CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2023/12/17 23:06:57
Modified files:
lib/libfido2/src: rs1.c rs256.c
Log message:
Remove EVP_MD_meth_*() dependency
This broken API was added for Erlang's otp-test-engine which was disabled
for LibreSSL without explanation shortly afterward. So we can remove this
hazard again.
Unfortunately, libfido2 started using EVP_MD_meth_dup(), but for no good
reason: they dup static data into a buffer that is passed unmodified to
EVP_PKEY_CTX_set_signature_md() only to be freed right after. This makes
no sense.
Rework this and the ifdefery to make it clear that it is OpenSSL who broke
API contracts (again), not LibreSSL.
ok djm jsing
