Use EVP_MD_CTX_get0_md() instead of deprecated EVP_MD_CTX_md()

OpenSSL 3.0.0 deprecates the EVP_MD_CTX_md() function.

Use EVP_MD_CTX_md() instead of EVP_MD_CTX_get0_md() and create a shim
to use the old variant for the older OpenSSL versions which don't have
the newer EVP_MD_CTX_get0_md().

diff --git a/configure.ac b/configure.ac
index 0542042098491bc1691f58c2391005404e36a23c..0a09220195ed2f52cd490cd01ffc8e3d67f375c9 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -627,7 +627,7 @@ AC_COMPILE_IFELSE(
 AC_CHECK_FUNCS([OPENSSL_init_ssl OPENSSL_init_crypto])
 AC_CHECK_FUNCS([CRYPTO_zalloc])
 AC_CHECK_FUNCS([EVP_CIPHER_CTX_new EVP_CIPHER_CTX_free])
-AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset])
+AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset EVP_MD_CTX_get0_md])
 AC_CHECK_FUNCS([HMAC_CTX_new HMAC_CTX_free HMAC_CTX_reset HMAC_CTX_get_md])
 AC_CHECK_FUNCS([SSL_read_ex SSL_peek_ex SSL_write_ex])
 AC_CHECK_FUNCS([BIO_read_ex BIO_write_ex])

diff --git a/lib/isc/md.c b/lib/isc/md.c
index 10e4b04bccf0cd6237b0ddb7db93511b545dd46e..c5537e20ab9aef58fc35230d9dda8a789a2d3c23 100644 (file)
--- a/lib/isc/md.c
+++ b/lib/isc/md.c
@@ -93,7 +93,7 @@ const isc_md_type_t *
 isc_md_get_md_type(isc_md_t *md) {
        REQUIRE(md != NULL);
 
-       return (EVP_MD_CTX_md(md));
+       return (EVP_MD_CTX_get0_md(md));
 }
 
 size_t

diff --git a/lib/isc/openssl_shim.h b/lib/isc/openssl_shim.h
index bd5a137e34b2061546912be15e090b584c486a21..87fcf29bc81b7a70d9d79e0facd7f6097a8bf9b4 100644 (file)
--- a/lib/isc/openssl_shim.h
+++ b/lib/isc/openssl_shim.h
@@ -52,6 +52,10 @@ int
 EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
 #endif /* if !HAVE_EVP_MD_CTX_RESET */
 
+#if !HAVE_EVP_MD_CTX_GET0_MD
+#define EVP_MD_CTX_get0_md EVP_MD_CTX_md
+#endif /* if !HAVE_EVP_MD_CTX_GET0_MD */
+
 #if !HAVE_HMAC_CTX_NEW
 HMAC_CTX *
 HMAC_CTX_new(void);