Core/Cryptography: dropped support for OpenSSL 1.1

OpenSSL 1.1 has been deprecated for quite some time now so it is time to put it to rest. Please upgrade to OpenSSL 3.x
2026-01-15 23:20:36 +01:00 · 2024-05-12 15:48:39 +02:00
parent 500301b962
commit 728e7c7fcf
7 changed files with 5 additions and 171 deletions
--- a/cmake/macros/FindOpenSSL.cmake
+++ b/cmake/macros/FindOpenSSL.cmake
@@ -284,7 +284,6 @@ endif ()

 if(HOMEBREW_PREFIX)
  list(APPEND _OPENSSL_ROOT_HINTS
-    "${HOMEBREW_PREFIX}/opt/openssl@1.1"
    "${HOMEBREW_PREFIX}/opt/openssl@3")
 endif()

--- a/src/common/Cryptography/ARC4.cpp
+++ b/src/common/Cryptography/ARC4.cpp
@@ -20,11 +20,7 @@

 Trinity::Crypto::ARC4::ARC4() : _ctx(EVP_CIPHER_CTX_new())
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
    _cipher = EVP_CIPHER_fetch(nullptr, "RC4", nullptr);
-#else
-    EVP_CIPHER const* _cipher = EVP_rc4();
-#endif

    EVP_CIPHER_CTX_init(_ctx);
    int result = EVP_EncryptInit_ex(_ctx, _cipher, nullptr, nullptr, nullptr);
@@ -34,10 +30,7 @@ Trinity::Crypto::ARC4::ARC4() : _ctx(EVP_CIPHER_CTX_new())
 Trinity::Crypto::ARC4::~ARC4()
 {
    EVP_CIPHER_CTX_free(_ctx);
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
    EVP_CIPHER_free(_cipher);
-#endif
 }

 void Trinity::Crypto::ARC4::Init(uint8 const* seed, size_t len)
--- a/src/common/Cryptography/ARC4.h
+++ b/src/common/Cryptography/ARC4.h
@@ -38,9 +38,7 @@ namespace Trinity::Crypto
            template <typename Container>
            void UpdateData(Container& c) { UpdateData(std::data(c), std::size(c)); }
        private:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
            EVP_CIPHER* _cipher;
-#endif
            EVP_CIPHER_CTX* _ctx;
    };
 }
--- a/src/common/Cryptography/OpenSSLCrypto.cpp
+++ b/src/common/Cryptography/OpenSSLCrypto.cpp
@@ -17,11 +17,9 @@

 #include "OpenSSLCrypto.h"
 #include <openssl/crypto.h>
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
+
 OSSL_PROVIDER* LegacyProvider;
-#endif

 void OpenSSLCrypto::threadsSetup([[maybe_unused]] boost::filesystem::path const& providerModulePath)
 {
@@ -29,20 +27,16 @@ void OpenSSLCrypto::threadsSetup([[maybe_unused]] boost::filesystem::path const&
    ValgrindRandomSetup();
 #endif

-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #if TRINITY_PLATFORM == TRINITY_PLATFORM_WINDOWS
    OSSL_PROVIDER_set_default_search_path(nullptr, providerModulePath.string().c_str());
 #endif
    LegacyProvider = OSSL_PROVIDER_try_load(nullptr, "legacy", 1);
-#endif
 }

 void OpenSSLCrypto::threadsCleanup()
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
    OSSL_PROVIDER_unload(LegacyProvider);
    OSSL_PROVIDER_set_default_search_path(nullptr, nullptr);
-#endif
 }

 #ifdef VALGRIND
--- a/src/common/Cryptography/RSA.cpp
+++ b/src/common/Cryptography/RSA.cpp
@@ -18,28 +18,21 @@
 #include "RSA.h"
 #include "HMAC.h"
 #include "Memory.h"
+#include <openssl/core_names.h>
+#include <openssl/params.h>
 #include <openssl/pem.h>
+#include <openssl/provider.h>
 #include <algorithm>
 #include <memory>
 #include <vector>
 #include <cstring>

-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#include <openssl/core_names.h>
-#include <openssl/params.h>
-#include <openssl/provider.h>
-#endif
-
 namespace
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-
 extern OSSL_DISPATCH const HMAC_SHA256_funcs[];
 extern OSSL_ALGORITHM const HMAC_SHA256_algs[];
 extern OSSL_DISPATCH const HMAC_SHA256_method[];

-#endif
-
 struct HMAC_SHA256_MD
 {
    struct CTX_DATA
@@ -47,95 +40,6 @@ struct HMAC_SHA256_MD
        Trinity::Crypto::HMAC_SHA256* hmac;
    };

