commit 58248adab617eb240d6d8accd7620a1cabc1a1ff
parent 3f9b7681780d56a59ceec319774ff2a7b3893bb5
Author: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 May 2025 19:13:02 -0400
Merge branch 'openssl_cleanup_part3' into 'main'
Improve various OpenSSL settings
Closes #41067
See merge request tpo/core/tor!889
Diffstat:
13 files changed, 117 insertions(+), 274 deletions(-)
diff --git a/changes/ticket41067 b/changes/ticket41067
@@ -0,0 +1,8 @@
+ o Minor features (security):
+ - Require TLS version 1.2 or later. (Version 1.3 support will
+ be required in the near future.) Part of ticket 41067.
+ - Update TLS 1.2 client cipher list to match current Firefox.
+ Part of ticket 41067.
+ - Increase the size of our finite-field Diffie Hellman TLS group
+ (which we should never actually use!) to 2048 bits.
+ Part of ticket 41067.
diff --git a/configure.ac b/configure.ac
@@ -1123,13 +1123,9 @@ dnl check the openssl version number, but in practice that gets pretty
dnl confusing with LibreSSL, OpenSSL, and various distributions' patches
dnl to them.
AC_CHECK_FUNCS([ \
- ERR_load_KDF_strings \
EVP_PBE_scrypt \
- SSL_CIPHER_find \
SSL_CTX_set1_groups_list \
- SSL_CTX_set_security_level \
- SSL_get_client_ciphers \
- TLS_method \
+ SSL_CTX_set_security_level
])
fi # enable_nss
diff --git a/scripts/codegen/get_mozilla_ciphers.py b/scripts/codegen/get_mozilla_ciphers.py
@@ -18,6 +18,7 @@ from __future__ import unicode_literals
import os
import re
import sys
+import yaml
if len(sys.argv) != 3:
print("Syntax: get_mozilla_ciphers.py <firefox-source-dir> <openssl-source-dir>", file=sys.stderr)
@@ -37,11 +38,16 @@ def ossl(s):
fileA = open(ff('security/manager/ssl/nsNSSComponent.cpp'),'r')
# The input format is a file containing exactly one section of the form:
-# static CipherPref CipherPrefs[] = {
-# {"name", MACRO_NAME}, // comment
-# ...
-# {NULL, 0}
-# }
+# static const CipherPref sCipherPrefs[] = {
+# {"security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",
+# TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+# StaticPrefs::security_ssl3_ecdhe_rsa_aes_128_gcm_sha256},
+# {"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256",
+# TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+# StaticPrefs::security_ssl3_ecdhe_ecdsa_aes_128_gcm_sha256},
+# ...
+# },
+# };
inCipherSection = False
cipherLines = []
@@ -51,7 +57,7 @@ for line in fileA:
inCipherSection = True
elif inCipherSection:
line = line.strip()
- if line.startswith('{ nullptr, 0}'):
+ if line.startswith('};'):
# At the ending boundary of the Cipher Prefs
break
else:
@@ -61,30 +67,35 @@ fileA.close()
# Parse the lines and put them into a dict
ciphers = {}
cipher_pref = {}
-key_pending = None
-for line in cipherLines:
- m = re.search(r'^{\s*\"([^\"]+)\",\s*(\S+)\s*(?:,\s*(true|false))?\s*}', line)
- if m:
- assert not key_pending
- key,value,enabled = m.groups()
- if enabled == 'true':
- ciphers[key] = value
- cipher_pref[value] = key
- continue
- m = re.search(r'^{\s*\"([^\"]+)\",', line)
- if m:
- assert not key_pending
- key_pending = m.group(1)
+cipherLines = " ".join(cipherLines)
+pat = re.compile(
+ r'''
+ \"security. ([^\"]+) \", \s*
+ ([^\s,]+)\s*, \s*
+ StaticPrefs::security_(\S+)
+ ''',
+ re.X)
+while cipherLines:
+ c = cipherLines.split("}", maxsplit=1)
+ if len(c) == 2:
+ cipherLines = c[1]
+ else:
+ cipherLines = ""
+ line = c[0]
+
+ m = pat.search(line)
+ if not m:
+ if line != ",":
+ print("can't parse:", line)
continue
- m = re.search(r'^\s*(\S+)(?:,\s*(true|false))+\s*}', line)
- if m:
- assert key_pending
- key = key_pending
- value,enabled = m.groups()
- key_pending = None
- if enabled == 'true':
- ciphers[key] = value
- cipher_pref[value] = key
+
+ ident = m.group(1).replace(".", "_")
+
+ ciphers[ident] = m.group(2)
+
+ cipher_pref[m.group(2)] = m.group(3)
+
+ continue
####
# Now find the correct order for the ciphers
@@ -106,27 +117,27 @@ for line in fileC:
fileC.close()
+
#####
-# Read the JS file to understand what ciphers are enabled. The format is
-# pref("name", true/false);
-# Build a map enabled_ciphers from javascript name to "true" or "false",
-# and an (unordered!) list of the macro names for those ciphers that are
-# enabled.
-fileB = open(ff('netwerk/base/security-prefs.js'), 'r')
+# Read the yaml file where the preferences are defined.
+
+fileB = open(ff('modules/libpref/init/StaticPrefList.yaml'), 'r').read()
+fileB, _ = re.subn(r'@([^@]*)@', r'"\1"', fileB)
+
+yaml_file = yaml.load(fileB, Loader=yaml.Loader)
enabled_ciphers = {}
-for line in fileB:
- m = re.match(r'pref\(\"([^\"]+)\"\s*,\s*(\S*)\s*\)', line)
- if not m:
- continue
- key, val = m.groups()
- if key.startswith("security.ssl3"):
- enabled_ciphers[key] = val
-fileB.close()
+for entry in yaml_file:
+ name = entry['name']
+ if name.startswith("security.ssl3.") and "deprecated" not in name:
+ name = name.removeprefix("security.")
+ name = name.replace(".", "_")
+ enabled_ciphers[name] = entry['value']
used_ciphers = []
for k, v in enabled_ciphers.items():
- if v == "true":
+ if v != False: # there are strings we want to allow.
+
used_ciphers.append(ciphers[k])
#oSSLinclude = ('/usr/include/openssl/ssl3.h', '/usr/include/openssl/ssl.h',
@@ -187,13 +198,13 @@ print("""\
for firefox_macro in firefox_ciphers:
try:
- js_cipher_name = cipher_pref[firefox_macro]
+ cipher_pref_name = cipher_pref[firefox_macro]
except KeyError:
# This one has no javascript preference.
continue
# The cipher needs to be enabled in security-prefs.js
- if enabled_ciphers.get(js_cipher_name, 'false') != 'true':
+ if not enabled_ciphers.get(cipher_pref_name):
continue
hexval = sslProtoD[firefox_macro].lower()
diff --git a/src/lib/crypt_ops/crypto_dh.c b/src/lib/crypt_ops/crypto_dh.c
@@ -21,16 +21,20 @@
/** Our DH 'g' parameter */
const unsigned DH_GENERATOR = 2;
-/** This is the 1024-bit safe prime that Apache uses for its DH stuff; see
- * modules/ssl/ssl_engine_dh.c; Apache also uses a generator of 2 with this
- * prime.
+/** This is ffdhe2048 from RFC 7919.
*/
const char TLS_DH_PRIME[] =
- "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
- "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
- "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
- "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
- "B0E7393E0F24218EB3";
+ "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1"
+ "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9"
+ "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561"
+ "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935"
+ "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735"
+ "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB"
+ "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19"
+ "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61"
+ "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73"
+ "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA"
+ "886B423861285C97FFFFFFFFFFFFFFFF";
/**
* This is from rfc2409, section 6.2. It's a safe prime, and
* supposedly it equals:
diff --git a/src/lib/crypt_ops/crypto_dh.h b/src/lib/crypt_ops/crypto_dh.h
@@ -61,4 +61,6 @@ void crypto_dh_init_nss(void);
void crypto_dh_free_all_nss(void);
#endif
+#define DH_TLS_KEY_BITS 2048
+
#endif /* !defined(TOR_CRYPTO_DH_H) */
diff --git a/src/lib/crypt_ops/crypto_dh_nss.c b/src/lib/crypt_ops/crypto_dh_nss.c
@@ -25,7 +25,7 @@ ENABLE_GCC_WARNING("-Wstrict-prototypes")
static int dh_initialized = 0;
static SECKEYDHParams tls_dh_param, circuit_dh_param;
-static unsigned char tls_dh_prime_data[DH1024_KEY_LEN];
+static unsigned char tls_dh_prime_data[DH2048_KEY_LEN];
static unsigned char circuit_dh_prime_data[DH1024_KEY_LEN];
static unsigned char dh_generator_data[1];
@@ -39,7 +39,7 @@ crypto_dh_init_nss(void)
r = base16_decode((char*)tls_dh_prime_data,
sizeof(tls_dh_prime_data),
TLS_DH_PRIME, strlen(TLS_DH_PRIME));
