From 323f289c480b0a8eb15ed3be2befbcc0f86e8904 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 19 Jun 2001 22:30:40 +0000 Subject: [PATCH] Change all calls to low level digest routines in the library and applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). Note: this is almost identical to the patch submitted to openssl-dev by Verdon Walker except some redundant EVP_add_digest_()/EVP_cleanup() calls were removed and some changes made to avoid compiler warnings. --- CHANGES | 5 ++++ apps/enc.c | 3 --- apps/passwd.c | 54 ++++++++++++++++++++-------------------- apps/speed.c | 13 +++++----- crypto/asn1/t_x509.c | 11 +++----- crypto/dsa/dsa_gen.c | 12 ++++----- crypto/dsa/dsa_key.c | 1 - crypto/evp/bio_ok.c | 10 ++++---- crypto/md2/md2test.c | 6 +++-- crypto/md4/md4test.c | 6 +++-- crypto/md5/md5test.c | 6 +++-- crypto/mdc2/mdc2test.c | 18 +++++++------- crypto/pkcs12/p12_mutl.c | 1 + crypto/rand/md_rand.c | 6 ++--- crypto/rand/rand_lcl.h | 53 +++++++++------------------------------ crypto/rc4/rc4.c | 2 +- crypto/ripemd/rmdtest.c | 6 +++-- crypto/rsa/rsa_oaep.c | 18 +++++++------- crypto/sha/sha1test.c | 13 +++++----- crypto/sha/shatest.c | 13 +++++----- crypto/x509/x509_cmp.c | 10 ++++---- ssl/s2_lib.c | 16 ++++++------ ssl/s3_clnt.c | 2 -- ssl/s3_enc.c | 48 +++++++++++++++++------------------ ssl/s3_lib.c | 2 -- ssl/s3_srvr.c | 2 -- ssl/t1_enc.c | 7 +++--- 27 files changed, 158 insertions(+), 186 deletions(-) diff --git a/CHANGES b/CHANGES index 589b1059aa..cf2d4f9e1c 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,11 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only + *) Change all calls to low level digest routines in the library and + applications to use EVP. Add missing calls to HMAC_cleanup() and + don't assume HMAC_CTX can be copied using memcpy(). + [Verdon Walker , Steve Henson] + +) Add the possibility to control engines through control names but with arbitrary arguments instead of just a string. Change the key loaders to take a UI_METHOD instead of a callback diff --git a/apps/enc.c b/apps/enc.c index fd25a21222..ac3014b24c 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -66,9 +66,6 @@ #include #include #include -#ifndef OPENSSL_NO_MD5 -#include -#endif #include #include #include diff --git a/apps/passwd.c b/apps/passwd.c index 53dbe073d2..750a3cb39d 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -20,7 +20,7 @@ # include #endif #ifndef NO_MD5CRYPT_1 -# include +# include #endif @@ -310,7 +310,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; int n, i; - MD5_CTX md; + EVP_MD_CTX md; size_t passwd_len, salt_len; passwd_len = strlen(passwd); @@ -325,48 +325,48 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); - MD5_Init(&md); - MD5_Update(&md, passwd, passwd_len); - MD5_Update(&md, "$", 1); - MD5_Update(&md, magic, strlen(magic)); - MD5_Update(&md, "$", 1); - MD5_Update(&md, salt_out, salt_len); + EVP_DigestInit(&md,EVP_md5()); + EVP_DigestUpdate(&md, passwd, passwd_len); + EVP_DigestUpdate(&md, "$", 1); + EVP_DigestUpdate(&md, magic, strlen(magic)); + EVP_DigestUpdate(&md, "$", 1); + EVP_DigestUpdate(&md, salt_out, salt_len); { - MD5_CTX md2; + EVP_MD_CTX md2; - MD5_Init(&md2); - MD5_Update(&md2, passwd, passwd_len); - MD5_Update(&md2, salt_out, salt_len); - MD5_Update(&md2, passwd, passwd_len); - MD5_Final(buf, &md2); + EVP_DigestInit(&md2,EVP_md5()); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestUpdate(&md2, salt_out, salt_len); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestFinal(&md2, buf, NULL); } for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - MD5_Update(&md, buf, sizeof buf); - MD5_Update(&md, buf, i); + EVP_DigestUpdate(&md, buf, sizeof buf); + EVP_DigestUpdate(&md, buf, i); n = passwd_len; while (n) { - MD5_Update(&md, (n & 1) ? "\0" : passwd, 1); + EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } - MD5_Final(buf, &md); + EVP_DigestFinal(&md, buf, NULL); for (i = 0; i < 1000; i++) { - MD5_CTX md2; + EVP_MD_CTX md2; - MD5_Init(&md2); - MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + EVP_DigestInit(&md2,EVP_md5()); + EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf, + (i & 1) ? passwd_len : sizeof buf); if (i % 