Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ticket31820 #1556

Closed
wants to merge 16 commits into from
Closed

Ticket31820 #1556

wants to merge 16 commits into from

Conversation

Reviewers

@teor2345 teor2345

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@nmathewson @coveralls @teor2345 @torproject-pusher
@nmathewson
Copy link
Contributor

@nmathewson nmathewson commented Nov 21, 2019

No description provided.

nmathewson added 11 commits Nov 21, 2019
@nmathewson
openssl: require openssl >=1.1.1 or libressl >=2.9.0.
b0f1324 
These are the versions that will be supported when 0.4.3.x is
released.
@nmathewson
Define OPENSSL_1_1_API unconditionally.
c337514 
Nearly all of the functions added in openssl 1.1.0 have since been
ported to LibreSSL.  The remaining functions should now be
considered libressl-specific.
@nmathewson
openssl/libressl: drop support for old locking/threading API
310e78a 
OpenSSL as of 1.1.0, and LibreSSL as of 2.9.0, both have a working
lock implementation by default, and no longer require the caller to
pass in a bunch of locking callbacks.
@nmathewson
Drop AES workarounds for old versions of openssl
cecb85a 
Tor has been carrying around its own counter mode for ages, but no
current version of openssl benefits from using it.
@nmathewson
openssl/shutdown: remove obsolete init/shutdown calls.
1ea7218
@nmathewson
DH,RSA: remove obsolete openssl API support.
f078dbc
@nmathewson
hkdf: note that we still need an HKDF workaround.
20af306
@nmathewson
TLS: remove openssl version workarounds.
21636e2 
These are no longer needed.
@nmathewson
TLS: assume HAVE_TLS_METHOD.
48612bb
@nmathewson
openssl/libressl: stop checking for some functions that we always have
fc57390
@nmathewson
configure.ac: Update required versions for openssl and libressl.
47661a5
@coveralls
Copy link

@coveralls coveralls commented Nov 21, 2019

Pull Request Test Coverage Report for Build 7295

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 4 unchanged lines in 1 file lost coverage.
  • Overall coverage decreased (-0.004%) to 62.625%
Files with Coverage Reduction New Missed Lines %
src/lib/tls/tortls_openssl.c 4 47.1%
Totals Coverage Status
Change from base Build 7294: -0.004%
Covered Lines: 49102
Relevant Lines: 78406
💛 - Coveralls

teor2345
teor2345 suggested changes Nov 26, 2019
View changes
Copy link
Contributor

@teor2345 teor2345 left a comment

Seems pretty good, I added some comments inline.

It also looks like you missed a OPENSSL_V_SERIES(1,1,0) in the unit tests.

src/lib/crypt_ops/aes_openssl.c
@@ -111,19 +61,22 @@ aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
EVP_EncryptInit(cipher, c, key, iv);
return (aes_cnt_cipher_t *) cipher;
}
/**
Copy link
Contributor

@teor2345 teor2345 Nov 26, 2019

Nitpick: newline?
And for the other functions following this one.

Copy link
Contributor Author

@nmathewson nmathewson Dec 6, 2019

Done in 3acadb6

src/lib/crypt_ops/crypto_openssl_mgt.c Outdated
CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
}
#endif /* !defined(NEW_THREAD_API) */
/** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
* multithreaded. Returns 0. */
static int
setup_openssl_threading(void)
Copy link
Contributor

@teor2345 teor2345 Nov 26, 2019

Should we just delete this empty function?

Copy link
Contributor Author

@nmathewson nmathewson Dec 6, 2019

Done in 0324799

src/lib/crypt_ops/compat_openssl.h Outdated
#ifndef OPENSSL_1_1_API
#define OpenSSL_version(v) SSLeay_version(v)
#define OpenSSL_version_num() SSLeay()
#ifdef LIBRESSL_VERSION_NUMBER
#define RAND_OpenSSL() RAND_SSLeay()
#define STATE_IS_SW_SERVER_HELLO(st) \
(((st) == SSL3_ST_SW_SRVR_HELLO_A) || \
((st) == SSL3_ST_SW_SRVR_HELLO_B))
#define OSSL_HANDSHAKE_STATE int
#define CONST_IF_OPENSSL_1_1_API
Copy link
Contributor

@teor2345 teor2345 Nov 26, 2019

Perhaps you could rename this to CONST_IF_OPENSSL ?

Copy link
Contributor Author

@nmathewson nmathewson Dec 6, 2019

Done in e5e2069

src/lib/tls/tortls_openssl.c

#if (SIZEOF_VOID_P >= 8 && \
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
#if (SIZEOF_VOID_P >= 8)
long version = OpenSSL_version_num();

/* LCOV_EXCL_START : we can't test these lines on the same machine */
Copy link
Contributor

@teor2345 teor2345 Nov 26, 2019

You missed a OPENSSL_V_SERIES(1,0,1) just below this line.

Copy link
Contributor Author

@nmathewson nmathewson Dec 6, 2019

fixed as bd73669

nmathewson added 5 commits Dec 6, 2019
@nmathewson
aes_openssl.c: small whitespace tweaks
3acadb6
@nmathewson
Remove the now-empty setup_openssl_threading()
0324799
@nmathewson
Rename CONST_IF_OPENSSL_1_1_API to CONST_IF_OPENSSL
e5e2069 
This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        CONST_IF_OPENSSL_1_1_API CONST_IF_OPENSSL
@nmathewson
Remove one last check against OPENSSL_V_SERIES(1,0,1)
bd73669
@nmathewson
Explain why we still have openssl_v_series() test in the unit tests
f16447f 
This test is a test for a useful feature that we can no longer
implement in modern openssl.  We should re-do it at some point,
possibly creating a patch for openssl if needed.
@torproject-pusher torproject-pusher deleted the branch torproject:master May 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment