Cleanup old ssl code

src/node_crypto.cc

@@ -5564,12 +5564,6 @@ void DiffieHellman::SetPublicKey(const FunctionCallbackInfo<Value>& args) {
 }
 
 void DiffieHellman::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
- OPENSSL_VERSION_NUMBER < 0x10100070L
-// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for
-// Node. See https://github.com/openssl/openssl/pull/4384.
-#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported"
-#endif
  SetKey(args,
  [](DH* dh, BIGNUM* num) { return DH_set0_key(dh, nullptr, num); },
  "Private key");

src/node_crypto.h

@@ -108,20 +108,13 @@ class SecureContext : public BaseObject {
  static const int kTicketKeyNameIndex = 3;
  static const int kTicketKeyIVIndex = 4;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  unsigned char ticket_key_name_[16];
  unsigned char ticket_key_aes_[16];
  unsigned char ticket_key_hmac_[16];
-#endif
 
  protected:
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- static const int64_t kExternalSize = sizeof(SSL_CTX);
-#else
- // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
- // as of OpenSSL 1.1.0f.
- static const int64_t kExternalSize = 872;
-#endif
+ // OpenSSL structures are opaque. This is sizeof(SSL_CTX) for OpenSSL 1.1.1b:
+ static const int64_t kExternalSize = 1024;
 
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -167,14 +160,12 @@ class SecureContext : public BaseObject {
  HMAC_CTX* hctx,
  int enc);
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  static int TicketCompatibilityCallback(SSL* ssl,
  unsigned char* name,
  unsigned char* iv,
  EVP_CIPHER_CTX* ectx,
  HMAC_CTX* hctx,
  int enc);
-#endif
 
  SecureContext(Environment* env, v8::Local<v8::Object> wrap)
  : BaseObject(env, wrap) {
@@ -229,32 +220,20 @@ class SSLWrap {
  protected:
  typedef void (*CertCb)(void* arg);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
- // some for buffers.
+ // OpenSSL structures are opaque. Estimate SSL memory size for OpenSSL 1.1.1b:
+ // SSL: 6224
+ // SSL->SSL3_STATE: 1040
+ // ...some buffers: 42 * 1024
  // NOTE: Actually it is much more than this
- static const int64_t kExternalSize =
- sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024;
-#else
- // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
- // as of OpenSSL 1.1.0f.
- static const int64_t kExternalSize = 4448 + 1024 + 42 * 1024;
-#endif
+ static const int64_t kExternalSize = 6224 + 1040 + 42 * 1024;
 
  static void ConfigureSecureContext(SecureContext* sc);
  static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- static SSL_SESSION* GetSessionCallback(SSL* s,
- unsigned char* key,
- int len,
- int* copy);
-#else
  static SSL_SESSION* GetSessionCallback(SSL* s,
  const unsigned char* key,
  int len,
  int* copy);
-#endif
  static int NewSessionCallback(SSL* s, SSL_SESSION* sess);
  static void KeylogCallback(const SSL* s, const char* line);
  static void OnClientHello(void* arg,

src/node_crypto_bio.cc

@@ -30,16 +30,6 @@
 namespace node {
 namespace crypto {
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define BIO_set_data(bio, data) bio->ptr = data
-#define BIO_get_data(bio) bio->ptr
-#define BIO_set_shutdown(bio, shutdown_) bio->shutdown = shutdown_
-#define BIO_get_shutdown(bio) bio->shutdown
-#define BIO_set_init(bio, init_) bio->init = init_
-#define BIO_get_init(bio) bio->init
-#endif
-
-
 BIOPointer NodeBIO::New(Environment* env) {
  BIOPointer bio(BIO_new(GetMethod()));
  if (bio && env != nullptr)
@@ -231,22 +221,6 @@ long NodeBIO::Ctrl(BIO* bio, int cmd, long num, // NOLINT(runtime/int)
 
 
 const BIO_METHOD* NodeBIO::GetMethod() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- static const BIO_METHOD method = {
- BIO_TYPE_MEM,
- "node.js SSL buffer",
- Write,
- Read,
- Puts,
- Gets,
- Ctrl,
- New,
- Free,
- nullptr
- };
-
- return &method;
-#else
  // This is called from InitCryptoOnce() to avoid race conditions during
  // initialization.
  static BIO_METHOD* method = nullptr;
@@ -263,7 +237,6 @@ const BIO_METHOD* NodeBIO::GetMethod() {
  }
 
  return method;
-#endif
 }
 
 

test/parallel/test-https-agent-session-eviction.js

@@ -7,10 +7,8 @@ const { readKey } = require('../common/fixtures');
 if (!common.hasCrypto)
  common.skip('missing crypto');
 
-const assert = require('assert');
 const https = require('https');
-const { OPENSSL_VERSION_NUMBER, SSL_OP_NO_TICKET } =
- require('crypto').constants;
+const { SSL_OP_NO_TICKET } = require('crypto').constants;
 
 const options = {
  key: readKey('agent1-key.pem'),
@@ -60,38 +58,12 @@ function second(server, session) {
  res.resume();
  });
 
- if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
- // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
- // connection to the TLS 1.0 server should work.
- req.on('response', common.mustCall(function(res) {
- // The test is now complete for OpenSSL 1.1.0.
- server.close();
- }));
- } else {
- // OpenSSL 1.0.x mistakenly locked versions based on the session it was
- // offering. This causes this sequent request to fail. Let it fail, but
- // test that this is mitigated on the next try by invalidating the session.
- req.on('error', common.mustCall(function(err) {
- assert(/wrong version number/.test(err.message));
-
- req.on('close', function() {
- third(server);
- });
- }));
- }
- req.end();
-}
-
-// Try one more time - session should be evicted!
-function third(server) {
- const req = https.request({
- port: server.address().port,
- rejectUnauthorized: false
- }, function(res) {
- res.resume();
- assert(!req.socket.isSessionReused());
+ // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
+ // connection to the TLS 1.0 server should work.
+ req.on('response', common.mustCall(function(res) {
+ // The test is now complete for OpenSSL 1.1.0.
  server.close();
- });
- req.on('error', common.mustNotCall());
+ }));
+
  req.end();
 }