sync with OpenBSD -current

lib/libcrypto/asn1/a_bitstr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_bitstr.c,v 1.41 2023/07/28 10:33:13 tb Exp $ */
+/* $OpenBSD: a_bitstr.c,v 1.42 2023/12/25 22:02:59 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -120,20 +120,24 @@ ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	int w, v, iv;
 	unsigned char *c;
 
-	w = n/8;
-	v = 1 << (7 - (n & 0x07));
-	iv = ~v;
-	if (!value)
-		v = 0;
-
 	if (a == NULL)
 		return 0;
+	if (n < 0)
+		return 0;
+
+	w = n / 8;
+	v = 1 << (7 - (n & 0x07));
+	iv = ~v;
+
+	if (value == 0)
+		v = 0;
 
 	asn1_abs_clear_unused_bits(a);
 
-	if ((a->length < (w + 1)) || (a->data == NULL)) {
-		if (!value)
-			return(1); /* Don't need to set */
+	if (a->length < w + 1 || a->data == NULL) {
+		/* Don't expand if there's no bit to set. */
+		if (value == 0)
+			return 1;
 		if ((c = recallocarray(a->data, a->length, w + 1, 1)) == NULL) {
 			ASN1error(ERR_R_MALLOC_FAILURE);
 			return 0;
@@ -141,11 +145,12 @@ ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 		a->data = c;
 		a->length = w + 1;
 	}
+
 	a->data[w] = ((a->data[w]) & iv) | v;
-	while ((a->length > 0) && (a->data[a->length - 1] == 0))
+	while (a->length > 0 && a->data[a->length - 1] == 0)
 		a->length--;
 
-	return (1);
+	return 1;
 }
 LCRYPTO_ALIAS(ASN1_BIT_STRING_set_bit);
 
@@ -154,11 +159,18 @@ ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 {
 	int w, v;
 
+	if (a == NULL)
+		return 0;
+	if (n < 0)
+		return 0;
+
 	w = n / 8;
 	v = 1 << (7 - (n & 0x07));
-	if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
-		return (0);
-	return ((a->data[w] & v) != 0);
+
+	if (a->length < w + 1 || a->data == NULL)
+		return 0;
+
+	return (a->data[w] & v) != 0;
 }
 LCRYPTO_ALIAS(ASN1_BIT_STRING_get_bit);
 

lib/libcrypto/evp/digest.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.40 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: digest.c,v 1.41 2023/12/24 22:17:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -200,6 +200,23 @@ EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	return ret;
 }
 
+int
+EVP_Digest(const void *data, size_t count,
+    unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
+{
+	EVP_MD_CTX ctx;
+	int ret;
+
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
+	ret = EVP_DigestInit_ex(&ctx, type, NULL) &&
+	    EVP_DigestUpdate(&ctx, data, count) &&
+	    EVP_DigestFinal_ex(&ctx, md, size);
+	EVP_MD_CTX_cleanup(&ctx);
+
+	return ret;
+}
+
 int
 EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 {
@@ -262,23 +279,6 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 	return 1;
 }
 
-int
-EVP_Digest(const void *data, size_t count,
-    unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
-{
-	EVP_MD_CTX ctx;
-	int ret;
-
-	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
-	ret = EVP_DigestInit_ex(&ctx, type, NULL) &&
-	    EVP_DigestUpdate(&ctx, data, count) &&
-	    EVP_DigestFinal_ex(&ctx, md, size);
-	EVP_MD_CTX_cleanup(&ctx);
-
-	return ret;
-}
-
 EVP_MD_CTX *
 EVP_MD_CTX_new(void)
 {

lib/libcrypto/evp/p_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.39 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.50 2023/12/25 22:41:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -80,8 +80,6 @@
 #include "asn1_local.h"
 #include "evp_local.h"
 
-static void EVP_PKEY_free_it(EVP_PKEY *x);
-
 int
 EVP_PKEY_bits(const EVP_PKEY *pkey)
 {
@@ -195,96 +193,125 @@ EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 EVP_PKEY *
 EVP_PKEY_new(void)
 {
-	EVP_PKEY *ret;
+	EVP_PKEY *pkey;
 
-	ret = malloc(sizeof(EVP_PKEY));
-	if (ret == NULL) {
+	if ((pkey = calloc(1, sizeof(*pkey))) == NULL) {
 		EVPerror(ERR_R_MALLOC_FAILURE);
-		return (NULL);
+		return NULL;
 	}
-	ret->type = EVP_PKEY_NONE;
-	ret->save_type = EVP_PKEY_NONE;
-	ret->references = 1;
-	ret->ameth = NULL;
-	ret->pkey.ptr = NULL;
-	ret->attributes = NULL;
-	ret->save_parameters = 1;
-	return (ret);
+
+	pkey->type = EVP_PKEY_NONE;
+	pkey->save_type = EVP_PKEY_NONE;
+	pkey->references = 1;
+	pkey->save_parameters = 1;
+
+	return pkey;
 }
 
 int
 EVP_PKEY_up_ref(EVP_PKEY *pkey)
 {
-	int refs = CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-	return ((refs > 1) ? 1 : 0);
+	return CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY) > 1;
 }
 
