Commit 2ea6e785f5 for openssl.org
commit 2ea6e785f526f88f913cc6f49372aae9dc54bc63
Author: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Mon Feb 9 20:42:19 2026 +0100
EVP_get_digestbynid/EVP_get_cipherbynid turns into...
a wrapper around EVP_MD_fetch/EVP_CIPHER_fetch when engines are not
supported anymore. Let's remove the fallbacks that don't do anything
useful
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Thu Feb 12 18:22:57 2026
(Merged from https://github.com/openssl/openssl/pull/29969)
diff --git a/apps/dgst.c b/apps/dgst.c
index 395d9f82cb..71520af6c8 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -547,10 +547,8 @@ static void show_digests(const OBJ_NAME *name, void *arg)
/* Filter out message digests that we cannot use */
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
- if (md == NULL) {
- if (EVP_get_digestbyname(name->name) == NULL)
- return;
- }
+ if (md == NULL)
+ return;
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 55f86ee83f..e916386200 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -28,7 +28,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- const EVP_MD *type;
+ EVP_MD *type = NULL;
unsigned char *p, *buf_in = NULL;
int ret = -1, i, inl;
@@ -37,7 +37,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
goto err;
}
i = OBJ_obj2nid(a->algorithm);
- type = EVP_get_digestbyname(OBJ_nid2sn(i));
+ type = EVP_MD_fetch(NULL, OBJ_nid2sn(i), NULL);
if (type == NULL) {
ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
@@ -79,6 +79,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
}
ret = 1;
err:
+ EVP_MD_free(type);
EVP_MD_CTX_free(ctx);
return ret;
}
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 27e8925377..62d649c393 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -97,10 +97,8 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de,
OSSL_LIB_CTX *libctx, const char *propq)
{
- const EVP_CIPHER *cipher = NULL;
- EVP_CIPHER *cipher_fetch = NULL;
- const EVP_MD *md = NULL;
- EVP_MD *md_fetch = NULL;
+ EVP_CIPHER *cipher = NULL;
+ EVP_MD *md = NULL;
int ret = 0, cipher_nid, md_nid;
EVP_PBE_KEYGEN_EX *keygen_ex;
EVP_PBE_KEYGEN *keygen;
@@ -124,33 +122,21 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
passlen = (int)strlen(pass);
if (cipher_nid != -1) {
- (void)ERR_set_mark();
- cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
- /* Fallback to legacy method */
- if (cipher == NULL)
- cipher = EVP_get_cipherbynid(cipher_nid);
+ cipher = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
if (cipher == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER,
OBJ_nid2sn(cipher_nid));
goto err;
}
- (void)ERR_pop_to_mark();
}
if (md_nid != -1) {
- (void)ERR_set_mark();
- md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
- /* Fallback to legacy method */
- if (md == NULL)
- md = EVP_get_digestbynid(md_nid);
+ md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
if (md == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST);
goto err;
}
- (void)ERR_pop_to_mark();
}
/* Try extended keygen with libctx/propq first, fall back to legacy keygen */
@@ -160,8 +146,8 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
ret = keygen(ctx, pass, passlen, param, cipher, md, en_de);
err:
- EVP_CIPHER_free(cipher_fetch);
- EVP_MD_free(md_fetch);
+ EVP_CIPHER_free(cipher);
+ EVP_MD_free(md);
return ret;
}
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 1162810cd5..c51798038f 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -217,8 +217,6 @@ reinitialize:
*/
evp_md_ctx_clear_digest(ctx, 1, 0);
- /* legacy code support for engines */
- ERR_set_mark();
/*
* This might be requested by a later call to EVP_MD_CTX_get0_md().
