ITS#8533 OpenSSL 1.1.0c compat

[openldap] / libraries / libldap / tls_o.c

diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 7b9cafc1e96d6b5eb82cde568fc17cb5bc3a982f..1b63bfb7cf6e613eae9d9149147835397728464d 100644 (file)
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2008-2014 The OpenLDAP Foundation.
+ * Copyright 2008-2017 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -47,6 +47,13 @@
 #include <ssl.h>
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#define ERR_remove_thread_state(x)     /* deprecated, get rid of it */
+#define ASN1_STRING_data(x)    ASN1_STRING_get0_data(x)
+#define CRYPTO_free(x) OPENSSL_free(x)
+#define CRYPTO_NUM_LOCKS       CRYPTO_num_locks()
+#endif
+
 typedef SSL_CTX tlso_ctx;
 typedef SSL tlso_session;
 
@@ -57,7 +64,9 @@ static void tlso_report_error( void );
 static void tlso_info_cb( const SSL *ssl, int where, int ret );
 static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
 static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
+#endif
 
 static int tlso_seed_PRNG( const char *randfile );
 
@@ -164,7 +173,11 @@ tlso_destroy( void )
        struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
 
        EVP_cleanup();
+#if OPENSSL_VERSION_NUMBER < 0x10000000
        ERR_remove_state(0);
+#else
+       ERR_remove_thread_state(NULL);
+#endif
        ERR_free_strings();
 
        if ( lo->ldo_tls_randfile ) {
@@ -183,7 +196,10 @@ static void
 tlso_ctx_ref( tls_ctx *ctx )
 {
        tlso_ctx *c = (tlso_ctx *)ctx;
-       CRYPTO_add( &c->references, 1, CRYPTO_LOCK_SSL_CTX );
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+#define        SSL_CTX_up_ref(ctx)     CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
+#endif
+       SSL_CTX_up_ref( c );
 }
 
 static void
@@ -367,7 +383,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
        SSL_CTX_set_verify( ctx, i,
                lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?
                tlso_verify_ok : tlso_verify_cb );
+#if OPENSSL_VERSION_NUMBER < 0x10100000
        SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb );
+#endif
 #ifdef HAVE_OPENSSL_CRL
        if ( lo->ldo_tls_crlcheck ) {
                X509_STORE *x509_s = SSL_CTX_get_cert_store( ctx );
@@ -462,8 +480,17 @@ tlso_session_my_dn( tls_session *sess, struct berval *der_dn )
        if (!x) return LDAP_INVALID_CREDENTIALS;
        
        xn = X509_get_subject_name(x);
+#if OPENSSL_VERSION_NUMBER < 0x10100000
        der_dn->bv_len = i2d_X509_NAME( xn, NULL );
        der_dn->bv_val = xn->bytes->data;
+#else
+       {
+               size_t len = 0;
+               der_dn->bv_val = NULL;
+               X509_NAME_get0_der( xn, (const unsigned char **)&der_dn->bv_val, &len );
+               der_dn->bv_len = len;
+       }
+#endif
        /* Don't X509_free, the session is still using it */
        return 0;
 }
@@ -489,8 +516,17 @@ tlso_session_peer_dn( tls_session *sess, struct berval *der_dn )
                return LDAP_INVALID_CREDENTIALS;
 
