tor-commits May 2015

tor-commits@lists.torproject.org

22 participants
990 discussions

[tor/master] Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
by nickm＠torproject.org 20 May '15

20 May '15

commit f8f407d66a4389035852a229a6945cc08a64b198 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue May 19 16:17:03 2015 -0400 Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args It needed an argument before because it wasn't safe to call RAND_poll() on openssl 0.9.8c if you had already opened more fds than would fit in fd_set. --- src/common/crypto.c | 8 +++----- src/common/crypto.h | 2 +- src/or/main.c | 2 +- src/test/bench.c | 2 +- src/test/test_crypto.c | 2 +- src/test/test_workqueue.c | 2 +- src/test/testing_common.c | 2 +- src/tools/tor-gencert.c | 2 +- 8 files changed, 10 insertions(+), 12 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 0feed1c..f980d7e 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -302,7 +302,7 @@ crypto_early_init(void) crypto_force_rand_ssleay(); - if (crypto_seed_rng(1) < 0) + if (crypto_seed_rng() < 0) return -1; if (crypto_init_siphash_key() < 0) return -1; @@ -384,7 +384,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) } if (crypto_force_rand_ssleay()) { - if (crypto_seed_rng(1) < 0) + if (crypto_seed_rng() < 0) return -1; } @@ -2485,13 +2485,11 @@ crypto_strongest_rand(uint8_t *out, size_t out_len) * have not yet allocated a bunch of fds. Return 0 on success, -1 on failure. */ int -crypto_seed_rng(int startup) +crypto_seed_rng(void) { int rand_poll_ok = 0, load_entropy_ok = 0; uint8_t buf[ADD_ENTROPY]; - (void) startup; - /* OpenSSL has a RAND_poll function that knows about more kinds of * entropy than we do. We'll try calling that, *and* calling our own entropy * functions. If one succeeds, we'll accept the RNG as seeded. */ diff --git a/src/common/crypto.h b/src/common/crypto.h index d305bc1..5a08045 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -251,7 +251,7 @@ int crypto_expand_key_material_rfc5869_sha256( uint8_t *key_out, size_t key_out_len); /* random numbers */ -int crypto_seed_rng(int startup); +int crypto_seed_rng(void); MOCK_DECL(int,crypto_rand,(char *to, size_t n)); int crypto_strongest_rand(uint8_t *out, size_t out_len); int crypto_rand_int(unsigned int max); diff --git a/src/or/main.c b/src/or/main.c index 651291b..3f785a2 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1317,7 +1317,7 @@ run_scheduled_events(time_t now) if (time_to_add_entropy < now) { if (time_to_add_entropy) { /* We already seeded once, so don't die on failure. */ - crypto_seed_rng(0); + crypto_seed_rng(); } /** How often do we add more entropy to OpenSSL's RNG pool? */ #define ENTROPY_INTERVAL (60*60) diff --git a/src/test/bench.c b/src/test/bench.c index 6909e73..a74fc77 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -624,7 +624,7 @@ main(int argc, const char **argv) reset_perftime(); - crypto_seed_rng(1); + crypto_seed_rng(); crypto_init_siphash_key(); options = options_new(); init_logging(1); diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index e9fb8bf..5c263ba 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -72,7 +72,7 @@ test_crypto_rng(void *arg) /* Try out RNG. */ (void)arg; - tt_assert(! crypto_seed_rng(0)); + tt_assert(! crypto_seed_rng()); crypto_rand(data1, 100); crypto_rand(data2, 100); tt_mem_op(data1,OP_NE, data2,100); diff --git a/src/test/test_workqueue.c b/src/test/test_workqueue.c index aaff506..c524b24 100644 --- a/src/test/test_workqueue.c +++ b/src/test/test_workqueue.c @@ -356,7 +356,7 @@ main(int argc, char **argv) init_logging(1); crypto_global_init(1, NULL, NULL); - crypto_seed_rng(1); + crypto_seed_rng(); rq = replyqueue_new(as_flags); tor_assert(rq); diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 403c83b..e0c0046 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -270,7 +270,7 @@ main(int c, const char **v) return 1; } crypto_set_tls_dh_prime(NULL); - crypto_seed_rng(1); + crypto_seed_rng(); rep_hist_init(); network_init(); setup_directory(); diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index c599822..b83682a 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -532,7 +532,7 @@ main(int argc, char **argv) fprintf(stderr, "Couldn't initialize crypto library.\n"); return 1; } - if (crypto_seed_rng(1)) { + if (crypto_seed_rng()) { fprintf(stderr, "Couldn't seed RNG.\n"); goto done; }

1 0

[tor/master] tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning
by nickm＠torproject.org 20 May '15

