Commit 84b5f265ce for openssl.org
commit 84b5f265ce2e484f920fa0cf7af3dcfb468a0083
Author: Matt Caswell <matt@openssl.org>
Date: Fri Dec 19 11:49:25 2025 +0000
Cleanup the EVP_MD structure
Remove fields that are no longer needed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29460)
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index eff6f89fb6..af5b842058 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -157,7 +157,6 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it, ASN1_VALUE **x,
static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
{
- const EVP_MD *md;
int i, have_unknown = 0, write_comma, ret = 0, md_nid;
have_unknown = 0;
write_comma = 0;
@@ -179,21 +178,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
continue;
}
- md = EVP_get_digestbynid(md_nid);
- if (md && md->md_ctrl) {
- int rv;
- char *micstr;
- rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
- if (rv > 0) {
- rv = BIO_puts(out, micstr);
- OPENSSL_free(micstr);
- if (rv < 0)
- goto err;
- continue;
- }
- if (rv != -2)
- goto err;
- }
switch (md_nid) {
case NID_sha1:
if (BIO_puts(out, "sha1") < 0)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 7cd1fb2b24..63d103fd5b 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -21,21 +21,6 @@
#include "crypto/evp.h"
#include "evp_local.h"
-static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
-{
- if (ctx->digest != NULL) {
- if (ctx->digest->cleanup != NULL
- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
- ctx->digest->cleanup(ctx);
- if (ctx->md_data != NULL && ctx->digest->ctx_size > 0
- && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)
- || force)) {
- OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
- ctx->md_data = NULL;
- }
- }
-}
-
void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched)
{
if (ctx->algctx != NULL) {
@@ -51,7 +36,6 @@ void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched)
* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
* sometimes only copies of the context are ever finalised.
*/
- cleanup_old_md_data(ctx, force);
if (force)
ctx->digest = NULL;
@@ -178,8 +162,6 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
type = ctx->digest;
}
- cleanup_old_md_data(ctx, 1);
-
if (ossl_likely(ctx->digest == type)) {
if (ossl_unlikely(!ossl_assert(type->prov != NULL))) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -322,8 +304,10 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
if (ossl_unlikely(sz < 0))
return 0;
mdsize = sz;
- if (ossl_unlikely(ctx->digest->prov == NULL))
- goto legacy;
+ if (ossl_unlikely(ctx->digest->prov == NULL)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
if (ossl_unlikely(ctx->digest->dfinal == NULL)) {
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
@@ -349,19 +333,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
}
return ret;
-
- /* Code below to be removed when legacy support is dropped. */
-legacy:
- OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE);
- ret = ctx->digest->final(ctx, md);
- if (isize != NULL)
- *isize = (unsigned int)mdsize;
- if (ctx->digest->cleanup) {
- ctx->digest->cleanup(ctx);
- EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
- }
- OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
- return ret;
}
/* This is a one shot operation */
@@ -376,8 +347,10 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
return 0;
}
- if (ossl_unlikely(ctx->digest->prov == NULL))
- goto legacy;
+ if (ossl_unlikely(ctx->digest->prov == NULL)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
if (ossl_unlikely(ctx->digest->dfinal == NULL)) {
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
@@ -402,22 +375,6 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
- return ret;
-
-legacy:
- if (EVP_MD_xof(ctx->digest)
- && size <= INT_MAX
- && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
- ret = ctx->digest->final(ctx, md);
- if (ctx->digest->cleanup != NULL) {
- ctx->digest->cleanup(ctx);
- EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
- }
- OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
- } else {
- ERR_raise(ERR_LIB_EVP, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
- }
-
return ret;
}
@@ -539,7 +496,6 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
