
|
||||
} else {
|
||||
log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!");
|
||||
}
|
||||
@ -1780,7 +1691,6 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
|
||||
/** Callback to get invoked on a server after we've read the list of ciphers
|
||||
* the client supports, but before we pick our own ciphersuite.
|
||||
*
|
||||
@ -1818,9 +1728,6 @@ tor_tls_setup_session_secret_cb(tor_tls_t *tls)
|
||||
{
|
||||
SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
|
||||
}
|
||||
#else
|
||||
#define tor_tls_setup_session_secret_cb(tls) STMT_NIL
|
||||
#endif
|
||||
|
||||
/** Explain which ciphers we're missing. */
|
||||
static void
|
||||
@ -2098,15 +2005,8 @@ tor_tls_unblock_renegotiation(tor_tls_t *tls)
|
||||
{
|
||||
/* Yes, we know what we are doing here. No, we do not treat a renegotiation
|
||||
* as authenticating any earlier-received data. */
|
||||
#ifdef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
|
||||
if (use_unsafe_renegotiation_flag) {
|
||||
tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
|
||||
}
|
||||
#endif
|
||||
if (use_unsafe_renegotiation_op) {
|
||||
SSL_set_options(tls->ssl,
|
||||
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
|
||||
}
|
||||
SSL_set_options(tls->ssl,
|
||||
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
|
||||
}
|
||||
|
||||
/** If this version of openssl supports it, turn off renegotiation on
|
||||
@ -2127,16 +2027,8 @@ tor_tls_block_renegotiation(tor_tls_t *tls)
|
||||
void
|
||||
tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
|
||||
{
|
||||
#ifdef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
|
||||
if (use_unsafe_renegotiation_flag) {
|
||||
tor_assert(0 != (tls->ssl->s3->flags &
|
||||
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
|
||||
}
|
||||
#endif
|
||||
if (use_unsafe_renegotiation_op) {
|
||||
long options = SSL_get_options(tls->ssl);
|
||||
tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
|
||||
}
|
||||
long options = SSL_get_options(tls->ssl);
|
||||
tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
|
||||
}
|
||||
|
||||
/** Return whether this tls initiated the connect (client) or
|
||||
|
@ -502,8 +502,7 @@ bench_dh(void)
|
||||
" %f millisec each.\n", NANOCOUNT(start, end, iters)/1e6);
|
||||
}
|
||||
|
||||
#if (!defined(OPENSSL_NO_EC) \
|
||||
&& OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0))
|
||||
#if !defined(OPENSSL_NO_EC)
|
||||
#define HAVE_EC_BENCHMARKS
|
||||
static void
|
||||
bench_ecdh_impl(int nid, const char *name)
|
||||
|
Loading…
Reference in New Issue
Block a user