        xn = X509_get_subject_name(x);
+#if OPENSSL_VERSION_NUMBER < 0x10100000
        der_dn->bv_len = i2d_X509_NAME( xn, NULL );
        der_dn->bv_val = xn->bytes->data;
+#else
+       {
+               size_t len = 0;
+               der_dn->bv_val = NULL;
+               X509_NAME_get0_der( xn, (const unsigned char **)&der_dn->bv_val, &len );
+               der_dn->bv_len = len;
+       }
+#endif
        X509_free(x);
        return 0;
 }
@@ -630,7 +666,7 @@ tlso_session_chkhost( LDAP *ld, tls_session *sess, const char *name_in )
                navas = X509_NAME_entry_count( xn );
                for ( i=navas-1; i>=0; i-- ) {
                        ne = X509_NAME_get_entry( xn, i );
-                       if ( !OBJ_cmp( ne->object, obj )) {
+                       if ( !OBJ_cmp( X509_NAME_ENTRY_get_object(ne), obj )) {
                                cn = X509_NAME_ENTRY_get_data( ne );
                                break;
                        }
@@ -745,12 +781,17 @@ struct tls_data {
        Sockbuf_IO_Desc         *sbiod;
 };
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+#define BIO_set_init(b, x)     b->init = x
+#define BIO_set_data(b, x)     b->ptr = x
+#define BIO_clear_flags(b, x)  b->flags &= ~(x)
+#define BIO_get_data(b)        b->ptr
+#endif
 static int
 tlso_bio_create( BIO *b ) {
-       b->init = 1;
-       b->num = 0;
-       b->ptr = NULL;
-       b->flags = 0;
+       BIO_set_init( b, 1 );
+       BIO_set_data( b, NULL );
+       BIO_clear_flags( b, ~0 );
        return 1;
 }
 
@@ -759,9 +800,9 @@ tlso_bio_destroy( BIO *b )
 {
        if ( b == NULL ) return 0;
 
-       b->ptr = NULL;          /* sb_tls_remove() will free it */
-       b->init = 0;
-       b->flags = 0;
+       BIO_set_data( b, NULL );                /* sb_tls_remove() will free it */
+       BIO_set_init( b, 0 );
+       BIO_clear_flags( b, ~0 );
        return 1;
 }
 
@@ -773,7 +814,7 @@ tlso_bio_read( BIO *b, char *buf, int len )
                
        if ( buf == NULL || len <= 0 ) return 0;
 
-       p = (struct tls_data *)b->ptr;
+       p = (struct tls_data *)BIO_get_data(b);
 
        if ( p == NULL || p->sbiod == NULL ) {
                return 0;
@@ -800,7 +841,7 @@ tlso_bio_write( BIO *b, const char *buf, int len )
        
        if ( buf == NULL || len <= 0 ) return 0;
        
-       p = (struct tls_data *)b->ptr;
+       p = (struct tls_data *)BIO_get_data(b);
 
        if ( p == NULL || p->sbiod == NULL ) {
                return 0;
@@ -840,7 +881,22 @@ tlso_bio_puts( BIO *b, const char *str )
 {
        return tlso_bio_write( b, str, strlen( str ) );
 }
-       
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+struct bio_method_st {
+    int type;
+    const char *name;
+    int (*bwrite) (BIO *, const char *, int);
+    int (*bread) (BIO *, char *, int);
+    int (*bputs) (BIO *, const char *);
+    int (*bgets) (BIO *, char *, int);
+    long (*ctrl) (BIO *, int, long, void *);
+    int (*create) (BIO *);
+    int (*destroy) (BIO *);
+    long (*callback_ctrl) (BIO *, int, bio_info_cb *);
+};
+#endif
+
 static BIO_METHOD tlso_bio_method =
 {
        ( 100 | 0x400 ),                /* it's a source/sink BIO */
@@ -870,7 +926,7 @@ tlso_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg )
        p->session = arg;
        p->sbiod = sbiod;
        bio = BIO_new( &tlso_bio_method );
-       bio->ptr = (void *)p;
+       BIO_set_data( bio, p );
        SSL_set_bio( p->session, bio, bio );
        sbiod->sbiod_pvt = p;
        return 0;
@@ -1142,6 +1198,7 @@ tlso_report_error( void )
        }
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 static RSA *
 tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
 {
@@ -1172,6 +1229,7 @@ tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
        }
        return tmp_rsa;
 }
+#endif /* OPENSSL_VERSION_NUMBER < 1.1 */
 
 static int
 tlso_seed_PRNG( const char *randfile )