refactor(Deps/OpenSSL): Deprecate OpenSSL 1.x (azerothcore#19452)

* EOL
heyitsbench · Aug 7, 2024 · fdd8ff6 · fdd8ff6
1 parent 41366fc
commit fdd8ff6
Show file tree

Hide file tree

Showing 7 changed files with 3 additions and 149 deletions.
diff --git a/src/cmake/macros/FindOpenSSL.cmake b/src/cmake/macros/FindOpenSSL.cmake
@@ -217,18 +217,7 @@ if(OPENSSL_USE_STATIC_LIBS)
   endif()
 endif()
 
-if(CMAKE_SYSTEM_NAME STREQUAL "QNX" AND
-  CMAKE_SYSTEM_VERSION VERSION_GREATER_EQUAL "7.0" AND CMAKE_SYSTEM_VERSION VERSION_LESS "7.1" AND
-  OpenSSL_FIND_VERSION VERSION_GREATER_EQUAL "1.1" AND OpenSSL_FIND_VERSION VERSION_LESS "1.2")
-  # QNX 7.0.x provides openssl 1.0.2 and 1.1.1 in parallel:
-  # * openssl 1.0.2: libcrypto.so.2 and libssl.so.2, headers under usr/include/openssl
-  # * openssl 1.1.1: libcrypto1_1.so.2.1 and libssl1_1.so.2.1, header under usr/include/openssl1_1
-  # See http://www.qnx.com/developers/articles/rel_6726_0.html
-  set(_OPENSSL_FIND_PATH_SUFFIX "openssl1_1")
-  set(_OPENSSL_NAME_POSTFIX "1_1")
-else()
-  set(_OPENSSL_FIND_PATH_SUFFIX "include")
-endif()
+set(_OPENSSL_FIND_PATH_SUFFIX "include")
 
 if (OPENSSL_ROOT_DIR OR NOT "$ENV{OPENSSL_ROOT_DIR}" STREQUAL "")
   set(_OPENSSL_ROOT_HINTS HINTS ${OPENSSL_ROOT_DIR} ENV OPENSSL_ROOT_DIR)
@@ -284,7 +273,6 @@ endif ()
 
 if(HOMEBREW_PREFIX)
   list(APPEND _OPENSSL_ROOT_HINTS
-    "${HOMEBREW_PREFIX}/opt/[email protected]"
     "${HOMEBREW_PREFIX}/opt/openssl@3")
 endif()
 
@@ -633,41 +621,6 @@ function(from_hex HEX DEC)
 endfunction()
 
 if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
-  file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str
-       REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
-
-  if(openssl_version_str)
-    # The version number is encoded as 0xMNNFFPPS: major minor fix patch status
-    # The status gives if this is a developer or prerelease and is ignored here.
-    # Major, minor, and fix directly translate into the version numbers shown in
-    # the string. The patch field translates to the single character suffix that
-    # indicates the bug fix state, which 00 -> nothing, 01 -> a, 02 -> b and so
-    # on.
-
-    string(REGEX REPLACE "^.*OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F]).*$"
-           "\\1;\\2;\\3;\\4;\\5" OPENSSL_VERSION_LIST "${openssl_version_str}")
-    list(GET OPENSSL_VERSION_LIST 0 OPENSSL_VERSION_MAJOR)
-    list(GET OPENSSL_VERSION_LIST 1 OPENSSL_VERSION_MINOR)
-    from_hex("${OPENSSL_VERSION_MINOR}" OPENSSL_VERSION_MINOR)
-    list(GET OPENSSL_VERSION_LIST 2 OPENSSL_VERSION_FIX)
-    from_hex("${OPENSSL_VERSION_FIX}" OPENSSL_VERSION_FIX)
-    list(GET OPENSSL_VERSION_LIST 3 OPENSSL_VERSION_PATCH)
-
-    if (NOT OPENSSL_VERSION_PATCH STREQUAL "00")
-      from_hex("${OPENSSL_VERSION_PATCH}" _tmp)
-      # 96 is the ASCII code of 'a' minus 1
-      math(EXPR OPENSSL_VERSION_PATCH_ASCII "${_tmp} + 96")
-      unset(_tmp)
-      # Once anyone knows how OpenSSL would call the patch versions beyond 'z'
-      # this should be updated to handle that, too. This has not happened yet
-      # so it is simply ignored here for now.
-      string(ASCII "${OPENSSL_VERSION_PATCH_ASCII}" OPENSSL_VERSION_PATCH_STRING)
-    endif ()
-
-    set(OPENSSL_VERSION "${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_FIX}${OPENSSL_VERSION_PATCH_STRING}")
-  else ()
-    # Since OpenSSL 3.0.0, the new version format is MAJOR.MINOR.PATCH and
-    # a new OPENSSL_VERSION_STR macro contains exactly that
     file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" OPENSSL_VERSION_STR
          REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_STR[\t ]+\"([0-9])+\\.([0-9])+\\.([0-9])+\".*")
     string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$"
@@ -676,7 +629,6 @@ if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
     set(OPENSSL_VERSION "${OPENSSL_VERSION_STR}")
 
