Remove ssl_evp_md_fetch()

author Norbert Pocs <norbertp@openssl.org>

Fri, 21 Nov 2025 14:24:21 +0000 (15:24 +0100)

committer Neil Horman <nhorman@openssl.org>

Thu, 4 Dec 2025 12:32:18 +0000 (07:32 -0500)
author Norbert Pocs <norbertp@openssl.org>
Fri, 21 Nov 2025 14:24:21 +0000 (15:24 +0100)
committer Neil Horman <nhorman@openssl.org>
Thu, 4 Dec 2025 12:32:18 +0000 (07:32 -0500)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c

index 159b9e60fea9ba024c5177cca45c414d143eae32..1b194bf0956e5ddce43017885bfb68bc05d60364 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -31,8 +31,8 @@ static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num
      c = os_toascii[c];          /* 'A' in ASCII */
  #endif
      k = 0;
-    md5 = ssl_evp_md_fetch(sctx->libctx, NID_md5, sctx->propq);
-    sha1 = ssl_evp_md_fetch(sctx->libctx, NID_sha1, sctx->propq);
+    md5 = EVP_MD_fetch(sctx->libctx, "MD5", sctx->propq);
+    sha1 = EVP_MD_fetch(sctx->libctx, "SHA1", sctx->propq);
      m5 = EVP_MD_CTX_new();
      s1 = EVP_MD_CTX_new();
      if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) {
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 0125c73d1c6e914737479b6e5460327bfb89f3d9..cdfb69eb16afe15c61b5794a592d1c6e8f2ae062 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -319,8 +319,15 @@ int ssl_load_ciphers(SSL_CTX *ctx)
      }
      ctx->disabled_mac_mask = 0;
      for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
-        const EVP_MD *md
-            = ssl_evp_md_fetch(ctx->libctx, t->nid, ctx->propq);
+        /*
+         * We ignore any errors from the fetch below. It is expected to fail
+         * if these algorithms are not available.
+         */
+        ERR_set_mark();
+        const EVP_MD *md = EVP_MD_fetch(ctx->libctx,
+                                        OBJ_nid2sn(t->nid),
+                                        ctx->propq);
+        ERR_pop_to_mark();
  
          ctx->ssl_digest_methods[i] = md;
          if (md == NULL) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 589a210a147aa6e392e25d95d282168c4af5f9fb..488b68f828776e039019fef6bfa447d73609f88a 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -13,6 +13,7 @@
  #include "internal/e_winsock.h"
  #include "ssl_local.h"
  
+#include <openssl/err.h>
  #include <openssl/objects.h>
  #include <openssl/x509v3.h>
  #include <openssl/rand.h>
@@ -4147,8 +4148,10 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
       * If these aren't available from the provider we'll get NULL returns.
       * That's fine but will cause errors later if SSLv3 is negotiated
       */
-    ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq);
-    ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq);
+    ERR_set_mark();
+    ret->md5 = EVP_MD_fetch(libctx, "MD5", propq);
+    ret->sha1 = EVP_MD_fetch(libctx, "SHA1", propq);
+    ERR_pop_to_mark();
  
      if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) {
          ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
@@ -7522,18 +7525,6 @@ void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
      }
  }
  
-const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
-                               int nid,
-                               const char *properties)
-{
-    const EVP_MD *md;
-
-    ERR_set_mark();
-    md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
-    ERR_pop_to_mark();
-    return md;
-}
-
  int ssl_evp_md_up_ref(const EVP_MD *md)
  {
      /* Don't up-ref an implicit EVP_MD */
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h

index d6d8484dc1955d8eeb6bdaf6405712e0079484a2..77e21f2a9d45687085282c131f2968e9617029c8 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -3014,9 +3014,6 @@ const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx,
                                         const char *properties);
  int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher);
  void ssl_evp_cipher_free(const EVP_CIPHER *cipher);
-const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
-                               int nid,
-                               const char *properties);
  int ssl_evp_md_up_ref(const EVP_MD *md);
  void ssl_evp_md_free(const EVP_MD *md);
  
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index 3891fd5b087a72f04190a3bfe06b0f43ca6ba2a7..9e9e6b0097bf0d4255dad07f944ce80b72ad7104 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3454,8 +3454,7 @@ int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf)
      EVP_MD_CTX *hash = NULL;
      unsigned int md_len;
      SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
-    const EVP_MD *md = ssl_evp_md_fetch(sctx->libctx, NID_id_GostR3411_2012_256,
-                                        sctx->propq);
+    const EVP_MD *md = EVP_MD_fetch(sctx->libctx, "md_gost12_256", sctx->propq);
  
      if (md == NULL)
          return 0;
author	Norbert Pocs <norbertp@openssl.org>
	Fri, 21 Nov 2025 14:24:21 +0000 (15:24 +0100)
committer	Neil Horman <nhorman@openssl.org>
	Thu, 4 Dec 2025 12:32:18 +0000 (07:32 -0500)
ssl/s3_enc.c		patch \| blob \| blame \| history
ssl/ssl_ciph.c		patch \| blob \| blame \| history
ssl/ssl_lib.c		patch \| blob \| blame \| history
ssl/ssl_local.h		patch \| blob \| blame \| history
ssl/statem/statem_clnt.c		patch \| blob \| blame \| history