diff options
| -rw-r--r-- | configure.ac | 14 | ||||
| -rw-r--r-- | src/app/config/config.c | 12 | ||||
| -rw-r--r-- | src/core/mainloop/main.c | 5 | ||||
| -rw-r--r-- | src/lib/crypt_ops/compat_openssl.h | 6 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_dh.h | 2 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_ed25519.c | 1 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_format.c | 1 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_hkdf.c | 2 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_init.c | 42 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_init.h | 4 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_rand.c | 14 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_rsa.c | 6 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_s2k.c | 7 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_util.c | 6 | ||||
| -rw-r--r-- | src/lib/crypt_ops/include.am | 2 | ||||
| -rw-r--r-- | src/lib/tls/tortls_internal.h | 44 | ||||
| -rw-r--r-- | src/lib/tls/tortls_nss.c | 42 | ||||
| -rw-r--r-- | src/test/bench.c | 8 | ||||
| -rw-r--r-- | src/test/include.am | 2 | ||||
| -rw-r--r-- | src/test/test.c | 2 | ||||
| -rw-r--r-- | src/test/test_crypto.c | 4 | ||||
| -rw-r--r-- | src/test/test_crypto_slow.c | 2 | ||||
| -rw-r--r-- | src/tools/include.am | 14 | ||||
| -rw-r--r-- | src/tools/tor-gencert.c | 2 |
24 files changed, 164 insertions, 80 deletions
diff --git a/configure.ac b/configure.ac index aa9b2ba6bd..f99697a445 100644 --- a/configure.ac +++ b/configure.ac @@ -67,14 +67,15 @@ AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes") AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes") AM_CONDITIONAL(USE_RUST, test "x$enable_rust" = "xyes") AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes") -AM_CONDITIONAL(USE_OPENSSL, true) +AM_CONDITIONAL(USE_OPENSSL, test "x$enable_nss" != "xyes") if test "x$enable_nss" = "xyes"; then AC_DEFINE(ENABLE_NSS, 1, [Defined if we're building with NSS in addition to OpenSSL.]) +else + AC_DEFINE(ENABLE_OPENSSL, 1, + [Defined if we're building with OpenSSL or LibreSSL]) fi -AC_DEFINE(ENABLE_OPENSSL, 1, - [Defined if we're building with OpenSSL or LibreSSL]) if test "$enable_static_tor" = "yes"; then enable_static_libevent="yes"; @@ -872,6 +873,8 @@ fi dnl ------------------------------------------------------ dnl Where do you live, openssl? And how do we call you? +if test "x$enable_nss" != "xyes"; then + tor_openssl_pkg_redhat="openssl" tor_openssl_pkg_debian="libssl-dev" tor_openssl_devpkg_redhat="openssl-devel" @@ -971,6 +974,11 @@ AC_CHECK_SIZEOF(SHA_CTX, , [AC_INCLUDES_DEFAULT() #include <openssl/sha.h> ]) +fi # enable_nss + +dnl ====================================================================== +dnl Can we use KIST? + dnl Define the set of checks for KIST scheduler support. AC_DEFUN([CHECK_KIST_SUPPORT],[ dnl KIST needs struct tcp_info and for certain members to exist. diff --git a/src/app/config/config.c b/src/app/config/config.c index d2ed295621..d7c9f6d610 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -82,6 +82,11 @@ #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" #include "lib/crypt_ops/crypto_init.h" +#ifdef ENABLE_NSS +#include "lib/crypt_ops/crypto_nss_mgt.h" +#else +#include "lib/crypt_ops/crypto_openssl_mgt.h" +#endif #include "feature/dircache/dirserv.h" #include "feature/relay/dns.h" #include "core/or/dos.h" @@ -5238,9 +5243,16 @@ options_init_from_torrc(int argc, char **argv) printf("Libevent\t\t%-15s\t\t%s\n", tor_libevent_get_header_version_str(), tor_libevent_get_version_str()); +#ifdef ENABLE_OPENSSL printf("OpenSSL \t\t%-15s\t\t%s\n", crypto_openssl_get_header_version_str(), crypto_openssl_get_version_str()); +#endif +#ifdef ENABLE_NSS + printf("NSS \t\t%-15s\t\t%s\n", + crypto_nss_get_header_version_str(), + crypto_nss_get_version_str()); +#endif if (tor_compress_supports_method(ZLIB_METHOD)) { printf("Zlib \t\t%-15s\t\t%s\n", tor_compress_version_str(ZLIB_METHOD), diff --git a/src/core/mainloop/main.c b/src/core/mainloop/main.c index ad8c1ead67..f40639d087 100644 --- a/src/core/mainloop/main.c +++ b/src/core/mainloop/main.c @@ -3504,10 +3504,11 @@ tor_init(int argc, char *argv[]) const char *version = get_version(); log_notice(LD_GENERAL, "Tor %s running on %s with Libevent %s, " - "OpenSSL %s, Zlib %s, Liblzma %s, and Libzstd %s.", version, + "%s %s, Zlib %s, Liblzma %s, and Libzstd %s.", version, get_uname(), tor_libevent_get_version_str(), - crypto_openssl_get_version_str(), + crypto_get_library_name(), + crypto_get_library_version_string(), tor_compress_supports_method(ZLIB_METHOD) ? tor_compress_version_str(ZLIB_METHOD) : "N/A", tor_compress_supports_method(LZMA_METHOD) ? diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h index 317c01134a..f2f632ab40 100644 --- a/src/lib/crypt_ops/compat_openssl.h +++ b/src/lib/crypt_ops/compat_openssl.h @@ -7,6 +7,10 @@ #ifndef TOR_COMPAT_OPENSSL_H #define TOR_COMPAT_OPENSSL_H +#include "orconfig.h" + +#ifdef ENABLE_OPENSSL + #include <openssl/opensslv.h> #include "lib/crypt_ops/crypto_openssl_mgt.h" @@ -47,5 +51,7 @@ #define CONST_IF_OPENSSL_1_1_API const #endif /* !defined(OPENSSL_1_1_API) */ +#endif /* defined(ENABLE_OPENSSL) */ + #endif /* !defined(TOR_COMPAT_OPENSSL_H) */ diff --git a/src/lib/crypt_ops/crypto_dh.h b/src/lib/crypt_ops/crypto_dh.h index 6e79a6404c..3ee343a278 100644 --- a/src/lib/crypt_ops/crypto_dh.h +++ b/src/lib/crypt_ops/crypto_dh.h @@ -56,7 +56,7 @@ struct dh_st *crypto_dh_new_openssl_tls(void); void crypto_dh_init_openssl(void); void crypto_dh_free_all_openssl(void); #endif -#ifdef ENABLE_OPENSSL +#ifdef ENABLE_NSS void crypto_dh_init_nss(void); void crypto_dh_free_all_nss(void); #endif diff --git a/src/lib/crypt_ops/crypto_ed25519.c b/src/lib/crypt_ops/crypto_ed25519.c index 9d2c9e9fab..11c1f56aef 100644 --- a/src/lib/crypt_ops/crypto_ed25519.c +++ b/src/lib/crypt_ops/crypto_ed25519.c @@ -37,6 +37,7 @@ #include "ed25519/donna/ed25519_donna_tor.h" #include <string.h> +#include <errno.h> static void pick_ed25519_impl(void); diff --git a/src/lib/crypt_ops/crypto_format.c b/src/lib/crypt_ops/crypto_format.c index 50916a8d68..09ec753a00 100644 --- a/src/lib/crypt_ops/crypto_format.c +++ b/src/lib/crypt_ops/crypto_format.c @@ -29,6 +29,7 @@ #include "lib/fs/files.h" #include <string.h> +#include <errno.h> /** Write the <b>datalen</b> bytes from <b>data</b> to the file named * <b>fname</b> in the tagged-data format. This format contains a diff --git a/src/lib/crypt_ops/crypto_hkdf.c b/src/lib/crypt_ops/crypto_hkdf.c index 