     unset(OPENSSL_VERSION_STR)
-  endif ()
 endif ()
 
 foreach(_comp IN LISTS OpenSSL_FIND_COMPONENTS)

diff --git a/src/common/Cryptography/ARC4.cpp b/src/common/Cryptography/ARC4.cpp
@@ -20,11 +20,7 @@
 
 Acore::Crypto::ARC4::ARC4() : _ctx(EVP_CIPHER_CTX_new())
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     _cipher = EVP_CIPHER_fetch(nullptr, "RC4", nullptr);
-#else
-    EVP_CIPHER const* _cipher = EVP_rc4();
-#endif
 
     EVP_CIPHER_CTX_init(_ctx);
     int result = EVP_EncryptInit_ex(_ctx, _cipher, nullptr, nullptr, nullptr);
@@ -34,10 +30,7 @@ Acore::Crypto::ARC4::ARC4() : _ctx(EVP_CIPHER_CTX_new())
 Acore::Crypto::ARC4::~ARC4()
 {
     EVP_CIPHER_CTX_free(_ctx);
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     EVP_CIPHER_free(_cipher);
-#endif
 }
 
 void Acore::Crypto::ARC4::Init(uint8 const* seed, std::size_t len)

diff --git a/src/common/Cryptography/ARC4.h b/src/common/Cryptography/ARC4.h
@@ -40,9 +40,7 @@ namespace Acore::Crypto
         template <typename Container>
         void UpdateData(Container& c) { UpdateData(std::data(c), std::size(c)); }
     private:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
         EVP_CIPHER* _cipher;
-#endif
         EVP_CIPHER_CTX* _ctx;
     };
 }

diff --git a/src/common/Cryptography/BigNumber.cpp b/src/common/Cryptography/BigNumber.cpp
@@ -57,20 +57,7 @@ void BigNumber::SetQword(uint64 val)
 void BigNumber::SetBinary(uint8 const* bytes, int32 len, bool littleEndian)
 {
     if (littleEndian)
-    {
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
-        uint8* array = new uint8[len];
-
-        for (int i = 0; i < len; i++)
-            array[i] = bytes[len - 1 - i];
-
-        BN_bin2bn(array, len, _bn);
-
-        delete[] array;
-#else
         BN_lebin2bn(bytes, len, _bn);
-#endif
-    }
     else
         BN_bin2bn(bytes, len, _bn);
 }
@@ -197,27 +184,8 @@ bool BigNumber::IsNegative() const
 
 void BigNumber::GetBytes(uint8* buf, std::size_t bufsize, bool littleEndian) const
 {
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
-    int nBytes = GetNumBytes();
-    ASSERT(nBytes >= 0, "Bignum has negative number of bytes ({}).", nBytes);
-    std::size_t numBytes = static_cast<std::size_t>(nBytes);
-
-    // too large to store
-    ASSERT(numBytes <= bufsize, "Buffer of size {} is too small to hold bignum with {} bytes.\n", bufsize, numBytes);
-
-    // If we need more bytes than length of BigNumber set the rest to 0
-    if (numBytes < bufsize)
-        memset((void*)buf, 0, bufsize);
-
-    BN_bn2bin(_bn, buf + (bufsize - numBytes));
-
-    // openssl's BN stores data internally in big endian format, reverse if little endian desired
-    if (littleEndian)
-        std::reverse(buf, buf + bufsize);
-#else
     int res = littleEndian ? BN_bn2lebinpad(_bn, buf, bufsize) : BN_bn2binpad(_bn, buf, bufsize);
     ASSERT(res > 0, "Buffer of size {} is too small to hold bignum with {} bytes.\n", bufsize, BN_num_bytes(_bn));
-#endif
 }
 
 std::vector<uint8> BigNumber::ToByteVector(int32 minSize, bool littleEndian) const

diff --git a/src/common/Cryptography/CryptoHash.h b/src/common/Cryptography/CryptoHash.h
@@ -34,13 +34,8 @@ namespace Acore::Impl
     {
         typedef EVP_MD const* (*HashCreator)();
 
