Merge branch 'isolate_openssl'

20 files changed, 245 insertions, 141 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index a5eb7b5c9a..e1094aec50 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -3459,3 +3459,15 @@ crypto_global_cleanup(void)
 
 /** @} */
 
+#ifdef USE_DMALLOC
+/** Tell the crypto library to use Tor's allocation functions rather than
+ * calling libc's allocation functions directly. Return 0 on success, -1
+ * on failure. */
+int
+crypto_use_tor_alloc_functions(void)
+{
+  int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
+  return r ? 0 : -1;
+}
+#endif
+
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 62c78b5d77..c70d91c262 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -131,6 +131,10 @@ int crypto_early_init(void) ATTR_WUR;
 int crypto_global_init(int hardwareAccel,
                        const char *accelName,
                        const char *accelPath) ATTR_WUR;
+#ifdef USE_DMALLOC
+int crypto_use_tor_alloc_functions(void);
+#endif
+
 void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index f97b289169..188e18c710 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -32,8 +32,6 @@
 #include "ed25519/ref10/ed25519_ref10.h"
 #include "ed25519/donna/ed25519_donna_tor.h"
 
-#include <openssl/sha.h>
-
 static void pick_ed25519_impl(void);
 
 /** An Ed25519 implementation, as a set of function pointers. */
@@ -442,14 +440,16 @@ ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out,
 {
   const char string[] = "Derive high part of ed25519 key from curve25519 key";
   ed25519_public_key_t pubkey_check;
-  SHA512_CTX ctx;
-  uint8_t sha512_output[64];
+  crypto_digest_t *ctx;
+  uint8_t sha512_output[DIGEST512_LEN];
 
   memcpy(out->seckey.seckey, inp->seckey.secret_key, 32);
-  SHA512_Init(&ctx);
-  SHA512_Update(&ctx, out->seckey.seckey, 32);
-  SHA512_Update(&ctx, string, sizeof(string));
-  SHA512_Final(sha512_output, &ctx);
+
+  ctx = crypto_digest512_new(DIGEST_SHA512);
+  crypto_digest_add_bytes(ctx, (const char*)out->seckey.seckey, 32);
+  crypto_digest_add_bytes(ctx, (const char*)string, sizeof(string));
+  crypto_digest_get_digest(ctx, (char *)sha512_output, sizeof(sha512_output));
+  crypto_digest_free(ctx);
   memcpy(out->seckey.seckey + 32, sha512_output, 32);
 
   ed25519_public_key_generate(&out->pubkey, &out->seckey);
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 3034fbcd57..fadf52fa0a 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -17,6 +17,7 @@
 #include "orconfig.h"
 
 #define TORTLS_PRIVATE
+#define TORTLS_OPENSSL_PRIVATE
 
 #include <assert.h>
 #ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/
@@ -2263,6 +2264,24 @@ check_cert_lifetime_internal(int severity, const X509 *cert,
   return 0;
 }
 
+#ifdef TOR_UNIT_TESTS
+/* Testing only: return a new x509 cert with the same contents as <b>inp</b>,
+   but with the expiration time <b>new_expiration_time</b>, signed with
+   <b>signing_key</b>. */
+STATIC tor_x509_cert_t *
+tor_x509_cert_replace_expiration(const tor_x509_cert_t *inp,
+                                 time_t new_expiration_time,
+                                 crypto_pk_t *signing_key)
+{
+  X509 *newc = X509_dup(inp->cert);
+  X509_time_adj(X509_get_notAfter(newc), 0, &new_expiration_time);
+  EVP_PKEY *pk = crypto_pk_get_evp_pkey_(signing_key, 1);
+  tor_assert(X509_sign(newc, pk, EVP_sha256()));
+  EVP_PKEY_free(pk);
+  return tor_x509_cert_new(newc);
+}
+#endif
+
 /** Return the number of bytes available for reading from <b>tls</b>.
  */
 int
diff --git a/src/common/tortls.h b/src/common/tortls.h
index dcb82fcb23..fd0186cf90 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -63,12 +63,17 @@ typedef enum {
 } tor_tls_state_t;
 #define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t)
 
