build: require OpenSSL >= 1.1.1
Change-Id: I17a09ac60b867617af7a49fe19ab6e906dc14f61
diff --git a/docs/INSTALL.rst b/docs/INSTALL.rst
index d97236d..3fb4e59 100644
--- a/docs/INSTALL.rst
+++ b/docs/INSTALL.rst
@@ -36,7 +36,7 @@
- Python >= 3.6
- pkg-config
- Boost >= 1.65.1
-- OpenSSL >= 1.0.2
+- OpenSSL >= 1.1.1
- SQLite 3.x
To build ndn-cxx from source, one must first install a C++ compiler and all necessary
diff --git a/ndn-cxx/security/impl/openssl-helper.cpp b/ndn-cxx/security/impl/openssl-helper.cpp
index cff01b1..c9c0cbf 100644
--- a/ndn-cxx/security/impl/openssl-helper.cpp
+++ b/ndn-cxx/security/impl/openssl-helper.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -37,13 +37,12 @@
return EVP_sha384();
case DigestAlgorithm::SHA512:
return EVP_sha512();
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_BLAKE2)
+#ifndef OPENSSL_NO_BLAKE2
case DigestAlgorithm::BLAKE2B_512:
return EVP_blake2b512();
case DigestAlgorithm::BLAKE2S_256:
return EVP_blake2s256();
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10101001L
case DigestAlgorithm::SHA3_224:
return EVP_sha3_224();
case DigestAlgorithm::SHA3_256:
@@ -52,29 +51,19 @@
return EVP_sha3_384();
case DigestAlgorithm::SHA3_512:
return EVP_sha3_512();
-#endif
default:
return nullptr;
}
}
int
-getEvpPkeyType(EVP_PKEY* key)
+getEvpPkeyType(const EVP_PKEY* key)
{
- return
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- EVP_PKEY_type(key->type);
-#else
- EVP_PKEY_base_id(key);
-#endif
+ return EVP_PKEY_base_id(key);
}
EvpMdCtx::EvpMdCtx()
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- : m_ctx(EVP_MD_CTX_create())
-#else
: m_ctx(EVP_MD_CTX_new())
-#endif
{
if (m_ctx == nullptr)
NDN_THROW(std::runtime_error("EVP_MD_CTX creation failed"));
@@ -82,11 +71,7 @@
EvpMdCtx::~EvpMdCtx()
{
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- EVP_MD_CTX_destroy(m_ctx);
-#else
EVP_MD_CTX_free(m_ctx);
-#endif
}
EvpPkeyCtx::EvpPkeyCtx(EVP_PKEY* key)
@@ -108,7 +93,7 @@
EVP_PKEY_CTX_free(m_ctx);
}
-Bio::Bio(Bio::MethodPtr method)
+Bio::Bio(const BIO_METHOD* method)
: m_bio(BIO_new(method))
{
if (m_bio == nullptr)
diff --git a/ndn-cxx/security/impl/openssl-helper.hpp b/ndn-cxx/security/impl/openssl-helper.hpp
index 647bba4..c1da8b8 100644
--- a/ndn-cxx/security/impl/openssl-helper.hpp
+++ b/ndn-cxx/security/impl/openssl-helper.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -33,7 +33,7 @@
digestAlgorithmToEvpMd(DigestAlgorithm algo);
NDN_CXX_NODISCARD int
-getEvpPkeyType(EVP_PKEY* key);
+getEvpPkeyType(const EVP_PKEY* key);
class EvpMdCtx : noncopyable
{
@@ -74,14 +74,8 @@
class Bio : noncopyable
{
public:
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- using MethodPtr = BIO_METHOD*;
-#else
- using MethodPtr = const BIO_METHOD*;
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
-
explicit
- Bio(MethodPtr method);
+ Bio(const BIO_METHOD* method);
~Bio();
diff --git a/ndn-cxx/security/transform/private-key.cpp b/ndn-cxx/security/transform/private-key.cpp
index 63e3854..b2e2aad 100644
--- a/ndn-cxx/security/transform/private-key.cpp
+++ b/ndn-cxx/security/transform/private-key.cpp
@@ -51,18 +51,6 @@
namespace security {
namespace transform {
-static void
-opensslInitAlgorithms()
-{
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- static bool isInitialized = false;
- if (!isInitialized) {
- OpenSSL_add_all_algorithms();
- isInitialized = true;
- }
