openssl: drop OpenSSL 0.9.6/0.9.7 support

* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,7 @@
+Wed May 25 17:45:15 2016  Kazuki Yamaguchi  <k@rhe.jp>
+
+	* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
+
 Wed May 25 17:43:30 2016  Kazuki Yamaguchi  <k@rhe.jp>
 
 	* ext/openssl/openssl_missing.h, ext/openssl/ossl.h: Remove

ext/openssl/deprecation.rb

@@ -16,7 +16,11 @@ module OpenSSL
   end
 
   def self.check_func(func, header)
-    have_func(func, header, deprecated_warning_flag) and
+    have_func(func, header, deprecated_warning_flag)
-      have_header(header, nil, deprecated_warning_flag)
+  end
+
+  def self.check_func_or_macro(func, header)
+    check_func(func, header) or
+      have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
   end
 end

ext/openssl/extconf.rb

@@ -19,12 +19,15 @@ dir_config("kerberos")
 
 Logging::message "=== OpenSSL for Ruby configurator ===\n"
 
+# Add -Werror=deprecated-declarations to $warnflags if available
+OpenSSL.deprecated_warning_flag
+
 ##
 # Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
 # To turn it on, use: --with-debug or --enable-debug
 #
 if with_config("debug") or enable_config("debug")
-  $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
+  $defs.push("-DOSSL_DEBUG")
 end
 
 Logging::message "=== Checking for system dependent stuff... ===\n"
@@ -39,7 +42,6 @@ if $mingw
 end
 
 result = pkg_config("openssl") && have_header("openssl/ssl.h")
-
 unless result
   result = have_header("openssl/ssl.h")
   result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "OpenSSL_add_all_digests")}
@@ -51,111 +53,59 @@ unless result
   end
 end
 
-unless have_header("openssl/conf_api.h")
+result = checking_for("OpenSSL version is 0.9.8 or later") {
-  raise "OpenSSL 0.9.6 or later required."
+  try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
+}
+unless result
+  raise "OpenSSL 0.9.8 or later required."
 end
+
 unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
   raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
 end
 
 Logging::message "=== Checking for OpenSSL features... ===\n"
-have_func("ERR_peek_last_error")
+# compile options
-have_func("ASN1_put_eoc")
+
-have_func("BN_mod_add")
+# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
-have_func("BN_mod_sqr")
+# exist even if compiled with no-ssl2 or no-ssl3-method.
-have_func("BN_mod_sub")
+unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
-have_func("BN_pseudo_rand_range")
-have_func("BN_rand_range")
-have_func("CONF_get1_default_config_file")
-have_func("EVP_CIPHER_CTX_copy")
-have_func("EVP_CIPHER_CTX_set_padding")
-have_func("EVP_CipherFinal_ex")
-have_func("EVP_CipherInit_ex")
-have_func("EVP_DigestFinal_ex")
-have_func("EVP_DigestInit_ex")
-have_func("EVP_MD_CTX_cleanup")
-have_func("EVP_MD_CTX_create")
-have_func("EVP_MD_CTX_destroy")
-have_func("EVP_MD_CTX_init")
-have_func("HMAC_CTX_cleanup")
-have_func("HMAC_CTX_copy")
-have_func("HMAC_CTX_init")
-have_func("PEM_def_callback")
-have_func("PKCS5_PBKDF2_HMAC")
-have_func("PKCS5_PBKDF2_HMAC_SHA1")
-have_func("RAND_egd")
-have_func("X509V3_set_nconf")
-have_func("X509V3_EXT_nconf_nid")
-have_func("X509_CRL_add0_revoked")
-have_func("X509_CRL_set_issuer_name")
-have_func("X509_CRL_set_version")
-have_func("X509_CRL_sort")
-have_func("X509_NAME_hash_old")
-have_func("X509_STORE_get_ex_data")
-have_func("X509_STORE_set_ex_data")
-have_func("OBJ_NAME_do_all_sorted")
-have_func("SSL_SESSION_get_id")
-have_func("SSL_SESSION_cmp")
-have_func("OPENSSL_cleanse")
-unless have_macro("OPENSSL_NO_SSL2","openssl/opensslconf.h")
   have_func("SSLv2_method")
-  have_func("SSLv2_server_method")
-  have_func("SSLv2_client_method")
 end
-unless have_macro("OPENSSL_NO_SSL3_METHOD","openssl/opensslconf.h")
+unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
   have_func("SSLv3_method")
-  have_func("SSLv3_server_method")
-  have_func("SSLv3_client_method")
 end
 have_func("TLSv1_1_method")
-have_func("TLSv1_1_server_method")
-have_func("TLSv1_1_client_method")
 have_func("TLSv1_2_method")
-have_func("TLSv1_2_server_method")
+have_func("RAND_egd")
-have_func("TLSv1_2_client_method")
+engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
-have_func("SSL_CTX_set_alpn_select_cb")
+             cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
-have_func("SSL_CTX_set_next_proto_select_cb")
+engines.each { |name|
-have_macro("SSL_get_server_tmp_key", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_GET_SERVER_TMP_KEY")
+  OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
-unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
+}
-  have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
+
-end
+# added in 1.0.0
-if have_header("openssl/engine.h")
+have_func("EVP_CIPHER_CTX_copy")
-  have_func("ENGINE_add")
+have_func("HMAC_CTX_copy")
-  have_func("ENGINE_load_builtin_engines")
+have_func("PKCS5_PBKDF2_HMAC")
-  have_func("ENGINE_load_openbsd_dev_crypto")
+have_func("X509_NAME_hash_old")
-  have_func("ENGINE_get_digest")
+have_func("SSL_SESSION_cmp") # removed
-  have_func("ENGINE_get_cipher")
+OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
-  have_func("ENGINE_cleanup")
-  have_func("ENGINE_load_dynamic")
-  have_func("ENGINE_load_4758cca")
-  have_func("ENGINE_load_aep")
-  have_func("ENGINE_load_atalla")
-  have_func("ENGINE_load_chil")
-  have_func("ENGINE_load_cswift")
-  have_func("ENGINE_load_nuron")
-  have_func("ENGINE_load_sureware")
-  have_func("ENGINE_load_ubsec")
-  have_func("ENGINE_load_padlock")
-  have_func("ENGINE_load_capi")
-  have_func("ENGINE_load_gmp")
-  have_func("ENGINE_load_gost")
-  have_func("ENGINE_load_cryptodev")
-  have_func("ENGINE_load_aesni")
-end
-have_func("DH_generate_parameters_ex")
-have_func("DSA_generate_parameters_ex")
-have_func("RSA_generate_key_ex")
-if checking_for('OpenSSL version is 0.9.7 or later') {
-    try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h')
-  }
-  have_header("openssl/ocsp.h")
-end
 have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
-have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
+
-have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
+# added in 1.0.1
-have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
+have_func("SSL_CTX_set_next_proto_select_cb")
 have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
 
+# added in 1.0.2
+have_func("X509_REVOKED_dup")
+have_func("SSL_CTX_set_alpn_select_cb")
+OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
+
+# added in 1.1.0
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
+
 Logging::message "=== Checking done. ===\n"
 
 create_header

ext/openssl/lib/openssl/ssl.rb

@@ -56,19 +56,16 @@ module OpenSSL
         }.join(":"),
         :options => -> {
           opts = OpenSSL::SSL::OP_ALL
-          opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+          opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
           opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-          opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+          opts |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
-          opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
           opts
         }.call
       }
 
       DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
       DEFAULT_CERT_STORE.set_default_paths
-      if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+      DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-        DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-      end
 
       INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
         "timeout", "verify_mode", "verify_depth", "renegotiation_cb",

ext/openssl/openssl_missing.c

@@ -9,17 +9,42 @@
  */
 #include RUBY_EXTCONF_H
 
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
+#include <string.h> /* memcpy() */
+#if !defined(OPENSSL_NO_ENGINE)
 # include <openssl/engine.h>
 #endif
+#if !defined(OPENSSL_NO_HMAC)
+# include <openssl/hmac.h>
+#endif
 #include <openssl/x509_vfy.h>
 
-#if !defined(OPENSSL_NO_HMAC)
-#include <string.h> /* memcpy() */
-#include <openssl/hmac.h>
-
 #include "openssl_missing.h"
 
+/* added in 1.0.0 */
+#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
+/*
+ * this function does not exist in OpenSSL yet... or ever?.
+ * a future version may break this function.
+ * tested on 0.9.7d.
+ */
+int
+EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+{
+    memcpy(out, in, sizeof(EVP_CIPHER_CTX));
+
+#if !defined(OPENSSL_NO_ENGINE)
+    if (in->engine) ENGINE_add(out->engine);
+    if (in->cipher_data) {
+	out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+	memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+    }
+#endif
+
+    return 1;
+}
+#endif
+
+#if !defined(OPENSSL_NO_HMAC)
 #if !defined(HAVE_HMAC_CTX_COPY)
 void
 HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
@@ -33,308 +58,3 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
 }
 #endif /* HAVE_HMAC_CTX_COPY */
 #endif /* NO_HMAC */
-
-#if !defined(HAVE_EVP_MD_CTX_CREATE)
-EVP_MD_CTX *
-EVP_MD_CTX_create(void)
-{
-    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
-    if (!ctx) return NULL;
-
-    memset(ctx, 0, sizeof(EVP_MD_CTX));
-
-    return ctx;
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
-int
-EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
-{
-    /* FIXME!!! */
-    memset(ctx, 0, sizeof(EVP_MD_CTX));
-
-    return 1;
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_DESTROY)
-void
-EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-{
-    EVP_MD_CTX_cleanup(ctx);
-    OPENSSL_free(ctx);
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_INIT)
-void
-EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-{
-    memset(ctx, 0, sizeof(EVP_MD_CTX));
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_INIT)
-void
-HMAC_CTX_init(HMAC_CTX *ctx)
-{
-    EVP_MD_CTX_init(&ctx->i_ctx);
-    EVP_MD_CTX_init(&ctx->o_ctx);
-    EVP_MD_CTX_init(&ctx->md_ctx);
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_CLEANUP)
-void
-HMAC_CTX_cleanup(HMAC_CTX *ctx)
-{
-    EVP_MD_CTX_cleanup(&ctx->i_ctx);
-    EVP_MD_CTX_cleanup(&ctx->o_ctx);
-    EVP_MD_CTX_cleanup(&ctx->md_ctx);
-    memset(ctx, 0, sizeof(HMAC_CTX));
-}
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-/*
- * this function does not exist in OpenSSL yet... or ever?.
- * a future version may break this function.
- * tested on 0.9.7d.
- */
-int
-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
-{
-    memcpy(out, in, sizeof(EVP_CIPHER_CTX));
-
-#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
-    if (in->engine) ENGINE_add(out->engine);
-    if (in->cipher_data) {
-	out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
-	memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
-    }
-#endif
-
-    return 1;
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_VERSION)
-int
-X509_CRL_set_version(X509_CRL *x, long version)
-{
-    if (x == NULL || x->crl == NULL) return 0;
-    if (x->crl->version == NULL) {
-	x->crl->version = M_ASN1_INTEGER_new();
-	if (x->crl->version == NULL) return 0;
-    }
-    return ASN1_INTEGER_set(x->crl->version, version);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
-int
-X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
-{
-    if (x == NULL || x->crl == NULL) return 0;
-    return X509_NAME_set(&x->crl->issuer, name);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SORT)
-int
-X509_CRL_sort(X509_CRL *c)
-{
-    int i;
-    X509_REVOKED *r;
-    /* sort the data so it will be written in serial
-     * number order */
-    sk_X509_REVOKED_sort(c->crl->revoked);
-    for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) {
-	r=sk_X509_REVOKED_value(c->crl->revoked, i);
-	r->sequence=i;
-    }
-    return 1;
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
-static int
-OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
-{
-    return(ASN1_STRING_cmp(
-		(ASN1_STRING *)(*a)->serialNumber,
-		(ASN1_STRING *)(*b)->serialNumber));
-}
-
-int
-X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
-{
-    X509_CRL_INFO *inf;
-
-    inf = crl->crl;
-    if (!inf->revoked)
-	inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp);
-    if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev))
-	return 0;
-    return 1;
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_SQR)
-int
-BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-{
-    if (!BN_sqr(r, (BIGNUM*)a, ctx)) return 0;
-    return BN_mod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD) || !defined(HAVE_BN_MOD_SUB)
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-{
-    if (!BN_mod(r,m,d,ctx)) return 0;
-    if (!r->neg) return 1;
-    return (d->neg ? BN_sub : BN_add)(r, r, d);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD)
-int
-BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-{
-    if (!BN_add(r, a, b)) return 0;
-    return BN_nnmod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_SUB)
-int
-BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-{
-    if (!BN_sub(r, a, b)) return 0;
-    return BN_nnmod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE) || !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-static int
-bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
-{
-    int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
-    int n;
-
-    if (range->neg || BN_is_zero(range)) return 0;
-
-    n = BN_num_bits(range);
-
-    if (n == 1) {
-	if (!BN_zero(r)) return 0;
-    } else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
-	do {
-	    if (!bn_rand(r, n + 1, -1, 0)) return 0;
-	    if (BN_cmp(r ,range) >= 0) {
-		if (!BN_sub(r, r, range)) return 0;
-		if (BN_cmp(r, range) >= 0)
-		    if (!BN_sub(r, r, range)) return 0;
-	    }
-	} while (BN_cmp(r, range) >= 0);
-    } else {
-	do {
-	    if (!bn_rand(r, n, -1, 0)) return 0;
-	} while (BN_cmp(r, range) >= 0);
-    }
-
-    return 1;
-}
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE)
-int
-BN_rand_range(BIGNUM *r, BIGNUM *range)
-{
-    return bn_rand_range(0, r, range);
-}
-#endif
-
-#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-int
-BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
-{
-    return bn_rand_range(1, r, range);
-}
-#endif
-
-#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
-#define OPENSSL_CONF "openssl.cnf"
-char *
-CONF_get1_default_config_file(void)
-{
-    char *file;
-    int len;
-
-    file = getenv("OPENSSL_CONF");
-    if (file) return BUF_strdup(file);
-    len = strlen(X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
-    len++;
-#endif
-    len += strlen(OPENSSL_CONF);
-    file = OPENSSL_malloc(len + 1);
-    if (!file) return NULL;
-    strcpy(file,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
-    strcat(file,"/");
-#endif
-    strcat(file,OPENSSL_CONF);
-
-    return file;
-}
-#endif
-
-#if !defined(HAVE_PEM_DEF_CALLBACK)
-#define OSSL_PASS_MIN_LENGTH 4
-int
-PEM_def_callback(char *buf, int num, int w, void *key)
-{
-    int i,j;
-    const char *prompt;
-
-    if (key) {
-	i = strlen(key);
-	i = (i > num) ? num : i;
-	memcpy(buf, key, i);
-	return i;
-    }
-
-    prompt = EVP_get_pw_prompt();
-    if (prompt == NULL) prompt = "Enter PEM pass phrase:";
-    for (;;) {
-	i = EVP_read_pw_string(buf, num, prompt, w);
-	if (i != 0) {
-	    memset(buf, 0, (unsigned int)num);
-	    return(-1);
-	}
-	j = strlen(buf);
-	if (j < OSSL_PASS_MIN_LENGTH) {
-	    fprintf(stderr,
-		    "phrase is too short, needs to be at least %d chars\n",
-		    OSSL_PASS_MIN_LENGTH);
-	}
-	else break;
-    }
-    return j;
-}
-#endif
-
-#if !defined(HAVE_ASN1_PUT_EOC)
-int
-ASN1_put_eoc(unsigned char **pp)
-{
-    unsigned char *p = *pp;
-    *p++ = 0;
-    *p++ = 0;
-    *pp = p;
-    return 2;
-}
-#endif

ext/openssl/openssl_missing.h

@@ -10,124 +10,22 @@
 #if !defined(_OSSL_OPENSSL_MISSING_H_)
 #define _OSSL_OPENSSL_MISSING_H_
 