+struct x509_st;
+struct ssl_st;
+struct ssl_ctx_st;
+struct ssl_session_st;
+
 /** Holds a SSL_CTX object and related state used to configure TLS
  * connections.
  */
 typedef struct tor_tls_context_t {
   int refcnt;
-  SSL_CTX *ctx;
+  struct ssl_ctx_st *ctx;
   tor_x509_cert_t *my_link_cert;
   tor_x509_cert_t *my_id_cert;
   tor_x509_cert_t *my_auth_cert;
@@ -78,7 +83,7 @@ typedef struct tor_tls_context_t {
 
 /** Structure that we use for a single certificate. */
 struct tor_x509_cert_t {
-  X509 *cert;
+  struct x509_st *cert;
   uint8_t *encoded;
   size_t encoded_len;
   unsigned pkey_digests_set : 1;
@@ -92,7 +97,7 @@ struct tor_x509_cert_t {
 struct tor_tls_t {
   uint32_t magic;
   tor_tls_context_t *context; /** A link to the context object for this tls. */
-  SSL *ssl; /**< An OpenSSL SSL object. */
+  struct ssl_st *ssl; /**< An OpenSSL SSL object. */
   int socket; /**< The underlying file descriptor for this TLS connection. */
   char *address; /**< An address to log when describing this connection. */
   tor_tls_state_bitfield_t state : 3; /**< The current SSL state,
@@ -128,35 +133,45 @@ struct tor_tls_t {
 STATIC int tor_errno_to_tls_error(int e);
 STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra,
                   const char *doing, int severity, int domain);
-STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl);
+STATIC tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl);
 STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void);
+#ifdef TORTLS_OPENSSL_PRIVATE
 STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx);
-STATIC int tor_tls_classify_client_ciphers(const SSL *ssl,
+STATIC int tor_tls_classify_client_ciphers(const struct ssl_st *ssl,
                                            STACK_OF(SSL_CIPHER) *peer_ciphers);
-STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl);
+#endif
+STATIC int tor_tls_client_is_using_v2_ciphers(const struct ssl_st *ssl);
 MOCK_DECL(STATIC void, try_to_extract_certs_from_tls,
-          (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
+          (int severity, tor_tls_t *tls, struct x509_st **cert_out,
+           struct x509_st **id_cert_out));
 #ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
-STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out,
+STATIC size_t SSL_SESSION_get_master_key(struct ssl_session_st *s,
+                                         uint8_t *out,
                                          size_t len);
 #endif
-STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val);
-STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val);
-STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret,
+STATIC void tor_tls_debug_state_callback(const struct ssl_st *ssl,
+                                         int type, int val);
+STATIC void tor_tls_server_info_callback(const struct ssl_st *ssl,
+                                         int type, int val);
+#ifdef TORTLS_OPENSSL_PRIVATE
+STATIC int tor_tls_session_secret_cb(struct ssl_st *ssl, void *secret,
                             int *secret_len,
                             STACK_OF(SSL_CIPHER) *peer_ciphers,
                             CONST_IF_OPENSSL_1_1_API SSL_CIPHER **cipher,
                             void *arg);
 STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m,
                              uint16_t cipher);
-MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa,
+#endif
+MOCK_DECL(STATIC struct x509_st *, tor_tls_create_certificate,
+                                                   (crypto_pk_t *rsa,
                                                     crypto_pk_t *rsa_sign,
                                                     const char *cname,
                                                     const char *cname_sign,
                                                   unsigned int cert_lifetime));
 STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
                    unsigned int key_lifetime, unsigned flags, int is_client);
-MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert));
+MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,
+          (struct x509_st *x509_cert));
 STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
                                     crypto_pk_t *identity,
                                     unsigned int key_lifetime,
@@ -172,6 +187,11 @@ extern tor_tls_context_t *client_tls_context;
 extern uint16_t v2_cipher_list[];
 extern uint64_t total_bytes_written_over_tls;
 extern uint64_t total_bytes_written_by_tls;
+
+STATIC tor_x509_cert_t *tor_x509_cert_replace_expiration(
+                                               const tor_x509_cert_t *inp,
+                                               time_t new_expiration_time,
+                                               crypto_pk_t *signing_key);
 #endif
 
