CryptoPkg/TlsLib: Update TLS Wrapper to align with OpenSSL changes.

This patch update the wrapper implementation in TlsLib to align
with the latest OpenSSL-1.1.0xx API changes.

Cc: Ting Ye <ting.ye@intel.com>
Cc: Palmer Thomas <thomas.palmer@hpe.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
This commit is contained in:
Qin Long
2017-03-23 20:53:45 +08:00
parent f56b11d2cd
commit 113581e6f3
3 changed files with 30 additions and 45 deletions

View File

@@ -1,7 +1,7 @@
/** @file
SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -33,14 +33,10 @@ TlsInitialize (
// Performs initialization of crypto and ssl library, and loads required
// algorithms.
//
SSL_library_init ();
//
// Loads error strings from both crypto and ssl library.
//
SSL_load_error_strings ();
/// OpenSSL_add_all_algorithms();
OPENSSL_init_ssl (
OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
NULL
);
//
// Initialize the pseudorandom number generator.
@@ -103,34 +99,10 @@ TlsCtxNew (
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
//
// Treat as minimum accepted versions. Client can use higher
// TLS version if server supports it
// Treat as minimum accepted versions by setting the minimal bound.
// Client can use higher TLS version if server supports it
//
switch (ProtoVersion) {
case TLS1_VERSION:
//
// TLS 1.0
//
break;
case TLS1_1_VERSION:
//
// TLS 1.1
//
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1);
break;
case TLS1_2_VERSION:
//
// TLS 1.2
//
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1);
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_TLSv1_1);
break;
default:
//
// Unsupported TLS/SSL Protocol Version.
//
break;
}
SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
return (VOID *) TlsCtx;
}
@@ -219,6 +191,11 @@ TlsNew (
return NULL;
}
//
// This retains compatibility with previous version of OpenSSL.
//
SSL_set_security_level (TlsConn->Ssl, 0);
//
// Initialize the created SSL Object
//