diff --git a/CHANGES b/CHANGES index 589b1059aa44927bad115afb5b519ea0cbd4f27c..cf2d4f9e1ca8ebcc63cd89880b0cd6aa6dde8eba 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,11 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only + *) Change all calls to low level digest routines in the library and + applications to use EVP. Add missing calls to HMAC_cleanup() and + don't assume HMAC_CTX can be copied using memcpy(). + [Verdon Walker , Steve Henson] + +) Add the possibility to control engines through control names but with arbitrary arguments instead of just a string. Change the key loaders to take a UI_METHOD instead of a callback diff --git a/apps/enc.c b/apps/enc.c index fd25a2122277599b93eb80cd47a947f33e030835..ac3014b24ce361297d9616fb0a81ac70046843b7 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -66,9 +66,6 @@ #include #include #include -#ifndef OPENSSL_NO_MD5 -#include -#endif #include #include #include diff --git a/apps/passwd.c b/apps/passwd.c index 53dbe073d2375f57586ec69c449d53b3376f6ac7..750a3cb39d5b7d62952d4b6be30c25215c467b10 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -20,7 +20,7 @@ # include #endif #ifndef NO_MD5CRYPT_1 -# include +# include #endif @@ -310,7 +310,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; int n, i; - MD5_CTX md; + EVP_MD_CTX md; size_t passwd_len, salt_len; passwd_len = strlen(passwd); @@ -325,48 +325,48 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); - MD5_Init(&md); - MD5_Update(&md, passwd, passwd_len); - MD5_Update(&md, "$", 1); - MD5_Update(&md, magic, strlen(magic)); - MD5_Update(&md, "$", 1); - MD5_Update(&md, salt_out, salt_len); + EVP_DigestInit(&md,EVP_md5()); + EVP_DigestUpdate(&md, passwd, passwd_len); + EVP_DigestUpdate(&md, "$", 1); + EVP_DigestUpdate(&md, magic, strlen(magic)); + EVP_DigestUpdate(&md, "$", 1); + EVP_DigestUpdate(&md, salt_out, salt_len); { - MD5_CTX md2; + EVP_MD_CTX md2; - MD5_Init(&md2); - MD5_Update(&md2, passwd, passwd_len); - MD5_Update(&md2, salt_out, salt_len); - MD5_Update(&md2, passwd, passwd_len); - MD5_Final(buf, &md2); + EVP_DigestInit(&md2,EVP_md5()); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestUpdate(&md2, salt_out, salt_len); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestFinal(&md2, buf, NULL); } for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - MD5_Update(&md, buf, sizeof buf); - MD5_Update(&md, buf, i); + EVP_DigestUpdate(&md, buf, sizeof buf); + EVP_DigestUpdate(&md, buf, i); n = passwd_len; while (n) { - MD5_Update(&md, (n & 1) ? "\0" : passwd, 1); + EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } - MD5_Final(buf, &md); + EVP_DigestFinal(&md, buf, NULL); for (i = 0; i < 1000; i++) { - MD5_CTX md2; + EVP_MD_CTX md2; - MD5_Init(&md2); - MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + EVP_DigestInit(&md2,EVP_md5()); + EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf, + (i & 1) ? passwd_len : sizeof buf); if (i % 3) - MD5_Update(&md2, salt_out, salt_len); + EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) - MD5_Update(&md2, passwd, passwd_len); - MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd, - (i & 1) ? sizeof buf : passwd_len); - MD5_Final(buf, &md2); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd, + (i & 1) ? sizeof buf : passwd_len); + EVP_DigestFinal(&md2, buf, NULL); } { diff --git a/apps/speed.c b/apps/speed.c index dd3270f6eb389185f8692a1936dc4e2137fe94af..dbf7732a2a6fa0e39df9cbdbee7e762927bd911e 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -924,7 +924,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MD2],c[D_MD2][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD2][j]); count++) - MD2(buf,(unsigned long)lengths[j],&(md2[0])); + EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD2],d); @@ -940,7 +940,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MDC2][j]); count++) - MDC2(buf,(unsigned long)lengths[j],&(mdc2[0])); + EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MDC2],d); @@ -957,7 +957,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MD4],c[D_MD4][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD4][j]); count++) - MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0])); + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD4],d); @@ -974,7 +974,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MD5],c[D_MD5][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD5][j]); count++) - MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0])); + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_md5()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD5],d); @@ -1005,6 +1005,7 @@ int MAIN(int argc, char **argv) count,names[D_HMAC],d); results[D_HMAC][j]=((double)count)/d*lengths[j]; } + HMAC_cleanup(&hctx); } #endif #ifndef OPENSSL_NO_SHA @@ -1015,7 +1016,7 @@ int MAIN(int argc, char **argv) print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_SHA1][j]); count++) - SHA1(buf,(unsigned long)lengths[j],&(sha[0])); + EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_SHA1],d); @@ -1031,7 +1032,7 @@ int MAIN(int argc, char **argv) print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_RMD160][j]); count++) - RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0])); + EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_RMD160],d); diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 17ed9f2f7fae137851e2de7faa6e4abdfb3e583d..0bba0861d162f7d2a2334891ad9968e701f44afe 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -259,7 +259,6 @@ int X509_ocspid_print (BIO *bp, X509 *x) unsigned char *dertmp; int derlen; int i; - SHA_CTX SHA1buf ; unsigned char SHA1md[SHA_DIGEST_LENGTH]; /* display the hash of the subject as it would appear @@ -271,9 +270,7 @@ int X509_ocspid_print (BIO *bp, X509 *x) goto err; i2d_X509_NAME(x->cert_info->subject, &dertmp); - SHA1_Init(&SHA1buf); - SHA1_Update(&SHA1buf, der, derlen); - SHA1_Final(SHA1md,&SHA1buf); + EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1()); for (i=0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; @@ -286,10 +283,8 @@ int X509_ocspid_print (BIO *bp, X509 *x) if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) goto err; - SHA1_Init(&SHA1buf); - SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data, - x->cert_info->key->public_key->length); - SHA1_Final(SHA1md,&SHA1buf); + EVP_Digest(x->cert_info->key->public_key->data, + x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1()); for (i=0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 0b611775158aa5277163a4070425ed4dfe85893b..7440e917a5db53a3dbe07e8a65d146d2ed25d048 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -61,12 +61,12 @@ #ifdef GENUINE_DSA /* Parameter generation follows the original release of FIPS PUB 186, * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ -#define HASH SHA +#define HASH EVP_sha() #else /* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in * FIPS PUB 180-1) */ -#define HASH SHA1 +#define HASH EVP_sha1() #endif #ifndef OPENSSL_NO_SHA @@ -74,7 +74,7 @@ #include #include #include "cryptlib.h" -#include +#include #include #include #include @@ -158,8 +158,8 @@ DSA *DSA_generate_parameters(int bits, } /* step 2 */ - HASH(seed,SHA_DIGEST_LENGTH,md); - HASH(buf,SHA_DIGEST_LENGTH,buf2); + EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH); + EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH); for (i=0; i #include #include "cryptlib.h" -#include #include #include #include diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index e617ce1d437008ed77d1545060b73ca1b9eb7df9..1703a2457d3e046ab828b0456e0e8449985a5067 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -162,7 +162,7 @@ typedef struct ok_struct EVP_MD_CTX md; int blockout; /* output block is ready */ int sigio; /* must process signature */ - char buf[IOBS]; + unsigned char buf[IOBS]; } BIO_OK_CTX; static BIO_METHOD methods_ok= @@ -474,7 +474,7 @@ static void sig_out(BIO* b) ctx->buf_len+= md->digest->md_size; EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); - md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0])); + EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; ctx->blockout= 1; ctx->sigio= 0; @@ -498,7 +498,7 @@ static void sig_in(BIO* b) ctx->buf_off+= md->digest->md_size; EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); - md->digest->final(tmp, &(md->md.base[0])); + EVP_DigestFinal(md, tmp, NULL); ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; ctx->buf_off+= md->digest->md_size; if(ret == 1) @@ -531,7 +531,7 @@ static void