Require OpenSSL >= 1.0.1

:packaging:Support of OpenSSL older than 1.0.1 was dropped Reviewed-by: Sumit Bose <sbose@redhat.com>
SSSD · Sep 20, 2024 · a86ee64 · a86ee64
1 parent 0e836ed
commit a86ee64
Show file tree

Hide file tree

Showing 7 changed files with 2 additions and 69 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -700,7 +700,6 @@ dist_noinst_HEADERS = \
     src/sss_iface/sss_iface_sync.h \
     src/sss_iface/sss_iface.h \
     src/util/crypto/sss_crypto.h \
-    src/util/crypto/libcrypto/sss_openssl.h \
     src/util/cert.h \
     src/util/dlinklist.h \
     src/util/debug.h \

diff --git a/src/external/crypto.m4 b/src/external/crypto.m4
@@ -1,5 +1,6 @@
 AC_DEFUN([AM_CHECK_LIBCRYPTO],
-         [PKG_CHECK_MODULES([CRYPTO],[libcrypto])
+         [PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.1], [],
+                            [AC_MSG_ERROR([Please install libcrypto version 1.0.1 or greater])])
           PKG_CHECK_MODULES([SSL],[libssl])
 ])
 

diff --git a/src/lib/certmap/sss_cert_content_crypto.c b/src/lib/certmap/sss_cert_content_crypto.c
@@ -34,13 +34,6 @@
 #include "lib/certmap/sss_certmap.h"
 #include "lib/certmap/sss_certmap_int.h"
 
-/* backward compatible macros for OpenSSL < 1.1 */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define ASN1_STRING_get0_data(o) ASN1_STRING_data(o)
-#define X509_get_extension_flags(o) ((o)->ex_flags)
-#define X509_get_key_usage(o) ((o)->ex_kusage)
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-
 #define OID_NTDS_CA_SECURITY_EXT "1.3.6.1.4.1.311.25.2"
 #define OID_NTDS_OBJECTSID "1.3.6.1.4.1.311.25.2.1"
 

diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c
@@ -132,15 +132,6 @@ static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
     return rsp;
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define TLS_client_method SSLv23_client_method
-#define X509_STORE_get0_objects(store) (store->objs)
-#define X509_OBJECT_get_type(object) (object->type)
-#define X509_OBJECT_get0_X509(object) (object->data.x509)
-#define EVP_MD_CTX_free EVP_MD_CTX_destroy
-#define X509_CRL_get0_nextUpdate(object) (object->crl->nextUpdate)
-#endif
-
 OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
                                  const char *host, const char *path,
                                  char *port, int use_ssl,
@@ -593,11 +584,7 @@ errno_t init_p11_ctx(TALLOC_CTX *mem_ctx, const char *ca_db,
 
     /* See https://wiki.openssl.org/index.php/Library_Initialization for
      * details. */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
     ret = OPENSSL_init_ssl(0, NULL);
-#else
-    ret = SSL_library_init();
-#endif
     if (ret != 1) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Failed to initialize OpenSSL.\n");
         ret = EIO;

diff --git a/src/util/cert/libcrypto/cert.c b/src/util/cert/libcrypto/cert.c
@@ -397,8 +397,6 @@ static int sss_rsa_get_key(const EVP_PKEY *cert_pub_key,
 
     const BIGNUM *tmp_n;
     const BIGNUM *tmp_e:
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
     const RSA *rsa_pub_key = NULL;
     rsa_pub_key = EVP_PKEY_get0_RSA(cert_pub_key);
     if (rsa_pub_key == NULL) {
@@ -407,10 +405,6 @@ static int sss_rsa_get_key(const EVP_PKEY *cert_pub_key,
     }
 
     RSA_get0_key(rsa_pub_key, tmp_n, tmp_e, NULL);
-#else
-    tmp_n = cert_pub_key->pkey.rsa->n;
-    tmp_e = cert_pub_key->pkey.rsa->e;
-#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
 
     *n = BN_dup(tmp_n);
     if (*n == NULL) {

diff --git a/src/util/crypto/libcrypto/crypto_sha512crypt.c b/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -29,8 +29,6 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 
-#include "sss_openssl.h"
-
 
 /* Define our magic string to mark salt for SHA512 "encryption" replacement. */
 const char sha512_salt_prefix[] = "$6$";

diff --git a/src/util/crypto/libcrypto/sss_openssl.h b/src/util/crypto/libcrypto/sss_openssl.h