Skip to content

Commit

Permalink
src: remove TLS code for unsupported OpenSSLs
Browse files Browse the repository at this point in the history
Versions of OpenSSL lower than 1.1.1 are no longer supported, so remove
ifdefs for previous versions.

PR-URL: #28085
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
  • Loading branch information
sam-github authored and BridgeAR committed Jun 17, 2019
1 parent 0716944 commit 8984b73
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 61 deletions.
6 changes: 0 additions & 6 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -5564,12 +5564,6 @@ void DiffieHellman::SetPublicKey(const FunctionCallbackInfo<Value>& args) {
}

void DiffieHellman::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
OPENSSL_VERSION_NUMBER < 0x10100070L
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for
// Node. See https://github.com/openssl/openssl/pull/4384.
#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported"
#endif
SetKey(args,
[](DH* dh, BIGNUM* num) { return DH_set0_key(dh, nullptr, num); },
"Private key");
Expand Down
35 changes: 7 additions & 28 deletions src/node_crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -108,20 +108,13 @@ class SecureContext : public BaseObject {
static const int kTicketKeyNameIndex = 3;
static const int kTicketKeyIVIndex = 4;

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
unsigned char ticket_key_name_[16];
unsigned char ticket_key_aes_[16];
unsigned char ticket_key_hmac_[16];
#endif

protected:
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static const int64_t kExternalSize = sizeof(SSL_CTX);
#else
// OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
// as of OpenSSL 1.1.0f.
static const int64_t kExternalSize = 872;
#endif
// OpenSSL structures are opaque. This is sizeof(SSL_CTX) for OpenSSL 1.1.1b:
static const int64_t kExternalSize = 1024;

static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
Expand Down Expand Up @@ -167,14 +160,12 @@ class SecureContext : public BaseObject {
HMAC_CTX* hctx,
int enc);

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
static int TicketCompatibilityCallback(SSL* ssl,
unsigned char* name,
unsigned char* iv,
EVP_CIPHER_CTX* ectx,
HMAC_CTX* hctx,
int enc);
#endif

SecureContext(Environment* env, v8::Local<v8::Object> wrap)
: BaseObject(env, wrap) {
Expand Down Expand Up @@ -229,32 +220,20 @@ class SSLWrap {
protected:
typedef void (*CertCb)(void* arg);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
// Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
// some for buffers.
// OpenSSL structures are opaque. Estimate SSL memory size for OpenSSL 1.1.1b:
// SSL: 6224
// SSL->SSL3_STATE: 1040
// ...some buffers: 42 * 1024
// NOTE: Actually it is much more than this
static const int64_t kExternalSize =
sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024;
#else
// OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
// as of OpenSSL 1.1.0f.
static const int64_t kExternalSize = 4448 + 1024 + 42 * 1024;
#endif
static const int64_t kExternalSize = 6224 + 1040 + 42 * 1024;

static void ConfigureSecureContext(SecureContext* sc);
static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
static SSL_SESSION* GetSessionCallback(SSL* s,
unsigned char* key,
int len,
int* copy);
#else
static SSL_SESSION* GetSessionCallback(SSL* s,
const unsigned char* key,
int len,
int* copy);
#endif
static int NewSessionCallback(SSL* s, SSL_SESSION* sess);
static void KeylogCallback(const SSL* s, const char* line);
static void OnClientHello(void* arg,
Expand Down
27 changes: 0 additions & 27 deletions src/node_crypto_bio.cc
Original file line number Diff line number Diff line change
Expand Up @@ -30,16 +30,6 @@
namespace node {
namespace crypto {

#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define BIO_set_data(bio, data) bio->ptr = data
#define BIO_get_data(bio) bio->ptr
#define BIO_set_shutdown(bio, shutdown_) bio->shutdown = shutdown_
#define BIO_get_shutdown(bio) bio->shutdown
#define BIO_set_init(bio, init_) bio->init = init_
#define BIO_get_init(bio) bio->init
#endif


BIOPointer NodeBIO::New(Environment* env) {
BIOPointer bio(BIO_new(GetMethod()));
if (bio && env != nullptr)
Expand Down Expand Up @@ -231,22 +221,6 @@ long NodeBIO::Ctrl(BIO* bio, int cmd, long num, // NOLINT(runtime/int)


const BIO_METHOD* NodeBIO::GetMethod() {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static const BIO_METHOD method = {
BIO_TYPE_MEM,
"node.js SSL buffer",
Write,
Read,
Puts,
Gets,
Ctrl,
New,
Free,
nullptr
};

return &method;
#else
// This is called from InitCryptoOnce() to avoid race conditions during
// initialization.
static BIO_METHOD* method = nullptr;
Expand All @@ -263,7 +237,6 @@ const BIO_METHOD* NodeBIO::GetMethod() {
}

return method;
#endif
}


Expand Down

0 comments on commit 8984b73

Please sign in to comment.