* In that case the "explicit fetch" rules apply for that
@@ -229,16 +227,11 @@ reinitialize:
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
if (ctx->fetched_digest != NULL) {
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
- } else {
- /* legacy engine support : remove the mark when this is deleted */
- ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
if (ctx->digest == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
}
- (void)ERR_pop_to_mark();
}
}
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index c944496339..181ab84ed6 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -117,8 +117,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
{
PBE2PARAM *pbe2 = NULL;
char ciph_name[80];
- const EVP_CIPHER *cipher = NULL;
- EVP_CIPHER *cipher_fetch = NULL;
+ EVP_CIPHER *cipher = NULL;
EVP_PBE_KEYGEN_EX *kdf;
int rv = 0;
@@ -144,11 +143,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
goto err;
}
- (void)ERR_set_mark();
- cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq);
- /* Fallback to legacy method */
- if (cipher == NULL)
- cipher = EVP_get_cipherbyname(ciph_name);
+ cipher = EVP_CIPHER_fetch(libctx, ciph_name, propq);
if (cipher == NULL) {
(void)ERR_clear_last_mark();
@@ -166,7 +161,7 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
}
rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de, libctx, propq);
err:
- EVP_CIPHER_free(cipher_fetch);
+ EVP_CIPHER_free(cipher);
PBE2PARAM_free(pbe2);
return rv;
}
@@ -189,8 +184,7 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
unsigned int keylen = 0;
int prf_nid, hmac_md_nid;
PBKDF2PARAM *kdf = NULL;
- const EVP_MD *prfmd = NULL;
- EVP_MD *prfmd_fetch = NULL;
+ EVP_MD *prfmd = NULL;
if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
@@ -232,16 +226,11 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
goto err;
}
- (void)ERR_set_mark();
- prfmd = prfmd_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq);
- if (prfmd == NULL)
- prfmd = EVP_get_digestbynid(hmac_md_nid);
+ prfmd = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq);
if (prfmd == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF);
goto err;
}
- (void)ERR_pop_to_mark();
if (kdf->salt->type != V_ASN1_OCTET_STRING) {
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE);
@@ -259,7 +248,7 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
err:
OPENSSL_cleanse(key, keylen);
PBKDF2PARAM_free(kdf);
- EVP_MD_free(prfmd_fetch);
+ EVP_MD_free(prfmd);
return rv;
}
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index e1faf29e08..f94e14c0f3 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -314,17 +314,11 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
OBJ_obj2txt(name, sizeof(name), cid->hashAlgorithm.algorithm, 0);
- (void)ERR_set_mark();
dgst = EVP_MD_fetch(NULL, name, NULL);
- if (dgst == NULL)
- dgst = (EVP_MD *)EVP_get_digestbyname(name);
-
if (dgst == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
goto end;
}
- (void)ERR_pop_to_mark();
mdlen = EVP_MD_get_size(dgst);
if (mdlen <= 0) {
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 4750974d60..f5625b49a1 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -98,8 +98,7 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen,
{
PKCS7 *p7;
X509_ALGOR *pbe;
- const EVP_CIPHER *pbe_ciph = NULL;
- EVP_CIPHER *pbe_ciph_fetch = NULL;
+ EVP_CIPHER *pbe_ciph = NULL;
if ((p7 = PKCS7_new_ex(ctx, propq)) == NULL) {
ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
@@ -110,11 +109,7 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen,
goto err;
}
- ERR_set_mark();
- pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
- if (pbe_ciph == NULL)
- pbe_ciph = EVP_get_cipherbynid(pbe_nid);
- ERR_pop_to_mark();
+ pbe_ciph = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
if (pbe_ciph != NULL) {
pbe = PKCS5_pbe2_set_iv_ex(pbe_ciph, iter, salt, saltlen, NULL, -1, ctx);
