When enabling NSS, disable OpenSSL.

We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2

12 files changed, 83 insertions, 10 deletions

diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h
index 317c01134a..f2f632ab40 100644
--- a/src/lib/crypt_ops/compat_openssl.h
+++ b/src/lib/crypt_ops/compat_openssl.h
@@ -7,6 +7,10 @@
 #ifndef TOR_COMPAT_OPENSSL_H
 #define TOR_COMPAT_OPENSSL_H
 
+#include "orconfig.h"
+
+#ifdef ENABLE_OPENSSL
+
 #include <openssl/opensslv.h>
 #include "lib/crypt_ops/crypto_openssl_mgt.h"
 
@@ -47,5 +51,7 @@
 #define CONST_IF_OPENSSL_1_1_API const
 #endif /* !defined(OPENSSL_1_1_API) */
 
+#endif /* defined(ENABLE_OPENSSL) */
+
 #endif /* !defined(TOR_COMPAT_OPENSSL_H) */
 
diff --git a/src/lib/crypt_ops/crypto_dh.h b/src/lib/crypt_ops/crypto_dh.h
index 6e79a6404c..3ee343a278 100644
--- a/src/lib/crypt_ops/crypto_dh.h
+++ b/src/lib/crypt_ops/crypto_dh.h
@@ -56,7 +56,7 @@ struct dh_st *crypto_dh_new_openssl_tls(void);
 void crypto_dh_init_openssl(void);
 void crypto_dh_free_all_openssl(void);
 #endif
-#ifdef ENABLE_OPENSSL
+#ifdef ENABLE_NSS
 void crypto_dh_init_nss(void);
 void crypto_dh_free_all_nss(void);
 #endif
diff --git a/src/lib/crypt_ops/crypto_ed25519.c b/src/lib/crypt_ops/crypto_ed25519.c
index 9d2c9e9fab..11c1f56aef 100644
--- a/src/lib/crypt_ops/crypto_ed25519.c
+++ b/src/lib/crypt_ops/crypto_ed25519.c
@@ -37,6 +37,7 @@
 #include "ed25519/donna/ed25519_donna_tor.h"
 
 #include <string.h>
+#include <errno.h>
 
 static void pick_ed25519_impl(void);
 
diff --git a/src/lib/crypt_ops/crypto_format.c b/src/lib/crypt_ops/crypto_format.c
index 50916a8d68..09ec753a00 100644
--- a/src/lib/crypt_ops/crypto_format.c
+++ b/src/lib/crypt_ops/crypto_format.c
@@ -29,6 +29,7 @@
 #include "lib/fs/files.h"
 
 #include <string.h>
+#include <errno.h>
 
 /** Write the <b>datalen</b> bytes from <b>data</b> to the file named
  * <b>fname</b> in the tagged-data format.  This format contains a
diff --git a/src/lib/crypt_ops/crypto_hkdf.c b/src/lib/crypt_ops/crypto_hkdf.c
index 1873632a9d..a63d9131d9 100644
--- a/src/lib/crypt_ops/crypto_hkdf.c
+++ b/src/lib/crypt_ops/crypto_hkdf.c
@@ -17,12 +17,14 @@
 #include "lib/intmath/cmp.h"
 #include "lib/log/util_bug.h"
 
+#ifdef ENABLE_OPENSSL
 #include <openssl/opensslv.h>
 
 #if defined(HAVE_ERR_LOAD_KDF_STRINGS)
 #include <openssl/kdf.h>
 #define HAVE_OPENSSL_HKDF 1
 #endif
+#endif
 
