build: require OpenSSL >= 1.1.1

Change-Id: I17a09ac60b867617af7a49fe19ab6e906dc14f61

docs/INSTALL.rst

@@ -36,7 +36,7 @@ Required
 -  Python >= 3.6
 -  pkg-config
 -  Boost >= 1.65.1
--  OpenSSL >= 1.0.2
+-  OpenSSL >= 1.1.1
 -  SQLite 3.x
 
 To build ndn-cxx from source, one must first install a C++ compiler and all necessary

ndn-cxx/security/impl/openssl-helper.cpp

@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -37,13 +37,12 @@ digestAlgorithmToEvpMd(DigestAlgorithm algo)
     return EVP_sha384();
   case DigestAlgorithm::SHA512:
     return EVP_sha512();
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_BLAKE2)
+#ifndef OPENSSL_NO_BLAKE2
   case DigestAlgorithm::BLAKE2B_512:
     return EVP_blake2b512();
   case DigestAlgorithm::BLAKE2S_256:
     return EVP_blake2s256();
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x10101001L
   case DigestAlgorithm::SHA3_224:
     return EVP_sha3_224();
   case DigestAlgorithm::SHA3_256:
@@ -52,41 +51,27 @@ digestAlgorithmToEvpMd(DigestAlgorithm algo)
     return EVP_sha3_384();
   case DigestAlgorithm::SHA3_512:
     return EVP_sha3_512();
-#endif
   default:
     return nullptr;
   }
 }
 
 int
-getEvpPkeyType(EVP_PKEY* key)
+getEvpPkeyType(const EVP_PKEY* key)
 {
-  return
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-    EVP_PKEY_type(key->type);
-#else
-    EVP_PKEY_base_id(key);
-#endif
+  return EVP_PKEY_base_id(key);
 }
 
 EvpMdCtx::EvpMdCtx()
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-  : m_ctx(EVP_MD_CTX_create())
-#else
   : m_ctx(EVP_MD_CTX_new())
-#endif
 {
   if (m_ctx == nullptr)
     NDN_THROW(std::runtime_error("EVP_MD_CTX creation failed"));
 }
 
 EvpMdCtx::~EvpMdCtx()
 {
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-  EVP_MD_CTX_destroy(m_ctx);
-#else
   EVP_MD_CTX_free(m_ctx);
-#endif
 }
 
 EvpPkeyCtx::EvpPkeyCtx(EVP_PKEY* key)
@@ -108,7 +93,7 @@ EvpPkeyCtx::~EvpPkeyCtx()
   EVP_PKEY_CTX_free(m_ctx);
 }
 
-Bio::Bio(Bio::MethodPtr method)
+Bio::Bio(const BIO_METHOD* method)
   : m_bio(BIO_new(method))
 {
   if (m_bio == nullptr)

ndn-cxx/security/impl/openssl-helper.hpp

@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -33,7 +33,7 @@ NDN_CXX_NODISCARD const EVP_MD*
 digestAlgorithmToEvpMd(DigestAlgorithm algo);
 
 NDN_CXX_NODISCARD int
-getEvpPkeyType(EVP_PKEY* key);
+getEvpPkeyType(const EVP_PKEY* key);
 
 class EvpMdCtx : noncopyable
 {
@@ -74,14 +74,8 @@ class EvpPkeyCtx : noncopyable
 class Bio : noncopyable
 {
 public:
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-  using MethodPtr = BIO_METHOD*;
-#else
-  using MethodPtr = const BIO_METHOD*;
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
-
   explicit
-  Bio(MethodPtr method);
+  Bio(const BIO_METHOD* method);
 
   ~Bio();
 

ndn-cxx/security/transform/private-key.cpp

@@ -51,18 +51,6 @@ namespace ndn {
 namespace security {
 namespace transform {
 
-static void
-opensslInitAlgorithms()
-{
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-  static bool isInitialized = false;
-  if (!isInitialized) {
-    OpenSSL_add_all_algorithms();
-    isInitialized = true;
-  }
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
-}
-
 class PrivateKey::Impl : noncopyable
 {
 public:
@@ -73,10 +61,6 @@ class PrivateKey::Impl : noncopyable
 
 public:
   EVP_PKEY* key = nullptr;
-
-#if OPENSSL_VERSION_NUMBER < 0x1010100fL
-  size_t keySize = 0; // in bits, used only for HMAC
-#endif
 };
 
