crypto_compat_free(): remove NEED_EVP_CLEANUP

It's easier to understand the code if we put the #if LIBRESSL_VERSION_NUMBER in crypto_compat_free() directly. Also, we don't need such a verbose message. NEED_EVP_CLEANUP was added in: 2021-11-29 Modify crypto_compat_free() for LibreSSL 2.7.0+ f591b2d
Tarsnap · Oct 15, 2023 · bfce7ef · bfce7ef
1 parent 36968e3
commit bfce7ef
Showing 1 changed file with 2 additions and 12 deletions.
diff --git a/lib/crypto/crypto_compat.c b/lib/crypto/crypto_compat.c
@@ -25,16 +25,6 @@
 /* Compatibility for LibreSSL 2.7.0+: pretend to be OpenSSL 1.1.0. */
 #define OPENSSL_VERSION_NUMBER 0x1010000fL
 
-/*
- * To free the shared memory in 2.7.0+, we need to run EVP_cleanup() in
- * crypto_compat_free().  This function is documented as being deprecated on
- * LibreSSL 2.7.0+ (and a no-op on OpenSSL 1.1.0+), but LibreSSL's
- * crypto/evp/names.c clearly shows that EVP_cleanup() does stuff, and
- * valgrind memory checks show that we need to call it manually.
- * (Checked in LibreSSL 2.7.0 and 3.4.2.)
- */
-#define NEED_EVP_CLEANUP
-
 #else
 /* Compatibility for LibreSSL before 2.7.0: pretend to be OpenSSL 1.0.1g. */
 #define OPENSSL_VERSION_NUMBER 0x1000107fL
@@ -277,8 +267,8 @@ crypto_compat_free(void)
 	/* Free OpenSSL error strings. */
 	ERR_free_strings();
 
-#ifdef NEED_EVP_CLEANUP
-	/* Additional cleaning needed for some versions of LibreSSL. */
+#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL
+	/* Additional cleaning needed for LibreSSL 2.7.0 to 3.6.0. */
 	EVP_cleanup();
 #endif