Hi all, On 14-06-19 12:38, Arne Schwabe wrote: >> +#if !defined(HAVE_EVP_CIPHER_CTX_INIT) >> +#define EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset >> +#endif >> + >> +#if !defined(HAVE_EVP_CIPHER_CTX_CLEANUP) >> +#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset >> +#endif > > These two keep the older API instead of switching to the new one, from > OpenSSL. > > # if OPENSSL_API_COMPAT < 0x10100000L > # define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) > # define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) > # endif > > Since just using only the new API in this case does not really work I > think in case it would be better to rather always use > EVP_CIPHER_CTX_reset isntead of init and have ifdefs in the 2-3 places > where we actually use EVP_CIPHER_CTX_cleanup so we can remove the old > API when we bump our minimum OpenSSL version (and find this thing easy > since it is an ifdef depending on the openssl version).
Why wouldn't using the new API work? _reset() is basically the new name for _cleanup(), which some some actual cleanup + init. As far as I can see it would work perfectly fine to use _reset() instead of the _init/_cleanup calls everywhere. We never call _init on uninitialized memory (which is the only case where _init() would work while _cleanup() would fail). All we'd have to do than is add something like #ifndef HAVE_EVP_CIPHER_CTX_RESET #define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup #endif to openssl_compat.h. That way we would just use the new API everywhere, and can get rid of the lines in the compat file once we drop support for OpenSSL 1.0. Or am I missing something here? -Steffan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel