From e99f4fd31a9bc309a533606e298d98735e87b88f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnter=20Obiltschnig?= <guenter.obiltschnig@appinf.com>
Date: Sat, 16 Apr 2022 08:05:12 +0200
Subject: [PATCH] #3563: Remove support for OpenSSL < 1.0

---
 Crypto/include/Poco/Crypto/Crypto.h     |  5 +++++
 Crypto/src/ECKeyImpl.cpp                |  6 ++----
 Crypto/src/OpenSSLInitializer.cpp       |  8 +++-----
 Crypto/src/RSAKeyImpl.cpp               | 27 +++++++++----------------
 NetSSL_OpenSSL/src/Context.cpp          |  2 +-
 NetSSL_OpenSSL/src/SecureSocketImpl.cpp |  2 --
 6 files changed, 21 insertions(+), 29 deletions(-)

diff --git a/Crypto/include/Poco/Crypto/Crypto.h b/Crypto/include/Poco/Crypto/Crypto.h
index af7103e46..f44a4f88d 100644
--- a/Crypto/include/Poco/Crypto/Crypto.h
+++ b/Crypto/include/Poco/Crypto/Crypto.h
@@ -48,6 +48,11 @@
 #endif
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10000000L
+#error "OpenSSL version too old. At least OpenSSL 1.0.0 is required."
+#endif
+
+
 enum RSAPaddingMode
 	/// The padding mode used for RSA public key encryption.
 {
diff --git a/Crypto/src/ECKeyImpl.cpp b/Crypto/src/ECKeyImpl.cpp
index 99ffae760..e11b134ca 100644
--- a/Crypto/src/ECKeyImpl.cpp
+++ b/Crypto/src/ECKeyImpl.cpp
@@ -21,9 +21,7 @@
 #include "Poco/StreamCopier.h"
 #include <sstream>
 #include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
 #include <openssl/bn.h>
-#endif
 
 
 namespace Poco {
@@ -78,8 +76,8 @@ ECKeyImpl::ECKeyImpl(int curve):
 }
 
 
-ECKeyImpl::ECKeyImpl(const std::string& publicKeyFile, 
-	const std::string& privateKeyFile, 
+ECKeyImpl::ECKeyImpl(const std::string& publicKeyFile,
+	const std::string& privateKeyFile,
 	const std::string& privateKeyPassphrase): KeyPairImpl("ec", KT_EC_IMPL), _pEC(0)
 {
 	if (EVPPKey::loadKey(&_pEC, PEM_read_PrivateKey, EVP_PKEY_get1_EC_KEY, privateKeyFile, privateKeyPassphrase))
diff --git a/Crypto/src/OpenSSLInitializer.cpp b/Crypto/src/OpenSSLInitializer.cpp
index 253482f4b..3cdeb1470 100644
--- a/Crypto/src/OpenSSLInitializer.cpp
+++ b/Crypto/src/OpenSSLInitializer.cpp
@@ -20,11 +20,9 @@
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-
-
-#if OPENSSL_VERSION_NUMBER >= 0x0907000L
 #include <openssl/conf.h>
-#endif
+
+
 #if defined(POCO_OS_FAMILY_WINDOWS)
 	#define POCO_STR_HELPER(x) #x
 	#define POCO_STR(x) POCO_STR_HELPER(x)
@@ -98,7 +96,7 @@ void OpenSSLInitializer::initialize()
 	{
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 		CONF_modules_load(NULL, NULL, 0);
-#elif OPENSSL_VERSION_NUMBER >= 0x0907000L
+#else
 		OPENSSL_config(NULL);
 #endif
 
diff --git a/Crypto/src/RSAKeyImpl.cpp b/Crypto/src/RSAKeyImpl.cpp
index 8aa3890b9..58396ccb4 100644
--- a/Crypto/src/RSAKeyImpl.cpp
+++ b/Crypto/src/RSAKeyImpl.cpp
@@ -21,9 +21,7 @@
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
 #include <openssl/bn.h>
-#endif
 
 
 namespace Poco {
@@ -66,7 +64,6 @@ RSAKeyImpl::RSAKeyImpl(const PKCS12Container& cont):
 RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa", KT_RSA_IMPL),
 	_pRSA(0)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
 	_pRSA = RSA_new();
 	int ret = 0;
 	BIGNUM* bn = 0;
@@ -83,15 +80,11 @@ RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa"
 		throw;
 	}
 	if (!ret) throw Poco::InvalidArgumentException("Failed to create RSA context");
-#else
-	_pRSA = RSA_generate_key(keyLength, exponent, 0, 0);
-	if (!_pRSA) throw Poco::InvalidArgumentException("Failed to create RSA context");
-#endif
 }
 
