From abdc360910496483afa44b9ca075e21b248a491d Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 28 Feb 2017 14:08:50 +0000
Subject: Stop pretending that MD5 and SHA1 might not exist - rather than
 locating "ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1()
 functions directly.

ok beck@ inoguchi@
---
 src/lib/libssl/ssl_clnt.c |  6 +++---
 src/lib/libssl/ssl_lib.c  | 11 +----------
 src/lib/libssl/ssl_locl.h |  5 +----
 src/lib/libssl/ssl_srvr.c |  6 +++---
 4 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 7f4d6582da..da4b966bc6 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.5 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.6 2017/02/28 14:08:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1478,8 +1478,8 @@ ssl3_get_server_key_exchange(SSL *s)
 			q = md_buf;
 			for (num = 2; num > 0; num--) {
 				if (!EVP_DigestInit_ex(&md_ctx,
-				    (num == 2) ? s->ctx->internal->md5 :
-				    s->ctx->internal->sha1, NULL)) {
+				    (num == 2) ? EVP_md5() : EVP_sha1(),
+				    NULL)) {
 					al = SSL_AD_INTERNAL_ERROR;
 					goto f_err;
 				}
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 65b26209b8..3f458d8b10 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.157 2017/02/15 14:56:42 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.158 2017/02/28 14:08:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1865,15 +1865,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
 	if (!ret->param)
 		goto err;
 
-	if ((ret->internal->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
-		SSLerrorx(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
-		goto err2;
-	}
-	if ((ret->internal->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
-		SSLerrorx(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
-		goto err2;
-	}
-
 	if ((ret->internal->client_CA = sk_X509_NAME_new_null()) == NULL)
 		goto err;
 
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 62d9d0314e..59f6104391 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.174 2017/02/21 15:28:27 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.175 2017/02/28 14:08:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -531,9 +531,6 @@ typedef struct ssl_ctx_internal_st {
 
 	struct cert_st /* CERT */ *cert;
 
-	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
-	const EVP_MD *sha1;	/* For SSLv3/TLSv1 'ssl3-sha1' */
-
 	/* Default values used when no per-SSL value is defined follow */
 
 	/* what we put in client cert requests */
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index bb43ec74e2..8e7c1f4418 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.6 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.7 2017/02/28 14:08:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1524,8 +1524,8 @@ ssl3_send_server_key_exchange(SSL *s)
 				j = 0;
 				for (num = 2; num > 0; num--) {
 					if (!EVP_DigestInit_ex(&md_ctx,
-					    (num == 2) ? s->ctx->internal->md5 :
-					    s->ctx->internal->sha1, NULL))
+					    (num == 2) ? EVP_md5() : EVP_sha1(),
+					    NULL))
 						goto err;
 					EVP_DigestUpdate(&md_ctx,
 					    s->s3->client_random,
-- 
cgit v1.2.3-55-g6feb