EVP_get_digestbynid/EVP_get_cipherbynid turns into...

a wrapper around EVP_MD_fetch/EVP_CIPHER_fetch when engines are not
supported anymore. Let's remove the fallbacks that don't do anything
useful

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Thu Feb 12 18:22:57 2026
(Merged from https://github.com/openssl/openssl/pull/29969)

diff --git a/apps/dgst.c b/apps/dgst.c
index 395d9f82cb8ce64bde009ec44dfb1eaeb0417824..71520af6c8792e5777d60f980f4eeb1a1ce67342 100644 (file)
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -547,10 +547,8 @@ static void show_digests(const OBJ_NAME *name, void *arg)
 
     /* Filter out message digests that we cannot use */
     md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
-    if (md == NULL) {
-        if (EVP_get_digestbyname(name->name) == NULL)
-            return;
-    }
+    if (md == NULL)
+        return;
 
     BIO_printf(dec->bio, "-%-25s", name->name);
     if (++dec->n == 3) {

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 55f86ee83ff5b02378ad1f57393935a489eb0a0f..e916386200d7a8bf3b0e1a5c3c0ec1be324e171f 100644 (file)
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -28,7 +28,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
     char *data, EVP_PKEY *pkey)
 {
     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-    const EVP_MD *type;
+    EVP_MD *type = NULL;
     unsigned char *p, *buf_in = NULL;
     int ret = -1, i, inl;
 
@@ -37,7 +37,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
         goto err;
     }
     i = OBJ_obj2nid(a->algorithm);
-    type = EVP_get_digestbyname(OBJ_nid2sn(i));
+    type = EVP_MD_fetch(NULL, OBJ_nid2sn(i), NULL);
     if (type == NULL) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
         goto err;
@@ -79,6 +79,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
     }
     ret = 1;
 err:
+    EVP_MD_free(type);
     EVP_MD_CTX_free(ctx);
     return ret;
 }

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 27e89253777d44f8c1b515d0efb972e2153bd41a..62d649c3935ca3cd62f55c5887646b2782323512 100644 (file)
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -97,10 +97,8 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de,
     OSSL_LIB_CTX *libctx, const char *propq)
 {
-    const EVP_CIPHER *cipher = NULL;
-    EVP_CIPHER *cipher_fetch = NULL;
-    const EVP_MD *md = NULL;
-    EVP_MD *md_fetch = NULL;
+    EVP_CIPHER *cipher = NULL;
+    EVP_MD *md = NULL;
     int ret = 0, cipher_nid, md_nid;
     EVP_PBE_KEYGEN_EX *keygen_ex;
     EVP_PBE_KEYGEN *keygen;
@@ -124,33 +122,21 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         passlen = (int)strlen(pass);
 
     if (cipher_nid != -1) {
-        (void)ERR_set_mark();
-        cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
-        /* Fallback to legacy method */
-        if (cipher == NULL)
-            cipher = EVP_get_cipherbynid(cipher_nid);
+        cipher = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
         if (cipher == NULL) {
-            (void)ERR_clear_last_mark();
             ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER,
                 OBJ_nid2sn(cipher_nid));
             goto err;
         }
-        (void)ERR_pop_to_mark();
     }
 
     if (md_nid != -1) {
-        (void)ERR_set_mark();
-        md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
-        /* Fallback to legacy method */
-        if (md == NULL)
-            md = EVP_get_digestbynid(md_nid);
+        md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
 
         if (md == NULL) {
-            (void)ERR_clear_last_mark();
             ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST);
             goto err;
         }
-        (void)ERR_pop_to_mark();
     }
 
     /* Try extended keygen with libctx/propq first, fall back to legacy keygen */
@@ -160,8 +146,8 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
         ret = keygen(ctx, pass, passlen, param, cipher, md, en_de);
 
 err:
-    EVP_CIPHER_free(cipher_fetch);
-    EVP_MD_free(md_fetch);
+    EVP_CIPHER_free(cipher);
+    EVP_MD_free(md);
 
     return ret;
 }

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 1162810cd513fc4dfa84632cb1aa90a1b0760836..c51798038fb182c83728c9a509c19225851d2ef1 100644 (file)
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -217,8 +217,6 @@ reinitialize:
              */
             evp_md_ctx_clear_digest(ctx, 1, 0);
 
