From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 26 Oct 2025 07:33:11 +0000 (+0900)
Subject: pe-binary: drop pe_hash() and friends when OpenSSL support is disabled
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=09ae1c8ade40fec48d293ca406d5f727453e7a2a;p=thirdparty%2Fsystemd.git

pe-binary: drop pe_hash() and friends when OpenSSL support is disabled

These three functions are currently only used by sbsign, which requires
OpenSSL. Moreover, pe_hash() and uki_hash() anyway do not work if
OpenSSL is disabled. Let's only declare them when OpenSSL support is
enabled.
---

diff --git a/src/shared/pe-binary.c b/src/shared/pe-binary.c
index 1dfda07142c..97e5ba51c78 100644
--- a/src/shared/pe-binary.c
+++ b/src/shared/pe-binary.c
@@ -336,13 +336,12 @@ static int hash_file(int fd, EVP_MD_CTX *md_ctx, uint64_t offset, uint64_t size)
 static int section_offset_cmp(const IMAGE_SECTION_HEADER *a, const IMAGE_SECTION_HEADER *b) {
         return CMP(ASSERT_PTR(a)->PointerToRawData, ASSERT_PTR(b)->PointerToRawData);
 }
-#endif
 
 int pe_hash(int fd,
             const EVP_MD *md,
             void **ret_hash,
             size_t *ret_hash_size) {
-#if HAVE_OPENSSL
+
         _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *mdctx = NULL;
         _cleanup_free_ IMAGE_SECTION_HEADER *sections = NULL;
         _cleanup_free_ IMAGE_DOS_HEADER *dos_header = NULL;
@@ -449,9 +448,6 @@ int pe_hash(int fd,
         *ret_hash_size = hash_size;
 
         return 0;
-#else
-        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "OpenSSL is not supported, cannot calculate PE hash.");
-#endif
 }
 
 int pe_checksum(int fd, uint32_t *ret) {
@@ -503,7 +499,6 @@ int pe_checksum(int fd, uint32_t *ret) {
         return 0;
 }
 
-#if HAVE_OPENSSL
 typedef void* SectionHashArray[_UNIFIED_SECTION_MAX];
 
 static void section_hash_array_done(SectionHashArray *array) {
@@ -512,13 +507,12 @@ static void section_hash_array_done(SectionHashArray *array) {
         for (size_t i = 0; i < _UNIFIED_SECTION_MAX; i++)
                 free((*array)[i]);
 }
-#endif
 
 int uki_hash(int fd,
              const EVP_MD *md,
              void* ret_hashes[static _UNIFIED_SECTION_MAX],
              size_t *ret_hash_size) {
-#if HAVE_OPENSSL
+
         _cleanup_(section_hash_array_done) SectionHashArray hashes = {};
         _cleanup_free_ IMAGE_SECTION_HEADER *sections = NULL;
         _cleanup_free_ IMAGE_DOS_HEADER *dos_header = NULL;
@@ -605,7 +599,5 @@ int uki_hash(int fd,
         *ret_hash_size = (unsigned) hsz;
 
         return 0;
-#else
-        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "OpenSSL is not supported, cannot calculate UKI hash.");
-#endif
 }
+#endif
diff --git a/src/shared/pe-binary.h b/src/shared/pe-binary.h
index 2579dd9ae8b..0f748a87d7d 100644
--- a/src/shared/pe-binary.h
+++ b/src/shared/pe-binary.h
@@ -151,8 +151,11 @@ bool pe_is_addon(const PeHeader *pe_header, const IMAGE_SECTION_HEADER *sections
 bool pe_is_native(const PeHeader *pe_header);
 int pe_is_native_fd(int fd);
 
+#if HAVE_OPENSSL
 int pe_hash(int fd, const EVP_MD *md, void **ret_hash, size_t *ret_hash_size);
 
+/* This does not depend on OpenSSL, but is currently only used by sbsign which requires OpenSSL. */
 int pe_checksum(int fd, uint32_t *ret);
 
 int uki_hash(int fd, const EVP_MD *md, void *ret_hashes[static _UNIFIED_SECTION_MAX], size_t *ret_hash_size);
+#endif