 
-RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile, 
-	const std::string& privateKeyFile, 
+RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile,
+	const std::string& privateKeyFile,
 	const std::string& privateKeyPassphrase): KeyPairImpl("rsa", KT_RSA_IMPL),
 		_pRSA(0)
 {
@@ -109,7 +102,7 @@ RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile,
 			if (!pubKey)
 			{
 				int rc = BIO_reset(bio);
-				// BIO_reset() normally returns 1 for success and 0 or -1 for failure. 
+				// BIO_reset() normally returns 1 for success and 0 or -1 for failure.
 				// File BIOs are an exception, they return 0 for success and -1 for failure.
 				if (rc != 0) throw Poco::FileException("Failed to load public key", publicKeyFile);
 				pubKey = PEM_read_bio_RSA_PUBKEY(bio, &_pRSA, 0, 0);
@@ -174,7 +167,7 @@ RSAKeyImpl::RSAKeyImpl(std::istream* pPublicKeyStream,
 		if (!publicKey)
 		{
 			int rc = BIO_reset(bio);
-			// BIO_reset() normally returns 1 for success and 0 or -1 for failure. 
+			// BIO_reset() normally returns 1 for success and 0 or -1 for failure.
 			// File BIOs are an exception, they return 0 for success and -1 for failure.
 			if (rc != 1) throw Poco::FileException("Failed to load public key");
 			publicKey = PEM_read_bio_RSA_PUBKEY(bio, &_pRSA, 0, 0);
@@ -293,7 +286,7 @@ void RSAKeyImpl::save(const std::string& publicKeyFile,
 		}
 		BIO_free(bio);
 	}
-	
+
 	if (!privateKeyFile.empty())
 	{
 		BIO* bio = BIO_new(BIO_s_file());
@@ -306,8 +299,8 @@ void RSAKeyImpl::save(const std::string& publicKeyFile,
 				if (privateKeyPassphrase.empty())
 					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0);
 				else
-					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 
-						reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())), 
+					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(),
+						reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),
 						static_cast<int>(privateKeyPassphrase.length()), 0, 0);
 				if (!rc) throw Poco::FileException("Failed to write private key to file", privateKeyFile);
 			}
@@ -350,10 +343,10 @@ void RSAKeyImpl::save(std::ostream* pPublicKeyStream,
 		if (privateKeyPassphrase.empty())
 			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0);
 		else
-			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 
-				reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())), 
+			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(),
+				reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),
 				static_cast<int>(privateKeyPassphrase.length()), 0, 0);
-		if (!rc) 
+		if (!rc)
 		{
 			BIO_free(bio);
 			throw Poco::FileException("Failed to write private key to stream");
diff --git a/NetSSL_OpenSSL/src/Context.cpp b/NetSSL_OpenSSL/src/Context.cpp
index f5d15e334..d1d5a6c13 100644
--- a/NetSSL_OpenSSL/src/Context.cpp
+++ b/NetSSL_OpenSSL/src/Context.cpp
@@ -812,7 +812,7 @@ void Context::initECDH(const std::string& curve)
  		throw SSLContextException("Cannot set ECDH groups", groups);
  	}
  	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE);
- #elif OPENSSL_VERSION_NUMBER >= 0x0090800fL
+ #else
 	int nid = 0;
 	if (!curve.empty())
 	{
diff --git a/NetSSL_OpenSSL/src/SecureSocketImpl.cpp b/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
index 099748b27..844246750 100644
--- a/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
+++ b/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
@@ -157,12 +157,10 @@ void SecureSocketImpl::connectSSL(bool performHandshake)
 	}
 	SSL_set_bio(_pSSL, pBIO, pBIO);
 
-#if OPENSSL_VERSION_NUMBER >= 0x0908060L && !defined(OPENSSL_NO_TLSEXT)
 	if (!_peerHostName.empty())
 	{
 		SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str());
 	}
-#endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
 	if(_pContext->ocspStaplingResponseVerificationEnabled())