1873632a9d..a63d9131d9 100644 --- a/src/lib/crypt_ops/crypto_hkdf.c +++ b/src/lib/crypt_ops/crypto_hkdf.c @@ -17,12 +17,14 @@ #include "lib/intmath/cmp.h" #include "lib/log/util_bug.h" +#ifdef ENABLE_OPENSSL #include <openssl/opensslv.h> #if defined(HAVE_ERR_LOAD_KDF_STRINGS) #include <openssl/kdf.h> #define HAVE_OPENSSL_HKDF 1 #endif +#endif #include <string.h> diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c index 620fe8e1be..f9b077e9e7 100644 --- a/src/lib/crypt_ops/crypto_init.c +++ b/src/lib/crypt_ops/crypto_init.c @@ -88,6 +88,10 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) #ifdef ENABLE_OPENSSL if (crypto_openssl_late_init(useAccel, accelName, accelDir) < 0) return -1; +#else + (void)useAccel; + (void)accelName; + (void)accelDir; #endif #ifdef ENABLE_NSS if (crypto_nss_late_init() < 0) @@ -139,3 +143,41 @@ crypto_postfork(void) crypto_nss_postfork(); #endif } + +/** Return the name of the crypto library we're using. */ +const char * +crypto_get_library_name(void) +{ +#ifdef ENABLE_OPENSSL + return "OpenSSL"; +#endif +#ifdef ENABLE_NSS + return "NSS"; +#endif +} + +/** Return the version of the crypto library we are using, as given in the + * library. */ +const char * +crypto_get_library_version_string(void) +{ +#ifdef ENABLE_OPENSSL + return crypto_openssl_get_version_str(); +#endif +#ifdef ENABLE_NSS + return crypto_nss_get_version_str(); +#endif +} + +/** Return the version of the crypto library we're using, as given in the + * headers. */ +const char * +crypto_get_header_version_string(void) +{ +#ifdef ENABLE_OPENSSL + return crypto_openssl_get_header_version_str(); +#endif +#ifdef ENABLE_NSS + return crypto_nss_get_header_version_str(); +#endif +} diff --git a/src/lib/crypt_ops/crypto_init.h b/src/lib/crypt_ops/crypto_init.h index 3e32456b5c..05b281720c 100644 --- a/src/lib/crypt_ops/crypto_init.h +++ b/src/lib/crypt_ops/crypto_init.h @@ -26,4 +26,8 @@ void crypto_thread_cleanup(void); int crypto_global_cleanup(void); void crypto_postfork(void); +const char *crypto_get_library_name(void); +const char *crypto_get_library_version_string(void); +const char *crypto_get_header_version_string(void); + #endif /* !defined(TOR_CRYPTO_H) */ diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c index 9806714747..78471bf398 100644 --- a/src/lib/crypt_ops/crypto_rand.c +++ b/src/lib/crypt_ops/crypto_rand.c @@ -35,9 +35,11 @@ #include "lib/testsupport/testsupport.h" #include "lib/fs/files.h" +#include "lib/defs/digest_sizes.h" +#include "lib/crypt_ops/crypto_digest.h" + #ifdef ENABLE_NSS #include "lib/crypt_ops/crypto_nss_mgt.h" -#include "lib/crypt_ops/crypto_digest.h" #endif #ifdef ENABLE_OPENSSL @@ -80,6 +82,7 @@ ENABLE_GCC_WARNING(redundant-decls) #endif #include <string.h> +#include <errno.h> /** * How many bytes of entropy we add at once. @@ -335,7 +338,8 @@ crypto_strongest_rand_raw(uint8_t *out, size_t out_len) void crypto_strongest_rand(uint8_t *out, size_t out_len) { -#define DLEN SHA512_DIGEST_LENGTH +#define DLEN DIGEST512_LEN + /* We're going to hash DLEN bytes from the system RNG together with some * bytes from the PRNGs from our crypto librar(y/ies), in order to yield * DLEN bytes. @@ -360,11 +364,11 @@ crypto_strongest_rand(uint8_t *out, size_t out_len) // LCOV_EXCL_STOP } if (out_len >= DLEN) { - SHA512(inp, sizeof(inp), out); + crypto_digest512((char*)out, (char*)inp, sizeof(inp), DIGEST_SHA512); out += DLEN; out_len -= DLEN; } else { - SHA512(inp, sizeof(inp), tmp); + crypto_digest512((char*)tmp, (char*)inp, sizeof(inp), DIGEST_SHA512); memcpy(out, tmp, out_len); break; } @@ -699,6 +703,7 @@ smartlist_shuffle(smartlist_t *sl) int crypto_force_rand_ssleay(void) { +#ifdef ENABLE_OPENSSL RAND_METHOD *default_method; default_method = RAND_OpenSSL(); if (RAND_get_rand_method() != default_method) { @@ -708,6 +713,7 @@ crypto_force_rand_ssleay(void) RAND_set_rand_method(default_method); return 1; } +#endif return 0; } diff --git a/src/lib/crypt_ops/crypto_rsa.c b/src/lib/crypt_ops/crypto_rsa.c index 0f80bc967f..31497e6509 100644 --- a/src/lib/crypt_ops/crypto_rsa.c +++ b/src/lib/crypt_ops/crypto_rsa.c @@ -37,11 +37,12 @@ crypto_get_rsa_padding_overhead(int padding) { switch (padding) { - case RSA_PKCS1_OAEP_PADDING: return PKCS1_OAEP_PADDING_OVERHEAD; + case PK_PKCS1_OAEP_PADDING: return PKCS1_OAEP_PADDING_OVERHEAD; default: tor_assert(0); return -1; // LCOV_EXCL_LINE } } +#ifdef ENABLE_OPENSSL /** Given a padding method <b>padding</b>, return the correct OpenSSL constant. */ int @@ -53,6 +54,7 @@ crypto_get_rsa_padding(int padding) default: tor_assert(0); return -1; // LCOV_EXCL_LINE } } +#endif /** Compare the public-key components of a and b. Return non-zero iff * a==b. A NULL key is considered to be distinct from all non-NULL @@ -100,7 +102,7 @@ crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, tor_assert(to); tor_assert(fromlen < SIZE_T_CEILING); - overhead = crypto_get_rsa_padding_overhead(crypto_get_rsa_padding(padding)); + overhead = crypto_get_rsa_padding_overhead(padding); pkeylen = crypto_pk_keysize(env); if (!force && fromlen+overhead <= pkeylen) { diff --git a/src/lib/crypt_ops/crypto_s2k.c b/src/lib/crypt_ops/crypto_s2k.c index 0e151f0a6c..433fbb026d 100644 --- a/src/lib/crypt_ops/crypto_s2k.c +++ b/src/lib/crypt_ops/crypto_s2k.c @@ -21,7 +21,9 @@ #include "lib/ctime/di_ops.h" #include "lib/log/util_bug.h" +#ifdef ENABLE_OPENSSL #include <openssl/evp.h> +#endif #if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT) #define HAVE_SCRYPT @@ -265,6 +267,7 @@ secret_to_key_compute_key(uint8_t *key_out, size_t key_out_len, return (int)key_out_len; case S2K_TYPE_PBKDF2: { +#ifdef ENABLE_OPENSSL uint8_t log_iters; if (spec_len < 1 || secret_len > INT_MAX || spec_len > INT_MAX) return S2K_BAD_LEN; @@ -278,6 +281,10 @@ secret_to_key_compute_key(uint8_t *key_out, size_t key_out_len, if (rv < 0) return S2K_FAILED; return (int)key_out_len; +#else + // XXXXXXXXXXXXXXXXXXXXXXXX implement me. + return S2K_NO_SCRYPT_SUPPORT; +#endif } case S2K_TYPE_SCRYPT: { diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c index a645321bfb..7af80291ef 100644 --- a/src/lib/crypt_ops/crypto_util.c +++ b/src/lib/crypt_ops/crypto_util.c @@ -23,12 +23,14 @@ #include <wincrypt.h> #endif /* defined(_WIN32) */ -DISABLE_GCC_WARNING(redundant-decls) +#include <stdlib.h> +#ifdef ENABLE_OPENSSL +DISABLE_GCC_WARNING(redundant-decls) #include <openssl/err.h> #include <openssl/crypto.h> - ENABLE_GCC_WARNING(redundant-decls) +#endif #include "lib/log/log.h" #include "lib/log/util_bug.h" diff --git a/src/lib/crypt_ops/include.am