Bump minimum version requirement for OpenSSL

This updates the minimum version requirement for OpenSSL in the
documentation to 1.0.1 and also updates the practical minimum CMake
version.

Why pick 1.0.1 as the minimum? Main reason is whatever is still out
there with long term support contracts etc. One of the oldest I could
find is Ubuntu 14.04 which still has paid extended support and is on
1.0.1.

Another reason that 1.0.1 is probably a good minimum is a bit more
involved. 1.0.1 is the first version to add TLS 1.2. Large parts of the
internet have TLS 1.2 as a minimum requirement. This means that systems
with OpenSSL older than 1.0.1 already can't access large parts of the
internet anyway, so not supporting the latest libssh there either is ok
I think.

Bumping minimum support also means things like the HMAC API can be moved
to the more recent EVP style APIs and things can be more easily made
compatible with the deprecated APIs in OpenSSL 3.0.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

1 files changed, 0 insertions, 8 deletions

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 3c3e0a40..57534d2e 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -543,7 +543,6 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
 
 int pki_key_generate_dss(ssh_key key, int parameter){
     int rc;
-#if OPENSSL_VERSION_NUMBER > 0x00908000L
     key->dsa = DSA_new();
     if (key->dsa == NULL) {
         return SSH_ERROR;
@@ -560,13 +559,6 @@ int pki_key_generate_dss(ssh_key key, int parameter){
         key->dsa = NULL;
         return SSH_ERROR;
     }
-#else
-    key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
-            NULL, NULL);
-    if(key->dsa == NULL){
-        return SSH_ERROR;
-    }
-#endif
     rc = DSA_generate_key(key->dsa);
     if (rc != 1){
         DSA_free(key->dsa);