[xmlsec] remove support for legacy OpenSSL 0.9.6 and 0.9.7
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] remove support for legacy OpenSSL 0.9.6 and 0.9.7
- Date: Wed, 11 Mar 2015 05:29:26 +0000 (UTC)
commit 8f78efe126e579041a07e342fe4dbbc38711a414
Author: Aleksey Sanin <aleksey aleksey com>
Date: Tue Mar 10 22:29:16 2015 -0700
remove support for legacy OpenSSL 0.9.6 and 0.9.7
ChangeLog | 5 ++-
configure.in | 41 +-------------------------
docs/download.html | 3 +-
docs/faq.html | 7 ++--
src/mscrypto/globals.h | 13 --------
src/openssl/README | 8 +----
src/openssl/app.c | 2 -
src/openssl/ciphers.c | 35 ++++++-----------------
src/openssl/digests.c | 17 +----------
src/openssl/hmac.c | 6 +--
src/openssl/kw_aes.c | 3 --
src/openssl/kw_des.c | 2 -
src/openssl/signatures.c | 70 +--------------------------------------------
src/openssl/symkeys.c | 5 ---
src/openssl/x509.c | 2 -
src/openssl/x509vfy.c | 11 -------
win32/README.txt | 2 +-
17 files changed, 26 insertions(+), 206 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 9a0c7e2..49a2d22 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
+2014-03-10 Aleksey Sanin <aleksey aleksey com>
+ * Removed support for legacy OpenSSL 0.9.6 (last release: March, 2004) and 0.9.7 (last release:
February, 2007)
+
2014-02-25 Aleksey Sanin <aleksey aleksey com>
- * Removed XKMS support -- it was never completed and not worth keeping
+ * Removed XKMS support -- it was never completed and not worth keeping
2013-05-23 Aleksey Sanin <aleksey aleksey com>
* 1.2.20 release
diff --git a/configure.in b/configure.in
index 7126284..7d976d0 100644
--- a/configure.in
+++ b/configure.in
@@ -346,7 +346,7 @@ ac_openssl_lib_dir="/usr/local/lib /usr/lib /usr/lib64 /usr/local /usr/local/ssl
ac_openssl_inc_dir="/usr/local/include /usr/include /usr/local /usr/local/ssl /usr/pkg
/usr/local/ssl/include"
XMLSEC_NO_OPENSSL="1"
-OPENSSL_MIN_VERSION="0.9.6"
+OPENSSL_MIN_VERSION="0.9.8"
OPENSSL_VERSION=""
OPENSSL_CFLAGS=""
OPENSSL_LIBS=""
@@ -385,12 +385,6 @@ elif test "z$PKGCONFIG_FOUND" = "zyes" ; then
[OPENSSL_VERSION="0.9.8"],
[OPENSSL_VERSION=""])
fi
-
- if test "z$OPENSSL_VERSION" = "z" ; then
- PKG_CHECK_MODULES(OPENSSL, openssl >= 0.9.7,
- [OPENSSL_VERSION="0.9.7"],
- [OPENSSL_VERSION=""])
- fi
if test "z$OPENSSL_VERSION" = "z" ; then
PKG_CHECK_MODULES(OPENSSL, openssl >= $OPENSSL_MIN_VERSION,
@@ -473,31 +467,6 @@ if test "z$OPENSSL_FOUND" = "zyes" -a "z$OPENSSL_VERSION" = "z" ; then
fi
if test "z$OPENSSL_VERSION" = "z" ; then
- AC_EGREP_CPP(yes,[
- #include <openssl/opensslv.h>
- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
- yes
- #endif
- ],[
- OPENSSL_VERSION="0.9.7"
- ],[
- OPENSSL_VERSION=""
- ])
- fi
-
- if test "z$OPENSSL_VERSION" = "z" ; then
- AC_EGREP_CPP(yes,[
- #include <openssl/opensslv.h>
- #if OPENSSL_VERSION_NUMBER >= 0x00906000L
- yes
- #endif
- ],[
- OPENSSL_VERSION="0.9.6"
- ],[
- OPENSSL_VERSION=""
- ])
- fi
- if test "z$OPENSSL_VERSION" = "z" ; then
AC_MSG_RESULT(no)
else
AC_MSG_RESULT([yes ('$OPENSSL_VERSION')])
@@ -524,12 +493,6 @@ fi
if test "z$OPENSSL_FOUND" = "zyes" ; then
XMLSEC_NO_OPENSSL="0"
- if test "z$OPENSSL_VERSION" = "z0.9.6" ; then
- OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_096=1 -DXMLSEC_NO_ECDSA=1"
- fi
- if test "z$OPENSSL_VERSION" = "z0.9.7" ; then
- OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_097=1 -DXMLSEC_NO_ECDSA=1"
