From 28d27c3ae4fe1fd340972ae38cc6af23866dc83f Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Tue, 11 Oct 2022 15:29:20 +0200
Subject: [PATCH] ConfigureChecks.cmake: Remove implicitly included function
 checks

Removing support for older openssl versions than 1.1.1 makes some functions
implicitly included; we do not have to check the availability of these
functions.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 CMakeLists.txt                         |  2 +-
 ConfigureChecks.cmake                  | 31 --------------------------
 config.h.cmake                         | 18 ---------------
 src/CMakeLists.txt                     | 19 +++-------------
 tests/external_override/CMakeLists.txt | 16 +++----------
 5 files changed, 7 insertions(+), 79 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index cdf1cfd6..741dc610 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -58,7 +58,7 @@ elseif(WITH_MBEDTLS)
       message(FATAL_ERROR "Could not find mbedTLS")
     endif (NOT MBEDTLS_FOUND)
 else (WITH_GCRYPT)
-  find_package(OpenSSL 1.0.1)
+  find_package(OpenSSL 1.1.1)
   if (OPENSSL_FOUND)
     # On CMake < 3.16, OPENSSL_CRYPTO_LIBRARIES is usually a synonym for OPENSSL_CRYPTO_LIBRARY, but is not defined
     # when building on Windows outside of Cygwin. We provide the synonym here, if FindOpenSSL didn't define it already.
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index 9de10225..1fa2a0b4 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -116,37 +116,10 @@ if (OPENSSL_FOUND)
     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
     check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
 
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_DigestSign HAVE_OPENSSL_EVP_DIGESTSIGN)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_DigestVerify HAVE_OPENSSL_EVP_DIGESTVERIFY)
-
-    check_function_exists(OPENSSL_ia32cap_loc HAVE_OPENSSL_IA32CAP_LOC)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_symbol_exists(EVP_PKEY_ED25519 "openssl/evp.h" FOUND_OPENSSL_ED25519)
-
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
     check_function_exists(EVP_chacha20 HAVE_OPENSSL_EVP_CHACHA20)
 
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_symbol_exists(EVP_PKEY_POLY1305 "openssl/evp.h" HAVE_OPENSSL_EVP_POLY1305)
-
-    if (HAVE_OPENSSL_EVP_DIGESTSIGN AND HAVE_OPENSSL_EVP_DIGESTVERIFY AND
-        FOUND_OPENSSL_ED25519)
-        set(HAVE_OPENSSL_ED25519 1)
-    endif()
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_symbol_exists(EVP_PKEY_X25519 "openssl/evp.h" HAVE_OPENSSL_X25519)
-
     unset(CMAKE_REQUIRED_INCLUDES)
     unset(CMAKE_REQUIRED_LIBRARIES)
 endif()
@@ -494,10 +467,6 @@ if (WITH_PKCS11_URI)
         message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto")
         set(WITH_PKCS11_URI 0)
     endif()
-    if (HAVE_OPENSSL AND NOT OPENSSL_VERSION VERSION_GREATER_EQUAL "1.1.1")
-        message(FATAL_ERROR "PKCS #11 requires at least OpenSSL 1.1.1")
-        set(WITH_PKCS11_URI 0)
-    endif()
 endif()
 
 if (WITH_MBEDTLS)
diff --git a/config.h.cmake b/config.h.cmake
index cc83734d..26a582f2 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -97,15 +97,6 @@
 /* Define to 1 if you have gl_flags as a glob_t sturct member */
 #cmakedefine HAVE_GLOB_GL_FLAGS_MEMBER 1
 
-/* Define to 1 if you have OpenSSL with Ed25519 support */
-#cmakedefine HAVE_OPENSSL_ED25519 1
-
-/* Define to 1 if you have OpenSSL with X25519 support */
-#cmakedefine HAVE_OPENSSL_X25519 1
-
-/* Define to 1 if you have OpenSSL with Poly1305 support */
-#cmakedefine HAVE_OPENSSL_EVP_POLY1305 1
-
 /* Define to 1 if you have gcrypt with ChaCha20/Poly1305 support */
 #cmakedefine HAVE_GCRYPT_CHACHA_POLY 1
 