-/* Setup a public key ASN1 method from a NID or a string.
- * If pkey is NULL just return 1 or 0 if the algorithm exists.
- */
-
-static int
-pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
+static void
+evp_pkey_free_pkey_ptr(EVP_PKEY *pkey)
 {
-	const EVP_PKEY_ASN1_METHOD *ameth;
+	if (pkey == NULL || pkey->ameth == NULL || pkey->ameth->pkey_free == NULL)
+		return;
 
-	if (pkey) {
-		if (pkey->pkey.ptr)
-			EVP_PKEY_free_it(pkey);
-		/* If key type matches and a method exists then this
-		 * lookup has succeeded once so just indicate success.
-		 */
-		if ((type == pkey->save_type) && pkey->ameth)
-			return 1;
-	}
-	if (str != NULL)
-		ameth = EVP_PKEY_asn1_find_str(NULL, str, len);
-	else
-		ameth = EVP_PKEY_asn1_find(NULL, type);
-	if (!ameth) {
-		EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
-		return 0;
-	}
-	if (pkey) {
-		pkey->ameth = ameth;
+	pkey->ameth->pkey_free(pkey);
+	pkey->pkey.ptr = NULL;
+}
 
-		pkey->type = pkey->ameth->pkey_id;
-		pkey->save_type = type;
-	}
-	return 1;
+void
+EVP_PKEY_free(EVP_PKEY *pkey)
+{
+	if (pkey == NULL)
+		return;
+
+	if (CRYPTO_add(&pkey->references, -1, CRYPTO_LOCK_EVP_PKEY) > 0)
+		return;
+
+	evp_pkey_free_pkey_ptr(pkey);
+	sk_X509_ATTRIBUTE_pop_free(pkey->attributes, X509_ATTRIBUTE_free);
+	freezero(pkey, sizeof(*pkey));
 }
 
 int
 EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
 {
-	return pkey_set_type(pkey, type, NULL, -1);
+	const EVP_PKEY_ASN1_METHOD *ameth;
+
+	evp_pkey_free_pkey_ptr(pkey);
+
+	if ((ameth = EVP_PKEY_asn1_find(NULL, type)) == NULL) {
+		EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
+		return 0;
+	}
+	if (pkey != NULL) {
+		pkey->ameth = ameth;
+		pkey->type = pkey->ameth->pkey_id;
+		pkey->save_type = type;
+	}
+
+	return 1;
+}
+
+int
+EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
+{
+	const EVP_PKEY_ASN1_METHOD *ameth;
+
+	evp_pkey_free_pkey_ptr(pkey);
+
+	if ((ameth = EVP_PKEY_asn1_find_str(NULL, str, len)) == NULL) {
+		EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
+		return 0;
+	}
+	if (pkey != NULL) {
+		pkey->ameth = ameth;
+		pkey->type = pkey->ameth->pkey_id;
+		pkey->save_type = EVP_PKEY_NONE;
+	}
+
+	return 1;
+}
+
+int
+EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
+{
+	if (!EVP_PKEY_set_type(pkey, type))
+		return 0;
+
+	return (pkey->pkey.ptr = key) != NULL;
 }
 
 EVP_PKEY *
 EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
     const unsigned char *private_key, size_t len)
 {
-	EVP_PKEY *ret;
+	EVP_PKEY *pkey;
 
-	if ((ret = EVP_PKEY_new()) == NULL)
+	if ((pkey = EVP_PKEY_new()) == NULL)
 		goto err;
 
-	if (!pkey_set_type(ret, type, NULL, -1))
+	if (!EVP_PKEY_set_type(pkey, type))
 		goto err;
 
-	if (ret->ameth->set_priv_key == NULL) {
+	if (pkey->ameth->set_priv_key == NULL) {
 		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 		goto err;
 	}
-	if (!ret->ameth->set_priv_key(ret, private_key, len)) {
+	if (!pkey->ameth->set_priv_key(pkey, private_key, len)) {
 		EVPerror(EVP_R_KEY_SETUP_FAILED);
 		goto err;
 	}
 
-	return ret;
+	return pkey;
 
  err:
-	EVP_PKEY_free(ret);
+	EVP_PKEY_free(pkey);
 
 	return NULL;
 }
@@ -293,27 +320,27 @@ EVP_PKEY *
 EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
     const unsigned char *public_key, size_t len)
 {
-	EVP_PKEY *ret;
+	EVP_PKEY *pkey;
 
