diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dcf15b6b..bdc9df78 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -242,16 +242,6 @@ jobs: crypto: OpenSSL-111-from-source build: cmake zlib: 'ON' - - compiler: gcc - arch: amd64 - crypto: OpenSSL-110-from-source - build: cmake - zlib: 'ON' - - compiler: gcc - arch: amd64 - crypto: OpenSSL-102-from-source - build: cmake - zlib: 'ON' - compiler: gcc arch: amd64 crypto: BoringSSL @@ -298,8 +288,6 @@ jobs: LIBRESSL_VERSION: 4.1.0 OPENSSL_VERSION: 3.5.2 OPENSSL111_VERSION: 1.1.1w - OPENSSL110_VERSION: 1.1.0l - OPENSSL102_VERSION: 1.0.2u steps: - name: 'install architecture' if: ${{ matrix.arch != 'amd64' }} @@ -465,40 +453,6 @@ jobs: make make -j1 install_sw - - name: 'cache OpenSSL 1.1.0' - if: ${{ matrix.crypto == 'OpenSSL-110-from-source' }} - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - id: cache-openssl110 - with: - path: ~/usr - key: ${{ runner.os }}-openssl-${{ env.OPENSSL110_VERSION }}-${{ matrix.arch }} - - - name: 'install OpenSSL 1.1.0 from source' - if: ${{ matrix.crypto == 'OpenSSL-110-from-source' && !steps.cache-openssl110.outputs.cache-hit }} - run: | - curl -fsS -L "https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_0l/openssl-${OPENSSL110_VERSION}.tar.gz" | tar -xz - cd "openssl-${OPENSSL110_VERSION}" - ./config no-unit-test no-makedepend --prefix="$HOME"/usr - make - make -j1 install_sw - - - name: 'cache OpenSSL 1.0.2' - if: ${{ matrix.crypto == 'OpenSSL-102-from-source' }} - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - id: cache-openssl102 - with: - path: ~/usr - key: ${{ runner.os }}-openssl-${{ env.OPENSSL102_VERSION }}-${{ matrix.arch }} - - - name: 'install OpenSSL 1.0.2 from source' - if: ${{ matrix.crypto == 'OpenSSL-102-from-source' && !steps.cache-openssl102.outputs.cache-hit }} - run: | - curl -fsS -L "https://github.com/openssl/openssl/releases/download/OpenSSL_1_0_2u/openssl-${OPENSSL102_VERSION}.tar.gz" | tar -xz - cd "openssl-${OPENSSL102_VERSION}" - ./config no-unit-test no-makedepend --prefix="$HOME"/usr -fPIC - make - make -j1 install_sw - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/appveyor.yml b/appveyor.yml index 510e5317..4810dbe6 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -40,7 +40,7 @@ environment: GENERATOR: 'Visual Studio 17 2022' PLATFORM: 'x64' CRYPTO_BACKEND: 'OpenSSL' - OPENSSL_ROOT_DIR: 'C:/OpenSSL-v33-Win64' + OPENSSL_ROOT_DIR: 'C:/OpenSSL-v35-Win64' TOOLSET: 'ClangCl' - job_name: 'VS2022, OpenSSL 3, x64, Server 2019' @@ -48,7 +48,7 @@ environment: GENERATOR: 'Visual Studio 17 2022' PLATFORM: 'x64' CRYPTO_BACKEND: 'OpenSSL' - OPENSSL_ROOT_DIR: 'C:/OpenSSL-v33-Win64' + OPENSSL_ROOT_DIR: 'C:/OpenSSL-v30-Win64' - job_name: 'VS2015, OpenSSL 1.1, x86, Server 2016' APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017' @@ -81,13 +81,13 @@ environment: OPENSSL_ROOT_DIR: 'C:/OpenSSL-v111-Win32' SKIP_CTEST: 'no' - - job_name: 'VS2013, OpenSSL 1.0.2, x64, Build-only, Static-only' + - job_name: 'VS2013, OpenSSL 1.1, x64, Build-only, Static-only' APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' GENERATOR: 'Visual Studio 12 2013' PLATFORM: 'x64' BUILD_SHARED_LIBS: 'OFF' CRYPTO_BACKEND: 'OpenSSL' - OPENSSL_ROOT_DIR: 'C:/OpenSSL-Win64' + OPENSSL_ROOT_DIR: 'C:/OpenSSL-v111-Win64' - job_name: 'VS2008, WinCNG, x86, Build-only' APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' diff --git a/src/openssl.c b/src/openssl.c index 7696cdc3..c9c45565 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -1144,16 +1144,6 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, void _libssh2_openssl_crypto_init(void) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ - (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) - OpenSSL_add_all_algorithms(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -#endif -#endif #if defined(LIBSSH2_WOLFSSL) && defined(DEBUG_WOLFSSL) wolfSSL_Debugging_ON(); #endif @@ -1202,11 +1192,7 @@ read_private_key_from_memory(void **key_ctx, *key_ctx = NULL; -#if OPENSSL_VERSION_NUMBER >= 0x1000200fL || defined(LIBSSH2_WOLFSSL) bp = BIO_new_mem_buf(filedata, (int)filedata_len); -#else - bp = BIO_new_mem_buf((char *)filedata, (int)filedata_len); -#endif if(!bp) { return -1; } @@ -3360,8 +3346,7 @@ _libssh2_md5_init(libssh2_md5_ctx *ctx) * "digital envelope routines:FIPS_DIGESTINIT:disabled for fips" * So, just return 0 in FIPS mode */ -#if OPENSSL_VERSION_NUMBER >= 0x000907000L && \ - !defined(USE_OPENSSL_3) && \ +#if !defined(USE_OPENSSL_3) && \ !defined(LIBRESSL_VERSION_NUMBER) && \ !defined(LIBSSH2_WOLFSSL) @@ -5012,11 +4997,7 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session, LIBSSH2_TRACE_AUTH, "Computing public key from private key.")); -#if OPENSSL_VERSION_NUMBER >= 0x1000200fL || defined(LIBSSH2_WOLFSSL) bp = BIO_new_mem_buf(privatekeydata, (int)privatekeydata_len); -#else - bp = BIO_new_mem_buf((char *)privatekeydata, (int)privatekeydata_len); -#endif if(!bp) return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory when" @@ -5124,11 +5105,7 @@ _libssh2_sk_pub_keyfilememory(LIBSSH2_SESSION *session, LIBSSH2_TRACE_AUTH, "Computing public key from private key.")); -#if OPENSSL_VERSION_NUMBER >= 0x1000200fL || defined(LIBSSH2_WOLFSSL) bp = BIO_new_mem_buf(privatekeydata, (int)privatekeydata_len); -#else - bp = BIO_new_mem_buf((char *)privatekeydata, (int)privatekeydata_len); -#endif if(!bp) return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory when" diff --git a/src/openssl.h b/src/openssl.h index c23b6cbb..e7fd5284 100644 --- a/src/openssl.h +++ b/src/openssl.h @@ -73,8 +73,6 @@ /* wolfSSL doesn't support Blowfish or CAST. */ #define OPENSSL_NO_BF #define OPENSSL_NO_CAST -/* wolfSSL has no engine framework. */ -#define OPENSSL_NO_ENGINE #include #include @@ -97,9 +95,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #ifndef OPENSSL_NO_DSA #include #endif @@ -120,8 +115,7 @@ #endif /* LIBSSH2_WOLFSSL */ -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && \ - !defined(LIBRESSL_VERSION_NUMBER)) || defined(LIBSSH2_WOLFSSL) || \ +#if !defined(LIBRESSL_VERSION_NUMBER) || defined(LIBSSH2_WOLFSSL) || \ (defined(LIBRESSL_VERSION_NUMBER) && \ LIBRESSL_VERSION_NUMBER >= 0x3050000fL) /* For wolfSSL, whether the structs are truly opaque or not, it's best to not @@ -151,7 +145,7 @@ # define LIBSSH2_ECDSA 1 #endif -#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \ +#if (!defined(LIBSSH2_WOLFSSL) && \ !defined(LIBRESSL_VERSION_NUMBER)) || \ (defined(LIBRESSL_VERSION_NUMBER) && \ LIBRESSL_VERSION_NUMBER >= 0x3070000fL) @@ -176,8 +170,7 @@ #define LIBSSH2_HMAC_SHA256 1 #define LIBSSH2_HMAC_SHA512 1 -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES) && \ - !defined(LIBSSH2_WOLFSSL)) || \ +#if (!defined(OPENSSL_NO_AES) && !defined(LIBSSH2_WOLFSSL)) || \ (defined(LIBSSH2_WOLFSSL) && defined(WOLFSSL_AES_COUNTER)) # define LIBSSH2_AES_CTR 1 # define LIBSSH2_AES_CBC 1 @@ -189,7 +182,7 @@ /* wolfSSL v5.4.0 is required due to possibly this bug: https://github.com/wolfSSL/wolfssl/pull/5205 Before this release, all libssh2 tests crash with AES-GCM enabled */ -#if (OPENSSL_VERSION_NUMBER >= 0x01010100fL && !defined(OPENSSL_NO_AES)) || \ +#if !defined(OPENSSL_NO_AES) || \ (defined(LIBSSH2_WOLFSSL) && LIBWOLFSSL_VERSION_HEX >= 0x05004000 && \ defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)) # define LIBSSH2_AES_GCM 1