- tor_assert(r == DH1024_KEY_LEN);
+ tor_assert(r == DH2048_KEY_LEN);
r = base16_decode((char*)circuit_dh_prime_data,
sizeof(circuit_dh_prime_data),
OAKLEY_PRIME_2, strlen(OAKLEY_PRIME_2));
@@ -47,7 +47,7 @@ crypto_dh_init_nss(void)
dh_generator_data[0] = DH_GENERATOR;
tls_dh_param.prime.data = tls_dh_prime_data;
- tls_dh_param.prime.len = DH1024_KEY_LEN;
+ tls_dh_param.prime.len = DH2048_KEY_LEN;
tls_dh_param.base.data = dh_generator_data;
tls_dh_param.base.len = 1;
diff --git a/src/lib/crypt_ops/crypto_dh_openssl.c b/src/lib/crypt_ops/crypto_dh_openssl.c
@@ -27,7 +27,8 @@ ENABLE_GCC_WARNING("-Wredundant-decls")
#include <string.h>
#ifndef ENABLE_NSS
-static int tor_check_dh_key(int severity, const BIGNUM *bn);
+static int tor_check_dh_key(int severity, const BIGNUM *bn,
+ const BIGNUM *dh_p);
/** A structure to hold the first half (x, g^x) of a Diffie-Hellman handshake
* while we're waiting for the second.*/
@@ -277,7 +278,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
*/
const BIGNUM *pub_key, *priv_key;
DH_get0_key(dh->dh, &pub_key, &priv_key);
- if (tor_check_dh_key(LOG_WARN, pub_key)<0) {
+ if (tor_check_dh_key(LOG_WARN, pub_key, DH_get0_p(dh->dh))<0) {
log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-"
"the-universe chances really do happen. Treating as a failure.");
return -1;
@@ -314,7 +315,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
tor_assert(bytes >= 0);
if (pubkey_len < (size_t)bytes) {
log_warn(LD_CRYPTO,
- "Weird! pubkey_len (%d) was smaller than DH1024_KEY_LEN (%d)",
+ "Weird! pubkey_len (%d) was smaller than key length (%d)",
(int) pubkey_len, bytes);
return -1;
}
@@ -330,21 +331,19 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
* See http://www.cl.cam.ac.uk/ftp/users/rja14/psandqs.ps.gz for some tips.
*/
static int
-tor_check_dh_key(int severity, const BIGNUM *bn)
+tor_check_dh_key(int severity, const BIGNUM *bn, const BIGNUM *dh_p)
{
BIGNUM *x;
char *s;
tor_assert(bn);
x = BN_new();
tor_assert(x);
- if (BUG(!dh_param_p))
- crypto_dh_init(); //LCOV_EXCL_LINE we already checked whether we did this.
BN_set_word(x, 1);
if (BN_cmp(bn,x)<=0) {
log_fn(severity, LD_CRYPTO, "DH key must be at least 2.");
goto err;
}
- BN_copy(x,dh_param_p);
+ BN_copy(x,dh_p);
BN_sub_word(x, 1);
if (BN_cmp(bn,x)>=0) {
log_fn(severity, LD_CRYPTO, "DH key must be at most p-2.");
@@ -388,7 +387,7 @@ crypto_dh_handshake(int severity, crypto_dh_t *dh,
if (!(pubkey_bn = BN_bin2bn((const unsigned char*)pubkey,
(int)pubkey_len, NULL)))
goto error;
- if (tor_check_dh_key(severity, pubkey_bn)<0) {
+ if (tor_check_dh_key(severity, pubkey_bn, DH_get0_p(dh->dh))<0) {
/* Check for invalid public keys. */
log_fn(severity, LD_CRYPTO,"Rejected invalid g^x");
goto error;
diff --git a/src/lib/crypt_ops/crypto_hkdf.c b/src/lib/crypt_ops/crypto_hkdf.c
@@ -20,11 +20,8 @@
#ifdef ENABLE_OPENSSL
#include <openssl/evp.h>
#include <openssl/opensslv.h>
-
-#if defined(HAVE_ERR_LOAD_KDF_STRINGS)
#include <openssl/kdf.h>
-#define HAVE_OPENSSL_HKDF 1
-#endif
+#define HAVE_OPENSSL_HKDF
#endif /* defined(ENABLE_OPENSSL) */
#include <string.h>
diff --git a/src/lib/defs/dh_sizes.h b/src/lib/defs/dh_sizes.h
@@ -16,7 +16,10 @@
#ifndef TOR_DH_SIZES_H
#define TOR_DH_SIZES_H
-/** Length of our legacy DH keys. */
+/** Length of our legacy DH keys, in bytes. */
#define DH1024_KEY_LEN (1024/8)
+/** Length of our current TLS DH keys, in bytes. */
+#define DH2048_KEY_LEN (2048/8)
+
#endif /* !defined(TOR_DH_SIZES_H) */
diff --git a/src/lib/tls/ciphers.inc b/src/lib/tls/ciphers.inc
@@ -2,27 +2,8 @@
* advertise. Before including it, you should define the CIPHER and XCIPHER
* macros.
