mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Merge branch 'openssl_versions_squashed'
This commit is contained in:
commit
b443d6a4fb
6
changes/readable_ssl_versions
Normal file
6
changes/readable_ssl_versions
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
o Code simplification and refactoring:
|
||||||
|
- Use macros to indicate OpenSSL versions, so we don't need to worry
|
||||||
|
about accidental hexadecimal bit shifts.
|
||||||
|
- Remove some workaround code for OpenSSL 0.9.6, which is no longer
|
||||||
|
supported.
|
||||||
|
|
@ -17,7 +17,8 @@
|
|||||||
#include <openssl/aes.h>
|
#include <openssl/aes.h>
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/engine.h>
|
#include <openssl/engine.h>
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x1000001fL
|
#include "crypto.h"
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V(1,0,0,'a')
|
||||||
/* See comments about which counter mode implementation to use below. */
|
/* See comments about which counter mode implementation to use below. */
|
||||||
#include <openssl/modes.h>
|
#include <openssl/modes.h>
|
||||||
#define USE_OPENSSL_CTR
|
#define USE_OPENSSL_CTR
|
||||||
|
@ -60,7 +60,7 @@
|
|||||||
#include "container.h"
|
#include "container.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x00907000l
|
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,7)
|
||||||
#error "We require OpenSSL >= 0.9.7"
|
#error "We require OpenSSL >= 0.9.7"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -72,7 +72,7 @@
|
|||||||
/** Longest recognized */
|
/** Longest recognized */
|
||||||
#define MAX_DNS_LABEL_SIZE 63
|
#define MAX_DNS_LABEL_SIZE 63
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x00908000l
|
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
|
||||||
/** @{ */
|
/** @{ */
|
||||||
/** On OpenSSL versions before 0.9.8, there is no working SHA256
|
/** On OpenSSL versions before 0.9.8, there is no working SHA256
|
||||||
* implementation, so we use Tom St Denis's nice speedy one, slightly adapted
|
* implementation, so we use Tom St Denis's nice speedy one, slightly adapted
|
||||||
@ -452,7 +452,7 @@ crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits)
|
|||||||
|
|
||||||
if (env->key)
|
if (env->key)
|
||||||
RSA_free(env->key);
|
RSA_free(env->key);
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x00908000l
|
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
|
||||||
/* In OpenSSL 0.9.7, RSA_generate_key is all we have. */
|
/* In OpenSSL 0.9.7, RSA_generate_key is all we have. */
|
||||||
env->key = RSA_generate_key(bits, 65537, NULL, NULL);
|
env->key = RSA_generate_key(bits, 65537, NULL, NULL);
|
||||||
#else
|
#else
|
||||||
@ -1723,7 +1723,7 @@ crypto_hmac_sha256(char *hmac_out,
|
|||||||
const char *key, size_t key_len,
|
const char *key, size_t key_len,
|
||||||
const char *msg, size_t msg_len)
|
const char *msg, size_t msg_len)
|
||||||
{
|
{
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x00908000l)
|
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,8)
|
||||||
/* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */
|
/* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */
|
||||||
tor_assert(key_len < INT_MAX);
|
tor_assert(key_len < INT_MAX);
|
||||||
tor_assert(msg_len < INT_MAX);
|
tor_assert(msg_len < INT_MAX);
|
||||||
@ -2360,13 +2360,6 @@ crypto_dh_free(crypto_dh_env_t *dh)
|
|||||||
* work for us too. */
|
* work for us too. */
|
||||||
#define ADD_ENTROPY 32
|
#define ADD_ENTROPY 32
|
||||||
|
|
||||||
/** True iff we should use OpenSSL's RAND_poll function to add entropy to its
|
|
||||||
* pool.
|
|
||||||
*
|
|
||||||
* Use RAND_poll if OpenSSL is 0.9.6 release or later. (The "f" means
|
|
||||||
*"release".) */
|
|
||||||
#define HAVE_RAND_POLL (OPENSSL_VERSION_NUMBER >= 0x0090600fl)
|
|
||||||
|
|
||||||
/** True iff it's safe to use RAND_poll after setup.
|
/** True iff it's safe to use RAND_poll after setup.