 PrivateKey::PrivateKey()
@@ -112,13 +96,9 @@ PrivateKey::getKeySize() const
     case KeyType::EC:
       return static_cast<size_t>(EVP_PKEY_bits(m_impl->key));
     case KeyType::HMAC: {
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
       size_t nBytes = 0;
       EVP_PKEY_get_raw_private_key(m_impl->key, nullptr, &nBytes);
       return nBytes * 8;
-#else
-      return m_impl->keySize;
-#endif
     }
     default:
       return 0;
@@ -132,15 +112,8 @@ PrivateKey::getKeyDigest(DigestAlgorithm algo) const
     NDN_THROW(Error("Digest is not supported for key type " +
                     boost::lexical_cast<std::string>(getKeyType())));
 
-  const uint8_t* buf = nullptr;
   size_t len = 0;
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
-  buf = EVP_PKEY_get0_hmac(m_impl->key, &len);
-#else
-  const auto* octstr = reinterpret_cast<ASN1_OCTET_STRING*>(EVP_PKEY_get0(m_impl->key));
-  buf = octstr->data;
-  len = octstr->length;
-#endif
+  const uint8_t* buf = EVP_PKEY_get0_hmac(m_impl->key, &len);
   if (buf == nullptr)
     NDN_THROW(Error("Failed to obtain raw key pointer"));
   if (len * 8 != getKeySize())
@@ -165,25 +138,15 @@ PrivateKey::loadRaw(KeyType type, span<const uint8_t> buf)
     NDN_THROW(std::invalid_argument("Unsupported key type " + boost::lexical_cast<std::string>(type)));
   }
 
-  m_impl->key =
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
-      EVP_PKEY_new_raw_private_key(pkeyType, nullptr, buf.data(), buf.size());
-#else
-      EVP_PKEY_new_mac_key(pkeyType, nullptr, buf.data(), static_cast<int>(buf.size()));
-#endif
+  m_impl->key = EVP_PKEY_new_raw_private_key(pkeyType, nullptr, buf.data(), buf.size());
   if (m_impl->key == nullptr)
     NDN_THROW(Error("Failed to load private key"));
-
-#if OPENSSL_VERSION_NUMBER < 0x1010100fL
-  m_impl->keySize = buf.size() * 8;
-#endif
 }
 
 void
 PrivateKey::loadPkcs1(span<const uint8_t> buf)
 {
   ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
-  opensslInitAlgorithms();
 
   auto ptr = buf.data();
   if (d2i_AutoPrivateKey(&m_impl->key, &ptr, static_cast<long>(buf.size())) == nullptr)
@@ -219,7 +182,6 @@ PrivateKey::loadPkcs8(span<const uint8_t> buf, const char* pw, size_t pwLen)
 {
   BOOST_ASSERT(std::strlen(pw) == pwLen);
   ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
-  opensslInitAlgorithms();
 
   detail::Bio membio(BIO_s_mem());
   if (!membio.write(buf))
@@ -241,7 +203,6 @@ void
 PrivateKey::loadPkcs8(span<const uint8_t> buf, PasswordCallback pwCallback)
 {
   ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
-  opensslInitAlgorithms();
 
   detail::Bio membio(BIO_s_mem());
   if (!membio.write(buf))
@@ -382,7 +343,6 @@ ConstBufferPtr
 PrivateKey::toPkcs1() const
 {
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
-  opensslInitAlgorithms();
 
   detail::Bio membio(BIO_s_mem());
   if (!i2d_PrivateKey_bio(membio, m_impl->key))
@@ -400,7 +360,6 @@ PrivateKey::toPkcs8(const char* pw, size_t pwLen) const
 {
   BOOST_ASSERT(std::strlen(pw) == pwLen);
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
-  opensslInitAlgorithms();
 
   detail::Bio membio(BIO_s_mem());
   if (!i2d_PKCS8PrivateKey_bio(membio, m_impl->key, EVP_aes_256_cbc(), nullptr, 0,
@@ -418,7 +377,6 @@ ConstBufferPtr
 PrivateKey::toPkcs8(PasswordCallback pwCallback) const
 {
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
-  opensslInitAlgorithms();
 
   detail::Bio membio(BIO_s_mem());
   if (!i2d_PKCS8PrivateKey_bio(membio, m_impl->key, EVP_aes_256_cbc(), nullptr, 0,
@@ -499,11 +457,6 @@ PrivateKey::generateEcKey(uint32_t keySize)
   }
 
