Change all calls to low level digest routines in the library and
authorDr. Stephen Henson <steve@openssl.org>
Tue, 19 Jun 2001 22:30:40 +0000 (22:30 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 19 Jun 2001 22:30:40 +0000 (22:30 +0000)
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.

27 files changed:
CHANGES
apps/enc.c
apps/passwd.c
apps/speed.c
crypto/asn1/t_x509.c
crypto/dsa/dsa_gen.c
crypto/dsa/dsa_key.c
crypto/evp/bio_ok.c
crypto/md2/md2test.c
crypto/md4/md4test.c
crypto/md5/md5test.c
crypto/mdc2/mdc2test.c
crypto/pkcs12/p12_mutl.c
crypto/rand/md_rand.c
crypto/rand/rand_lcl.h
crypto/rc4/rc4.c
crypto/ripemd/rmdtest.c
crypto/rsa/rsa_oaep.c
crypto/sha/sha1test.c
crypto/sha/shatest.c
crypto/x509/x509_cmp.c
ssl/s2_lib.c
ssl/s3_clnt.c
ssl/s3_enc.c
ssl/s3_lib.c
ssl/s3_srvr.c
ssl/t1_enc.c

diff --git a/CHANGES b/CHANGES
index 589b105..cf2d4f9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
   +) Add the possibility to control engines through control names but with
      arbitrary arguments instead of just a string.
      Change the key loaders to take a UI_METHOD instead of a callback
index fd25a21..ac3014b 100644 (file)
@@ -66,9 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <ctype.h>
index 53dbe07..750a3cb 100644 (file)
@@ -20,7 +20,7 @@
 # include <openssl/des.h>
 #endif
 #ifndef NO_MD5CRYPT_1
-# include <openssl/md5.h>
+# include <openssl/evp.h>
 #endif
 
 
@@ -310,7 +310,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
        unsigned char buf[MD5_DIGEST_LENGTH];
        char *salt_out;
        int n, i;
-       MD5_CTX md;
+       EVP_MD_CTX md;
        size_t passwd_len, salt_len;
 
        passwd_len = strlen(passwd);
@@ -325,48 +325,48 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
        salt_len = strlen(salt_out);
        assert(salt_len <= 8);
        
-       MD5_Init(&md);
-       MD5_Update(&md, passwd, passwd_len);
-       MD5_Update(&md, "$", 1);
-       MD5_Update(&md, magic, strlen(magic));
-       MD5_Update(&md, "$", 1);
-       MD5_Update(&md, salt_out, salt_len);
+       EVP_DigestInit(&md,EVP_md5());
+       EVP_DigestUpdate(&md, passwd, passwd_len);
+       EVP_DigestUpdate(&md, "$", 1);
+       EVP_DigestUpdate(&md, magic, strlen(magic));
+       EVP_DigestUpdate(&md, "$", 1);
+       EVP_DigestUpdate(&md, salt_out, salt_len);
        
         {
-               MD5_CTX md2;
+               EVP_MD_CTX md2;
 
-               MD5_Init(&md2);
-               MD5_Update(&md2, passwd, passwd_len);
-               MD5_Update(&md2, salt_out, salt_len);
-               MD5_Update(&md2, passwd, passwd_len);
-               MD5_Final(buf, &md2);
+               EVP_DigestInit(&md2,EVP_md5());
+               EVP_DigestUpdate(&md2, passwd, passwd_len);
+               EVP_DigestUpdate(&md2, salt_out, salt_len);
+               EVP_DigestUpdate(&md2, passwd, passwd_len);
+               EVP_DigestFinal(&md2, buf, NULL);
         }
        for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
-               MD5_Update(&md, buf, sizeof buf);
-       MD5_Update(&md, buf, i);
+               EVP_DigestUpdate(&md, buf, sizeof buf);
+       EVP_DigestUpdate(&md, buf, i);
        
        n = passwd_len;
        while (n)
                {
-               MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
+               EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
                n >>= 1;
                }
-       MD5_Final(buf, &md);
+       EVP_DigestFinal(&md, buf, NULL);
 
        for (i = 0; i < 1000; i++)
                {
-               MD5_CTX md2;
+               EVP_MD_CTX md2;
 
-               MD5_Init(&md2);
-               MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
-                                (i & 1) ? passwd_len : sizeof buf);
+               EVP_DigestInit(&md2,EVP_md5());
+               EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
+                                      (i & 1) ? passwd_len : sizeof buf);
                if (i % 3)
-                       MD5_Update(&md2, salt_out, salt_len);
+                       EVP_DigestUpdate(&md2, salt_out, salt_len);
                if (i % 7)
-                       MD5_Update(&md2, passwd, passwd_len);
-               MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
-                                (i & 1) ? sizeof buf : passwd_len);
-               MD5_Final(buf, &md2);
+                       EVP_DigestUpdate(&md2, passwd, passwd_len);
+               EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+                                      (i & 1) ? sizeof buf : passwd_len);
+               EVP_DigestFinal(&md2, buf, NULL);
                }
        
         {
index dd3270f..dbf7732 100644 (file)
@@ -924,7 +924,7 @@ int MAIN(int argc, char **argv)
                        print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
                        Time_F(START,usertime);
                        for (count=0,run=1; COND(c[D_MD2][j]); count++)
-                               MD2(buf,(unsigned long)lengths[j],&(md2[0]));
+                               EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2());
                        d=Time_F(STOP,usertime);
                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                count,names[D_MD2],d);
@@ -940,7 +940,7 @@ int MAIN(int argc, char **argv)
                        print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
                        Time_F(START,usertime);
                        for (count=0,run=1; COND(c[D_MDC2][j]); count++)
-                               MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
+                               EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2());
                        d=Time_F(STOP,usertime);
                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                count,names[D_MDC2],d);
@@ -957,7 +957,7 @@ int MAIN(int argc, char **argv)
                        print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
                        Time_F(START,usertime);
                        for (count=0,run=1; COND(c[D_MD4][j]); count++)
-                               MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
+                               EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4());
                        d=Time_F(STOP,usertime);
                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                count,names[D_MD4],d);
@@ -974,7 +974,7 @@ int MAIN(int argc, char **argv)
                        print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
                        Time_F(START,usertime);
                        for (count=0,run=1; COND(c[D_MD5][j]); count++)
-                               MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
+                               EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_md5());
                        d=Time_F(STOP,usertime);
                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                count,names[D_MD5],d);
@@ -1005,6 +1005,7 @@ int MAIN(int argc, char **argv)
                                count,names[D_HMAC],d);
                        results[D_HMAC][j]=((double)count)/d*lengths[j];
                        }
+               HMAC_cleanup(&hctx);
                }
 #endif
 #ifndef OPENSSL_NO_SHA
@@ -1015,7 +1016,7 @@ int MAIN(int argc, char **argv)
                        print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
                        Time_F(START,usertime);
                        for (count=0,run=1; COND(c[D_SHA1][j]); count++)
-                               SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
+                               EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1());
                        d=Time_F(STOP,usertime);
                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                count,names[D_SHA1],d);
@@ -1031,7 +1032,7 @@ int MAIN(int argc, char **argv)
                        print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
                        Time_F(START,usertime);
                        for (count=0,run=1; COND(c[D_RMD160][j]); count++)
-                               RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
+                               EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160());
                        d=Time_F(STOP,usertime);
                        BIO_printf(bio_err,"%ld %s's in %.2fs\n",
                                count,names[D_RMD160],d);
index 17ed9f2..0bba086 100644 (file)
@@ -259,7 +259,6 @@ int X509_ocspid_print (BIO *bp, X509 *x)
        unsigned char *dertmp;
        int derlen;
        int i;
-       SHA_CTX SHA1buf ;
        unsigned char SHA1md[SHA_DIGEST_LENGTH];
 
        /* display the hash of the subject as it would appear
@@ -271,9 +270,7 @@ int X509_ocspid_print (BIO *bp, X509 *x)
                goto err;
        i2d_X509_NAME(x->cert_info->subject, &dertmp);
 
-       SHA1_Init(&SHA1buf);
-       SHA1_Update(&SHA1buf, der, derlen);
-       SHA1_Final(SHA1md,&SHA1buf);
+       EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1());
        for (i=0; i < SHA_DIGEST_LENGTH; i++)
                {
                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
@@ -286,10 +283,8 @@ int X509_ocspid_print (BIO *bp, X509 *x)
        if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
                goto err;
 
-       SHA1_Init(&SHA1buf);
-       SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
-               x->cert_info->key->public_key->length);
-       SHA1_Final(SHA1md,&SHA1buf);
+       EVP_Digest(x->cert_info->key->public_key->data,
+               x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1());
        for (i=0; i < SHA_DIGEST_LENGTH; i++)
                {
                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
index 0b61177..7440e91 100644 (file)
 #ifdef GENUINE_DSA
 /* Parameter generation follows the original release of FIPS PUB 186,
  * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    SHA
+#define HASH    EVP_sha()
 #else
 /* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
  * FIPS PUB 180-1) */
-#define HASH    SHA1
+#define HASH    EVP_sha1()
 #endif 
 
 #ifndef OPENSSL_NO_SHA
@@ -74,7 +74,7 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
@@ -158,8 +158,8 @@ DSA *DSA_generate_parameters(int bits,
                                }
 
                        /* step 2 */
-                       HASH(seed,SHA_DIGEST_LENGTH,md);
-                       HASH(buf,SHA_DIGEST_LENGTH,buf2);
+                       EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH);
+                       EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH);
                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
                                md[i]^=buf2[i];
 
@@ -206,7 +206,7 @@ DSA *DSA_generate_parameters(int bits,
                                        if (buf[i] != 0) break;
                                        }
 
-                               HASH(buf,SHA_DIGEST_LENGTH,md);
+                               EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH);
 
                                /* step 8 */
                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
index bd5d0ce..ef87c3e 100644 (file)
@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/sha.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
index e617ce1..1703a24 100644 (file)
@@ -162,7 +162,7 @@ typedef struct ok_struct
        EVP_MD_CTX md;
        int blockout;           /* output block is ready */ 
        int sigio;              /* must process signature */
-       char buf[IOBS];
+       unsigned char buf[IOBS];
        } BIO_OK_CTX;
 
 static BIO_METHOD methods_ok=
@@ -474,7 +474,7 @@ static void sig_out(BIO* b)
        ctx->buf_len+= md->digest->md_size;
 
        EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-       md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+       EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL);
        ctx->buf_len+= md->digest->md_size;
        ctx->blockout= 1;
        ctx->sigio= 0;
@@ -498,7 +498,7 @@ static void sig_in(BIO* b)
        ctx->buf_off+= md->digest->md_size;
 
        EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-       md->digest->final(tmp, &(md->md.base[0]));
+       EVP_DigestFinal(md, tmp, NULL);
        ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
        ctx->buf_off+= md->digest->md_size;
        if(ret == 1)
@@ -531,7 +531,7 @@ static void block_out(BIO* b)
        memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
        tl= swapem(tl);
        EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-       md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+       EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL);
        ctx->buf_len+= md->digest->md_size;
        ctx->blockout= 1;
        }
@@ -551,7 +551,7 @@ static void block_in(BIO* b)
        if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
  
        EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-       md->digest->final(tmp, &(md->md.base[0]));
+       EVP_DigestFinal(md, tmp, NULL);
        if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
                {
                /* there might be parts from next block lurking around ! */
index 70725ef..7890147 100644 (file)
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md2.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -100,13 +100,15 @@ int main(int argc, char *argv[])
        int i,err=0;
        char **P,**R;
        char *p;
+       unsigned char md[MD2_DIGEST_LENGTH];
 
        P=test;
        R=ret;
        i=1;
        while (*P != NULL)
                {
-               p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
+               EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2());
+               p=pt(md);
                if (strcmp(p,*R) != 0)
                        {
                        printf("error calculating MD2 on '%s'\n",*P);
index 78bcd43..9e8cadb 100644 (file)
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md4.h>
+#include <openssl/evp.h>
 
 static char *test[]={
        "",
@@ -96,13 +96,15 @@ int main(int argc, char *argv[])
        int i,err=0;
        unsigned char **P,**R;
        char *p;
+       unsigned char md[MD4_DIGEST_LENGTH];
 
        P=(unsigned char **)test;
        R=(unsigned char **)ret;
        i=1;
        while (*P != NULL)
                {
-               p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+               EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4());
+               p=pt(md);
                if (strcmp(p,(char *)*R) != 0)
                        {
                        printf("error calculating MD4 on '%s'\n",*P);
index cf8cf51..4e64319 100644 (file)
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md5.h>
+#include <openssl/evp.h>
 
 static char *test[]={
        "",
@@ -96,13 +96,15 @@ int main(int argc, char *argv[])
        int i,err=0;
        unsigned char **P,**R;
        char *p;
+       unsigned char md[MD5_DIGEST_LENGTH];
 
        P=(unsigned char **)test;
        R=(unsigned char **)ret;
        i=1;
        while (*P != NULL)
                {
-               p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+               EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5());
+               p=pt(md);
                if (strcmp(p,(char *)*R) != 0)
                        {
                        printf("error calculating MD5 on '%s'\n",*P);
index 6a50e9d..9507fed 100644 (file)
@@ -71,7 +71,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/mdc2.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -92,16 +92,16 @@ int main(int argc, char *argv[])
        int ret=0;
        unsigned char md[MDC2_DIGEST_LENGTH];
        int i;
-       MDC2_CTX c;
+       EVP_MD_CTX c;
        static char *text="Now is the time for all ";
 
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(text,text,strlen(text));
 #endif
 
-       MDC2_Init(&c);
-       MDC2_Update(&c,(unsigned char *)text,strlen(text));
-       MDC2_Final(&(md[0]),&c);
+       EVP_DigestInit(&c,EVP_mdc2());
+       EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+       EVP_DigestFinal(&c,&(md[0]),NULL);
 
        if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
                {
@@ -116,10 +116,10 @@ int main(int argc, char *argv[])
        else
                printf("pad1 - ok\n");
 
-       MDC2_Init(&c);
-       c.pad_type=2;
-       MDC2_Update(&c,(unsigned char *)text,strlen(text));
-       MDC2_Final(&(md[0]),&c);
+       EVP_DigestInit(&c,EVP_mdc2());
+       c.md.mdc2.pad_type=2;
+       EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+       EVP_DigestFinal(&c,&(md[0]),NULL);
 
        if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
                {
index 32b6e17..f67715e 100644 (file)
@@ -89,6 +89,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
        HMAC_Update (&hmac, p12->authsafes->d.data->data,
                                         p12->authsafes->d.data->length);
        HMAC_Final (&hmac, mac, maclen);
+       HMAC_cleanup (&hmac);
        return 1;
 }
 
index d4d2f36..1c87f21 100644 (file)
@@ -264,7 +264,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
                        
                MD_Update(&m,buf,j);
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-               MD_Final(local_md,&m);
+               MD_Final(&m,local_md);
                md_c[1]++;
 
                buf=(const char *)buf + j;
@@ -457,7 +457,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
                        }
                else
                        MD_Update(&m,&(state[st_idx]),j);
-               MD_Final(local_md,&m);
+               MD_Final(&m,local_md);
 
                for (i=0; i<j; i++)
                        {
@@ -473,7 +473,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
        MD_Update(&m,local_md,MD_DIGEST_LENGTH);
        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
        MD_Update(&m,md,MD_DIGEST_LENGTH);
-       MD_Final(md,&m);
+       MD_Final(&m,md);
        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
        memset(&m,0,sizeof(m));
index 1d96707..44d7cbb 100644 (file)
 #endif
 #endif
 
+#include <openssl/evp.h>
+#define MD_CTX                 EVP_MD_CTX
+#define MD_Update(a,b,c)       EVP_DigestUpdate(a,b,c)
+#define        MD_Final(a,b)           EVP_DigestFinal(a,b,NULL)
 #if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
 #define MD_DIGEST_LENGTH       MD5_DIGEST_LENGTH
-#define        MD(a,b,c)               MD5(a,b,c)
+#define MD_Init(a)             EVP_DigestInit(a,EVP_md5())
+#define        MD(a,b,c)               EVP_Digest(a,b,c,EVP_md5())
 #elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
 #define MD_DIGEST_LENGTH       SHA_DIGEST_LENGTH
-#define        MD(a,b,c)               SHA1(a,b,c)
+#define MD_Init(a)             EVP_DigestInit(a,EVP_sha1())
+#define        MD(a,b,c)               EVP_Digest(a,b,c,EVP_sha1())
 #elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH       MDC2_DIGEST_LENGTH
-#define        MD(a,b,c)               MDC2(a,b,c)
+#define MD_Init(a)             EVP_DigestInit(a,EVP_mdc2())
+#define        MD(a,b,c)               EVP_Digest(a,b,c,EVP_mdc2())
 #elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
 #define MD_DIGEST_LENGTH       MD2_DIGEST_LENGTH
-#define        MD(a,b,c)               MD2(a,b,c)
-#endif
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH       MD5_DIGEST_LENGTH
-#define MD_CTX                 MD5_CTX
-#define MD_Init(a)             MD5_Init(a)
-#define MD_Update(a,b,c)       MD5_Update(a,b,c)
-#define        MD_Final(a,b)           MD5_Final(a,b)
-#define        MD(a,b,c)               MD5(a,b,c)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH       SHA_DIGEST_LENGTH
-#define MD_CTX                 SHA_CTX
-#define MD_Init(a)             SHA1_Init(a)
-#define MD_Update(a,b,c)       SHA1_Update(a,b,c)
-#define        MD_Final(a,b)           SHA1_Final(a,b)
-#define        MD(a,b,c)               SHA1(a,b,c)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH       MDC2_DIGEST_LENGTH
-#define MD_CTX                 MDC2_CTX
-#define MD_Init(a)             MDC2_Init(a)
-#define MD_Update(a,b,c)       MDC2_Update(a,b,c)
-#define        MD_Final(a,b)           MDC2_Final(a,b)
-#define        MD(a,b,c)               MDC2(a,b,c)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH       MD2_DIGEST_LENGTH
-#define MD_CTX                 MD2_CTX
-#define MD_Init(a)             MD2_Init(a)
-#define MD_Update(a,b,c)       MD2_Update(a,b,c)
-#define        MD_Final(a,b)           MD2_Final(a,b)
-#define        MD(a,b,c)               MD2(a,b,c)
+#define MD_Init(a)             EVP_DigestInit(a,EVP_md2())
+#define        MD(a,b,c)               EVP_Digest(a,b,c,EVP_md2())
 #endif
 
 
index 75616c3..c2165b0 100644 (file)
@@ -162,7 +162,7 @@ bad:
                keystr=buf;
                }
 
-       MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+       EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
        memset(keystr,0,strlen(keystr));
        RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
        
index 6bc90d5..e1aae63 100644 (file)
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/ripemd.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -102,6 +102,7 @@ int main(int argc, char *argv[])
        int i,err=0;
        unsigned char **P,**R;
        char *p;
+       unsigned char md[RIPEMD160_DIGEST_LENGTH];
 
        P=(unsigned char **)test;
        R=(unsigned char **)ret;
@@ -111,7 +112,8 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
                ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
 #endif
-               p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+               EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160());
+               p=pt(md);
                if (strcmp(p,(char *)*R) != 0)
                        {
                        printf("error calculating RIPEMD160 on '%s'\n",*P);
index a489639..8da765e 100644 (file)
@@ -24,7 +24,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <openssl/rand.h>
 
 int MGF1(unsigned char *mask, long len,
@@ -62,7 +62,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
     seed = to + 1;
     db = to + SHA_DIGEST_LENGTH + 1;
 
-    SHA1(param, plen, db);
+    EVP_Digest((void *)param, plen, db, NULL, EVP_sha1());
     memset(db + SHA_DIGEST_LENGTH, 0,
           emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
     db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
@@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
     for (i = 0; i < dblen; i++)
        db[i] ^= maskeddb[i];
 
-    SHA1(param, plen, phash);
+    EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1());
 
     if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
        goto decoding_err;
@@ -159,24 +159,24 @@ int MGF1(unsigned char *mask, long len,
     {
     long i, outlen = 0;
     unsigned char cnt[4];
-    SHA_CTX c;
+    EVP_MD_CTX c;
     unsigned char md[SHA_DIGEST_LENGTH];
 
     for (i = 0; outlen < len; i++)
        {
        cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
          cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
-       SHA1_Init(&c);
-       SHA1_Update(&c, seed, seedlen);
-       SHA1_Update(&c, cnt, 4);
+       EVP_DigestInit(&c,EVP_sha1());
+       EVP_DigestUpdate(&c, seed, seedlen);
+       EVP_DigestUpdate(&c, cnt, 4);
        if (outlen + SHA_DIGEST_LENGTH <= len)
            {
-           SHA1_Final(mask + outlen, &c);
+           EVP_DigestFinal(&c, mask + outlen, NULL);
            outlen += SHA_DIGEST_LENGTH;
            }
        else
            {
-           SHA1_Final(md, &c);
+           EVP_DigestFinal(&c, md, NULL);
            memcpy(mask + outlen, md, len - outlen);
            outlen = len;
            }
index 3b09039..a915981 100644 (file)
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -106,7 +106,7 @@ int main(int argc, char *argv[])
        unsigned char **P,**R;
        static unsigned char buf[1000];
        char *p,*r;
-       SHA_CTX c;
+       EVP_MD_CTX c;
        unsigned char md[SHA_DIGEST_LENGTH];
 
 #ifdef CHARSET_EBCDIC
@@ -119,7 +119,8 @@ int main(int argc, char *argv[])
        i=1;
        while (*P != NULL)
                {
-               p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL));
+               EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1());
+               p=pt(md);
                if (strcmp(p,(char *)*R) != 0)
                        {
                        printf("error calculating SHA1 on '%s'\n",*P);
@@ -137,10 +138,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-       SHA1_Init(&c);
+       EVP_DigestInit(&c,EVP_sha1());
        for (i=0; i<1000; i++)
-               SHA1_Update(&c,buf,1000);
-       SHA1_Final(md,&c);
+               EVP_DigestUpdate(&c,buf,1000);
+       EVP_DigestFinal(&c,md,NULL);
        p=pt(md);
 
        r=bigret;
index d3bc4b5..d492c15 100644 (file)
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -106,7 +106,7 @@ int main(int argc, char *argv[])
        unsigned char **P,**R;
        static unsigned char buf[1000];
        char *p,*r;
-       SHA_CTX c;
+       EVP_MD_CTX c;
        unsigned char md[SHA_DIGEST_LENGTH];
 
 #ifdef CHARSET_EBCDIC
@@ -119,7 +119,8 @@ int main(int argc, char *argv[])
        i=1;
        while (*P != NULL)
                {
-               p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL));
+               EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha());
+               p=pt(md);
                if (strcmp(p,(char *)*R) != 0)
                        {
                        printf("error calculating SHA on '%s'\n",*P);
@@ -137,10 +138,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-       SHA_Init(&c);
+       EVP_DigestInit(&c,EVP_sha());
        for (i=0; i<1000; i++)
-               SHA_Update(&c,buf,1000);
-       SHA_Final(md,&c);
+               EVP_DigestUpdate(&c,buf,1000);
+       EVP_DigestFinal(&c,md,NULL);
        p=pt(md);
 
        r=bigret;
index 7900185..1334ff6 100644 (file)
@@ -79,17 +79,17 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 unsigned long X509_issuer_and_serial_hash(X509 *a)
        {
        unsigned long ret=0;
-       MD5_CTX ctx;
+       EVP_MD_CTX ctx;
        unsigned char md[16];
        char str[256];
 
        X509_NAME_oneline(a->cert_info->issuer,str,256);
        ret=strlen(str);
-       MD5_Init(&ctx);
-       MD5_Update(&ctx,(unsigned char *)str,ret);
-       MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+       EVP_DigestInit(&ctx,EVP_md5());
+       EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);
+       EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
                (unsigned long)a->cert_info->serialNumber->length);
-       MD5_Final(&(md[0]),&ctx);
+       EVP_DigestFinal(&ctx,&(md[0]),NULL);
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
                )&0xffffffffL;
index 09fde61..40ca377 100644 (file)
@@ -61,7 +61,7 @@
 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
-#include <openssl/md5.h>
+#include <openssl/evp.h>
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -415,7 +415,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 void ssl2_generate_key_material(SSL *s)
        {
        unsigned int i;
-       MD5_CTX ctx;
+       EVP_MD_CTX ctx;
        unsigned char *km;
        unsigned char c='0';
 
@@ -427,14 +427,14 @@ void ssl2_generate_key_material(SSL *s)
        km=s->s2->key_material;
        for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
                {
-               MD5_Init(&ctx);
+               EVP_DigestInit(&ctx,EVP_md5());
 
-               MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
-               MD5_Update(&ctx,&c,1);
+               EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+               EVP_DigestUpdate(&ctx,&c,1);
                c++;
-               MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
-               MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
-               MD5_Final(km,&ctx);
+               EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
+               EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
+               EVP_DigestFinal(&ctx,km,NULL);
                km+=MD5_DIGEST_LENGTH;
                }
        }
index 625e1ae..a700c64 100644 (file)
@@ -60,8 +60,6 @@
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "ssl_locl.h"
 
index d1c1946..2fbfead 100644 (file)
@@ -57,8 +57,6 @@
  */
 
 #include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "ssl_locl.h"
 
@@ -83,8 +81,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
 
 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        {
-       MD5_CTX m5;
-       SHA_CTX s1;
+       EVP_MD_CTX m5;
+       EVP_MD_CTX s1;
        unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
        unsigned char c='A';
        int i,j,k;
@@ -106,25 +104,25 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
                for (j=0; j<k; j++)
                        buf[j]=c;
                c++;
-               SHA1_Init(  &s1);
-               SHA1_Update(&s1,buf,k);
-               SHA1_Update(&s1,s->session->master_key,
+               EVP_DigestInit(&s1,EVP_sha1());
+               EVP_DigestUpdate(&s1,buf,k);
+               EVP_DigestUpdate(&s1,s->session->master_key,
                        s->session->master_key_length);
-               SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
-               SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
-               SHA1_Final( smd,&s1);
+               EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
+               EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
+               EVP_DigestFinal(&s1,smd,NULL);
 
-               MD5_Init(  &m5);
-               MD5_Update(&m5,s->session->master_key,
+               EVP_DigestInit(&m5,EVP_md5());
+               EVP_DigestUpdate(&m5,s->session->master_key,
                        s->session->master_key_length);
-               MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
+               EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
                if ((i+MD5_DIGEST_LENGTH) > num)
                        {
-                       MD5_Final(smd,&m5);
+                       EVP_DigestFinal(&m5,smd,NULL);
                        memcpy(km,smd,(num-i));
                        }
                else
-                       MD5_Final(km,&m5);
+                       EVP_DigestFinal(&m5,km,NULL);
 
                km+=MD5_DIGEST_LENGTH;
                }
@@ -142,7 +140,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
        const EVP_CIPHER *c;
        COMP_METHOD *comp;
        const EVP_MD *m;
-       MD5_CTX md;
+       EVP_MD_CTX md;
        int exp,n,i,j,k,cl;
 
        exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
@@ -252,19 +250,19 @@ int ssl3_change_cipher_state(SSL *s, int which)
                /* In here I set both the read and write key/iv to the
                 * same value since only the correct one will be used :-).
                 */
-               MD5_Init(&md);
-               MD5_Update(&md,key,j);
-               MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-               MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-               MD5_Final(&(exp_key[0]),&md);
+               EVP_DigestInit(&md,EVP_md5());
+               EVP_DigestUpdate(&md,key,j);
+               EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
+               EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
+               EVP_DigestFinal(&md,&(exp_key[0]),NULL);
                key= &(exp_key[0]);
 
                if (k > 0)
                        {
-                       MD5_Init(&md);
-                       MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-                       MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-                       MD5_Final(&(exp_iv[0]),&md);
+                       EVP_DigestInit(&md,EVP_md5());
+                       EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
+                       EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
+                       EVP_DigestFinal(&md,&(exp_iv[0]),NULL);
                        iv= &(exp_iv[0]);
                        }
                }
index 31f4f80..1c57296 100644 (file)
  */
 
 #include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
index 0b0ecee..09fcc59 100644 (file)
@@ -64,8 +64,6 @@
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include "ssl_locl.h"
index d3a15e3..97d92ca 100644 (file)
@@ -58,8 +58,6 @@
 
 #include <stdio.h>
 #include <openssl/comp.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include "ssl_locl.h"
@@ -78,6 +76,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
        chunk=EVP_MD_size(md);
 
        HMAC_Init(&ctx,sec,sec_len,md);
+       HMAC_Init(&ctx_tmp,sec,sec_len,md);
        HMAC_Update(&ctx,seed,seed_len);
        HMAC_Final(&ctx,A1,&A1_len);
 
@@ -85,8 +84,9 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
        for (;;)
                {
                HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
+               HMAC_Init(&ctx_tmp,NULL,0,NULL); /* re-init */
                HMAC_Update(&ctx,A1,A1_len);
-               memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
+               HMAC_Update(&ctx_tmp,A1,A1_len);
                HMAC_Update(&ctx,seed,seed_len);
 
                if (olen > chunk)
@@ -642,6 +642,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
        HMAC_Update(&hmac,buf,5);
        HMAC_Update(&hmac,rec->input,rec->length);
        HMAC_Final(&hmac,md,&md_size);
+       HMAC_cleanup(&hmac);
 
 #ifdef TLS_DEBUG
 printf("sec=");