-#ifndef TYPEDEF_D2I_OF
+/* added in 1.0.0 */
-typedef char *d2i_of_void();
+#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-#endif
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
-#ifndef TYPEDEF_I2D_OF
-typedef int i2d_of_void();
-#endif
-
-/*
- * These functions are not included in headers of OPENSSL <= 0.9.6b
- */
-
-#if !defined(PEM_read_bio_DSAPublicKey)
-# define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
-        (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u))
-#endif
-
-#if !defined(PEM_write_bio_DSAPublicKey)
-# define PEM_write_bio_DSAPublicKey(bp,x) \
-	PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\
-		PEM_STRING_DSA_PUBLIC,\
-		(bp),(char *)(x), NULL, NULL, 0, NULL, NULL)
-#endif
-
-#if !defined(DSAPrivateKey_dup)
-# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \
-	(d2i_of_void *)d2i_DSAPrivateKey,(char *)(dsa))
-#endif
-
-#if !defined(DSAPublicKey_dup)
-# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \
-	(d2i_of_void *)d2i_DSAPublicKey,(char *)(dsa))
-#endif
-
-#if !defined(X509_REVOKED_dup)
-# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
-	(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
-#endif
-
-#if !defined(PKCS7_SIGNER_INFO_dup)
-#  define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \
-	(d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)(si))
-#endif
-
-#if !defined(PKCS7_RECIP_INFO_dup)
-#  define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \
-	(d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)(ri))
-#endif
-
-#if !defined(HAVE_HMAC_CTX_INIT)
-void HMAC_CTX_init(HMAC_CTX *ctx);
 #endif
 
 #if !defined(HAVE_HMAC_CTX_COPY)
 void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
 #endif
 
-#if !defined(HAVE_HMAC_CTX_CLEANUP)
+/* added in 1.0.2 */
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+#if !defined(HAVE_X509_REVOKED_DUP)
-#endif
+# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
-
+	(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
-#if !defined(HAVE_EVP_MD_CTX_CREATE)
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_INIT)
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_DESTROY)
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
-#endif
-
-#if !defined(HAVE_EVP_DIGESTINIT_EX)
-#  define EVP_DigestInit_ex(ctx, md, engine) EVP_DigestInit((ctx), (md))
-#endif
-#if !defined(HAVE_EVP_DIGESTFINAL_EX)
-#  define EVP_DigestFinal_ex(ctx, buf, len) EVP_DigestFinal((ctx), (buf), (len))
-#endif
-
-#if !defined(HAVE_EVP_CIPHERINIT_EX)
-#  define EVP_CipherInit_ex(ctx, type, impl, key, iv, enc) EVP_CipherInit((ctx), (type), (key), (iv), (enc))
-#endif
-#if !defined(HAVE_EVP_CIPHERFINAL_EX)
-#  define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal((ctx), (outm), (outl))
-#endif
-
-#if !defined(EVP_CIPHER_name)
-#  define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
-#endif
-
-#if !defined(EVP_MD_name)
-#  define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
-#endif
-
-#if !defined(HAVE_EVP_HMAC_INIT_EX)
-#  define HMAC_Init_ex(ctx, key, len, digest, engine) HMAC_Init((ctx), (key), (len), (digest))
-#endif
-
-#if !defined(PKCS7_is_detached)
-#  define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-#endif
-
-#if !defined(PKCS7_type_is_encrypted)
-#  define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-#endif
-
-#if !defined(HAVE_OPENSSL_CLEANSE)
-#define OPENSSL_cleanse(p, l) memset((p), 0, (l))
 #endif
 
+/* added in 1.1.0 */
 #if !defined(HAVE_X509_STORE_GET_EX_DATA)
 #  define X509_STORE_get_ex_data(x, idx) \
 	CRYPTO_get_ex_data(&(x)->ex_data, (idx))
@@ -141,52 +39,4 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
 				(newf), (dupf), (freef))
 #endif
 
-#if !defined(HAVE_X509_CRL_SET_VERSION)
-int X509_CRL_set_version(X509_CRL *x, long version);
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-#endif
-
-#if !defined(HAVE_X509_CRL_SORT)
-int X509_CRL_sort(X509_CRL *c);
-#endif
-
-#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-#endif
-
-#if !defined(HAVE_BN_MOD_SQR)
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD)
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_MOD_SUB)
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE)
-int BN_rand_range(BIGNUM *r, BIGNUM *range);
-#endif
-
-#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range);
-#endif
-
-#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
-char *CONF_get1_default_config_file(void);
-#endif
-
-#if !defined(HAVE_PEM_DEF_CALLBACK)
-int PEM_def_callback(char *buf, int num, int w, void *key);
-#endif
-
-#if !defined(HAVE_ASN1_PUT_EOC)
-int ASN1_put_eoc(unsigned char **pp);
-#endif
-
 #endif /* _OSSL_OPENSSL_MISSING_H_ */

ext/openssl/ossl.c

@@ -339,11 +339,7 @@ ossl_make_error(VALUE exc, const char *fmt, va_list args)
     const char *msg;
     long e;
 
-#ifdef HAVE_ERR_PEEK_LAST_ERROR
     e = ERR_peek_last_error();
-#else
-    e = ERR_peek_error();
-#endif
     if (fmt) {
 	str = rb_vsprintf(fmt, args);
     }

ext/openssl/ossl.h

@@ -27,11 +27,6 @@
 #include <ruby/io.h>
 #include <ruby/thread.h>
 
-/*
- * Check the OpenSSL version
- * The only supported are:
- * 	OpenSSL >= 0.9.7
- */
 #include <openssl/opensslv.h>
 
 #ifdef HAVE_ASSERT_H
@@ -42,7 +37,6 @@
 
 #if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER)
 #  include <openssl/e_os2.h>
-#  define OSSL_NO_CONF_API 1
 #  if !defined(OPENSSL_SYS_WIN32)
 #    define OPENSSL_SYS_WIN32 1
 #  endif
@@ -62,14 +56,10 @@
 #if !defined(_WIN32)
 #  include <openssl/crypto.h>
 #endif
-#undef X509_NAME
+#if !defined(OPENSSL_NO_ENGINE)
-#undef PKCS7_SIGNER_INFO
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
-#  define OSSL_ENGINE_ENABLED
 #  include <openssl/engine.h>
 #endif
-#if defined(HAVE_OPENSSL_OCSP_H)
+#if !defined(OPENSSL_NO_OCSP)
-#  define OSSL_OCSP_ENABLED
 #  include <openssl/ocsp.h>
 #endif
 
