[PATCH] lib/rsa: Remove support for OpenSSL < 1.1.0 and libressl < 2.7.0
Peter Robinson
pbrobinson at gmail.com
Thu Sep 2 16:36:43 CEST 2021
On Thu, Sep 2, 2021 at 2:28 PM Tom Rini <trini at konsulko.com> wrote:
>
> On Thu, Jul 29, 2021 at 01:31:21PM -0500, Alexandru Gagniuc wrote:
>
> > Older OpenSSL and libressl versions have a slightly different API.
> > This require #ifdefs to support. However, we still can't support it
> > because the ECDSA path does not compile with these older versions.
> > These #ifdefs are truly a vestigial appendage.
> >
> > Alternatively, the ECDSA path could be updated for older libraries,
> > but this requires significant extra code, and #ifdefs. Those libraries
> > are over three years old, and there concerns whether it makes sense to
> > build modern software for real world use against such old libraries.
> >
> > Thusly, remove #ifdefs and code for old OpenSSL and LibreSSL support.
> >
> > Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
>
> Applied to u-boot/next, thanks!
According to recent CVE announcements 1.1.0 is out of support [1],
does it make sense to just support 1.1.1x and later?
[1] https://www.openssl.org/news/secadv/20210824.txt
More information about the U-Boot
mailing list