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
-}
-
class PrivateKey::Impl : noncopyable
{
public:
@@ -73,10 +61,6 @@
public:
EVP_PKEY* key = nullptr;
-
-#if OPENSSL_VERSION_NUMBER < 0x1010100fL
- size_t keySize = 0; // in bits, used only for HMAC
-#endif
};
PrivateKey::PrivateKey()
@@ -112,13 +96,9 @@
case KeyType::EC:
return static_cast<size_t>(EVP_PKEY_bits(m_impl->key));
case KeyType::HMAC: {
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
size_t nBytes = 0;
EVP_PKEY_get_raw_private_key(m_impl->key, nullptr, &nBytes);
return nBytes * 8;
-#else
- return m_impl->keySize;
-#endif
}
default:
return 0;
@@ -132,15 +112,8 @@
NDN_THROW(Error("Digest is not supported for key type " +
boost::lexical_cast<std::string>(getKeyType())));
- const uint8_t* buf = nullptr;
size_t len = 0;
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
- buf = EVP_PKEY_get0_hmac(m_impl->key, &len);
-#else
- const auto* octstr = reinterpret_cast<ASN1_OCTET_STRING*>(EVP_PKEY_get0(m_impl->key));
- buf = octstr->data;
- len = octstr->length;
-#endif
+ const uint8_t* buf = EVP_PKEY_get0_hmac(m_impl->key, &len);
if (buf == nullptr)
NDN_THROW(Error("Failed to obtain raw key pointer"));
if (len * 8 != getKeySize())
@@ -165,25 +138,15 @@
NDN_THROW(std::invalid_argument("Unsupported key type " + boost::lexical_cast<std::string>(type)));
}
- m_impl->key =
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
- EVP_PKEY_new_raw_private_key(pkeyType, nullptr, buf.data(), buf.size());
-#else
- EVP_PKEY_new_mac_key(pkeyType, nullptr, buf.data(), static_cast<int>(buf.size()));
-#endif
+ m_impl->key = EVP_PKEY_new_raw_private_key(pkeyType, nullptr, buf.data(), buf.size());
if (m_impl->key == nullptr)
NDN_THROW(Error("Failed to load private key"));
-
-#if OPENSSL_VERSION_NUMBER < 0x1010100fL
- m_impl->keySize = buf.size() * 8;
-#endif
}
void
PrivateKey::loadPkcs1(span<const uint8_t> buf)
{
ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
- opensslInitAlgorithms();
auto ptr = buf.data();
if (d2i_AutoPrivateKey(&m_impl->key, &ptr, static_cast<long>(buf.size())) == nullptr)
@@ -219,7 +182,6 @@
{
BOOST_ASSERT(std::strlen(pw) == pwLen);
ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
- opensslInitAlgorithms();
detail::Bio membio(BIO_s_mem());
if (!membio.write(buf))
@@ -241,7 +203,6 @@
PrivateKey::loadPkcs8(span<const uint8_t> buf, PasswordCallback pwCallback)
{
ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
- opensslInitAlgorithms();
detail::Bio membio(BIO_s_mem());
if (!membio.write(buf))
@@ -382,7 +343,6 @@
PrivateKey::toPkcs1() const
{
ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
- opensslInitAlgorithms();
detail::Bio membio(BIO_s_mem());
if (!i2d_PrivateKey_bio(membio, m_impl->key))
@@ -400,7 +360,6 @@
{
BOOST_ASSERT(std::strlen(pw) == pwLen);
ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
- opensslInitAlgorithms();
detail::Bio membio(BIO_s_mem());
if (!i2d_PKCS8PrivateKey_bio(membio, m_impl->key, EVP_aes_256_cbc(), nullptr, 0,
@@ -418,7 +377,6 @@
PrivateKey::toPkcs8(PasswordCallback pwCallback) const
{
ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
- opensslInitAlgorithms();
detail::Bio membio(BIO_s_mem());
if (!i2d_PKCS8PrivateKey_bio(membio, m_impl->key, EVP_aes_256_cbc(), nullptr, 0,
@@ -499,11 +457,6 @@
}
auto guard = make_scope_exit([eckey] { EC_KEY_free(eckey); });
-
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
-