20 May '15

commit d55db221e8ed993fa5cf4dd7bdaca62b1610d982 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed May 13 12:12:53 2015 -0400 tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning --- src/common/tortls.c | 17 +++++++++++++++-- src/common/tortls.h | 2 +- src/or/main.c | 13 +++++++------ 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index edb744f..97352c0 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -2875,12 +2875,23 @@ tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out) * Set *rbuf_capacity to the amount of storage allocated for the read * buffer and *rbuf_bytes to the amount actually used. * Set *wbuf_capacity to the amount of storage allocated for the write - * buffer and *wbuf_bytes to the amount actually used. */ -void + * buffer and *wbuf_bytes to the amount actually used. + * + * Return 0 on success, -1 on failure.*/ +int tor_tls_get_buffer_sizes(tor_tls_t *tls, size_t *rbuf_capacity, size_t *rbuf_bytes, size_t *wbuf_capacity, size_t *wbuf_bytes) { +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) + (void)tls; + (void)rbuf_capacity; + (void)rbuf_bytes; + (void)wbuf_capacity; + (void)wbuf_bytes; + + return -1; +#else if (tls->ssl->s3->rbuf.buf) *rbuf_capacity = tls->ssl->s3->rbuf.len; else @@ -2891,6 +2902,8 @@ tor_tls_get_buffer_sizes(tor_tls_t *tls, *wbuf_capacity = 0; *rbuf_bytes = tls->ssl->s3->rbuf.left; *wbuf_bytes = tls->ssl->s3->wbuf.left; + return 0; +#endif } #ifdef USE_BUFFEREVENTS diff --git a/src/common/tortls.h b/src/common/tortls.h index f8c6d59..5e1606f 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -92,7 +92,7 @@ size_t tor_tls_get_forced_write_size(tor_tls_t *tls); void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written); -void tor_tls_get_buffer_sizes(tor_tls_t *tls, +int tor_tls_get_buffer_sizes(tor_tls_t *tls, size_t *rbuf_capacity, size_t *rbuf_bytes, size_t *wbuf_capacity, size_t *wbuf_bytes); diff --git a/src/or/main.c b/src/or/main.c index d0fe8cb..651291b 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2315,12 +2315,13 @@ dumpstats(int severity) if (conn->type == CONN_TYPE_OR) { or_connection_t *or_conn = TO_OR_CONN(conn); if (or_conn->tls) { - tor_tls_get_buffer_sizes(or_conn->tls, &rbuf_cap, &rbuf_len, - &wbuf_cap, &wbuf_len); - tor_log(severity, LD_GENERAL, - "Conn %d: %d/%d bytes used on OpenSSL read buffer; " - "%d/%d bytes used on write buffer.", - i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap); + if (tor_tls_get_buffer_sizes(or_conn->tls, &rbuf_cap, &rbuf_len, + &wbuf_cap, &wbuf_len) == 0) { + tor_log(severity, LD_GENERAL, + "Conn %d: %d/%d bytes used on OpenSSL read buffer; " + "%d/%d bytes used on write buffer.", + i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap); + } } } }

1 0

[tor/master] Use SSL_CIPHER accessor functions
by nickm＠torproject.org 20 May '15

20 May '15

commit b7f3d5286578aa883218a26720240f9ee68142ee Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 14 10:17:37 2015 -0400 Use SSL_CIPHER accessor functions --- src/common/tortls.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index bbbf6c7..168fd56 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1634,7 +1634,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, const uint16_t *v2_cipher = v2_cipher_list; for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) { SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); - uint16_t id = cipher->id & 0xffff; + uint16_t id = SSL_CIPHER_get_id(cipher) & 0xffff; if (id == 0x00ff) /* extended renegotiation indicator. */ continue; if (!id || id != *v2_cipher) { @@ -1699,10 +1699,12 @@ tor_tls_client_is_using_v2_ciphers(const SSL *ssl) for (i = 0; i < sk_SSL_CIPHER_num(c1); ++i) { SSL_CIPHER *a = sk_SSL_CIPHER_value(ciphers, i); SSL_CIPHER *b = sk_SSL_CIPHER_value(c1, i); - if (a->id != b->id) { + unsigned long a_id = SSL_CIPHER_get_id(a); + unsigned long b_id = SSL_CIPHER_get_id(b); + if (a_id != b_id) { log_warn(LD_BUG, "Cipher mismatch between session->ciphers and " - "SSL_get_ciphers() at %d: %u vs %u", i, - (unsigned)a, (unsigned)b); + "SSL_get_ciphers() at %d: %lx vs %lx", i, + a_id, b_id); } } } @@ -1901,7 +1903,8 @@ rectify_client_ciphers(SSL *ssl) log_debug(LD_NET, "List was: %s", CLIENT_CIPHER_LIST); for (j = 0; j < sk_SSL_CIPHER_num(ciphers); ++j) { SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, j); - log_debug(LD_NET, "Cipher %d: %lx %s", j, cipher->id, cipher->name); + log_debug(LD_NET, "Cipher %d: %lx %s", j, + SSL_CIPHER_get_id(cipher), SSL_CIPHER_get_name(cipher)); } /* Then copy as many ciphers as we can from the good list, inserting @@ -1914,17 +1917,17 @@ rectify_client_ciphers(SSL *ssl) SSL_CIPHER *cipher = NULL; if (j < sk_SSL_CIPHER_num(ciphers)) cipher = sk_SSL_CIPHER_value(ciphers, j); - if (cipher && ((cipher->id >> 24) & 0xff) != 3) { + if (cipher && ((SSL_CIPHER_get_id(cipher) >> 24) & 0xff) != 3) { /* Skip over non-v3 ciphers entirely. (This should no longer be * needed, thanks to saying !SSLv2 above.) */ log_debug(LD_NET, "Skipping v%d cipher %s", - (int)((cipher->id>>24) & 0xff), - cipher->name); + (int)((SSL_CIPHER_get_id(cipher)>>24) & 0xff), + SSL_CIPHER_get_name(cipher)); ++j; } else if (cipher && - (cipher->id & 0xffff) == CLIENT_CIPHER_INFO_LIST[i].id) { + (SSL_CIPHER_get_id(cipher) & 0xffff) == CLIENT_CIPHER_INFO_LIST[i].id) { /* "cipher" is the cipher we expect. Put it on the list. */ - log_debug(LD_NET, "Found cipher %s", cipher->name); + log_debug(LD_NET, "Found cipher %s", SSL_CIPHER_get_name(cipher)); sk_SSL_CIPHER_push(CLIENT_CIPHER_STACK, cipher); ++j; ++i;

1 0

[tor/master] Try using SSL_get_ciphers in place of session->ciphers
by nickm＠torproject.org 20 May '15

20 May '15

commit 67964cfa787461bc56380fe46439fd5c9863bb4f Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 14 08:42:08 2015 -0400 Try using SSL_get_ciphers in place of session->ciphers This should help openssl 1.1. On pre-1.1, we double-check that these two methods give us the same list, since the underlying code is awfully hairy. --- src/common/tortls.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 08966b6..75d390f 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1663,13 +1663,37 @@ tor_tls_classify_client_ciphers(const SSL *ssl, static int tor_tls_client_is_using_v2_ciphers(const SSL *ssl) { - SSL_SESSION *session; - if (!(session = SSL_get_session((SSL *)ssl))) { - log_info(LD_NET, "No session on TLS?"); - return CIPHERS_ERR; + STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(ssl); + +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) + { + SSL_SESSION *session; + STACK_OF(SSL_CIPHER) *c1; + int i; + if (!(session = SSL_get_session((SSL *)ssl))) { + log_info(LD_NET, "No session on TLS?"); + return CIPHERS_ERR; + } + c1 = session->ciphers; + + if (sk_SSL_CIPHER_num(c1) != sk_SSL_CIPHER_num(ciphers)) { + log_warn(LD_BUG, "Whoops. session->ciphers doesn't " + "match SSL_get_ciphers()"); + return 0; + } + for (i = 0; i < sk_SSL_CIPHER_num(c1); ++i) { + SSL_CIPHER *a = sk_SSL_CIPHER_value(ciphers, i); + SSL_CIPHER *b = sk_SSL_CIPHER_value(c1, i); + if (a->id != b->id) { + log_warn(LD_BUG, "Cipher mismatch between session->ciphers and " + "SSL_get_ciphers() at %d: %u vs %u", i, + (unsigned)a, (unsigned)b); + } + } } +#endif - return tor_tls_classify_client_ciphers(ssl, session->ciphers) >= CIPHERS_V2; + return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2; } /** Invoked when we're accepting a connection on ssl, and the connection

1 0

[tor/master] Use SSL_CIPHER_find where possible.
by nickm＠torproject.org 20 May '15