b/src/lib/crypt_ops/include.am index 195dac6bdb..1022096fdc 100644 --- a/src/lib/crypt_ops/include.am +++ b/src/lib/crypt_ops/include.am @@ -9,7 +9,6 @@ src_lib_libtor_crypt_ops_a_SOURCES = \ src/lib/crypt_ops/crypto_cipher.c \ src/lib/crypt_ops/crypto_curve25519.c \ src/lib/crypt_ops/crypto_dh.c \ - src/lib/crypt_ops/crypto_dh_openssl.c \ src/lib/crypt_ops/crypto_digest.c \ src/lib/crypt_ops/crypto_ed25519.c \ src/lib/crypt_ops/crypto_format.c \ @@ -37,6 +36,7 @@ endif if USE_OPENSSL src_lib_libtor_crypt_ops_a_SOURCES += \ + src/lib/crypt_ops/crypto_dh_openssl.c \ src/lib/crypt_ops/crypto_openssl_mgt.c endif diff --git a/src/lib/tls/tortls_internal.h b/src/lib/tls/tortls_internal.h index f6afb348ca..c58379e19b 100644 --- a/src/lib/tls/tortls_internal.h +++ b/src/lib/tls/tortls_internal.h @@ -15,28 +15,38 @@ struct ssl_session_st; int tor_errno_to_tls_error(int e); int tor_tls_get_error(tor_tls_t *tls, int r, int extra, const char *doing, int severity, int domain); -tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl); -void tor_tls_allocate_tor_tls_object_ex_data_index(void); MOCK_DECL(void, try_to_extract_certs_from_tls, (int severity, tor_tls_t *tls, tor_x509_cert_impl_t **cert_out, tor_x509_cert_impl_t **id_cert_out)); -#ifdef TORTLS_OPENSSL_PRIVATE -int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx); -int tor_tls_classify_client_ciphers(const struct ssl_st *ssl, - STACK_OF(SSL_CIPHER) *peer_ciphers); -#endif + +tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, + unsigned int key_lifetime, unsigned flags, int is_client); +int tor_tls_context_init_one(tor_tls_context_t **ppcontext, + crypto_pk_t *identity, + unsigned int key_lifetime, + unsigned int flags, + int is_client); + +#ifdef ENABLE_OPENSSL +tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl); int tor_tls_client_is_using_v2_ciphers(const struct ssl_st *ssl); -#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY -size_t SSL_SESSION_get_master_key(struct ssl_session_st *s, - uint8_t *out, - size_t len); -#endif void tor_tls_debug_state_callback(const struct ssl_st *ssl, int type, int val); void tor_tls_server_info_callback(const struct ssl_st *ssl, int type, int val); +void tor_tls_allocate_tor_tls_object_ex_data_index(void); + +#if !defined(HAVE_SSL_SESSION_GET_MASTER_KEY) +size_t SSL_SESSION_get_master_key(struct ssl_session_st *s, + uint8_t *out, + size_t len); +#endif + #ifdef TORTLS_OPENSSL_PRIVATE +int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx); +int tor_tls_classify_client_ciphers(const struct ssl_st *ssl, + STACK_OF(SSL_CIPHER) *peer_ciphers); STATIC int tor_tls_session_secret_cb(struct ssl_st *ssl, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, @@ -44,14 +54,8 @@ STATIC int tor_tls_session_secret_cb(struct ssl_st *ssl, void *secret, void *arg); STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher); -#endif /* defined(TORTLS_OPENSSL_PRIVATE) */ -tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, - unsigned int key_lifetime, unsigned flags, int is_client); -int tor_tls_context_init_one(tor_tls_context_t **ppcontext, - crypto_pk_t *identity, - unsigned int key_lifetime, - unsigned int flags, - int is_client); +#endif +#endif #ifdef TOR_UNIT_TESTS extern int