Browse code

Revert "tls: support compilation without deprecated OpenSSL APIs"

This reverts commit 234b02236b3ad13cdaf5624d11c727ad7d804747.

Victor Seva authored on 02/09/2020 12:27:26
Showing 3 changed files
... ...
@@ -27,8 +27,6 @@
27 27
 #include <stdlib.h>
28 28
 #include <openssl/ssl.h>
29 29
 #include <openssl/opensslv.h>
30
-#include <openssl/bn.h>
31
-#include <openssl/dh.h>
32 30
 
33 31
 #ifndef OPENSSL_NO_ENGINE
34 32
 #include <openssl/engine.h>
... ...
@@ -63,7 +61,7 @@ static void setup_ecdh(SSL_CTX *ctx)
63 61
 {
64 62
    EC_KEY *ecdh;
65 63
 
66
-   if (OpenSSL_version_num() < 0x1000005fL) {
64
+   if (SSLeay() < 0x1000005fL) {
67 65
       return;
68 66
    }
69 67
 
... ...
@@ -627,13 +627,14 @@ int tls_h_mod_pre_init_f(void)
627 627
 		return 0;
628 628
 	}
629 629
 	LM_DBG("preparing tls env for modules initialization\n");
630
-#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
630
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
631
+	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
632
+	OPENSSL_init_ssl(0, NULL);
633
+#else
631 634
 	LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
632 635
 	SSL_library_init();
633
-	SSL_load_error_strings();
634
-#else
635
-	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
636 636
 #endif
637
+	SSL_load_error_strings();
637 638
 	tls_mod_preinitialized=1;
638 639
 	return 0;
639 640
 }
... ...
@@ -667,7 +668,7 @@ int tls_h_mod_init_f(void)
667 668
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
668 669
 	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
669 670
 #endif
670
-	ssl_version=OpenSSL_version_num();
671
+	ssl_version=SSLeay();
671 672
 	/* check if version have the same major minor and fix level
672 673
 	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
673 674
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
... ...
@@ -679,7 +680,7 @@ int tls_h_mod_init_f(void)
679 680
 				" compiled \"%s\" (0x%08lx).\n"
680 681
 				" Please make sure a compatible version is used"
681 682
 				" (tls_force_run in kamailio.cfg will override this check)\n",
682
-				OpenSSL_version(OPENSSL_VERSION), ssl_version,
683
+				SSLeay_version(SSLEAY_VERSION), ssl_version,
683 684
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
684 685
 		if (cfg_get(tls, tls_cfg, force_run))
685 686
 			LM_WARN("tls_force_run turned on, ignoring "
... ...
@@ -856,7 +857,6 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
856 857
 void tls_h_mod_destroy_f(void)
857 858
 {
858 859
 	LM_DBG("tls module final tls destroy\n");
859
-#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
860 860
 	if(tls_mod_preinitialized > 0)
861 861
 		ERR_free_strings();
862 862
 	/* TODO: free all the ctx'es */
... ...
@@ -869,5 +869,4 @@ void tls_h_mod_destroy_f(void)
869 869
 	LM_DBG("executing openssl v1.1+ cleanup\n");
870 870
 	OPENSSL_cleanup();
871 871
 #endif
872
-#endif
873 872
 }
... ...
@@ -140,8 +140,6 @@ unsigned long sr_ssl_id_f()
140 140
 /* returns -1 on error, 0 on success */
141 141
 int tls_init_locks()
142 142
 {
143
-/* OpenSSL is thread-safe since 1.1.0 */
144
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
145 143
 	/* init "static" tls locks */
146 144
 	n_static_locks=CRYPTO_num_locks();
147 145
 	if (n_static_locks<0){
... ...
@@ -169,10 +167,13 @@ int tls_init_locks()
169 167
 		CRYPTO_set_locking_callback(locking_f);
170 168
 	}
171 169
 
170
+/* OpenSSL is thread-safe since 1.1.0 */
171
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
172 172
 	/* set "dynamic" locks callbacks */
173 173
 	CRYPTO_set_dynlock_create_callback(dyn_create_f);
174 174
 	CRYPTO_set_dynlock_lock_callback(dyn_lock_f);
175 175
 	CRYPTO_set_dynlock_destroy_callback(dyn_destroy_f);
176
+#endif
176 177
 
177 178
 	/* starting with v1.0.0 openssl does not use anymore getpid(), but address
178 179
 	 * of errno which can point to same virtual address in a multi-process
... ...
@@ -185,7 +186,6 @@ int tls_init_locks()
185 186
 	 *  (only atomic_inc), fallback to the default use-locks mode
186 187
 	 * CRYPTO_set_add_lock_callback(atomic_add_f);
187 188
 	 */
188
-#endif
189 189
 
190 190
 	return 0;
191 191
 error: