From: Norbert Pocs Date: Fri, 21 Nov 2025 14:24:21 +0000 (+0100) Subject: Remove ssl_evp_md_fetch() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb3e798de729f298618914a8c0b01e53fc8c3e10;p=thirdparty%2Fopenssl.git Remove ssl_evp_md_fetch() Signed-off-by: Norbert Pocs Reviewed-by: Paul Yang Reviewed-by: Eugene Syromiatnikov Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/29183) --- diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 159b9e60fea..1b194bf0956 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -31,8 +31,8 @@ static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num c = os_toascii[c]; /* 'A' in ASCII */ #endif k = 0; - md5 = ssl_evp_md_fetch(sctx->libctx, NID_md5, sctx->propq); - sha1 = ssl_evp_md_fetch(sctx->libctx, NID_sha1, sctx->propq); + md5 = EVP_MD_fetch(sctx->libctx, "MD5", sctx->propq); + sha1 = EVP_MD_fetch(sctx->libctx, "SHA1", sctx->propq); m5 = EVP_MD_CTX_new(); s1 = EVP_MD_CTX_new(); if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 0125c73d1c6..cdfb69eb16a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -319,8 +319,15 @@ int ssl_load_ciphers(SSL_CTX *ctx) } ctx->disabled_mac_mask = 0; for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) { - const EVP_MD *md - = ssl_evp_md_fetch(ctx->libctx, t->nid, ctx->propq); + /* + * We ignore any errors from the fetch below. It is expected to fail + * if these algorithms are not available. + */ + ERR_set_mark(); + const EVP_MD *md = EVP_MD_fetch(ctx->libctx, + OBJ_nid2sn(t->nid), + ctx->propq); + ERR_pop_to_mark(); ctx->ssl_digest_methods[i] = md; if (md == NULL) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 589a210a147..488b68f8287 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -13,6 +13,7 @@ #include "internal/e_winsock.h" #include "ssl_local.h" +#include #include #include #include @@ -4147,8 +4148,10 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, * If these aren't available from the provider we'll get NULL returns. * That's fine but will cause errors later if SSLv3 is negotiated */ - ret->md5 = ssl_evp_md_fetch(libctx, NID_md5, propq); - ret->sha1 = ssl_evp_md_fetch(libctx, NID_sha1, propq); + ERR_set_mark(); + ret->md5 = EVP_MD_fetch(libctx, "MD5", propq); + ret->sha1 = EVP_MD_fetch(libctx, "SHA1", propq); + ERR_pop_to_mark(); if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); @@ -7522,18 +7525,6 @@ void ssl_evp_cipher_free(const EVP_CIPHER *cipher) } } -const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties) -{ - const EVP_MD *md; - - ERR_set_mark(); - md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties); - ERR_pop_to_mark(); - return md; -} - int ssl_evp_md_up_ref(const EVP_MD *md) { /* Don't up-ref an implicit EVP_MD */ diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index d6d8484dc19..77e21f2a9d4 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -3014,9 +3014,6 @@ const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, const char *properties); int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher); void ssl_evp_cipher_free(const EVP_CIPHER *cipher); -const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, - int nid, - const char *properties); int ssl_evp_md_up_ref(const EVP_MD *md); void ssl_evp_md_free(const EVP_MD *md); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 3891fd5b087..9e9e6b0097b 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3454,8 +3454,7 @@ int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf) EVP_MD_CTX *hash = NULL; unsigned int md_len; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - const EVP_MD *md = ssl_evp_md_fetch(sctx->libctx, NID_id_GostR3411_2012_256, - sctx->propq); + const EVP_MD *md = EVP_MD_fetch(sctx->libctx, "md_gost12_256", sctx->propq); if (md == NULL) return 0;