@@ -106,13 +96,6 @@ extern VALUE eOSSLError;
   }\
 } while (0)
 
-/*
- * Compatibility
- */
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-#define STACK _STACK
-#endif
-
 /*
  * String to HEXString conversion
  */

ext/openssl/ossl_asn1.c

@@ -211,19 +211,6 @@ static ID sIMPLICIT, sEXPLICIT;
 static ID sUNIVERSAL, sAPPLICATION, sCONTEXT_SPECIFIC, sPRIVATE;
 static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINFINITE_LENGTH, sivUNUSED_BITS;
 
-/*
- * We need to implement these for backward compatibility
- * reasons, behavior of ASN1_put_object and ASN1_object_size
- * for infinite length values is different in OpenSSL <= 0.9.7
- */
-#if OPENSSL_VERSION_NUMBER < 0x00908000L
-#define ossl_asn1_object_size(cons, len, tag)		(cons) == 2 ? (len) + ASN1_object_size((cons), 0, (tag)) : ASN1_object_size((cons), (len), (tag))
-#define ossl_asn1_put_object(pp, cons, len, tag, xc)	(cons) == 2 ? ASN1_put_object((pp), (cons), 0, (tag), (xc)) : ASN1_put_object((pp), (cons), (len), (tag), (xc))
-#else
-#define ossl_asn1_object_size(cons, len, tag)		ASN1_object_size((cons), (len), (tag))
-#define ossl_asn1_put_object(pp, cons, len, tag, xc)	ASN1_put_object((pp), (cons), (len), (tag), (xc))
-#endif
-
 /*
  * Ruby to ASN1 converters
  */
@@ -233,11 +220,7 @@ obj_to_asn1bool(VALUE obj)
     if (NIL_P(obj))
 	ossl_raise(rb_eTypeError, "Can't convert nil into Boolean");
 
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-     return RTEST(obj) ? 0xff : 0x100;
-#else
      return RTEST(obj) ? 0xff : 0x0;
-#endif
 }
 
 static ASN1_INTEGER*
@@ -778,11 +761,11 @@ ossl_asn1data_to_der(VALUE self)
     if (inf_length == Qtrue) {
 	is_cons = 2;
     }
-    if((length = ossl_asn1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
+    if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
 	ossl_raise(eASN1Error, NULL);
     der = rb_str_new(0, length);
     p = (unsigned char *)RSTRING_PTR(der);
-    ossl_asn1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class);
+    ASN1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class);
     memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value));
     p += RSTRING_LEN(value);
     ossl_str_adjust(der, p);
@@ -1184,30 +1167,6 @@ ossl_asn1eoc_initialize(VALUE self) {
     return self;
 }
 
-static int
-ossl_i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
-{
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-    if(!a) return 0;
-    if(a->type == V_ASN1_BOOLEAN)
-        return i2d_ASN1_BOOLEAN(a->value.boolean, pp);
-#endif
-    return i2d_ASN1_TYPE(a, pp);
-}
-
-static void
-ossl_ASN1_TYPE_free(ASN1_TYPE *a)
-{
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-    if(!a) return;
-    if(a->type == V_ASN1_BOOLEAN){
-        OPENSSL_free(a);
-        return;
-    }
-#endif
-    ASN1_TYPE_free(a);
-}
-
 /*
  * call-seq:
  *    asn1.to_der => DER-encoded String
@@ -1228,22 +1187,22 @@ ossl_asn1prim_to_der(VALUE self)
     explicit = ossl_asn1_is_explicit(self);
     asn1 = ossl_asn1_get_asn1type(self);
 
-    len = ossl_asn1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn);
+    len = ASN1_object_size(1, i2d_ASN1_TYPE(asn1, NULL), tn);
     if(!(buf = OPENSSL_malloc(len))){
-	ossl_ASN1_TYPE_free(asn1);
+	ASN1_TYPE_free(asn1);
 	ossl_raise(eASN1Error, "cannot alloc buffer");
     }
     p = buf;
     if (tc == V_ASN1_UNIVERSAL) {
-        ossl_i2d_ASN1_TYPE(asn1, &p);
+        i2d_ASN1_TYPE(asn1, &p);
     } else if (explicit) {
-        ossl_asn1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc);
+        ASN1_put_object(&p, 1, i2d_ASN1_TYPE(asn1, NULL), tn, tc);
-        ossl_i2d_ASN1_TYPE(asn1, &p);
+        i2d_ASN1_TYPE(asn1, &p);
     } else {
-        ossl_i2d_ASN1_TYPE(asn1, &p);
+        i2d_ASN1_TYPE(asn1, &p);
         *buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED);
     }
-    ossl_ASN1_TYPE_free(asn1);
+    ASN1_TYPE_free(asn1);
     reallen = p - buf;
     assert(reallen <= len);
     str = ossl_buf2str((char *)buf, rb_long2int(reallen)); /* buf will be free in ossl_buf2str */
@@ -1309,19 +1268,19 @@ ossl_asn1cons_to_der(VALUE self)
     explicit = ossl_asn1_is_explicit(self);
     value = join_der(ossl_asn1_get_value(self));
 
-    seq_len = ossl_asn1_object_size(constructed, RSTRING_LENINT(value), tag);
+    seq_len = ASN1_object_size(constructed, RSTRING_LENINT(value), tag);
-    length = ossl_asn1_object_size(constructed, seq_len, tn);
+    length = ASN1_object_size(constructed, seq_len, tn);
     str = rb_str_new(0, length);
     p = (unsigned char *)RSTRING_PTR(str);
     if(tc == V_ASN1_UNIVERSAL)
-	ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
+	ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
     else{
 	if(explicit){
-	    ossl_asn1_put_object(&p, constructed, seq_len, tn, tc);
+	    ASN1_put_object(&p, constructed, seq_len, tn, tc);
-	    ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL);
+	    ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL);
 	}
 	else{
-	    ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
+	    ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
 	}
     }
     memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value));

ext/openssl/ossl_cipher.c

@@ -158,16 +158,13 @@ ossl_cipher_copy(VALUE self, VALUE other)
     return self;
 }
 
-#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
 static void*
 add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
 {
     rb_ary_push(ary, rb_str_new2(name->name));
     return NULL;
 }
-#endif
 
-#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
 /*
  *  call-seq:
  *     OpenSSL::Cipher.ciphers -> array[string...]
@@ -186,9 +183,6 @@ ossl_s_ciphers(VALUE self)
 
     return ary;
 }
-#else
-#define ossl_s_ciphers rb_f_notimplement
-#endif
 
 /*
  *  call-seq:
@@ -723,7 +717,6 @@ ossl_cipher_set_key_length(VALUE self, VALUE key_length)
     return key_length;
 }
 
-#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
 /*
  *  call-seq:
  *     cipher.padding = integer -> integer
@@ -745,9 +738,6 @@ ossl_cipher_set_padding(VALUE self, VALUE padding)
 	ossl_raise(eCipherError, NULL);
     return padding;
 }
-#else
-#define ossl_cipher_set_padding rb_f_notimplement
-#endif
 
 #define CIPHER_0ARG_INT(func)					\
     static VALUE						\

ext/openssl/ossl_engine.c

@@ -9,7 +9,7 @@
  */
 #include "ossl.h"
 
-#if defined(OSSL_ENGINE_ENABLED)
+#if !defined(OPENSSL_NO_ENGINE)
 