20 May '15

commit 496df21c89d1425ff06dc9067d2cd4eb076a412c Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 14 10:14:06 2015 -0400 Use SSL_CIPHER_find where possible. --- src/common/tortls.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 75d390f..bbbf6c7 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1518,10 +1518,23 @@ static int v2_cipher_list_pruned = 0; /** Return 0 if m does not support the cipher with ID cipher; * return 1 if it does support it, or if we have no way to tell. */ static int -find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher) +find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) { const SSL_CIPHER *c; -#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,2) + { + unsigned char cipherid[3]; + tor_assert(ssl); + set_uint16(cipherid, htons(cipher)); + cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting + * with a two-byte 'cipherid', it may look for a v2 + * cipher with the appropriate 3 bytes. */ + c = SSL_CIPHER_find((SSL*)ssl, cipherid); + if (c) + tor_assert((c->id & 0xffff) == cipher); + return c != NULL; + } +#elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR) if (m && m->get_cipher_by_char) { unsigned char cipherid[3]; set_uint16(cipherid, htons(cipher)); @@ -1534,6 +1547,7 @@ find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher) return c != NULL; } else #endif +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) if (m && m->get_cipher && m->num_ciphers) { /* It would seem that some of the "let's-clean-up-openssl" forks have * removed the get_cipher_by_char function. Okay, so now you get a @@ -1547,23 +1561,24 @@ find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher) } } return 0; - } else { - return 1; /* No way to search */ } +#endif + (void) ssl; + return 1; /* No way to search */ } /** Remove from v2_cipher_list every cipher that we don't support, so that * comparing v2_cipher_list to a client's cipher list will give a sensible * result. */ static void -prune_v2_cipher_list(void) +prune_v2_cipher_list(const SSL *ssl) { uint16_t *inp, *outp; const SSL_METHOD *m = SSLv23_method(); inp = outp = v2_cipher_list; while (*inp) { - if (find_cipher_by_id(m, *inp)) { + if (find_cipher_by_id(ssl, m, *inp)) { *outp++ = *inp++; } else { inp++; @@ -1585,7 +1600,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, int i, res; tor_tls_t *tor_tls; if (PREDICT_UNLIKELY(!v2_cipher_list_pruned)) - prune_v2_cipher_list(); + prune_v2_cipher_list(ssl); tor_tls = tor_tls_get_by_ssl(ssl); if (tor_tls && tor_tls->client_cipher_list_type)

1 0

[tor/master] Remove code to support OpenSSL 0.9.8
by nickm＠torproject.org 20 May '15

