Core/Cryptography: dropped support for OpenSSL 1.1

OpenSSL 1.1 has been deprecated for quite some time now so it is time to put it to rest. Please upgrade to OpenSSL 3.x
author: Ovahlord <dreadkiller@gmx.de> 2024-05-12 15:48:39 +0200
committer: Shauren <shauren.trinity@gmail.com> 2024-05-12 15:48:39 +0200
commit: 728e7c7fcf2435172a86e621746db5218bdda0cd (patch)
tree: bea95b46f6208eac21900f854c3e7b01fef28367
parent: 500301b96256792357b13ef78d7e1836028cff26 (diff)
7 files changed, 5 insertions, 171 deletions
diff --git a/cmake/macros/FindOpenSSL.cmake b/cmake/macros/FindOpenSSL.cmake
index 8367167e60d..98788bc2986 100644
--- a/cmake/macros/FindOpenSSL.cmake
+++ b/cmake/macros/FindOpenSSL.cmake
@@ -284,7 +284,6 @@ endif ()
 
 if(HOMEBREW_PREFIX)
   list(APPEND _OPENSSL_ROOT_HINTS
-    "${HOMEBREW_PREFIX}/opt/openssl@1.1"
     "${HOMEBREW_PREFIX}/opt/openssl@3")
 endif()
 
diff --git a/src/common/Cryptography/ARC4.cpp b/src/common/Cryptography/ARC4.cpp
index 0f5d7edfc6b..0b9c4dc6b47 100644
--- a/src/common/Cryptography/ARC4.cpp
+++ b/src/common/Cryptography/ARC4.cpp
@@ -20,11 +20,7 @@
 
 Trinity::Crypto::ARC4::ARC4() : _ctx(EVP_CIPHER_CTX_new())
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     _cipher = EVP_CIPHER_fetch(nullptr, "RC4", nullptr);
-#else
-    EVP_CIPHER const* _cipher = EVP_rc4();
-#endif
 
     EVP_CIPHER_CTX_init(_ctx);
     int result = EVP_EncryptInit_ex(_ctx, _cipher, nullptr, nullptr, nullptr);
@@ -34,10 +30,7 @@ Trinity::Crypto::ARC4::ARC4() : _ctx(EVP_CIPHER_CTX_new())
 Trinity::Crypto::ARC4::~ARC4()
 {
     EVP_CIPHER_CTX_free(_ctx);
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     EVP_CIPHER_free(_cipher);
-#endif
 }
 
 void Trinity::Crypto::ARC4::Init(uint8 const* seed, size_t len)
diff --git a/src/common/Cryptography/ARC4.h b/src/common/Cryptography/ARC4.h
index faeefd5f2cc..d3a1bf18eea 100644
--- a/src/common/Cryptography/ARC4.h
+++ b/src/common/Cryptography/ARC4.h
@@ -38,9 +38,7 @@ namespace Trinity::Crypto
             template <typename Container>
             void UpdateData(Container& c) { UpdateData(std::data(c), std::size(c)); }
         private:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
             EVP_CIPHER* _cipher;
-#endif
             EVP_CIPHER_CTX* _ctx;
     };
 }
diff --git a/src/common/Cryptography/OpenSSLCrypto.cpp b/src/common/Cryptography/OpenSSLCrypto.cpp
index 2d0ccfc526f..db5e2e01533 100644
--- a/src/common/Cryptography/OpenSSLCrypto.cpp
+++ b/src/common/Cryptography/OpenSSLCrypto.cpp
@@ -17,11 +17,9 @@
 
 #include "OpenSSLCrypto.h"
 #include <openssl/crypto.h>
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
+
 OSSL_PROVIDER* LegacyProvider;
-#endif
 
 void OpenSSLCrypto::threadsSetup([[maybe_unused]] boost::filesystem::path const& providerModulePath)
 {
@@ -29,20 +27,16 @@ void OpenSSLCrypto::threadsSetup([[maybe_unused]] boost::filesystem::path const&
     ValgrindRandomSetup();
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #if TRINITY_PLATFORM == TRINITY_PLATFORM_WINDOWS
     OSSL_PROVIDER_set_default_search_path(nullptr, providerModulePath.string().c_str());
 #endif
     LegacyProvider = OSSL_PROVIDER_try_load(nullptr, "legacy", 1);
-#endif
 }
 
 void OpenSSLCrypto::threadsCleanup()
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     OSSL_PROVIDER_unload(LegacyProvider);
     OSSL_PROVIDER_set_default_search_path(nullptr, nullptr);
-#endif
 }
 
