Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.

CHANGES

@@ -11,6 +11,11 @@
          *) applies to 0.9.6a (/0.9.6b) and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
   +) Add the possibility to control engines through control names but with
      arbitrary arguments instead of just a string.
      Change the key loaders to take a UI_METHOD instead of a callback

apps/enc.c

@@ -66,9 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <ctype.h>

apps/passwd.c

@@ -20,7 +20,7 @@
 # include <openssl/des.h>
 #endif
 #ifndef NO_MD5CRYPT_1
-# include <openssl/md5.h>
+# include <openssl/evp.h>
 #endif
 
 
@@ -310,7 +310,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	unsigned char buf[MD5_DIGEST_LENGTH];
 	char *salt_out;
 	int n, i;
-	MD5_CTX md;
+	EVP_MD_CTX md;
 	size_t passwd_len, salt_len;
 
 	passwd_len = strlen(passwd);
@@ -325,48 +325,48 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
 	
-	MD5_Init(&md);
-	MD5_Update(&md, passwd, passwd_len);
-	MD5_Update(&md, "$", 1);
-	MD5_Update(&md, magic, strlen(magic));
-	MD5_Update(&md, "$", 1);
-	MD5_Update(&md, salt_out, salt_len);
+	EVP_DigestInit(&md,EVP_md5());
+	EVP_DigestUpdate(&md, passwd, passwd_len);
+	EVP_DigestUpdate(&md, "$", 1);
+	EVP_DigestUpdate(&md, magic, strlen(magic));
+	EVP_DigestUpdate(&md, "$", 1);
+	EVP_DigestUpdate(&md, salt_out, salt_len);
 	
 	 {
-		MD5_CTX md2;
+		EVP_MD_CTX md2;
 
-		MD5_Init(&md2);
-		MD5_Update(&md2, passwd, passwd_len);
-		MD5_Update(&md2, salt_out, salt_len);
-		MD5_Update(&md2, passwd, passwd_len);
-		MD5_Final(buf, &md2);
+		EVP_DigestInit(&md2,EVP_md5());
+		EVP_DigestUpdate(&md2, passwd, passwd_len);
+		EVP_DigestUpdate(&md2, salt_out, salt_len);
+		EVP_DigestUpdate(&md2, passwd, passwd_len);
+		EVP_DigestFinal(&md2, buf, NULL);
 	 }
 	for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
-		MD5_Update(&md, buf, sizeof buf);
-	MD5_Update(&md, buf, i);
+		EVP_DigestUpdate(&md, buf, sizeof buf);
+	EVP_DigestUpdate(&md, buf, i);
 	
 	n = passwd_len;
 	while (n)
 		{
-		MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
+		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
 		n >>= 1;
 		}
-	MD5_Final(buf, &md);
+	EVP_DigestFinal(&md, buf, NULL);
 
 	for (i = 0; i < 1000; i++)
 		{
-		MD5_CTX md2;
+		EVP_MD_CTX md2;
 
-		MD5_Init(&md2);
-		MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
-		                 (i & 1) ? passwd_len : sizeof buf);
+		EVP_DigestInit(&md2,EVP_md5());
+		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
+		                       (i & 1) ? passwd_len : sizeof buf);
 		if (i % 3)
-			MD5_Update(&md2, salt_out, salt_len);
+			EVP_DigestUpdate(&md2, salt_out, salt_len);
 		if (i % 7)
-			MD5_Update(&md2, passwd, passwd_len);
-		MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
-		                 (i & 1) ? sizeof buf : passwd_len);
-		MD5_Final(buf, &md2);
+			EVP_DigestUpdate(&md2, passwd, passwd_len);
+		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+		                       (i & 1) ? sizeof buf : passwd_len);
+		EVP_DigestFinal(&md2, buf, NULL);
 		}
 	
