OpenSSL: Drop support for OpenSSL 0.9.8

The OpenSSL project will not support version 0.9.8 anymore. As there
won't be even security fixes for this branch, it is not really safe to
continue using 0.9.8 and we might as well drop support for it to allow
cleaning up the conditional source code blocks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index b53bc4a3985cd04dc240a0977988a5408213a307..73b547db0bb28c761c411b776c1f864f273a8458 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -772,14 +772,10 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
 #else
        HMAC_CTX_init(&ctx->ctx);
 
-#if OPENSSL_VERSION_NUMBER < 0x00909000
-       HMAC_Init_ex(&ctx->ctx, key, key_len, md, NULL);
-#else /* openssl < 0.9.9 */
        if (HMAC_Init_ex(&ctx->ctx, key, key_len, md, NULL) != 1) {
                bin_clear_free(ctx, sizeof(*ctx));
                return NULL;
        }
-#endif /* openssl < 0.9.9 */
 #endif
 
        return ctx;
@@ -819,12 +815,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
        res = HMAC_Final(ctx->ctx, mac, &mdlen);
        HMAC_CTX_free(ctx->ctx);
 #else
-#if OPENSSL_VERSION_NUMBER < 0x00909000
-       HMAC_Final(&ctx->ctx, mac, &mdlen);
-       res = 1;
-#else /* openssl < 0.9.9 */
        res = HMAC_Final(&ctx->ctx, mac, &mdlen);
-#endif /* openssl < 0.9.9 */
        HMAC_CTX_cleanup(&ctx->ctx);
 #endif
        bin_clear_free(ctx, sizeof(*ctx));
@@ -875,22 +866,13 @@ done:
                return -1;
 
        HMAC_CTX_init(&ctx);
-#if OPENSSL_VERSION_NUMBER < 0x00909000
-       HMAC_Init_ex(&ctx, key, key_len, type, NULL);
-#else /* openssl < 0.9.9 */
        if (HMAC_Init_ex(&ctx, key, key_len, type, NULL) != 1)
                return -1;
-#endif /* openssl < 0.9.9 */
 
        for (i = 0; i < num_elem; i++)
                HMAC_Update(&ctx, addr[i], len[i]);
 
-#if OPENSSL_VERSION_NUMBER < 0x00909000
-       HMAC_Final(&ctx, mac, &mdlen);
-       res = 1;
-#else /* openssl < 0.9.9 */
        res = HMAC_Final(&ctx, mac, &mdlen);
-#endif /* openssl < 0.9.9 */
        HMAC_CTX_cleanup(&ctx);
 
        return res == 1 ? 0 : -1;

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 62277c46fdc7f93bdfcb57c5d58811469c0ebea2..f427c9c24609525bf838a99092364930aa684400 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -37,13 +37,6 @@
 #include "tls.h"
 #include "tls_openssl.h"
 
-#if OPENSSL_VERSION_NUMBER < 0x10000000L
-/* ERR_remove_thread_state replaces ERR_remove_state and the latter is
- * deprecated. However, OpenSSL 0.9.8 doesn't include
- * ERR_remove_thread_state. */
-#define ERR_remove_thread_state(tid) ERR_remove_state(0)
-#endif
-
 #if defined(OPENSSL_IS_BORINGSSL)
 /* stack_index_t is the return type of OpenSSL's sk_XXX_num() functions. */
 typedef size_t stack_index_t;
@@ -2972,17 +2965,11 @@ static int openssl_get_keyblock_size(SSL *ssl)
                return -1;
 
        c = ssl->enc_read_ctx->cipher;
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
        h = EVP_MD_CTX_md(ssl->read_hash);
-#else
-       h = ssl->read_hash;
-#endif
        if (h)
                md_size = EVP_MD_size(h);
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
        else if (ssl->s3)
                md_size = ssl->s3->tmp.new_mac_secret_size;
-#endif
        else
                return -1;