From 7ad830bb5812b0a246125c780f2723fefd9b66d8 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Wed, 31 Dec 2025 15:08:06 +0100 Subject: [PATCH] openssl: stop checking for `OPENSSL_NO_SHA*` macros Macros have been deleted upstream and never defined in OpenSSL 1.1.0+: https://github.com/openssl/openssl/commit/474e469bbd056aebcf7e7d3207ef820f2faed4ce BoringSSL deleted the last internals uses in 2014: https://github.com/google/boringssl/commit/457112e1973251a721ae419128d7108844d3c1a3 LibreSSL refers to them internally and in two public headers, but never set them via `openssl/opensslfeatures.h` / `openssl/opensslconf.h`. Follow-up to 69c89bf3d3137fcbb2b8bc57233182adcf1e2817 #18330 Closes #20130 --- lib/curl_sha512_256.c | 25 +++++++++++-------------- lib/setup-vms.h | 3 --- lib/vtls/openssl.c | 6 ------ 3 files changed, 11 insertions(+), 23 deletions(-) diff --git a/lib/curl_sha512_256.c b/lib/curl_sha512_256.c index a6c78d67cf..44ba9be55f 100644 --- a/lib/curl_sha512_256.c +++ b/lib/curl_sha512_256.c @@ -40,12 +40,10 @@ # include # if !defined(LIBRESSL_VERSION_NUMBER) || \ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3080000fL) -# include -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) -# include -# define USE_OPENSSL_SHA512_256 1 -# define HAS_SHA512_256_IMPLEMENTATION 1 -# ifdef __NetBSD__ +# include +# define USE_OPENSSL_SHA512_256 1 +# define HAS_SHA512_256_IMPLEMENTATION 1 +# ifdef __NetBSD__ /* Some NetBSD versions has a bug in SHA-512/256. * See https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=58039 * The problematic versions: @@ -56,14 +54,13 @@ * NetBSD 10.99.11 development. * It is safe to apply the workaround even if the bug is not present, as * the workaround just reduces performance slightly. */ -# include -# if __NetBSD_Version__ < 904000000 || \ - (__NetBSD_Version__ >= 999000000 && \ - __NetBSD_Version__ < 1000000000) || \ - (__NetBSD_Version__ >= 1099000000 && \ - __NetBSD_Version__ < 1099001100) -# define NEED_NETBSD_SHA512_256_WORKAROUND 1 -# endif +# include +# if __NetBSD_Version__ < 904000000 || \ + (__NetBSD_Version__ >= 999000000 && \ + __NetBSD_Version__ < 1000000000) || \ + (__NetBSD_Version__ >= 1099000000 && \ + __NetBSD_Version__ < 1099001100) +# define NEED_NETBSD_SHA512_256_WORKAROUND 1 # endif # endif # endif diff --git a/lib/setup-vms.h b/lib/setup-vms.h index 17bf5a07a2..dd460223b9 100644 --- a/lib/setup-vms.h +++ b/lib/setup-vms.h @@ -355,9 +355,6 @@ static int CONF_modules_load_file(const char *filename, #define sk_pop SK_POP #define sk_pop_free SK_POP_FREE #define sk_value SK_VALUE -#ifdef __VAX -#define OPENSSL_NO_SHA256 -#endif #define SHA256_Final SHA256_FINAL #define SHA256_Init SHA256_INIT #define SHA256_Update SHA256_UPDATE diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 45480778eb..84e6eaadd5 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -5364,7 +5364,6 @@ static CURLcode ossl_random(struct Curl_easy *data, return rc == 1 ? CURLE_OK : CURLE_FAILED_INIT; } -#ifndef OPENSSL_NO_SHA256 static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */ size_t tmplen, unsigned char *sha256sum /* output */, @@ -5386,7 +5385,6 @@ static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */ EVP_MD_CTX_destroy(mdctx); return CURLE_OK; } -#endif static bool ossl_cert_status_request(void) { @@ -5445,11 +5443,7 @@ const struct Curl_ssl Curl_ssl_openssl = { ossl_set_engine, /* set_engine or provider */ ossl_set_engine_default, /* set_engine_default */ ossl_engines_list, /* engines_list */ -#ifndef OPENSSL_NO_SHA256 ossl_sha256sum, /* sha256sum */ -#else - NULL, /* sha256sum */ -#endif ossl_recv, /* recv decrypted data */ ossl_send, /* send data to encrypt */ ossl_get_channel_binding /* get_channel_binding */