 	 {

apps/speed.c

@@ -924,7 +924,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD2][j]); count++)
-				MD2(buf,(unsigned long)lengths[j],&(md2[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD2],d);
@@ -940,7 +940,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MDC2][j]); count++)
-				MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MDC2],d);
@@ -957,7 +957,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD4][j]); count++)
-				MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD4],d);
@@ -974,7 +974,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_md5());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD5],d);
@@ -1005,6 +1005,7 @@ int MAIN(int argc, char **argv)
 				count,names[D_HMAC],d);
 			results[D_HMAC][j]=((double)count)/d*lengths[j];
 			}
+		HMAC_cleanup(&hctx);
 		}
 #endif
 #ifndef OPENSSL_NO_SHA
@@ -1015,7 +1016,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
-				SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_SHA1],d);
@@ -1031,7 +1032,7 @@ int MAIN(int argc, char **argv)
 			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
-				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160());
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_RMD160],d);

crypto/asn1/t_x509.c

@@ -259,7 +259,6 @@ int X509_ocspid_print (BIO *bp, X509 *x)
 	unsigned char *dertmp;
 	int derlen;
 	int i;
-	SHA_CTX SHA1buf ;
 	unsigned char SHA1md[SHA_DIGEST_LENGTH];
 
 	/* display the hash of the subject as it would appear
@@ -271,9 +270,7 @@ int X509_ocspid_print (BIO *bp, X509 *x)
 		goto err;
 	i2d_X509_NAME(x->cert_info->subject, &dertmp);
 
-	SHA1_Init(&SHA1buf);
-	SHA1_Update(&SHA1buf, der, derlen);
-	SHA1_Final(SHA1md,&SHA1buf);
+	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1());
 	for (i=0; i < SHA_DIGEST_LENGTH; i++)
 		{
 		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
@@ -286,10 +283,8 @@ int X509_ocspid_print (BIO *bp, X509 *x)
 	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
 		goto err;
 
-	SHA1_Init(&SHA1buf);
-	SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
-		x->cert_info->key->public_key->length);
-	SHA1_Final(SHA1md,&SHA1buf);
+	EVP_Digest(x->cert_info->key->public_key->data,
+		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1());
 	for (i=0; i < SHA_DIGEST_LENGTH; i++)
 		{
 		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)

crypto/dsa/dsa_gen.c

@@ -61,12 +61,12 @@
 #ifdef GENUINE_DSA
 /* Parameter generation follows the original release of FIPS PUB 186,
  * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    SHA
+#define HASH    EVP_sha()
 #else
 /* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
  * FIPS PUB 180-1) */
-#define HASH    SHA1
+#define HASH    EVP_sha1()
 #endif 
 
 #ifndef OPENSSL_NO_SHA
@@ -74,7 +74,7 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
@@ -158,8 +158,8 @@ DSA *DSA_generate_parameters(int bits,
 				}
 
 			/* step 2 */
-			HASH(seed,SHA_DIGEST_LENGTH,md);
-			HASH(buf,SHA_DIGEST_LENGTH,buf2);
+			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH);
+			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH);
 			for (i=0; i<SHA_DIGEST_LENGTH; i++)
 				md[i]^=buf2[i];
 
@@ -206,7 +206,7 @@ DSA *DSA_generate_parameters(int bits,
 					if (buf[i] != 0) break;
 					}
 
-				HASH(buf,SHA_DIGEST_LENGTH,md);
+				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH);
 
 				/* step 8 */
 				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))

crypto/dsa/dsa_key.c

@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/sha.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>

crypto/evp/bio_ok.c

@@ -162,7 +162,7 @@ typedef struct ok_struct
 	EVP_MD_CTX md;
 	int blockout;		/* output block is ready */ 
 	int sigio;		/* must process signature */
-	char buf[IOBS];
+	unsigned char buf[IOBS];
 	} BIO_OK_CTX;
 
 static BIO_METHOD methods_ok=
@@ -474,7 +474,7 @@ static void sig_out(BIO* b)
 	ctx->buf_len+= md->digest->md_size;
 
 	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL);
 	ctx->buf_len+= md->digest->md_size;
 	ctx->blockout= 1;
 	ctx->sigio= 0;
@@ -498,7 +498,7 @@ static void sig_in(BIO* b)
 	ctx->buf_off+= md->digest->md_size;
 
 	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	md->digest->final(tmp, &(md->md.base[0]));
+	EVP_DigestFinal(md, tmp, NULL);
 	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
 	ctx->buf_off+= md->digest->md_size;
 	if(ret == 1)
@@ -531,7 +531,7 @@ static void block_out(BIO* b)
 	memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
 	tl= swapem(tl);
 	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL);
 	ctx->buf_len+= md->digest->md_size;
 	ctx->blockout= 1;
 	}
@@ -551,7 +551,7 @@ static void block_in(BIO* b)
 	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
  
 	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	md->digest->final(tmp, &(md->md.base[0]));
+	EVP_DigestFinal(md, tmp, NULL);
 	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
 		{
 		/* there might be parts from next block lurking around ! */

crypto/md2/md2test.c

@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md2.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -100,13 +100,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	char **P,**R;
 	char *p;
+	unsigned char md[MD2_DIGEST_LENGTH];
 
 	P=test;
 	R=ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
+		EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2());
+		p=pt(md);
 		if (strcmp(p,*R) != 0)
 			{
 			printf("error calculating MD2 on '%s'\n",*P);

crypto/md4/md4test.c

@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md4.h>
+#include <openssl/evp.h>
 
 static char *test[]={
 	"",
@@ -96,13 +96,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[MD4_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating MD4 on '%s'\n",*P);

crypto/md5/md5test.c

@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/md5.h>
+#include <openssl/evp.h>
 
 static char *test[]={
 	"",
@@ -96,13 +96,15 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[MD5_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating MD5 on '%s'\n",*P);

crypto/mdc2/mdc2test.c

@@ -71,7 +71,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/mdc2.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -92,16 +92,16 @@ int main(int argc, char *argv[])
 	int ret=0;
 	unsigned char md[MDC2_DIGEST_LENGTH];
 	int i;
-	MDC2_CTX c;
+	EVP_MD_CTX c;
 	static char *text="Now is the time for all ";
 
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(text,text,strlen(text));
 #endif
 
-	MDC2_Init(&c);
-	MDC2_Update(&c,(unsigned char *)text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
+	EVP_DigestInit(&c,EVP_mdc2());
+	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+	EVP_DigestFinal(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
 		{
@@ -116,10 +116,10 @@ int main(int argc, char *argv[])
 	else
 		printf("pad1 - ok\n");
 
-	MDC2_Init(&c);
-	c.pad_type=2;
-	MDC2_Update(&c,(unsigned char *)text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
+	EVP_DigestInit(&c,EVP_mdc2());
+	c.md.mdc2.pad_type=2;
+	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+	EVP_DigestFinal(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
 		{

crypto/pkcs12/p12_mutl.c

@@ -89,6 +89,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
     	HMAC_Update (&hmac, p12->authsafes->d.data->data,
 					 p12->authsafes->d.data->length);
     	HMAC_Final (&hmac, mac, maclen);
+    	HMAC_cleanup (&hmac);
 	return 1;
 }
 

crypto/rand/md_rand.c

@@ -264,7 +264,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 			
 		MD_Update(&m,buf,j);
 		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-		MD_Final(local_md,&m);
+		MD_Final(&m,local_md);
 		md_c[1]++;
 
 		buf=(const char *)buf + j;
@@ -457,7 +457,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 			}
 		else
 			MD_Update(&m,&(state[st_idx]),j);
-		MD_Final(local_md,&m);
+		MD_Final(&m,local_md);
 
 		for (i=0; i<j; i++)
 			{
@@ -473,7 +473,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
-	MD_Final(md,&m);
+	MD_Final(&m,md);
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	memset(&m,0,sizeof(m));