-	if ((ret = EVP_PKEY_new()) == NULL)
+	if ((pkey = EVP_PKEY_new()) == NULL)
 		goto err;
 
-	if (!pkey_set_type(ret, type, NULL, -1))
+	if (!EVP_PKEY_set_type(pkey, type))
 		goto err;
 
-	if (ret->ameth->set_pub_key == NULL) {
+	if (pkey->ameth->set_pub_key == NULL) {
 		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 		goto err;
 	}
-	if (!ret->ameth->set_pub_key(ret, public_key, len)) {
+	if (!pkey->ameth->set_pub_key(pkey, public_key, len)) {
 		EVPerror(EVP_R_KEY_SETUP_FAILED);
 		goto err;
 	}
 
-	return ret;
+	return pkey;
 
  err:
-	EVP_PKEY_free(ret);
+	EVP_PKEY_free(pkey);
 
 	return NULL;
 }
@@ -354,15 +381,15 @@ EVP_PKEY *
 EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
     const EVP_CIPHER *cipher)
 {
-	EVP_PKEY *ret = NULL;
+	EVP_PKEY *pkey = NULL;
 	CMAC_CTX *cmctx = NULL;
 
-	if ((ret = EVP_PKEY_new()) == NULL)
+	if ((pkey = EVP_PKEY_new()) == NULL)
 		goto err;
 	if ((cmctx = CMAC_CTX_new()) == NULL)
 		goto err;
 
-	if (!pkey_set_type(ret, EVP_PKEY_CMAC, NULL, -1))
+	if (!EVP_PKEY_set_type(pkey, EVP_PKEY_CMAC))
 		goto err;
 
 	if (!CMAC_Init(cmctx, priv, len, cipher, NULL)) {
@@ -370,31 +397,17 @@ EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
 		goto err;
 	}
 
-	ret->pkey.ptr = cmctx;
+	pkey->pkey.ptr = cmctx;
 
-	return ret;
+	return pkey;
 
  err:
-	EVP_PKEY_free(ret);
+	EVP_PKEY_free(pkey);
 	CMAC_CTX_free(cmctx);
+
 	return NULL;
 }
 
-int
-EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
-{
-	return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
-}
-
-int
-EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
-{
-	if (!EVP_PKEY_set_type(pkey, type))
-		return 0;
-	pkey->pkey.ptr = key;
-	return (key != NULL);
-}
-
 void *
 EVP_PKEY_get0(const EVP_PKEY *pkey)
 {
@@ -577,33 +590,6 @@ EVP_PKEY_base_id(const EVP_PKEY *pkey)
 	return EVP_PKEY_type(pkey->type);
 }
 
-void
-EVP_PKEY_free(EVP_PKEY *x)
-{
-	int i;
-
-	if (x == NULL)
-		return;
-
-	i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);
-	if (i > 0)
-		return;
-
-	EVP_PKEY_free_it(x);
-	if (x->attributes)
-		sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
-	free(x);
-}
-
-static void
-EVP_PKEY_free_it(EVP_PKEY *x)
-{
-	if (x->ameth && x->ameth->pkey_free) {
-		x->ameth->pkey_free(x);
-		x->pkey.ptr = NULL;
-	}
-}
-
 static int
 unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr)
 {

lib/libcrypto/man/CMAC_Init.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMAC_Init.3,v 1.4 2020/08/06 22:17:49 schwarze Exp $
+.\" $OpenBSD: CMAC_Init.3,v 1.5 2023/12/25 15:52:18 schwarze Exp $
 .\"
 .\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 6 2020 $
+.Dd $Mdocdate: December 25 2023 $
 .Dt CMAC_INIT 3
 .Os
 .Sh NAME
@@ -38,7 +38,7 @@
 .Fa "const void *key"
 .Fa "size_t key_len"
 .Fa "const EVP_CIPHER *cipher"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo CMAC_Update
@@ -127,22 +127,21 @@ and initializes
 .Fa ctx
 for subsequently feeding in data with
 .Fn CMAC_Update .
-To use the default cipher implementations provided by the library, pass
+The
+.Fa engine
+argument is ignored; passing
 .Dv NULL
-as the
-.Fa impl
-argument.
+is recommended.
 .Pp
 If
 .Fa ctx
 is already initialized,
 .Fn CMAC_Init
 can be called again with
-.Fa key ,
-.Fa cipher ,
+.Fa key
 and
-.Fa impl
-all set to
+.Fa cipher
+both set to
 .Dv NULL
 and
 .Fa key_len

lib/libcrypto/x509/by_dir.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: by_dir.c,v 1.44 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: by_dir.c,v 1.45 2023/12/25 22:14:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -103,13 +103,8 @@ static X509_LOOKUP_METHOD x509_dir_lookup = {
 	.name = "Load certs from files in a directory",
 	.new_item = new_dir,
 	.free = free_dir,
-	.init = NULL,
-	.shutdown = NULL,
 	.ctrl = dir_ctrl,
 	.get_by_subject = get_cert_by_subject,
-	.get_by_issuer_serial = NULL,
-	.get_by_fingerprint = NULL,
-	.get_by_alias = NULL,
 };
 
