From: Quanah Gibson-Mount Date: Thu, 6 Apr 2017 18:47:06 +0000 (-0700) Subject: ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL... X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=01cbb7f4c6326f053d3daf317d0cc0b26a1b02fe;p=openldap ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later --- diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c index b1893a3c43..3aa628ec82 100644 --- a/libraries/libldap/tls_o.c +++ b/libraries/libldap/tls_o.c @@ -48,10 +48,7 @@ #endif #if OPENSSL_VERSION_NUMBER >= 0x10100000 -#define ERR_remove_thread_state(x) /* deprecated, get rid of it */ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) -#define CRYPTO_free(x) OPENSSL_free(x) -#define CRYPTO_NUM_LOCKS CRYPTO_num_locks() #endif typedef SSL_CTX tlso_ctx; @@ -64,11 +61,12 @@ static void tlso_report_error( void ); static void tlso_info_cb( const SSL *ssl, int where, int ret ); static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx ); static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx ); +static int tlso_seed_PRNG( const char *randfile ); #if OPENSSL_VERSION_NUMBER < 0x10100000 +/* + * OpenSSL 1.1 API and later has new locking code +*/ static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length ); -#endif - -static int tlso_seed_PRNG( const char *randfile ); #ifdef LDAP_R_COMPILE /* @@ -109,6 +107,7 @@ static void tlso_thr_init( void ) CRYPTO_set_id_callback( tlso_thread_self ); } #endif /* LDAP_R_COMPILE */ +#endif /* OpenSSL 1.1 */ static STACK_OF(X509_NAME) * tlso_ca_list( char * bundle, char * dir ) @@ -154,9 +153,13 @@ tlso_init( void ) (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_digests(); +#else + OPENSSL_init_ssl(0, NULL); +#endif /* FIXME: mod_ssl does this */ X509V3_add_standard_extensions(); @@ -172,6 +175,7 @@ tlso_destroy( void ) { struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT(); +#if OPENSSL_VERSION_NUMBER < 0x10100000 EVP_cleanup(); #if OPENSSL_VERSION_NUMBER < 0x10000000 ERR_remove_state(0); @@ -179,6 +183,7 @@ tlso_destroy( void ) ERR_remove_thread_state(NULL); #endif ERR_free_strings(); +#endif if ( lo->ldo_tls_randfile ) { LDAP_FREE( lo->ldo_tls_randfile ); @@ -1162,9 +1167,9 @@ tlso_verify_cb( int ok, X509_STORE_CTX *ctx ) certerr, 0, 0 ); } if ( sname ) - CRYPTO_free ( sname ); + OPENSSL_free ( sname ); if ( iname ) - CRYPTO_free ( iname ); + OPENSSL_free ( iname ); #ifdef HAVE_EBCDIC if ( certerr ) LDAP_FREE( certerr ); #endif