iked refactor: update deprecated OpenSSL EVP digest functions >Synopsis: Update deprecated EVP_DigestInit/Final to _ex variants in iked >Category: bin >Description: The OpenSSL EVP_DigestInit() and EVP_DigestFinal() functions have been deprecated in favor of their _ex variants. The old functions automatically reset the context before init and after final, while the new functions require explicit resets. The following functions are affected in chap_ms.c: - EVP_DigestInit() -> EVP_DigestInit_ex() - EVP_DigestFinal() -> EVP_DigestFinal_ex() Additionally, when reusing digest contexts, EVP_MD_CTX_reset() needs to be added before reinitializing the context with EVP_DigestInit_ex(). >Fix: Create patch.cocci: ```coccinelle // Replace deprecated OpenSSL EVP digest functions @digest@ identifier ctx; expression E; @@ - EVP_DigestInit(ctx, E) + EVP_DigestInit_ex(ctx, E, NULL) @final@ identifier ctx; expression md, s; @@ - EVP_DigestFinal(ctx, md, s) + EVP_DigestFinal_ex(ctx, md, s) @needs_reset@ identifier ctx; expression E2; @@ EVP_DigestInit_ex(ctx, ...); ... + EVP_MD_CTX_reset(ctx); EVP_DigestInit_ex(ctx, E2, NULL) ``` Apply with: spatch --sp-file patch.cocci chap_ms.c --in-place This updates all deprecated EVP digest function calls and adds the necessary context resets when a context is reused.

Thu, 26 Dec 2024 07:55:33 -0800 

>Synopsis:      Update deprecated EVP_DigestInit/Final to _ex variants in iked
>Category:      bin
>Description:
        The OpenSSL EVP_DigestInit() and EVP_DigestFinal() functions have been 
deprecated
        in favor of their _ex variants. The old functions automatically reset 
the context
        before init and after final, while the new functions require explicit 
resets.

        The following functions are affected in chap_ms.c:
        - EVP_DigestInit() -> EVP_DigestInit_ex()  
        - EVP_DigestFinal() -> EVP_DigestFinal_ex()

        Additionally, when reusing digest contexts, EVP_MD_CTX_reset() needs to 
be added 
        before reinitializing the context with EVP_DigestInit_ex().

>Fix:
        Create patch.cocci:

        ```coccinelle
        // Replace deprecated OpenSSL EVP digest functions

        @digest@
        identifier ctx;
        expression E;
        @@
        - EVP_DigestInit(ctx, E)
        + EVP_DigestInit_ex(ctx, E, NULL)

        @final@
        identifier ctx;
        expression md, s;
        @@
        - EVP_DigestFinal(ctx, md, s)
        + EVP_DigestFinal_ex(ctx, md, s)

        @needs_reset@
        identifier ctx;
        expression E2;
        @@
          EVP_DigestInit_ex(ctx, ...);
          ...
        + EVP_MD_CTX_reset(ctx);
          EVP_DigestInit_ex(ctx, E2, NULL)
        ```

        Apply with:
        spatch --sp-file patch.cocci chap_ms.c --in-place

        This updates all deprecated EVP digest function calls and adds the 
necessary
        context resets when a context is reused.

Reply via email to