 X509_LOOKUP_METHOD *

lib/libcrypto/x509/by_file.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: by_file.c,v 1.29 2023/11/30 17:01:04 beck Exp $ */
+/* $OpenBSD: by_file.c,v 1.30 2023/12/25 22:14:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -75,13 +75,8 @@ static X509_LOOKUP_METHOD x509_file_lookup = {
 	.name = "Load file into cache",
 	.new_item = NULL,
 	.free = NULL,
-	.init = NULL,
-	.shutdown = NULL,
 	.ctrl = by_file_ctrl,
 	.get_by_subject = NULL,
-	.get_by_issuer_serial = NULL,
-	.get_by_fingerprint = NULL,
-	.get_by_alias = NULL,
 };
 
 X509_LOOKUP_METHOD *

lib/libcrypto/x509/by_mem.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: by_mem.c,v 1.8 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: by_mem.c,v 1.9 2023/12/25 22:14:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -76,13 +76,8 @@ static X509_LOOKUP_METHOD x509_mem_lookup = {
 	.name = "Load cert from memory",
 	.new_item = NULL,
 	.free = NULL,
-	.init = NULL,
-	.shutdown = NULL,
 	.ctrl = by_mem_ctrl,
 	.get_by_subject = NULL,
-	.get_by_issuer_serial = NULL,
-	.get_by_fingerprint = NULL,
-	.get_by_alias = NULL,
 };
 
 X509_LOOKUP_METHOD *

lib/libcrypto/x509/x509_local.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_local.h,v 1.14 2023/12/22 13:31:35 tb Exp $ */
+/*	$OpenBSD: x509_local.h,v 1.15 2023/12/25 22:14:23 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -248,18 +248,10 @@ struct x509_lookup_method_st {
 	const char *name;
 	int (*new_item)(X509_LOOKUP *ctx);
 	void (*free)(X509_LOOKUP *ctx);
-	int (*init)(X509_LOOKUP *ctx);
-	int (*shutdown)(X509_LOOKUP *ctx);
 	int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
 	    char **ret);
 	int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name,
 	    X509_OBJECT *ret);
-	int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	    ASN1_INTEGER *serial,X509_OBJECT *ret);
-	int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type,
-	    const unsigned char *bytes, int len, X509_OBJECT *ret);
-	int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str,
-	    int len, X509_OBJECT *ret);
 } /* X509_LOOKUP_METHOD */;
 
 struct X509_VERIFY_PARAM_st {

lib/libcrypto/x509/x509_lu.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.60 2023/04/25 18:32:42 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.61 2023/12/25 22:14:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -102,9 +102,8 @@ X509_LOOKUP_init(X509_LOOKUP *ctx)
 {
 	if (ctx->method == NULL)
 		return 0;
-	if (ctx->method->init == NULL)
-		return 1;
-	return ctx->method->init(ctx);
+	/* Historical behavior: make init succeed even without method. */
+	return 1;
 }
 LCRYPTO_ALIAS(X509_LOOKUP_init);
 
@@ -113,9 +112,8 @@ X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
 {
 	if (ctx->method == NULL)
 		return 0;
-	if (ctx->method->shutdown == NULL)
-		return 1;
-	return ctx->method->shutdown(ctx);
+	/* Historical behavior: make shutdown succeed even without method. */
+	return 1;
 }
 LCRYPTO_ALIAS(X509_LOOKUP_shutdown);
 
@@ -145,9 +143,7 @@ int
 X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret)
 {
-	if (ctx->method == NULL || ctx->method->get_by_issuer_serial == NULL)
-		return 0;
-	return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
+	return 0;
 }
 LCRYPTO_ALIAS(X509_LOOKUP_by_issuer_serial);
 
@@ -155,9 +151,7 @@ int
 X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     const unsigned char *bytes, int len, X509_OBJECT *ret)
 {
-	if (ctx->method == NULL || ctx->method->get_by_fingerprint == NULL)
-		return 0;
-	return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
+	return 0;
 }
 LCRYPTO_ALIAS(X509_LOOKUP_by_fingerprint);
 
@@ -165,9 +159,7 @@ int
 X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str,
     int len, X509_OBJECT *ret)
 {
-	if (ctx->method == NULL || ctx->method->get_by_alias == NULL)
-		return 0;
-	return ctx->method->get_by_alias(ctx, type, str, len, ret);
+	return 0;
 }
 LCRYPTO_ALIAS(X509_LOOKUP_by_alias);