-            /* legacy code support for engines */
-            ERR_set_mark();
             /*
              * This might be requested by a later call to EVP_MD_CTX_get0_md().
              * In that case the "explicit fetch" rules apply for that
@@ -229,16 +227,11 @@ reinitialize:
             ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
             if (ctx->fetched_digest != NULL) {
                 ctx->digest = ctx->reqdigest = ctx->fetched_digest;
-            } else {
-                /* legacy engine support : remove the mark when this is deleted */
-                ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
                 if (ctx->digest == NULL) {
-                    (void)ERR_clear_last_mark();
                     ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
                     goto err;
                 }
             }
-            (void)ERR_pop_to_mark();
         }
     }
 

diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index c944496339bd822c20f405f529c1f1f93c21e2c3..181ab84ed6fe2d9870643240e248538d7b87e649 100644 (file)
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -117,8 +117,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 {
     PBE2PARAM *pbe2 = NULL;
     char ciph_name[80];
-    const EVP_CIPHER *cipher = NULL;
-    EVP_CIPHER *cipher_fetch = NULL;
+    EVP_CIPHER *cipher = NULL;
     EVP_PBE_KEYGEN_EX *kdf;
 
     int rv = 0;
@@ -144,11 +143,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         goto err;
     }
 
-    (void)ERR_set_mark();
-    cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq);
-    /* Fallback to legacy method */
-    if (cipher == NULL)
-        cipher = EVP_get_cipherbyname(ciph_name);
+    cipher = EVP_CIPHER_fetch(libctx, ciph_name, propq);
 
     if (cipher == NULL) {
         (void)ERR_clear_last_mark();
@@ -166,7 +161,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
     }
     rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de, libctx, propq);
 err:
-    EVP_CIPHER_free(cipher_fetch);
+    EVP_CIPHER_free(cipher);
     PBE2PARAM_free(pbe2);
     return rv;
 }
@@ -189,8 +184,7 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
     unsigned int keylen = 0;
     int prf_nid, hmac_md_nid;
     PBKDF2PARAM *kdf = NULL;
-    const EVP_MD *prfmd = NULL;
-    EVP_MD *prfmd_fetch = NULL;
+    EVP_MD *prfmd = NULL;
 
     if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
@@ -232,16 +226,11 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
         goto err;
     }
 
-    (void)ERR_set_mark();
-    prfmd = prfmd_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq);
-    if (prfmd == NULL)
-        prfmd = EVP_get_digestbynid(hmac_md_nid);
+    prfmd = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq);
     if (prfmd == NULL) {
-        (void)ERR_clear_last_mark();
         ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF);
         goto err;
     }
-    (void)ERR_pop_to_mark();
 
     if (kdf->salt->type != V_ASN1_OCTET_STRING) {
         ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE);
@@ -259,7 +248,7 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
 err:
     OPENSSL_cleanse(key, keylen);
     PBKDF2PARAM_free(kdf);
-    EVP_MD_free(prfmd_fetch);
+    EVP_MD_free(prfmd);
     return rv;
 }
 

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index e1faf29e080ea4ee1df7a915de4f7ce3ae57ba79..f94e14c0f30bf027675ccf64134a462c31c923d0 100644 (file)
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -314,17 +314,11 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
 
         OBJ_obj2txt(name, sizeof(name), cid->hashAlgorithm.algorithm, 0);
 
-        (void)ERR_set_mark();
         dgst = EVP_MD_fetch(NULL, name, NULL);
-        if (dgst == NULL)
-            dgst = (EVP_MD *)EVP_get_digestbyname(name);
-
         if (dgst == NULL) {
-            (void)ERR_clear_last_mark();
             ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
             goto end;
         }
-        (void)ERR_pop_to_mark();
 
         mdlen = EVP_MD_get_size(dgst);
         if (mdlen <= 0) {

diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 4750974d60443033c10276ada01a9933d19cb0a0..f5625b49a1d03ee012d95b265d9091dbb2393f0e 100644 (file)
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -98,8 +98,7 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen,
 {
     PKCS7 *p7;
     X509_ALGOR *pbe;
-    const EVP_CIPHER *pbe_ciph = NULL;
-    EVP_CIPHER *pbe_ciph_fetch = NULL;
+    EVP_CIPHER *pbe_ciph = NULL;
 
     if ((p7 = PKCS7_new_ex(ctx, propq)) == NULL) {
         ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
@@ -110,11 +109,7 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen,
         goto err;
     }
 
-    ERR_set_mark();
-    pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
-    if (pbe_ciph == NULL)
-        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-    ERR_pop_to_mark();
+    pbe_ciph = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
 
     if (pbe_ciph != NULL) {
         pbe = PKCS5_pbe2_set_iv_ex(pbe_ciph, iter, salt, saltlen, NULL, -1, ctx);
@@ -135,12 +130,12 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen,
         goto err;
     }
 
-    EVP_CIPHER_free(pbe_ciph_fetch);
+    EVP_CIPHER_free(pbe_ciph);
     return p7;
 
 err:
     PKCS7_free(p7);
-    EVP_CIPHER_free(pbe_ciph_fetch);
+    EVP_CIPHER_free(pbe_ciph);
     return NULL;
 }
 

