diff options
author | Qin Long <qin.long@intel.com> | 2017-03-23 20:53:45 +0800 |
---|---|---|
committer | Qin Long <qin.long@intel.com> | 2017-03-29 16:19:55 +0800 |
commit | 113581e6f32da3b08274ddb626b2c936a091f749 (patch) | |
tree | f67f9a6143f704da2585e39b896cc21d2387afcd /CryptoPkg/Library/TlsLib/TlsInit.c | |
parent | f56b11d2cd4d878d66edfe1a0c606a6b60b2df5c (diff) | |
download | edk2-113581e6f32da3b08274ddb626b2c936a091f749.tar.gz edk2-113581e6f32da3b08274ddb626b2c936a091f749.tar.bz2 edk2-113581e6f32da3b08274ddb626b2c936a091f749.zip |
CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes.
This patch update the wrapper implementation in TlsLib to align
with the latest OpenSSL-1.1.0xx API changes.
Cc: Ting Ye <ting.ye@intel.com>
Cc: Palmer Thomas <thomas.palmer@hpe.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Diffstat (limited to 'CryptoPkg/Library/TlsLib/TlsInit.c')
-rw-r--r-- | CryptoPkg/Library/TlsLib/TlsInit.c | 51 |
1 files changed, 14 insertions, 37 deletions
diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c b/CryptoPkg/Library/TlsLib/TlsInit.c index 6b1fd93ea9..f32148ac9a 100644 --- a/CryptoPkg/Library/TlsLib/TlsInit.c +++ b/CryptoPkg/Library/TlsLib/TlsInit.c @@ -1,7 +1,7 @@ /** @file SSL/TLS Initialization Library Wrapper Implementation over OpenSSL. -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -33,14 +33,10 @@ TlsInitialize ( // Performs initialization of crypto and ssl library, and loads required // algorithms. // - SSL_library_init (); - - // - // Loads error strings from both crypto and ssl library. - // - SSL_load_error_strings (); - - /// OpenSSL_add_all_algorithms(); + OPENSSL_init_ssl ( + OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, + NULL + ); // // Initialize the pseudorandom number generator. @@ -103,34 +99,10 @@ TlsCtxNew ( SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3); // - // Treat as minimum accepted versions. Client can use higher - // TLS version if server supports it - // - switch (ProtoVersion) { - case TLS1_VERSION: - // - // TLS 1.0 - // - break; - case TLS1_1_VERSION: - // - // TLS 1.1 - // - SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1); - break; - case TLS1_2_VERSION: - // - // TLS 1.2 - // - SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1); - SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1_1); - break; - default: - // - // Unsupported TLS/SSL Protocol Version. - // - break; - } + // Treat as minimum accepted versions by setting the minimal bound. + // Client can use higher TLS version if server supports it + // + SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion); return (VOID *) TlsCtx; } @@ -220,6 +192,11 @@ TlsNew ( } // + // This retains compatibility with previous version of OpenSSL. + // + SSL_set_security_level (TlsConn->Ssl, 0); + + // // Initialize the created SSL Object // SSL_set_info_callback (TlsConn->Ssl, NULL); |