Add EVP_MD_CTX_get0_md

OpenSSL deprecated `EVP_MD_CTX_md`, presumably because they now have
non-static `EVP_MD` objects which can be freed and thus wanted to
differentiate between `get0` and `get1` functions.

Either way, missing this function adds some friction for people wanting
to support BoringSSL so this CL adds it as an alias.

Change-Id: I39dfd8fb5a3e2344256be18b8939c790d1aeade6
Bug: 380295071
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73687
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Auto-Submit: Adam Langley <agl@google.com>

crypto/fipsmodule/digest/digest.cc.inc

diff --git a/crypto/fipsmodule/digest/digest.cc.inc b/crypto/fipsmodule/digest/digest.cc.inc
index 0f7cb9e..ea39d44 100644
--- a/crypto/fipsmodule/digest/digest.cc.inc
+++ b/crypto/fipsmodule/digest/digest.cc.inc
@@ -266,24 +266,27 @@
   return ret;
 }
 
-
-const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) {
+const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx) {
   if (ctx == NULL) {
     return NULL;
   }
   return ctx->digest;
 }
 
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) {
+  return EVP_MD_CTX_get0_md(ctx);
+}
+
 size_t EVP_MD_CTX_size(const EVP_MD_CTX *ctx) {
-  return EVP_MD_size(EVP_MD_CTX_md(ctx));
+  return EVP_MD_size(EVP_MD_CTX_get0_md(ctx));
 }
 
 size_t EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx) {
-  return EVP_MD_block_size(EVP_MD_CTX_md(ctx));
+  return EVP_MD_block_size(EVP_MD_CTX_get0_md(ctx));
 }
 
 int EVP_MD_CTX_type(const EVP_MD_CTX *ctx) {
-  return EVP_MD_type(EVP_MD_CTX_md(ctx));
+  return EVP_MD_type(EVP_MD_CTX_get0_md(ctx));
 }
 
 int EVP_add_digest(const EVP_MD *digest) { return 1; }

crypto/fipsmodule/service_indicator/service_indicator.cc.inc

diff --git a/crypto/fipsmodule/service_indicator/service_indicator.cc.inc b/crypto/fipsmodule/service_indicator/service_indicator.cc.inc
index a6cecf3..6620c05 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator.cc.inc
+++ b/crypto/fipsmodule/service_indicator/service_indicator.cc.inc
@@ -186,7 +186,7 @@
 
 static void evp_md_ctx_verify_service_indicator(const EVP_MD_CTX *ctx,
                                                 int (*md_ok)(int md_type)) {
-  if (EVP_MD_CTX_md(ctx) == NULL) {
+  if (EVP_MD_CTX_get0_md(ctx) == NULL) {
     // Signature schemes without a prehash are currently never FIPS approved.
     return;
   }

crypto/x509/algorithm.cc

diff --git a/crypto/x509/algorithm.cc b/crypto/x509/algorithm.cc
index 2d3f4d3..b006f9f 100644
--- a/crypto/x509/algorithm.cc
+++ b/crypto/x509/algorithm.cc
@@ -98,7 +98,7 @@
 
   // Default behavior: look up the OID for the algorithm/hash pair and encode
   // that.
-  const EVP_MD *digest = EVP_MD_CTX_md(ctx);
+  const EVP_MD *digest = EVP_MD_CTX_get0_md(ctx);
   if (digest == NULL) {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
     return 0;

include/openssl/digest.h

diff --git a/include/openssl/digest.h b/include/openssl/digest.h
index 6e88999..c3130dc 100644
--- a/include/openssl/digest.h
+++ b/include/openssl/digest.h
@@ -226,8 +226,13 @@
 
 // Digest operation accessors.
 
+// EVP_MD_CTX_get0_md returns the underlying digest function, or NULL if one has
+// not been set.
+OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
+
 // EVP_MD_CTX_md returns the underlying digest function, or NULL if one has not
-// been set.
+// been set. (This is the same as |EVP_MD_CTX_get0_md| but OpenSSL has
+// deprecated this spelling.)
 OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
 
 // EVP_MD_CTX_size returns the digest size of |ctx|, in bytes. It

ssl/ssl_transcript.cc

diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc
index e8e9461..da6a45e 100644
--- a/ssl/ssl_transcript.cc
+++ b/ssl/ssl_transcript.cc
@@ -233,7 +233,7 @@
 size_t SSLTranscript::DigestLen() const { return EVP_MD_size(Digest()); }
 
 const EVP_MD *SSLTranscript::Digest() const {
-  return EVP_MD_CTX_md(hash_.get());
+  return EVP_MD_CTX_get0_md(hash_.get());
 }
 
 bool SSLTranscript::UpdateForHelloRetryRequest() {