20 May '15

commit 971f0f8e18c0f3ea9f2aa74a54951235269a1cd1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue May 19 16:14:20 2015 -0400 Remove code to support OpenSSL 0.9.8 --- changes/ticket16034 | 6 +++ src/common/crypto.c | 36 +++------------ src/common/tortls.c | 128 ++++----------------------------------------------- src/test/bench.c | 3 +- 4 files changed, 24 insertions(+), 149 deletions(-) diff --git a/changes/ticket16034 b/changes/ticket16034 new file mode 100644 index 0000000..b909946 --- /dev/null +++ b/changes/ticket16034 @@ -0,0 +1,6 @@ + o Removed features: + + - Tor no longer supports versions of OpenSSL before 1.0. (If you + are on an operating system that has not upgraded to OpenSSL 1.0 + or later, and you compile Tor from source, you will need to + install a more recent OpenSSL to link Tor against.) diff --git a/src/common/crypto.c b/src/common/crypto.c index a68294a..0feed1c 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -58,8 +58,8 @@ #include "compat.h" #include "sandbox.h" -#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8) -#error "We require OpenSSL >= 0.9.8" +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) +#error "We require OpenSSL >= 1.0.0" #endif #ifdef ANDROID @@ -300,13 +300,6 @@ crypto_early_init(void) SSLeay(), SSLeay_version(SSLEAY_VERSION)); } - if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) { - log_notice(LD_CRYPTO, - "Your OpenSSL version seems to be %s. We recommend 1.0.0 " - "or later.", - crypto_openssl_get_version_str()); - } - crypto_force_rand_ssleay(); if (crypto_seed_rng(1) < 0) @@ -2423,15 +2416,6 @@ crypto_dh_free(crypto_dh_t *dh) * work for us too. */ #define ADD_ENTROPY 32 -/** True iff it's safe to use RAND_poll after setup. - * - * Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll - * would allocate an fd_set on the stack, open a new file, and try to FD_SET - * that fd without checking whether it fit in the fd_set. Thus, if the - * system has not just been started up, it is unsafe to call */ -#define RAND_POLL_IS_SAFE \ - (OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c')) - /** Set the seed of the weak RNG to a random value. */ void crypto_seed_weak_rng(tor_weak_rng_t *rng) @@ -2506,14 +2490,14 @@ crypto_seed_rng(int startup) int rand_poll_ok = 0, load_entropy_ok = 0; uint8_t buf[ADD_ENTROPY]; + (void) startup; + /* OpenSSL has a RAND_poll function that knows about more kinds of * entropy than we do. We'll try calling that, *and* calling our own entropy * functions. If one succeeds, we'll accept the RNG as seeded. */ - if (startup || RAND_POLL_IS_SAFE) { - rand_poll_ok = RAND_poll(); - if (rand_poll_ok == 0) - log_warn(LD_CRYPTO, "RAND_poll() failed."); - } + rand_poll_ok = RAND_poll(); + if (rand_poll_ok == 0) + log_warn(LD_CRYPTO, "RAND_poll() failed."); load_entropy_ok = !crypto_strongest_rand(buf, sizeof(buf)); if (load_entropy_ok) { @@ -3123,13 +3107,11 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v, tor_free(v); } -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0) static void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid) { CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id()); } -#endif /** @{ */ /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being @@ -3144,11 +3126,7 @@ setup_openssl_threading(void) for (i=0; i < n; ++i) openssl_mutexes_[i] = tor_mutex_new(); CRYPTO_set_locking_callback(openssl_locking_cb_); -#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) - CRYPTO_set_id_callback(tor_get_thread_id); -#else CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id); -#endif CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_); CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_); CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy_cb_); diff --git a/src/common/tortls.c b/src/common/tortls.c index e0265b4..cc76537 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -75,8 +75,8 @@ #include "container.h" #include <string.h> -#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8) -#error "We require OpenSSL >= 0.9.8" +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) +#error "We require OpenSSL >= 1.0.0" #endif /* Enable the "v2" TLS handshake. @@ -93,10 +93,8 @@ #define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer") -#if (OPENSSL_VERSION_NUMBER < OPENSSL_V(0,9,8,'s') || \ - (OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) && \ - OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f'))) -/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have +#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f') +/* This is a version of OpenSSL before 1.0.0f. It does not have * the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and * SSL3 safely at the same time. */ @@ -114,20 +112,6 @@ #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 #endif -/** Does the run-time openssl version look like we need - * SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */ -static int use_unsafe_renegotiation_op = 0; -/** Does the run-time openssl version look like we need - * SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */ -static int use_unsafe_renegotiation_flag = 0; -#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) -/* If we have openssl 1.1, we just trust that the "mode" will work, and don't - * use the "flag" at all. Nobody would forward-port that weird little glitch - * from 0.9.8l to 1.1, would they? - */ -#define SUPPORT_UNSAFE_RENEGOTIATION_FLAG -#endif - /** Structure that we use for a single certificate. */ struct tor_cert_t { X509 *cert; @@ -492,56 +476,6 @@ tor_tls_init(void) version = SSLeay(); - /* OpenSSL 0.9.8l introduced SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION - * here, but without thinking too hard about it: it turns out that the - * flag in question needed to be set at the last minute, and that it - * conflicted with an existing flag number that had already been added - * in the OpenSSL 1.0.0 betas. OpenSSL 0.9.8m thoughtfully replaced - * the flag with an option and (it seems) broke anything that used - * SSL3_FLAGS_* for the purpose. So we need to know how to do