-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-
-    HMAC_SHA256_MD()
-    {
-        _md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption);
-        EVP_MD_meth_set_result_size(_md, Trinity::Crypto::Constants::SHA256_DIGEST_LENGTH_BYTES);
-        EVP_MD_meth_set_flags(_md, EVP_MD_FLAG_DIGALGID_ABSENT);
-        EVP_MD_meth_set_init(_md, &Init);
-        EVP_MD_meth_set_update(_md, &UpdateData);
-        EVP_MD_meth_set_final(_md, &Finalize);
-        EVP_MD_meth_set_copy(_md, &Copy);
-        EVP_MD_meth_set_cleanup(_md, &Cleanup);
-        EVP_MD_meth_set_input_blocksize(_md, SHA256_CBLOCK);
-        EVP_MD_meth_set_app_datasize(_md, sizeof(EVP_MD*) + sizeof(CTX_DATA*));
-    }
-
-    HMAC_SHA256_MD(HMAC_SHA256_MD const&) = delete;
-    HMAC_SHA256_MD(HMAC_SHA256_MD&&) = delete;
-
-    HMAC_SHA256_MD& operator=(HMAC_SHA256_MD const&) = delete;
-    HMAC_SHA256_MD& operator=(HMAC_SHA256_MD&&) = delete;
-
-    ~HMAC_SHA256_MD()
-    {
-        EVP_MD_meth_free(_md);
-        _md = nullptr;
-    }
-
-    EVP_MD* GetMd() const
-    {
-        return _md;
-    }
-
-    static int Init(EVP_MD_CTX* ctx)
-    {
-        Cleanup(ctx);
-        return 1;
-    }
-
-    static int UpdateData(EVP_MD_CTX* ctx, const void* data, size_t count)
-    {
-        CTX_DATA* ctxData = reinterpret_cast<CTX_DATA*>(EVP_MD_CTX_md_data(ctx));
-        if (!ctxData->hmac)
-            return 0;
-
-        ctxData->hmac->UpdateData(reinterpret_cast<uint8 const*>(data), count);
-        return 1;
-    }
-
-    static int Finalize(EVP_MD_CTX* ctx, unsigned char* md)
-    {
-        CTX_DATA* ctxData = reinterpret_cast<CTX_DATA*>(EVP_MD_CTX_md_data(ctx));
-        if (!ctxData->hmac)
-            return 0;
-
-        ctxData->hmac->Finalize();
-        memcpy(md, ctxData->hmac->GetDigest().data(), ctxData->hmac->GetDigest().size());
-        return 1;
-    }
-
-    // post-processing after openssl memcpys from source to dest (no need to cleanup dest)
-    static int Copy(EVP_MD_CTX* to, EVP_MD_CTX const* from)
-    {
-        CTX_DATA const* ctxDataFrom = reinterpret_cast<CTX_DATA const*>(EVP_MD_CTX_md_data(from));
-        CTX_DATA* ctxDataTo = reinterpret_cast<CTX_DATA*>(EVP_MD_CTX_md_data(to));
-
-        if (ctxDataFrom->hmac)
-            ctxDataTo->hmac = new Trinity::Crypto::HMAC_SHA256(*ctxDataFrom->hmac);
-
-        return 1;
-    }
-
-    static int Cleanup(EVP_MD_CTX* ctx)
-    {
-        CTX_DATA* data = reinterpret_cast<CTX_DATA*>(EVP_MD_CTX_md_data(ctx));
-        if (data->hmac)
-        {
-            delete data->hmac;
-            data->hmac = nullptr;
-        }
-
-        return 1;
-    }
-
-private:
-    EVP_MD* _md;
-
-#else
-
    HMAC_SHA256_MD()
    {
        _lib = OSSL_LIB_CTX_new();
@@ -273,11 +177,8 @@ private:
 private:
    OSSL_LIB_CTX* _lib;
    OSSL_PROVIDER* _handle;
-#endif
 } const HmacSha256Md;

-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-
 OSSL_DISPATCH const HMAC_SHA256_funcs[] =
 {
    { OSSL_FUNC_DIGEST_NEWCTX, (void (*)())HMAC_SHA256_MD::DigestNew },
@@ -303,14 +204,11 @@ OSSL_DISPATCH const HMAC_SHA256_method[] =
    { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void(*)())HMAC_SHA256_MD::QueryProvider },
    { 0, nullptr },
 };
-#endif

 }

 namespace Trinity::Crypto
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-
 void RsaSignature::DigestGenerator::EVP_MD_Deleter::operator()(EVP_MD* md) const
 {
    EVP_MD_free(md);
@@ -350,36 +248,6 @@ std::unique_ptr<OSSL_PARAM[]> RsaSignature::HMAC_SHA256::GetParams() const
    });
 }

