Bump minimal OpenSSL version to 1.0.2

4 files changed, 12 insertions, 38 deletions

diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
index 9df2469363..e08a76897a 100644
--- a/ext/openssl/config0.m4
+++ b/ext/openssl/config0.m4
@@ -1,7 +1,7 @@
 PHP_ARG_WITH([openssl],
   [for OpenSSL support],
   [AS_HELP_STRING([--with-openssl],
-    [Include OpenSSL support (requires OpenSSL >= 1.0.1)])])
+    [Include OpenSSL support (requires OpenSSL >= 1.0.2)])])
 
 PHP_ARG_WITH([kerberos],
   [for Kerberos support],
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 18c822ed67..113d0c2ec4 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1149,13 +1149,6 @@ PHP_MINIT_FUNCTION(openssl)
 	OpenSSL_add_all_ciphers();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_algorithms();
-
-#if !defined(OPENSSL_NO_AES) && defined(EVP_CIPH_CCM_MODE) && OPENSSL_VERSION_NUMBER < 0x100020000
-	EVP_add_cipher(EVP_aes_128_ccm());
-	EVP_add_cipher(EVP_aes_192_ccm());
-	EVP_add_cipher(EVP_aes_256_ccm());
-#endif
-
 	SSL_load_error_strings();
 #else
 	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
@@ -3671,26 +3664,18 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
 			case OPENSSL_KEYTYPE_RSA:
 				{
 					RSA* rsaparam;
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
-					/* OpenSSL 1.0.2 deprecates RSA_generate_key */
-					PHP_OPENSSL_RAND_ADD_TIME();
-					rsaparam = (RSA*)RSA_generate_key(req->priv_key_bits, RSA_F4, NULL, NULL);
-#else
-					{
-						BIGNUM *bne = (BIGNUM *)BN_new();
-						if (BN_set_word(bne, RSA_F4) != 1) {
-							BN_free(bne);
-							php_error_docref(NULL, E_WARNING, "Failed setting exponent");
-							return NULL;
-						}
-						rsaparam = RSA_new();
-						PHP_OPENSSL_RAND_ADD_TIME();
-						if (rsaparam == NULL || !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) {
-							php_openssl_store_errors();
-						}
+					BIGNUM *bne = (BIGNUM *)BN_new();
+					if (BN_set_word(bne, RSA_F4) != 1) {
 						BN_free(bne);
+						php_error_docref(NULL, E_WARNING, "Failed setting exponent");
+						return NULL;
 					}
-#endif
+					rsaparam = RSA_new();
+					PHP_OPENSSL_RAND_ADD_TIME();
+					if (rsaparam == NULL || !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) {
+						php_openssl_store_errors();
+					}
+					BN_free(bne);
 					if (rsaparam && EVP_PKEY_assign_RSA(req->priv_key, rsaparam)) {
 						return_val = req->priv_key;
 					} else {
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index c674ead34b..838832388c 100644
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -35,9 +35,7 @@ extern zend_module_entry openssl_module_entry;
 #endif
 #else
 /* OpenSSL version check */
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
-#define PHP_OPENSSL_API_VERSION 0x10001
-#elif OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define PHP_OPENSSL_API_VERSION 0x10002
 #else
 #define PHP_OPENSSL_API_VERSION 0x10100
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index feb9ee52c1..6fdbf1df16 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -33,11 +33,8 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
-
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-#endif
 
 #ifdef PHP_WIN32
 #include "win32/winutil.h"
@@ -80,10 +77,8 @@
 
 #ifndef OPENSSL_NO_TLSEXT
 #define HAVE_TLS_SNI 1
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
 #define HAVE_TLS_ALPN 1
 #endif
-#endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 #define HAVE_SEC_LEVEL 1
@@ -1294,12 +1289,8 @@ static int php_openssl_set_server_ecdh_curve(php_stream *stream, SSL_CTX *ctx) /
 
 	zvcurve = php_stream_context_get_option(PHP_STREAM_CONTEXT(stream), "ssl", "ecdh_curve");
 	if (zvcurve == NULL) {
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
 		SSL_CTX_set_ecdh_auto(ctx, 1);
 		return SUCCESS;
-#else
-		curve_nid = NID_X9_62_prime256v1;
-#endif
 	} else {
 		if (!try_convert_to_string(zvcurve)) {
 			return FAILURE;