From e20fe54f3f80fa07819e2775b5be4a2e3fafb46f Mon Sep 17 00:00:00 2001 From: Dirkjan Bussink Date: Wed, 16 Dec 2020 12:23:23 +0100 Subject: [PATCH] Bump minimum version requirement for OpenSSL This updates the minimum version requirement for OpenSSL in the documentation to 1.0.1 and also updates the practical minimum CMake version. Why pick 1.0.1 as the minimum? Main reason is whatever is still out there with long term support contracts etc. One of the oldest I could find is Ubuntu 14.04 which still has paid extended support and is on 1.0.1. Another reason that 1.0.1 is probably a good minimum is a bit more involved. 1.0.1 is the first version to add TLS 1.2. Large parts of the internet have TLS 1.2 as a minimum requirement. This means that systems with OpenSSL older than 1.0.1 already can't access large parts of the internet anyway, so not supporting the latest libssh there either is ok I think. Bumping minimum support also means things like the HMAC API can be moved to the more recent EVP style APIs and things can be more easily made compatible with the deprecated APIs in OpenSSL 3.0. Signed-off-by: Dirkjan Bussink Reviewed-by: Jakub Jelen Reviewed-by: Andreas Schneider --- INSTALL | 4 ++-- src/pki_crypto.c | 8 -------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/INSTALL b/INSTALL index 0f0cebfb..c2eae34b 100644 --- a/INSTALL +++ b/INSTALL @@ -7,8 +7,8 @@ In order to build libssh, you need to install several components: - A C compiler -- [CMake](https://www.cmake.org) >= 2.6.0. -- [openssl](https://www.openssl.org) >= 0.9.8 +- [CMake](https://www.cmake.org) >= 3.3.0 +- [openssl](https://www.openssl.org) >= 1.0.1 or - [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4 - [libz](https://www.zlib.net) >= 1.2 diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 3c3e0a40..57534d2e 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -543,7 +543,6 @@ int pki_key_generate_rsa(ssh_key key, int parameter){ int pki_key_generate_dss(ssh_key key, int parameter){ int rc; -#if OPENSSL_VERSION_NUMBER > 0x00908000L key->dsa = DSA_new(); if (key->dsa == NULL) { return SSH_ERROR; @@ -560,13 +559,6 @@ int pki_key_generate_dss(ssh_key key, int parameter){ key->dsa = NULL; return SSH_ERROR; } -#else - key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL, - NULL, NULL); - if(key->dsa == NULL){ - return SSH_ERROR; - } -#endif rc = DSA_generate_key(key->dsa); if (rc != 1){ DSA_free(key->dsa);