if (EC_KEY_generate_key(eckey) != 1) {
NDN_THROW(Error("Failed to generate EC key"));
}
diff --git a/tests/unit/security/transform/digest-filter.t.cpp b/tests/unit/security/transform/digest-filter.t.cpp
index fa109bb..fced1b8 100644
--- a/tests/unit/security/transform/digest-filter.t.cpp
+++ b/tests/unit/security/transform/digest-filter.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -137,7 +137,7 @@
BOOST_CHECK_EQUAL_COLLECTIONS(out, out + sizeof(out), os.buf()->begin(), os.buf()->end());
}
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_BLAKE2)
+#ifndef OPENSSL_NO_BLAKE2
BOOST_AUTO_TEST_CASE(AlgorithmBlake2b_512)
{
const uint8_t out[] = {
@@ -161,9 +161,8 @@
bufferSource("") >> digestFilter(DigestAlgorithm::BLAKE2S_256) >> streamSink(os);
BOOST_CHECK_EQUAL_COLLECTIONS(out, out + sizeof(out), os.buf()->begin(), os.buf()->end());
}
-#endif // OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_BLAKE2)
+#endif // !OPENSSL_NO_BLAKE2
-#if OPENSSL_VERSION_NUMBER >= 0x10101001L
BOOST_AUTO_TEST_CASE(AlgorithmSha3_224)
{
const uint8_t out[] = {
@@ -210,7 +209,6 @@
bufferSource("") >> digestFilter(DigestAlgorithm::SHA3_512) >> streamSink(os);
BOOST_CHECK_EQUAL_COLLECTIONS(out, out + sizeof(out), os.buf()->begin(), os.buf()->end());
}
-#endif // OPENSSL_VERSION_NUMBER >= 0x10101001L
BOOST_AUTO_TEST_SUITE_END() // TestDigestFilter
BOOST_AUTO_TEST_SUITE_END() // Transform
diff --git a/tests/unit/security/transform/private-key.t.cpp b/tests/unit/security/transform/private-key.t.cpp
index 4be078b..9ab5734 100644
--- a/tests/unit/security/transform/private-key.t.cpp
+++ b/tests/unit/security/transform/private-key.t.cpp
@@ -685,9 +685,7 @@
boolSink(result));
}
else {
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
BOOST_CHECK_THROW(sKey->derivePublicKey(), PrivateKey::Error);
-#endif
BOOST_CHECK_NO_THROW(bufferSource(data) >>
verifierFilter(DigestAlgorithm::SHA256, *sKey, *sig) >>
boolSink(result));
@@ -705,10 +703,8 @@
BOOST_CHECK(*os1.buf() != *os2.buf());
}
else {
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
OBufferStream os1;
BOOST_CHECK_THROW(sKey->savePkcs1(os1), PrivateKey::Error);
-#endif
}
}
diff --git a/tests/unit/util/random.t.cpp b/tests/unit/util/random.t.cpp
index bfa486a..73c3825 100644
--- a/tests/unit/util/random.t.cpp
+++ b/tests/unit/util/random.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -68,18 +68,11 @@
}
private: // RAND_METHOD callbacks
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- static void
- seed(const void* buf, int num)
- {
- }
-#else
static int
seed(const void* buf, int num)
{
return 0;
}
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
static int
bytes(unsigned char* buf, int num)
@@ -92,18 +85,11 @@
{
}
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
- static void
- add(const void* buf, int num, double entropy)
- {
- }
-#else
static int
add(const void* buf, int num, double entropy)
{
return 0;
}
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
static int
pseudorand(unsigned char* buf, int num)
diff --git a/wscript b/wscript
index ebdf2b3..f9213f2 100644
--- a/wscript
+++ b/wscript
@@ -103,7 +103,7 @@
conf.check_osx_frameworks()
conf.check_sqlite3()
- conf.check_openssl(lib='crypto', atleast_version='1.0.2')
+ conf.check_openssl(lib='crypto', atleast_version='1.1.1')
boost_libs = ['system', 'program_options', 'chrono', 'date_time', 'filesystem', 'thread', 'log']