[Openvpn-devel,v1] crypto_backend: Remove md_full

Message ID	20260405103110.32401-1-gert@greenie.muc.de
State	New
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; From: Gert Doering <gert@greenie.muc.de> To: openvpn-devel@lists.sourceforge.net Date: Sun, 5 Apr 2026 12:31:04 +0200 Message-ID: <20260405103110.32401-1-gert@greenie.muc.de> In-Reply-To: <gerrit.1775344373000.Ie2285f5bf52f5c669fb01f9ae36d6aa1674f0929@gerrit.openvpn.net> References: <gerrit.1775344373000.Ie2285f5bf52f5c669fb01f9ae36d6aa1674f0929@gerrit.openvpn.net> MIME-Version: 1.0 preview: From: Frank Lichtenheld <frank@lichtenheld.com> There was only one user for mbedtls < 4.0, so remove all the unused implementations. Identified by cppcheck. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS Subject: [Openvpn-devel] [PATCH v1] crypto_backend: Remove md_full Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel,v1] crypto_backend: Remove md_full \| expand [Openvpn-devel,v1] crypto_backend: Remove md_full

Message ID

20260405103110.32401-1-gert@greenie.muc.de

State

New

Headers

Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Sun,  5 Apr 2026 12:31:04 +0200
Message-ID: <20260405103110.32401-1-gert@greenie.muc.de>
In-Reply-To: 
 <gerrit.1775344373000.Ie2285f5bf52f5c669fb01f9ae36d6aa1674f0929@gerrit.openvpn.net>
References: 
 <gerrit.1775344373000.Ie2285f5bf52f5c669fb01f9ae36d6aa1674f0929@gerrit.openvpn.net>
MIME-Version: 1.0
Subject: [Openvpn-devel] [PATCH v1] crypto_backend: Remove md_full
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel,v1] crypto_backend: Remove md_full | expand

Commit Message

Gert Doering April 5, 2026, 10:31 a.m. UTC

From: Frank Lichtenheld <frank@lichtenheld.com>

There was only one user for mbedtls < 4.0,
so remove all the unused implementations.

Identified by cppcheck.

Change-Id: Ie2285f5bf52f5c669fb01f9ae36d6aa1674f0929
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1612
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1612
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering April 5, 2026, 2:27 p.m. UTC | #1

Change looks reasonable, BB is happy with it.  Not 2.7 material.

Your patch has been applied to the master branch.

commit 7b44e01b96f6e9fb33af009f359b8dd33c4ae382
Author: Frank Lichtenheld
Date:   Sun Apr 5 12:31:04 2026 +0200

     crypto_backend: Remove md_full

     Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1612
     Message-Id: <20260405103110.32401-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36495.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index 4e9283d..360abbe 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -549,18 +549,6 @@ 
  *
  */
 
-/**
- * Calculates the message digest for the given buffer.
- *
- * @param mdname        message digest name
- * @param src           Buffer to digest. May not be NULL.
- * @param src_len       The length of the incoming buffer.
- * @param dst           Buffer to write the message digest to. May not be NULL.
- *
- * @return              true on success, false on failure
- */
-bool md_full(const char *mdname, const uint8_t *src, size_t src_len, uint8_t *dst);
-
 /*
  * Allocate a new message digest context
  *
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index b0d0820..665257c0 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -696,28 +696,6 @@ 
     return ctx;
 }
 
-bool
-md_full(const char *mdname, const uint8_t *src, size_t src_len, uint8_t *dst)
-{
-    const md_info_t *md = md_get(mdname);
-    if (md == NULL)
-    {
-        return false;
-    }
-
-    /* We depend on the caller to ensure that dst has enough room for the hash,
-     * so we just tell PSA that it can hold the appropriate amount of bytes. */
-    size_t dst_size = PSA_HASH_LENGTH(md->psa_alg);
-    size_t hash_length = 0;
-
-    psa_status_t status = psa_hash_compute(md->psa_alg, src, src_len, dst, dst_size, &hash_length);
-    if (status != PSA_SUCCESS || hash_length != dst_size)
-    {
-        return false;
-    }
-    return true;
-}
-
 void
 md_ctx_free(md_ctx_t *ctx)
 {
diff --git a/src/openvpn/crypto_mbedtls_legacy.c b/src/openvpn/crypto_mbedtls_legacy.c
index 3f04a3e..6556358 100644
--- a/src/openvpn/crypto_mbedtls_legacy.c
+++ b/src/openvpn/crypto_mbedtls_legacy.c
@@ -769,7 +769,7 @@ 
  */
 
 
-static const mbedtls_md_info_t *
+const mbedtls_md_info_t *
 md_get(const char *digest)
 {
     const mbedtls_md_info_t *md = NULL;
@@ -825,13 +825,6 @@ 
  *
  */
 
-bool
-md_full(const char *mdname, const uint8_t *src, size_t src_len, uint8_t *dst)
-{
-    const mbedtls_md_info_t *kt = md_get(mdname);
-    return 0 == mbedtls_md(kt, src, src_len, dst);
-}
-
 mbedtls_md_context_t *
 md_ctx_new(void)
 {
diff --git a/src/openvpn/crypto_mbedtls_legacy.h b/src/openvpn/crypto_mbedtls_legacy.h
index 1005057..23113be 100644
--- a/src/openvpn/crypto_mbedtls_legacy.h
+++ b/src/openvpn/crypto_mbedtls_legacy.h
@@ -137,4 +137,6 @@ 
  */
 #define mbed_ok(errval) mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__)
 
+const mbedtls_md_info_t *md_get(const char *digest);
+
 #endif /* CRYPTO_MBEDTLS_H_ */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index e49f654..e268d7c 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1107,17 +1107,6 @@ 
  *
  */
 
-bool
-md_full(const char *mdname, const uint8_t *src, size_t src_len, uint8_t *dst)
-{
-    unsigned int in_md_len = 0;
-    evp_md_type *kt = md_get(mdname);
-
-    int ret = EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
-    EVP_MD_free(kt);
-    return ret == 1;
-}
-
 EVP_MD_CTX *
 md_ctx_new(void)
 {
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index d0c481e..a62ff76 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -1029,8 +1029,9 @@ 
     if (NULL != ctx->crt_chain)
     {
         mbedtls_x509_crt *cert = ctx->crt_chain;
+        const mbedtls_md_info_t *kt = md_get("SHA256");
 
-        if (!md_full("SHA256", cert->tbs.p, cert->tbs.len, sha256_hash))
+        if (0 != mbedtls_md(kt, cert->tbs.p, cert->tbs.len, sha256_hash))
         {
             msg(M_WARN, "WARNING: failed to personalise random");
         }

[Openvpn-devel,v1] crypto_backend: Remove md_full

Commit Message

Comments

Patch