 #define NewEngine(klass) \
     TypedData_Wrap_Struct((klass), &ossl_engine_type, 0)
@@ -165,9 +165,7 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
 static VALUE
 ossl_engine_s_cleanup(VALUE self)
 {
-#if defined(HAVE_ENGINE_CLEANUP)
     ENGINE_cleanup();
-#endif
     return Qnil;
 }
 
@@ -296,7 +294,6 @@ ossl_engine_finish(VALUE self)
     return Qnil;
 }
 
-#if defined(HAVE_ENGINE_GET_CIPHER)
 /* Document-method: OpenSSL::Engine#cipher
  *
  * call-seq:
@@ -329,11 +326,7 @@ ossl_engine_get_cipher(VALUE self, VALUE name)
 
     return ossl_cipher_new(ciph);
 }
-#else
-#define ossl_engine_get_cipher rb_f_notimplement
-#endif
 
-#if defined(HAVE_ENGINE_GET_DIGEST)
 /* Document-method: OpenSSL::Engine#digest
  *
  * call-seq:
@@ -366,9 +359,6 @@ ossl_engine_get_digest(VALUE self, VALUE name)
 
     return ossl_digest_new(md);
 }
-#else
-#define ossl_engine_get_digest rb_f_notimplement
-#endif
 
 /* Document-method: OpenSSL::Engine#load_private_key
  *
@@ -392,11 +382,7 @@ ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self)
     sid = NIL_P(id) ? NULL : StringValueCStr(id);
     sdata = NIL_P(data) ? NULL : StringValueCStr(data);
     GetEngine(self, e);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-    pkey = ENGINE_load_private_key(e, sid, sdata);
-#else
     pkey = ENGINE_load_private_key(e, sid, NULL, sdata);
-#endif
     if (!pkey) ossl_raise(eEngineError, NULL);
     obj = ossl_pkey_new(pkey);
     OSSL_PKEY_SET_PRIVATE(obj);
@@ -426,11 +412,7 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self)
     sid = NIL_P(id) ? NULL : StringValueCStr(id);
     sdata = NIL_P(data) ? NULL : StringValueCStr(data);
     GetEngine(self, e);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-    pkey = ENGINE_load_public_key(e, sid, sdata);
-#else
     pkey = ENGINE_load_public_key(e, sid, NULL, sdata);
-#endif
     if (!pkey) ossl_raise(eEngineError, NULL);
 
     return ossl_pkey_new(pkey);
@@ -579,12 +561,8 @@ Init_ossl_engine(void)
 #ifdef ENGINE_METHOD_BN_MOD_EXP_CRT
     DefEngineConst(METHOD_BN_MOD_EXP_CRT);
 #endif
-#ifdef ENGINE_METHOD_CIPHERS
     DefEngineConst(METHOD_CIPHERS);
-#endif
-#ifdef ENGINE_METHOD_DIGESTS
     DefEngineConst(METHOD_DIGESTS);
-#endif
     DefEngineConst(METHOD_ALL);
     DefEngineConst(METHOD_NONE);
 }

ext/openssl/ossl_ocsp.c

@@ -10,7 +10,7 @@
  */
 #include "ossl.h"
 
-#if defined(OSSL_OCSP_ENABLED)
+#if !defined(OPENSSL_NO_OCSP)
 
 #define NewOCSPReq(klass) \
     TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0)
@@ -1250,7 +1250,7 @@ Init_ossl_ocsp(void)
     rb_define_const(mOCSP, "V_RESPID_KEY", INT2NUM(V_OCSP_RESPID_KEY));
 }
 
-#else /* ! OSSL_OCSP_ENABLED */
+#else
 void
 Init_ossl_ocsp(void)
 {

ext/openssl/ossl_ocsp.h

@@ -11,7 +11,7 @@
 #if !defined(_OSSL_OCSP_H_)
 #define _OSSL_OCSP_H_
 
-#if defined(OSSL_OCSP_ENABLED)
+#if !defined(OPENSSL_NO_OCSP)
 extern VALUE mOCSP;
 extern VALUE cOPCSReq;
 extern VALUE cOPCSRes;

ext/openssl/ossl_pkcs5.c

@@ -48,7 +48,6 @@ ossl_pkcs5_pbkdf2_hmac(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE key
 #endif
 
 
-#ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1
 /*
  * call-seq:
  *    PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, keylen) => string
@@ -81,9 +80,6 @@ ossl_pkcs5_pbkdf2_hmac_sha1(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALU
 
     return str;
 }
-#else
-#define ossl_pkcs5_pbkdf2_hmac_sha1 rb_f_notimplement
-#endif
 
 void
 Init_ossl_pkcs5(void)

ext/openssl/ossl_pkcs7.c

@@ -127,6 +127,22 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = {
  * Public
  * (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM)
  */
+static PKCS7_SIGNER_INFO *
+ossl_PKCS7_SIGNER_INFO_dup(const PKCS7_SIGNER_INFO *si)
+{
+    return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
+					 (d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
+					 (char *)si);
+}
+
+static PKCS7_RECIP_INFO *
+ossl_PKCS7_RECIP_INFO_dup(const PKCS7_RECIP_INFO *si)
+{
+    return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
+					(d2i_of_void *)d2i_PKCS7_RECIP_INFO,
+					(char *)si);
+}
+
 static VALUE
 ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
 {
@@ -134,7 +150,7 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
     VALUE obj;
 
     obj = NewPKCS7si(cPKCS7Signer);
-    pkcs7 = p7si ? PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
+    pkcs7 = p7si ? ossl_PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
     if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
     SetPKCS7si(obj, pkcs7);
 
@@ -147,7 +163,7 @@ DupPKCS7SignerPtr(VALUE obj)
     PKCS7_SIGNER_INFO *p7si, *pkcs7;
 
     SafeGetPKCS7si(obj, p7si);
-    if (!(pkcs7 = PKCS7_SIGNER_INFO_dup(p7si))) {
+    if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) {
 	ossl_raise(ePKCS7Error, NULL);
     }
 
@@ -161,7 +177,7 @@ ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
     VALUE obj;
 
     obj = NewPKCS7ri(cPKCS7Recipient);
-    pkcs7 = p7ri ? PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
+    pkcs7 = p7ri ? ossl_PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
     if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
     SetPKCS7ri(obj, pkcs7);
 
@@ -174,7 +190,7 @@ DupPKCS7RecipientPtr(VALUE obj)
     PKCS7_RECIP_INFO *p7ri, *pkcs7;
 
     SafeGetPKCS7ri(obj, p7ri);
-    if (!(pkcs7 = PKCS7_RECIP_INFO_dup(p7ri))) {
+    if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) {
 	ossl_raise(ePKCS7Error, NULL);
     }
 

ext/openssl/ossl_pkey.c

@@ -20,20 +20,6 @@ ID id_private_q;
 /*
  * callback for generating keys
  */
-void
-ossl_generate_cb(int p, int n, void *arg)
-{
-    VALUE ary;
-
-    ary = rb_ary_new2(2);
-    rb_ary_store(ary, 0, INT2NUM(p));
-    rb_ary_store(ary, 1, INT2NUM(n));
-
-    rb_yield(ary);
-}
-
-#if HAVE_BN_GENCB
-/* OpenSSL 2nd version of GN generation callback */
 int
 ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
 {
@@ -66,7 +52,6 @@ ossl_generate_cb_stop(void *ptr)
     struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
     arg->stop = 1;
 }
-#endif
 
 static void
 ossl_evp_pkey_free(void *ptr)

ext/openssl/ossl_pkey.h

@@ -40,9 +40,6 @@ extern const rb_data_type_t ossl_evp_pkey_type;
     GetPKey((obj), (pkey)); \
 } while (0)
 