-#else
-
-void RsaSignature::DigestGenerator::EVP_MD_Deleter::operator()(EVP_MD* /*md*/) const
-{
-}
-
-std::unique_ptr<EVP_MD, RsaSignature::DigestGenerator::EVP_MD_Deleter> RsaSignature::SHA256::GetGenerator() const
-{
-    return std::unique_ptr<EVP_MD, EVP_MD_Deleter>(const_cast<EVP_MD*>(EVP_sha256()));
-}
-
-void RsaSignature::SHA256::PostInitCustomizeContext(EVP_MD_CTX*)
-{
-}
-
-std::unique_ptr<EVP_MD, RsaSignature::DigestGenerator::EVP_MD_Deleter> RsaSignature::HMAC_SHA256::GetGenerator() const
-{
-    return std::unique_ptr<EVP_MD, EVP_MD_Deleter>(HmacSha256Md.GetMd());
-}
-
-void RsaSignature::HMAC_SHA256::PostInitCustomizeContext(EVP_MD_CTX* ctx)
-{
-    HMAC_SHA256_MD::CTX_DATA* ctxData = reinterpret_cast<HMAC_SHA256_MD::CTX_DATA*>(EVP_MD_CTX_md_data(ctx));
-
-    delete ctxData->hmac;
-    ctxData->hmac = new Crypto::HMAC_SHA256(_key, _keyLength);
-}
-
-#endif
-
 RsaSignature::RsaSignature() : _ctx(Impl::GenericHashImpl::MakeCTX())
 {
 }
@@ -465,16 +333,12 @@ bool RsaSignature::Sign(uint8 const* message, std::size_t messageLength, DigestG
 {
    std::unique_ptr<EVP_MD, DigestGenerator::EVP_MD_Deleter> digestGenerator = generator.GetGenerator();

-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
    auto keyCtx = make_unique_ptr_with_deleter(EVP_PKEY_CTX_new_from_pkey(generator.GetLib(), _key, nullptr), &EVP_PKEY_CTX_free);
    EVP_MD_CTX_set_pkey_ctx(_ctx, keyCtx.get());

    std::unique_ptr<OSSL_PARAM[]> params = generator.GetParams();
    int result = EVP_DigestSignInit_ex(_ctx, nullptr, EVP_MD_get0_name(digestGenerator.get()), generator.GetLib(),  nullptr, _key, params.get());
-#else
-    int result = EVP_DigestSignInit(_ctx, nullptr, digestGenerator.get(), nullptr, _key);
-    generator.PostInitCustomizeContext(_ctx);
-#endif
+
    if (result == 0)
        return false;

--- a/src/common/Cryptography/RSA.h
+++ b/src/common/Cryptography/RSA.h
@@ -43,12 +43,8 @@ public:
        virtual ~DigestGenerator() = default;
        virtual std::unique_ptr<EVP_MD, EVP_MD_Deleter> GetGenerator() const = 0;

-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
        virtual OSSL_LIB_CTX* GetLib() const = 0;
        virtual std::unique_ptr<OSSL_PARAM[]> GetParams() const = 0;
-#else
-        virtual void PostInitCustomizeContext(EVP_MD_CTX* ctx) = 0;
-#endif
    };

    class TC_COMMON_API SHA256 : public DigestGenerator
@@ -56,12 +52,8 @@ public:
    public:
        std::unique_ptr<EVP_MD, EVP_MD_Deleter> GetGenerator() const override;

-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
        OSSL_LIB_CTX* GetLib() const override;
        std::unique_ptr<OSSL_PARAM[]> GetParams() const override;
-#else
-        void PostInitCustomizeContext(EVP_MD_CTX* ctx) override;
-#endif
    };

    class TC_COMMON_API HMAC_SHA256 : public DigestGenerator
@@ -71,12 +63,8 @@ public:

        std::unique_ptr<EVP_MD, EVP_MD_Deleter> GetGenerator() const override;

-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
        OSSL_LIB_CTX* GetLib() const override;
        std::unique_ptr<OSSL_PARAM[]> GetParams() const override;
-#else
-        void PostInitCustomizeContext(EVP_MD_CTX* ctx) override;
-#endif

    private:
        uint8 const* _key;
--- a/src/server/bnetserver/Server/SslContext.cpp
+++ b/src/server/bnetserver/Server/SslContext.cpp
@@ -51,10 +51,8 @@ auto OpenOpenSSLStore(boost::filesystem::path const& storePath, UI_METHOD const*
 boost::system::error_code GetLastOpenSSLError()
 {
    auto ossl_error = ::ERR_get_error();
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
    if (ERR_SYSTEM_ERROR(ossl_error))
        return boost::system::error_code(static_cast<int>(::ERR_GET_REASON(ossl_error)), boost::asio::error::get_system_category());
-#endif

    return boost::system::error_code(static_cast<int>(ossl_error), boost::asio::error::get_ssl_category());
 }