   auto guard = make_scope_exit([eckey] { EC_KEY_free(eckey); });
-
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-  EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
-
   if (EC_KEY_generate_key(eckey) != 1) {
     NDN_THROW(Error("Failed to generate EC key"));
   }

tests/unit/security/transform/digest-filter.t.cpp

@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -137,7 +137,7 @@ BOOST_AUTO_TEST_CASE(AlgorithmSha512)
   BOOST_CHECK_EQUAL_COLLECTIONS(out, out + sizeof(out), os.buf()->begin(), os.buf()->end());
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_BLAKE2)
+#ifndef OPENSSL_NO_BLAKE2
 BOOST_AUTO_TEST_CASE(AlgorithmBlake2b_512)
 {
   const uint8_t out[] = {
@@ -161,9 +161,8 @@ BOOST_AUTO_TEST_CASE(AlgorithmBlake2s_256)
   bufferSource("") >> digestFilter(DigestAlgorithm::BLAKE2S_256) >> streamSink(os);
   BOOST_CHECK_EQUAL_COLLECTIONS(out, out + sizeof(out), os.buf()->begin(), os.buf()->end());
 }
-#endif // OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_BLAKE2)
+#endif // !OPENSSL_NO_BLAKE2
 
-#if OPENSSL_VERSION_NUMBER >= 0x10101001L
 BOOST_AUTO_TEST_CASE(AlgorithmSha3_224)
 {
   const uint8_t out[] = {
@@ -210,7 +209,6 @@ BOOST_AUTO_TEST_CASE(AlgorithmSha3_512)
   bufferSource("") >> digestFilter(DigestAlgorithm::SHA3_512) >> streamSink(os);
   BOOST_CHECK_EQUAL_COLLECTIONS(out, out + sizeof(out), os.buf()->begin(), os.buf()->end());
 }
-#endif // OPENSSL_VERSION_NUMBER >= 0x10101001L
 
 BOOST_AUTO_TEST_SUITE_END() // TestDigestFilter
 BOOST_AUTO_TEST_SUITE_END() // Transform

tests/unit/security/transform/private-key.t.cpp

@@ -685,9 +685,7 @@ BOOST_AUTO_TEST_CASE_TEMPLATE(GenerateKey, T, KeyGenParams)
                          boolSink(result));
   }
   else {
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
     BOOST_CHECK_THROW(sKey->derivePublicKey(), PrivateKey::Error);
-#endif
     BOOST_CHECK_NO_THROW(bufferSource(data) >>
                          verifierFilter(DigestAlgorithm::SHA256, *sKey, *sig) >>
                          boolSink(result));
@@ -705,10 +703,8 @@ BOOST_AUTO_TEST_CASE_TEMPLATE(GenerateKey, T, KeyGenParams)
     BOOST_CHECK(*os1.buf() != *os2.buf());
   }
   else {
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
     OBufferStream os1;
     BOOST_CHECK_THROW(sKey->savePkcs1(os1), PrivateKey::Error);
-#endif
   }
 }
 

tests/unit/util/random.t.cpp

@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
- * Copyright (c) 2013-2021 Regents of the University of California.
+ * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -68,18 +68,11 @@ class FailRandMethodFixture
   }
 
 private: // RAND_METHOD callbacks
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-  static void
-  seed(const void* buf, int num)
-  {
-  }
-#else
   static int
   seed(const void* buf, int num)
   {
     return 0;
   }
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
 
   static int
   bytes(unsigned char* buf, int num)
@@ -92,18 +85,11 @@ class FailRandMethodFixture
   {
   }
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-  static void
-  add(const void* buf, int num, double entropy)
-  {
-  }
-#else
   static int
   add(const void* buf, int num, double entropy)
   {
     return 0;
   }
-#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
 
   static int
   pseudorand(unsigned char* buf, int num)

wscript

@@ -103,7 +103,7 @@ def configure(conf):
 
     conf.check_osx_frameworks()
     conf.check_sqlite3()
-    conf.check_openssl(lib='crypto', atleast_version='1.0.2')
+    conf.check_openssl(lib='crypto', atleast_version='1.1.1')
 
     boost_libs = ['system', 'program_options', 'chrono', 'date_time', 'filesystem', 'thread', 'log']