*
- * This file was automatically generated by get_mozilla_ciphers.py;
- * TLSv1.3 ciphers were added manually.
+ * This file was automatically generated by get_mozilla_ciphers.py.
*/
-
-/* Here are the TLS1.3 ciphers. Note that we don't have XCIPHER instances
- * here, since we don't want to ever fake them.
- */
-#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
- CIPHER(0x1301, TLS1_3_TXT_AES_128_GCM_SHA256)
-#endif
-#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
- CIPHER(0x1302, TLS1_3_TXT_AES_256_GCM_SHA384)
-#endif
-#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
- CIPHER(0x1303, TLS1_3_TXT_CHACHA20_POLY1305_SHA256)
-#endif
-#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
- CIPHER(0x1304, TLS1_3_TXT_AES_128_CCM_SHA256)
-#endif
-
-/* Here's the machine-generated list. */
#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
#else
@@ -73,15 +54,15 @@
#else
XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA)
#endif
-#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
- CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
+#ifdef TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256
+ CIPHER(0x009c, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256)
#else
- XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
+ XCIPHER(0x009c, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256)
#endif
-#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA
- CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
+#ifdef TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384
+ CIPHER(0x009d, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384)
#else
- XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA)
+ XCIPHER(0x009d, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384)
#endif
#ifdef TLS1_TXT_RSA_WITH_AES_128_SHA
CIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA)
@@ -93,8 +74,3 @@
#else
XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA)
#endif
-#ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA
- CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)
-#else
- XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA)
-#endif
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
@@ -295,40 +295,6 @@ tor_tls_init(void)
if (!tls_library_is_initialized) {
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
-#if (SIZEOF_VOID_P >= 8)
- /* LCOV_EXCL_START : we can't test these lines on the same machine */
- {
- /* TODO: I'm not sure that this test is still necessary on our
- * supported openssl/libressl versions. */
-
- /* Warn if we could *almost* be running with much faster ECDH.
- If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
- don't have one of the built-in __uint128-based speedups, we are
- just one build operation away from an accelerated handshake.
-
- (We could be looking at OPENSSL_NO_EC_NISTP_64_GCC_128 instead of
- doing this test, but that gives compile-time options, not runtime
- behavior.)
- */
- EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- const EC_GROUP *g = key ? EC_KEY_get0_group(key) : NULL;
- const EC_METHOD *m = g ? EC_GROUP_method_of(g) : NULL;
- const int warn = (m == EC_GFp_simple_method() ||
- m == EC_GFp_mont_method() ||
- m == EC_GFp_nist_method());
- EC_KEY_free(key);
-
- if (warn)
- log_notice(LD_GENERAL, "We were built to run on a 64-bit CPU, with "
- "OpenSSL 1.0.1 or later, but with a version of OpenSSL "
- "that apparently lacks accelerated support for the NIST "
- "P-224 and P-256 groups. Building openssl with such "
- "support (using the enable-ec_nistp_64_gcc_128 option "
- "when configuring it) would make ECDH much faster.");
- }
- /* LCOV_EXCL_STOP */
-#endif /* (SIZEOF_VOID_P >= 8 */
-
tor_tls_allocate_tor_tls_object_ex_data_index();
tls_library_is_initialized = 1;
@@ -348,23 +314,8 @@ always_accept_verify_cb(int preverify_ok,
return 1;
}
-/** List of ciphers that servers should select from when we actually have
- * our choice of what cipher to use. */
-static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
- /* Here are the TLS 1.3 ciphers we like, in the order we prefer. */
-#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
- TLS1_3_TXT_AES_256_GCM_SHA384 ":"
-#endif
-#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
- TLS1_3_TXT_CHACHA20_POLY1305_SHA256 ":"
-#endif
-#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
- TLS1_3_TXT_AES_128_GCM_SHA256 ":"
-#endif
-#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
- TLS1_3_TXT_AES_128_CCM_SHA256 ":"
-#endif
-
+/** List of ciphers that servers should select from when using TLS 1.2 */
+static const char UNRESTRICTED_TLS1_2_SERVER_CIPHER_LIST[] =
/* This list is autogenerated with the gen_server_ciphers.py script;
* don't hand-edit it. */
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
@@ -497,32 +448,17 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
}
}
-#if 0
- /* Tell OpenSSL to only use TLS1. This may have subtly different results
- * from SSLv23_method() with SSLv2 and SSLv3 disabled, so we need to do some
- * investigation before we consider adjusting it. It should be compatible
- * with existing Tors. */
- if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
- goto error;
-#endif /* 0 */
-
- /* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
-#ifdef HAVE_TLS_METHOD
+ /* Tell OpenSSL to use TLS 1.2 or later. */
if (!(result->ctx = SSL_CTX_new(TLS_method())))
goto error;
-#else
- if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
+ if (!SSL_CTX_set_min_proto_version(result->ctx, TLS1_2_VERSION))
goto error;
-#endif /* defined(HAVE_TLS_METHOD) */
#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
/* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */
SSL_CTX_set_security_level(result->ctx, 1);
#endif
- SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
- SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
-
/* Prefer the server's ordering of ciphers: the client's ordering has
* historically been chosen for fingerprinting resistance. */
SSL_CTX_set_options(result->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
@@ -746,7 +682,7 @@ tor_tls_new(tor_socket_t sock, int isServer)
#endif /* defined(SSL_CTRL_SET_MAX_PROTO_VERSION) */
if (!SSL_set_cipher_list(result->ssl,
- isServer ? UNRESTRICTED_SERVER_CIPHER_LIST
+ isServer ? UNRESTRICTED_TLS1_2_SERVER_CIPHER_LIST
: CLIENT_CIPHER_LIST)) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "setting ciphers");
#ifdef SSL_set_tlsext_host_name
@@ -756,6 +692,7 @@ tor_tls_new(tor_socket_t sock, int isServer)
tor_free(result);
goto err;
}
+
result->socket = sock;
bio = BIO_new_socket(sock, BIO_CLOSE);
if (! bio) {
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
@@ -43,10 +43,10 @@ test_crypto_dh(void *arg)
crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
crypto_dh_t *dh1_dup = NULL;
crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
- char p1[DH1024_KEY_LEN];
- char p2[DH1024_KEY_LEN];
- char s1[DH1024_KEY_LEN];
- char s2[DH1024_KEY_LEN];
+ char p1[DH2048_KEY_LEN];
+ char p2[DH2048_KEY_LEN];
+ char s1[DH2048_KEY_LEN];
+ char s2[DH2048_KEY_LEN];
ssize_t s1len, s2len;