 #ifdef VALGRIND
diff --git a/src/common/Cryptography/RSA.cpp b/src/common/Cryptography/RSA.cpp
index cef03fdc1bb..106eed27374 100644
--- a/src/common/Cryptography/RSA.cpp
+++ b/src/common/Cryptography/RSA.cpp
@@ -18,28 +18,21 @@
 #include "RSA.h"
 #include "HMAC.h"
 #include "Memory.h"
+#include <openssl/core_names.h>
+#include <openssl/params.h>
 #include <openssl/pem.h>
+#include <openssl/provider.h>
 #include <algorithm>
 #include <memory>
 #include <vector>
 #include <cstring>
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#include <openssl/core_names.h>
-#include <openssl/params.h>
-#include <openssl/provider.h>
-#endif
-
 namespace
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-
 extern OSSL_DISPATCH const HMAC_SHA256_funcs[];
 extern OSSL_ALGORITHM const HMAC_SHA256_algs[];
 extern OSSL_DISPATCH const HMAC_SHA256_method[];
 
-#endif
-
 struct HMAC_SHA256_MD
 {
     struct CTX_DATA
@@ -47,95 +40,6 @@ struct HMAC_SHA256_MD
         Trinity::Crypto::HMAC_SHA256* hmac;
     };
 
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-
-    HMAC_SHA256_MD()
-    {
-        _md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption);
-        EVP_MD_meth_set_result_size(_md, Trinity::Crypto::Constants::SHA256_DIGEST_LENGTH_BYTES);
-        EVP_MD_meth_set_flags(_md, EVP_MD_FLAG_DIGALGID_ABSENT);
-        EVP_MD_meth_set_init(_md, &Init);
-        EVP_MD_meth_set_update(_md, &UpdateData);
-        EVP_MD_meth_set_final(_md, &Finalize);
-        EVP_MD_meth_set_copy(_md, &Copy);
-        EVP_MD_meth_set_cleanup(_md, &Cleanup);
-        EVP_MD_meth_set_input_blocksize(_md, SHA256_CBLOCK);
-        EVP_MD_meth_set_app_datasize(_md, sizeof(EVP_MD*) + sizeof(CTX_DATA*));
-    }
-
-    HMAC_SHA256_MD(HMAC_SHA256_MD const&) = delete;
-    HMAC_SHA256_MD(HMAC_SHA256_MD&&) = delete;
-
-    HMAC_SHA256_MD& operator=(HMAC_SHA256_MD const&) = delete;
-    HMAC_SHA256_MD& operator=(HMAC_SHA256_MD&&) = delete;
-
-    ~HMAC_SHA256_MD()
-    {
-        EVP_MD_meth_free(_md);
-        _md = nullptr;
-    }
-
-    EVP_MD* GetMd() const
-    {
-        return _md;
-    }
-
-    static int Init(EVP_MD_CTX* ctx)
-    {
-        Cleanup(ctx);
-        return 1;
-    }
-
-    static int UpdateData(EVP_MD_CTX* ctx, const void* data, size_t count)
-    {
-        CTX_DATA* ctxData = reinterpret_cast<CTX_DATA*>(EVP_MD_CTX_md_data(ctx));
-        if (!ctxData->hmac)
-            return 0;
-
-        ctxData->hmac->UpdateData(reinterpret_cast<uint8 const*>(data), count);
-        return 1;
-    }
-
-    static int Finalize(EVP_MD_CTX* ctx, unsigned char* md)
-    {
-        CTX_DATA* ctxData = reinterpret_cast<CTX_DATA*>(EVP_MD_CTX_md_data(ctx));
-        if (!ctxData->hmac)
-            return 0;
-
-        ctxData->hmac->Finalize();
-        memcpy(md, ctxData->hmac->GetDigest().data(), ctxData->hmac->GetDigest().size());
-        return 1;
-    }
-
-    // post-processing after openssl memcpys from source to dest (no need to cleanup dest)
-    static int Copy(EVP_MD_CTX* to, EVP_MD_CTX const* from)
-    {
-        CTX_DATA const* ctxDataFrom = reinterpret_cast<CTX_DATA const*>(EVP_MD_CTX_md_data(from));
-        CTX_DATA* ctxDataTo = reinterpret_cast<CTX_DATA*>(EVP_MD_CTX_md_data(to));
-
-        if (ctxDataFrom->hmac)
-            ctxDataTo->hmac = new Trinity::Crypto::HMAC_SHA256(*ctxDataFrom->hmac);
-
-        return 1;
-    }
-
-    static int Cleanup(EVP_MD_CTX* ctx)
-    {
-        CTX_DATA* data = reinterpret_cast<CTX_DATA*>(EVP_MD_CTX_md_data(ctx));
-        if (data->hmac)
-        {
-            delete data->hmac;
-            data->hmac = nullptr;
-        }
-
-        return 1;
-    }
-
-private:
-    EVP_MD* _md;
-
-#else
-
     HMAC_SHA256_MD()
     {
         _lib = OSSL_LIB_CTX_new();
@@ -273,11 +177,8 @@ private:
 private:
     OSSL_LIB_CTX* _lib;
     OSSL_PROVIDER* _handle;
-#endif
 } const HmacSha256Md;
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-
 OSSL_DISPATCH const HMAC_SHA256_funcs[] =
 {
     { OSSL_FUNC_DIGEST_NEWCTX, (void (*)())HMAC_SHA256_MD::DigestNew },
@@ -303,14 +204,11 @@ OSSL_DISPATCH const HMAC_SHA256_method[] =
     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void(*)())HMAC_SHA256_MD::QueryProvider },
     { 0, nullptr },
 };
-#endif
 