block_out(BIO* b) memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); tl= swapem(tl); EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); - md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0])); + EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; ctx->blockout= 1; } @@ -551,7 +551,7 @@ static void block_in(BIO* b) if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); - md->digest->final(tmp, &(md->md.base[0])); + EVP_DigestFinal(md, tmp, NULL); if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0) { /* there might be parts from next block lurking around ! */ diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index 70725ef9179cf6e32da176cb097129811db72de2..78901475ebe0668c0d1dafc126bb7565a641506e 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -100,13 +100,15 @@ int main(int argc, char *argv[]) int i,err=0; char **P,**R; char *p; + unsigned char md[MD2_DIGEST_LENGTH]; P=test; R=ret; i=1; while (*P != NULL) { - p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL)); + EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2()); + p=pt(md); if (strcmp(p,*R) != 0) { printf("error calculating MD2 on '%s'\n",*P); diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c index 78bcd4394aba7e04f12b5a39b7ba671e0baad029..9e8cadb6cd4b79fcab78129e0b33631ee2b83543 100644 --- a/crypto/md4/md4test.c +++ b/crypto/md4/md4test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include static char *test[]={ "", @@ -96,13 +96,15 @@ int main(int argc, char *argv[]) int i,err=0; unsigned char **P,**R; char *p; + unsigned char md[MD4_DIGEST_LENGTH]; P=(unsigned char **)test; R=(unsigned char **)ret; i=1; while (*P != NULL) { - p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating MD4 on '%s'\n",*P); diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index cf8cf51b6bfcc7211a04a9fefe87c0ad4eab75ef..4e643198323585ee4eab9253975470e6c931b7ab 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include static char *test[]={ "", @@ -96,13 +96,15 @@ int main(int argc, char *argv[]) int i,err=0; unsigned char **P,**R; char *p; + unsigned char md[MD5_DIGEST_LENGTH]; P=(unsigned char **)test; R=(unsigned char **)ret; i=1; while (*P != NULL) { - p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating MD5 on '%s'\n",*P); diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c index 6a50e9debe9c79e1cc07d5f0c4895fc12fcae9d1..9507fed7db23eb77ba0d6291d67c95269120104d 100644 --- a/crypto/mdc2/mdc2test.c +++ b/crypto/mdc2/mdc2test.c @@ -71,7 +71,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -92,16 +92,16 @@ int main(int argc, char *argv[]) int ret=0; unsigned char md[MDC2_DIGEST_LENGTH]; int i; - MDC2_CTX c; + EVP_MD_CTX c; static char *text="Now is the time for all "; #ifdef CHARSET_EBCDIC ebcdic2ascii(text,text,strlen(text)); #endif - MDC2_Init(&c); - MDC2_Update(&c,(unsigned char *)text,strlen(text)); - MDC2_Final(&(md[0]),&c); + EVP_DigestInit(&c,EVP_mdc2()); + EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text)); + EVP_DigestFinal(&c,&(md[0]),NULL); if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0) { @@ -116,10 +116,10 @@ int main(int argc, char *argv[]) else printf("pad1 - ok\n"); - MDC2_Init(&c); - c.pad_type=2; - MDC2_Update(&c,(unsigned char *)text,strlen(text)); - MDC2_Final(&(md[0]),&c); + EVP_DigestInit(&c,EVP_mdc2()); + c.md.mdc2.pad_type=2; + EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text)); + EVP_DigestFinal(&c,&(md[0]),NULL); if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0) { diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 32b6e17c245abbb82b987db3fa8a9a21b7a96b2c..f67715e869d8b39cbb227218e2f6e7f7749fb320 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -89,6 +89,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, HMAC_Update (&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); HMAC_Final (&hmac, mac, maclen); + HMAC_cleanup (&hmac); return 1; } diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index d4d2f36ad4f2acf998d93b6bcc7c44b26c8fcc67..1c87f2117110e29335a7123af06d20b181730f36 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -264,7 +264,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) MD_Update(&m,buf,j); MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - MD_Final(local_md,&m); + MD_Final(&m,local_md); md_c[1]++; buf=(const char *)buf + j; @@ -457,7 +457,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) } else