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 8bb4e30529d205f74c4dba911518f94ca84d36bb..63a3236e245acaf2493316afd212cad15761ffc8 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -181,8 +181,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         const char *propq))
 {
     int ret = 0;
-    const EVP_MD *md;
-    EVP_MD *md_fetch;
+    EVP_MD *md;
     HMAC_CTX *hmac = NULL;
     unsigned char key[EVP_MAX_MD_SIZE], *salt;
     int saltlen, iter;
@@ -221,17 +220,12 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0)
             return 0;
     }
-    (void)ERR_set_mark();
-    md = md_fetch = EVP_MD_fetch(libctx, md_name, propq);
-    if (md == NULL)
-        md = EVP_get_digestbynid(OBJ_obj2nid(macoid));
+    md = EVP_MD_fetch(libctx, md_name, propq);
 
     if (md == NULL) {
-        (void)ERR_clear_last_mark();
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
         return 0;
     }
-    (void)ERR_pop_to_mark();
 
     keylen = EVP_MD_get_size(md);
     md_nid = EVP_MD_get_type(md);
@@ -254,7 +248,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
             goto err;
         }
     } else {
-        EVP_MD *hmac_md = (EVP_MD *)md;
+        EVP_MD *hmac_md = md;
         int fetched = 0;
 
         if (pbmac1_kdf_nid != NID_undef) {
@@ -300,7 +294,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
 err:
     OPENSSL_cleanse(key, sizeof(key));
     HMAC_CTX_free(hmac);
-    EVP_MD_free(md_fetch);
+    EVP_MD_free(md);
     return ret;
 }
 

diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
index 4848daf2e9b92b6a146b30da35d608e1c22fa596..c9748bc5cd6f2316aaa299f057360e97d6867442 100644 (file)
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -252,14 +252,11 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
     const char *propq)
 {
     PKCS12_SAFEBAG *bag = NULL;
-    const EVP_CIPHER *pbe_ciph = NULL;
-    EVP_CIPHER *pbe_ciph_fetch = NULL;
+    EVP_CIPHER *pbe_ciph = NULL;
     X509_SIG *p8;
 
     ERR_set_mark();
-    pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
-    if (pbe_ciph == NULL)
-        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+    pbe_ciph = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
     ERR_pop_to_mark();
 
     if (pbe_ciph != NULL)
@@ -275,7 +272,7 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
         X509_SIG_free(p8);
 
 err:
-    EVP_CIPHER_free(pbe_ciph_fetch);
+    EVP_CIPHER_free(pbe_ciph);
     return bag;
 }
 

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 7798846b16ec17c520f4ca5ae9672aecddf03ce2..20928cbad0aeb2d1628e3f7eaf84f5b1c8c16b91 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -96,8 +96,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
 {
     BIO *btmp;
     char name[OSSL_MAX_NAME_SIZE];
-    EVP_MD *fetched = NULL;
-    const EVP_MD *md;
+    EVP_MD *md = NULL;
 
     if ((btmp = BIO_new(BIO_f_md())) == NULL) {
         ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
@@ -106,27 +105,20 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
 
     OBJ_obj2txt(name, sizeof(name), alg->algorithm, 0);
 
-    (void)ERR_set_mark();
-    fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name,
+    md = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name,
         ossl_pkcs7_ctx_get0_propq(ctx));
-    if (fetched != NULL)
-        md = fetched;
-    else
-        md = EVP_get_digestbyname(name);
 
     if (md == NULL) {
-        (void)ERR_clear_last_mark();
         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE);
         goto err;
     }
-    (void)ERR_pop_to_mark();
 
     if (BIO_set_md(btmp, md) <= 0) {
         ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
-        EVP_MD_free(fetched);
+        EVP_MD_free(md);
         goto err;
     }
-    EVP_MD_free(fetched);
+    EVP_MD_free(md);
     if (*pbio == NULL)
         *pbio = btmp;
     else if (!BIO_push(*pbio, btmp)) {
@@ -440,10 +432,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
     BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
     X509_ALGOR *xa;
     ASN1_OCTET_STRING *data_body = NULL;
-    EVP_MD *evp_md = NULL;
-    const EVP_MD *md;
-    EVP_CIPHER *evp_cipher = NULL;
-    const EVP_CIPHER *cipher = NULL;
+    EVP_MD *md = NULL;
+    EVP_CIPHER *cipher = NULL;
     EVP_CIPHER_CTX *evp_ctx = NULL;
     X509_ALGOR *enc_alg = NULL;
     STACK_OF(X509_ALGOR) *md_sk = NULL;
@@ -497,19 +487,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 
         OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0);
 