 }
 
 namespace Trinity::Crypto
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-
 void RsaSignature::DigestGenerator::EVP_MD_Deleter::operator()(EVP_MD* md) const
 {
     EVP_MD_free(md);
@@ -350,36 +248,6 @@ std::unique_ptr<OSSL_PARAM[]> RsaSignature::HMAC_SHA256::GetParams() const
     });
 }
 
-#else
-
-void RsaSignature::DigestGenerator::EVP_MD_Deleter::operator()(EVP_MD* /*md*/) const
-{
-}
-
-std::unique_ptr<EVP_MD, RsaSignature::DigestGenerator::EVP_MD_Deleter> RsaSignature::SHA256::GetGenerator() const
-{
-    return std::unique_ptr<EVP_MD, EVP_MD_Deleter>(const_cast<EVP_MD*>(EVP_sha256()));
-}
-
-void RsaSignature::SHA256::PostInitCustomizeContext(EVP_MD_CTX*)
-{
-}
-
-std::unique_ptr<EVP_MD, RsaSignature::DigestGenerator::EVP_MD_Deleter> RsaSignature::HMAC_SHA256::GetGenerator() const
-{
-    return std::unique_ptr<EVP_MD, EVP_MD_Deleter>(HmacSha256Md.GetMd());
-}
-
-void RsaSignature::HMAC_SHA256::PostInitCustomizeContext(EVP_MD_CTX* ctx)
-{
-    HMAC_SHA256_MD::CTX_DATA* ctxData = reinterpret_cast<HMAC_SHA256_MD::CTX_DATA*>(EVP_MD_CTX_md_data(ctx));
-
-    delete ctxData->hmac;
-    ctxData->hmac = new Crypto::HMAC_SHA256(_key, _keyLength);
-}
-
-#endif
-
 RsaSignature::RsaSignature() : _ctx(Impl::GenericHashImpl::MakeCTX())
 {
 }
@@ -465,16 +333,12 @@ bool RsaSignature::Sign(uint8 const* message, std::size_t messageLength, DigestG
 {
     std::unique_ptr<EVP_MD, DigestGenerator::EVP_MD_Deleter> digestGenerator = generator.GetGenerator();
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     auto keyCtx = make_unique_ptr_with_deleter(EVP_PKEY_CTX_new_from_pkey(generator.GetLib(), _key, nullptr), &EVP_PKEY_CTX_free);
     EVP_MD_CTX_set_pkey_ctx(_ctx, keyCtx.get());
 
