[PATCH] lib/rsa: Remove support for OpenSSL < 1.1.0 and libressl < 2.7.0
Tom Rini
trini at konsulko.com
Thu Sep 2 16:38:51 CEST 2021
On Thu, Sep 02, 2021 at 03:36:43PM +0100, Peter Robinson wrote:
> On Thu, Sep 2, 2021 at 2:28 PM Tom Rini <trini at konsulko.com> wrote:
> >
> > On Thu, Jul 29, 2021 at 01:31:21PM -0500, Alexandru Gagniuc wrote:
> >
> > > Older OpenSSL and libressl versions have a slightly different API.
> > > This require #ifdefs to support. However, we still can't support it
> > > because the ECDSA path does not compile with these older versions.
> > > These #ifdefs are truly a vestigial appendage.
> > >
> > > Alternatively, the ECDSA path could be updated for older libraries,
> > > but this requires significant extra code, and #ifdefs. Those libraries
> > > are over three years old, and there concerns whether it makes sense to
> > > build modern software for real world use against such old libraries.
> > >
> > > Thusly, remove #ifdefs and code for old OpenSSL and LibreSSL support.
> > >
> > > Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> >
> > Applied to u-boot/next, thanks!
>
> According to recent CVE announcements 1.1.0 is out of support [1],
> does it make sense to just support 1.1.1x and later?
>
> [1] https://www.openssl.org/news/secadv/20210824.txt
Good question. Are there API changes between 1.1.0 and 1.1.1x ?
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210902/8c677db0/attachment.sig>
More information about the U-Boot
mailing list