- fi
if test "z$OPENSSL_VERSION" = "z0.9.8" ; then
OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_098=1 -DXMLSEC_NO_ECDSA=1"
fi
@@ -1310,7 +1273,7 @@ dnl ==========================================================================
dnl See do we need AES support
dnl ==========================================================================
AC_MSG_CHECKING(for AES support)
-AC_ARG_ENABLE(aes, [ --enable-aes enable AES support (OpenSSL >= 0.9.7 is required)])
+AC_ARG_ENABLE(aes, [ --enable-aes enable AES support])
if test "z$enable_aes" = "zno" ; then
XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_AES=1"
XMLSEC_NO_AES="1"
diff --git a/docs/download.html b/docs/download.html
index 965049f..6f7ed28 100644
--- a/docs/download.html
+++ b/docs/download.html
@@ -79,8 +79,7 @@
<p>and one of the following cryptographic libraries:</p>
<ul>
<li>
-<a href="http://www.openssl.org/">OpenSSL</a> version 0.9.8 (or later). It also should work with 0.9.7 and
0.9.6 but some features
- would be disabled.</li>
+<a href="http://www.openssl.org/">OpenSSL</a> version 0.9.8 (or later).</li>
<li>
<a href="http://www.gnu.org/software/gnutls/">GnuTLS</a>
</li>
diff --git a/docs/faq.html b/docs/faq.html
index 32a08c3..b910892 100644
--- a/docs/faq.html
+++ b/docs/faq.html
@@ -209,7 +209,7 @@ xmlsec?</h4>
(optional)</li>
</ul>
<ul>
-<li> <a href="http://www.openssl.org/">OpenSSL</a> version 0.9.8 (or later). The OpenSSL 0.9.7 and 0.9.6 are
also supported but XMLSec library will have limited functionality.</li>
+<li> <a href="http://www.openssl.org/">OpenSSL</a> version 0.9.8 (or later).</li>
<li>
<a href="http://www.gnu.org/software/gnutls/">GnuTLS</a>
</li>
@@ -228,9 +228,8 @@ for some tests?</h4>
<p> First of all, some tests <b>must</b> fail! Please read
the messages printed before the tests.<br>
If you have other failed tests then the next possible reason is that
-you are using OpenSSL 0.9.6 or 0.9.7 thus some xmlsec features are disabled in this
-case. Please try to upgrade to OpenSSL 0.9.8 (or later) and re-configure/re-compile xmlsec.<br>
-if this does not help then probably there is a bug in the xmlsec or in
+some features are not compiled into the library. Re-configure/re-compile xmlsec.<br>
+If this does not help then probably there is a bug in the xmlsec or in
the xmlsec tests. Please submit the <a href="http://www.aleksey.com/xmlsec/bugs.html">bug report</a> and I'll
try to fix it. </p>
<h4> <a name="section_2_5"></a>2.5. I get the xmlsec
diff --git a/src/mscrypto/globals.h b/src/mscrypto/globals.h
index 2b88d5d..35cbf24 100644
--- a/src/mscrypto/globals.h
+++ b/src/mscrypto/globals.h
@@ -22,18 +22,5 @@
#define IN_XMLSEC_CRYPTO
#define XMLSEC_PRIVATE
-/* OpenSSL 0.9.6 and 0.9.7 do not have SHA 224/256/384/512 */
-#if defined(XMLSEC_OPENSSL_096) || defined(XMLSEC_OPENSSL_097)
-#define XMLSEC_NO_SHA224 1
-#define XMLSEC_NO_SHA256 1
-#define XMLSEC_NO_SHA384 1
-#define XMLSEC_NO_SHA512 1
-#endif /* defined(XMLSEC_OPENSSL_096) || defined(XMLSEC_OPENSSL_097) */
-
-/* OpenSSL 0.9.6 does not have AES */
-#if defined(XMLSEC_OPENSSL_096)
-#define XMLSEC_NO_AES 1
-#endif /* XMLSEC_OPENSSL_096 */
-
#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/openssl/README b/src/openssl/README
index 0f1c625..e33b0b0 100644
--- a/src/openssl/README
+++ b/src/openssl/README
@@ -1,6 +1,6 @@
WHAT VERSION OF OPENSSL?
