From: Dmitry Belyavskiy Date: Mon, 9 Feb 2026 19:42:19 +0000 (+0100) Subject: EVP_get_digestbynid/EVP_get_cipherbynid turns into... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ea6e785f526f88f913cc6f49372aae9dc54bc63;p=thirdparty%2Fopenssl.git EVP_get_digestbynid/EVP_get_cipherbynid turns into... a wrapper around EVP_MD_fetch/EVP_CIPHER_fetch when engines are not supported anymore. Let's remove the fallbacks that don't do anything useful Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz Reviewed-by: Simo Sorce Reviewed-by: Shane Lontis MergeDate: Thu Feb 12 18:22:57 2026 (Merged from https://github.com/openssl/openssl/pull/29969) --- diff --git a/apps/dgst.c b/apps/dgst.c index 395d9f82cb8..71520af6c87 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -547,10 +547,8 @@ static void show_digests(const OBJ_NAME *name, void *arg) /* Filter out message digests that we cannot use */ md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq()); - if (md == NULL) { - if (EVP_get_digestbyname(name->name) == NULL) - return; - } + if (md == NULL) + return; BIO_printf(dec->bio, "-%-25s", name->name); if (++dec->n == 3) { diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 55f86ee83ff..e916386200d 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -28,7 +28,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) { EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - const EVP_MD *type; + EVP_MD *type = NULL; unsigned char *p, *buf_in = NULL; int ret = -1, i, inl; @@ -37,7 +37,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, goto err; } i = OBJ_obj2nid(a->algorithm); - type = EVP_get_digestbyname(OBJ_nid2sn(i)); + type = EVP_MD_fetch(NULL, OBJ_nid2sn(i), NULL); if (type == NULL) { ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; @@ -79,6 +79,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = 1; err: + EVP_MD_free(type); EVP_MD_CTX_free(ctx); return ret; } diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 27e89253777..62d649c3935 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -97,10 +97,8 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de, OSSL_LIB_CTX *libctx, const char *propq) { - const EVP_CIPHER *cipher = NULL; - EVP_CIPHER *cipher_fetch = NULL; - const EVP_MD *md = NULL; - EVP_MD *md_fetch = NULL; + EVP_CIPHER *cipher = NULL; + EVP_MD *md = NULL; int ret = 0, cipher_nid, md_nid; EVP_PBE_KEYGEN_EX *keygen_ex; EVP_PBE_KEYGEN *keygen; @@ -124,33 +122,21 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, passlen = (int)strlen(pass); if (cipher_nid != -1) { - (void)ERR_set_mark(); - cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq); - /* Fallback to legacy method */ - if (cipher == NULL) - cipher = EVP_get_cipherbynid(cipher_nid); + cipher = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq); if (cipher == NULL) { - (void)ERR_clear_last_mark(); ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER, OBJ_nid2sn(cipher_nid)); goto err; } - (void)ERR_pop_to_mark(); } if (md_nid != -1) { - (void)ERR_set_mark(); - md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq); - /* Fallback to legacy method */ - if (md == NULL) - md = EVP_get_digestbynid(md_nid); + md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq); if (md == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST); goto err; } - (void)ERR_pop_to_mark(); } /* Try extended keygen with libctx/propq first, fall back to legacy keygen */ @@ -160,8 +146,8 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ret = keygen(ctx, pass, passlen, param, cipher, md, en_de); err: - EVP_CIPHER_free(cipher_fetch); - EVP_MD_free(md_fetch); + EVP_CIPHER_free(cipher); + EVP_MD_free(md); return ret; } diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 1162810cd51..c51798038fb 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -217,8 +217,6 @@ reinitialize: */ evp_md_ctx_clear_digest(ctx, 1, 0); - /* legacy code support for engines */ - ERR_set_mark(); /* * This might be requested by a later call to EVP_MD_CTX_get0_md(). * In that case the "explicit fetch" rules apply for that @@ -229,16 +227,11 @@ reinitialize: ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); if (ctx->fetched_digest != NULL) { ctx->digest = ctx->reqdigest = ctx->fetched_digest; - } else { - /* legacy engine support : remove the mark when this is deleted */ - ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); if (ctx->digest == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } } - (void)ERR_pop_to_mark(); } } diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index c944496339b..181ab84ed6f 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -117,8 +117,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, { PBE2PARAM *pbe2 = NULL; char ciph_name[80]; - const EVP_CIPHER *cipher = NULL; - EVP_CIPHER *cipher_fetch = NULL; + EVP_CIPHER *cipher = NULL; EVP_PBE_KEYGEN_EX *kdf; int rv = 0; @@ -144,11 +143,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } - (void)ERR_set_mark(); - cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq); - /* Fallback to legacy method */ - if (cipher == NULL) - cipher = EVP_get_cipherbyname(ciph_name); + cipher = EVP_CIPHER_fetch(libctx, ciph_name, propq); if (cipher == NULL) { (void)ERR_clear_last_mark(); @@ -166,7 +161,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de, libctx, propq); err: - EVP_CIPHER_free(cipher_fetch); + EVP_CIPHER_free(cipher); PBE2PARAM_free(pbe2); return rv; } @@ -189,8 +184,7 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, unsigned int keylen = 0; int prf_nid, hmac_md_nid; PBKDF2PARAM *kdf = NULL; - const EVP_MD *prfmd = NULL; - EVP_MD *prfmd_fetch = NULL; + EVP_MD *prfmd = NULL; if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); @@ -232,16 +226,11 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, goto err; } - (void)ERR_set_mark(); - prfmd = prfmd_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq); - if (prfmd == NULL) - prfmd = EVP_get_digestbynid(hmac_md_nid); + prfmd = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq); if (prfmd == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF); goto err; } - (void)ERR_pop_to_mark(); if (kdf->salt->type != V_ASN1_OCTET_STRING) { ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE); @@ -259,7 +248,7 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, err: OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); - EVP_MD_free(prfmd_fetch); + EVP_MD_free(prfmd); return rv; } diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index e1faf29e080..f94e14c0f30 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -314,17 +314,11 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, OBJ_obj2txt(name, sizeof(name), cid->hashAlgorithm.algorithm, 0); - (void)ERR_set_mark(); dgst = EVP_MD_fetch(NULL, name, NULL); - if (dgst == NULL) - dgst = (EVP_MD *)EVP_get_digestbyname(name); - if (dgst == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST); goto end; } - (void)ERR_pop_to_mark(); mdlen = EVP_MD_get_size(dgst); if (mdlen <= 0) { diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 4750974d604..f5625b49a1d 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -98,8 +98,7 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, { PKCS7 *p7; X509_ALGOR *pbe; - const EVP_CIPHER *pbe_ciph = NULL; - EVP_CIPHER *pbe_ciph_fetch = NULL; + EVP_CIPHER *pbe_ciph = NULL; if ((p7 = PKCS7_new_ex(ctx, propq)) == NULL) { ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB); @@ -110,11 +109,7 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, goto err; } - ERR_set_mark(); - pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq); - if (pbe_ciph == NULL) - pbe_ciph = EVP_get_cipherbynid(pbe_nid); - ERR_pop_to_mark(); + pbe_ciph = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq); if (pbe_ciph != NULL) { pbe = PKCS5_pbe2_set_iv_ex(pbe_ciph, iter, salt, saltlen, NULL, -1, ctx); @@ -135,12 +130,12 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, goto err; } - EVP_CIPHER_free(pbe_ciph_fetch); + EVP_CIPHER_free(pbe_ciph); return p7; err: PKCS7_free(p7); - EVP_CIPHER_free(pbe_ciph_fetch); + EVP_CIPHER_free(pbe_ciph); return NULL; } diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 8bb4e30529d..63a3236e245 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -181,8 +181,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, const char *propq)) { int ret = 0; - const EVP_MD *md; - EVP_MD *md_fetch; + EVP_MD *md; HMAC_CTX *hmac = NULL; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; @@ -221,17 +220,12 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0) return 0; } - (void)ERR_set_mark(); - md = md_fetch = EVP_MD_fetch(libctx, md_name, propq); - if (md == NULL) - md = EVP_get_digestbynid(OBJ_obj2nid(macoid)); + md = EVP_MD_fetch(libctx, md_name, propq); if (md == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } - (void)ERR_pop_to_mark(); keylen = EVP_MD_get_size(md); md_nid = EVP_MD_get_type(md); @@ -254,7 +248,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, goto err; } } else { - EVP_MD *hmac_md = (EVP_MD *)md; + EVP_MD *hmac_md = md; int fetched = 0; if (pbmac1_kdf_nid != NID_undef) { @@ -300,7 +294,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, err: OPENSSL_cleanse(key, sizeof(key)); HMAC_CTX_free(hmac); - EVP_MD_free(md_fetch); + EVP_MD_free(md); return ret; } diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index 4848daf2e9b..c9748bc5cd6 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -252,14 +252,11 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, const char *propq) { PKCS12_SAFEBAG *bag = NULL; - const EVP_CIPHER *pbe_ciph = NULL; - EVP_CIPHER *pbe_ciph_fetch = NULL; + EVP_CIPHER *pbe_ciph = NULL; X509_SIG *p8; ERR_set_mark(); - pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq); - if (pbe_ciph == NULL) - pbe_ciph = EVP_get_cipherbynid(pbe_nid); + pbe_ciph = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq); ERR_pop_to_mark(); if (pbe_ciph != NULL) @@ -275,7 +272,7 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, X509_SIG_free(p8); err: - EVP_CIPHER_free(pbe_ciph_fetch); + EVP_CIPHER_free(pbe_ciph); return bag; } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 7798846b16e..20928cbad0a 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -96,8 +96,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, { BIO *btmp; char name[OSSL_MAX_NAME_SIZE]; - EVP_MD *fetched = NULL; - const EVP_MD *md; + EVP_MD *md = NULL; if ((btmp = BIO_new(BIO_f_md())) == NULL) { ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); @@ -106,27 +105,20 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, OBJ_obj2txt(name, sizeof(name), alg->algorithm, 0); - (void)ERR_set_mark(); - fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name, + md = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name, ossl_pkcs7_ctx_get0_propq(ctx)); - if (fetched != NULL) - md = fetched; - else - md = EVP_get_digestbyname(name); if (md == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE); goto err; } - (void)ERR_pop_to_mark(); if (BIO_set_md(btmp, md) <= 0) { ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); - EVP_MD_free(fetched); + EVP_MD_free(md); goto err; } - EVP_MD_free(fetched); + EVP_MD_free(md); if (*pbio == NULL) *pbio = btmp; else if (!BIO_push(*pbio, btmp)) { @@ -440,10 +432,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; X509_ALGOR *xa; ASN1_OCTET_STRING *data_body = NULL; - EVP_MD *evp_md = NULL; - const EVP_MD *md; - EVP_CIPHER *evp_cipher = NULL; - const EVP_CIPHER *cipher = NULL; + EVP_MD *md = NULL; + EVP_CIPHER *cipher = NULL; EVP_CIPHER_CTX *evp_ctx = NULL; X509_ALGOR *enc_alg = NULL; STACK_OF(X509_ALGOR) *md_sk = NULL; @@ -497,19 +487,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0); - (void)ERR_set_mark(); - evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); - if (evp_cipher != NULL) - cipher = evp_cipher; - else - cipher = EVP_get_cipherbyname(name); + cipher = EVP_CIPHER_fetch(libctx, name, propq); if (cipher == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - (void)ERR_pop_to_mark(); break; case NID_pkcs7_enveloped: rsk = p7->d.enveloped->recipientinfo; @@ -518,19 +501,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) data_body = p7->d.enveloped->enc_data->enc_data; OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0); - (void)ERR_set_mark(); - evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); - if (evp_cipher != NULL) - cipher = evp_cipher; - else - cipher = EVP_get_cipherbyname(name); + cipher = EVP_CIPHER_fetch(libctx, name, propq); if (cipher == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - (void)ERR_pop_to_mark(); break; default: ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); @@ -554,26 +530,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) OBJ_obj2txt(name, sizeof(name), xa->algorithm, 0); - (void)ERR_set_mark(); - evp_md = EVP_MD_fetch(libctx, name, propq); - if (evp_md != NULL) - md = evp_md; - else - md = EVP_get_digestbyname(name); + md = EVP_MD_fetch(libctx, name, propq); if (md == NULL) { - (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE); goto err; } - (void)ERR_pop_to_mark(); if (BIO_set_md(btmp, md) <= 0) { - EVP_MD_free(evp_md); + EVP_MD_free(md); ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); goto err; } - EVP_MD_free(evp_md); + EVP_MD_free(md); if (out == NULL) out = btmp; else @@ -703,11 +672,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } BIO_push(out, bio); bio = NULL; - EVP_CIPHER_free(evp_cipher); + EVP_CIPHER_free(cipher); return out; err: - EVP_CIPHER_free(evp_cipher); + EVP_CIPHER_free(cipher); OPENSSL_clear_free(ek, eklen); OPENSSL_clear_free(tkey, tkeylen); BIO_free_all(out); @@ -1065,8 +1034,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, { ASN1_OCTET_STRING *os; EVP_MD_CTX *mdc_tmp, *mdc; - const EVP_MD *md; - EVP_MD *fetched_md = NULL; + EVP_MD *md = NULL; int ret = 0, i; int md_type; STACK_OF(X509_ATTRIBUTE) *sk; @@ -1139,19 +1107,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, goto err; } - (void)ERR_set_mark(); - fetched_md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq); - - if (fetched_md != NULL) - md = fetched_md; - else - md = EVP_get_digestbynid(md_type); + md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq); if (md == NULL || !EVP_VerifyInit_ex(mdc_tmp, md, NULL)) { - (void)ERR_clear_last_mark(); goto err; } - (void)ERR_pop_to_mark(); alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); @@ -1181,7 +1141,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, err: OPENSSL_free(abuf); EVP_MD_CTX_free(mdc_tmp); - EVP_MD_free(fetched_md); + EVP_MD_free(md); return ret; } diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index e03c9553db8..6ad8786e621 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -434,17 +434,10 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, OBJ_obj2txt(name, sizeof(name), md_alg_resp->algorithm, 0); - (void)ERR_set_mark(); md = EVP_MD_fetch(NULL, name, NULL); - - if (md == NULL) - md = (EVP_MD *)EVP_get_digestbyname(name); - if (md == NULL) { - (void)ERR_clear_last_mark(); goto err; } - (void)ERR_pop_to_mark(); length = EVP_MD_get_size(md); if (length <= 0) diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 5c609f60485..cf6e303f305 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -584,8 +584,7 @@ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, } } else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid), cert->propq)) - == NULL - && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) { + == NULL) { ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); return NULL; }