stop suporting openssl below 1.1.1

2025-06-21 21:38:20 +02:00 · 2025-06-12 11:22:39 -04:00 · 2025-06-12 11:22:39 -04:00 · 5bef987529
commit 5bef987529
parent d2296f81ad
4 changed files with 5 additions and 76 deletions
--- a/libi2pd/Crypto.cpp
+++ b/libi2pd/Crypto.cpp
@ -16,9 +16,7 @@
 #include <openssl/crypto.h>
 #include "TunnelBase.h"
 #include <openssl/ssl.h>
-#if OPENSSL_HKDF
 #include <openssl/kdf.h>
-#endif
 #if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
 #include <openssl/param_build.h>
 #include <openssl/core_names.h>
@ -784,7 +782,6 @@ namespace crypto
 	void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info,
 		uint8_t * out, size_t outLen)
 	{
-#if OPENSSL_HKDF
 		EVP_PKEY_CTX * pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, nullptr);
 		EVP_PKEY_derive_init (pctx);
 		EVP_PKEY_CTX_set_hkdf_md (pctx, EVP_sha256());
@ -805,18 +802,6 @@ namespace crypto
 			EVP_PKEY_CTX_add1_hkdf_info (pctx, (const uint8_t *)info.c_str (), info.length ());
 		EVP_PKEY_derive (pctx, out, &outLen);
 		EVP_PKEY_CTX_free (pctx);
-#else
-		uint8_t prk[32]; unsigned int len;
-		HMAC(EVP_sha256(), salt, 32, key, keyLen, prk, &len);
-		auto l = info.length ();
-		memcpy (out, info.c_str (), l); out[l] = 0x01;
-		HMAC(EVP_sha256(), prk, 32, out, l + 1, out, &len);
-		if (outLen > 32) // 64
-		{
-			memcpy (out + 32, info.c_str (), l); out[l + 32] = 0x02;
-			HMAC(EVP_sha256(), prk, 32, out, l + 33, out + 32, &len);
-		}
-#endif
 	}

 // Noise
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@ -27,15 +27,11 @@
 #include "Tag.h"

 // recognize openssl version and features
-#if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
-#	define OPENSSL_HKDF 1
-#	define OPENSSL_EDDSA 1
-#	if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER != 0x030000000)) // 3.0.0, regression in SipHash, not implemented in LibreSSL
-#		define OPENSSL_SIPHASH 1
-#	endif
-#	if (OPENSSL_VERSION_NUMBER >= 0x030500000) // 3.5.0
-#		define OPENSSL_PQ 1
-#	endif
+#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER != 0x030000000)) // 3.0.0, regression in SipHash, not implemented in LibreSSL
+#	define OPENSSL_SIPHASH 1
+#endif
+#if (OPENSSL_VERSION_NUMBER >= 0x030500000) // 3.5.0
+#	define OPENSSL_PQ 1
 #endif

 namespace i2p
--- a/libi2pd/Signature.cpp
+++ b/libi2pd/Signature.cpp
@ -347,7 +347,6 @@ namespace crypto
 		
 #endif		
 		
-#if OPENSSL_EDDSA
 	EDDSA25519Verifier::EDDSA25519Verifier ():
 		m_Pkey (nullptr)
 	{
@ -379,37 +378,6 @@ namespace crypto
 		return false;
 	}

-#else
-	EDDSA25519Verifier::EDDSA25519Verifier ()
-	{
-	}
-
-	EDDSA25519Verifier::~EDDSA25519Verifier ()
-	{
-	}
-
-	void EDDSA25519Verifier::SetPublicKey (const uint8_t * signingKey)
-	{
-		memcpy (m_PublicKeyEncoded, signingKey, EDDSA25519_PUBLIC_KEY_LENGTH);
-		BN_CTX * ctx = BN_CTX_new ();
-		m_PublicKey = GetEd25519 ()->DecodePublicKey (m_PublicKeyEncoded, ctx);
-		BN_CTX_free (ctx);
-	}
-
-	bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
-	{
-		uint8_t digest[64];
-		SHA512_CTX ctx;
-		SHA512_Init (&ctx);
-		SHA512_Update (&ctx, signature, EDDSA25519_SIGNATURE_LENGTH/2); // R
-		SHA512_Update (&ctx, m_PublicKeyEncoded, EDDSA25519_PUBLIC_KEY_LENGTH); // public key
-		SHA512_Update (&ctx, buf, len); // data
-		SHA512_Final (digest, &ctx);
-
-		return GetEd25519 ()->Verify (m_PublicKey, digest, signature);
-	}
-#endif
-
 	EDDSA25519SignerCompat::EDDSA25519SignerCompat (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey)
 	{
 		// expand key
@ -439,7 +407,6 @@ namespace crypto
 		GetEd25519 ()->Sign (m_ExpandedPrivateKey, m_PublicKeyEncoded, buf, len, signature);
 	}

-#if OPENSSL_EDDSA
 	EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey):
 		m_Pkey (nullptr), m_Fallback (nullptr)
 	{
@ -481,7 +448,6 @@ namespace crypto
 		else
 			LogPrint (eLogError, "EdDSA signing key is not set");
 	}
-#endif

 #if (OPENSSL_VERSION_NUMBER >= 0x030000000)
 	static const OSSL_PARAM EDDSA25519phParams[] =
--- a/libi2pd/Signature.h
+++ b/libi2pd/Signature.h
@ -369,18 +369,12 @@ namespace crypto
 			size_t GetSignatureLen () const { return EDDSA25519_SIGNATURE_LENGTH; };

 		private:
-
-#if OPENSSL_EDDSA	
 			
 			EVP_PKEY * m_Pkey;
 			
 		protected:

 			EVP_PKEY * GetPkey () const { return m_Pkey; };
-#else
-			EDDSAPoint m_PublicKey;
-			uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
-#endif
 	};

 #if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
@ -409,7 +403,6 @@ namespace crypto
 			uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
 	};

-#if OPENSSL_EDDSA
 	class EDDSA25519Signer: public Signer
 	{
 		public:
@ -429,11 +422,6 @@ namespace crypto
 			EVP_PKEY * m_Pkey;
 			EDDSA25519SignerCompat * m_Fallback;
 	};
-#else
-
-	typedef EDDSA25519SignerCompat EDDSA25519Signer;
-
-#endif

 #if (OPENSSL_VERSION_NUMBER >= 0x030000000) // since 3.0.0
 	class EDDSA25519phSigner: public EDDSA25519Signer
@ -449,7 +437,6 @@ namespace crypto
 	
 	inline void CreateEDDSA25519RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
 	{
-#if OPENSSL_EDDSA
 		EVP_PKEY *pkey = NULL;
 		EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_ED25519, NULL);
 		EVP_PKEY_keygen_init (pctx);
@ -460,11 +447,6 @@ namespace crypto
 		len = EDDSA25519_PRIVATE_KEY_LENGTH;
 		EVP_PKEY_get_raw_private_key (pkey, signingPrivateKey, &len);
 		EVP_PKEY_free (pkey);
-#else
-		RAND_bytes (signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH);
-		EDDSA25519Signer signer (signingPrivateKey);
-		memcpy (signingPublicKey, signer.GetPublicKey (), EDDSA25519_PUBLIC_KEY_LENGTH);
-#endif
 	}