------------------------------------------------------------------------
-OpenSSL 0.9.6 is supported but some functionality requires 0.9.7 or greater.
+OpenSSL 0.9.8 or later is required
KEYS MANAGER
------------------------------------------------------------------------
@@ -9,9 +9,3 @@ OpenSSL does not have a keys or certificates storage implementation. The
default xmlsec-openssl key manager uses a simple keys store from xmlsec
core library based on plain keys list. Trusted/untrusted certificates
are stored in STACK_OF(X509) structures.
-
-KNOWN ISSUES.
-------------------------------------------------------------------------
-1) One day we might decide to drop OpenSSL 0.9.6 supprot and remove all
-these ifdef's to simplify the code.
-
diff --git a/src/openssl/app.c b/src/openssl/app.c
index 4154d2e..bf78627 100644
--- a/src/openssl/app.c
+++ b/src/openssl/app.c
@@ -103,9 +103,7 @@ xmlSecOpenSSLAppShutdown(void) {
X509_TRUST_cleanup();
#endif /* XMLSEC_NO_X509 */
-#ifndef XMLSEC_OPENSSL_096
CRYPTO_cleanup_all_ex_data();
-#endif /* XMLSEC_OPENSSL_096 */
/* finally cleanup errors */
ERR_remove_state(0);
diff --git a/src/openssl/ciphers.c b/src/openssl/ciphers.c
index 1b60062..fb27658 100644
--- a/src/openssl/ciphers.c
+++ b/src/openssl/ciphers.c
@@ -21,10 +21,6 @@
#include <xmlsec/openssl/crypto.h>
#include <xmlsec/openssl/evp.h>
-/* this is not defined in OpenSSL 0.9.6 */
-#ifndef EVP_MAX_BLOCK_LENGTH
-#define EVP_MAX_BLOCK_LENGTH 32
-#endif /* EVP_MAX_BLOCK_LENGTH */
/**************************************************************************
*
@@ -140,13 +136,11 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
/*
* The padding used in XML Enc does not follow RFC 1423
- * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
- * it is possible to disable padding and do it by yourself
- * For OpenSSL 0.9.6 you have interop problems
+ * and is not supported by OpenSSL. However, it is possible
+ * to disable padding and do it by yourself
*/
-#ifndef XMLSEC_OPENSSL_096
EVP_CIPHER_CTX_set_padding(&(ctx->cipherCtx), 0);
-#endif /* XMLSEC_OPENSSL_096 */
+
return(0);
}
@@ -195,16 +189,14 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
/*
* The padding used in XML Enc does not follow RFC 1423
- * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
- * it is possible to disable padding and do it by yourself
- * For OpenSSL 0.9.6 you have interop problems.
+ * and is not supported by OpenSSL. However, it is possible
+ * to disable padding and do it by yourself
*
* The logic below is copied from EVP_DecryptUpdate() function.
* This is a hack but it's the only way I can provide binary
* compatibility with previous versions of xmlsec.
* This needs to be fixed in the next XMLSEC API refresh.
*/
-#ifndef XMLSEC_OPENSSL_096
if(!ctx->cipherCtx.encrypt) {
if(ctx->cipherCtx.final_used) {
memcpy(outBuf, ctx->cipherCtx.final, blockLen);
@@ -214,7 +206,6 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
fixLength = 0;
}
}
-#endif /* XMLSEC_OPENSSL_096 */
/* encrypt/decrypt */
ret = EVP_CipherUpdate(&(ctx->cipherCtx), outBuf, &outLen, xmlSecBufferGetData(in), inSize);
@@ -227,7 +218,6 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
return(-1);
}
-#ifndef XMLSEC_OPENSSL_096
if(!ctx->cipherCtx.encrypt) {
/*
* The logic below is copied from EVP_DecryptUpdate() function.