both, - * and we mustn't use the SSL3_FLAGS option with anything besides - * OpenSSL 0.9.8l. - * - * No, we can't just set flag 0x0010 everywhere. It breaks Tor with - * OpenSSL 1.0.0beta3 and later. On the other hand, we might be able to - * set option 0x00040000L everywhere. - * - * No, we can't simply detect whether the flag or the option is present - * in the headers at build-time: some vendors (notably Apple) like to - * leave their headers out of sync with their libraries. - * - * Yes, it _is_ almost as if the OpenSSL developers decided that no - * program should be allowed to use renegotiation unless it first passed - * a test of intelligence and determination. - */ - if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) { - log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but " - "some vendors have backported renegotiation code from " - "0.9.8m without updating the version number. " - "I will try SSL3_FLAGS and SSL_OP to enable renegotation.", - SSLeay_version(SSLEAY_VERSION)); - use_unsafe_renegotiation_flag = 1; - use_unsafe_renegotiation_op = 1; - } else if (version > OPENSSL_V(0,9,8,'l')) { - log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; " - "I will try SSL_OP to enable renegotiation", - SSLeay_version(SSLEAY_VERSION)); - use_unsafe_renegotiation_op = 1; - } else if (version <= OPENSSL_V(0,9,8,'k')) { - log_info(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than " - "0.9.8l, but some vendors have backported 0.9.8l's " - "renegotiation code to earlier versions, and some have " - "backported the code from 0.9.8m or 0.9.8n. I'll set both " - "SSL3_FLAGS and SSL_OP just to be safe.", - SSLeay_version(SSLEAY_VERSION), version); - use_unsafe_renegotiation_flag = 1; - use_unsafe_renegotiation_op = 1; - } else { - /* this is dead code, yes? */ - log_info(LD_GENERAL, "OpenSSL %s has version %lx", - SSLeay_version(SSLEAY_VERSION), version); - } - #if (SIZEOF_VOID_P >= 8 && \ !defined(OPENSSL_NO_EC) && \ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) @@ -1333,24 +1267,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, } #endif - /* XXX This block is now obsolete. */ - if ( -#ifdef DISABLE_SSL3_HANDSHAKE - 1 || -#endif - SSLeay() < OPENSSL_V(0,9,8,'s') || - (SSLeay() >= OPENSSL_V_SERIES(0,9,9) && - SSLeay() < OPENSSL_V(1,0,0,'f'))) { - /* And not SSL3 if it's subject to CVE-2011-4576. */ - log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version " - "might otherwise be vulnerable to CVE-2011-4576 " - "(compile-time version %08lx (%s); " - "runtime version %08lx (%s))", - (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, - (unsigned long)SSLeay(), SSLeay_version(SSLEAY_VERSION)); - SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3); - } - SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE); SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_ECDH_USE); @@ -1361,7 +1277,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, /* Yes, we know what we are doing here. No, we do not treat a renegotiation * as authenticating any earlier-received data. */ - if (use_unsafe_renegotiation_op) { + { SSL_CTX_set_options(result->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); } @@ -1410,8 +1326,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, SSL_CTX_set_tmp_dh(result->ctx, crypto_dh_get_dh_(dh)); crypto_dh_free(dh); } -#if (!defined(OPENSSL_NO_EC) && \ - OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)) +#if !defined(OPENSSL_NO_EC) if (! is_client) { int nid; EC_KEY *ec_key; @@ -1769,10 +1684,6 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) if (tls) { tls->wasV2Handshake = 1; -#if (defined(USE_BUFFEREVENTS) && defined(SUPPORT_UNSAFE_RENEGOTATION_FLAG)) - if (use_unsafe_renegotiation_flag) - tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; -#endif } else { log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); } @@ -1780,7 +1691,6 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) } #endif -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0) /** Callback to get invoked on a server after we've read the list of ciphers * the client supports, but before we pick our own ciphersuite. * @@ -1818,9 +1728,6 @@ tor_tls_setup_session_secret_cb(tor_tls_t *tls) { SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL); } -#else -#define tor_tls_setup_session_secret_cb(tls) STMT_NIL -#endif /** Explain which ciphers we're missing. */ static void @@ -2098,15 +2005,8 @@ tor_tls_unblock_renegotiation(tor_tls_t *tls) { /* Yes, we know what we are doing here. No, we do not treat a renegotiation * as authenticating any earlier-received data. */ -#ifdef SUPPORT_UNSAFE_RENEGOTIATION_FLAG - if (use_unsafe_renegotiation_flag) { - tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; - } -#endif - if (use_unsafe_renegotiation_op) { - SSL_set_options(tls->ssl, - SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); - } + SSL_set_options(tls->ssl, + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); } /** If this version of openssl supports it, turn off renegotiation on @@ -2127,16 +2027,8 @@ tor_tls_block_renegotiation(tor_tls_t *tls) void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls) { -#ifdef SUPPORT_UNSAFE_RENEGOTIATION_FLAG - if (use_unsafe_renegotiation_flag) { - tor_assert(0 != (tls->ssl->s3->flags & - SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); - } -#endif - if (use_unsafe_renegotiation_op) { - long options = SSL_get_options(tls->ssl); - tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); - } + long options = SSL_get_options(tls->ssl); + tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); } /** Return whether this tls initiated the connect (client) or diff --git a/src/test/bench.c b/src/test/bench.c index 5cbc072..6909e73 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -502,8 +502,7 @@ bench_dh(void) " %f millisec each.\n", NANOCOUNT(start, end, iters)/1e6); } -#if (!defined(OPENSSL_NO_EC) \ - && OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)) +#if !defined(OPENSSL_NO_EC) #define HAVE_EC_BENCHMARKS static void bench_ecdh_impl(int nid, const char *name)