-void ossl_generate_cb(int, int, void *);
-#define HAVE_BN_GENCB defined(HAVE_RSA_GENERATE_KEY_EX) || defined(HAVE_DH_GENERATE_PARAMETERS_EX) || defined(HAVE_DSA_GENERATE_PARAMETERS_EX)
-#if HAVE_BN_GENCB
 struct ossl_generate_cb_arg {
     int yield;
     int stop;
@@ -50,7 +47,6 @@ struct ossl_generate_cb_arg {
 };
 int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
 void ossl_generate_cb_stop(void *ptr);
-#endif
 
 VALUE ossl_pkey_new(EVP_PKEY *);
 VALUE ossl_pkey_new_from_file(VALUE);

ext/openssl/ossl_pkey_dh.c

@@ -20,7 +20,7 @@
 
 #define DH_HAS_PRIVATE(dh) ((dh)->priv_key)
 
-#ifdef OSSL_ENGINE_ENABLED
+#if !defined(OPENSSL_NO_ENGINE)
 #  define DH_PRIVATE(dh) (DH_HAS_PRIVATE(dh) || (dh)->engine)
 #else
 #  define DH_PRIVATE(dh) DH_HAS_PRIVATE(dh)
@@ -82,7 +82,6 @@ ossl_dh_new(EVP_PKEY *pkey)
 /*
  * Private
  */
-#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
 struct dh_blocking_gen_arg {
     DH *dh;
     int size;
@@ -98,12 +97,10 @@ dh_blocking_gen(void *arg)
     gen->result = DH_generate_parameters_ex(gen->dh, gen->size, gen->gen, gen->cb);
     return 0;
 }
-#endif
 
 static DH *
 dh_generate(int size, int gen)
 {
-#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
     BN_GENCB cb;
     struct ossl_generate_cb_arg cb_arg;
     struct dh_blocking_gen_arg gen_arg;
@@ -136,12 +133,6 @@ dh_generate(int size, int gen)
 	}
 	return 0;
     }
-#else
-    DH *dh;
-
-    dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
-    if (!dh) return 0;
-#endif
 
     if (!DH_generate_key(dh)) {
         DH_free(dh);

ext/openssl/ossl_pkey_dsa.c

@@ -76,7 +76,6 @@ ossl_dsa_new(EVP_PKEY *pkey)
 /*
  * Private
  */
-#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
 struct dsa_blocking_gen_arg {
     DSA *dsa;
     int size;
@@ -95,12 +94,10 @@ dsa_blocking_gen(void *arg)
     gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb);
     return 0;
 }
-#endif
 
 static DSA *
 dsa_generate(int size)
 {
-#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
     BN_GENCB cb;
     struct ossl_generate_cb_arg cb_arg;
     struct dsa_blocking_gen_arg gen_arg;
@@ -145,19 +142,6 @@ dsa_generate(int size)
 	}
 	return 0;
     }
-#else
-    DSA *dsa;
-    unsigned char seed[20];
-    int seed_len = 20, counter;
-    unsigned long h;
-
-    if (RAND_bytes(seed, seed_len) <= 0) {
-	return 0;
-    }
-    dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h,
-	    rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
-    if(!dsa) return 0;
-#endif
 
     if (!DSA_generate_key(dsa)) {
 	DSA_free(dsa);
@@ -246,7 +230,10 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
 	}
 	if (!dsa) {
 	    OSSL_BIO_reset(in);
+#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+	(d2i_of_void *)d2i_DSAPublicKey, PEM_STRING_DSA_PUBLIC, (bp), (void **)(x), (cb), (u))
 	    dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL);
+#undef PEM_read_bio_DSAPublicKey
 	}
 	BIO_free(in);
 	if (!dsa) {
@@ -460,7 +447,10 @@ ossl_dsa_to_public_key(VALUE self)
 
     GetPKeyDSA(self, pkey);
     /* err check performed by dsa_instance */
+#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \
+	(i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa))
     dsa = DSAPublicKey_dup(pkey->pkey.dsa);
+#undef DSAPublicKey_dup
     obj = dsa_instance(CLASS_OF(self), dsa);
     if (obj == Qfalse) {
 	DSA_free(dsa);

ext/openssl/ossl_pkey_ec.c

@@ -1658,9 +1658,7 @@ void Init_ossl_ec(void)
     ID_compressed = rb_intern("compressed");
     ID_hybrid = rb_intern("hybrid");
 
-#ifdef OPENSSL_EC_NAMED_CURVE
     rb_define_const(cEC, "NAMED_CURVE", ULONG2NUM(OPENSSL_EC_NAMED_CURVE));
-#endif
 
     rb_define_singleton_method(cEC, "builtin_curves", ossl_s_builtin_curves, 0);
 

ext/openssl/ossl_pkey_rsa.c

@@ -77,7 +77,6 @@ ossl_rsa_new(EVP_PKEY *pkey)
 /*
  * Private
  */
-#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
 struct rsa_blocking_gen_arg {
     RSA *rsa;
     BIGNUM *e;
@@ -93,12 +92,10 @@ rsa_blocking_gen(void *arg)
     gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb);
     return 0;
 }
-#endif
 
 static RSA *
 rsa_generate(int size, unsigned long exp)
 {
-#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
     int i;
     BN_GENCB cb;
     struct ossl_generate_cb_arg cb_arg;
@@ -149,9 +146,6 @@ rsa_generate(int size, unsigned long exp)
 
     BN_free(e);
     return rsa;
-#else
-    return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
-#endif
 }
 
 /*

ext/openssl/ossl_ssl.c

@@ -90,26 +90,22 @@ static const struct {
     OSSL_SSL_METHOD_ENTRY(TLSv1),
     OSSL_SSL_METHOD_ENTRY(TLSv1_server),
     OSSL_SSL_METHOD_ENTRY(TLSv1_client),
-#if defined(HAVE_TLSV1_2_METHOD) && defined(HAVE_TLSV1_2_SERVER_METHOD) && \
+#if defined(HAVE_TLSV1_2_METHOD)
-        defined(HAVE_TLSV1_2_CLIENT_METHOD)
     OSSL_SSL_METHOD_ENTRY(TLSv1_2),
     OSSL_SSL_METHOD_ENTRY(TLSv1_2_server),
     OSSL_SSL_METHOD_ENTRY(TLSv1_2_client),
 #endif
-#if defined(HAVE_TLSV1_1_METHOD) && defined(HAVE_TLSV1_1_SERVER_METHOD) && \
+#if defined(HAVE_TLSV1_1_METHOD)
-        defined(HAVE_TLSV1_1_CLIENT_METHOD)
     OSSL_SSL_METHOD_ENTRY(TLSv1_1),
     OSSL_SSL_METHOD_ENTRY(TLSv1_1_server),
     OSSL_SSL_METHOD_ENTRY(TLSv1_1_client),
 #endif
-#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
+#if defined(HAVE_SSLV2_METHOD)
-        defined(HAVE_SSLV2_CLIENT_METHOD)
     OSSL_SSL_METHOD_ENTRY(SSLv2),
     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
 #endif
-#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
+#if defined(HAVE_SSLV3_METHOD)
-        defined(HAVE_SSLV3_CLIENT_METHOD)
     OSSL_SSL_METHOD_ENTRY(SSLv3),
     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
@@ -2347,25 +2343,17 @@ Init_ossl_ssl(void)
     ossl_ssl_def_const(OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
     ossl_ssl_def_const(OP_SSLREF2_REUSE_CERT_TYPE_BUG);
     ossl_ssl_def_const(OP_MICROSOFT_BIG_SSLV3_BUFFER);
-#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
     ossl_ssl_def_const(OP_MSIE_SSLV2_RSA_PADDING);
-#endif
     ossl_ssl_def_const(OP_SSLEAY_080_CLIENT_DH_BUG);
     ossl_ssl_def_const(OP_TLS_D5_BUG);
     ossl_ssl_def_const(OP_TLS_BLOCK_PADDING_BUG);
     ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS);
     ossl_ssl_def_const(OP_ALL);
-#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
     ossl_ssl_def_const(OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-#endif
-#if defined(SSL_OP_SINGLE_ECDH_USE)
     ossl_ssl_def_const(OP_SINGLE_ECDH_USE);
-#endif
     ossl_ssl_def_const(OP_SINGLE_DH_USE);
     ossl_ssl_def_const(OP_EPHEMERAL_RSA);
-#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
     ossl_ssl_def_const(OP_CIPHER_SERVER_PREFERENCE);
-#endif
     ossl_ssl_def_const(OP_TLS_ROLLBACK_BUG);
     ossl_ssl_def_const(OP_NO_SSLv2);
     ossl_ssl_def_const(OP_NO_SSLv3);