@@ -120,15 +111,6 @@
 /* Define to 1 if you have the `FIPS_mode' function. */
 #cmakedefine HAVE_OPENSSL_FIPS_MODE 1
 
-/* Define to 1 if you have the `EVP_DigestSign' function. */
-#cmakedefine HAVE_OPENSSL_EVP_DIGESTSIGN 1
-
-/* Define to 1 if you have the `EVP_DigestVerify' function. */
-#cmakedefine HAVE_OPENSSL_EVP_DIGESTVERIFY 1
-
-/* Define to 1 if you have the `OPENSSL_ia32cap_loc' function. */
-#cmakedefine HAVE_OPENSSL_IA32CAP_LOC 1
-
 /* Define to 1 if you have the `snprintf' function. */
 #cmakedefine HAVE_SNPRINTF 1
 
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 15c778e6..af6e7017 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -238,27 +238,14 @@ else (WITH_GCRYPT)
         libcrypto.c
         dh_crypto.c
        )
-    if (NOT HAVE_OPENSSL_ED25519)
-        set(libssh_SRCS
-            ${libssh_SRCS}
-            pki_ed25519.c
-            external/ed25519.c
-            external/fe25519.c
-            external/ge25519.c
-            external/sc25519.c
-           )
-    endif (NOT HAVE_OPENSSL_ED25519)
-    if (NOT (HAVE_OPENSSL_EVP_CHACHA20 AND HAVE_OPENSSL_EVP_POLY1305))
+    if (NOT HAVE_OPENSSL_EVP_CHACHA20)
         set(libssh_SRCS
             ${libssh_SRCS}
             external/chacha.c
             external/poly1305.c
             chachapoly.c
         )
-    endif (NOT (HAVE_OPENSSL_EVP_CHACHA20 AND HAVE_OPENSSL_EVP_POLY1305))
-    if(OPENSSL_VERSION VERSION_LESS "1.1.0")
-        set(libssh_SRCS ${libssh_SRCS} libcrypto-compat.c)
-    endif()
+    endif (NOT HAVE_OPENSSL_EVP_CHACHA20)
 endif (WITH_GCRYPT)
 
 if (WITH_SFTP)
@@ -306,7 +293,7 @@ if (WITH_GSSAPI AND GSSAPI_FOUND)
 endif (WITH_GSSAPI AND GSSAPI_FOUND)
 
 if (NOT WITH_NACL)
-    if (NOT HAVE_LIBCRYPTO OR NOT HAVE_OPENSSL_ED25519)
+    if (NOT HAVE_LIBCRYPTO)
         set(libssh_SRCS
             ${libssh_SRCS}
             external/curve25519_ref.c
diff --git a/tests/external_override/CMakeLists.txt b/tests/external_override/CMakeLists.txt
index 81d10c53..7c34b8c8 100644
--- a/tests/external_override/CMakeLists.txt
+++ b/tests/external_override/CMakeLists.txt
@@ -98,23 +98,13 @@ elseif (WITH_GCRYPT)
     list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_ED25519=1")
     list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CURVE25519=1")
 else ()
-    if (HAVE_OPENSSL_EVP_CHACHA20 AND HAVE_OPENSSL_EVP_POLY1305)
+    if (HAVE_OPENSSL_EVP_CHACHA20)
         list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CHACHAPOLY=0")
     else ()
         list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CHACHAPOLY=1")
     endif ()
-
-    if (HAVE_OPENSSL_ED25519)
-        list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_ED25519=0")
-    else ()
-        list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_ED25519=1")
-    endif ()
-
-    if (HAVE_OPENSSL_X25519)
-        list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CURVE25519=0")
-    else ()
-        list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CURVE25519=1")
-    endif ()
+    list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CURVE25519=0")
+    list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_ED25519=0")
 endif ()
 
 if (NOT OSX)