crypto/rand/rand_lcl.h

@@ -129,55 +129,26 @@
 #endif
 #endif
 
+#include <openssl/evp.h>
+#define MD_CTX			EVP_MD_CTX
+#define MD_Update(a,b,c)	EVP_DigestUpdate(a,b,c)
+#define	MD_Final(a,b)		EVP_DigestFinal(a,b,NULL)
 #if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
 #define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define	MD(a,b,c)		MD5(a,b,c)
+#define MD_Init(a)		EVP_DigestInit(a,EVP_md5())
+#define	MD(a,b,c)		EVP_Digest(a,b,c,EVP_md5())
 #elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
 #define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define	MD(a,b,c)		SHA1(a,b,c)
+#define MD_Init(a)		EVP_DigestInit(a,EVP_sha1())
+#define	MD(a,b,c)		EVP_Digest(a,b,c,EVP_sha1())
 #elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define	MD(a,b,c)		MDC2(a,b,c)
+#define MD_Init(a)		EVP_DigestInit(a,EVP_mdc2())
+#define	MD(a,b,c)		EVP_Digest(a,b,c,EVP_mdc2())
 #elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
 #define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define	MD(a,b,c)		MD2(a,b,c)
-#endif
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define MD_CTX			MD5_CTX
-#define MD_Init(a)		MD5_Init(a)
-#define MD_Update(a,b,c)	MD5_Update(a,b,c)
-#define	MD_Final(a,b)		MD5_Final(a,b)
-#define	MD(a,b,c)		MD5(a,b,c)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define MD_CTX			SHA_CTX
-#define MD_Init(a)		SHA1_Init(a)
-#define MD_Update(a,b,c)	SHA1_Update(a,b,c)
-#define	MD_Final(a,b)		SHA1_Final(a,b)
-#define	MD(a,b,c)		SHA1(a,b,c)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define MD_CTX			MDC2_CTX
-#define MD_Init(a)		MDC2_Init(a)
-#define MD_Update(a,b,c)	MDC2_Update(a,b,c)
-#define	MD_Final(a,b)		MDC2_Final(a,b)
-#define	MD(a,b,c)		MDC2(a,b,c)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define MD_CTX			MD2_CTX
-#define MD_Init(a)		MD2_Init(a)
-#define MD_Update(a,b,c)	MD2_Update(a,b,c)
-#define	MD_Final(a,b)		MD2_Final(a,b)
-#define	MD(a,b,c)		MD2(a,b,c)
+#define MD_Init(a)		EVP_DigestInit(a,EVP_md2())
+#define	MD(a,b,c)		EVP_Digest(a,b,c,EVP_md2())
 #endif
 
 

crypto/rc4/rc4.c

@@ -162,7 +162,7 @@ bad:
 		keystr=buf;
 		}
 
-	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+	EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
 	memset(keystr,0,strlen(keystr));
 	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
 	

crypto/ripemd/rmdtest.c

@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/ripemd.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -102,6 +102,7 @@ int main(int argc, char *argv[])
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[RIPEMD160_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
@@ -111,7 +112,8 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 		ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
 #endif
-		p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating RIPEMD160 on '%s'\n",*P);

crypto/rsa/rsa_oaep.c

@@ -24,7 +24,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <openssl/rand.h>
 
 int MGF1(unsigned char *mask, long len,
@@ -62,7 +62,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
     seed = to + 1;
     db = to + SHA_DIGEST_LENGTH + 1;
 
-    SHA1(param, plen, db);
+    EVP_Digest((void *)param, plen, db, NULL, EVP_sha1());
     memset(db + SHA_DIGEST_LENGTH, 0,
 	   emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
     db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
@@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
     for (i = 0; i < dblen; i++)
 	db[i] ^= maskeddb[i];
 
-    SHA1(param, plen, phash);
+    EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1());
 
     if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
 	goto decoding_err;
@@ -159,24 +159,24 @@ int MGF1(unsigned char *mask, long len,
     {
     long i, outlen = 0;
     unsigned char cnt[4];
-    SHA_CTX c;
+    EVP_MD_CTX c;
     unsigned char md[SHA_DIGEST_LENGTH];
 
     for (i = 0; outlen < len; i++)
 	{
 	cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
 	  cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
-	SHA1_Init(&c);
-	SHA1_Update(&c, seed, seedlen);
-	SHA1_Update(&c, cnt, 4);
+	EVP_DigestInit(&c,EVP_sha1());
+	EVP_DigestUpdate(&c, seed, seedlen);
+	EVP_DigestUpdate(&c, cnt, 4);
 	if (outlen + SHA_DIGEST_LENGTH <= len)
 	    {
-	    SHA1_Final(mask + outlen, &c);
+	    EVP_DigestFinal(&c, mask + outlen, NULL);
 	    outlen += SHA_DIGEST_LENGTH;
 	    }
 	else
 	    {
-	    SHA1_Final(md, &c);
+	    EVP_DigestFinal(&c, md, NULL);
 	    memcpy(mask + outlen, md, len - outlen);
 	    outlen = len;
 	    }