1 0

[tor/master] Stop poking SSL_CTX->comp_methods
by nickm＠torproject.org 20 May '15

20 May '15

commit f0a0568e7f77224dea9ecbc22ca159a12e75d4a9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 14 10:24:02 2015 -0400 Stop poking SSL_CTX->comp_methods --- src/common/tortls.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/common/tortls.c b/src/common/tortls.c index 168fd56..e0265b4 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1365,12 +1365,17 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, SSL_CTX_set_options(result->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); } +#ifdef SSL_OP_NO_COMPRESSION + SSL_CTX_set_options(result->ctx, SSL_OP_NO_COMPRESSION); +#endif +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) #ifndef OPENSSL_NO_COMP /* Don't actually allow compression; it uses ram and time, but the data * we transmit is all encrypted anyway. */ if (result->ctx->comp_methods) result->ctx->comp_methods = NULL; #endif +#endif #ifdef SSL_MODE_RELEASE_BUFFERS SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS); #endif

1 0

[tor/master] Merge branch 'bug16034_no_more_openssl_098_squashed'
by nickm＠torproject.org 20 May '15

20 May '15

commit ed02a409cfdd51671ff1d80c86cfc7d6458f201f Merge: 32bd533 e9677c8 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed May 20 15:33:22 2015 -0400 Merge branch 'bug16034_no_more_openssl_098_squashed' Conflicts: src/test/testing_common.c changes/ticket16034 | 6 + src/common/aes.c | 28 +---- src/common/crypto.c | 48 +++----- src/common/crypto.h | 2 +- src/common/tortls.c | 300 ++++++++++++++++++++++----------------------- src/common/tortls.h | 2 +- src/or/main.c | 15 +-- src/test/bench.c | 5 +- src/test/test_crypto.c | 2 +- src/test/test_workqueue.c | 2 +- src/test/testing_common.c | 2 +- src/tools/tor-gencert.c | 2 +- 12 files changed, 190 insertions(+), 224 deletions(-) diff --cc src/or/main.c index 3fb7de6,3f785a2..74e6b33 --- a/src/or/main.c +++ b/src/or/main.c @@@ -1333,10 -1314,10 +1333,10 @@@ run_scheduled_events(time_t now * connection_run_housekeeping() above. */ } - if (time_to_add_entropy < now) { - if (time_to_add_entropy) { + if (time_to.add_entropy < now) { + if (time_to.add_entropy) { /* We already seeded once, so don't die on failure. */ - crypto_seed_rng(0); + crypto_seed_rng(); } /** How often do we add more entropy to OpenSSL's RNG pool? */ #define ENTROPY_INTERVAL (60*60) diff --cc src/test/testing_common.c index 60be460,e0c0046..7f387c0 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@@ -269,8 -269,8 +269,8 @@@ main(int c, const char **v printf("Can't initialize crypto subsystem; exiting.\n"); return 1; } - crypto_set_tls_dh_prime(NULL); + crypto_set_tls_dh_prime(); - crypto_seed_rng(1); + crypto_seed_rng(); rep_hist_init(); network_init(); setup_directory();

1 0

[tor/master] Drop support for OpenSSLs without AES_CTR
by nickm＠torproject.org 20 May '15

20 May '15

commit e9677c8f8d3a24bc572d63dd85fa14e8d596ad78 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed May 20 10:23:23 2015 -0400 Drop support for OpenSSLs without AES_CTR --- src/common/aes.c | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/src/common/aes.c b/src/common/aes.c index 7651f1d..d75a4a7 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -32,11 +32,7 @@ #include <openssl/evp.h> #include <openssl/engine.h> #include "crypto.h" -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0) -/* See comments about which counter mode implementation to use below. */ #include <openssl/modes.h> -#define CAN_USE_OPENSSL_CTR -#endif #include "compat.h" #include "aes.h" #include "util.h" @@ -189,11 +185,9 @@ struct aes_cnt_cipher { * we're testing it or because we have hardware acceleration configured */ static int should_use_EVP = 0; -#ifdef CAN_USE_OPENSSL_CTR /** True iff we have tested the counter-mode implementation and found that it * doesn't have the counter-mode bug from OpenSSL 1.0.0. */ static int should_use_openssl_CTR = 0; -#endif /** Check whether we should use the EVP interface for AES. If force_val * is nonnegative, we use use EVP iff it is true. Otherwise, we use EVP @@ -235,7 +229,6 @@ evaluate_evp_for_aes(int force_val) int evaluate_ctr_for_aes(void) { -#ifdef CAN_USE_OPENSSL_CTR /* Result of encrypting an all-zero block with an all-zero 128-bit AES key. * This should be the same as encrypting an all-zero block with an all-zero * 128-bit AES key in counter mode, starting at position 0 of the stream. @@ -268,10 +261,6 @@ evaluate_ctr_for_aes(void) "mode; using it."); should_use_openssl_CTR = 1; } -#else - log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of " - "counter mode; not using it."); -#endif return 0; } @@ -356,11 +345,9 @@ aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits) cipher->pos = 0; -#ifdef CAN_USE_OPENSSL_CTR if (should_use_openssl_CTR) memset(cipher->buf, 0, sizeof(cipher->buf)); else -#endif aes_fill_buf_(cipher); } @@ -386,7 +373,6 @@ aes_cipher_free(aes_cnt_cipher_t *cipher) #define UPDATE_CTR_BUF(c, n) #endif -#ifdef CAN_USE_OPENSSL_CTR /* Helper function to use EVP with openssl's counter-mode wrapper. */ static void evp_block128_fn(const uint8_t in[16], @@ -397,7 +383,6 @@ evp_block128_fn(const uint8_t in[16], int inl=16, outl=16; EVP_EncryptUpdate(ctx, out, &outl, in, inl); } -#endif /** Encrypt len bytes from input, storing the result in * output. Uses the key in cipher, and advances the counter @@ -407,7 +392,6 @@ void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, char *output) { -#ifdef CAN_USE_OPENSSL_CTR if (should_use_openssl_CTR) { if (cipher->using_evp) { /* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h. If @@ -431,9 +415,7 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, &cipher->pos); } return; - } else -#endif - { + } else { int c = cipher->pos; if (PREDICT_UNLIKELY(!len)) return; @@ -466,13 +448,10 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len) { -#ifdef CAN_USE_OPENSSL_CTR if (should_use_openssl_CTR) { aes_crypt(cipher, data, len, data); return; - } else -#endif - { + } else { int c = cipher->pos; if (PREDICT_UNLIKELY(!len)) return; @@ -512,11 +491,8 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv) cipher->pos = 0; memcpy(cipher->ctr_buf.buf, iv, 16); -#ifdef CAN_USE_OPENSSL_CTR if (!should_use_openssl_CTR) -#endif aes_fill_buf_(cipher); } #endif -

