src: remove TLS code for unsupported OpenSSLs

sam-github · BridgeAR · commit 8984b73033f7 · 2019-06-17T21:12:13.000+02:00
Versions of OpenSSL lower than 1.1.1 are no longer supported, so remove ifdefs for previous versions. PR-URL: #28085 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -5564,12 +5564,6 @@ void DiffieHellman::SetPublicKey(const FunctionCallbackInfo<Value>& args) {
 }
 
 void DiffieHellman::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-    OPENSSL_VERSION_NUMBER < 0x10100070L
-// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for
-// Node. See https://github.com/openssl/openssl/pull/4384.
-#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported"
-#endif
   SetKey(args,
          [](DH* dh, BIGNUM* num) { return DH_set0_key(dh, nullptr, num); },
          "Private key");
diff --git a/src/node_crypto.h b/src/node_crypto.h
@@ -108,20 +108,13 @@ class SecureContext : public BaseObject {
   static const int kTicketKeyNameIndex = 3;
   static const int kTicketKeyIVIndex = 4;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
   unsigned char ticket_key_name_[16];
   unsigned char ticket_key_aes_[16];
   unsigned char ticket_key_hmac_[16];
-#endif
 
  protected:
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-  static const int64_t kExternalSize = sizeof(SSL_CTX);
-#else
-  // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
-  // as of OpenSSL 1.1.0f.
-  static const int64_t kExternalSize = 872;
-#endif
+  // OpenSSL structures are opaque. This is sizeof(SSL_CTX) for OpenSSL 1.1.1b:
+  static const int64_t kExternalSize = 1024;
 
   static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -167,14 +160,12 @@ class SecureContext : public BaseObject {
                                HMAC_CTX* hctx,
                                int enc);
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
   static int TicketCompatibilityCallback(SSL* ssl,
                                          unsigned char* name,
                                          unsigned char* iv,
                                          EVP_CIPHER_CTX* ectx,
                                          HMAC_CTX* hctx,
                                          int enc);
-#endif
 
   SecureContext(Environment* env, v8::Local<v8::Object> wrap)
       : BaseObject(env, wrap) {
@@ -229,32 +220,20 @@ class SSLWrap {
  protected:
   typedef void (*CertCb)(void* arg);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-  // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
-  // some for buffers.
+  // OpenSSL structures are opaque. Estimate SSL memory size for OpenSSL 1.1.1b:
+  //   SSL: 6224
+  //   SSL->SSL3_STATE: 1040
+  //   ...some buffers: 42 * 1024
   // NOTE: Actually it is much more than this
-  static const int64_t kExternalSize =
-      sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024;
-#else
-  // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
-  // as of OpenSSL 1.1.0f.
-  static const int64_t kExternalSize = 4448 + 1024 + 42 * 1024;
-#endif
+  static const int64_t kExternalSize = 6224 + 1040 + 42 * 1024;
 
   static void ConfigureSecureContext(SecureContext* sc);
   static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-  static SSL_SESSION* GetSessionCallback(SSL* s,
-                                         unsigned char* key,
-                                         int len,
-                                         int* copy);
-#else
   static SSL_SESSION* GetSessionCallback(SSL* s,
                                          const unsigned char* key,
                                          int len,
                                          int* copy);
-#endif
   static int NewSessionCallback(SSL* s, SSL_SESSION* sess);
   static void KeylogCallback(const SSL* s, const char* line);
   static void OnClientHello(void* arg,
diff --git a/src/node_crypto_bio.cc b/src/node_crypto_bio.cc
@@ -30,16 +30,6 @@
 namespace node {
 namespace crypto {
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define BIO_set_data(bio, data) bio->ptr = data
-#define BIO_get_data(bio) bio->ptr
-#define BIO_set_shutdown(bio, shutdown_) bio->shutdown = shutdown_
-#define BIO_get_shutdown(bio) bio->shutdown
-#define BIO_set_init(bio, init_) bio->init = init_
-#define BIO_get_init(bio) bio->init
-#endif
-
-
 BIOPointer NodeBIO::New(Environment* env) {
   BIOPointer bio(BIO_new(GetMethod()));
   if (bio && env != nullptr)
@@ -231,22 +221,6 @@ long NodeBIO::Ctrl(BIO* bio, int cmd, long num,  // NOLINT(runtime/int)
 
 
 const BIO_METHOD* NodeBIO::GetMethod() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-  static const BIO_METHOD method = {
-    BIO_TYPE_MEM,
-    "node.js SSL buffer",
-    Write,
-    Read,
-    Puts,
-    Gets,
-    Ctrl,
-    New,
-    Free,
-    nullptr
-  };
-
-  return &method;
-#else
   // This is called from InitCryptoOnce() to avoid race conditions during
   // initialization.
   static BIO_METHOD* method = nullptr;
@@ -263,7 +237,6 @@ const BIO_METHOD* NodeBIO::GetMethod() {
   }
 
   return method;
-#endif
 }
 
 