#ifdef ENABLE_OPENSSL
crypto_dh_t *dh3 = NULL;
@@ -182,7 +182,7 @@ test_crypto_dh(void *arg)
{
/* Make sure that our crypto library can handshake with openssl. */
dh3 = crypto_dh_new(DH_TYPE_TLS);
- tt_assert(!crypto_dh_get_public(dh3, p1, DH1024_KEY_LEN));
+ tt_assert(!crypto_dh_get_public(dh3, p1, sizeof(p1)));
dh4 = crypto_dh_new_openssl_tls();
tt_assert(DH_generate_key(dh4));
@@ -190,15 +190,15 @@ test_crypto_dh(void *arg)
const BIGNUM *sk=NULL;
DH_get0_key(dh4, &pk, &sk);
tt_assert(pk);
- tt_int_op(BN_num_bytes(pk), OP_LE, DH1024_KEY_LEN);
+ tt_int_op(BN_num_bytes(pk), OP_LE, DH_TLS_KEY_BITS / 8);
tt_int_op(BN_num_bytes(pk), OP_GT, 0);
memset(p2, 0, sizeof(p2));
/* right-pad. */
- BN_bn2bin(pk, (unsigned char *)(p2+DH1024_KEY_LEN-BN_num_bytes(pk)));
+ BN_bn2bin(pk, (unsigned char *)(p2+sizeof(p2)-BN_num_bytes(pk)));
- s1len = crypto_dh_handshake(LOG_WARN, dh3, p2, DH1024_KEY_LEN,
+ s1len = crypto_dh_handshake(LOG_WARN, dh3, p2, DH_TLS_KEY_BITS / 8,
(unsigned char *)s1, sizeof(s1));
- pubkey_tmp = BN_bin2bn((unsigned char *)p1, DH1024_KEY_LEN, NULL);
+ pubkey_tmp = BN_bin2bn((unsigned char *)p1, DH_TLS_KEY_BITS / 8, NULL);
s2len = DH_compute_key((unsigned char *)s2, pubkey_tmp, dh4);
tt_int_op(s1len, OP_EQ, s2len);
diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c
@@ -497,26 +497,6 @@ test_tortls_cert_get_key(void *ignored)
}
#endif /* !defined(OPENSSL_OPAQUE) */
-#ifndef HAVE_SSL_GET_CLIENT_CIPHERS
-static SSL_CIPHER *
-get_cipher_by_name(const char *name)
-{
- int i;
- const SSL_METHOD *method = SSLv23_method();
- int num = method->num_ciphers();
-
- for (i = 0; i < num; ++i) {
- const SSL_CIPHER *cipher = method->get_cipher(i);
- const char *ciphername = SSL_CIPHER_get_name(cipher);
- if (!strcmp(ciphername, name)) {
- return (SSL_CIPHER *)cipher;
- }
- }
-
- return NULL;
-}
-#endif /* !defined(HAVE_SSL_GET_CLIENT_CIPHERS) */
-
#ifndef OPENSSL_OPAQUE
static void
test_tortls_get_ciphersuite_name(void *ignored)
@@ -991,75 +971,6 @@ fake_get_cipher(unsigned ncipher)
#ifndef OPENSSL_OPAQUE
static void
-test_tortls_find_cipher_by_id(void *ignored)
-{
- (void)ignored;
- int ret;
- SSL *ssl;
- SSL_CTX *ctx;
- const SSL_METHOD *m = TLSv1_method();
- SSL_METHOD *empty_method = tor_malloc_zero(sizeof(SSL_METHOD));
-
- fixed_cipher1 = tor_malloc_zero(sizeof(SSL_CIPHER));
- fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
- fixed_cipher2->id = 0xC00A;
-
- library_init();
-
- ctx = SSL_CTX_new(m);
- ssl = SSL_new(ctx);
-
- ret = find_cipher_by_id(ssl, NULL, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- ret = find_cipher_by_id(ssl, m, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- ret = find_cipher_by_id(ssl, m, 0xFFFF);
- tt_int_op(ret, OP_EQ, 0);
-
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- ret = find_cipher_by_id(ssl, empty_method, 0xFFFF);
-#ifdef HAVE_SSL_CIPHER_FIND
- tt_int_op(ret, OP_EQ, 0);
-#else
- tt_int_op(ret, OP_EQ, 1);
-#endif
-
- empty_method->get_cipher = fake_get_cipher;
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- empty_method->get_cipher = m->get_cipher;
- empty_method->num_ciphers = m->num_ciphers;
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- empty_method->get_cipher = fake_get_cipher;
- empty_method->num_ciphers = m->num_ciphers;
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
- tt_int_op(ret, OP_EQ, 1);
-
- empty_method->num_ciphers = fake_num_ciphers;
- ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
-#ifdef HAVE_SSL_CIPHER_FIND
- tt_int_op(ret, OP_EQ, 1);
-#else
- tt_int_op(ret, OP_EQ, 0);
-#endif
-
- done:
- tor_free(empty_method);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- tor_free(fixed_cipher1);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
-static void
test_tortls_debug_state_callback(void *ignored)
{
(void)ignored;
@@ -1978,7 +1889,6 @@ struct testcase_t tortls_openssl_tests[] = {
INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),
LOCAL_TEST_CASE(set_logged_address, 0),
- INTRUSIVE_TEST_CASE(find_cipher_by_id, 0),
INTRUSIVE_TEST_CASE(session_secret_cb, 0),
INTRUSIVE_TEST_CASE(debug_state_callback, 0),
INTRUSIVE_TEST_CASE(context_new, TT_FORK /* redundant */),