@@ -135,12 +130,12 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen,
goto err;
}
- EVP_CIPHER_free(pbe_ciph_fetch);
+ EVP_CIPHER_free(pbe_ciph);
return p7;
err:
PKCS7_free(p7);
- EVP_CIPHER_free(pbe_ciph_fetch);
+ EVP_CIPHER_free(pbe_ciph);
return NULL;
}
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 8bb4e30529..63a3236e24 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -181,8 +181,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
const char *propq))
{
int ret = 0;
- const EVP_MD *md;
- EVP_MD *md_fetch;
+ EVP_MD *md;
HMAC_CTX *hmac = NULL;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
int saltlen, iter;
@@ -221,17 +220,12 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0)
return 0;
}
- (void)ERR_set_mark();
- md = md_fetch = EVP_MD_fetch(libctx, md_name, propq);
- if (md == NULL)
- md = EVP_get_digestbynid(OBJ_obj2nid(macoid));
+ md = EVP_MD_fetch(libctx, md_name, propq);
if (md == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
return 0;
}
- (void)ERR_pop_to_mark();
keylen = EVP_MD_get_size(md);
md_nid = EVP_MD_get_type(md);
@@ -254,7 +248,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
goto err;
}
} else {
- EVP_MD *hmac_md = (EVP_MD *)md;
+ EVP_MD *hmac_md = md;
int fetched = 0;
if (pbmac1_kdf_nid != NID_undef) {
@@ -300,7 +294,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
err:
OPENSSL_cleanse(key, sizeof(key));
HMAC_CTX_free(hmac);
- EVP_MD_free(md_fetch);
+ EVP_MD_free(md);
return ret;
}
diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
index 4848daf2e9..c9748bc5cd 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -252,14 +252,11 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
const char *propq)
{
PKCS12_SAFEBAG *bag = NULL;
- const EVP_CIPHER *pbe_ciph = NULL;
- EVP_CIPHER *pbe_ciph_fetch = NULL;
+ EVP_CIPHER *pbe_ciph = NULL;
X509_SIG *p8;
ERR_set_mark();
- pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
- if (pbe_ciph == NULL)
- pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+ pbe_ciph = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
ERR_pop_to_mark();
if (pbe_ciph != NULL)
@@ -275,7 +272,7 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
X509_SIG_free(p8);
err:
- EVP_CIPHER_free(pbe_ciph_fetch);
+ EVP_CIPHER_free(pbe_ciph);
return bag;
}
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 7798846b16..20928cbad0 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -96,8 +96,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
{
BIO *btmp;
char name[OSSL_MAX_NAME_SIZE];
- EVP_MD *fetched = NULL;
- const EVP_MD *md;
+ EVP_MD *md = NULL;
if ((btmp = BIO_new(BIO_f_md())) == NULL) {
ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
@@ -106,27 +105,20 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
OBJ_obj2txt(name, sizeof(name), alg->algorithm, 0);
- (void)ERR_set_mark();
- fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name,
+ md = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name,
ossl_pkcs7_ctx_get0_propq(ctx));
- if (fetched != NULL)
- md = fetched;
- else
- md = EVP_get_digestbyname(name);
if (md == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE);
goto err;
}
- (void)ERR_pop_to_mark();
if (BIO_set_md(btmp, md) <= 0) {
ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
- EVP_MD_free(fetched);
+ EVP_MD_free(md);
goto err;
}
- EVP_MD_free(fetched);
+ EVP_MD_free(md);
if (*pbio == NULL)
*pbio = btmp;
else if (!BIO_push(*pbio, btmp)) {
@@ -440,10 +432,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
X509_ALGOR *xa;
ASN1_OCTET_STRING *data_body = NULL;
- EVP_MD *evp_md = NULL;
- const EVP_MD *md;
- EVP_CIPHER *evp_cipher = NULL;
- const EVP_CIPHER *cipher = NULL;
+ EVP_MD *md = NULL;
+ EVP_CIPHER *cipher = NULL;
EVP_CIPHER_CTX *evp_ctx = NULL;
X509_ALGOR *enc_alg = NULL;
STACK_OF(X509_ALGOR) *md_sk = NULL;
@@ -497,19 +487,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0);
- (void)ERR_set_mark();
- evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
- if (evp_cipher != NULL)
- cipher = evp_cipher;
- else
- cipher = EVP_get_cipherbyname(name);
+ cipher = EVP_CIPHER_fetch(libctx, name, propq);
if (cipher == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
goto err;
}
- (void)ERR_pop_to_mark();
break;
case NID_pkcs7_enveloped:
rsk = p7->d.enveloped->recipientinfo;
@@ -518,19 +501,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
data_body = p7->d.enveloped->enc_data->enc_data;
OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0);
- (void)ERR_set_mark();
- evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
- if (evp_cipher != NULL)
- cipher = evp_cipher;
- else
- cipher = EVP_get_cipherbyname(name);
+ cipher = EVP_CIPHER_fetch(libctx, name, propq);
if (cipher == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
goto err;
}
- (void)ERR_pop_to_mark();
break;
default:
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -554,26 +530,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
OBJ_obj2txt(name, sizeof(name), xa->algorithm, 0);
- (void)ERR_set_mark();
- evp_md = EVP_MD_fetch(libctx, name, propq);
- if (evp_md != NULL)
- md = evp_md;
- else
- md = EVP_get_digestbyname(name);
+ md = EVP_MD_fetch(libctx, name, propq);
if (md == NULL) {
- (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE);
goto err;
}
- (void)ERR_pop_to_mark();
if (BIO_set_md(btmp, md) <= 0) {
- EVP_MD_free(evp_md);
+ EVP_MD_free(md);
ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
goto err;
}
- EVP_MD_free(evp_md);
+ EVP_MD_free(md);
if (out == NULL)
out = btmp;
else
@@ -703,11 +672,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
}
BIO_push(out, bio);
bio = NULL;
- EVP_CIPHER_free(evp_cipher);
+ EVP_CIPHER_free(cipher);
return out;
err:
- EVP_CIPHER_free(evp_cipher);
+ EVP_CIPHER_free(cipher);
OPENSSL_clear_free(ek, eklen);
OPENSSL_clear_free(tkey, tkeylen);
BIO_free_all(out);
@@ -1065,8 +1034,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
{
ASN1_OCTET_STRING *os;
EVP_MD_CTX *mdc_tmp, *mdc;
- const EVP_MD *md;
- EVP_MD *fetched_md = NULL;
+ EVP_MD *md = NULL;
int ret = 0, i;
int md_type;
STACK_OF(X509_ATTRIBUTE) *sk;
@@ -1139,19 +1107,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
goto err;
}
- (void)ERR_set_mark();
- fetched_md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq);
-
- if (fetched_md != NULL)
- md = fetched_md;
- else
- md = EVP_get_digestbynid(md_type);
+ md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq);
if (md == NULL || !EVP_VerifyInit_ex(mdc_tmp, md, NULL)) {
- (void)ERR_clear_last_mark();
goto err;
}
- (void)ERR_pop_to_mark();
alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
@@ -1181,7 +1141,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
err:
OPENSSL_free(abuf);
EVP_MD_CTX_free(mdc_tmp);
- EVP_MD_free(fetched_md);
+ EVP_MD_free(md);
return ret;
}
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index e03c9553db..6ad8786e62 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -434,17 +434,10 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
OBJ_obj2txt(name, sizeof(name), md_alg_resp->algorithm, 0);
- (void)ERR_set_mark();
md = EVP_MD_fetch(NULL, name, NULL);
-
- if (md == NULL)
- md = (EVP_MD *)EVP_get_digestbyname(name);
-
if (md == NULL) {
- (void)ERR_clear_last_mark();
goto err;
}
- (void)ERR_pop_to_mark();
length = EVP_MD_get_size(md);
if (length <= 0)
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 5c609f6048..cf6e303f30 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -584,8 +584,7 @@ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert,
}
} else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid),
cert->propq))
- == NULL
- && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) {
+ == NULL) {
ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM);
return NULL;
}