From 7dcdad297d63e268919cb38314e7671fb269df52 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Fri, 29 Mar 2024 02:31:22 +0000
Subject: [PATCH] Sync EVP_MD_meth removal with what landed upstream

discussed with djm
---
 lib/libfido2/src/rs1.c   | 24 ++++--------------------
 lib/libfido2/src/rs256.c | 24 ++++--------------------
 2 files changed, 8 insertions(+), 40 deletions(-)

diff --git a/lib/libfido2/src/rs1.c b/lib/libfido2/src/rs1.c
index 326c84c3599..f9a36d6c8fc 100644
--- a/lib/libfido2/src/rs1.c
+++ b/lib/libfido2/src/rs1.c
@@ -9,32 +9,17 @@
 
 #include "fido.h"
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000
-static EVP_MD *
-rs1_get_EVP_MD(void)
-{
-	return (EVP_MD_fetch(NULL, "SHA-1", NULL));
-}
+#define PRAGMA(s)
 
-static void
-rs1_free_EVP_MD(EVP_MD *md)
-{
-	EVP_MD_free(md);
-}
-#else
 static EVP_MD *
 rs1_get_EVP_MD(void)
 {
+	PRAGMA("GCC diagnostic push");
+	PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"");
 	return ((EVP_MD *)EVP_sha1());
+	PRAGMA("GCC diagnostic pop");
 }
 
-static void
-rs1_free_EVP_MD(EVP_MD *md)
-{
-	(void)md;
-}
-#endif /* OPENSSL_VERSION_NUMBER */
-
 int
 rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
     const fido_blob_t *sig)
@@ -70,7 +55,6 @@ rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
 	ok = 0;
 fail:
 	EVP_PKEY_CTX_free(pctx);
-	rs1_free_EVP_MD(md);
 
 	return (ok);
 }
diff --git a/lib/libfido2/src/rs256.c b/lib/libfido2/src/rs256.c
index 400d063132e..7c4962dc99c 100644
--- a/lib/libfido2/src/rs256.c
+++ b/lib/libfido2/src/rs256.c
@@ -17,32 +17,17 @@
 #define get0_RSA(x)	EVP_PKEY_get0((x))
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000
-static EVP_MD *
-rs256_get_EVP_MD(void)
-{
-	return (EVP_MD_fetch(NULL, "SHA2-256", NULL));
-}
+#define PRAGMA(s)
 
-static void
-rs256_free_EVP_MD(EVP_MD *md)
-{
-	EVP_MD_free(md);
-}
-#else
 static EVP_MD *
 rs256_get_EVP_MD(void)
 {
+	PRAGMA("GCC diagnostic push");
+	PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"");
 	return ((EVP_MD *)EVP_sha256());
+	PRAGMA("GCC diagnostic pop");
 }
 
-static void
-rs256_free_EVP_MD(EVP_MD *md)
-{
-	(void)md;
-}
-#endif /* OPENSSL_VERSION_NUMBER */
-
 static int
 decode_bignum(const cbor_item_t *item, void *ptr, size_t len)
 {
@@ -266,7 +251,6 @@ rs256_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
 	ok = 0;
 fail:
 	EVP_PKEY_CTX_free(pctx);
-	rs256_free_EVP_MD(md);
 
 	return (ok);
 }
-- 
2.20.1