|
||||||
*
|
*
|
||||||
* Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
|
* Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
|
||||||
@ -2374,9 +2367,9 @@ crypto_dh_free(crypto_dh_env_t *dh)
|
|||||||
* that fd without checking whether it fit in the fd_set. Thus, if the
|
* that fd without checking whether it fit in the fd_set. Thus, if the
|
||||||
* system has not just been started up, it is unsafe to call */
|
* system has not just been started up, it is unsafe to call */
|
||||||
#define RAND_POLL_IS_SAFE \
|
#define RAND_POLL_IS_SAFE \
|
||||||
((OPENSSL_VERSION_NUMBER >= 0x009070afl && \
|
((OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,7,'j') && \
|
||||||
OPENSSL_VERSION_NUMBER <= 0x00907fffl) || \
|
OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)) || \
|
||||||
(OPENSSL_VERSION_NUMBER >= 0x0090803fl))
|
OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c'))
|
||||||
|
|
||||||
/** Set the seed of the weak RNG to a random value. */
|
/** Set the seed of the weak RNG to a random value. */
|
||||||
static void
|
static void
|
||||||
@ -2410,8 +2403,7 @@ crypto_seed_rng(int startup)
|
|||||||
size_t n;
|
size_t n;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if HAVE_RAND_POLL
|
/* OpenSSL has a RAND_poll function that knows about more kinds of
|
||||||
/* OpenSSL 0.9.6 adds a RAND_poll function that knows about more kinds of
|
|
||||||
* entropy than we do. We'll try calling that, *and* calling our own entropy
|
* entropy than we do. We'll try calling that, *and* calling our own entropy
|
||||||
* functions. If one succeeds, we'll accept the RNG as seeded. */
|
* functions. If one succeeds, we'll accept the RNG as seeded. */
|
||||||
if (startup || RAND_POLL_IS_SAFE) {
|
if (startup || RAND_POLL_IS_SAFE) {
|
||||||
@ -2419,7 +2411,6 @@ crypto_seed_rng(int startup)
|
|||||||
if (rand_poll_status == 0)
|
if (rand_poll_status == 0)
|
||||||
log_warn(LD_CRYPTO, "RAND_poll() failed.");
|
log_warn(LD_CRYPTO, "RAND_poll() failed.");
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef MS_WINDOWS
|
#ifdef MS_WINDOWS
|
||||||
if (!provider_set) {
|
if (!provider_set) {
|
||||||
|
@ -16,6 +16,38 @@
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include "torint.h"
|
#include "torint.h"
|
||||||
|
|
||||||
|
/*
|
||||||
|
Macro to create an arbitrary OpenSSL version number as used by
|
||||||
|
OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard
|
||||||
|
to read.
|
||||||
|
|
||||||
|
Don't use this directly, instead use one of the other OPENSSL_V macros
|
||||||
|
below.
|
||||||
|
|
||||||
|
The format is: 4 bits major, 8 bits minor, 8 bits fix, 8 bits patch, 4 bit
|
||||||
|
status.
|
||||||
|
*/
|
||||||
|
#define OPENSSL_VER(a,b,c,d,e) \
|
||||||
|
(((a)<<28) | \
|
||||||
|
((b)<<20) | \
|
||||||
|
((c)<<12) | \
|
||||||
|
((d)<< 4) | \
|
||||||
|
(e))
|
||||||
|
/** An openssl release number. For example, OPENSSL_V(0,9,8,'j') is the
|
||||||
|
* version for the released version of 0.9.8j */
|
||||||
|
#define OPENSSL_V(a,b,c,d) \
|
||||||
|
OPENSSL_VER((a),(b),(c),(d)-'a'+1,0xf)
|
||||||
|
/** An openssl release number for the first release in the series. For
|
||||||
|
* example, OPENSSL_V_NOPATCH(1,0,0) is the first released version of OpenSSL
|
||||||
|
* 1.0.0. */
|
||||||
|
#define OPENSSL_V_NOPATCH(a,b,c) \
|
||||||
|
OPENSSL_VER((a),(b),(c),0,0xf)
|
||||||
|
/** The first version that would occur for any alpha or beta in an openssl
|
||||||
|
* series. For example, OPENSSL_V_SERIES(0,9,8) is greater than any released
|
||||||
|
* 0.9.7, and less than any released 0.9.8. */
|
||||||
|
#define OPENSSL_V_SERIES(a,b,c) \
|
||||||
|
OPENSSL_VER((a),(b),(c),0,0)
|
||||||
|
|
||||||
/** Length of the output of our message digest. */
|
/** Length of the output of our message digest. */
|
||||||
#define DIGEST_LEN 20
|
#define DIGEST_LEN 20
|
||||||
/** Length of the output of our second (improved) message digests. (For now
|
/** Length of the output of our second (improved) message digests. (For now
|
||||||
|
@ -44,10 +44,6 @@
|
|||||||
#include <openssl/bio.h>
|
#include <openssl/bio.h>
|
||||||
#include <openssl/opensslv.h>
|
#include <openssl/opensslv.h>
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x00907000l
|
|
||||||
#error "We require OpenSSL >= 0.9.7"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef USE_BUFFEREVENTS
|
#ifdef USE_BUFFEREVENTS
|
||||||
#include <event2/bufferevent_ssl.h>
|
#include <event2/bufferevent_ssl.h>
|
||||||
#include <event2/buffer.h>
|
#include <event2/buffer.h>
|
||||||
@ -65,6 +61,10 @@
|
|||||||
#include "container.h"
|
#include "container.h"
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,7)
|
||||||
|
#error "We require OpenSSL >= 0.9.7"
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Enable the "v2" TLS handshake.