@@ -246,7 +236,6 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
outLen += blockLen;
}
}
-#endif /* XMLSEC_OPENSSL_096 */
/* set correct output buffer size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
@@ -310,16 +299,14 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
/*
* The padding used in XML Enc does not follow RFC 1423
- * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
- * it is possible to disable padding and do it by yourself
- * For OpenSSL 0.9.6 you have interop problems.
+ * and is not supported by OpenSSL. However, it is possible
+ * to disable padding and do it by yourself
*
* The logic below is copied from EVP_DecryptFinal() function.
* This is a hack but it's the only way I can provide binary
* compatibility with previous versions of xmlsec.
* This needs to be fixed in the next XMLSEC API refresh.
*/
-#ifndef XMLSEC_OPENSSL_096
if(ctx->cipherCtx.encrypt) {
int padLen;
@@ -354,7 +341,6 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
}
outBuf += outLen;
}
-#endif /* XMLSEC_OPENSSL_096 */
/* finalize transform */
ret = EVP_CipherFinal(&(ctx->cipherCtx), outBuf, &outLen2);
@@ -369,16 +355,14 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
/*
* The padding used in XML Enc does not follow RFC 1423
- * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
- * it is possible to disable padding and do it by yourself
- * For OpenSSL 0.9.6 you have interop problems.
+ * and is not supported by OpenSSL. However, it is possible
+ * to disable padding and do it by yourself
*
* The logic below is copied from EVP_DecryptFinal() function.
* This is a hack but it's the only way I can provide binary
* compatibility with previous versions of xmlsec.
* This needs to be fixed in the next XMLSEC API refresh.
*/
-#ifndef XMLSEC_OPENSSL_096
if(!ctx->cipherCtx.encrypt) {
/* we instructed openssl to do not use padding so there
* should be no final block
@@ -402,7 +386,6 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
}
}
}
-#endif /* XMLSEC_OPENSSL_096 */
/* set correct output buffer size */
ret = xmlSecBufferSetSize(out, outSize + outLen + outLen2);
diff --git a/src/openssl/digests.c b/src/openssl/digests.c
index 74b91df..b491303 100644
--- a/src/openssl/digests.c
+++ b/src/openssl/digests.c
@@ -231,9 +231,7 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) {
return(-1);
}
-#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_init(&(ctx->digestCtx));
-#endif /* XMLSEC_OPENSSL_096 */
return(0);
}
@@ -248,9 +246,8 @@ xmlSecOpenSSLEvpDigestFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
xmlSecAssert(ctx != NULL);
-#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_cleanup(&(ctx->digestCtx));
-#endif /* XMLSEC_OPENSSL_096 */
+
memset(ctx, 0, sizeof(xmlSecOpenSSLDigestCtx));
}
@@ -318,7 +315,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran
xmlSecAssert2(ctx->digest != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
-#ifndef XMLSEC_OPENSSL_096
ret = EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -328,9 +324,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-#else /* XMLSEC_OPENSSL_096 */
- EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
-#endif /* XMLSEC_OPENSSL_096 */
transform->status = xmlSecTransformStatusWorking;
}
@@ -339,7 +332,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran
inSize = xmlSecBufferGetSize(in);
if(inSize > 0) {
-#ifndef XMLSEC_OPENSSL_096