MD_Update(&m,&(state[st_idx]),j); - MD_Final(local_md,&m); + MD_Final(&m,local_md); for (i=0; i +#define MD_CTX EVP_MD_CTX +#define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) +#define MD_Final(a,b) EVP_DigestFinal(a,b,NULL) #if defined(USE_MD5_RAND) -#include #define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -#define MD(a,b,c) MD5(a,b,c) +#define MD_Init(a) EVP_DigestInit(a,EVP_md5()) +#define MD(a,b,c) EVP_Digest(a,b,c,EVP_md5()) #elif defined(USE_SHA1_RAND) -#include #define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define MD(a,b,c) SHA1(a,b,c) +#define MD_Init(a) EVP_DigestInit(a,EVP_sha1()) +#define MD(a,b,c) EVP_Digest(a,b,c,EVP_sha1()) #elif defined(USE_MDC2_RAND) -#include #define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -#define MD(a,b,c) MDC2(a,b,c) +#define MD_Init(a) EVP_DigestInit(a,EVP_mdc2()) +#define MD(a,b,c) EVP_Digest(a,b,c,EVP_mdc2()) #elif defined(USE_MD2_RAND) -#include #define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -#define MD(a,b,c) MD2(a,b,c) -#endif -#if defined(USE_MD5_RAND) -#include -#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -#define MD_CTX MD5_CTX -#define MD_Init(a) MD5_Init(a) -#define MD_Update(a,b,c) MD5_Update(a,b,c) -#define MD_Final(a,b) MD5_Final(a,b) -#define MD(a,b,c) MD5(a,b,c) -#elif defined(USE_SHA1_RAND) -#include -#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define MD_CTX SHA_CTX -#define MD_Init(a) SHA1_Init(a) -#define MD_Update(a,b,c) SHA1_Update(a,b,c) -#define MD_Final(a,b) SHA1_Final(a,b) -#define MD(a,b,c) SHA1(a,b,c) -#elif defined(USE_MDC2_RAND) -#include -#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -#define MD_CTX MDC2_CTX -#define MD_Init(a) MDC2_Init(a) -#define MD_Update(a,b,c) MDC2_Update(a,b,c) -#define MD_Final(a,b) MDC2_Final(a,b) -#define MD(a,b,c) MDC2(a,b,c) -#elif defined(USE_MD2_RAND) -#include -#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -#define MD_CTX MD2_CTX -#define MD_Init(a) MD2_Init(a) -#define MD_Update(a,b,c) MD2_Update(a,b,c) -#define MD_Final(a,b) MD2_Final(a,b) -#define MD(a,b,c) MD2(a,b,c) +#define MD_Init(a) EVP_DigestInit(a,EVP_md2()) +#define MD(a,b,c) EVP_Digest(a,b,c,EVP_md2()) #endif diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c index 75616c3179bb6894b45a64ae25269f8bfacc757a..c2165b0b7592e1e2bed3bab7fcc2a737f4f21985 100644 --- a/crypto/rc4/rc4.c +++ b/crypto/rc4/rc4.c @@ -162,7 +162,7 @@ bad: keystr=buf; } - MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md); + EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5()); memset(keystr,0,strlen(keystr)); RC4_set_key(&key,MD5_DIGEST_LENGTH,md); diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c index 6bc90d5afce6d6ececd7b7b81401f195d9124cb4..e1aae630e957c53a98a63fb5d5fc446170f8e555 100644 --- a/crypto/ripemd/rmdtest.c +++ b/crypto/ripemd/rmdtest.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -102,6 +102,7 @@ int main(int argc, char *argv[]) int i,err=0; unsigned char **P,**R; char *p; + unsigned char md[RIPEMD160_DIGEST_LENGTH]; P=(unsigned char **)test; R=(unsigned char **)ret; @@ -111,7 +112,8 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P)); #endif - p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating RIPEMD160 on '%s'\n",*P); diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index a4896392599e8375ac45d7c18865ad50c6f8ed00..8da765e4d736a5c8d6cf44a721135cfb8f626f23 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -24,7 +24,7 @@ #include "cryptlib.h" #include #include -#include +#include #include int MGF1(unsigned char *mask, long len, @@ -62,7 +62,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, seed = to + 1; db = to + SHA_DIGEST_LENGTH + 1; - SHA1(param, plen, db); + EVP_Digest((void *)param, plen, db, NULL, EVP_sha1()); memset(db + SHA_DIGEST_LENGTH, 0, emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; @@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; - SHA1(param, plen, phash); + EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1()); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) goto decoding_err; @@ -159,24 +159,24 @@ int MGF1(unsigned char *mask, long len, { long i, outlen = 0; unsigned char cnt[4]; - SHA_CTX c; + EVP_MD_CTX c; unsigned char md[SHA_DIGEST_LENGTH]; for (i = 0; outlen < len; i++) { cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255, cnt[2] = (i >> 8) & 255, cnt[3] = i & 255; - SHA1_Init(&c); - SHA1_Update(&c, seed, seedlen); - SHA1_Update(&c, cnt, 4); + EVP_DigestInit(&c,EVP_sha1()); + EVP_DigestUpdate(&c, seed, seedlen); + EVP_DigestUpdate(&c, cnt, 4); if (outlen + SHA_DIGEST_LENGTH <= len) { - SHA1_Final(mask + outlen, &c); + EVP_DigestFinal(&c, mask + outlen, NULL); outlen += SHA_DIGEST_LENGTH; } else { - SHA1_Final(md, &c); + EVP_DigestFinal(&c, md, NULL); memcpy(mask + outlen, md, len - outlen); outlen = len; } diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 3b09039cc80cdac4b707638a81cab6d7d349e1dc..a915981b5bad0c721410295709a066df4d0e5c8a 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -106,7 +106,7 @@ int main(int argc, char *argv[]) unsigned char **P,**R; static unsigned char buf[1000]; char *p,*r; - SHA_CTX c; + EVP_MD_CTX c; unsigned char md[SHA_DIGEST_LENGTH]; #ifdef CHARSET_EBCDIC @@ -119,7 +119,8 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating SHA1 on '%s'\n",*P); @@ -137,10 +138,10 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); #endif /*CHARSET_EBCDIC*/ - SHA1_Init(&c); + EVP_DigestInit(&c,EVP_sha1()); for (i=0; i<1000; i++) - SHA1_Update(&c,buf,1000); - SHA1_Final(md,&c); + EVP_DigestUpdate(&c,buf,1000); + EVP_DigestFinal(&c,md,NULL); p=pt(md); r=bigret; diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c index d3bc4b58c98e5a85fa0733ee1aea9bbac451ba59..d492c1515bc57bc47affa717edaaae3e952b8829 100644 --- a/crypto/sha/shatest.c +++ b/crypto/sha/shatest.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -106,7 +106,7 @@ int main(int argc, char *argv[]) unsigned char **P,**R; static unsigned char buf[1000]; char *p,*r; - SHA_CTX c; + EVP_MD_CTX c; unsigned char md[SHA_DIGEST_LENGTH]; #ifdef CHARSET_EBCDIC @@ -119,7 +119,8 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating SHA on '%s'\n",*P); @@ -137,10 +138,10 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); #endif /*CHARSET_EBCDIC*/ - SHA_Init(&c); + EVP_DigestInit(&c,EVP_sha()); for (i=0; i<1000; i++) - SHA_Update(&c,buf,1000); - SHA_Final(md,&c); + EVP_DigestUpdate(&c,buf,1000); + EVP_DigestFinal(&c,md,NULL); p=pt(md); r=bigret; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 7900185f9582cdf9c7561a41fab6d50bde31972f..1334ff631cf1fa7b7ff47c45c892adf4ea79162b 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -79,17 +79,17 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) unsigned long X509_issuer_and_serial_hash(X509 *a) { unsigned long ret=0; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char md[16]; char str[256]; X509_NAME_oneline(a->cert_info->issuer,str,256); ret=strlen(str); - MD5_Init(&ctx); - MD5_Update(&ctx,(unsigned char *)str,ret); - MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data, + EVP_DigestInit(&ctx,EVP_md5()); + EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); + EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, (unsigned long)a->cert_info->serialNumber->length); - MD5_Final(&(md[0]),&ctx); + EVP_DigestFinal(&ctx,&(md[0]),NULL); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) )&0xffffffffL; diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 09fde61b5b97f0940cb8001ff516cbba2387775d..40ca3779bf1e600d93dc1e785eeb0bc700b11374 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -61,7 +61,7 @@ #include #include #include -#include +#include static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -415,7 +415,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) void ssl2_generate_key_material(SSL *s) { unsigned int i; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; @@ -427,14 +427,14 @@ void ssl2_generate_key_material(SSL *s) km=s->s2->key_material; for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) { - MD5_Init(&ctx); + EVP_DigestInit(&ctx,EVP_md5()); - MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); - MD5_Update(&ctx,&c,1); + EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); + EVP_DigestUpdate(&ctx,&c,1); c++; - MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length); - MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length); - MD5_Final(km,&ctx); + EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); + EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); + EVP_DigestFinal(&ctx,km,NULL); km+=MD5_DIGEST_LENGTH; } } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 