From a86ee649ac7cd80cfb3c1b50ae728fbf12d1b92a Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 18 Sep 2024 17:40:35 +0200 Subject: [PATCH] Require OpenSSL >= 1.0.1 :packaging:Support of OpenSSL older than 1.0.1 was dropped Reviewed-by: Sumit Bose --- Makefile.am | 1 - src/external/crypto.m4 | 3 +- src/lib/certmap/sss_cert_content_crypto.c | 7 ---- src/p11_child/p11_child_openssl.c | 13 ------- src/util/cert/libcrypto/cert.c | 6 --- .../crypto/libcrypto/crypto_sha512crypt.c | 2 - src/util/crypto/libcrypto/sss_openssl.h | 39 ------------------- 7 files changed, 2 insertions(+), 69 deletions(-) delete mode 100644 src/util/crypto/libcrypto/sss_openssl.h diff --git a/Makefile.am b/Makefile.am index 01e21792f94..61e34bbcf3f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -700,7 +700,6 @@ dist_noinst_HEADERS = \ src/sss_iface/sss_iface_sync.h \ src/sss_iface/sss_iface.h \ src/util/crypto/sss_crypto.h \ - src/util/crypto/libcrypto/sss_openssl.h \ src/util/cert.h \ src/util/dlinklist.h \ src/util/debug.h \ diff --git a/src/external/crypto.m4 b/src/external/crypto.m4 index b21645d17a7..284d15b269d 100644 --- a/src/external/crypto.m4 +++ b/src/external/crypto.m4 @@ -1,5 +1,6 @@ AC_DEFUN([AM_CHECK_LIBCRYPTO], - [PKG_CHECK_MODULES([CRYPTO],[libcrypto]) + [PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.1], [], + [AC_MSG_ERROR([Please install libcrypto version 1.0.1 or greater])]) PKG_CHECK_MODULES([SSL],[libssl]) ]) diff --git a/src/lib/certmap/sss_cert_content_crypto.c b/src/lib/certmap/sss_cert_content_crypto.c index 6141aa7bad1..e73f1f35a75 100644 --- a/src/lib/certmap/sss_cert_content_crypto.c +++ b/src/lib/certmap/sss_cert_content_crypto.c @@ -34,13 +34,6 @@ #include "lib/certmap/sss_certmap.h" #include "lib/certmap/sss_certmap_int.h" -/* backward compatible macros for OpenSSL < 1.1 */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#define ASN1_STRING_get0_data(o) ASN1_STRING_data(o) -#define X509_get_extension_flags(o) ((o)->ex_flags) -#define X509_get_key_usage(o) ((o)->ex_kusage) -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - #define OID_NTDS_CA_SECURITY_EXT "1.3.6.1.4.1.311.25.2" #define OID_NTDS_OBJECTSID "1.3.6.1.4.1.311.25.2.1" diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c index c88f07e4e82..41992637fdb 100644 --- a/src/p11_child/p11_child_openssl.c +++ b/src/p11_child/p11_child_openssl.c @@ -132,15 +132,6 @@ static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, return rsp; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#define TLS_client_method SSLv23_client_method -#define X509_STORE_get0_objects(store) (store->objs) -#define X509_OBJECT_get_type(object) (object->type) -#define X509_OBJECT_get0_X509(object) (object->data.x509) -#define EVP_MD_CTX_free EVP_MD_CTX_destroy -#define X509_CRL_get0_nextUpdate(object) (object->crl->nextUpdate) -#endif - OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host, const char *path, char *port, int use_ssl, @@ -593,11 +584,7 @@ errno_t init_p11_ctx(TALLOC_CTX *mem_ctx, const char *ca_db, /* See https://wiki.openssl.org/index.php/Library_Initialization for * details. */ -#if OPENSSL_VERSION_NUMBER >= 0x10100000L ret = OPENSSL_init_ssl(0, NULL); -#else - ret = SSL_library_init(); -#endif if (ret != 1) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to initialize OpenSSL.\n"); ret = EIO; diff --git a/src/util/cert/libcrypto/cert.c b/src/util/cert/libcrypto/cert.c index 249b59c1fae..c6594497e78 100644 --- a/src/util/cert/libcrypto/cert.c +++ b/src/util/cert/libcrypto/cert.c @@ -397,8 +397,6 @@ static int sss_rsa_get_key(const EVP_PKEY *cert_pub_key, const BIGNUM *tmp_n; const BIGNUM *tmp_e: - -#if OPENSSL_VERSION_NUMBER >= 0x10100000L const RSA *rsa_pub_key = NULL; rsa_pub_key = EVP_PKEY_get0_RSA(cert_pub_key); if (rsa_pub_key == NULL) { @@ -407,10 +405,6 @@ static int sss_rsa_get_key(const EVP_PKEY *cert_pub_key, } RSA_get0_key(rsa_pub_key, tmp_n, tmp_e, NULL); -#else - tmp_n = cert_pub_key->pkey.rsa->n; - tmp_e = cert_pub_key->pkey.rsa->e; -#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ *n = BN_dup(tmp_n); if (*n == NULL) { diff --git a/src/util/crypto/libcrypto/crypto_sha512crypt.c b/src/util/crypto/libcrypto/crypto_sha512crypt.c index c816d26f184..8b080ec5828 100644 --- a/src/util/crypto/libcrypto/crypto_sha512crypt.c +++ b/src/util/crypto/libcrypto/crypto_sha512crypt.c @@ -29,8 +29,6 @@ #include #include -#include "sss_openssl.h" - /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; diff --git a/src/util/crypto/libcrypto/sss_openssl.h b/src/util/crypto/libcrypto/sss_openssl.h deleted file mode 100644 index a2e2d8523e0..00000000000 --- a/src/util/crypto/libcrypto/sss_openssl.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - Authors: - Lukas Slebodnik - - Copyright (C) 2016 Red Hat - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef _SSS_LIBCRYTPO_SSS_OPENSSL_H_ -#define _SSS_LIBCRYTPO_SSS_OPENSSL_H_ - -#include - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - -/* EVP_MD_CTX_create and EVP_MD_CTX_destroy are deprecated macros - * in openssl-1.1 but openssl-1.0 does not know anything about - * newly added functions EVP_MD_CTX_new, EVP_MD_CTX_free in 1.1 - */ - -# define EVP_MD_CTX_new() EVP_MD_CTX_create() -# define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy((ctx)) - -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - - -#endif /* _SSS_LIBCRYTPO_SSS_OPENSSL_H_ */