Skip to content

[pull] master from openssl:master #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 3 commits into from
Dec 17, 2025
Merged

[pull] master from openssl:master #298

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
992368e
Remove support for custom MD methods
mattcaswell Dec 10, 2025
afe83c9
Remove mentions of EVP_MD_meth* from the documentation
mattcaswell Dec 10, 2025
bc2d17b
Update ossl-removed-api to mention the EVP_MD_meth* functions
mattcaswell Dec 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
122 changes: 10 additions & 112 deletions crypto/evp/digest.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,27 +178,8 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
type = ctx->digest;
}

/*
* If there is EVP_MD_CTX_FLAG_NO_INIT set then we
* should use legacy handling for now.
*/
if ((ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
|| (type != NULL && type->origin == EVP_ORIG_METH)
|| (type == NULL && ctx->digest != NULL
&& ctx->digest->origin == EVP_ORIG_METH)) {
/* If we were using provided hash before, cleanup algctx */
if (!evp_md_ctx_free_algctx(ctx))
return 0;
if (ctx->digest == ctx->fetched_digest)
ctx->digest = NULL;
EVP_MD_free(ctx->fetched_digest);
ctx->fetched_digest = NULL;
goto legacy;
}

cleanup_old_md_data(ctx, 1);

/* Start of non-legacy code below */
if (ossl_likely(ctx->digest == type)) {
if (ossl_unlikely(!ossl_assert(type->prov != NULL))) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
Expand Down Expand Up @@ -254,35 +235,6 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
}

return ctx->digest->dinit(ctx->algctx, params);

/* Code below to be removed when legacy support is dropped. */
legacy:

if (ctx->digest != type) {
cleanup_old_md_data(ctx, 1);

ctx->digest = type;
if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
ctx->update = type->update;
ctx->md_data = OPENSSL_zalloc(type->ctx_size);
if (ctx->md_data == NULL)
return 0;
}
}
#ifndef FIPS_MODULE
if (ctx->pctx != NULL
&& (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
|| ctx->pctx->op.sig.signature == NULL)) {
int r;
r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
if (r <= 0 && (r != -2))
return 0;
}
#endif
if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
return 1;
return ctx->digest->init(ctx);
}

int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
Expand Down Expand Up @@ -335,20 +287,16 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
return 0;
}

if (ctx->digest == NULL
|| ctx->digest->prov == NULL
|| ossl_unlikely((ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0))
goto legacy;
if (ctx->digest == NULL || ctx->digest->prov == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
return 0;
}

if (ossl_unlikely(ctx->digest->dupdate == NULL)) {
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
return 0;
}
return ctx->digest->dupdate(ctx->algctx, data, count);

/* Code below to be removed when legacy support is dropped. */
legacy:
return ctx->update != NULL ? ctx->update(ctx, data, count) : 0;
}

/* The caller can assume that this removes any secret data from the context */
Expand Down Expand Up @@ -565,7 +513,6 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
{
int digest_change = 0;
unsigned char *tmp_buf;

if (in == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
Expand All @@ -581,11 +528,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
goto clone_pkey;
}

if (in->digest->prov == NULL
|| (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0)
goto legacy;

if (in->digest->dupctx == NULL) {
if (in->digest->prov == NULL || in->digest->dupctx == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
return 0;
}
Expand Down Expand Up @@ -638,55 +581,6 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
#endif

return 1;

/* Code below to be removed when legacy support is dropped. */
legacy:

if (out->digest == in->digest) {
tmp_buf = out->md_data;
EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
} else
tmp_buf = NULL;
EVP_MD_CTX_reset(out);
memcpy(out, in, sizeof(*out));

/* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);

/* Null these variables, since they are getting fixed up
* properly below. Anything else may cause a memleak and/or
* double free if any of the memory allocations below fail
*/
out->md_data = NULL;
out->pctx = NULL;

if (in->md_data && out->digest->ctx_size) {
if (tmp_buf)
out->md_data = tmp_buf;
else {
out->md_data = OPENSSL_malloc(out->digest->ctx_size);
if (out->md_data == NULL)
return 0;
}
memcpy(out->md_data, in->md_data, out->digest->ctx_size);
}

out->update = in->update;

#ifndef FIPS_MODULE
if (in->pctx) {
out->pctx = EVP_PKEY_CTX_dup(in->pctx);
if (!out->pctx) {
EVP_MD_CTX_reset(out);
return 0;
}
}
#endif

if (out->digest->copy)
return out->digest->copy(out, in);

return 1;
}

int EVP_Digest(const void *data, size_t count,
Expand Down Expand Up @@ -1162,7 +1056,11 @@ void EVP_MD_free(EVP_MD *md)
CRYPTO_DOWN_REF(&md->refcnt, &i);
if (i > 0)
return;
evp_md_free_int(md);

OPENSSL_free(md->type_name);
ossl_provider_free(md->prov);
CRYPTO_FREE_REF(&md->refcnt);
OPENSSL_free(md);
}

void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
Expand Down
176 changes: 0 additions & 176 deletions crypto/evp/evp_lib.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -826,182 +826,6 @@ unsigned long EVP_MD_get_flags(const EVP_MD *md)
return md->flags;
}

EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
EVP_MD *md = evp_md_new();

if (md != NULL) {
md->type = md_type;
md->pkey_type = pkey_type;
md->origin = EVP_ORIG_METH;
}
return md;
}

EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
{
EVP_MD *to = NULL;

/*
* Non-legacy EVP_MDs can't be duplicated like this.
* Use EVP_MD_up_ref() instead.
*/
if (md->prov != NULL)
return NULL;

if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) {
CRYPTO_REF_COUNT refcnt = to->refcnt;

memcpy(to, md, sizeof(*to));
to->refcnt = refcnt;
to->origin = EVP_ORIG_METH;
}
return to;
}

void evp_md_free_int(EVP_MD *md)
{
OPENSSL_free(md->type_name);
ossl_provider_free(md->prov);
CRYPTO_FREE_REF(&md->refcnt);
OPENSSL_free(md);
}

void EVP_MD_meth_free(EVP_MD *md)
{
if (md == NULL || md->origin != EVP_ORIG_METH)
return;

evp_md_free_int(md);
}

int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
{
if (md->block_size != 0)
return 0;

md->block_size = blocksize;
return 1;
}
int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
{
if (md->md_size != 0)
return 0;

md->md_size = resultsize;
return 1;
}
int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
{
if (md->ctx_size != 0)
return 0;

md->ctx_size = datasize;
return 1;
}
int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
{
if (md->flags != 0)
return 0;

md->flags = flags;
return 1;
}
int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
{
if (md->init != NULL)
return 0;

md->init = init;
return 1;
}
int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count))
{
if (md->update != NULL)
return 0;

md->update = update;
return 1;
}
int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, unsigned char *md))
{
if (md->final != NULL)
return 0;

md->final = final;
return 1;
}
int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from))
{
if (md->copy != NULL)
return 0;

md->copy = copy;
return 1;
}
int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx))
{
if (md->cleanup != NULL)
return 0;

md->cleanup = cleanup;
return 1;
}
int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2))
{
if (md->md_ctrl != NULL)
return 0;

md->md_ctrl = ctrl;
return 1;
}

int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)
{
return md->block_size;
}
int EVP_MD_meth_get_result_size(const EVP_MD *md)
{
return md->md_size;
}
int EVP_MD_meth_get_app_datasize(const EVP_MD *md)
{
return md->ctx_size;
}
unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)
{
return md->flags;
}
int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)
{
return md->init;
}
int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
const void *data,
size_t count)
{
return md->update;
}
int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
unsigned char *md)
{
return md->final;
}
int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
const EVP_MD_CTX *from)
{
return md->copy;
}
int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx)
{
return md->cleanup;
}
int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
int p1, void *p2)
{
return md->md_ctrl;
}

#ifndef OPENSSL_NO_DEPRECATED_3_0
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
{
Expand Down
1 change: 0 additions & 1 deletion crypto/evp/evp_local.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,6 @@ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz);

void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx);
void evp_cipher_free_int(EVP_CIPHER *md);
void evp_md_free_int(EVP_MD *md);

/* OSSL_PROVIDER * is only used to get the library context */
int evp_is_a(OSSL_PROVIDER *prov, int number,
Expand Down
6 changes: 0 additions & 6 deletions doc/build.info
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1183,10 +1183,6 @@ DEPEND[html/man3/EVP_MAC.html]=man3/EVP_MAC.pod
GENERATE[html/man3/EVP_MAC.html]=man3/EVP_MAC.pod
DEPEND[man/man3/EVP_MAC.3]=man3/EVP_MAC.pod
GENERATE[man/man3/EVP_MAC.3]=man3/EVP_MAC.pod
DEPEND[html/man3/EVP_MD_meth_new.html]=man3/EVP_MD_meth_new.pod
GENERATE[html/man3/EVP_MD_meth_new.html]=man3/EVP_MD_meth_new.pod
DEPEND[man/man3/EVP_MD_meth_new.3]=man3/EVP_MD_meth_new.pod
GENERATE[man/man3/EVP_MD_meth_new.3]=man3/EVP_MD_meth_new.pod
DEPEND[html/man3/EVP_OpenInit.html]=man3/EVP_OpenInit.pod
GENERATE[html/man3/EVP_OpenInit.html]=man3/EVP_OpenInit.pod
DEPEND[man/man3/EVP_OpenInit.3]=man3/EVP_OpenInit.pod
Expand Down Expand Up @@ -3353,7 +3349,6 @@ html/man3/EVP_KEM_free.html \
html/man3/EVP_KEYEXCH_free.html \
html/man3/EVP_KEYMGMT.html \
html/man3/EVP_MAC.html \
html/man3/EVP_MD_meth_new.html \
html/man3/EVP_OpenInit.html \
html/man3/EVP_PBE_CipherInit.html \
html/man3/EVP_PKEY2PKCS8.html \
Expand Down Expand Up @@ -4028,7 +4023,6 @@ man/man3/EVP_KEM_free.3 \
man/man3/EVP_KEYEXCH_free.3 \
man/man3/EVP_KEYMGMT.3 \
man/man3/EVP_MAC.3 \
man/man3/EVP_MD_meth_new.3 \
man/man3/EVP_OpenInit.3 \
man/man3/EVP_PBE_CipherInit.3 \
man/man3/EVP_PKEY2PKCS8.3 \
Expand Down
Loading
Loading