EVP_PKEY_CTX_free(out->pctx);
out->pctx = NULL;
- cleanup_old_md_data(out, 0);
out->flags = in->flags;
out->update = in->update;
@@ -761,8 +717,10 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
return 0;
}
- if (ctx->digest != NULL && ctx->digest->prov == NULL)
- goto legacy;
+ if (ctx->digest != NULL && ctx->digest->prov == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
+ return 0;
+ }
switch (cmd) {
case EVP_MD_CTRL_XOF_LEN:
@@ -786,16 +744,7 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
ret = EVP_MD_CTX_set_params(ctx, params);
else
ret = EVP_MD_CTX_get_params(ctx, params);
- goto conclude;
-
- /* Code below to be removed when legacy support is dropped. */
-legacy:
- if (ctx->digest->md_ctrl == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
- return 0;
- }
- ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
conclude:
if (ret <= 0)
return 0;
diff --git a/crypto/evp/legacy_blake2.c b/crypto/evp/legacy_blake2.c
index c3032c3051..317cc9c95f 100644
--- a/crypto/evp/legacy_blake2.c
+++ b/crypto/evp/legacy_blake2.c
@@ -17,7 +17,7 @@ static const EVP_MD blake2b_md = {
BLAKE2B_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(BLAKE2B_BLOCKBYTES),
+ BLAKE2B_BLOCKBYTES,
};
const EVP_MD *EVP_blake2b512(void)
@@ -31,7 +31,7 @@ static const EVP_MD blake2s_md = {
BLAKE2S_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(BLAKE2S_BLOCKBYTES),
+ BLAKE2S_BLOCKBYTES,
};
const EVP_MD *EVP_blake2s256(void)
diff --git a/crypto/evp/legacy_md2.c b/crypto/evp/legacy_md2.c
index 1416211a4c..2fe3341adf 100644
--- a/crypto/evp/legacy_md2.c
+++ b/crypto/evp/legacy_md2.c
@@ -17,7 +17,7 @@ static const EVP_MD md2_md = {
MD2_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(MD2_BLOCK)
+ MD2_BLOCK
};
const EVP_MD *EVP_md2(void)
diff --git a/crypto/evp/legacy_md4.c b/crypto/evp/legacy_md4.c
index c95162d11b..6d12ebdeec 100644
--- a/crypto/evp/legacy_md4.c
+++ b/crypto/evp/legacy_md4.c
@@ -23,7 +23,7 @@ static const EVP_MD md4_md = {
MD4_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(MD4_CBLOCK),
+ MD4_CBLOCK
};
const EVP_MD *EVP_md4(void)
diff --git a/crypto/evp/legacy_md5.c b/crypto/evp/legacy_md5.c
index 43703fa5f6..cc33f05795 100644
--- a/crypto/evp/legacy_md5.c
+++ b/crypto/evp/legacy_md5.c
@@ -23,7 +23,7 @@ static const EVP_MD md5_md = {
MD5_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(MD5_CBLOCK)
+ MD5_CBLOCK
};
const EVP_MD *EVP_md5(void)
diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c
index aa6b58e9a9..5e6cf85bf1 100644
--- a/crypto/evp/legacy_md5_sha1.c
+++ b/crypto/evp/legacy_md5_sha1.c
@@ -24,7 +24,7 @@ static const EVP_MD md5_sha1_md = {
MD5_SHA1_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(MD5_SHA1_CBLOCK),
+ MD5_SHA1_CBLOCK
};
const EVP_MD *EVP_md5_sha1(void)
diff --git a/crypto/evp/legacy_mdc2.c b/crypto/evp/legacy_mdc2.c
index f596de1781..ef940558e5 100644
--- a/crypto/evp/legacy_mdc2.c
+++ b/crypto/evp/legacy_mdc2.c
@@ -23,7 +23,7 @@ static const EVP_MD mdc2_md = {
MDC2_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(MDC2_BLOCK),
+ MDC2_BLOCK
};
const EVP_MD *EVP_mdc2(void)
diff --git a/crypto/evp/legacy_meth.h b/crypto/evp/legacy_meth.h
index 66107b1b8f..01d80e3701 100644
--- a/crypto/evp/legacy_meth.h
+++ b/crypto/evp/legacy_meth.h
@@ -34,6 +34,3 @@
{ \
return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \
}
-
-#define LEGACY_EVP_MD_METH_TABLE(blksz) \
- NULL, NULL, NULL, NULL, NULL, blksz, 0, NULL
diff --git a/crypto/evp/legacy_ripemd.c b/crypto/evp/legacy_ripemd.c
index 8fa38abfe7..f031d16973 100644
--- a/crypto/evp/legacy_ripemd.c
+++ b/crypto/evp/legacy_ripemd.c
@@ -23,7 +23,7 @@ static const EVP_MD ripemd160_md = {
RIPEMD160_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(RIPEMD160_CBLOCK)
+ RIPEMD160_CBLOCK
};
const EVP_MD *EVP_ripemd160(void)
diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c
index 20a5766715..3333e02377 100644
--- a/crypto/evp/legacy_sha.c
+++ b/crypto/evp/legacy_sha.c
@@ -27,7 +27,7 @@ static const EVP_MD sha1_md = {
SHA_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(SHA_CBLOCK)
+ SHA_CBLOCK
};
const EVP_MD *EVP_sha1(void)
@@ -41,7 +41,7 @@ static const EVP_MD sha224_md = {