 #endif /* endif TORTLS_PRIVATE */
diff --git a/src/ext/ed25519/donna/ed25519-hash-custom.h b/src/ext/ed25519/donna/ed25519-hash-custom.h
index 7dc249129d..609451abd5 100644
--- a/src/ext/ed25519/donna/ed25519-hash-custom.h
+++ b/src/ext/ed25519/donna/ed25519-hash-custom.h
@@ -9,3 +9,34 @@
 	void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen);
 */
 
+#include "crypto.h"
+
+typedef struct ed25519_hash_context {
+  crypto_digest_t *ctx;
+} ed25519_hash_context;
+
+
+static void
+ed25519_hash_init(ed25519_hash_context *ctx)
+{
+  ctx->ctx = crypto_digest512_new(DIGEST_SHA512);
+}
+static void
+ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen)
+{
+  crypto_digest_add_bytes(ctx->ctx, (const char *)in, inlen);
+}
+static void
+ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash)
+{
+  crypto_digest_get_digest(ctx->ctx, (char *)hash, DIGEST512_LEN);
+  crypto_digest_free(ctx->ctx);
+  ctx->ctx = NULL;
+}
+static void
+ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen)
+{
+  crypto_digest512((char *)hash, (const char *)in, inlen,
+		   DIGEST_SHA512);
+}
+
diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h
index 0278571522..5dad935c79 100644
--- a/src/ext/ed25519/ref10/crypto_hash_sha512.h
+++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h
@@ -1,30 +1,32 @@
 /* Added for Tor. */
-#include <openssl/sha.h>
+#include "crypto.h"
 
 /* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */
 #define crypto_hash_sha512(out, inp, len) \
-  SHA512((inp), (len), (out))
+  crypto_digest512((char *)(out), (const char *)(inp), (len), DIGEST_SHA512)
 
 /* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
  * concatenated with the 'len2'-byte string in 'inp2'. */
 #define crypto_hash_sha512_2(out, inp1, len1, inp2, len2)               \
   do {                                                                  \
-      SHA512_CTX sha_ctx_;                                              \
-      SHA512_Init(&sha_ctx_);                                           \
-      SHA512_Update(&sha_ctx_, (inp1), (len1));                         \
-      SHA512_Update(&sha_ctx_, (inp2), (len2));                         \
-      SHA512_Final((out), &sha_ctx_);                                   \
- } while(0)
+    crypto_digest_t *sha_ctx_;						\
+    sha_ctx_ = crypto_digest512_new(DIGEST_SHA512);			\
+    crypto_digest_add_bytes(sha_ctx_, (const char *)(inp1), (len1));	\
+    crypto_digest_add_bytes(sha_ctx_, (const char *)(inp2), (len2));	\
+    crypto_digest_get_digest(sha_ctx_, (char *)out, DIGEST512_LEN);	\
+    crypto_digest_free(sha_ctx_);					\
+  } while (0)
 