625e1ae276027888d2c694246ac1920532a65868..a700c64417d7c275f408edd8c9b279e9c49933c1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -60,8 +60,6 @@ #include #include #include -#include -#include #include #include "ssl_locl.h" diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index d1c1946e549e78445a043a13fa4192691ce68d6a..2fbfead2cf554d3c53b0d8d7238f6e44219f9ee1 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -57,8 +57,6 @@ */ #include -#include -#include #include #include "ssl_locl.h" @@ -83,8 +81,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { - MD5_CTX m5; - SHA_CTX s1; + EVP_MD_CTX m5; + EVP_MD_CTX s1; unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; unsigned char c='A'; int i,j,k; @@ -106,25 +104,25 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (j=0; jsession->master_key, + EVP_DigestInit(&s1,EVP_sha1()); + EVP_DigestUpdate(&s1,buf,k); + EVP_DigestUpdate(&s1,s->session->master_key, s->session->master_key_length); - SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); - SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); - SHA1_Final( smd,&s1); + EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&s1,smd,NULL); - MD5_Init( &m5); - MD5_Update(&m5,s->session->master_key, + EVP_DigestInit(&m5,EVP_md5()); + EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); - MD5_Update(&m5,smd,SHA_DIGEST_LENGTH); + EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); if ((i+MD5_DIGEST_LENGTH) > num) { - MD5_Final(smd,&m5); + EVP_DigestFinal(&m5,smd,NULL); memcpy(km,smd,(num-i)); } else - MD5_Final(km,&m5); + EVP_DigestFinal(&m5,km,NULL); km+=MD5_DIGEST_LENGTH; } @@ -142,7 +140,7 @@ int ssl3_change_cipher_state(SSL *s, int which) const EVP_CIPHER *c; COMP_METHOD *comp; const EVP_MD *m; - MD5_CTX md; + EVP_MD_CTX md; int exp,n,i,j,k,cl; exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); @@ -252,19 +250,19 @@ int ssl3_change_cipher_state(SSL *s, int which) /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ - MD5_Init(&md); - MD5_Update(&md,key,j); - MD5_Update(&md,er1,SSL3_RANDOM_SIZE); - MD5_Update(&md,er2,SSL3_RANDOM_SIZE); - MD5_Final(&(exp_key[0]),&md); + EVP_DigestInit(&md,EVP_md5()); + EVP_DigestUpdate(&md,key,j); + EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&md,&(exp_key[0]),NULL); key= &(exp_key[0]); if (k > 0) { - MD5_Init(&md); - MD5_Update(&md,er1,SSL3_RANDOM_SIZE); - MD5_Update(&md,er2,SSL3_RANDOM_SIZE); - MD5_Final(&(exp_iv[0]),&md); + EVP_DigestInit(&md,EVP_md5()); + EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&md,&(exp_iv[0]),NULL); iv= &(exp_iv[0]); } } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 31f4f807790dd262571e2c437e7e36d08d817f5b..1c572962973c847278851285c348ee318dd24a89 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -110,8 +110,6 @@ */ #include -#include -#include #include #include "ssl_locl.h" diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 0b0eceedb014f508140c18b3356cfea14a0dfa5f..09fcc59d008b6b08b617692b9fc4c17991dc92bb 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -64,8 +64,6 @@ #include #include #include -#include -#include #include #include #include "ssl_locl.h" diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index d3a15e3441d05d6ddba52da2461cba6d760fe3c2..97d92cacd03e6af14040ca2784b0fcb62a4f8366 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -58,8 +58,6 @@ #include #include -#include -#include #include #include #include "ssl_locl.h" @@ -78,6 +76,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, chunk=EVP_MD_size(md); HMAC_Init(&ctx,sec,sec_len,md); + HMAC_Init(&ctx_tmp,sec,sec_len,md); HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); @@ -85,8 +84,9 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, for (;;) { HMAC_Init(&ctx,NULL,0,NULL); /* re-init */ + HMAC_Init(&ctx_tmp,NULL,0,NULL); /* re-init */ HMAC_Update(&ctx,A1,A1_len); - memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */ + HMAC_Update(&ctx_tmp,A1,A1_len); HMAC_Update(&ctx,seed,seed_len); if (olen > chunk) @@ -642,6 +642,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) HMAC_Update(&hmac,buf,5); HMAC_Update(&hmac,rec->input,rec->length); HMAC_Final(&hmac,md,&md_size); + HMAC_cleanup(&hmac); #ifdef TLS_DEBUG printf("sec=");