1 0

[translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd
by translation＠torproject.org 20 May '15

20 May '15

commit 098691c301d27bd01a956f2ae42be623177f075c Author: Translation commit bot <translation(a)torproject.org> Date: Wed May 20 16:16:04 2015 +0000 Update translations for torbutton-torbuttondtd --- id/torbutton.dtd | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/id/torbutton.dtd b/id/torbutton.dtd index 24f6437..a95a6fa 100644 --- a/id/torbutton.dtd +++ b/id/torbutton.dtd @@ -149,19 +149,19 @@ <!ENTITY torbutton.prefs.priv_caption "Pengaturan Privasi"> <!ENTITY torbutton.prefs.block_disk "Don't record browsing history or website data (enables Private Browsing Mode)"> <!ENTITY torbutton.prefs.restrict_thirdparty "Restrict third party cookies and other tracking data"> -<!ENTITY torbutton.prefs.block_plugins "Disable browser plugins (such as Flash)"> -<!ENTITY torbutton.prefs.resist_fingerprinting "Change details that distinguish you from other Tor Browser users"> -<!ENTITY torbutton.prefs.sec_caption "Level Keamanan"> -<!ENTITY torbutton.prefs.sec_low "Rendah (baku)"> -<!ENTITY torbutton.prefs.sec_low_usable_desc "This provides the most usable experience."> -<!ENTITY torbutton.prefs.sec_low_desc "At this security level, all browser features are enabled."> -<!ENTITY torbutton.prefs.sec_font_rend_svg_tooltip "The SVG OpenType font rendering mechanism is disabled."> +<!ENTITY torbutton.prefs.block_plugins "Nonaktifkan ..."> +<!ENTITY torbutton.prefs.resist_fingerprinting "Ubah rincian yang membedakan Anda dari pengguna peramban Tor lain."> +<!ENTITY torbutton.prefs.sec_caption "Tingkat Keamanan"> +<!ENTITY torbutton.prefs.sec_low "Rendah (default)"> +<!ENTITY torbutton.prefs.sec_low_usable_desc "Memberikan pengalaman paling umum."> +<!ENTITY torbutton.prefs.sec_low_desc "Pada tingkat keamanan ini, semua fitur peramban diaktifkan."> +<!ENTITY torbutton.prefs.sec_font_rend_svg_tooltip "Font OpenType SVG dinonaktifkan."> <!ENTITY torbutton.prefs.sec_med_low "Menengah-Rendah"> <!ENTITY torbutton.prefs.sec_gen_desc "Pada tingkat keamanan ini, perubahan berikut berlaku (seret kursor untuk rincian):"> <!ENTITY torbutton.prefs.sec_html5_desc "Video HTML5 dan audio menjadi Klik-untuk-Menjalankan melalui NoScript."> <!ENTITY torbutton.prefs.sec_html5_tooltip "Pada beberapa situs, Anda mungkin perlu memakai tombol NoScript untuk mengaktifkan obyek media ini."> <!ENTITY torbutton.prefs.sec_some_jit_desc "Beberapa performa JavaScript dinonaktifkan."> -<!ENTITY torbutton.prefs.sec_jit_desc_tooltip "ION JIT, Type Inference, ASM.JS."> +<!ENTITY torbutton.prefs.sec_jit_desc_tooltip "ION JIT, Tipe Simpulan, ASM.JS."> <!ENTITY torbutton.prefs.sec_baseline_jit_desc_tooltip "Garis dasar JIT."> <!ENTITY torbutton.prefs.sec_jit_slower_desc "Script pada beberapa situs mungkin pelan."> <!ENTITY torbutton.prefs.sec_jar_desc "Berkas rimut JAR diblokir.">

1 0

← Newer
1
...
31
32
33
34
35
36
37
...
99
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits May 2015