 /* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
  * concatenated with the 'len2'-byte string in 'inp2', concatenated with
  * the 'len3'-byte string in 'len3'. */
 #define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3)   \
   do {                                                                  \
-      SHA512_CTX sha_ctx_;                                              \
-      SHA512_Init(&sha_ctx_);                                           \
-      SHA512_Update(&sha_ctx_, (inp1), (len1));                         \
-      SHA512_Update(&sha_ctx_, (inp2), (len2));                         \
-      SHA512_Update(&sha_ctx_, (inp3), (len3));                         \
-      SHA512_Final((out), &sha_ctx_);                                   \
+    crypto_digest_t *sha_ctx_;						\
+    sha_ctx_ = crypto_digest512_new(DIGEST_SHA512);			\
+    crypto_digest_add_bytes(sha_ctx_, (const char *)(inp1), (len1));	\
+    crypto_digest_add_bytes(sha_ctx_, (const char *)(inp2), (len2));	\
+    crypto_digest_add_bytes(sha_ctx_, (const char *)(inp3), (len3));	\
+    crypto_digest_get_digest(sha_ctx_, (char *)out, DIGEST512_LEN);	\
+    crypto_digest_free(sha_ctx_);					\
  } while(0)
diff --git a/src/ext/include.am b/src/ext/include.am
index c18e58857e..7ec2e43312 100644
--- a/src/ext/include.am
+++ b/src/ext/include.am
@@ -101,6 +101,7 @@ noinst_LIBRARIES += $(LIBED25519_REF10)
 src_ext_ed25519_donna_libed25519_donna_a_CFLAGS=\
   @CFLAGS_CONSTTIME@ \
   -DED25519_CUSTOMRANDOM \
+  -DED25519_CUSTOMHASH \
   -DED25519_SUFFIX=_donna
 
 src_ext_ed25519_donna_libed25519_donna_a_SOURCES= \
diff --git a/src/or/main.c b/src/or/main.c
index 5b73aea70c..4505879adc 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -104,7 +104,6 @@
 #include "ext_orport.h"
 #ifdef USE_DMALLOC
 #include <dmalloc.h>
-#include <openssl/crypto.h>
 #endif
 #include "memarea.h"
 #include "sandbox.h"
@@ -3617,8 +3616,8 @@ tor_main(int argc, char *argv[])
   {
     /* Instruct OpenSSL to use our internal wrappers for malloc,
        realloc and free. */
-    int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
-    tor_assert(r);
+    int r = crypto_use_tor_alloc_functions();
+    tor_assert(r == 0);
   }
 #endif
 #ifdef NT_SERVICE
diff --git a/src/test/include.am b/src/test/include.am
index f88f0992f2..99c80af7a4 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -93,6 +93,7 @@ src_test_test_SOURCES = \
 	src/test/test_controller.c \
 	src/test/test_controller_events.c \
 	src/test/test_crypto.c \
+	src/test/test_crypto_openssl.c \
 	src/test/test_data.c \
 	src/test/test_dir.c \
 	src/test/test_dir_common.c \
diff --git a/src/test/test.c b/src/test/test.c
index f8c2db726d..77ea44970c 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1201,6 +1201,7 @@ struct testgroup_t testgroups[] = {
   { "control/", controller_tests },
   { "control/event/", controller_event_tests },
   { "crypto/", crypto_tests },
+  { "crypto/openssl/", crypto_openssl_tests },
   { "dir/", dir_tests },
   { "dir_handle_get/", dir_handle_get_tests },
   { "dir/md/", microdesc_tests },
diff --git a/src/test/test.h b/src/test/test.h
index 2c35314dcd..252a239afc 100644
--- a/src/test/test.h
+++ b/src/test/test.h
@@ -196,6 +196,7 @@ extern struct testcase_t container_tests[];
 extern struct testcase_t controller_tests[];
 extern struct testcase_t controller_event_tests[];
 extern struct testcase_t crypto_tests[];
+extern struct testcase_t crypto_openssl_tests[];
 extern struct testcase_t dir_tests[];
 extern struct testcase_t dir_handle_get_tests[];
 extern struct testcase_t entryconn_tests[];
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index 3a6c222bc4..7a20150169 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -15,9 +15,6 @@
 #include "crypto_ed25519.h"
 #include "ed25519_vectors.inc"
 
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-
 /** Run unit tests for Diffie-Hellman functionality. */
 static void
 test_crypto_dh(void *arg)
@@ -331,38 +328,6 @@ test_crypto_rng_strongest(void *arg)
 #undef N
 }
 
-/* Test for rectifying openssl RAND engine. */
-static void
-test_crypto_rng_engine(void *arg)
-{
-  (void)arg;
-  RAND_METHOD dummy_method;
-  memset(&dummy_method, 0, sizeof(dummy_method));
-
-  /* We should be a no-op if we're already on RAND_OpenSSL */
-  tt_int_op(0, ==, crypto_force_rand_ssleay());
-  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
-
-  /* We should correct the method if it's a dummy. */
-  RAND_set_rand_method(&dummy_method);
-#ifdef LIBRESSL_VERSION_NUMBER
-  /* On libressl, you can't override the RNG. */
-  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
-  tt_int_op(0, ==, crypto_force_rand_ssleay());
-#else
-  tt_assert(RAND_get_rand_method() == &dummy_method);
-  tt_int_op(1, ==, crypto_force_rand_ssleay());
-#endif
-  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
-
-  /* Make sure we aren't calling dummy_method */
-  crypto_rand((void *) &dummy_method, sizeof(dummy_method));
-  crypto_rand((void *) &dummy_method, sizeof(dummy_method));
-
- done:
-  ;
-}
-
 /** Run unit tests for our AES128 functionality */
 static void
 test_crypto_aes128(void *arg)
@@ -1477,28 +1442,6 @@ test_crypto_digest_names(void *arg)
   ;
 }
 
-#ifndef OPENSSL_1_1_API
-#define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX))
-#define EVP_ENCODE_CTX_free(ctx) tor_free(ctx)
-#endif
-
-/** Encode src into dest with OpenSSL's EVP Encode interface, returning the
- * length of the encoded data in bytes.
- */
-static int
-base64_encode_evp(char *dest, char *src, size_t srclen)
-{
-  const unsigned char *s = (unsigned char*)src;
-  EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
-  int len, ret;
-
-  EVP_EncodeInit(ctx);
-  EVP_EncodeUpdate(ctx, (unsigned char *)dest, &len, s, (int)srclen);
-  EVP_EncodeFinal(ctx, (unsigned char *)(dest + len), &ret);
-  EVP_ENCODE_CTX_free(ctx);
-  return ret+ len;
-}
-
 /** Run unit tests for misc crypto formatting functionality (base64, base32,
  * fingerprints, etc) */
 static void
@@ -1554,20 +1497,6 @@ test_crypto_formats(void *arg)
 
   tt_assert(digest_from_base64(data3, "###") < 0);
 