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
-        static EVP_MD_CTX* MakeCTX() noexcept { return EVP_MD_CTX_create(); }
-        static void DestroyCTX(EVP_MD_CTX* ctx) { EVP_MD_CTX_destroy(ctx); }
-#else
         static EVP_MD_CTX* MakeCTX() noexcept { return EVP_MD_CTX_new(); }
         static void DestroyCTX(EVP_MD_CTX* ctx) { EVP_MD_CTX_free(ctx); }
-#endif
     };
 
     template <GenericHashImpl::HashCreator HashCreator, std::size_t DigestLength>

diff --git a/src/common/Cryptography/OpenSSLCrypto.cpp b/src/common/Cryptography/OpenSSLCrypto.cpp
@@ -17,34 +17,12 @@
 
 #include "OpenSSLCrypto.h"
 #include <openssl/crypto.h> // NOTE: this import is NEEDED (even though some IDEs report it as unused)
-
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL
-#include <vector>
-#include <thread>
-#include <mutex>
-
-std::vector<std::mutex*> cryptoLocks;
-
-static void lockingCallback(int mode, int type, char const* /*file*/, int /*line*/)
-{
-    if (mode & CRYPTO_LOCK)
-        cryptoLocks[type]->lock();
-    else
-        cryptoLocks[type]->unlock();
-}
-
-static void threadIdCallback(CRYPTO_THREADID * id)
-{
-    (void)id;
-    CRYPTO_THREADID_set_numeric(id, std::hash<std::thread::id>()(std::this_thread::get_id()));
-}
-#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
+
 OSSL_PROVIDER* LegacyProvider;
 OSSL_PROVIDER* DefaultProvider;
-#endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L && AC_PLATFORM == AC_PLATFORM_WINDOWS
+#if AC_PLATFORM == AC_PLATFORM_WINDOWS
 #include <boost/dll/runtime_symbol_info.hpp>
 #include <filesystem>
 
@@ -62,43 +40,16 @@ void SetupLibrariesForWindows()
 
 void OpenSSLCrypto::threadsSetup()
 {
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL
-    cryptoLocks.resize(CRYPTO_num_locks());
-
-    for (int i = 0 ; i < CRYPTO_num_locks(); ++i)
-    {
-        cryptoLocks[i] = new std::mutex();
-    }
-
-    (void)&threadIdCallback;
-    CRYPTO_THREADID_set_callback(threadIdCallback);
-
-    (void)&lockingCallback;
-    CRYPTO_set_locking_callback(lockingCallback);
-#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
 #if AC_PLATFORM == AC_PLATFORM_WINDOWS
     SetupLibrariesForWindows();
 #endif
     LegacyProvider = OSSL_PROVIDER_load(nullptr, "legacy");
     DefaultProvider = OSSL_PROVIDER_load(nullptr, "default");
-#endif
 }
 
 void OpenSSLCrypto::threadsCleanup()
 {
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL
-    CRYPTO_set_locking_callback(nullptr);
-    CRYPTO_THREADID_set_callback(nullptr);
-
-    for (int i = 0 ; i < CRYPTO_num_locks(); ++i)
-    {
-        delete cryptoLocks[i];
-    }
-
-    cryptoLocks.resize(0);
-#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
     OSSL_PROVIDER_unload(LegacyProvider);
     OSSL_PROVIDER_unload(DefaultProvider);
     OSSL_PROVIDER_set_default_search_path(nullptr, nullptr);
-#endif
 }
diff --git a/src/server/apps/worldserver/Main.cpp b/src/server/apps/worldserver/Main.cpp
@@ -391,9 +391,6 @@ int main(int argc, char** argv)
     if (MySQL::GetLibraryVersion() < 80000)
         LOG_WARN("server", "WARNING: You are using MySQL version 5.7 which is soon EOL!\nThis version will be deprecated. Consider upgrading to MySQL 8.0 or 8.1!");
 #endif
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    LOG_WARN("server", "WARNING: You are using OpenSSL version 1.1 which is soon EOL!\nThis version will be deprecated. Consider upgrading to OpenSSL 3.0 or 3.1!");
-#endif
 
     // Launch CliRunnable thread
     std::shared_ptr<std::thread> cliThread;