Require OpenSSL 1.1.0 or later.

This gets rid of some backwards compatibility code, and avoids calling
deprecated OpenSSL functions.

diff --git a/README b/README
index 127cde2..2f78561 100644 (file)
--- a/README
+++ b/README
@@ -69,7 +69,7 @@ Requirements
 ------------
 
 The OpenSSL library is used for all cryptographic functions. You can find it at
 ------------
 
 The OpenSSL library is used for all cryptographic functions. You can find it at

-https://www.openssl.org/. You will need version 1.0.1 or later with support for
+https://www.openssl.org/. You will need version 1.1.0 or later with support for

 AES256 and SHA256 enabled. If this library is not installed on your system, the
 configure script will fail.  The manual in doc/tinc.texi contains more detailed
 information on how to install this library. Alternatively, you may also use the
 AES256 and SHA256 enabled. If this library is not installed on your system, the
 configure script will fail.  The manual in doc/tinc.texi contains more detailed
 information on how to install this library. Alternatively, you may also use the

diff --git a/m4/openssl.m4 b/m4/openssl.m4
index 895c31a..99023c2 100644 (file)
--- a/m4/openssl.m4
+++ b/m4/openssl.m4
@@ -35,24 +35,15 @@ AC_DEFUN([tinc_OPENSSL],
      LDFLAGS="$LDFLAGS -L$withval"]
   )
 
      LDFLAGS="$LDFLAGS -L$withval"]
   )
 

-  AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h,
+  AC_CHECK_HEADERS([openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h],

     [],
     [AC_MSG_ERROR([LibreSSL/OpenSSL header files not found.]); break]
   )
 
     [],
     [AC_MSG_ERROR([LibreSSL/OpenSSL header files not found.]); break]
   )
 

-  AC_CHECK_LIB(crypto, EVP_EncryptInit_ex,
+  AC_CHECK_LIB(crypto, OPENSSL_init_crypto,

     [LIBS="-lcrypto $LIBS"],
     [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
   )
 
     [LIBS="-lcrypto $LIBS"],
     [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
   )
 

-  AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
-    [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
-  )
-
-  AC_CHECK_DECLS([OpenSSL_add_all_algorithms, EVP_aes_256_cfb], ,
-    [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
-    [#include <openssl/evp.h>]
-  )
-
-  AC_CHECK_FUNCS([BN_GENCB_new RSA_set0_key], , , [#include <openssl/rsa.h>])
+  AC_DEFINE(HAVE_OPENSSL, 1, [enable OpenSSL support])

 ])
 ])

diff --git a/src/connection.h b/src/connection.h
index d619e85..629e16b 100644 (file)
--- a/src/connection.h
+++ b/src/connection.h
@@ -24,10 +24,6 @@
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 

-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_cleanup(c)
-#endif
-

 #include "avl_tree.h"
 
 #define OPTION_INDIRECT         0x0001
 #include "avl_tree.h"
 
 #define OPTION_INDIRECT         0x0001

diff --git a/src/net_setup.c b/src/net_setup.c
index f26007b..501fecd 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -49,18 +49,6 @@
 char *myport;
 devops_t devops;
 
 char *myport;
 devops_t devops;
 

-#ifndef HAVE_RSA_SET0_KEY
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
-       BN_free(r->n);
-       r->n = n;
-       BN_free(r->e);
-       r->e = e;
-       BN_free(r->d);
-       r->d = d;
-       return 1;
-}
-#endif
-

 bool read_rsa_public_key(connection_t *c) {
        FILE *fp;
        char *pubname;
 bool read_rsa_public_key(connection_t *c) {
        FILE *fp;
        char *pubname;

diff --git a/src/tincd.c b/src/tincd.c
index 066ad9c..c1f2e5a 100644 (file)
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -37,9 +37,7 @@
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>

-#ifndef OPENSSL_NO_ENGINE

 #include <openssl/engine.h>
 #include <openssl/engine.h>

-#endif

 #include <openssl/bn.h>
 
 #ifdef HAVE_LZO
 #include <openssl/bn.h>
 
 #ifdef HAVE_LZO


@@ -404,16 +402,6 @@ static int indicator(int a, int b, BN_GENCB *cb) {
        return 1;
 }
 
        return 1;
 }
 

-#ifndef HAVE_BN_GENCB_NEW
-BN_GENCB *BN_GENCB_new(void) {
-       return xmalloc_and_zero(sizeof(BN_GENCB));
-}
-
-void BN_GENCB_free(BN_GENCB *cb) {
-       free(cb);
-}
-#endif
-

 /*
   Generate a public/private RSA keypair, and ask for a file to store
   them in.
 /*
   Generate a public/private RSA keypair, and ask for a file to store
   them in.


@@ -688,14 +676,7 @@ int main(int argc, char **argv) {
 
        init_configuration(&config_tree);
 
 
        init_configuration(&config_tree);
 

-#ifndef OPENSSL_NO_ENGINE

        ENGINE_load_builtin_engines();
        ENGINE_load_builtin_engines();

-       ENGINE_register_all_complete();
-#endif
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-       OpenSSL_add_all_algorithms();
-#endif

 
        if(generate_keys) {
                read_server_config();
 
        if(generate_keys) {
                read_server_config();


@@ -814,14 +795,6 @@ end:
 
        free(priority);
 
 
        free(priority);
 

-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-       EVP_cleanup();
-       ERR_free_strings();
-#ifndef OPENSSL_NO_ENGINE
-       ENGINE_cleanup();
-#endif
-#endif
-

        exit_configuration(&config_tree);
        list_delete_list(cmdline_conf);
        free_names();
        exit_configuration(&config_tree);
        list_delete_list(cmdline_conf);
        free_names();