tor_tls_object_ex_data_index; diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 078196ac5f..98fecdaf16 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -47,19 +47,6 @@ tor_tls_get_error(tor_tls_t *tls, int r, int extra, // XXXX return -1; } -tor_tls_t * -tor_tls_get_by_ssl(const struct ssl_st *ssl) -{ - (void) ssl; - // XXXX - // XXXX refers to ssl_st. - return NULL; -} -void -tor_tls_allocate_tor_tls_object_ex_data_index(void) -{ - // XXXX openssl only. -} MOCK_IMPL(void, try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls, tor_x509_cert_impl_t **cert_out, @@ -71,36 +58,7 @@ try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls, (void)severity; // XXXX } -int -tor_tls_client_is_using_v2_ciphers(const struct ssl_st *ssl) -{ - (void) ssl; - // XXXX - // XXXX refers to ssl_st. - return 0; -} -void -tor_tls_debug_state_callback(const struct ssl_st *ssl, - int type, int val) -{ - (void) ssl; - (void)type; - (void)val; - // XXXX - // XXXX refers to ssl_st. -} - -void -tor_tls_server_info_callback(const struct ssl_st *ssl, - int type, int val) -{ - (void)ssl; - (void)type; - (void)val; - // XXXX - // XXXX refers to ssl_st. -} tor_tls_context_t * tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client) diff --git a/src/test/bench.c b/src/test/bench.c index 2b90ccf734..3594059057 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -13,11 +13,14 @@ #include "core/or/or.h" #include "core/crypto/onion_tap.h" #include "core/crypto/relay_crypto.h" + +#ifdef ENABLE_OPENSSL #include <openssl/opensslv.h> #include <openssl/evp.h> #include <openssl/ec.h> #include <openssl/ecdh.h> #include <openssl/obj_mac.h> +#endif #include "core/or/circuitlist.h" #include "app/config/config.h" @@ -580,6 +583,7 @@ bench_dh(void) " %f millisec each.\n", NANOCOUNT(start, end, iters)/1e6); } +#ifdef ENABLE_OPENSSL static void bench_ecdh_impl(int nid, const char *name) { @@ -629,6 +633,7 @@ bench_ecdh_p224(void) { bench_ecdh_impl(NID_secp224r1, "P-224"); } +#endif typedef void (*bench_fn)(void); @@ -652,8 +657,11 @@ static struct benchmark_t benchmarks[] = { ENT(cell_aes), ENT(cell_ops), ENT(dh), + +#ifdef ENABLE_OPENSSL ENT(ecdh_p256), ENT(ecdh_p224), +#endif {NULL,NULL,0} }; diff --git a/src/test/include.am b/src/test/include.am index c2e08aa3df..05149b8654 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -118,7 +118,6 @@ src_test_test_SOURCES += \ src/test/test_controller_events.c \ src/test/test_crypto.c \ src/test/test_crypto_ope.c \ - src/test/test_crypto_openssl.c \ src/test/test_data.c \ src/test/test_dir.c \ src/test/test_dir_common.c \ @@ -189,6 +188,7 @@ if USE_NSS # ... else src_test_test_SOURCES += \ + src/test/test_crypto_openssl.c \ src/test/test_tortls_openssl.c endif diff --git a/src/test/test.c b/src/test/test.c index 3b63f1c07e..9623443057 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -866,7 +866,9 @@ struct testgroup_t testgroups[] = { { "control/event/", controller_event_tests }, { "crypto/", crypto_tests }, { "crypto/ope/", crypto_ope_tests }, +#ifdef ENABLE_OPENSSL { "crypto/openssl/", crypto_openssl_tests }, +#endif { "crypto/pem/", pem_tests }, { "dir/", dir_tests }, { "dir_handle_get/", dir_handle_get_tests }, diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index 90fb8d468b..04077b42fb 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -224,6 +224,9 @@ static void test_crypto_openssl_version(void *arg) { (void)arg; +#ifdef ENABLE_NSS + tt_skip(); +#else const char *version = crypto_openssl_get_version_str(); const char *h_version = crypto_openssl_get_header_version_str(); tt_assert(version); @@ -243,6 +246,7 @@ test_crypto_openssl_version(void *arg) tt_int_op(a, OP_GE, 0); tt_int_op(b, OP_GE, 0); tt_int_op(c, OP_GE, 0); +#endif done: ; diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c index 88b31ad9af..ca6b7b8d4d 100644 --- a/src/test/test_crypto_slow.c +++ b/src/test/test_crypto_slow.c @@ -18,7 +18,9 @@ #include <libscrypt.h> #endif +#ifdef ENABLE_OPENSSL #include <openssl/evp.h> +#endif /** Run unit tests for our secret-to-key passphrase hashing functionality. */ static void diff --git a/src/tools/include.am b/src/tools/include.am index cdd5616fb1..73ec86935f 100644 --- a/src/tools/include.am +++ b/src/tools/include.am @@ -1,7 +1,7 @@ -bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert src/tools/tor-print-ed-signing-cert +bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-print-ed-signing-cert if COVERAGE_ENABLED -noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert +noinst_PROGRAMS+= src/tools/tor-cov-resolve endif src_tools_tor_resolve_SOURCES = src/tools/tor-resolve.c @@ -20,6 +20,10 @@ src_tools_tor_cov_resolve_LDADD = \ @TOR_LIB_MATH@ @TOR_LIB_WS32@ endif +if USE_NSS +# ... +else +bin_PROGRAMS += src/tools/tor-gencert src_tools_tor_gencert_SOURCES = src/tools/tor-gencert.c src_tools_tor_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) src_tools_tor_gencert_LDADD = \ @@ -28,6 +32,7 @@ src_tools_tor_gencert_LDADD = \ $(rust_ldadd) \ @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ $(TOR_LIBS_CRYPTLIB) \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@ +endif src_tools_tor_print_ed_signing_cert_SOURCES = src/tools/tor-print-ed-signing-cert.c src_tools_tor_print_ed_signing_cert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @@ -38,7 +43,11 @@ src_tools_tor_print_ed_signing_cert_LDADD = \ @TOR_LIB_MATH@ $(TOR_LIBS_CRYPTLIB) \ @TOR_LIB_WS32@ @TOR_LIB_USERENV@ +if USE_NSS +# ... +else if COVERAGE_ENABLED +noinst_PROGRAMS += src/tools/tor-cov-gencert src_tools_tor_cov_gencert_SOURCES = src/tools/tor-gencert.c src_tools_tor_cov_gencert_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_tools_tor_cov_gencert_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) @@ -49,6 +58,7 @@ src_tools_tor_cov_gencert_LDADD = \ @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ $(TOR_LIBS_CRYPTLIB) \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ endif +endif if BUILD_LIBTORRUNNER noinst_LIBRARIES += src/tools/libtorrunner.a diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index e0ac3dec80..a498c205b7 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -17,6 +17,7 @@ #include "lib/crypt_ops/crypto_init.h" #include "lib/crypt_ops/crypto_openssl_mgt.h" +#ifdef ENABLE_OPENSSL /* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in * x509.h and x509_vfy.h. Suppress the GCC warning so we can build with * -Wredundant-decl. */ @@ -30,6 +31,7 @@ DISABLE_GCC_WARNING(redundant-decls) #include <openssl/err.h> ENABLE_GCC_WARNING(redundant-decls) +#endif #include <errno.h> |