-  for (i = 0; i < 256; i++) {
-    /* Test the multiline format Base64 encoder with 0 .. 256 bytes of
-     * output against OpenSSL.
-     */
-    const size_t enclen = base64_encode_size(i, BASE64_ENCODE_MULTILINE);
-    data1[i] = i;
-    j = base64_encode(data2, 1024, data1, i, BASE64_ENCODE_MULTILINE);
-    tt_int_op(j, OP_EQ, enclen);
-    j = base64_encode_evp(data3, data1, i);
-    tt_int_op(j, OP_EQ, enclen);
-    tt_mem_op(data2, OP_EQ, data3, enclen);
-    tt_int_op(j, OP_EQ, strlen(data2));
-  }
-
   /* Encoding SHA256 */
   crypto_rand(data2, DIGEST256_LEN);
   memset(data2, 100, 1024);
@@ -2941,7 +2870,6 @@ struct testcase_t crypto_tests[] = {
   CRYPTO_LEGACY(formats),
   CRYPTO_LEGACY(rng),
   { "rng_range", test_crypto_rng_range, 0, NULL, NULL },
-  { "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL },
   { "rng_strongest", test_crypto_rng_strongest, TT_FORK, NULL, NULL },
   { "rng_strongest_nosyscall", test_crypto_rng_strongest, TT_FORK,
     &passthrough_setup, (void*)"nosyscall" },
diff --git a/src/test/test_crypto_openssl.c b/src/test/test_crypto_openssl.c
new file mode 100644
index 0000000000..3d7d2b4639
--- /dev/null
+++ b/src/test/test_crypto_openssl.c
@@ -0,0 +1,107 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2017, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#define CRYPTO_PRIVATE
+
+#include "crypto.h"
+#include "util.h"
+#include "util_format.h"
+#include "compat.h"
+#include "test.h"
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include "compat_openssl.h"
+
+/* Test for rectifying openssl RAND engine. */
+static void
+test_crypto_rng_engine(void *arg)
+{
+  (void)arg;
+  RAND_METHOD dummy_method;
+  memset(&dummy_method, 0, sizeof(dummy_method));
+
+  /* We should be a no-op if we're already on RAND_OpenSSL */
+  tt_int_op(0, ==, crypto_force_rand_ssleay());
+  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
+
+  /* We should correct the method if it's a dummy. */
+  RAND_set_rand_method(&dummy_method);
+#ifdef LIBRESSL_VERSION_NUMBER
+  /* On libressl, you can't override the RNG. */
+  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
+  tt_int_op(0, ==, crypto_force_rand_ssleay());
+#else
+  tt_assert(RAND_get_rand_method() == &dummy_method);
+  tt_int_op(1, ==, crypto_force_rand_ssleay());
+#endif
+  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
+
+  /* Make sure we aren't calling dummy_method */
+  crypto_rand((void *) &dummy_method, sizeof(dummy_method));
+  crypto_rand((void *) &dummy_method, sizeof(dummy_method));
+
+ done:
+  ;
+}
+
+#ifndef OPENSSL_1_1_API
+#define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX))
+#define EVP_ENCODE_CTX_free(ctx) tor_free(ctx)
+#endif
+
+/** Encode src into dest with OpenSSL's EVP Encode interface, returning the
+ * length of the encoded data in bytes.
+ */
+static int
+base64_encode_evp(char *dest, char *src, size_t srclen)
+{
+  const unsigned char *s = (unsigned char*)src;
+  EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+  int len, ret;
+
+  EVP_EncodeInit(ctx);
+  EVP_EncodeUpdate(ctx, (unsigned char *)dest, &len, s, (int)srclen);
+  EVP_EncodeFinal(ctx, (unsigned char *)(dest + len), &ret);
+  EVP_ENCODE_CTX_free(ctx);
+  return ret+ len;
+}
+
+static void
+test_crypto_base64_encode_matches(void *arg)
+{
+  (void)arg;
+  int i, j;
+  char data1[1024];
+  char data2[1024];
+  char data3[1024];
+
+  for (i = 0; i < 256; i++) {
+    /* Test the multiline format Base64 encoder with 0 .. 256 bytes of
+     * output against OpenSSL.
+     */
+    const size_t enclen = base64_encode_size(i, BASE64_ENCODE_MULTILINE);
+    data1[i] = i;
+    j = base64_encode(data2, 1024, data1, i, BASE64_ENCODE_MULTILINE);
+    tt_int_op(j, OP_EQ, enclen);
+    j = base64_encode_evp(data3, data1, i);
+    tt_int_op(j, OP_EQ, enclen);
+    tt_mem_op(data2, OP_EQ, data3, enclen);
+    tt_int_op(j, OP_EQ, strlen(data2));
+  }
+
+ done:
+  ;
+}
+
+struct testcase_t crypto_openssl_tests[] = {
+  { "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL },
+  { "base64_encode_match", test_crypto_base64_encode_matches,
+    TT_FORK, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c
index 6d676ff9b9..d6b0a43dd5 100644
--- a/src/test/test_crypto_slow.c
+++ b/src/test/test_crypto_slow.c
@@ -12,11 +12,8 @@
 
