Require OpenSSL 1.1.0 or later.

This gets rid of some backwards compatibility code, and avoids calling
deprecated OpenSSL functions.

README

@@ -69,7 +69,7 @@ Requirements
 ------------
 
 The OpenSSL library is used for all cryptographic functions. You can find it at
-https://www.openssl.org/. You will need version 1.0.1 or later with support for
+https://www.openssl.org/. You will need version 1.1.0 or later with support for
 AES256 and SHA256 enabled. If this library is not installed on your system, the
 configure script will fail.  The manual in doc/tinc.texi contains more detailed
 information on how to install this library. Alternatively, you may also use the

m4/openssl.m4

@@ -35,24 +35,15 @@ AC_DEFUN([tinc_OPENSSL],
      LDFLAGS="$LDFLAGS -L$withval"]
   )
 
-  AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h,
+  AC_CHECK_HEADERS([openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h],
     [],
     [AC_MSG_ERROR([LibreSSL/OpenSSL header files not found.]); break]
   )
 
-  AC_CHECK_LIB(crypto, EVP_EncryptInit_ex,
+  AC_CHECK_LIB(crypto, OPENSSL_init_crypto,
     [LIBS="-lcrypto $LIBS"],
     [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
   )
 
-  AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
-    [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
-  )
-
-  AC_CHECK_DECLS([OpenSSL_add_all_algorithms, EVP_aes_256_cfb], ,
-    [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
-    [#include <openssl/evp.h>]
-  )
-
-  AC_CHECK_FUNCS([BN_GENCB_new RSA_set0_key], , , [#include <openssl/rsa.h>])
+  AC_DEFINE(HAVE_OPENSSL, 1, [enable OpenSSL support])
 ])

src/connection.h

@@ -24,10 +24,6 @@
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_cleanup(c)
-#endif
-
 #include "avl_tree.h"
 
 #define OPTION_INDIRECT         0x0001

src/net_setup.c

@@ -49,18 +49,6 @@
 char *myport;
 devops_t devops;
 
-#ifndef HAVE_RSA_SET0_KEY
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
-	BN_free(r->n);
-	r->n = n;
-	BN_free(r->e);
-	r->e = e;
-	BN_free(r->d);
-	r->d = d;
-	return 1;
-}
-#endif
-
 bool read_rsa_public_key(connection_t *c) {
 	FILE *fp;
 	char *pubname;

src/tincd.c

@@ -37,9 +37,7 @@
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
-#endif
 #include <openssl/bn.h>
 
 #ifdef HAVE_LZO
@@ -404,16 +402,6 @@ static int indicator(int a, int b, BN_GENCB *cb) {
 	return 1;
 }
 
-#ifndef HAVE_BN_GENCB_NEW
-BN_GENCB *BN_GENCB_new(void) {
-	return xmalloc_and_zero(sizeof(BN_GENCB));
-}
-
-void BN_GENCB_free(BN_GENCB *cb) {
-	free(cb);
-}
-#endif
-
 /*
   Generate a public/private RSA keypair, and ask for a file to store
   them in.
@@ -688,14 +676,7 @@ int main(int argc, char **argv) {
 
 	init_configuration(&config_tree);
 
-#ifndef OPENSSL_NO_ENGINE
 	ENGINE_load_builtin_engines();
-	ENGINE_register_all_complete();
-#endif
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-	OpenSSL_add_all_algorithms();
-#endif
 
 	if(generate_keys) {
 		read_server_config();
@@ -814,14 +795,6 @@ end:
 
 	free(priority);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-	EVP_cleanup();
-	ERR_free_strings();
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_cleanup();
-#endif
-#endif
-
 	exit_configuration(&config_tree);
 	list_delete_list(cmdline_conf);
 	free_names();