ret = EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -349,9 +341,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran
"size=%d", inSize);
return(-1);
}
-#else /* XMLSEC_OPENSSL_096 */
- EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
-#endif /* XMLSEC_OPENSSL_096 */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
@@ -368,7 +357,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran
xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1);
-#ifndef XMLSEC_OPENSSL_096
ret = EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &dgstSize);
if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -378,9 +366,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-#else /* XMLSEC_OPENSSL_096 */
- EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &dgstSize);
-#endif /* XMLSEC_OPENSSL_096 */
xmlSecAssert2(dgstSize > 0, -1);
ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize);
diff --git a/src/openssl/hmac.c b/src/openssl/hmac.c
index bad1ac0..08c60bc 100644
--- a/src/openssl/hmac.c
+++ b/src/openssl/hmac.c
@@ -232,9 +232,8 @@ xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) {
return(-1);
}
-#ifndef XMLSEC_OPENSSL_096
HMAC_CTX_init(&(ctx->hmacCtx));
-#endif /* XMLSEC_OPENSSL_096 */
+
return(0);
}
@@ -248,9 +247,8 @@ xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert(ctx != NULL);
-#ifndef XMLSEC_OPENSSL_096
HMAC_CTX_cleanup(&(ctx->hmacCtx));
-#endif /* XMLSEC_OPENSSL_096 */
+
memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
}
diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c
index 573fb98..352528c 100644
--- a/src/openssl/kw_aes.c
+++ b/src/openssl/kw_aes.c
@@ -10,7 +10,6 @@
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
*/
#ifndef XMLSEC_NO_AES
-#ifndef XMLSEC_OPENSSL_096
#include "globals.h"
#include <stdlib.h>
@@ -508,6 +507,4 @@ xmlSecOpenSSLKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
return(AES_BLOCK_SIZE);
}
-
-#endif /* XMLSEC_OPENSSL_096 */
#endif /* XMLSEC_NO_AES */
diff --git a/src/openssl/kw_des.c b/src/openssl/kw_des.c
index 9d55e10..a90b843 100644
--- a/src/openssl/kw_des.c
+++ b/src/openssl/kw_des.c
@@ -530,9 +530,7 @@ xmlSecOpenSSLKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
return(-1);
}
-#ifndef XMLSEC_OPENSSL_096
EVP_CIPHER_CTX_set_padding(&cipherCtx, 0);
-#endif /* XMLSEC_OPENSSL_096 */
ret = EVP_CipherUpdate(&cipherCtx, out, &updateLen, in, inSize);
if(ret != 1) {
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
index 2ccb690..14d20cd 100644
--- a/src/openssl/signatures.c
+++ b/src/openssl/signatures.c
@@ -421,9 +421,8 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) {
return(-1);
}
-#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_init(&(ctx->digestCtx));
-#endif /* XMLSEC_OPENSSL_096 */
+
return(0);
}
@@ -441,9 +440,8 @@ xmlSecOpenSSLEvpSignatureFinalize(xmlSecTransformPtr transform) {
EVP_PKEY_free(ctx->pKey);
}
-#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_cleanup(&(ctx->digestCtx));
-#endif /* XMLSEC_OPENSSL_096 */
+
memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx));
}
@@ -588,7 +586,6 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
xmlSecAssert2(outSize == 0, -1);
if(transform->operation == xmlSecTransformOperationSign) {
-#ifndef XMLSEC_OPENSSL_096
ret = EVP_SignInit(&(ctx->digestCtx), ctx->digest);
if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -598,11 +595,7 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-#else /* XMLSEC_OPENSSL_096 */
- EVP_SignInit(&(ctx->digestCtx), ctx->digest);
-#endif /* XMLSEC_OPENSSL_096 */
