From 516cdc83e7da58de42786fea9d65fa18c1e176de Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 11 Dec 2024 14:02:40 -0500 Subject: [PATCH] Drop support for OpenSSL < 3 All supported versions of Fedora and CentOS Stream provide OpenSSL 3 now, and only Ubuntu 20.04 was still lacking it (which we will drop support for). Updates to C23 for the compiler language standard. Signed-off-by: Stephen Gallagher --- .github/workflows/ci.yaml | 1 - meson.build | 37 +++---------------- src/dhparams.c | 76 --------------------------------------- src/key.c | 35 ------------------ 4 files changed, 4 insertions(+), 145 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 84e0797..ee56139 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,7 +19,6 @@ jobs: fail-fast: false matrix: os: - - ubuntu-20.04 - ubuntu-22.04 - ubuntu-24.04 compiler: diff --git a/meson.build b/meson.build index 3566e33..32aee68 100644 --- a/meson.build +++ b/meson.build @@ -31,8 +31,8 @@ project( 'sscg', 'c', -version : '3.0.5', -default_options : ['buildtype=debugoptimized', 'c_std=gnu99', 'warning_level=1', 'b_asneeded=true'], +version : '3.0.90', +default_options : ['buildtype=debugoptimized', 'c_std=c23', 'warning_level=1', 'b_asneeded=true'], license : 'GPL-3.0-or-later WITH OpenSSL-exception', meson_version : '>=0.44.0' ) @@ -62,17 +62,9 @@ endforeach pkg = import('pkgconfig') -crypto = dependency('libcrypto11', version: '>= 1.1.0', required: false) -if crypto.found() -else - crypto = dependency('libcrypto', version: '>= 1.1.0') -endif +crypto = dependency('libcrypto', version: '>= 3.0.0') -ssl = dependency('libssl11', version: '>= 1.1.0', required: false) -if ssl.found() -else - ssl = dependency('libssl', version: '>= 1.1.0') -endif +ssl = dependency('libssl', version: '>= 3.0.0') path_utils = dependency('path_utils') talloc = dependency('talloc') @@ -82,15 +74,6 @@ popt = dependency( version : '>=1.14', required : true) -has_evp_rsa_gen = cc.has_header_symbol( - 'openssl/rsa.h', - 'EVP_RSA_gen', - dependencies: [ crypto ]) - -has_ossl_param = cc.has_header_symbol( - 'openssl/core.h', - 'OSSL_PARAM') - sscg_bin_srcs = [ 'src/arguments.c', 'src/sscg.c', @@ -144,16 +127,6 @@ sscg = executable( install : true, ) -# Fake test to ensure that all sources and headers are formatted properly -test_clang_format = find_program('clang-format', required: false) -if not test_clang_format.found() - test_clang_format = disabler() -endif - -clang_args = [ '-i' ] -test('test_clang_format', test_clang_format, - args : clang_args + files(sscg_lib_srcs + sscg_lib_hdrs + sscg_bin_srcs)) - create_ca_test = executable( 'create_ca_test', 'test/create_ca_test.c', @@ -289,8 +262,6 @@ endforeach cdata = configuration_data() cdata.set_quoted('PACKAGE_VERSION', meson.project_version()) -cdata.set('HAVE_SSL_EVP_RSA_GEN', has_evp_rsa_gen) -cdata.set('HAVE_OSSL_PARAM', has_ossl_param) configure_file( output : 'config.h', configuration : cdata) diff --git a/src/dhparams.c b/src/dhparams.c index 1db5130..f192a56 100644 --- a/src/dhparams.c +++ b/src/dhparams.c @@ -283,7 +283,6 @@ is_valid_named_group (const