From: Guus Sliepen Date: Tue, 27 Jul 2021 13:10:15 +0000 (+0200) Subject: Require OpenSSL 1.1.0 or later. X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=HEAD;p=tinc Require OpenSSL 1.1.0 or later. This gets rid of some backwards compatibility code, and avoids calling deprecated OpenSSL functions. --- diff --git a/README b/README index 127cde2e..2f785613 100644 --- a/README +++ b/README @@ -69,7 +69,7 @@ Requirements ------------ The OpenSSL library is used for all cryptographic functions. You can find it at -https://www.openssl.org/. You will need version 1.0.1 or later with support for +https://www.openssl.org/. You will need version 1.1.0 or later with support for AES256 and SHA256 enabled. If this library is not installed on your system, the configure script will fail. The manual in doc/tinc.texi contains more detailed information on how to install this library. Alternatively, you may also use the diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 895c31aa..99023c24 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -35,24 +35,15 @@ AC_DEFUN([tinc_OPENSSL], LDFLAGS="$LDFLAGS -L$withval"] ) - AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h, + AC_CHECK_HEADERS([openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h], [], [AC_MSG_ERROR([LibreSSL/OpenSSL header files not found.]); break] ) - AC_CHECK_LIB(crypto, EVP_EncryptInit_ex, + AC_CHECK_LIB(crypto, OPENSSL_init_crypto, [LIBS="-lcrypto $LIBS"], [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])] ) - AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], , - [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], - ) - - AC_CHECK_DECLS([OpenSSL_add_all_algorithms, EVP_aes_256_cfb], , - [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], - [#include ] - ) - - AC_CHECK_FUNCS([BN_GENCB_new RSA_set0_key], , , [#include ]) + AC_DEFINE(HAVE_OPENSSL, 1, [enable OpenSSL support]) ]) diff --git a/src/connection.h b/src/connection.h index d619e85c..629e16b9 100644 --- a/src/connection.h +++ b/src/connection.h @@ -24,10 +24,6 @@ #include #include -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_cleanup(c) -#endif - #include "avl_tree.h" #define OPTION_INDIRECT 0x0001 diff --git a/src/net_setup.c b/src/net_setup.c index f26007bd..501fecd3 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -49,18 +49,6 @@ char *myport; devops_t devops; -#ifndef HAVE_RSA_SET0_KEY -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { - BN_free(r->n); - r->n = n; - BN_free(r->e); - r->e = e; - BN_free(r->d); - r->d = d; - return 1; -} -#endif - bool read_rsa_public_key(connection_t *c) { FILE *fp; char *pubname; diff --git a/src/tincd.c b/src/tincd.c index 066ad9c8..c1f2e5a2 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -37,9 +37,7 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE #include -#endif #include #ifdef HAVE_LZO @@ -404,16 +402,6 @@ static int indicator(int a, int b, BN_GENCB *cb) { return 1; } -#ifndef HAVE_BN_GENCB_NEW -BN_GENCB *BN_GENCB_new(void) { - return xmalloc_and_zero(sizeof(BN_GENCB)); -} - -void BN_GENCB_free(BN_GENCB *cb) { - free(cb); -} -#endif - /* Generate a public/private RSA keypair, and ask for a file to store them in. @@ -688,14 +676,7 @@ int main(int argc, char **argv) { init_configuration(&config_tree); -#ifndef OPENSSL_NO_ENGINE ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -#endif - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - OpenSSL_add_all_algorithms(); -#endif if(generate_keys) { read_server_config(); @@ -814,14 +795,6 @@ end: free(priority); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_cleanup(); - ERR_free_strings(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif -#endif - exit_configuration(&config_tree); list_delete_list(cmdline_conf); free_names();