From 20d2186c87dabec56c6da48961a779843724a019 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 16 Oct 2001 01:24:29 +0000 Subject: [PATCH] Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() with existing code. Modify library to use digest *_ex() functions. --- CHANGES | 10 +++++++++ apps/passwd.c | 12 +++++------ apps/speed.c | 13 ++++++------ crypto/asn1/a_digest.c | 4 ++-- crypto/asn1/a_sign.c | 4 ++-- crypto/asn1/a_verify.c | 4 ++-- crypto/asn1/n_pkey.c | 4 ++-- crypto/asn1/t_x509.c | 4 ++-- crypto/dsa/dsa_gen.c | 6 +++--- crypto/evp/bio_md.c | 8 +++---- crypto/evp/bio_ok.c | 14 ++++++------- crypto/evp/digest.c | 22 +++++++++++++++++--- crypto/evp/evp.h | 13 ++++++++---- crypto/evp/evp_key.c | 8 +++---- crypto/evp/evp_test.c | 4 ++-- crypto/evp/p5_crpt.c | 16 +++++++------- crypto/evp/p_sign.c | 6 +++--- crypto/evp/p_verify.c | 4 ++-- crypto/hmac/hmac.c | 16 +++++++------- crypto/md2/md2test.c | 2 +- crypto/md4/md4test.c | 2 +- crypto/md5/md5test.c | 2 +- crypto/mdc2/mdc2test.c | 8 +++---- crypto/ocsp/ocsp_lib.c | 2 +- crypto/pem/pem_sign.c | 2 +- crypto/pkcs12/p12_key.c | 14 ++++++------- crypto/pkcs7/pk7_doit.c | 12 +++++------ crypto/rand/rand_lcl.h | 10 ++++----- crypto/ripemd/rmdtest.c | 2 +- crypto/rsa/rsa_oaep.c | 10 ++++----- crypto/sha/sha1test.c | 6 +++--- crypto/sha/shatest.c | 6 +++--- crypto/x509/x509_cmp.c | 6 +++--- crypto/x509/x_all.c | 2 +- crypto/x509v3/v3_skey.c | 2 +- ssl/s2_clnt.c | 2 +- ssl/s2_enc.c | 4 ++-- ssl/s2_lib.c | 4 ++-- ssl/s2_srvr.c | 2 +- ssl/s3_clnt.c | 8 +++---- ssl/s3_enc.c | 46 ++++++++++++++++++++--------------------- ssl/s3_srvr.c | 8 +++---- ssl/t1_enc.c | 12 +++++------ 43 files changed, 189 insertions(+), 157 deletions(-) diff --git a/CHANGES b/CHANGES index df2d24ddd6..0cdc0f5003 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,16 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain + compatibility with existing code. In particular the 'ctx' parameter is + not assumed to be valid before the call to EVP_DigestInit() and it is tidied + up after a call to EVP_DigestFinal(). A new function EVP_DigestFinal_ex() + but does not free up the ctx. Also change function EVP_MD_CTX_copy() to + assume the destination is uninitialized: EVP_MD_CTX_copy_ex() do assumes + the destiation is valid. Also modify all the OpenSSL digest calls to call + EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). + [Steve Henson] + +) Change ssl3_get_message (ssl/s3_both.c) and the functions using it so that complete 'Handshake' protocol structures are kept in memory instead of overwriting 'msg_type' and 'length' with 'body' data. diff --git a/apps/passwd.c b/apps/passwd.c index 0641602d04..bb395c35a1 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -327,7 +327,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) assert(salt_len <= 8); EVP_MD_CTX_init(&md); - EVP_DigestInit(&md,EVP_md5()); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); EVP_DigestUpdate(&md, passwd, passwd_len); EVP_DigestUpdate(&md, "$", 1); EVP_DigestUpdate(&md, magic, strlen(magic)); @@ -335,11 +335,11 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) EVP_DigestUpdate(&md, salt_out, salt_len); EVP_MD_CTX_init(&md2); - EVP_DigestInit(&md2,EVP_md5()); + EVP_DigestInit_ex(&md2,EVP_md5(), NULL); EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestFinal(&md2, buf, NULL); + EVP_DigestFinal_ex(&md2, buf, NULL); for (i = passwd_len; i > sizeof buf; i -= sizeof buf) EVP_DigestUpdate(&md, buf, sizeof buf); @@ -351,11 +351,11 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } - EVP_DigestFinal(&md, buf, NULL); + EVP_DigestFinal_ex(&md, buf, NULL); for (i = 0; i < 1000; i++) { - EVP_DigestInit(&md2,EVP_md5()); + EVP_DigestInit_ex(&md2,EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf, (i & 1) ? passwd_len : sizeof buf); if (i % 3) @@ -364,7 +364,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd, (i & 1) ? sizeof buf : passwd_len); - EVP_DigestFinal(&md2, buf, NULL); + EVP_DigestFinal_ex(&md2, buf, NULL); } EVP_MD_CTX_cleanup(&md2); diff --git a/apps/speed.c b/apps/speed.c index aeb2fa7fd7..3c359e3d6b 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -944,7 +944,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MD2],c[D_MD2][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD2][j]); count++) - EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2()); + EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(), NULL); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD2],d); @@ -960,7 +960,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MDC2][j]); count++) - EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2()); + EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(), NULL); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MDC2],d); @@ -977,7 +977,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MD4],c[D_MD4][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD4][j]); count++) - EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4()); + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(), NULL); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD4],d); @@ -994,7 +994,8 @@ int MAIN(int argc, char **argv) print_message(names[D_MD5],c[D_MD5][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD5][j]); count++) - EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5")); + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL, + EVP_get_digestbyname("md5"), NULL); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD5],d); @@ -1038,7 +1039,7 @@ int MAIN(int argc, char **argv) print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_SHA1][j]); count++) - EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1()); + EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(), NULL); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_SHA1],d); @@ -1054,7 +1055,7 @@ int MAIN(int argc, char **argv) print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_RMD160][j]); count++) - EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160()); + EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(), NULL); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_RMD160],d); diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index 3243beadd2..4931e222a0 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -82,7 +82,7 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data, p=str; i2d(data,&p); - EVP_Digest(str, i, md, len, type); + EVP_Digest(str, i, md, len, type, NULL); OPENSSL_free(str); return(1); } @@ -99,7 +99,7 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, i=ASN1_item_i2d(asn,&str, it); if (!str) return(0); - EVP_Digest(str, i, md, len, type); + EVP_Digest(str, i, md, len, type, NULL); OPENSSL_free(str); return(1); } diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 6cc5c37ded..fc65b4ea56 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -123,7 +123,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, p=buf_in; i2d(data,&p); - EVP_SignInit(&ctx,type); + EVP_SignInit_ex(&ctx,type, NULL); EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, (unsigned int *)&outl,pkey)) @@ -199,7 +199,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, goto err; } - EVP_SignInit(&ctx,type); + EVP_SignInit_ex(&ctx,type, NULL); EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, (unsigned int *)&outl,pkey)) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 59ba322839..bf41de5146 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -100,7 +100,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature, p=buf_in; i2d(data,&p); - EVP_VerifyInit(&ctx,type); + EVP_VerifyInit_ex(&ctx,type, NULL); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); memset(buf_in,0,(unsigned int)inl); @@ -150,7 +150,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat goto err; } - EVP_VerifyInit(&ctx,type); + EVP_VerifyInit_ex(&ctx,type, NULL); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); memset(buf_in,0,(unsigned int)inl); diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 9bfd0218ab..7a1d9ba39a 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -196,7 +196,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) i = strlen((char *)buf); /* If the key is used for SGC the algorithm is modified a little. */ if(sgckey) { - EVP_Digest(buf, i, buf, NULL, EVP_md5()); + EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); memcpy(buf + 16, "SGCKEYSALT", 10); i = 26; } @@ -284,7 +284,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, i = strlen((char *)buf); if(sgckey){ - EVP_Digest(buf, i, buf, NULL, EVP_md5()); + EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); memcpy(buf + 16, "SGCKEYSALT", 10); i = 26; } diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 454c695eb2..5de4833ed0 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -270,7 +270,7 @@ int X509_ocspid_print (BIO *bp, X509 *x) goto err; i2d_X509_NAME(x->cert_info->subject, &dertmp); - EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1()); + EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); for (i=0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; @@ -284,7 +284,7 @@ int X509_ocspid_print (BIO *bp, X509 *x) goto err; EVP_Digest(x->cert_info->key->public_key->data, - x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1()); + x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL); for (i=0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 0dc00191ab..dc9c249310 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -159,8 +159,8 @@ DSA *DSA_generate_parameters(int bits, } /* step 2 */ - EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH); - EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH); + EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); + EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); for (i=0; iinit) - EVP_DigestInit(ctx,ctx->digest); + EVP_DigestInit_ex(ctx,ctx->digest, NULL); else ret=0; ret=BIO_ctrl(b->next_bio,cmd,num,ptr); @@ -207,13 +207,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_SET_MD: md=ptr; - EVP_DigestInit(ctx,md); + EVP_DigestInit_ex(ctx,md, NULL); b->init=1; break; case BIO_CTRL_DUP: dbio=ptr; dctx=dbio->ptr; - EVP_MD_CTX_copy(dctx,ctx); + EVP_MD_CTX_copy_ex(dctx,ctx); b->init=1; break; default: @@ -246,7 +246,7 @@ static int md_gets(BIO *bp, char *buf, int size) ctx=bp->ptr; if (size < ctx->digest->md_size) return(0); - EVP_DigestFinal(ctx,(unsigned char *)buf,&ret); + EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret); return((int)ret); } diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 6b00741e47..3cbc6e7848 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -415,7 +415,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_SET_MD: md=ptr; - EVP_DigestInit(&ctx->md,md); + EVP_DigestInit_ex(&ctx->md, md, NULL); b->init=1; break; case BIO_C_GET_MD: @@ -470,7 +470,7 @@ static void sig_out(BIO* b) if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return; - EVP_DigestInit(md, md->digest); + EVP_DigestInit_ex(md, md->digest, NULL); /* FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ @@ -480,7 +480,7 @@ static void sig_out(BIO* b) ctx->buf_len+= md->digest->md_size; EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); - EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL); + EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; ctx->blockout= 1; ctx->sigio= 0; @@ -498,13 +498,13 @@ static void sig_in(BIO* b) if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return; - EVP_DigestInit(md, md->digest); + EVP_DigestInit_ex(md, md->digest, NULL); memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); longswap(md->md_data, md->digest->md_size); ctx->buf_off+= md->digest->md_size; EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); - EVP_DigestFinal(md, tmp, NULL); + EVP_DigestFinal_ex(md, tmp, NULL); ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; ctx->buf_off+= md->digest->md_size; if(ret == 1) @@ -537,7 +537,7 @@ static void block_out(BIO* b) memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); tl= swapem(tl); EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); - EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL); + EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; ctx->blockout= 1; } @@ -557,7 +557,7 @@ static void block_in(BIO* b) if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); - EVP_DigestFinal(md, tmp, NULL); + EVP_DigestFinal_ex(md, tmp, NULL); if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0) { /* there might be parts from next block lurking around ! */ diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index aa1729012e..b0c8e0a968 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -131,6 +131,7 @@ EVP_MD_CTX *EVP_MD_CTX_create(void) int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { + EVP_MD_CTX_init(ctx); return EVP_DigestInit_ex(ctx, type, NULL); } @@ -199,6 +200,15 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, /* The caller can assume that this removes any secret data from the context */ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + { + int ret; + ret = EVP_DigestFinal_ex(ctx, md, size); + EVP_MD_CTX_cleanup(ctx); + return ret; + } + +/* The caller can assume that this removes any secret data from the context */ +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; ret=ctx->digest->final(ctx,md); @@ -214,6 +224,12 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) } int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) + { + EVP_MD_CTX_init(out); + return EVP_MD_CTX_copy_ex(out, in); + } + +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { if ((in == NULL) || (in->digest == NULL)) { @@ -243,16 +259,16 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) } int EVP_Digest(void *data, unsigned int count, - unsigned char *md, unsigned int *size, const EVP_MD *type) + unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX ctx; int ret; EVP_MD_CTX_init(&ctx); EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); - ret=EVP_DigestInit(&ctx, type) + ret=EVP_DigestInit_ex(&ctx, type, impl) && EVP_DigestUpdate(&ctx, data, count) - && EVP_DigestFinal(&ctx, md, size); + && EVP_DigestFinal_ex(&ctx, md, size); EVP_MD_CTX_cleanup(&ctx); return ret; diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 718b3d5ecb..ff3c797d98 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -425,8 +425,10 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) +#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) #define