crypto/sha/sha1test.c

@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -106,7 +106,7 @@ int main(int argc, char *argv[])
 	unsigned char **P,**R;
 	static unsigned char buf[1000];
 	char *p,*r;
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
 #ifdef CHARSET_EBCDIC
@@ -119,7 +119,8 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating SHA1 on '%s'\n",*P);
@@ -137,10 +138,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-	SHA1_Init(&c);
+	EVP_DigestInit(&c,EVP_sha1());
 	for (i=0; i<1000; i++)
-		SHA1_Update(&c,buf,1000);
-	SHA1_Final(md,&c);
+		EVP_DigestUpdate(&c,buf,1000);
+	EVP_DigestFinal(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;

crypto/sha/shatest.c

@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -106,7 +106,7 @@ int main(int argc, char *argv[])
 	unsigned char **P,**R;
 	static unsigned char buf[1000];
 	char *p,*r;
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
 #ifdef CHARSET_EBCDIC
@@ -119,7 +119,8 @@ int main(int argc, char *argv[])
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha());
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating SHA on '%s'\n",*P);
@@ -137,10 +138,10 @@ int main(int argc, char *argv[])
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, 1000);
 #endif /*CHARSET_EBCDIC*/
-	SHA_Init(&c);
+	EVP_DigestInit(&c,EVP_sha());
 	for (i=0; i<1000; i++)
-		SHA_Update(&c,buf,1000);
-	SHA_Final(md,&c);
+		EVP_DigestUpdate(&c,buf,1000);
+	EVP_DigestFinal(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;

crypto/x509/x509_cmp.c

@@ -79,17 +79,17 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 unsigned long X509_issuer_and_serial_hash(X509 *a)
 	{
 	unsigned long ret=0;
-	MD5_CTX ctx;
+	EVP_MD_CTX ctx;
 	unsigned char md[16];
 	char str[256];
 
 	X509_NAME_oneline(a->cert_info->issuer,str,256);
 	ret=strlen(str);
-	MD5_Init(&ctx);
-	MD5_Update(&ctx,(unsigned char *)str,ret);
-	MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+	EVP_DigestInit(&ctx,EVP_md5());
+	EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);
+	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
 		(unsigned long)a->cert_info->serialNumber->length);
-	MD5_Final(&(md[0]),&ctx);
+	EVP_DigestFinal(&ctx,&(md[0]),NULL);
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
 		)&0xffffffffL;

ssl/s2_lib.c

@@ -61,7 +61,7 @@
 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
-#include <openssl/md5.h>
+#include <openssl/evp.h>
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -415,7 +415,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 void ssl2_generate_key_material(SSL *s)
 	{
 	unsigned int i;
-	MD5_CTX ctx;
+	EVP_MD_CTX ctx;
 	unsigned char *km;
 	unsigned char c='0';
 
@@ -427,14 +427,14 @@ void ssl2_generate_key_material(SSL *s)
 	km=s->s2->key_material;
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
-		MD5_Init(&ctx);
+		EVP_DigestInit(&ctx,EVP_md5());
 
-		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
-		MD5_Update(&ctx,&c,1);
+		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
-		MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
-		MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
-		MD5_Final(km,&ctx);
+		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
+		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
+		EVP_DigestFinal(&ctx,km,NULL);
 		km+=MD5_DIGEST_LENGTH;
 		}
 	}

ssl/s3_clnt.c

@@ -60,8 +60,6 @@
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "ssl_locl.h"
 

ssl/s3_enc.c

@@ -57,8 +57,6 @@
  */
 
 #include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "ssl_locl.h"
 