SHA224_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(SHA256_CBLOCK)
+ SHA256_CBLOCK
};
const EVP_MD *EVP_sha224(void)
@@ -55,7 +55,7 @@ static const EVP_MD sha256_md = {
SHA256_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(SHA256_CBLOCK)
+ SHA256_CBLOCK
};
const EVP_MD *EVP_sha256(void)
@@ -69,7 +69,7 @@ static const EVP_MD sha512_224_md = {
SHA224_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(SHA512_CBLOCK)
+ SHA512_CBLOCK
};
const EVP_MD *EVP_sha512_224(void)
@@ -83,7 +83,7 @@ static const EVP_MD sha512_256_md = {
SHA256_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(SHA512_CBLOCK)
+ SHA512_CBLOCK
};
const EVP_MD *EVP_sha512_256(void)
@@ -97,7 +97,7 @@ static const EVP_MD sha384_md = {
SHA384_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(SHA512_CBLOCK)
+ SHA512_CBLOCK
};
const EVP_MD *EVP_sha384(void)
@@ -111,7 +111,7 @@ static const EVP_MD sha512_md = {
SHA512_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(SHA512_CBLOCK),
+ SHA512_CBLOCK
};
const EVP_MD *EVP_sha512(void)
@@ -119,31 +119,31 @@ const EVP_MD *EVP_sha512(void)
return &sha512_md;
}
-#define EVP_MD_SHA3(bitlen) \
- const EVP_MD *EVP_sha3_##bitlen(void) \
- { \
- static const EVP_MD sha3_##bitlen##_md = { \
- NID_sha3_##bitlen, \
- NID_RSA_SHA3_##bitlen, \
- bitlen / 8, \
- EVP_MD_FLAG_DIGALGID_ABSENT, \
- EVP_ORIG_GLOBAL, \
- LEGACY_EVP_MD_METH_TABLE((KECCAK1600_WIDTH - bitlen * 2) / 8) \
- }; \
- return &sha3_##bitlen##_md; \
+#define EVP_MD_SHA3(bitlen) \
+ const EVP_MD *EVP_sha3_##bitlen(void) \
+ { \
+ static const EVP_MD sha3_##bitlen##_md = { \
+ NID_sha3_##bitlen, \
+ NID_RSA_SHA3_##bitlen, \
+ bitlen / 8, \
+ EVP_MD_FLAG_DIGALGID_ABSENT, \
+ EVP_ORIG_GLOBAL, \
+ (KECCAK1600_WIDTH - bitlen * 2) / 8 \
+ }; \
+ return &sha3_##bitlen##_md; \
}
-#define EVP_MD_SHAKE(bitlen) \
- const EVP_MD *EVP_shake##bitlen(void) \
- { \
- static const EVP_MD shake##bitlen##_md = { \
- NID_shake##bitlen, \
- 0, \
- bitlen / 8, \
- EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT, \
- EVP_ORIG_GLOBAL, \
- LEGACY_EVP_MD_METH_TABLE((KECCAK1600_WIDTH - bitlen * 2) / 8) \
- }; \
- return &shake##bitlen##_md; \
+#define EVP_MD_SHAKE(bitlen) \
+ const EVP_MD *EVP_shake##bitlen(void) \
+ { \
+ static const EVP_MD shake##bitlen##_md = { \
+ NID_shake##bitlen, \
+ 0, \
+ bitlen / 8, \
+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT, \
+ EVP_ORIG_GLOBAL, \
+ (KECCAK1600_WIDTH - bitlen * 2) / 8 \
+ }; \
+ return &shake##bitlen##_md; \
}
EVP_MD_SHA3(224)
diff --git a/crypto/evp/legacy_wp.c b/crypto/evp/legacy_wp.c
index 7a1f4d253f..3fb202a898 100644
--- a/crypto/evp/legacy_wp.c
+++ b/crypto/evp/legacy_wp.c
@@ -23,7 +23,7 @@ static const EVP_MD whirlpool_md = {
WHIRLPOOL_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(WHIRLPOOL_BBLOCK / 8)
+ WHIRLPOOL_BBLOCK / 8
};
const EVP_MD *EVP_whirlpool(void)
diff --git a/crypto/sm3/legacy_sm3.c b/crypto/sm3/legacy_sm3.c
index df3a474a55..b7129230fa 100644
--- a/crypto/sm3/legacy_sm3.c
+++ b/crypto/sm3/legacy_sm3.c
@@ -18,7 +18,7 @@ static const EVP_MD sm3_md = {
SM3_DIGEST_LENGTH,
0,
EVP_ORIG_GLOBAL,
- LEGACY_EVP_MD_METH_TABLE(SM3_CBLOCK)
+ SM3_CBLOCK
};
const EVP_MD *EVP_sm3(void)
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 43f5068f07..b719118bee 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -190,23 +190,12 @@ struct evp_md_st {
/* nid */
int type;
- /* Legacy structure members */
int pkey_type;
int md_size;
unsigned long flags;
int origin;
- int (*init)(EVP_MD_CTX *ctx);
- int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
- int (*final)(EVP_MD_CTX *ctx, unsigned char *md);
- int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from);
- int (*cleanup)(EVP_MD_CTX *ctx);
int block_size;
- int ctx_size; /* how big does the ctx->md_data need to be */
- /* control function */
- int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
- /* New structure members */
- /* Above comment to be removed when legacy has gone */
int name_id;
char *type_name;
const char *description;
@@ -229,7 +218,6 @@ struct evp_md_st {
OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params;
OSSL_FUNC_digest_serialize_fn *serialize;
OSSL_FUNC_digest_deserialize_fn *deserialize;
-
} /* EVP_MD */;
struct evp_cipher_st {