ext/openssl/ossl_ssl_session.c

@@ -186,7 +186,6 @@ static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
 	return ossl_ssl_session_get_timeout(self);
 }
 
-#ifdef HAVE_SSL_SESSION_GET_ID
 /*
  * call-seq:
  *    session.id -> aString
@@ -205,7 +204,6 @@ static VALUE ossl_ssl_session_get_id(VALUE self)
 
 	return rb_str_new((const char *) p, i);
 }
-#endif
 
 /*
  * call-seq:
@@ -316,12 +314,7 @@ void Init_ossl_ssl_session(void)
 	rb_define_method(cSSLSession, "time=", ossl_ssl_session_set_time, 1);
 	rb_define_method(cSSLSession, "timeout", ossl_ssl_session_get_timeout, 0);
 	rb_define_method(cSSLSession, "timeout=", ossl_ssl_session_set_timeout, 1);
-
-#ifdef HAVE_SSL_SESSION_GET_ID
 	rb_define_method(cSSLSession, "id", ossl_ssl_session_get_id, 0);
-#else
-	rb_undef_method(cSSLSession, "id");
-#endif
 	rb_define_method(cSSLSession, "to_der", ossl_ssl_session_to_der, 0);
 	rb_define_method(cSSLSession, "to_pem", ossl_ssl_session_to_pem, 0);
 	rb_define_method(cSSLSession, "to_text", ossl_ssl_session_to_text, 0);

ext/openssl/ossl_x509.c

@@ -63,12 +63,8 @@ Init_ossl_x509(void)
     DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
     DefX509Const(V_ERR_APPLICATION_VERIFICATION);
 
-#if defined(X509_V_FLAG_CRL_CHECK)
     DefX509Const(V_FLAG_CRL_CHECK);
-#endif
-#if defined(X509_V_FLAG_CRL_CHECK_ALL)
     DefX509Const(V_FLAG_CRL_CHECK_ALL);
-#endif
 
     DefX509Const(PURPOSE_SSL_CLIENT);
     DefX509Const(PURPOSE_SSL_SERVER);
@@ -77,21 +73,15 @@ Init_ossl_x509(void)
     DefX509Const(PURPOSE_SMIME_ENCRYPT);
     DefX509Const(PURPOSE_CRL_SIGN);
     DefX509Const(PURPOSE_ANY);
-#if defined(X509_PURPOSE_OCSP_HELPER)
     DefX509Const(PURPOSE_OCSP_HELPER);
-#endif
 
     DefX509Const(TRUST_COMPAT);
     DefX509Const(TRUST_SSL_CLIENT);
     DefX509Const(TRUST_SSL_SERVER);
     DefX509Const(TRUST_EMAIL);
     DefX509Const(TRUST_OBJECT_SIGN);
-#if defined(X509_TRUST_OCSP_SIGN)
     DefX509Const(TRUST_OCSP_SIGN);
-#endif
-#if defined(X509_TRUST_OCSP_REQUEST)
     DefX509Const(TRUST_OCSP_REQUEST);
-#endif
 
     DefX509Default(CERT_AREA, cert_area);
     DefX509Default(CERT_DIR, cert_dir);

ext/openssl/ossl_x509attr.c

@@ -178,14 +178,6 @@ ossl_x509attr_get_oid(VALUE self)
     return ret;
 }
 
-#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE)
-#  define OSSL_X509ATTR_IS_SINGLE(attr)  ((attr)->single)
-#  define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
-#else
-#  define OSSL_X509ATTR_IS_SINGLE(attr)  (!(attr)->value.set)
-#  define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
-#endif
-
 /*
  * call-seq:
  *    attr.value = asn1 => asn1
@@ -205,10 +197,10 @@ ossl_x509attr_set_value(VALUE self, VALUE value)
     }
     GetX509Attr(self, attr);
     if(attr->value.set){
-	if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single);
+	if(attr->single) ASN1_TYPE_free(attr->value.single);
 	else sk_ASN1_TYPE_free(attr->value.set);
     }
-    OSSL_X509ATTR_SET_SINGLE(attr);
+    attr->single = 1;
     attr->value.single = a1type;
 
     return value;
@@ -228,7 +220,7 @@ ossl_x509attr_get_value(VALUE self)
 
     GetX509Attr(self, attr);
     if(attr->value.ptr == NULL) return Qnil;
-    if(OSSL_X509ATTR_IS_SINGLE(attr)){
+    if(attr->single){
 	length = i2d_ASN1_TYPE(attr->value.single, NULL);
 	str = rb_str_new(0, length);
 	p = (unsigned char *)RSTRING_PTR(str);

ext/openssl/ossl_x509ext.c

@@ -188,7 +188,6 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl)
     return crl;
 }
 
-#ifdef HAVE_X509V3_SET_NCONF
 static VALUE
 ossl_x509extfactory_set_config(VALUE self, VALUE config)
 {
@@ -202,9 +201,6 @@ ossl_x509extfactory_set_config(VALUE self, VALUE config)
 
     return config;
 }
-#else
-#define ossl_x509extfactory_set_config rb_f_notimplement
-#endif
 
 static VALUE
 ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
@@ -243,12 +239,8 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
     X509_EXTENSION *ext;
     VALUE oid, value, critical, valstr, obj;
     int nid;
-#ifdef HAVE_X509V3_EXT_NCONF_NID
     VALUE rconf;
     CONF *conf;
-#else
-    static LHASH *empty_lhash;
-#endif
 
     rb_scan_args(argc, argv, "21", &oid, &value, &critical);
     StringValueCStr(oid);
@@ -265,14 +257,9 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
 
     GetX509ExtFactory(self, ctx);
     obj = NewX509Ext(cX509Ext);
-#ifdef HAVE_X509V3_EXT_NCONF_NID
     rconf = rb_iv_get(self, "@config");
     conf = NIL_P(rconf) ? NULL : GetConfigPtr(rconf);
     ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
-#else
-    if (!empty_lhash) empty_lhash = lh_new(NULL, NULL);
-    ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
-#endif
     if (!ext){
 	ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
     }

ext/openssl/ossl_x509store.c

@@ -153,12 +153,6 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
     X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
     ossl_x509store_set_vfy_cb(self, Qnil);
 
