* [PATCH] lib: rsa: use actual OpenSSL 1.1.0 EVP MD API
@ 2022-03-01 15:12 Yann Droneaud
2022-03-02 1:10 ` Simon Glass
2022-03-05 16:36 ` Tom Rini
0 siblings, 2 replies; 5+ messages in thread
From: Yann Droneaud @ 2022-03-01 15:12 UTC (permalink / raw)
To: u-boot
Cc: Yann Droneaud, Alexandru Gagniuc, Chan, Donald,
Heinrich Schuchardt, Marc Kleine-Budde, Simon Glass
Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new()
EVP_MD_CTX_destroy() is EVP_MD_CTX_free()
EVP_MD_CTX_init() is EVP_MD_CTX_reset()
As there's no need to reset a newly created EVP_MD_CTX, moreover
EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init()
can be dropped.
As there's no need to reset an EVP_MD_CTX before it's destroyed,
as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset()
is not needed and can be dropped.
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
---
lib/rsa/rsa-sign.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 3e7b7982890b..b2a21199e485 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -383,12 +383,11 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
goto err_alloc;
}
- context = EVP_MD_CTX_create();
+ context = EVP_MD_CTX_new();
if (!context) {
ret = rsa_err("EVP context creation failed");
goto err_create;
}
- EVP_MD_CTX_init(context);
ckey = EVP_PKEY_CTX_new(pkey, NULL);
if (!ckey) {
@@ -425,8 +424,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
goto err_sign;
}
- EVP_MD_CTX_reset(context);
- EVP_MD_CTX_destroy(context);
+ EVP_MD_CTX_free(context);
debug("Got signature: %zu bytes, expected %d\n", size, EVP_PKEY_size(pkey));
*sigp = sig;
@@ -435,7 +433,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
return 0;
err_sign:
- EVP_MD_CTX_destroy(context);
+ EVP_MD_CTX_free(context);
err_create:
free(sig);
err_alloc:
--
2.32.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] lib: rsa: use actual OpenSSL 1.1.0 EVP MD API
2022-03-01 15:12 [PATCH] lib: rsa: use actual OpenSSL 1.1.0 EVP MD API Yann Droneaud
@ 2022-03-02 1:10 ` Simon Glass
2022-03-02 7:57 ` Heinrich Schuchardt
2022-03-02 19:38 ` Yann Droneaud
2022-03-05 16:36 ` Tom Rini
1 sibling, 2 replies; 5+ messages in thread
From: Simon Glass @ 2022-03-02 1:10 UTC (permalink / raw)
To: ydroneaud
Cc: U-Boot Mailing List, Alexandru Gagniuc, Chan, Donald,
Heinrich Schuchardt, Marc Kleine-Budde
Hi,
On Tue, 1 Mar 2022 at 08:12, Yann Droneaud <ydroneaud@opteya.com> wrote:
>
> Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new()
> EVP_MD_CTX_destroy() is EVP_MD_CTX_free()
> EVP_MD_CTX_init() is EVP_MD_CTX_reset()
>
> As there's no need to reset a newly created EVP_MD_CTX, moreover
> EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init()
> can be dropped.
> As there's no need to reset an EVP_MD_CTX before it's destroyed,
> as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset()
> is not needed and can be dropped.
Do we still need to support the old version?
>
> Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
> ---
>
> lib/rsa/rsa-sign.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
Regards,
Simon
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] lib: rsa: use actual OpenSSL 1.1.0 EVP MD API
2022-03-02 1:10 ` Simon Glass
@ 2022-03-02 7:57 ` Heinrich Schuchardt
2022-03-02 19:38 ` Yann Droneaud
1 sibling, 0 replies; 5+ messages in thread
From: Heinrich Schuchardt @ 2022-03-02 7:57 UTC (permalink / raw)
To: Simon Glass
Cc: U-Boot Mailing List, Alexandru Gagniuc, Chan, Donald,
Marc Kleine-Budde, ydroneaud
On 3/2/22 02:10, Simon Glass wrote:
> Hi,
>
> On Tue, 1 Mar 2022 at 08:12, Yann Droneaud <ydroneaud@opteya.com> wrote:
>>
>> Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new()
>> EVP_MD_CTX_destroy() is EVP_MD_CTX_free()
>> EVP_MD_CTX_init() is EVP_MD_CTX_reset()
>>
>> As there's no need to reset a newly created EVP_MD_CTX, moreover
>> EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init()
>> can be dropped.
