Remove support for OpenSSL older than 0.9.8

It's hard to find an older version of OpenSSL even on long term support distros.
2016-12-24 22:30:44 -08:00 · 2016-12-24 22:30:44 -08:00 · 6a3f0a75bd
commit 6a3f0a75bd
parent d8d6b08aa3
2 changed files with 1 additions and 82 deletions
--- a/common/ssl_calls.c
+++ b/common/ssl_calls.c
@ -34,11 +34,6 @@
 #include "ssl_calls.h"
 #include "trans.h"
 #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f)
 #undef OLD_RSA_GEN1
 #else
 #define OLD_RSA_GEN1
 #endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 static inline HMAC_CTX *
@ -406,81 +401,6 @@ ssl_mod_exp(char *out, int out_len, char *in, int in_len,
    return rv;
 }
 #if defined(OLD_RSA_GEN1)
 /*****************************************************************************/
 /* returns error
   generates a new rsa key
   exp is passed in and mod and pri are passed out */
 int APP_CC
 ssl_gen_key_xrdp1(int key_size_in_bits, char *exp, int exp_len,
                  char *mod, int mod_len, char *pri, int pri_len)
 {
    int my_e;
    RSA *my_key;
    char *lmod;
    char *lpri;
    tui8 *lexp;
    int error;
    int len;
    int diff;
    if ((exp_len != 4) || ((mod_len != 64) && (mod_len != 256)) ||
                          ((pri_len != 64) && (pri_len != 256)))
    {
        return 1;
    }
    diff = 0;
    lmod = (char *)g_malloc(mod_len, 1);
    lpri = (char *)g_malloc(pri_len, 1);
    lexp = (tui8 *)exp;
    my_e = lexp[0];
    my_e |= lexp[1] << 8;
    my_e |= lexp[2] << 16;
    my_e |= lexp[3] << 24;
    /* srand is in stdlib.h */
    srand(g_time1());
    my_key = RSA_generate_key(key_size_in_bits, my_e, 0, 0);
    error = my_key == 0;
    if (error == 0)
    {
        len = BN_num_bytes(my_key->n);
        error = (len < 1) || (len > mod_len);
        diff = mod_len - len;
    }
    if (error == 0)
    {
        BN_bn2bin(my_key->n, (tui8 *)(lmod + diff));
        ssl_reverse_it(lmod, mod_len);
    }
    if (error == 0)
    {
        len = BN_num_bytes(my_key->d);
        error = (len < 1) || (len > pri_len);
        diff = pri_len - len;
    }
    if (error == 0)
    {
        BN_bn2bin(my_key->d, (tui8 *)(lpri + diff));
        ssl_reverse_it(lpri, pri_len);
    }
    if (error == 0)
    {
        g_memcpy(mod, lmod, mod_len);
        g_memcpy(pri, lpri, pri_len);
    }
    RSA_free(my_key);
    g_free(lmod);
    g_free(lpri);
    return error;
 }
 #else
 /*****************************************************************************/
 /* returns error
   generates a new rsa key
@ -558,7 +478,6 @@ ssl_gen_key_xrdp1(int key_size_in_bits, char *exp, int exp_len,
    g_free(lpri);
    return error;
 }
 #endif
 /*****************************************************************************/
 struct ssl_tls *
--- a/configure.ac
+++ b/configure.ac
@ -145,7 +145,7 @@ AC_CHECK_FUNC(dlopen, [],
 AC_SUBST(DLOPEN_LIBS)
 # checking for openssl
-PKG_CHECK_MODULES([OPENSSL], [openssl >= 0], [],
+PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8], [],
  [AC_MSG_ERROR([please install libssl-dev or openssl-devel])])
 # look for openssl binary