[tor-bugs] #16034 [Tor]: Drop support for OpenSSL < 1.0
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 20 14:29:04 UTC 2015
#16034: Drop support for OpenSSL < 1.0
-----------------------------+--------------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client tor-relay tls
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------------
Comment (by nickm):
Replying to [comment:4 yawning]:
> `src/common/aes.c` can use some minor cleanup as well (we always should
at least try to use OpenSSL's CTR implementation).
Updated the branch.
We may still need our own crufty counter-mode code for two cases:
* Unpatched OpenSSL 1.0.0. (1.0.0a fixed a bug in counter mode.)
* Using accelerated AES. (We assume that AES-ECB exists, but not
necessarily counter.)
I would be okay about forgetting the first one, but the second is less
easily ignored. So let's defer further changes to the AES code to another
ticket.
> I'm strongly tempted to say that `OPENSSL_NO_EC` should be a build time
error as well, but that's probably something for a separate ticket.
Apparently, even Fedora has some ECC support now (though from what I
understand only secp384r1, secp512r1, and prime256v1, maybe that's enough?
I guess not supporting crippled system OpenSSL is fine regardless).
I think we can do that (could you please open a ticket?).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16034#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list