EVP_SignInit(a,b) EVP_DigestInit(a,b) #define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) #define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) #define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) #define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) @@ -457,17 +459,20 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx); int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); EVP_MD_CTX *EVP_MD_CTX_create(void); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); #define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) #define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) #define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, unsigned int cnt); -int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_Digest(void *data, unsigned int count, - unsigned char *md, unsigned int *size, const EVP_MD *type); + unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); + +int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); void EVP_set_pw_prompt(char *prompt); diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 802e6de3b5..9d9b0af8de 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -121,19 +121,19 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, EVP_MD_CTX_init(&c); for (;;) { - EVP_DigestInit(&c,md); + EVP_DigestInit_ex(&c,md, NULL); if (addmd++) EVP_DigestUpdate(&c,&(md_buf[0]),mds); EVP_DigestUpdate(&c,data,datal); if (salt != NULL) EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN); - EVP_DigestFinal(&c,&(md_buf[0]),&mds); + EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); for (i=1; i<(unsigned int)count; i++) { - EVP_DigestInit(&c,md); + EVP_DigestInit_ex(&c,md, NULL); EVP_DigestUpdate(&c,&(md_buf[0]),mds); - EVP_DigestFinal(&c,&(md_buf[0]),&mds); + EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); } i=0; if (nkey) diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index da34c47bed..435bb09ee7 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -245,7 +245,7 @@ static int test_digest(const char *digest, hexdump(stdout,"Digest",ciphertext,cn); EVP_MD_CTX_init(&ctx); - if(!EVP_DigestInit(&ctx,d)) + if(!EVP_DigestInit_ex(&ctx,d, NULL)) { fprintf(stderr,"DigestInit failed\n"); exit(100); @@ -255,7 +255,7 @@ static int test_digest(const char *digest, fprintf(stderr,"DigestUpdate failed\n"); exit(101); } - if(!EVP_DigestFinal(&ctx,md,&mdn)) + if(!EVP_DigestFinal_ex(&ctx,md,&mdn)) { fprintf(stderr,"DigestFinal failed\n"); exit(101); diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index f05273f257..cbe904d495 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -129,19 +129,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, else if(passlen == -1) passlen = strlen(pass); EVP_MD_CTX_init(&ctx); - EVP_DigestInit (&ctx, md); - EVP_DigestUpdate (&ctx, pass, passlen); - EVP_DigestUpdate (&ctx, salt, saltlen); + EVP_DigestInit_ex(&ctx, md, NULL); + EVP_DigestUpdate(&ctx, pass, passlen); + EVP_DigestUpdate(&ctx, salt, saltlen); PBEPARAM_free(pbe); - EVP_DigestFinal (&ctx, md_tmp, NULL); + EVP_DigestFinal_ex(&ctx, md_tmp, NULL); for (i = 1; i < iter; i++) { - EVP_DigestInit(&ctx, md); + EVP_DigestInit_ex(&ctx, md, NULL); EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); - EVP_DigestFinal (&ctx, md_tmp, NULL); + EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); - memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher)); - memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), + memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit(cctx, cipher, key, iv, en_de); memset(md_tmp, 0, EVP_MAX_MD_SIZE); diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 340dd05c8c..e4ae5906f5 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -65,7 +65,7 @@ #ifdef undef void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) { - EVP_DigestInit(ctx,type); + EVP_DigestInit_ex(ctx,type); } void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, @@ -85,8 +85,8 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, *siglen=0; EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy(&tmp_ctx,ctx); - EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); EVP_MD_CTX_cleanup(&tmp_ctx); for (i=0; i<4; i++) { diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index af175b84f7..d854d743a5 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -86,8 +86,8 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, return(-1); } EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy(&tmp_ctx,ctx); - EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); EVP_MD_CTX_cleanup(&tmp_ctx); if (ctx->digest->verify == NULL) { diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 4403c84269..a2a49d986a 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -80,9 +80,9 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, j=EVP_MD_block_size(md); if (j < len) { - EVP_DigestInit(&ctx->md_ctx,md); + EVP_DigestInit_ex(&ctx->md_ctx,md, NULL); EVP_DigestUpdate(&ctx->md_ctx,key,len); - EVP_DigestFinal(&(ctx->md_ctx),ctx->key, + EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, &ctx->key_length); } else @@ -99,15 +99,15 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, { for (i=0; ikey[i]; - EVP_DigestInit(&ctx->i_ctx,md); + EVP_DigestInit_ex(&ctx->i_ctx,md, NULL); EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); for (i=0; ikey[i]; - EVP_DigestInit(&ctx->o_ctx,md); + EVP_DigestInit_ex(&ctx->o_ctx,md, NULL); EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); } - EVP_MD_CTX_copy(&ctx->md_ctx,&ctx->i_ctx); + EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); } void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) @@ -123,10 +123,10 @@ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) j=EVP_MD_block_size(ctx->md); - EVP_DigestFinal(&ctx->md_ctx,buf,&i); - EVP_MD_CTX_copy(&ctx->md_ctx,&ctx->o_ctx); + EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i); + EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx); EVP_DigestUpdate(&ctx->md_ctx,buf,i); - EVP_DigestFinal(&ctx->md_ctx,md,len); + EVP_DigestFinal_ex(&ctx->md_ctx,md,len); } void HMAC_CTX_init(HMAC_CTX *ctx) diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index c629280ed6..7d3664faf5 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -108,7 +108,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2()); + EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2(), NULL); p=pt(md); if (strcmp(p,*R) != 0) { diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c index 59ad0a3ab8..e0fdc42282 100644 --- a/crypto/md4/md4test.c +++ b/crypto/md4/md4test.c @@ -104,7 +104,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4()); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index b10cd59471..862b89658a 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -104,7 +104,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5()); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c index acb517e0cb..6db546025d 100644 --- a/crypto/mdc2/mdc2test.c +++ b/crypto/mdc2/mdc2test.c @@ -101,9 +101,9 @@ int main(int argc, char *argv[]) #endif EVP_MD_CTX_init(&c); - EVP_DigestInit(&c,EVP_mdc2()); + EVP_DigestInit_ex(&c,EVP_mdc2(), NULL); EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text)); - EVP_DigestFinal(&c,&(md[0]),NULL); + EVP_DigestFinal_ex(&c,&(md[0]),NULL); if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0) { @@ -118,11 +118,11 @@ int main(int argc, char *argv[]) else printf("pad1 - ok\n"); - EVP_DigestInit(&c,EVP_mdc2()); + EVP_DigestInit_ex(&c,EVP_mdc2(), NULL); /* FIXME: use a ctl function? */ ((MDC2_CTX *)c.md_data)->pad_type=2; EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text)); - EVP_DigestFinal(&c,&(md[0]),NULL); + EVP_DigestFinal_ex(&c,&(md[0]),NULL); if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0) { diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 1ff8f4f423..3875af165c 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -123,7 +123,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err; /* Calculate the issuerKey hash, excluding tag and length */ - EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst); + EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL); if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err; diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c index 42d598dd78..c3b9808cb2 100644 --- a/crypto/pem/pem_sign.c +++ b/crypto/pem/pem_sign.c @@ -66,7 +66,7 @@ void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) { - EVP_DigestInit(ctx,type); + EVP_DigestInit_ex(ctx, type, NULL); } void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 2defeda518..1a405676f8 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -148,14 +148,14 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; for (;;) { - EVP_DigestInit (&ctx, md_type); - EVP_DigestUpdate (&ctx, D, v); - EVP_DigestUpdate (&ctx, I, Ilen); - EVP_DigestFinal (&ctx, Ai, NULL); + EVP_DigestInit_ex(&ctx, md_type, NULL); + EVP_DigestUpdate(&ctx, D, v); + EVP_DigestUpdate(&ctx, I, Ilen); + EVP_DigestFinal_ex(&ctx, Ai, NULL); for (j = 1; j < iter; j++) { - EVP_DigestInit (&ctx, md_type); - EVP_DigestUpdate (&ctx, Ai, u); - EVP_DigestFinal (&ctx, Ai, NULL); + EVP_DigestInit_ex(&ctx, md_type, NULL); + EVP_DigestUpdate(&ctx, Ai, u); + EVP_DigestFinal_ex(&ctx, Ai, NULL); } memcpy (out, Ai, min (n, u)); if (u >= n) { diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 4ff021e323..4cc30554c5 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -538,7 +538,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_init(&ctx_tmp); - EVP_MD_CTX_copy(&ctx_tmp,mdc); + EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) { PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); @@ -565,7 +565,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* Add digest */ md_tmp=EVP_MD_CTX_md(&ctx_tmp); - EVP_DigestFinal(&ctx_tmp,md_data,&md_len); + EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); digest=M_ASN1_OCTET_STRING_new(); M_ASN1_OCTET_STRING_set(digest,md_data,md_len); PKCS7_add_signed_attribute(si, @@ -573,7 +573,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) V_ASN1_OCTET_STRING,digest); /* Now sign the attributes */ - EVP_SignInit(&ctx_tmp,md_tmp); + EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf, ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); if(!abuf) goto err; @@ -729,7 +729,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, /* mdc is the digest ctx that we want, unless there are attributes, * in which case the digest is the signed attributes */ - EVP_MD_CTX_copy(&mdc_tmp,mdc); + EVP_MD_CTX_copy_ex(&mdc_tmp,mdc); sk=si->auth_attr; if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) @@ -738,7 +738,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, unsigned int md_len, alen; ASN1_OCTET_STRING *message_digest; - EVP_DigestFinal(&mdc_tmp,md_dat,&md_len); + EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); message_digest=PKCS7_digest_from_attributes(sk); if (!message_digest) { @@ -763,7 +763,7 @@ for (ii=0; ii #define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) -#define MD_Final(a,b) EVP_DigestFinal(a,b,NULL) +#define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL) #if defined(USE_MD5_RAND) #include #define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit(a,EVP_md5()) +#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL) #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5()) #elif defined(USE_SHA1_RAND) #include #define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit(a,EVP_sha1()) +#define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1()) #elif defined(USE_MDC2_RAND) #include #define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit(a,EVP_mdc2()) +#define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL) #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2()) #elif defined(USE_MD2_RAND) #include #define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit(a,EVP_md2()) +#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL) #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2()) #endif diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c index 59786c2904..19e9741db2 100644 --- a/crypto/ripemd/rmdtest.c +++ b/crypto/ripemd/rmdtest.c @@ -113,7 +113,7 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P)); #endif - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160()); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index fb7ce08cfa..e3f7c608ec 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -63,7 +63,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, seed = to + 1; db = to + SHA_DIGEST_LENGTH + 1; - EVP_Digest((void *)param, plen, db, NULL, EVP_sha1()); + EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); memset(db + SHA_DIGEST_LENGTH, 0, emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; @@ -134,7 +134,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; - EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1()); + EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) goto decoding_err; @@ -185,17 +185,17 @@ int MGF1(unsigned char *mask, long len, cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit(&c,EVP_sha1()); + EVP_DigestInit_ex(&c,EVP_sha1(), NULL); EVP_DigestUpdate(&c, seed, seedlen); EVP_DigestUpdate(&c, cnt, 4); if (outlen + SHA_DIGEST_LENGTH <= len) { - EVP_DigestFinal(&c, mask + outlen, NULL); + EVP_DigestFinal_ex(&c, mask + outlen, NULL); outlen += SHA_DIGEST_LENGTH; } else { - EVP_DigestFinal(&c, md, NULL); + EVP_DigestFinal_ex(&c, md, NULL); memcpy(mask + outlen, md, len - outlen); outlen = len; } diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index bddfff0c85..499a1cf5af 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -121,7 +121,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1()); + EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { @@ -140,10 +140,10 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); #endif /*CHARSET_EBCDIC*/ - EVP_DigestInit(&c,EVP_sha1()); + EVP_DigestInit_ex(&c,EVP_sha1(), NULL); for (i=0; i<1000; i++) EVP_DigestUpdate(&c,buf,1000); - EVP_DigestFinal(&c,md,NULL); + EVP_DigestFinal_ex(&c,md,NULL); p=pt(md); r=bigret; diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c index 9face50453..331294a74f 100644 --- a/crypto/sha/shatest.c +++ b/crypto/sha/shatest.c @@ -121,7 +121,7 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha()); + EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL); p=pt(md); if (strcmp(p,(char *)*R) != 0) { @@ -140,10 +140,10 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); #endif /*CHARSET_EBCDIC*/ - EVP_DigestInit(&c,EVP_sha()); + EVP_DigestInit_ex(&c,EVP_sha(), NULL); for (i=0; i<1000; i++) EVP_DigestUpdate(&c,buf,1000); - EVP_DigestFinal(&c,md,NULL); + EVP_DigestFinal_ex(&c,md,NULL); p=pt(md); r=bigret; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index e711de228c..cd20b6d66f 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -86,11 +86,11 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) EVP_MD_CTX_init(&ctx); X509_NAME_oneline(a->cert_info->issuer,str,256); ret=strlen(str); - EVP_DigestInit(&ctx,EVP_md5()); + EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, (unsigned long)a->cert_info->serialNumber->length); - EVP_DigestFinal(&ctx,&(md[0]),NULL); + EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) )&0xffffffffL; @@ -204,7 +204,7 @@ unsigned long X509_NAME_hash(X509_NAME *x) /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x,NULL); - EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5()); + EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 69920e6d03..fb5015cd4d 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -331,7 +331,7 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, ASN1_BIT_STRING *key; key = X509_get0_pubkey_bitstr(data); if(!key) return 0; - return EVP_Digest(key->data, key->length, md, len, type); + return EVP_Digest(key->data, key->length, md, len, type, NULL); } int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 94bc6b8c2e..c0f044ac1b 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -129,7 +129,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, goto err; } - EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1()); + EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 6551d0b363..85b97b61de 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -767,7 +767,7 @@ static int client_certificate(SSL *s) * do it first so we can reuse buf :-) */ p=buf; EVP_MD_CTX_init(&ctx); - EVP_SignInit(&ctx,s->ctx->rsa_md5); + EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL); EVP_SignUpdate(&ctx,s->s2->key_material, (unsigned int)s->s2->key_material_length); EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 91e56eba91..b4187bbbdd 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -170,13 +170,13 @@ void ssl2_mac(SSL *s, unsigned char *md, int send) /* There has to be a MAC algorithm. */ EVP_MD_CTX_init(&c); - EVP_DigestInit(&c,s->read_hash); + EVP_DigestInit_ex(&c, s->read_hash, NULL); EVP_DigestUpdate(&c,sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx)); EVP_DigestUpdate(&c,act,len); /* the above line also does the pad data */ EVP_DigestUpdate(&c,sequence,4); - EVP_DigestFinal(&c,md,NULL); + EVP_DigestFinal_ex(&c,md,NULL); EVP_MD_CTX_cleanup(&c); } #else /* !OPENSSL_NO_SSL2 */ diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 9b40059cf1..f231e07886 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -428,14 +428,14 @@ void ssl2_generate_key_material(SSL *s) km=s->s2->key_material; for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) { - EVP_DigestInit(&ctx,EVP_md5()); + EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); - EVP_DigestFinal(&ctx,km,NULL); + EVP_DigestFinal_ex(&ctx,km,NULL); km+=MD5_DIGEST_LENGTH; } EVP_MD_CTX_cleanup(&ctx); diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 3bd83793b7..f4f11103b6 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -911,7 +911,7 @@ static int request_certificate(SSL *s) EVP_PKEY *pkey=NULL; EVP_MD_CTX_init(&ctx); - EVP_VerifyInit(&ctx,s->ctx->rsa_md5); + EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL); EVP_VerifyUpdate(&ctx,s->s2->key_material, (unsigned int)s->s2->key_material_length); EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 9791a0d8e8..8ebba65722 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1089,12 +1089,12 @@ static int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { - EVP_DigestInit(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1); + EVP_DigestInit_ex(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); - EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i); + EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); q+=i; j+=i; } @@ -1120,7 +1120,7 @@ static int ssl3_get_key_exchange(SSL *s) if (pkey->type == EVP_PKEY_DSA) { /* lets do DSS */ - EVP_VerifyInit(&md_ctx,EVP_dss1()); + EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL); EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index df5cd732ca..833fea83c1 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -107,25 +107,25 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (j=0; jsession->master_key, s->session->master_key_length); EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); - EVP_DigestFinal(&s1,smd,NULL); + EVP_DigestFinal_ex(&s1,smd,NULL); - EVP_DigestInit(&m5,EVP_md5()); + EVP_DigestInit_ex(&m5,EVP_md5(), NULL); EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); if ((i+MD5_DIGEST_LENGTH) > num) { - EVP_DigestFinal(&m5,smd,NULL); + EVP_DigestFinal_ex(&m5,smd,NULL); memcpy(km,smd,(num-i)); } else - EVP_DigestFinal(&m5,km,NULL); + EVP_DigestFinal_ex(&m5,km,NULL); km+=MD5_DIGEST_LENGTH; } @@ -256,19 +256,19 @@ int ssl3_change_cipher_state(SSL *s, int which) /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ - EVP_DigestInit(&md,EVP_md5()); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); EVP_DigestUpdate(&md,key,j); EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); - EVP_DigestFinal(&md,&(exp_key[0]),NULL); + EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL); key= &(exp_key[0]); if (k > 0) { - EVP_DigestInit(&md,EVP_md5()); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); - EVP_DigestFinal(&md,&(exp_iv[0]),NULL); + EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL); iv= &(exp_iv[0]); } } @@ -421,8 +421,8 @@ int ssl3_enc(SSL *s, int send) void ssl3_init_finished_mac(SSL *s) { - EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5); - EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1); + EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); + EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); } void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) @@ -457,7 +457,7 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy(&ctx,in_ctx); + EVP_MD_CTX_copy_ex(&ctx,in_ctx); n=EVP_MD_CTX_size(&ctx); npad=(48/n)*n; @@ -467,14 +467,14 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, EVP_DigestUpdate(&ctx,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); - EVP_DigestFinal(&ctx,md_buf,&i); + EVP_DigestFinal_ex(&ctx,md_buf,&i); - EVP_DigestInit(&ctx,EVP_MD_CTX_md(&ctx)); + EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); EVP_DigestUpdate(&ctx,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&ctx,md_buf,i); - EVP_DigestFinal(&ctx,p,&ret); + EVP_DigestFinal_ex(&ctx,p,&ret); EVP_MD_CTX_cleanup(&ctx); @@ -512,7 +512,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) /* Chop the digest off the end :-) */ EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit( &md_ctx,hash); + EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); EVP_DigestUpdate(&md_ctx,seq,8); @@ -522,13 +522,13 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) s2n(rec->length,p); EVP_DigestUpdate(&md_ctx,md,2); EVP_DigestUpdate(&md_ctx,rec->input,rec->length); - EVP_DigestFinal( &md_ctx,md,NULL); + EVP_DigestFinal_ex( &md_ctx,md,NULL); - EVP_DigestInit( &md_ctx,hash); + EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&md_ctx,md,md_size); - EVP_DigestFinal( &md_ctx,md,&md_size); + EVP_DigestFinal_ex( &md_ctx,md,&md_size); EVP_MD_CTX_cleanup(&md_ctx); @@ -563,19 +563,19 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, EVP_MD_CTX_init(&ctx); for (i=0; i<3; i++) { - EVP_DigestInit(&ctx,s->ctx->sha1); + EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i])); EVP_DigestUpdate(&ctx,p,len); EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]), SSL3_RANDOM_SIZE); EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestFinal(&ctx,buf,&n); + EVP_DigestFinal_ex(&ctx,buf,&n); - EVP_DigestInit(&ctx,s->ctx->md5); + EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL); EVP_DigestUpdate(&ctx,p,len); EVP_DigestUpdate(&ctx,buf,n); - EVP_DigestFinal(&ctx,out,&n); + EVP_DigestFinal_ex(&ctx,out,&n); out+=n; ret+=n; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ab2478d01c..29545715d8 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1174,12 +1174,12 @@ static int ssl3_send_server_key_exchange(SSL *s) j=0; for (num=2; num > 0; num--) { - EVP_DigestInit(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1); + EVP_DigestInit_ex(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(d[4]),n); - EVP_DigestFinal(&md_ctx,q, + EVP_DigestFinal_ex(&md_ctx,q, (unsigned int *)&i); q+=i; j+=i; @@ -1199,7 +1199,7 @@ static int ssl3_send_server_key_exchange(SSL *s) if (pkey->type == EVP_PKEY_DSA) { /* lets do DSS */ - EVP_SignInit(&md_ctx,EVP_dss1()); + EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_SignUpdate(&md_ctx,&(d[4]),n); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a6502772e8..c37b41775f 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -576,8 +576,8 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out) EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy(&ctx,in_ctx); - EVP_DigestFinal(&ctx,out,&ret); + EVP_MD_CTX_copy_ex(&ctx,in_ctx); + EVP_DigestFinal_ex(&ctx,out,&ret); EVP_MD_CTX_cleanup(&ctx); return((int)ret); } @@ -595,11 +595,11 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, q+=slen; EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy(&ctx,in1_ctx); - EVP_DigestFinal(&ctx,q,&i); + EVP_MD_CTX_copy_ex(&ctx,in1_ctx); + EVP_DigestFinal_ex(&ctx,q,&i); q+=i; - EVP_MD_CTX_copy(&ctx,in2_ctx); - EVP_DigestFinal(&ctx,q,&i); + EVP_MD_CTX_copy_ex(&ctx,in2_ctx); + EVP_DigestFinal_ex(&ctx,q,&i); q+=i; tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), -- 2.34.1