Add support for openssl built with "no-deprecated".

Patch from Andrew John Hughes; partial fix for 19981.

Add support for openssl built with "no-deprecated".
a15b2c57 · Nick Mathewson · 8e562874 · a15b2c57 · a15b2c57 · a15b2c57
Commit a15b2c57 authored 6 years ago by Nick Mathewson
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -116,7 +116,11 @@ aes_cipher_free_(aes_cnt_cipher_t *cipher_)
  if (!cipher_)
    return;
  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+  EVP_CIPHER_CTX_reset(cipher);
+#else
  EVP_CIPHER_CTX_cleanup(cipher);
+#endif
  EVP_CIPHER_CTX_free(cipher);
 }
 void

--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -43,6 +43,7 @@ DISABLE_GCC_WARNING(redundant-decls)
 #include <openssl/dh.h>
 #include <openssl/conf.h>
 #include <openssl/hmac.h>
+#include <openssl/ssl.h>

 ENABLE_GCC_WARNING(redundant-decls)

@@ -204,8 +205,15 @@ crypto_early_init(void)

    crypto_early_initialized_ = 1;

+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
+                     OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
+                     OPENSSL_INIT_ADD_ALL_CIPHERS |
+                     OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+#else
    ERR_load_crypto_strings();
    OpenSSL_add_all_algorithms();
+#endif

    setup_openssl_threading();

@@ -1660,11 +1668,15 @@ memwipe(void *mem, uint8_t byte, size_t sz)
 int
 crypto_global_cleanup(void)
 {
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
  EVP_cleanup();
+#endif
 #ifndef NEW_THREAD_API
  ERR_remove_thread_state(NULL);
 #endif
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
  ERR_free_strings();
+#endif

  if (dh_param_p)
    BN_clear_free(dh_param_p);
@@ -1676,11 +1688,15 @@ crypto_global_cleanup(void)
  dh_param_p = dh_param_p_tls = dh_param_g = NULL;

 #ifndef DISABLE_ENGINES
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
  ENGINE_cleanup();
+#endif
 #endif

  CONF_modules_unload(1);
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
  CRYPTO_cleanup_all_ex_data();
+#endif

  crypto_openssl_free_all();


--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -56,10 +56,21 @@ ENABLE_GCC_WARNING(redundant-decls)
 #include "container.h"
 #include <string.h>

+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+#define X509_get_notBefore_const(cert) \
+    X509_get0_notBefore(cert)
+#define X509_get_notAfter_const(cert) \
+    X509_get0_notAfter(cert)
+#define X509_get_notBefore(cert) \
+    X509_getm_notBefore(cert)
+#define X509_get_notAfter(cert) \
+    X509_getm_notAfter(cert)
+#else
 #define X509_get_notBefore_const(cert) \
  ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert))
 #define X509_get_notAfter_const(cert) \
  ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
+#endif

 /* Copied from or.h */
 #define LEGAL_NICKNAME_CHARACTERS \
@@ -355,8 +366,12 @@ tor_tls_init(void)
  check_no_tls_errors();

  if (!tls_library_is_initialized) {
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+#else
    SSL_library_init();
    SSL_load_error_strings();
+#endif

 #if (SIZEOF_VOID_P >= 8 &&                              \
     OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))