On 3/2/22 02:10, Simon Glass wrote:
Hi,
On Tue, 1 Mar 2022 at 08:12, Yann Droneaud ydroneaud@opteya.com wrote:
Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new() EVP_MD_CTX_destroy() is EVP_MD_CTX_free() EVP_MD_CTX_init() is EVP_MD_CTX_reset()
As there's no need to reset a newly created EVP_MD_CTX, moreover EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init() can be dropped. As there's no need to reset an EVP_MD_CTX before it's destroyed, as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset() is not needed and can be dropped.
Do we still need to support the old version?
https://endoflife.software/applications/security-libraries/openssl says support for 1.1.0 expired 2018. So there is no need to support older APIs. But as many LTS distros are not on OpenSSL 3 yet, we have to stay with the 1.1.1 API.
Best regards
Heinrich
Signed-off-by: Yann Droneaud ydroneaud@opteya.com
lib/rsa/rsa-sign.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)
Regards, Simon