} else {
-#ifndef XMLSEC_OPENSSL_096
ret = EVP_VerifyInit(&(ctx->digestCtx), ctx->digest);
if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -612,9 +605,6 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-#else /* XMLSEC_OPENSSL_096 */
- EVP_VerifyInit(&(ctx->digestCtx), ctx->digest);
-#endif /* XMLSEC_OPENSSL_096 */
}
transform->status = xmlSecTransformStatusWorking;
}
@@ -623,7 +613,6 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
xmlSecAssert2(outSize == 0, -1);
if(transform->operation == xmlSecTransformOperationSign) {
-#ifndef XMLSEC_OPENSSL_096
ret = EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -633,11 +622,7 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-#else /* XMLSEC_OPENSSL_096 */
- EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
-#endif /* XMLSEC_OPENSSL_096 */
} else {
-#ifndef XMLSEC_OPENSSL_096
ret = EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -647,9 +632,6 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-#else /* XMLSEC_OPENSSL_096 */
- EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
-#endif /* XMLSEC_OPENSSL_096 */
}
ret = xmlSecBufferRemoveHead(in, inSize);
@@ -917,7 +899,6 @@ xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
return(&xmlSecOpenSSLDsaSha1Klass);
}
-#ifndef XMLSEC_OPENSSL_096
static int
xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx)
{
@@ -935,24 +916,17 @@ xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
{
return SHA1_Final(md,ctx->md_data);
}
-#endif /* XMLSEC_OPENSSL_096 */
static const EVP_MD xmlSecOpenSSLDsaSha1MdEvp = {
NID_dsaWithSHA,
NID_dsaWithSHA,
SHA_DIGEST_LENGTH,
-#ifndef XMLSEC_OPENSSL_096
0,
xmlSecOpenSSLDsaSha1EvpInit,
xmlSecOpenSSLDsaSha1EvpUpdate,
xmlSecOpenSSLDsaSha1EvpFinal,
NULL,
NULL,
-#else /* XMLSEC_OPENSSL_096 */
- SHA1_Init,
- SHA1_Update,
- SHA1_Final,
-#endif /* XMLSEC_OPENSSL_096 */
xmlSecOpenSSLDsaEvpSign,
xmlSecOpenSSLDsaEvpVerify,
{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0},
@@ -1300,7 +1274,6 @@ xmlSecOpenSSLTransformEcdsaSha1GetKlass(void) {
return(&xmlSecOpenSSLEcdsaSha1Klass);
}
-#ifndef XMLSEC_OPENSSL_096
static int
xmlSecOpenSSLEcdsaSha1EvpInit(EVP_MD_CTX *ctx)
{
@@ -1318,24 +1291,17 @@ xmlSecOpenSSLEcdsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
{
return SHA1_Final(md,ctx->md_data);
}
-#endif /* XMLSEC_OPENSSL_096 */
static const EVP_MD xmlSecOpenSSLEcdsaSha1MdEvp = {
NID_ecdsa_with_SHA1,
NID_ecdsa_with_SHA1,
SHA_DIGEST_LENGTH,
-#ifndef XMLSEC_OPENSSL_096
0,
xmlSecOpenSSLEcdsaSha1EvpInit,
xmlSecOpenSSLEcdsaSha1EvpUpdate,
xmlSecOpenSSLEcdsaSha1EvpFinal,
NULL,
NULL,
-#else /* XMLSEC_OPENSSL_096 */
- SHA1_Init,
- SHA1_Update,
- SHA1_Final,
-#endif /* XMLSEC_OPENSSL_096 */
xmlSecOpenSSLEcdsaEvpSign,
xmlSecOpenSSLEcdsaEvpVerify,
/* XXX-MAK: This worries me, not sure that the keys are right. */
@@ -1398,7 +1364,6 @@ xmlSecOpenSSLTransformEcdsaSha224GetKlass(void) {
return(&xmlSecOpenSSLEcdsaSha224Klass);
}
-#ifndef XMLSEC_OPENSSL_096
static int
xmlSecOpenSSLEcdsaSha224EvpInit(EVP_MD_CTX *ctx)
{
@@ -1416,24 +1381,17 @@ xmlSecOpenSSLEcdsaSha224EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
{
return SHA224_Final(md,ctx->md_data);
}
-#endif /* XMLSEC_OPENSSL_096 */
static const EVP_MD xmlSecOpenSSLEcdsaSha224MdEvp = {
NID_ecdsa_with_SHA224,
NID_ecdsa_with_SHA224,
SHA224_DIGEST_LENGTH,
-#ifndef XMLSEC_OPENSSL_096
0,
xmlSecOpenSSLEcdsaSha224EvpInit,
xmlSecOpenSSLEcdsaSha224EvpUpdate,
xmlSecOpenSSLEcdsaSha224EvpFinal,