 #include <string.h>
 
diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c
index 620fe8e1be..f9b077e9e7 100644
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@@ -88,6 +88,10 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 #ifdef ENABLE_OPENSSL
     if (crypto_openssl_late_init(useAccel, accelName, accelDir) < 0)
       return -1;
+#else
+    (void)useAccel;
+    (void)accelName;
+    (void)accelDir;
 #endif
 #ifdef ENABLE_NSS
     if (crypto_nss_late_init() < 0)
@@ -139,3 +143,41 @@ crypto_postfork(void)
   crypto_nss_postfork();
 #endif
 }
+
+/** Return the name of the crypto library we're using. */
+const char *
+crypto_get_library_name(void)
+{
+#ifdef ENABLE_OPENSSL
+  return "OpenSSL";
+#endif
+#ifdef ENABLE_NSS
+  return "NSS";
+#endif
+}
+
+/** Return the version of the crypto library we are using, as given in the
+ * library. */
+const char *
+crypto_get_library_version_string(void)
+{
+#ifdef ENABLE_OPENSSL
+  return crypto_openssl_get_version_str();
+#endif
+#ifdef ENABLE_NSS
+  return crypto_nss_get_version_str();
+#endif
+}
+
+/** Return the version of the crypto library we're using, as given in the
+ * headers. */
+const char *
+crypto_get_header_version_string(void)
+{
+#ifdef ENABLE_OPENSSL
+  return crypto_openssl_get_header_version_str();
+#endif
+#ifdef ENABLE_NSS
+  return crypto_nss_get_header_version_str();
+#endif
+}
diff --git a/src/lib/crypt_ops/crypto_init.h b/src/lib/crypt_ops/crypto_init.h
index 3e32456b5c..05b281720c 100644
--- a/src/lib/crypt_ops/crypto_init.h
+++ b/src/lib/crypt_ops/crypto_init.h
@@ -26,4 +26,8 @@ void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 void crypto_postfork(void);
 
+const char *crypto_get_library_name(void);
+const char *crypto_get_library_version_string(void);
+const char *crypto_get_header_version_string(void);
+
 #endif /* !defined(TOR_CRYPTO_H) */
diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c
index 9806714747..78471bf398 100644
--- a/src/lib/crypt_ops/crypto_rand.c
+++ b/src/lib/crypt_ops/crypto_rand.c
@@ -35,9 +35,11 @@
 #include "lib/testsupport/testsupport.h"
 #include "lib/fs/files.h"
 
+#include "lib/defs/digest_sizes.h"
+#include "lib/crypt_ops/crypto_digest.h"
+
 #ifdef ENABLE_NSS
 #include "lib/crypt_ops/crypto_nss_mgt.h"
-#include "lib/crypt_ops/crypto_digest.h"
 #endif
 
 #ifdef ENABLE_OPENSSL
@@ -80,6 +82,7 @@ ENABLE_GCC_WARNING(redundant-decls)
 #endif
 
 #include <string.h>
+#include <errno.h>
 
 /**
  * How many bytes of entropy we add at once.
@@ -335,7 +338,8 @@ crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
 void
 crypto_strongest_rand(uint8_t *out, size_t out_len)
 {
-#define DLEN SHA512_DIGEST_LENGTH
+#define DLEN DIGEST512_LEN
+
   /* We're going to hash DLEN bytes from the system RNG together with some
    * bytes from the PRNGs from our crypto librar(y/ies), in order to yield
    * DLEN bytes.
@@ -360,11 +364,11 @@ crypto_strongest_rand(uint8_t *out, size_t out_len)
       // LCOV_EXCL_STOP
     }
     if (out_len >= DLEN) {
-      SHA512(inp, sizeof(inp), out);
+      crypto_digest512((char*)out, (char*)inp, sizeof(inp), DIGEST_SHA512);
       out += DLEN;
       out_len -= DLEN;
     } else {
-      SHA512(inp, sizeof(inp), tmp);
+      crypto_digest512((char*)tmp, (char*)inp, sizeof(inp), DIGEST_SHA512);
       memcpy(out, tmp, out_len);
       break;
     }
@@ -699,6 +703,7 @@ smartlist_shuffle(smartlist_t *sl)
 int
 crypto_force_rand_ssleay(void)
 {
+#ifdef ENABLE_OPENSSL
   RAND_METHOD *default_method;
   default_method = RAND_OpenSSL();
   if (RAND_get_rand_method() != default_method) {
@@ -708,6 +713,7 @@ crypto_force_rand_ssleay(void)
     RAND_set_rand_method(default_method);
     return 1;
   }
+#endif
   return 0;
 }
 
diff --git a/src/lib/crypt_ops/crypto_rsa.c b/src/lib/crypt_ops/crypto_rsa.c
index 0f80bc967f..31497e6509 100644
--- a/src/lib/crypt_ops/crypto_rsa.c
+++ b/src/lib/crypt_ops/crypto_rsa.c
@@ -37,11 +37,12 @@ crypto_get_rsa_padding_overhead(int padding)
 {
   switch (padding)
     {
-    case RSA_PKCS1_OAEP_PADDING: return PKCS1_OAEP_PADDING_OVERHEAD;
+    case PK_PKCS1_OAEP_PADDING: return PKCS1_OAEP_PADDING_OVERHEAD;
     default: tor_assert(0); return -1; // LCOV_EXCL_LINE
     }
 }
 
