openssl: stop checking for OPENSSL_NO_SHA* macros

Macros have been deleted upstream and never defined in OpenSSL 1.1.0+: 474e469bbd BoringSSL deleted the last internals uses in 2014: 457112e197 LibreSSL refers to them internally and in two public headers, but never set them via `openssl/opensslfeatures.h` / `openssl/opensslconf.h`. Follow-up to 69c89bf3d3137fcbb2b8bc57233182adcf1e2817 #18330 Closes #20130
2026-01-26 15:03:21 +00:00 · 2025-12-31 15:08:06 +01:00 · 2025-12-31 15:08:06 +01:00 · 7ad830bb58
commit 7ad830bb58
parent 0d0ac29cdd
3 changed files with 11 additions and 23 deletions
--- a/lib/curl_sha512_256.c
+++ b/lib/curl_sha512_256.c
@ -40,12 +40,10 @@
 #  include <openssl/opensslv.h>
 #  if !defined(LIBRESSL_VERSION_NUMBER) || \
  (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3080000fL)
-#    include <openssl/opensslconf.h>
-#    if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
-#      include <openssl/evp.h>
-#      define USE_OPENSSL_SHA512_256          1
-#      define HAS_SHA512_256_IMPLEMENTATION   1
-#      ifdef __NetBSD__
+#    include <openssl/evp.h>
+#    define USE_OPENSSL_SHA512_256          1
+#    define HAS_SHA512_256_IMPLEMENTATION   1
+#    ifdef __NetBSD__
 /* Some NetBSD versions has a bug in SHA-512/256.
 * See https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=58039
 * The problematic versions:
@ -56,14 +54,13 @@
 * NetBSD 10.99.11 development.
 * It is safe to apply the workaround even if the bug is not present, as
 * the workaround just reduces performance slightly. */
-#        include <sys/param.h>
-#        if  __NetBSD_Version__ <   904000000 ||  \
-            (__NetBSD_Version__ >=  999000000 &&  \
-             __NetBSD_Version__ <  1000000000) || \
-            (__NetBSD_Version__ >= 1099000000 &&  \
-             __NetBSD_Version__ <  1099001100)
-#          define NEED_NETBSD_SHA512_256_WORKAROUND 1
-#        endif
+#      include <sys/param.h>
+#      if  __NetBSD_Version__ <   904000000 ||  \
+          (__NetBSD_Version__ >=  999000000 &&  \
+           __NetBSD_Version__ <  1000000000) || \
+          (__NetBSD_Version__ >= 1099000000 &&  \
+           __NetBSD_Version__ <  1099001100)
+#        define NEED_NETBSD_SHA512_256_WORKAROUND 1
 #      endif
 #    endif
 #  endif
--- a/lib/setup-vms.h
+++ b/lib/setup-vms.h
@ -355,9 +355,6 @@ static int CONF_modules_load_file(const char *filename,
 #define sk_pop                          SK_POP
 #define sk_pop_free                     SK_POP_FREE
 #define sk_value                        SK_VALUE
-#ifdef __VAX
-#define OPENSSL_NO_SHA256
-#endif
 #define SHA256_Final  SHA256_FINAL
 #define SHA256_Init   SHA256_INIT
 #define SHA256_Update SHA256_UPDATE
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -5364,7 +5364,6 @@ static CURLcode ossl_random(struct Curl_easy *data,
  return rc == 1 ? CURLE_OK : CURLE_FAILED_INIT;
 }

-#ifndef OPENSSL_NO_SHA256
 static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */
                               size_t tmplen,
                               unsigned char *sha256sum /* output */,
@ -5386,7 +5385,6 @@ static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */
  EVP_MD_CTX_destroy(mdctx);
  return CURLE_OK;
 }
-#endif

 static bool ossl_cert_status_request(void)
 {
@ -5445,11 +5443,7 @@ const struct Curl_ssl Curl_ssl_openssl = {
  ossl_set_engine,          /* set_engine or provider */
  ossl_set_engine_default,  /* set_engine_default */
  ossl_engines_list,        /* engines_list */
-#ifndef OPENSSL_NO_SHA256
  ossl_sha256sum,           /* sha256sum */
-#else
-  NULL,                     /* sha256sum */
-#endif
  ossl_recv,                /* recv decrypted data */
  ossl_send,                /* send data to encrypt */
  ossl_get_channel_binding  /* get_channel_binding */