NULL,
NULL,
-#else /* XMLSEC_OPENSSL_096 */
- SHA224_Init,
- SHA224_Update,
- SHA224_Final,
-#endif /* XMLSEC_OPENSSL_096 */
xmlSecOpenSSLEcdsaEvpSign,
xmlSecOpenSSLEcdsaEvpVerify,
/* XXX-MAK: This worries me, not sure that the keys are right. */
@@ -1496,7 +1454,6 @@ xmlSecOpenSSLTransformEcdsaSha256GetKlass(void) {
return(&xmlSecOpenSSLEcdsaSha256Klass);
}
-#ifndef XMLSEC_OPENSSL_096
static int
xmlSecOpenSSLEcdsaSha256EvpInit(EVP_MD_CTX *ctx)
{
@@ -1514,24 +1471,17 @@ xmlSecOpenSSLEcdsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
{
return SHA256_Final(md,ctx->md_data);
}
-#endif /* XMLSEC_OPENSSL_096 */
static const EVP_MD xmlSecOpenSSLEcdsaSha256MdEvp = {
NID_ecdsa_with_SHA256,
NID_ecdsa_with_SHA256,
SHA256_DIGEST_LENGTH,
-#ifndef XMLSEC_OPENSSL_096
0,
xmlSecOpenSSLEcdsaSha256EvpInit,
xmlSecOpenSSLEcdsaSha256EvpUpdate,
xmlSecOpenSSLEcdsaSha256EvpFinal,
NULL,
NULL,
-#else /* XMLSEC_OPENSSL_096 */
- SHA256_Init,
- SHA256_Update,
- SHA256_Final,
-#endif /* XMLSEC_OPENSSL_096 */
xmlSecOpenSSLEcdsaEvpSign,
xmlSecOpenSSLEcdsaEvpVerify,
/* XXX-MAK: This worries me, not sure that the keys are right. */
@@ -1594,7 +1544,6 @@ xmlSecOpenSSLTransformEcdsaSha384GetKlass(void) {
return(&xmlSecOpenSSLEcdsaSha384Klass);
}
-#ifndef XMLSEC_OPENSSL_096
static int
xmlSecOpenSSLEcdsaSha384EvpInit(EVP_MD_CTX *ctx)
{
@@ -1612,24 +1561,17 @@ xmlSecOpenSSLEcdsaSha384EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
{
return SHA384_Final(md,ctx->md_data);
}
-#endif /* XMLSEC_OPENSSL_096 */
static const EVP_MD xmlSecOpenSSLEcdsaSha384MdEvp = {
NID_ecdsa_with_SHA384,
NID_ecdsa_with_SHA384,
SHA384_DIGEST_LENGTH,
-#ifndef XMLSEC_OPENSSL_096
0,
xmlSecOpenSSLEcdsaSha384EvpInit,
xmlSecOpenSSLEcdsaSha384EvpUpdate,
xmlSecOpenSSLEcdsaSha384EvpFinal,
NULL,
NULL,
-#else /* XMLSEC_OPENSSL_096 */
- SHA384_Init,
- SHA384_Update,
- SHA384_Final,
-#endif /* XMLSEC_OPENSSL_096 */
xmlSecOpenSSLEcdsaEvpSign,
xmlSecOpenSSLEcdsaEvpVerify,
/* XXX-MAK: This worries me, not sure that the keys are right. */
@@ -1692,7 +1634,6 @@ xmlSecOpenSSLTransformEcdsaSha512GetKlass(void) {
return(&xmlSecOpenSSLEcdsaSha512Klass);
}
-#ifndef XMLSEC_OPENSSL_096
static int
xmlSecOpenSSLEcdsaSha512EvpInit(EVP_MD_CTX *ctx)
{
@@ -1710,24 +1651,17 @@ xmlSecOpenSSLEcdsaSha512EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
{
return SHA512_Final(md,ctx->md_data);
}
-#endif /* XMLSEC_OPENSSL_096 */
static const EVP_MD xmlSecOpenSSLEcdsaSha512MdEvp = {
NID_ecdsa_with_SHA512,
NID_ecdsa_with_SHA512,
SHA512_DIGEST_LENGTH,
-#ifndef XMLSEC_OPENSSL_096
0,
xmlSecOpenSSLEcdsaSha512EvpInit,
xmlSecOpenSSLEcdsaSha512EvpUpdate,
xmlSecOpenSSLEcdsaSha512EvpFinal,
NULL,
NULL,
-#else /* XMLSEC_OPENSSL_096 */
- SHA512_Init,
- SHA512_Update,
- SHA512_Final,
-#endif /* XMLSEC_OPENSSL_096 */
xmlSecOpenSSLEcdsaEvpSign,
xmlSecOpenSSLEcdsaEvpVerify,
/* XXX-MAK: This worries me, not sure that the keys are right. */
diff --git a/src/openssl/symkeys.c b/src/openssl/symkeys.c
index 6195ed6..1ac4d08 100644
--- a/src/openssl/symkeys.c
+++ b/src/openssl/symkeys.c
@@ -181,11 +181,9 @@ xmlSecOpenSSLSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_AES
-#ifndef XMLSEC_OPENSSL_096
if(klass == xmlSecOpenSSLKeyDataAesId) {
return(1);
}
-#endif /* XMLSEC_OPENSSL_096 */
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_HMAC
@@ -198,7 +196,6 @@ xmlSecOpenSSLSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
}
#ifndef XMLSEC_NO_AES
-#ifndef XMLSEC_OPENSSL_096