+#ifdef ENABLE_OPENSSL
 /** Given a padding method <b>padding</b>, return the correct OpenSSL constant.
  */
 int
@@ -53,6 +54,7 @@ crypto_get_rsa_padding(int padding)
     default: tor_assert(0); return -1; // LCOV_EXCL_LINE
     }
 }
+#endif
 
 /** Compare the public-key components of a and b.  Return non-zero iff
  * a==b.  A NULL key is considered to be distinct from all non-NULL
@@ -100,7 +102,7 @@ crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env,
   tor_assert(to);
   tor_assert(fromlen < SIZE_T_CEILING);
 
-  overhead = crypto_get_rsa_padding_overhead(crypto_get_rsa_padding(padding));
+  overhead = crypto_get_rsa_padding_overhead(padding);
   pkeylen = crypto_pk_keysize(env);
 
   if (!force && fromlen+overhead <= pkeylen) {
diff --git a/src/lib/crypt_ops/crypto_s2k.c b/src/lib/crypt_ops/crypto_s2k.c
index 0e151f0a6c..433fbb026d 100644
--- a/src/lib/crypt_ops/crypto_s2k.c
+++ b/src/lib/crypt_ops/crypto_s2k.c
@@ -21,7 +21,9 @@
 #include "lib/ctime/di_ops.h"
 #include "lib/log/util_bug.h"
 
+#ifdef ENABLE_OPENSSL
 #include <openssl/evp.h>
+#endif
 
 #if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT)
 #define HAVE_SCRYPT
@@ -265,6 +267,7 @@ secret_to_key_compute_key(uint8_t *key_out, size_t key_out_len,
       return (int)key_out_len;
 
     case S2K_TYPE_PBKDF2: {
+#ifdef ENABLE_OPENSSL
       uint8_t log_iters;
       if (spec_len < 1 || secret_len > INT_MAX || spec_len > INT_MAX)
         return S2K_BAD_LEN;
@@ -278,6 +281,10 @@ secret_to_key_compute_key(uint8_t *key_out, size_t key_out_len,
       if (rv < 0)
         return S2K_FAILED;
       return (int)key_out_len;
+#else
+      // XXXXXXXXXXXXXXXXXXXXXXXX implement me.
+      return S2K_NO_SCRYPT_SUPPORT;
+#endif
     }
 
     case S2K_TYPE_SCRYPT: {
diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c
index a645321bfb..7af80291ef 100644
--- a/src/lib/crypt_ops/crypto_util.c
+++ b/src/lib/crypt_ops/crypto_util.c
@@ -23,12 +23,14 @@
 #include <wincrypt.h>
 #endif /* defined(_WIN32) */
 
-DISABLE_GCC_WARNING(redundant-decls)
+#include <stdlib.h>
 
+#ifdef ENABLE_OPENSSL
+DISABLE_GCC_WARNING(redundant-decls)
 #include <openssl/err.h>
 #include <openssl/crypto.h>
-
 ENABLE_GCC_WARNING(redundant-decls)
+#endif
 
 #include "lib/log/log.h"
 #include "lib/log/util_bug.h"
diff --git a/src/lib/crypt_ops/include.am b/src/lib/crypt_ops/include.am
index 195dac6bdb..1022096fdc 100644
--- a/src/lib/crypt_ops/include.am
+++ b/src/lib/crypt_ops/include.am
@@ -9,7 +9,6 @@ src_lib_libtor_crypt_ops_a_SOURCES =			\
 	src/lib/crypt_ops/crypto_cipher.c		\
 	src/lib/crypt_ops/crypto_curve25519.c		\
 	src/lib/crypt_ops/crypto_dh.c			\
-	src/lib/crypt_ops/crypto_dh_openssl.c		\
 	src/lib/crypt_ops/crypto_digest.c		\
 	src/lib/crypt_ops/crypto_ed25519.c		\
 	src/lib/crypt_ops/crypto_format.c		\
@@ -37,6 +36,7 @@ endif
 
 if USE_OPENSSL
 src_lib_libtor_crypt_ops_a_SOURCES +=			\
+	src/lib/crypt_ops/crypto_dh_openssl.c		\
 	src/lib/crypt_ops/crypto_openssl_mgt.c
 endif