|
/* Enable the "v2" TLS handshake.
|
||||||
*/
|
*/
|
||||||
#define V2_HANDSHAKE_SERVER
|
#define V2_HANDSHAKE_SERVER
|
||||||
@ -79,9 +79,9 @@
|
|||||||
|
|
||||||
#define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
|
#define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
|
||||||
|
|
||||||
#if (OPENSSL_VERSION_NUMBER < 0x0090813fL || \
|
#if (OPENSSL_VERSION_NUMBER < OPENSSL_V(0,9,8,'s') || \
|
||||||
(OPENSSL_VERSION_NUMBER >= 0x00909000L && \
|
(OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) && \
|
||||||
OPENSSL_VERSION_NUMBER < 0x1000006fL))
|
OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f')))
|
||||||
/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
|
/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
|
||||||
* the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and
|
* the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and
|
||||||
* SSL3 safely at the same time.
|
* SSL3 safely at the same time.
|
||||||
@ -474,18 +474,18 @@ tor_tls_init(void)
|
|||||||
* program should be allowed to use renegotiation unless it first passed
|
* program should be allowed to use renegotiation unless it first passed
|
||||||
* a test of intelligence and determination.
|
* a test of intelligence and determination.
|
||||||
*/
|
*/
|
||||||
if (version >= 0x009080c0L && version < 0x009080d0L) {
|
if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
|
||||||
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
|
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
|
||||||
"I will try SSL3_FLAGS to enable renegotation.",
|
"I will try SSL3_FLAGS to enable renegotation.",
|
||||||
SSLeay_version(SSLEAY_VERSION));
|
SSLeay_version(SSLEAY_VERSION));
|
||||||
use_unsafe_renegotiation_flag = 1;
|
use_unsafe_renegotiation_flag = 1;
|
||||||
use_unsafe_renegotiation_op = 1;
|
use_unsafe_renegotiation_op = 1;
|
||||||
} else if (version >= 0x009080d0L) {
|
} else if (version > OPENSSL_V(0,9,8,'l')) {
|
||||||
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
|
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
|
||||||
"I will try SSL_OP to enable renegotiation",
|
"I will try SSL_OP to enable renegotiation",
|
||||||
SSLeay_version(SSLEAY_VERSION));
|
SSLeay_version(SSLEAY_VERSION));
|
||||||
use_unsafe_renegotiation_op = 1;
|
use_unsafe_renegotiation_op = 1;
|
||||||
} else if (version < 0x009080c0L) {
|
} else if (version <= OPENSSL_V(0,9,8,'k')) {
|
||||||
log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
|
log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
|
||||||
"0.9.8l, but some vendors have backported 0.9.8l's "
|
"0.9.8l, but some vendors have backported 0.9.8l's "
|
||||||
"renegotiation code to earlier versions, and some have "
|
"renegotiation code to earlier versions, and some have "
|
||||||
@ -770,7 +770,7 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
|
|||||||
if (certificate_len > INT_MAX)
|
if (certificate_len > INT_MAX)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x00908000l
|
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
|
||||||
/* This ifdef suppresses a type warning. Take out this case once everybody
|
/* This ifdef suppresses a type warning. Take out this case once everybody
|
||||||
* is using OpenSSL 0.9.8 or later. */
|
* is using OpenSSL 0.9.8 or later. */
|
||||||
x509 = d2i_X509(NULL, (unsigned char**)&cp, (int)certificate_len);
|
x509 = d2i_X509(NULL, (unsigned char**)&cp, (int)certificate_len);
|
||||||
@ -1177,9 +1177,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
|
|||||||
#ifdef DISABLE_SSL3_HANDSHAKE
|
#ifdef DISABLE_SSL3_HANDSHAKE
|
||||||
1 ||
|
1 ||
|
||||||
#endif
|
#endif
|
||||||
SSLeay() < 0x0090813fL ||
|
SSLeay() < OPENSSL_V(0,9,8,'s') ||
|
||||||
(SSLeay() >= 0x00909000L &&
|
(SSLeay() >= OPENSSL_V_SERIES(0,9,9) &&
|
||||||
SSLeay() < 0x1000006fL)) {
|
SSLeay() < OPENSSL_V(1,0,0,'f'))) {
|
||||||
/* And not SSL3 if it's subject to CVE-2011-4657. */
|
/* And not SSL3 if it's subject to CVE-2011-4657. */
|
||||||
log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
|
log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
|
||||||
"might otherwise be vulnerable to CVE-2011-4657 "
|
"might otherwise be vulnerable to CVE-2011-4657 "
|
||||||
|
Loading…
Reference in New Issue
Block a user