 #if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT)
 #define HAVE_LIBSCRYPT
-#include <libscrypt.h>
 #endif
 
-#include <openssl/evp.h>
-
 /** Run unit tests for our secret-to-key passphrase hashing functionality. */
 static void
 test_crypto_s2k_rfc2440(void *arg)
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
index 4e9fe040ff..217088ee37 100644
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@@ -10,13 +10,6 @@
 
 #include "compat.h"
 
-/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
- * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
-DISABLE_GCC_WARNING(redundant-decls)
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-ENABLE_GCC_WARNING(redundant-decls)
-
 #include "or.h"
 #include "config.h"
 #include "connection.h"
@@ -785,19 +778,14 @@ CERTS_FAIL(expired_rsa_id, /* both */
     certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
     const tor_x509_cert_t *idc;
     tor_tls_get_my_certs(1, NULL, &idc);
-    X509 *newc = X509_dup(idc->cert);
+    tor_x509_cert_t *newc;
     time_t new_end = time(NULL) - 86400 * 10;
-    X509_time_adj(X509_get_notAfter(newc), 0, &new_end);
-    EVP_PKEY *pk = crypto_pk_get_evp_pkey_(d->key2, 1);
-    tt_assert(X509_sign(newc, pk, EVP_sha1()));
-    int len = i2d_X509(newc, NULL);
-    certs_cell_cert_setlen_body(cert, len);
-    uint8_t *body = certs_cell_cert_getarray_body(cert);
-    int len2 = i2d_X509(newc, &body);
-    tt_int_op(len, ==, len2);
+    newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2);
+    certs_cell_cert_setlen_body(cert, newc->encoded_len);
+    memcpy(certs_cell_cert_getarray_body(cert),
+           newc->encoded, newc->encoded_len);
     REENCODE();
-    X509_free(newc);
-    EVP_PKEY_free(pk);
+    tor_x509_cert_free(newc);
   })
 CERTS_FAIL(expired_ed_id, /* ed25519 */
   {
diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c
index b8d96491d4..c78fda3b69 100644
--- a/src/test/test_microdesc.c
+++ b/src/test/test_microdesc.c
@@ -14,12 +14,6 @@
 
 #include "test.h"
 
-DISABLE_GCC_WARNING(redundant-decls)
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#include <openssl/pem.h>
-ENABLE_GCC_WARNING(redundant-decls)
-
 #ifdef _WIN32
 /* For mkdir() */
 #include <direct.h>
diff --git a/src/test/test_rendcache.c b/src/test/test_rendcache.c
index 59d3be9003..feba8f664e 100644
--- a/src/test/test_rendcache.c
+++ b/src/test/test_rendcache.c
@@ -11,7 +11,6 @@
 #include "routerlist.h"
 #include "config.h"
 #include "hs_common.h"
-#include <openssl/rsa.h>
 #include "rend_test_helpers.h"
 #include "log_test_helpers.h"
 
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index 18ffd4a8c1..7aa3051464 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -2,6 +2,7 @@
 /* See LICENSE for licensing information */
 
 #define TORTLS_PRIVATE
+#define TORTLS_OPENSSL_PRIVATE
 #define LOG_PRIVATE
 #include "orconfig.h"
 
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index bb2bcbf44c..0e37e0d154 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -38,7 +38,6 @@ const char tor_git_revision[] = "";
 
 #ifdef USE_DMALLOC
 #include <dmalloc.h>
-#include <openssl/crypto.h>
 #include "main.h"
 #endif
 
@@ -238,8 +237,8 @@ main(int c, const char **v)
 
 #ifdef USE_DMALLOC
   {
-    int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
-    tor_assert(r);
+    int r = crypto_use_tor_alloc_functions();
+    tor_assert(r == 0);
   }
 #endif