diff --git a/changes/ticket16140 b/changes/ticket16140 new file mode 100644 index 0000000000..00c19f1778 --- /dev/null +++ b/changes/ticket16140 @@ -0,0 +1,6 @@ + o Removed features: + + - Tor no longer supports copies of OpenSSL that are missing support for + Elliptic Curve Cryptography. In particular support for at least one of + P256 or P224 is now required, with manual configuration needed if only + P224 is available. diff --git a/src/common/tortls.c b/src/common/tortls.c index ca7b15fcd7..57d5408ca8 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -49,6 +49,9 @@ #if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) #error "We require OpenSSL >= 1.0.0" #endif +#ifdef OPENSSL_NO_EC +#error "We require OpenSSL with ECC support" +#endif #include #include @@ -475,7 +478,6 @@ tor_tls_init(void) SSL_load_error_strings(); #if (SIZEOF_VOID_P >= 8 && \ - !defined(OPENSSL_NO_EC) && \ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) long version = SSLeay(); @@ -1327,7 +1329,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, SSL_CTX_set_tmp_dh(result->ctx, crypto_dh_get_dh_(dh)); crypto_dh_free(dh); } -#if !defined(OPENSSL_NO_EC) if (! is_client) { int nid; EC_KEY *ec_key; @@ -1343,9 +1344,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, SSL_CTX_set_tmp_ecdh(result->ctx, ec_key); EC_KEY_free(ec_key); } -#else - (void)flags; -#endif SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER, always_accept_verify_cb); /* let us realloc bufs that we're writing from */ @@ -2933,3 +2931,29 @@ tor_tls_init_bufferevent(tor_tls_t *tls, struct bufferevent *bufev_in, } #endif +/** Check whether the ECC group requested is supported by the current OpenSSL + * library instance. Return 1 if the group is supported, and 0 if not. + */ +int +evaluate_ecgroup_for_tls(const char *ecgroup) +{ + EC_KEY *ec_key; + int nid; + int ret; + + if (!ecgroup) + nid = NID_tor_default_ecdhe_group; + else if (!strcasecmp(ecgroup, "P256")) + nid = NID_X9_62_prime256v1; + else if (!strcasecmp(ecgroup, "P224")) + nid = NID_secp224r1; + else + return 0; + + ec_key = EC_KEY_new_by_curve_name(nid); + ret = (ec_key != NULL); + EC_KEY_free(ec_key); + + return ret; +} + diff --git a/src/common/tortls.h b/src/common/tortls.h index 083052f4b2..9216e83150 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -139,5 +139,7 @@ int tor_tls_cert_is_valid(int severity, int check_rsa_1024); const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls); +int evaluate_ecgroup_for_tls(const char *ecgroup); + #endif diff --git a/src/or/config.c b/src/or/config.c index 1c04578893..e4a2d1c5ae 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2806,6 +2806,9 @@ options_validate(or_options_t *old_options, or_options_t *options, COMPLAIN("Unrecognized TLSECGroup: Falling back to the default."); tor_free(options->TLSECGroup); } + if (!evaluate_ecgroup_for_tls(options->TLSECGroup)) { + REJECT("Unsupported TLSECGroup."); + } if (options->ExcludeNodes && options->StrictNodes) { COMPLAIN("You have asked to exclude certain relays from all positions " diff --git a/src/test/bench.c b/src/test/bench.c index a74fc776fa..bc2b1f04d8 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -19,11 +19,9 @@ const char tor_git_revision[] = ""; #include "relay.h" #include #include -#ifndef OPENSSL_NO_EC #include #include #include -#endif #include "config.h" #include "crypto_curve25519.h" @@ -502,8 +500,6 @@ bench_dh(void) " %f millisec each.\n", NANOCOUNT(start, end, iters)/1e6); } -#if !defined(OPENSSL_NO_EC) -#define HAVE_EC_BENCHMARKS static void bench_ecdh_impl(int nid, const char *name) { @@ -553,7 +549,6 @@ bench_ecdh_p224(void) { bench_ecdh_impl(NID_secp224r1, "P-224"); } -#endif typedef void (*bench_fn)(void); @@ -576,10 +571,8 @@ static struct benchmark_t benchmarks[] = { ENT(cell_aes), ENT(cell_ops), ENT(dh), -#ifdef HAVE_EC_BENCHMARKS ENT(ecdh_p256), ENT(ecdh_p224), -#endif {NULL,NULL,0} };