-        (void)ERR_set_mark();
-        evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
-        if (evp_cipher != NULL)
-            cipher = evp_cipher;
-        else
-            cipher = EVP_get_cipherbyname(name);
+        cipher = EVP_CIPHER_fetch(libctx, name, propq);
 
         if (cipher == NULL) {
-            (void)ERR_clear_last_mark();
             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
             goto err;
         }
-        (void)ERR_pop_to_mark();
         break;
     case NID_pkcs7_enveloped:
         rsk = p7->d.enveloped->recipientinfo;
@@ -518,19 +501,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         data_body = p7->d.enveloped->enc_data->enc_data;
         OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0);
 
-        (void)ERR_set_mark();
-        evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
-        if (evp_cipher != NULL)
-            cipher = evp_cipher;
-        else
-            cipher = EVP_get_cipherbyname(name);
+        cipher = EVP_CIPHER_fetch(libctx, name, propq);
 
         if (cipher == NULL) {
-            (void)ERR_clear_last_mark();
             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
             goto err;
         }
-        (void)ERR_pop_to_mark();
         break;
     default:
         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -554,26 +530,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 
             OBJ_obj2txt(name, sizeof(name), xa->algorithm, 0);
 
-            (void)ERR_set_mark();
-            evp_md = EVP_MD_fetch(libctx, name, propq);
-            if (evp_md != NULL)
-                md = evp_md;
-            else
-                md = EVP_get_digestbyname(name);
+            md = EVP_MD_fetch(libctx, name, propq);
 
             if (md == NULL) {
-                (void)ERR_clear_last_mark();
                 ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE);
                 goto err;
             }
-            (void)ERR_pop_to_mark();
 
             if (BIO_set_md(btmp, md) <= 0) {
-                EVP_MD_free(evp_md);
+                EVP_MD_free(md);
                 ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
                 goto err;
             }
-            EVP_MD_free(evp_md);
+            EVP_MD_free(md);
             if (out == NULL)
                 out = btmp;
             else
@@ -703,11 +672,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
     }
     BIO_push(out, bio);
     bio = NULL;
-    EVP_CIPHER_free(evp_cipher);
+    EVP_CIPHER_free(cipher);
     return out;
 
 err:
-    EVP_CIPHER_free(evp_cipher);
+    EVP_CIPHER_free(cipher);
     OPENSSL_clear_free(ek, eklen);
     OPENSSL_clear_free(tkey, tkeylen);
     BIO_free_all(out);
@@ -1065,8 +1034,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 {
     ASN1_OCTET_STRING *os;
     EVP_MD_CTX *mdc_tmp, *mdc;
-    const EVP_MD *md;
-    EVP_MD *fetched_md = NULL;
+    EVP_MD *md = NULL;
     int ret = 0, i;
     int md_type;
     STACK_OF(X509_ATTRIBUTE) *sk;
@@ -1139,19 +1107,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
             goto err;
         }
 
-        (void)ERR_set_mark();
-        fetched_md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq);
-
-        if (fetched_md != NULL)
-            md = fetched_md;
-        else
-            md = EVP_get_digestbynid(md_type);
+        md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq);
 
         if (md == NULL || !EVP_VerifyInit_ex(mdc_tmp, md, NULL)) {
-            (void)ERR_clear_last_mark();
             goto err;
         }
-        (void)ERR_pop_to_mark();
 
         alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
@@ -1181,7 +1141,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 err:
     OPENSSL_free(abuf);
     EVP_MD_CTX_free(mdc_tmp);
-    EVP_MD_free(fetched_md);
+    EVP_MD_free(md);
     return ret;
 }
 

diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index e03c9553db880dae4e3e5bb11af1da58e5e3f963..6ad8786e6215314bf41ac09cc23d46e11c53a858 100644 (file)
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -434,17 +434,10 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
 
     OBJ_obj2txt(name, sizeof(name), md_alg_resp->algorithm, 0);
 
-    (void)ERR_set_mark();
     md = EVP_MD_fetch(NULL, name, NULL);
-
-    if (md == NULL)
-        md = (EVP_MD *)EVP_get_digestbyname(name);
-
     if (md == NULL) {
-        (void)ERR_clear_last_mark();
         goto err;
     }
-    (void)ERR_pop_to_mark();
 
     length = EVP_MD_get_size(md);
     if (length <= 0)

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 5c609f60485b53a407cd0b3b21789fe01cb28281..cf6e303f3057d710d4b069261c30ce886953a22d 100644 (file)
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -584,8 +584,7 @@ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert,
         }
     } else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid),
                     cert->propq))
-            == NULL
-        && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) {
+        == NULL) {
         ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
         return NULL;
     }