>> As there's no need to reset an EVP_MD_CTX before it's destroyed,
>> as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset()
>> is not needed and can be dropped.
>
> Do we still need to support the old version?
https://endoflife.software/applications/security-libraries/openssl says
support for 1.1.0 expired 2018. So there is no need to support older
APIs. But as many LTS distros are not on OpenSSL 3 yet, we have to stay
with the 1.1.1 API.
Best regards
Heinrich
>
>>
>> Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
>> ---
>>
>> lib/rsa/rsa-sign.c | 8 +++-----
>> 1 file changed, 3 insertions(+), 5 deletions(-)
>>
>
> Regards,
> Simon
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] lib: rsa: use actual OpenSSL 1.1.0 EVP MD API
2022-03-02 1:10 ` Simon Glass
2022-03-02 7:57 ` Heinrich Schuchardt
@ 2022-03-02 19:38 ` Yann Droneaud
1 sibling, 0 replies; 5+ messages in thread
From: Yann Droneaud @ 2022-03-02 19:38 UTC (permalink / raw)
To: Simon Glass
Cc: U-Boot Mailing List, Alexandru Gagniuc, Chan, Donald,
Heinrich Schuchardt, Marc Kleine-Budde
Hi,
Le 02/03/2022 à 02:10, Simon Glass a écrit :
> On Tue, 1 Mar 2022 at 08:12, Yann Droneaud <ydroneaud@opteya.com> wrote:
>> Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new()
>> EVP_MD_CTX_destroy() is EVP_MD_CTX_free()
>> EVP_MD_CTX_init() is EVP_MD_CTX_reset()
>>
>> As there's no need to reset a newly created EVP_MD_CTX, moreover
>> EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init()
>> can be dropped.
>> As there's no need to reset an EVP_MD_CTX before it's destroyed,
>> as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset()
>> is not needed and can be dropped.
> Do we still need to support the old version?
No, see
https://source.denx.de/u-boot/u-boot/-/commit/fe68a67a5f11991146f47c2975a4e1156355a92c
Regards
--
Yann Droneaud
OPTEYA
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] lib: rsa: use actual OpenSSL 1.1.0 EVP MD API
2022-03-01 15:12 [PATCH] lib: rsa: use actual OpenSSL 1.1.0 EVP MD API Yann Droneaud
2022-03-02 1:10 ` Simon Glass
@ 2022-03-05 16:36 ` Tom Rini
1 sibling, 0 replies; 5+ messages in thread
From: Tom Rini @ 2022-03-05 16:36 UTC (permalink / raw)
To: Yann Droneaud
Cc: u-boot, Alexandru Gagniuc, Chan, Donald, Heinrich Schuchardt,
Marc Kleine-Budde, Simon Glass
[-- Attachment #1: Type: text/plain, Size: 707 bytes --]
On Tue, Mar 01, 2022 at 04:12:34PM +0100, Yann Droneaud wrote:
> Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new()
> EVP_MD_CTX_destroy() is EVP_MD_CTX_free()
> EVP_MD_CTX_init() is EVP_MD_CTX_reset()
>
> As there's no need to reset a newly created EVP_MD_CTX, moreover
> EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init()
> can be dropped.
> As there's no need to reset an EVP_MD_CTX before it's destroyed,
> as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset()
> is not needed and can be dropped.
>
> Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-03-05 16:36 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-01 15:12 [PATCH] lib: rsa: use actual OpenSSL 1.1.0 EVP MD API Yann Droneaud
2022-03-02 1:10 ` Simon Glass
2022-03-02 7:57 ` Heinrich Schuchardt
2022-03-02 19:38 ` Yann Droneaud
2022-03-05 16:36 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.