     std::unique_ptr<OSSL_PARAM[]> params = generator.GetParams();
     int result = EVP_DigestSignInit_ex(_ctx, nullptr, EVP_MD_get0_name(digestGenerator.get()), generator.GetLib(),  nullptr, _key, params.get());
-#else
-    int result = EVP_DigestSignInit(_ctx, nullptr, digestGenerator.get(), nullptr, _key);
-    generator.PostInitCustomizeContext(_ctx);
-#endif
+
     if (result == 0)
         return false;
 
diff --git a/src/common/Cryptography/RSA.h b/src/common/Cryptography/RSA.h
index 63f6b7b393c..9eb7da2320a 100644
--- a/src/common/Cryptography/RSA.h
+++ b/src/common/Cryptography/RSA.h
@@ -43,12 +43,8 @@ public:
         virtual ~DigestGenerator() = default;
         virtual std::unique_ptr<EVP_MD, EVP_MD_Deleter> GetGenerator() const = 0;
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
         virtual OSSL_LIB_CTX* GetLib() const = 0;
         virtual std::unique_ptr<OSSL_PARAM[]> GetParams() const = 0;
-#else
-        virtual void PostInitCustomizeContext(EVP_MD_CTX* ctx) = 0;
-#endif
     };
 
     class TC_COMMON_API SHA256 : public DigestGenerator
@@ -56,12 +52,8 @@ public:
     public:
         std::unique_ptr<EVP_MD, EVP_MD_Deleter> GetGenerator() const override;
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
         OSSL_LIB_CTX* GetLib() const override;
         std::unique_ptr<OSSL_PARAM[]> GetParams() const override;
-#else
-        void PostInitCustomizeContext(EVP_MD_CTX* ctx) override;
-#endif
     };
 
     class TC_COMMON_API HMAC_SHA256 : public DigestGenerator
@@ -71,12 +63,8 @@ public:
 
         std::unique_ptr<EVP_MD, EVP_MD_Deleter> GetGenerator() const override;
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
         OSSL_LIB_CTX* GetLib() const override;
         std::unique_ptr<OSSL_PARAM[]> GetParams() const override;
-#else
-        void PostInitCustomizeContext(EVP_MD_CTX* ctx) override;
-#endif
 
     private:
         uint8 const* _key;
diff --git a/src/server/bnetserver/Server/SslContext.cpp b/src/server/bnetserver/Server/SslContext.cpp
index c59e897ffbd..e9192475a62 100644
--- a/src/server/bnetserver/Server/SslContext.cpp
+++ b/src/server/bnetserver/Server/SslContext.cpp
@@ -51,10 +51,8 @@ auto OpenOpenSSLStore(boost::filesystem::path const& storePath, UI_METHOD const*
 boost::system::error_code GetLastOpenSSLError()
 {
     auto ossl_error = ::ERR_get_error();
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     if (ERR_SYSTEM_ERROR(ossl_error))
         return boost::system::error_code(static_cast<int>(::ERR_GET_REASON(ossl_error)), boost::asio::error::get_system_category());
-#endif
 
     return boost::system::error_code(static_cast<int>(ossl_error), boost::asio::error::get_ssl_category());
 }
author	Ovahlord <dreadkiller@gmx.de>	2024-05-12 15:48:39 +0200
committer	Shauren <shauren.trinity@gmail.com>	2024-05-12 15:48:39 +0200
commit	728e7c7fcf2435172a86e621746db5218bdda0cd (patch)
tree	bea95b46f6208eac21900f854c3e7b01fef28367
parent	500301b96256792357b13ef78d7e1836028cff26 (diff)