On Mon, Jun 17, 2019 at 01:44:47PM +0200, Renaud Allard wrote:
> Hello,
>
> EVP_MD_CTX_create(), EVP_MD_CTX_cleanup(), and EVP_MD_CTX_destroy() are
> deprecated aliases for EVP_MD_CTX_new(), EVP_MD_CTX_reset(), and
> EVP_MD_CTX_free(). So replace the occurrences to be future proof.
>
> Comments?
I don't think we care about compatibilty with OpenSSL 1.0.2 (which is
EOL by the end of this year), so I think that's fine.
ok with one comment inline
> Index: acctproc.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/acme-client/acctproc.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 acctproc.c
> --- acctproc.c 17 Jun 2019 08:59:33 -0000 1.17
> +++ acctproc.c 17 Jun 2019 11:42:20 -0000
> @@ -124,8 +124,8 @@ op_thumbprint(int fd, EVP_PKEY *pkey)
> if ((dig = malloc(EVP_MAX_MD_SIZE)) == NULL) {
> warn("malloc");
> goto out;
> - } else if ((ctx = EVP_MD_CTX_create()) == NULL) {
> - warnx("EVP_MD_CTX_create");
> + } else if ((ctx = EVP_MD_CTX_new()) == NULL) {
> + warnx("EVP_MD_CTX_new");
> goto out;
> } else if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) {
> warnx("EVP_SignInit_ex");
> @@ -145,7 +145,7 @@ op_thumbprint(int fd, EVP_PKEY *pkey)
> rc = 1;
> out:
> if (ctx != NULL)
> - EVP_MD_CTX_destroy(ctx);
> + EVP_MD_CTX_free(ctx);
>
> free(thumb);
> free(dig);
> @@ -262,8 +262,8 @@ op_sign(int fd, EVP_PKEY *pkey, enum acc
> * sign a SHA256 digest of our message.
> */
>
> - if ((ctx = EVP_MD_CTX_create()) == NULL) {
> - warnx("EVP_MD_CTX_create");
> + if ((ctx = EVP_MD_CTX_new()) == NULL) {
> + warnx("EVP_MD_CTX_new");
> goto out;
> } else if (!EVP_SignInit_ex(ctx, EVP_sha256(), NULL)) {
> warnx("EVP_SignInit_ex");
> @@ -294,7 +294,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acc
> rc = 1;
> out:
> if (ctx != NULL)
This ctx != NULL check is not needed.
> - EVP_MD_CTX_destroy(ctx);
> + EVP_MD_CTX_free(ctx);
>
> free(pay);
> free(sign);
