Merge remote-tracking branch 'github/ticket19429_034'

author: Nick Mathewson <nickm@torproject.org> 2018-04-30 09:41:33 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-04-30 09:41:33 -0400
commit: a9736f1f3800a7f10de72c6c847e48a502dd5643 (patch)
tree: 46692363006e2bedacc932ef986bb8f4882778c9 /src
parent: cb0af6157c0acbd0a30c20f8f0a3b9d4d1f402ad (diff)
parent: d6a773f57d7d91e9a98444b048ed779120f14dfd (diff)
download: tor-a9736f1f3800a7f10de72c6c847e48a502dd5643.tar.gz
tor-a9736f1f3800a7f10de72c6c847e48a502dd5643.zip
4 files changed, 61 insertions, 19 deletions
diff --git a/src/common/aes.c b/src/common/aes.c
index 5d0841dfa3..95737cffcc 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -116,7 +116,11 @@ aes_cipher_free_(aes_cnt_cipher_t *cipher_)
   if (!cipher_)
     return;
   EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+  EVP_CIPHER_CTX_reset(cipher);
+#else
   EVP_CIPHER_CTX_cleanup(cipher);
+#endif
   EVP_CIPHER_CTX_free(cipher);
 }
 void
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 9fcd17742c..c98a968757 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -43,6 +43,7 @@ DISABLE_GCC_WARNING(redundant-decls)
 #include <openssl/dh.h>
 #include <openssl/conf.h>
 #include <openssl/hmac.h>
+#include <openssl/ssl.h>
 
 ENABLE_GCC_WARNING(redundant-decls)
 
@@ -204,8 +205,15 @@ crypto_early_init(void)
 
     crypto_early_initialized_ = 1;
 
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
+                     OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
+                     OPENSSL_INIT_ADD_ALL_CIPHERS |
+                     OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+#else
     ERR_load_crypto_strings();
     OpenSSL_add_all_algorithms();
+#endif
 
     setup_openssl_threading();
 
@@ -1660,11 +1668,15 @@ memwipe(void *mem, uint8_t byte, size_t sz)
 int
 crypto_global_cleanup(void)
 {
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
   EVP_cleanup();
+#endif
 #ifndef NEW_THREAD_API
   ERR_remove_thread_state(NULL);
 #endif
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
   ERR_free_strings();
+#endif
 
   if (dh_param_p)
     BN_clear_free(dh_param_p);
@@ -1676,11 +1688,15 @@ crypto_global_cleanup(void)
   dh_param_p = dh_param_p_tls = dh_param_g = NULL;
 
 #ifndef DISABLE_ENGINES
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
   ENGINE_cleanup();
 #endif
+#endif
 
   CONF_modules_unload(1);
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
   CRYPTO_cleanup_all_ex_data();
+#endif
 
   crypto_openssl_free_all();
 
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 05e29e22ff..cd236363f8 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -56,10 +56,25 @@ ENABLE_GCC_WARNING(redundant-decls)
 #include "container.h"
 #include <string.h>
 
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+#define X509_get_notBefore_const(cert) \
+    X509_get0_notBefore(cert)
+#define X509_get_notAfter_const(cert) \
+    X509_get0_notAfter(cert)
+#ifndef X509_get_notBefore
+#define X509_get_notBefore(cert) \
+    X509_getm_notBefore(cert)
+#endif
+#ifndef X509_get_notAfter
+#define X509_get_notAfter(cert) \
+    X509_getm_notAfter(cert)
+#endif
+#else /* ! OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) */
 #define X509_get_notBefore_const(cert) \
   ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert))
 #define X509_get_notAfter_const(cert) \
   ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
+#endif
 
 /* Copied from or.h */
 #define LEGAL_NICKNAME_CHARACTERS \
@@ -355,8 +370,12 @@ tor_tls_init(void)
   check_no_tls_errors();
 
   if (!tls_library_is_initialized) {
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+#else
     SSL_library_init();
     SSL_load_error_strings();
+#endif
 
 #if (SIZEOF_VOID_P >= 8 &&                              \
      OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index 29f7cc9c37..ef1be139a6 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -203,6 +203,17 @@ test_tortls_tor_tls_get_error(void *data)
 }
 
 static void
+library_init(void)
+{
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+  OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+#else
+  SSL_library_init();
+  SSL_load_error_strings();
+#endif
+}
+
+static void
 test_tortls_get_state_description(void *ignored)
 {
   (void)ignored;
@@ -210,9 +221,7 @@ test_tortls_get_state_description(void *ignored)
   char *buf;
   SSL_CTX *ctx;
 
-  SSL_library_init();
-  SSL_load_error_strings();
-
+  library_init();
   ctx = SSL_CTX_new(SSLv23_method());
 
   buf = tor_malloc_zero(1000);
@@ -274,8 +283,7 @@ test_tortls_get_by_ssl(void *ignored)
   SSL_CTX *ctx;
   SSL *ssl;
 
-  SSL_library_init();
-  SSL_load_error_strings();
+  library_init();
   tor_tls_allocate_tor_tls_object_ex_data_index();
 
   ctx = SSL_CTX_new(SSLv23_method());
@@ -322,8 +330,7 @@ test_tortls_log_one_error(void *ignored)
   SSL_CTX *ctx;
   SSL *ssl = NULL;
 
-  SSL_library_init();
-  SSL_load_error_strings();
+  library_init();
 
   ctx = SSL_CTX_new(SSLv23_method());
   tls = tor_malloc_zero(sizeof(tor_tls_t));
@@ -415,8 +422,7 @@ test_tortls_get_error(void *ignored)
   int ret;
   SSL_CTX *ctx;
 
-  SSL_library_init();
-  SSL_load_error_strings();
+  library_init();
 
   ctx = SSL_CTX_new(SSLv23_method());
   setup_capture_of_logs(LOG_INFO);
@@ -792,8 +798,8 @@ test_tortls_classify_client_ciphers(void *ignored)
   STACK_OF(SSL_CIPHER) *ciphers;
   SSL_CIPHER *tmp_cipher;
 
-  SSL_library_init();
-  SSL_load_error_strings();
+  library_init();
+
   tor_tls_allocate_tor_tls_object_ex_data_index();
 
   tls = tor_malloc_zero(sizeof(tor_tls_t));
@@ -897,8 +903,7 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
   SSL_SESSION *sess;
   STACK_OF(SSL_CIPHER) *ciphers;
 
-  SSL_library_init();
-  SSL_load_error_strings();
+  library_init();
 
   ctx = SSL_CTX_new(TLSv1_method());
   ssl = SSL_new(ctx);
@@ -1541,8 +1546,8 @@ test_tortls_session_secret_cb(void *ignored)
   STACK_OF(SSL_CIPHER) *ciphers = NULL;
   SSL_CIPHER *one;
 
-  SSL_library_init();
-  SSL_load_error_strings();
+  library_init();
+
   tor_tls_allocate_tor_tls_object_ex_data_index();
 
   tls = tor_malloc_zero(sizeof(tor_tls_t));
@@ -1733,8 +1738,7 @@ test_tortls_find_cipher_by_id(void *ignored)
   fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
   fixed_cipher2->id = 0xC00A;
 
-  SSL_library_init();
-  SSL_load_error_strings();
+  library_init();
 
   ctx = SSL_CTX_new(m);
   ssl = SSL_new(ctx);
@@ -1825,8 +1829,7 @@ test_tortls_server_info_callback(void *ignored)
   SSL_CTX *ctx;
   SSL *ssl;
 
-  SSL_library_init();
-  SSL_load_error_strings();
+  library_init();
 
   ctx = SSL_CTX_new(TLSv1_method());
   ssl = SSL_new(ctx);
author	Nick Mathewson <nickm@torproject.org>	2018-04-30 09:41:33 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-04-30 09:41:33 -0400
commit	a9736f1f3800a7f10de72c6c847e48a502dd5643 (patch)
tree	46692363006e2bedacc932ef986bb8f4882778c9 /src
parent	cb0af6157c0acbd0a30c20f8f0a3b9d4d1f402ad (diff)
parent	d6a773f57d7d91e9a98444b048ed779120f14dfd (diff)
download	tor-a9736f1f3800a7f10de72c6c847e48a502dd5643.tar.gz tor-a9736f1f3800a7f10de72c6c847e48a502dd5643.zip