char *group_name) } -#ifdef HAVE_OSSL_PARAM int get_params_by_named_group (const char *group_name, EVP_PKEY **dhparams) { @@ -340,78 +339,3 @@ get_params_by_named_group (const char *group_name, EVP_PKEY **dhparams) talloc_free (tmp_ctx); return ret; } - -#else //HAVE_OSSL_PARAM - -static int -get_group_nid (const char *group_name) -{ - if (strcmp ("ffdhe2048", group_name) == 0) - { - return NID_ffdhe2048; - } - else if (strcmp ("ffdhe3072", group_name) == 0) - { - return NID_ffdhe3072; - } - else if (strcmp ("ffdhe4096", group_name) == 0) - { - return NID_ffdhe4096; - } - else if (strcmp ("ffdhe6144", group_name) == 0) - { - return NID_ffdhe6144; - } - else if (strcmp ("ffdhe8192", group_name) == 0) - { - return NID_ffdhe8192; - } - return NID_undef; -} - -int -get_params_by_named_group (const char *group_name, EVP_PKEY **dhparams) -{ - int ret, sslret; - DH *dh = NULL; - EVP_PKEY *pkey = NULL; - TALLOC_CTX *tmp_ctx = talloc_new (NULL); - - if (!is_valid_named_group (group_name)) - { - fprintf (stderr, "Unknown Diffie Hellman finite field group.\n"); - fprintf ( - stderr, "Valid groups are: %s.\n", valid_dh_group_names (tmp_ctx)); - ret = EINVAL; - goto done; - } - - dh = DH_new_by_nid (get_group_nid (group_name)); - if (!dh) - { - fprintf ( - stderr, "Unknown Diffie Hellman finite field group %s.\n", group_name); - ret = EINVAL; - goto done; - } - - pkey = EVP_PKEY_new (); - sslret = EVP_PKEY_assign_DH (pkey, dh); - CHECK_SSL (sslret, "EVP_PKEY_ASSIGN_DH"); - - /* The dhparams are owned by the pkey now */ - dh = NULL; - - *dhparams = pkey; - pkey = NULL; - - ret = EOK; - -done: - DH_free (dh); - EVP_PKEY_free (pkey); - talloc_free (tmp_ctx); - return ret; -} - -#endif //HAVE_OSSL_PARAM diff --git a/src/key.c b/src/key.c index ce7ac79..e478e18 100644 --- a/src/key.c +++ b/src/key.c @@ -56,40 +56,9 @@ sscg_generate_rsa_key (TALLOC_CTX *mem_ctx, EVP_PKEY *pkey = NULL; TALLOC_CTX *tmp_ctx = NULL; -#ifdef HAVE_SSL_EVP_RSA_GEN - pkey = EVP_RSA_gen (bits); CHECK_MEM (pkey); -#else // HAVE_SSL_EVP_RSA_GEN - int sslret; - RSA *rsa = NULL; - struct sscg_bignum *e; - - tmp_ctx = talloc_new (NULL); - - /* Create memory for the actual key */ - rsa = RSA_new (); - CHECK_MEM (rsa); - - /* Use an exponent value of RSA F4 aka 0x10001 (65537) */ - ret = sscg_init_bignum (tmp_ctx, RSA_F4, &e); - CHECK_OK (ret); - - /* Generate a random RSA keypair */ - sslret = RSA_generate_key_ex (rsa, bits, e->bn, NULL); - CHECK_SSL (sslret, RSA_generate_key_ex); - - pkey = EVP_PKEY_new (); - CHECK_MEM (pkey); - - sslret = EVP_PKEY_assign_RSA (pkey, rsa); - CHECK_SSL (sslret, EVP_PKEY_assign_RSA); - - /* The memory for the RSA key is now maintained by the EVP_PKEY. - Mark this variable as NULL so we don't free() it below */ - rsa = NULL; -#endif // HAVE_SSL_EVP_RSA_GEN /* Create the talloc container to hold the memory */ (*_key) = talloc_zero (mem_ctx, struct sscg_evp_pkey); @@ -105,10 +74,6 @@ sscg_generate_rsa_key (TALLOC_CTX *mem_ctx, ret = EOK; done: -#ifndef HAVE_SSL_EVP_RSA_GEN - RSA_free (rsa); -#endif //HAVE_SSL_EVP_RSA_GEN - talloc_free (tmp_ctx); return ret; }