-#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
-    rb_iv_set(self, "@flags", INT2FIX(0));
-    rb_iv_set(self, "@purpose", INT2FIX(0));
-    rb_iv_set(self, "@trust", INT2FIX(0));
-#endif
-
     /* last verification status */
     rb_iv_set(self, "@error", Qnil);
     rb_iv_set(self, "@error_string", Qnil);
@@ -171,15 +165,11 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
 static VALUE
 ossl_x509store_set_flags(VALUE self, VALUE flags)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     X509_STORE *store;
     long f = NUM2LONG(flags);
 
     GetX509Store(self, store);
     X509_STORE_set_flags(store, f);
-#else
-    rb_iv_set(self, "@flags", flags);
-#endif
 
     return flags;
 }
@@ -187,15 +177,11 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
 static VALUE
 ossl_x509store_set_purpose(VALUE self, VALUE purpose)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     X509_STORE *store;
     int p = NUM2INT(purpose);
 
     GetX509Store(self, store);
     X509_STORE_set_purpose(store, p);
-#else
-    rb_iv_set(self, "@purpose", purpose);
-#endif
 
     return purpose;
 }
@@ -203,15 +189,11 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
 static VALUE
 ossl_x509store_set_trust(VALUE self, VALUE trust)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     X509_STORE *store;
     int t = NUM2INT(trust);
 
     GetX509Store(self, store);
     X509_STORE_set_trust(store, t);
-#else
-    rb_iv_set(self, "@trust", trust);
-#endif
 
     return trust;
 }
@@ -441,17 +423,10 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
     SafeGetX509Store(store, x509st);
     if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
     if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
         sk_X509_pop_free(x509s, X509_free);
         ossl_raise(eX509StoreError, NULL);
     }
-#else
-    X509_STORE_CTX_init(ctx, x509st, x509, x509s);
-    ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
-    ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
-    ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
-#endif
     if (!NIL_P(t = rb_iv_get(store, "@time")))
 	ossl_x509stctx_set_time(self, t);
     rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
@@ -562,16 +537,12 @@ ossl_x509stctx_get_curr_cert(VALUE self)
 static VALUE
 ossl_x509stctx_get_curr_crl(VALUE self)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
     X509_STORE_CTX *ctx;
 
     GetX509StCtx(self, ctx);
     if(!ctx->current_crl) return Qnil;
 
     return ossl_x509crl_new(ctx->current_crl);
-#else
-    return Qnil;
-#endif
 }
 
 static VALUE

test/openssl/test_cipher.rb

@@ -114,40 +114,38 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
     end
   end if has_cipher?('aes-128-ctr')
 
-  if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
+  def test_ciphers
-    def test_ciphers
+    OpenSSL::Cipher.ciphers.each{|name|
-      OpenSSL::Cipher.ciphers.each{|name|
+      next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
-        next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
+      begin
-        begin
+        assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
-          assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
+      rescue OpenSSL::Cipher::CipherError => e
-        rescue OpenSSL::Cipher::CipherError => e
+        next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
-          next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
+        raise
-          raise
+      end
-        end
+    }
-      }
+  end
-    end
 
-    def test_AES
+  def test_AES
-      pt = File.read(__FILE__)
+    pt = File.read(__FILE__)
-      %w(ECB CBC CFB OFB).each{|mode|
+    %w(ECB CBC CFB OFB).each{|mode|
-        c1 = OpenSSL::Cipher::AES256.new(mode)
+      c1 = OpenSSL::Cipher::AES256.new(mode)
-        c1.encrypt
+      c1.encrypt
-        c1.pkcs5_keyivgen("passwd")
+      c1.pkcs5_keyivgen("passwd")
-        ct = c1.update(pt) + c1.final
+      ct = c1.update(pt) + c1.final
 
-        c2 = OpenSSL::Cipher::AES256.new(mode)
+      c2 = OpenSSL::Cipher::AES256.new(mode)
-        c2.decrypt
+      c2.decrypt
-        c2.pkcs5_keyivgen("passwd")
+      c2.pkcs5_keyivgen("passwd")
-        assert_equal(pt, c2.update(ct) + c2.final)
+      assert_equal(pt, c2.update(ct) + c2.final)
-      }
+    }
-    end
+  end
 
-    def test_AES_crush
+  def test_AES_crush
-      500.times do
+    500.times do
-        assert_nothing_raised("[Bug #2768]") do
+      assert_nothing_raised("[Bug #2768]") do
-          # it caused OpenSSL SEGV by uninitialized key
+        # it caused OpenSSL SEGV by uninitialized key
-          OpenSSL::Cipher::AES128.new("ECB").update "." * 17
+        OpenSSL::Cipher::AES128.new("ECB").update "." * 17
-        end
       end
     end
   end

test/openssl/test_pkcs7.rb

@@ -123,12 +123,6 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
   end
 
   def test_enveloped
-    if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
-      # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
-      # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
-      return
-    end
-
     certs = [@ee1_cert, @ee2_cert]
     cipher = OpenSSL::Cipher::AES.new("128-CBC")
     data = "aaaaa\nbbbbb\nccccc\n"

test/openssl/test_ssl.rb

@@ -869,10 +869,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port|
       2.times do |i|
         ctx = OpenSSL::SSL::SSLContext.new
-        if defined?(OpenSSL::SSL::OP_NO_TICKET)
+        # disable RFC4507 support
-          # disable RFC4507 support
+        ctx.options = OpenSSL::SSL::OP_NO_TICKET
-          ctx.options = OpenSSL::SSL::OP_NO_TICKET
-        end
         server_connect(port, ctx) { |ssl|
           ssl.hostname = (i & 1 == 0) ? 'foo.example.com' : 'bar.example.com'
           str = "x" * 100 + "\n"

test/openssl/test_ssl_session.rb

@@ -61,9 +61,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM=
         # SSL_SESSION_time keeps long value so we can't keep nsec fragment.
         session.time = t1 = Time.now.to_i
         assert_equal(Time.at(t1), session.time)
-        if session.respond_to?(:id)
+        assert_not_nil(session.id)
-          assert_not_nil(session.id)
-        end
         pem = session.to_pem
         assert_match(/\A-----BEGIN SSL SESSION PARAMETERS-----/, pem)
         assert_match(/-----END SSL SESSION PARAMETERS-----\Z/, pem)
@@ -170,10 +168,7 @@ __EOS__
         session = ssl.session
         if last_session
           assert(ssl.session_reused?)
-
+          assert_equal(session.id, last_session.id)
-          if session.respond_to?(:id)
-            assert_equal(session.id, last_session.id)
-          end
           assert_equal(session.to_pem, last_session.to_pem)
           assert_equal(session.to_der, last_session.to_der)
           # Older version of OpenSSL may not be consistent.  Look up which versions later.
@@ -246,10 +241,8 @@ __EOS__
       10.times do |i|
         sock = TCPSocket.new("127.0.0.1", port)
         ctx = OpenSSL::SSL::SSLContext.new
-        if defined?(OpenSSL::SSL::OP_NO_TICKET)
+        # disable RFC4507 support
-          # disable RFC4507 support
+        ctx.options = OpenSSL::SSL::OP_NO_TICKET
-          ctx.options = OpenSSL::SSL::OP_NO_TICKET
-        end
         ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
         ssl.sync_close = true
         ssl.session = first_session if first_session

test/openssl/test_x509store.rb

@@ -148,8 +148,6 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
     assert_equal(false, store.verify(OpenSSL::X509::Certificate.new(ee1_cert)))
     assert_equal(OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID, store.error)
 
-    return unless defined?(OpenSSL::X509::V_FLAG_CRL_CHECK)
-
     store = OpenSSL::X509::Store.new
     store.purpose = OpenSSL::X509::PURPOSE_ANY
     store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK