aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorYawning Angel <yawning@schwanenlied.me>2015-11-06 19:02:56 +0000
committerYawning Angel <yawning@schwanenlied.me>2015-11-06 19:02:56 +0000
commit3e3ec750cd72fe1c946d8da6e4f07d87efe3d8ac (patch)
treed51a63ed99eeaa191a2147d6b729a732a80a2597 /src
parent5a370618859573ed1eb5dabbe0ed2e773a579817 (diff)
downloadtor-3e3ec750cd72fe1c946d8da6e4f07d87efe3d8ac.tar.gz
tor-3e3ec750cd72fe1c946d8da6e4f07d87efe3d8ac.zip
Fix compilation with OpenSSL 1.1.0-dev.
OpenSSL changed the API: * https://github.com/openssl/openssl/commit/5998e2903589e7b19e102ebff06521f2dcb60409 * https://github.com/openssl/openssl/commit/b0700d2c8de79252ba605748a075cf2e5d670da1
Diffstat (limited to 'src')
-rw-r--r--src/common/crypto.c29
-rw-r--r--src/common/tortls.c27
2 files changed, 45 insertions, 11 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 7b38568360..e50a69f538 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -227,7 +227,11 @@ const char *
crypto_openssl_get_version_str(void)
{
if (crypto_openssl_version_str == NULL) {
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ const char *raw_version = OpenSSL_version(OPENSSL_VERSION);
+#else
const char *raw_version = SSLeay_version(SSLEAY_VERSION);
+#endif
crypto_openssl_version_str = parse_openssl_version_str(raw_version);
}
return crypto_openssl_version_str;
@@ -251,11 +255,17 @@ crypto_openssl_get_header_version_str(void)
static int
crypto_force_rand_ssleay(void)
{
- if (RAND_get_rand_method() != RAND_SSLeay()) {
+ RAND_METHOD *default_method;
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ default_method = RAND_OpenSSL();
+#else
+ default_method = RAND_SSLeay();
+#endif
+ if (RAND_get_rand_method() != default_method) {
log_notice(LD_CRYPTO, "It appears that one of our engines has provided "
"a replacement the OpenSSL RNG. Resetting it to the default "
"implementation.");
- RAND_set_rand_method(RAND_SSLeay());
+ RAND_set_rand_method(default_method);
return 1;
}
return 0;
@@ -291,16 +301,23 @@ crypto_early_init(void)
setup_openssl_threading();
- if (SSLeay() == OPENSSL_VERSION_NUMBER &&
- !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ unsigned long version_num = OpenSSL_version_num();
+ const char *version_str = OpenSSL_version(OPENSSL_VERSION);
+#else
+ unsigned long version_num = SSLeay();
+ const char *version_str = SSLeay_version(SSLEAY_VERSION);
+#endif
+ if (version_num == OPENSSL_VERSION_NUMBER &&
+ !strcmp(version_str, OPENSSL_VERSION_TEXT)) {
log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
- "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));
+ "(%lx: %s).", version_num, version_str);
} else {
log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
"version we're running with. If you get weird crashes, that "
"might be why. (Compiled with %lx: %s; running with %lx: %s).",
(unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
- SSLeay(), SSLeay_version(SSLEAY_VERSION));
+ version_num, version_str);
}
crypto_force_rand_ssleay();
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 1057cf40f0..cd36f9cc0b 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -384,7 +384,11 @@ tor_tls_init(void)
#if (SIZEOF_VOID_P >= 8 && \
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ long version = OpenSSL_version_num();
+#else
long version = SSLeay();
+#endif
/* LCOV_EXCL_START : we can't test these lines on the same machine */
if (version >= OPENSSL_V_SERIES(1,0,1)) {
@@ -1525,7 +1529,6 @@ STATIC void
tor_tls_server_info_callback(const SSL *ssl, int type, int val)
{
tor_tls_t *tls;
- int ssl_state;
(void) val;
tor_tls_debug_state_callback(ssl, type, val);
@@ -1533,10 +1536,16 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
if (type != SSL_CB_ACCEPT_LOOP)
return;
- ssl_state = SSL_state(ssl);
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ OSSL_HANDSHAKE_STATE ssl_state = SSL_get_state(ssl);
+ if (ssl_state == TLS_ST_SW_SRVR_HELLO)
+ return;
+#else
+ int ssl_state = SSL_state(ssl);
if ((ssl_state != SSL3_ST_SW_SRVR_HELLO_A) &&
(ssl_state != SSL3_ST_SW_SRVR_HELLO_B))
return;
+#endif
tls = tor_tls_get_by_ssl(ssl);
if (tls) {
/* Check whether we're watching for renegotiates. If so, this is one! */
@@ -1892,13 +1901,16 @@ int
tor_tls_handshake(tor_tls_t *tls)
{
int r;
- int oldstate;
tor_assert(tls);
tor_assert(tls->ssl);
tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);
check_no_tls_errors();
- oldstate = SSL_state(tls->ssl);
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ OSSL_HANDSHAKE_STATE oldstate = SSL_get_state(tls->ssl);
+#else
+ int oldstate = SSL_state(tls->ssl);
+#endif
if (tls->isServer) {
log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,
SSL_state_string_long(tls->ssl));
@@ -1908,7 +1920,12 @@ tor_tls_handshake(tor_tls_t *tls)
SSL_state_string_long(tls->ssl));
r = SSL_connect(tls->ssl);
}
- if (oldstate != SSL_state(tls->ssl))
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ OSSL_HANDSHAKE_STATE newstate = SSL_get_state(tls->ssl);
+#else
+ int newstate = SSL_state(tls->ssl);
+#endif
+ if (oldstate != newstate)
log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
tls, SSL_state_string_long(tls->ssl));
/* We need to call this here and not earlier, since OpenSSL has a penchant