ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later

2024-12-15 03:01:09 +08:00 · 2017-04-06 11:47:06 -07:00 · 2017-04-06 11:47:06 -07:00 · 01cbb7f4c6
commit 01cbb7f4c6
parent 46c85a32ae
1 changed files with 14 additions and 9 deletions
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@ -48,10 +48,7 @@
 #endif

 #if OPENSSL_VERSION_NUMBER >= 0x10100000
-#define ERR_remove_thread_state(x)	/* deprecated, get rid of it */
 #define ASN1_STRING_data(x)	ASN1_STRING_get0_data(x)
-#define CRYPTO_free(x)	OPENSSL_free(x)
-#define CRYPTO_NUM_LOCKS	CRYPTO_num_locks()
 #endif

 typedef SSL_CTX tlso_ctx;
@ -64,11 +61,12 @@ static void tlso_report_error( void );
 static void tlso_info_cb( const SSL *ssl, int where, int ret );
 static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
 static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
-#if OPENSSL_VERSION_NUMBER < 0x10100000
-static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
-#endif
-
 static int tlso_seed_PRNG( const char *randfile );
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+/*
+ * OpenSSL 1.1 API and later has new locking code
+*/
+static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );

 #ifdef LDAP_R_COMPILE
 /*
@ -109,6 +107,7 @@ static void tlso_thr_init( void )
 	CRYPTO_set_id_callback( tlso_thread_self );
 }
 #endif /* LDAP_R_COMPILE */
+#endif /* OpenSSL 1.1 */

 static STACK_OF(X509_NAME) *
 tlso_ca_list( char * bundle, char * dir )
@ -154,9 +153,13 @@ tlso_init( void )
 	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
 #endif

+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	SSL_load_error_strings();
 	SSL_library_init();
 	OpenSSL_add_all_digests();
+#else
+	OPENSSL_init_ssl(0, NULL);
+#endif

 	/* FIXME: mod_ssl does this */
 	X509V3_add_standard_extensions();
@ -172,6 +175,7 @@ tlso_destroy( void )
 {
 	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   

+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	EVP_cleanup();
 #if OPENSSL_VERSION_NUMBER < 0x10000000
 	ERR_remove_state(0);
@ -179,6 +183,7 @@ tlso_destroy( void )
 	ERR_remove_thread_state(NULL);
 #endif
 	ERR_free_strings();
+#endif

 	if ( lo->ldo_tls_randfile ) {
 		LDAP_FREE( lo->ldo_tls_randfile );
@ -1162,9 +1167,9 @@ tlso_verify_cb( int ok, X509_STORE_CTX *ctx )
 			certerr, 0, 0 );
 	}
 	if ( sname )
-		CRYPTO_free ( sname );
+		OPENSSL_free ( sname );
 	if ( iname )
-		CRYPTO_free ( iname );
+		OPENSSL_free ( iname );
 #ifdef HAVE_EBCDIC
 	if ( certerr ) LDAP_FREE( certerr );
 #endif