diff options
author | Nick Mathewson <nickm@torproject.org> | 2018-04-18 12:31:24 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2018-04-18 12:31:24 -0400 |
commit | a15b2c57e1f901c531a5f063513a541adb418ae1 (patch) | |
tree | 09b5402461a963d741ce77302c4245b198c1e28b /src | |
parent | 8e562874a42a1a3eb982ba2df3ff1f3860db0d31 (diff) | |
download | tor-a15b2c57e1f901c531a5f063513a541adb418ae1.tar.gz tor-a15b2c57e1f901c531a5f063513a541adb418ae1.zip |
Add support for openssl built with "no-deprecated".
Patch from Andrew John Hughes; partial fix for 19981.
Diffstat (limited to 'src')
-rw-r--r-- | src/common/aes.c | 4 | ||||
-rw-r--r-- | src/common/crypto.c | 16 | ||||
-rw-r--r-- | src/common/tortls.c | 15 |
3 files changed, 35 insertions, 0 deletions
diff --git a/src/common/aes.c b/src/common/aes.c index 5d0841dfa3..95737cffcc 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -116,7 +116,11 @@ aes_cipher_free_(aes_cnt_cipher_t *cipher_) if (!cipher_) return; EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) + EVP_CIPHER_CTX_reset(cipher); +#else EVP_CIPHER_CTX_cleanup(cipher); +#endif EVP_CIPHER_CTX_free(cipher); } void diff --git a/src/common/crypto.c b/src/common/crypto.c index 9fcd17742c..c98a968757 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -43,6 +43,7 @@ DISABLE_GCC_WARNING(redundant-decls) #include <openssl/dh.h> #include <openssl/conf.h> #include <openssl/hmac.h> +#include <openssl/ssl.h> ENABLE_GCC_WARNING(redundant-decls) @@ -204,8 +205,15 @@ crypto_early_init(void) crypto_early_initialized_ = 1; +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | + OPENSSL_INIT_LOAD_CRYPTO_STRINGS | + OPENSSL_INIT_ADD_ALL_CIPHERS | + OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); +#else ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); +#endif setup_openssl_threading(); @@ -1660,11 +1668,15 @@ memwipe(void *mem, uint8_t byte, size_t sz) int crypto_global_cleanup(void) { +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) EVP_cleanup(); +#endif #ifndef NEW_THREAD_API ERR_remove_thread_state(NULL); #endif +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) ERR_free_strings(); +#endif if (dh_param_p) BN_clear_free(dh_param_p); @@ -1676,11 +1688,15 @@ crypto_global_cleanup(void) dh_param_p = dh_param_p_tls = dh_param_g = NULL; #ifndef DISABLE_ENGINES +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) ENGINE_cleanup(); #endif +#endif CONF_modules_unload(1); +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) CRYPTO_cleanup_all_ex_data(); +#endif crypto_openssl_free_all(); diff --git a/src/common/tortls.c b/src/common/tortls.c index 05e29e22ff..23bcd85281 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -56,10 +56,21 @@ ENABLE_GCC_WARNING(redundant-decls) #include "container.h" #include <string.h> +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) +#define X509_get_notBefore_const(cert) \ + X509_get0_notBefore(cert) +#define X509_get_notAfter_const(cert) \ + X509_get0_notAfter(cert) +#define X509_get_notBefore(cert) \ + X509_getm_notBefore(cert) +#define X509_get_notAfter(cert) \ + X509_getm_notAfter(cert) +#else #define X509_get_notBefore_const(cert) \ ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert)) #define X509_get_notAfter_const(cert) \ ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert)) +#endif /* Copied from or.h */ #define LEGAL_NICKNAME_CHARACTERS \ @@ -355,8 +366,12 @@ tor_tls_init(void) check_no_tls_errors(); if (!tls_library_is_initialized) { +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); +#else SSL_library_init(); SSL_load_error_strings(); +#endif #if (SIZEOF_VOID_P >= 8 && \ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) |