@@ -83,8 +81,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
 
 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	{
-	MD5_CTX m5;
-	SHA_CTX s1;
+	EVP_MD_CTX m5;
+	EVP_MD_CTX s1;
 	unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
 	unsigned char c='A';
 	int i,j,k;
@@ -106,25 +104,25 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 		for (j=0; j<k; j++)
 			buf[j]=c;
 		c++;
-		SHA1_Init(  &s1);
-		SHA1_Update(&s1,buf,k);
-		SHA1_Update(&s1,s->session->master_key,
+		EVP_DigestInit(&s1,EVP_sha1());
+		EVP_DigestUpdate(&s1,buf,k);
+		EVP_DigestUpdate(&s1,s->session->master_key,
 			s->session->master_key_length);
-		SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
-		SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
-		SHA1_Final( smd,&s1);
+		EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
+		EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
+		EVP_DigestFinal(&s1,smd,NULL);
 
-		MD5_Init(  &m5);
-		MD5_Update(&m5,s->session->master_key,
+		EVP_DigestInit(&m5,EVP_md5());
+		EVP_DigestUpdate(&m5,s->session->master_key,
 			s->session->master_key_length);
-		MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
+		EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
 		if ((i+MD5_DIGEST_LENGTH) > num)
 			{
-			MD5_Final(smd,&m5);
+			EVP_DigestFinal(&m5,smd,NULL);
 			memcpy(km,smd,(num-i));
 			}
 		else
-			MD5_Final(km,&m5);
+			EVP_DigestFinal(&m5,km,NULL);
 
 		km+=MD5_DIGEST_LENGTH;
 		}
@@ -142,7 +140,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
 	const EVP_CIPHER *c;
 	COMP_METHOD *comp;
 	const EVP_MD *m;
-	MD5_CTX md;
+	EVP_MD_CTX md;
 	int exp,n,i,j,k,cl;
 
 	exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
@@ -252,19 +250,19 @@ int ssl3_change_cipher_state(SSL *s, int which)
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
 		 */
-		MD5_Init(&md);
-		MD5_Update(&md,key,j);
-		MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-		MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-		MD5_Final(&(exp_key[0]),&md);
+		EVP_DigestInit(&md,EVP_md5());
+		EVP_DigestUpdate(&md,key,j);
+		EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
+		EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
+		EVP_DigestFinal(&md,&(exp_key[0]),NULL);
 		key= &(exp_key[0]);
 
 		if (k > 0)
 			{
-			MD5_Init(&md);
-			MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-			MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-			MD5_Final(&(exp_iv[0]),&md);
+			EVP_DigestInit(&md,EVP_md5());
+			EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
+			EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
+			EVP_DigestFinal(&md,&(exp_iv[0]),NULL);
 			iv= &(exp_iv[0]);
 			}
 		}

ssl/s3_lib.c

@@ -110,8 +110,6 @@
  */
 
 #include <stdio.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 

ssl/s3_srvr.c

@@ -64,8 +64,6 @@
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include "ssl_locl.h"

ssl/t1_enc.c

@@ -58,8 +58,6 @@
 
 #include <stdio.h>
 #include <openssl/comp.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include "ssl_locl.h"
@@ -78,6 +76,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 	chunk=EVP_MD_size(md);
 
 	HMAC_Init(&ctx,sec,sec_len,md);
+	HMAC_Init(&ctx_tmp,sec,sec_len,md);
 	HMAC_Update(&ctx,seed,seed_len);
 	HMAC_Final(&ctx,A1,&A1_len);
 
@@ -85,8 +84,9 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 	for (;;)
 		{
 		HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
+		HMAC_Init(&ctx_tmp,NULL,0,NULL); /* re-init */
 		HMAC_Update(&ctx,A1,A1_len);
-		memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
+		HMAC_Update(&ctx_tmp,A1,A1_len);
 		HMAC_Update(&ctx,seed,seed_len);
 
 		if (olen > chunk)
@@ -642,6 +642,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	HMAC_Update(&hmac,buf,5);
 	HMAC_Update(&hmac,rec->input,rec->length);
 	HMAC_Final(&hmac,md,&md_size);
+	HMAC_cleanup(&hmac);
 
 #ifdef TLS_DEBUG
 printf("sec=");