From: Aydın Mercan <aydin@isc.org>
Date: Tue, 13 Jan 2026 10:28:54 +0000 (+0300)
Subject: expose isc__crypto_md in isc/ossl_wrap.h
X-Git-Tag: v9.21.18~2^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2f3a23a3e4b9b695485755c17f1060368d8e6f3;p=thirdparty%2Fbind9.git

expose isc__crypto_md in isc/ossl_wrap.h

This is a bit of a namespace convention violation but it fits the spirit of
this header since it is exposing OpenSSL-isms to others.

Further work is needed to make sure the exposed EVP_MD isn't needed
anymore.
---

diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 7b89b3f25ad..2b7518c5760 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -23,6 +23,7 @@
 #include <isc/crypto.h>
 #include <isc/md.h>
 #include <isc/mem.h>
+#include <isc/ossl_wrap.h>
 #include <isc/result.h>
 #include <isc/safe.h>
 #include <isc/string.h>
@@ -35,9 +36,6 @@
 #include "dst_parse.h"
 #include "openssl_shim.h"
 
-/* TODO(aydin): remove this crap */
-extern EVP_MD *isc__crypto_md[];
-
 #ifndef NID_X9_62_prime256v1
 #error "P-256 group is not known (NID_X9_62_prime256v1)"
 #endif /* ifndef NID_X9_62_prime256v1 */
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index ec24bf202da..6b322ff3b39 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -35,9 +35,6 @@
 
 #define OPENSSLRSA_MAX_MODULUS_BITS 4096
 
-/* TODO(aydin): remove this crap */
-extern EVP_MD *isc__crypto_md[];
-
 /* length byte + 1.2.840.113549.1.1.11 BER encoded RFC 4055 */
 static unsigned char oid_rsasha256[] = { 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48,
 					 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b };
diff --git a/lib/isc/crypto/crypto_p.h b/lib/isc/crypto/crypto_p.h
deleted file mode 100644
index 899d9a2b405..00000000000
--- a/lib/isc/crypto/crypto_p.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#pragma once
-
-#include <openssl/evp.h>
-
-extern EVP_MD *isc__crypto_md[];
diff --git a/lib/isc/crypto/ossl1_1.c b/lib/isc/crypto/ossl1_1.c
index 6ecbac47bcb..f6720570950 100644
--- a/lib/isc/crypto/ossl1_1.c
+++ b/lib/isc/crypto/ossl1_1.c
@@ -30,8 +30,6 @@
 #include <isc/safe.h>
 #include <isc/util.h>
 
-#include "crypto_p.h"
-
 #define HMAC_KEY_MAGIC ISC_MAGIC('H', 'M', 'A', 'C')
 
 struct isc_hmac_key {
diff --git a/lib/isc/crypto/ossl3.c b/lib/isc/crypto/ossl3.c
index dc3388a35a4..1c2f3cab9da 100644
--- a/lib/isc/crypto/ossl3.c
+++ b/lib/isc/crypto/ossl3.c
@@ -34,8 +34,6 @@
 #include <isc/safe.h>
 #include <isc/util.h>
 
-#include "crypto_p.h"
-
 struct isc_hmac_key {
 	uint32_t magic;
 	uint32_t len;
diff --git a/lib/isc/crypto/ossl_common.c b/lib/isc/crypto/ossl_common.c
index 41bd2841027..8b5d56925b4 100644
--- a/lib/isc/crypto/ossl_common.c
+++ b/lib/isc/crypto/ossl_common.c
@@ -16,8 +16,7 @@
 
 #include <isc/crypto.h>
 #include <isc/md.h>
-
-#include "crypto_p.h"
+#include <isc/ossl_wrap.h>
 
 EVP_MD *isc__crypto_md[] = {
 	[ISC_MD_UNKNOWN] = NULL, [ISC_MD_MD5] = NULL,	 [ISC_MD_SHA1] = NULL,
diff --git a/lib/isc/include/isc/ossl_wrap.h b/lib/isc/include/isc/ossl_wrap.h
index 96f282a13b0..4831fab405c 100644
--- a/lib/isc/include/isc/ossl_wrap.h
+++ b/lib/isc/include/isc/ossl_wrap.h
@@ -278,3 +278,10 @@ isc__ossl_wrap_logged_toresult(isc_logcategory_t category,
 			       isc_logmodule_t module, const char *funcname,
 			       isc_result_t fallback, const char *file,
 			       int line);
+
+/*
+ * This is a bit of a namespace convention violation but it fits the spirit of
+ * this header since it is exposing OpenSSL-isms to others.
+ */
+
+extern EVP_MD *isc__crypto_md[];
diff --git a/lib/isc/iterated_hash.c b/lib/isc/iterated_hash.c
index fae09809073..7d8c68a3968 100644
--- a/lib/isc/iterated_hash.c
+++ b/lib/isc/iterated_hash.c
@@ -19,11 +19,10 @@
 
 #include <isc/iterated_hash.h>
 #include <isc/md.h>
+#include <isc/ossl_wrap.h>
 #include <isc/thread.h>
 #include <isc/util.h>
 
-#include "crypto/crypto_p.h"
-
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
 
 #include <openssl/sha.h>
diff --git a/lib/isc/md.c b/lib/isc/md.c
index 87a167984c5..0c6688f48ea 100644
--- a/lib/isc/md.c
+++ b/lib/isc/md.c
@@ -18,9 +18,9 @@
 #include <openssl/opensslv.h>
 
 #include <isc/md.h>
+#include <isc/ossl_wrap.h>
 #include <isc/util.h>
 
-#include "crypto/crypto_p.h"
 #include "openssl_shim.h"
 
 isc_md_t *
diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index c4a3fd5ee9b..68c9b495d55 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -42,6 +42,7 @@
 #include <isc/mem.h>
 #include <isc/mutex.h>
 #include <isc/once.h>
+#include <isc/ossl_wrap.h>
 #include <isc/random.h>
 #include <isc/refcount.h>
 #include <isc/rwlock.h>
@@ -52,9 +53,6 @@
 
 #include "openssl_shim.h"
 
-/* TODO(aydin): remove this crap */
-extern EVP_MD *isc__crypto_md[];
-
 #define COMMON_SSL_OPTIONS \
 	(SSL_OP_NO_COMPRESSION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)