/**************************************************************************
*
* <xmlsec:AESKeyValue> processing
@@ -277,8 +274,6 @@ xmlSecOpenSSLKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecS
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
-
-#endif /* XMLSEC_OPENSSL_096 */
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_DES
diff --git a/src/openssl/x509.c b/src/openssl/x509.c
index 11f4571..ed07bf1 100644
--- a/src/openssl/x509.c
+++ b/src/openssl/x509.c
@@ -1751,7 +1751,6 @@ xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) {
xmlSecAssert2(res != NULL, -1);
(*res) = 0;
-#ifndef XMLSEC_OPENSSL_096
if(!ASN1_TIME_check(t)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -1760,7 +1759,6 @@ xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) {
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-#endif /* XMLSEC_OPENSSL_096 */
memset(&tm, 0, sizeof(tm));
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c
index 370694d..9141fd1 100644
--- a/src/openssl/x509vfy.c
+++ b/src/openssl/x509vfy.c
@@ -48,10 +48,7 @@ struct _xmlSecOpenSSLX509StoreCtx {
X509_STORE* xst;
STACK_OF(X509)* untrusted;
STACK_OF(X509_CRL)* crls;
-
-#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
X509_VERIFY_PARAM * vpm;
-#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
};
/****************************************************************************
@@ -292,7 +289,6 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime);
}
-#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
{
X509_VERIFY_PARAM * vpm = NULL;
unsigned long vpm_flags = 0;
@@ -318,7 +314,6 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
X509_VERIFY_PARAM_set_flags(vpm, vpm_flags);
X509_STORE_CTX_set0_param(&xsc, vpm);
}
-#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
ret = X509_verify_cert(&xsc);
@@ -678,7 +673,6 @@ xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) {
return(-1);
}
-#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
ctx->vpm = X509_VERIFY_PARAM_new();
if(ctx->vpm == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -691,9 +685,6 @@ xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) {
X509_VERIFY_PARAM_set_depth(ctx->vpm, 9); /* the default cert verification path in openssl */
X509_STORE_set1_param(ctx->xst, ctx->vpm);
-#else /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
- ctx->xst->depth = 9; /* the default cert verification path in openssl */
-#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
return(0);
}
@@ -716,11 +707,9 @@ xmlSecOpenSSLX509StoreFinalize(xmlSecKeyDataStorePtr store) {
if(ctx->crls != NULL) {
sk_X509_CRL_pop_free(ctx->crls, X509_CRL_free);
}
-#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
if(ctx->vpm != NULL) {
X509_VERIFY_PARAM_free(ctx->vpm);
}
-#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
memset(ctx, 0, sizeof(xmlSecOpenSSLX509StoreCtx));
}
diff --git a/win32/README.txt b/win32/README.txt
index 511aa16..7040e05 100644
--- a/win32/README.txt
+++ b/win32/README.txt
@@ -127,7 +127,7 @@ you need to add one of the following global defines:
#define XMLSEC_CRYPTO_NSS
Also you'll need to define all configuration parameters used during XML Security
-Library compilation (XMLSEC_OPENSSL_096, XMLSEC_NO_AES, XMLSEC_NO_X509,...).
+Library compilation (XMLSEC_OPENSSL_100, XMLSEC_NO_AES, XMLSEC_NO_X509,...).
2.1 Additional Global Defines for static linking.
---------------------------------------------
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]