3) - MD5_Update(&md2, salt_out, salt_len); + EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) - MD5_Update(&md2, passwd, passwd_len); - MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd, - (i & 1) ? sizeof buf : passwd_len); - MD5_Final(buf, &md2); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd, + (i & 1) ? sizeof buf : passwd_len); + EVP_DigestFinal(&md2, buf, NULL); } { diff --git a/apps/speed.c b/apps/speed.c index dd3270f6eb..dbf7732a2a 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -924,7 +924,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MD2],c[D_MD2][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD2][j]); count++) - MD2(buf,(unsigned long)lengths[j],&(md2[0])); + EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD2],d); @@ -940,7 +940,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MDC2][j]); count++) - MDC2(buf,(unsigned long)lengths[j],&(mdc2[0])); + EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MDC2],d); @@ -957,7 +957,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MD4],c[D_MD4][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD4][j]); count++) - MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0])); + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD4],d); @@ -974,7 +974,7 @@ int MAIN(int argc, char **argv) print_message(names[D_MD5],c[D_MD5][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_MD5][j]); count++) - MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0])); + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_md5()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_MD5],d); @@ -1005,6 +1005,7 @@ int MAIN(int argc, char **argv) count,names[D_HMAC],d); results[D_HMAC][j]=((double)count)/d*lengths[j]; } + HMAC_cleanup(&hctx); } #endif #ifndef OPENSSL_NO_SHA @@ -1015,7 +1016,7 @@ int MAIN(int argc, char **argv) print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_SHA1][j]); count++) - SHA1(buf,(unsigned long)lengths[j],&(sha[0])); + EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_SHA1],d); @@ -1031,7 +1032,7 @@ int MAIN(int argc, char **argv) print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]); Time_F(START,usertime); for (count=0,run=1; COND(c[D_RMD160][j]); count++) - RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0])); + EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160()); d=Time_F(STOP,usertime); BIO_printf(bio_err,"%ld %s's in %.2fs\n", count,names[D_RMD160],d); diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 17ed9f2f7f..0bba0861d1 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -259,7 +259,6 @@ int X509_ocspid_print (BIO *bp, X509 *x) unsigned char *dertmp; int derlen; int i; - SHA_CTX SHA1buf ; unsigned char SHA1md[SHA_DIGEST_LENGTH]; /* display the hash of the subject as it would appear @@ -271,9 +270,7 @@ int X509_ocspid_print (BIO *bp, X509 *x) goto err; i2d_X509_NAME(x->cert_info->subject, &dertmp); - SHA1_Init(&SHA1buf); - SHA1_Update(&SHA1buf, der, derlen); - SHA1_Final(SHA1md,&SHA1buf); + EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1()); for (i=0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; @@ -286,10 +283,8 @@ int X509_ocspid_print (BIO *bp, X509 *x) if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) goto err; - SHA1_Init(&SHA1buf); - SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data, - x->cert_info->key->public_key->length); - SHA1_Final(SHA1md,&SHA1buf); + EVP_Digest(x->cert_info->key->public_key->data, + x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1()); for (i=0; i < SHA_DIGEST_LENGTH; i++) { if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 0b61177515..7440e917a5 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -61,12 +61,12 @@ #ifdef GENUINE_DSA /* Parameter generation follows the original release of FIPS PUB 186, * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ -#define HASH SHA +#define HASH EVP_sha() #else /* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in * FIPS PUB 180-1) */ -#define HASH SHA1 +#define HASH EVP_sha1() #endif #ifndef OPENSSL_NO_SHA @@ -74,7 +74,7 @@ #include #include #include "cryptlib.h" -#include +#include #include #include #include @@ -158,8 +158,8 @@ DSA *DSA_generate_parameters(int bits, } /* step 2 */ - HASH(seed,SHA_DIGEST_LENGTH,md); - HASH(buf,SHA_DIGEST_LENGTH,buf2); + EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH); + EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH); for (i=0; i #include #include "cryptlib.h" -#include #include #include #include diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index e617ce1d43..1703a2457d 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -162,7 +162,7 @@ typedef struct ok_struct EVP_MD_CTX md; int blockout; /* output block is ready */ int sigio; /* must process signature */ - char buf[IOBS]; + unsigned char buf[IOBS]; } BIO_OK_CTX; static BIO_METHOD methods_ok= @@ -474,7 +474,7 @@ static void sig_out(BIO* b) ctx->buf_len+= md->digest->md_size; EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); - md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0])); + EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; ctx->blockout= 1; ctx->sigio= 0; @@ -498,7 +498,7 @@ static void sig_in(BIO* b) ctx->buf_off+= md->digest->md_size; EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); - md->digest->final(tmp, &(md->md.base[0])); + EVP_DigestFinal(md, tmp, NULL); ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; ctx->buf_off+= md->digest->md_size; if(ret == 1) @@ -531,7 +531,7 @@ static void block_out(BIO* b) memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); tl= swapem(tl); EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); - md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0])); + EVP_DigestFinal(md, &(ctx->buf[ctx->buf_len]), NULL); ctx->buf_len+= md->digest->md_size; ctx->blockout= 1; } @@ -551,7 +551,7 @@ static void block_in(BIO* b) if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); - md->digest->final(tmp, &(md->md.base[0])); + EVP_DigestFinal(md, tmp, NULL); if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0) { /* there might be parts from next block lurking around ! */ diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index 70725ef917..78901475eb 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -100,13 +100,15 @@ int main(int argc, char *argv[]) int i,err=0; char **P,**R; char *p; + unsigned char md[MD2_DIGEST_LENGTH]; P=test; R=ret; i=1; while (*P != NULL) { - p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL)); + EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2()); + p=pt(md); if (strcmp(p,*R) != 0) { printf("error calculating MD2 on '%s'\n",*P); diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c index 78bcd4394a..9e8cadb6cd 100644 --- a/crypto/md4/md4test.c +++ b/crypto/md4/md4test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include static char *test[]={ "", @@ -96,13 +96,15 @@ int main(int argc, char *argv[]) int i,err=0; unsigned char **P,**R; char *p; + unsigned char md[MD4_DIGEST_LENGTH]; P=(unsigned char **)test; R=(unsigned char **)ret; i=1; while (*P != NULL) { - p=pt(MD4(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating MD4 on '%s'\n",*P); diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index cf8cf51b6b..4e64319832 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include static char *test[]={ "", @@ -96,13 +96,15 @@ int main(int argc, char *argv[]) int i,err=0; unsigned char **P,**R; char *p; + unsigned char md[MD5_DIGEST_LENGTH]; P=(unsigned char **)test; R=(unsigned char **)ret; i=1; while (*P != NULL) { - p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating MD5 on '%s'\n",*P); diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c index 6a50e9debe..9507fed7db 100644 --- a/crypto/mdc2/mdc2test.c +++ b/crypto/mdc2/mdc2test.c @@ -71,7 +71,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -92,16 +92,16 @@ int main(int argc, char *argv[]) int ret=0; unsigned char md[MDC2_DIGEST_LENGTH]; int i; - MDC2_CTX c; + EVP_MD_CTX c; static char *text="Now is the time for all "; #ifdef CHARSET_EBCDIC ebcdic2ascii(text,text,strlen(text)); #endif - MDC2_Init(&c); - MDC2_Update(&c,(unsigned char *)text,strlen(text)); - MDC2_Final(&(md[0]),&c); + EVP_DigestInit(&c,EVP_mdc2()); + EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text)); + EVP_DigestFinal(&c,&(md[0]),NULL); if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0) { @@ -116,10 +116,10 @@ int main(int argc, char *argv[]) else printf("pad1 - ok\n"); - MDC2_Init(&c); - c.pad_type=2; - MDC2_Update(&c,(unsigned char *)text,strlen(text)); - MDC2_Final(&(md[0]),&c); + EVP_DigestInit(&c,EVP_mdc2()); + c.md.mdc2.pad_type=2; + EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text)); + EVP_DigestFinal(&c,&(md[0]),NULL); if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0) { diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 32b6e17c24..f67715e869 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -89,6 +89,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, HMAC_Update (&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); HMAC_Final (&hmac, mac, maclen); + HMAC_cleanup (&hmac); return 1; } diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index d4d2f36ad4..1c87f21171 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -264,7 +264,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) MD_Update(&m,buf,j); MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - MD_Final(local_md,&m); + MD_Final(&m,local_md); md_c[1]++; buf=(const char *)buf + j; @@ -457,7 +457,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) } else MD_Update(&m,&(state[st_idx]),j); - MD_Final(local_md,&m); + MD_Final(&m,local_md); for (i=0; i +#define MD_CTX EVP_MD_CTX +#define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) +#define MD_Final(a,b) EVP_DigestFinal(a,b,NULL) #if defined(USE_MD5_RAND) -#include #define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -#define MD(a,b,c) MD5(a,b,c) +#define MD_Init(a) EVP_DigestInit(a,EVP_md5()) +#define MD(a,b,c) EVP_Digest(a,b,c,EVP_md5()) #elif defined(USE_SHA1_RAND) -#include #define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define MD(a,b,c) SHA1(a,b,c) +#define MD_Init(a) EVP_DigestInit(a,EVP_sha1()) +#define MD(a,b,c) EVP_Digest(a,b,c,EVP_sha1()) #elif defined(USE_MDC2_RAND) -#include #define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -#define MD(a,b,c) MDC2(a,b,c) +#define MD_Init(a) EVP_DigestInit(a,EVP_mdc2()) +#define MD(a,b,c) EVP_Digest(a,b,c,EVP_mdc2()) #elif defined(USE_MD2_RAND) -#include #define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -#define MD(a,b,c) MD2(a,b,c) -#endif -#if defined(USE_MD5_RAND) -#include -#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -#define MD_CTX MD5_CTX -#define MD_Init(a) MD5_Init(a) -#define MD_Update(a,b,c) MD5_Update(a,b,c) -#define MD_Final(a,b) MD5_Final(a,b) -#define MD(a,b,c) MD5(a,b,c) -#elif defined(USE_SHA1_RAND) -#include -#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define MD_CTX SHA_CTX -#define MD_Init(a) SHA1_Init(a) -#define MD_Update(a,b,c) SHA1_Update(a,b,c) -#define MD_Final(a,b) SHA1_Final(a,b) -#define MD(a,b,c) SHA1(a,b,c) -#elif defined(USE_MDC2_RAND) -#include -#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -#define MD_CTX MDC2_CTX -#define MD_Init(a) MDC2_Init(a) -#define MD_Update(a,b,c) MDC2_Update(a,b,c) -#define MD_Final(a,b) MDC2_Final(a,b) -#define MD(a,b,c) MDC2(a,b,c) -#elif defined(USE_MD2_RAND) -#include -#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -#define MD_CTX MD2_CTX -#define MD_Init(a) MD2_Init(a) -#define MD_Update(a,b,c) MD2_Update(a,b,c) -#define MD_Final(a,b) MD2_Final(a,b) -#define MD(a,b,c) MD2(a,b,c) +#define MD_Init(a) EVP_DigestInit(a,EVP_md2()) +#define MD(a,b,c) EVP_Digest(a,b,c,EVP_md2()) #endif diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c index 75616c3179..c2165b0b75 100644 --- a/crypto/rc4/rc4.c +++ b/crypto/rc4/rc4.c @@ -162,7 +162,7 @@ bad: keystr=buf; } - MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md); + EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5()); memset(keystr,0,strlen(keystr)); RC4_set_key(&key,MD5_DIGEST_LENGTH,md); diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c index 6bc90d5afc..e1aae630e9 100644 --- a/crypto/ripemd/rmdtest.c +++ b/crypto/ripemd/rmdtest.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -102,6 +102,7 @@ int main(int argc, char *argv[]) int i,err=0; unsigned char **P,**R; char *p; + unsigned char md[RIPEMD160_DIGEST_LENGTH]; P=(unsigned char **)test; R=(unsigned char **)ret; @@ -111,7 +112,8 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P)); #endif - p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating RIPEMD160 on '%s'\n",*P); diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index a489639259..8da765e4d7 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -24,7 +24,7 @@ #include "cryptlib.h" #include #include -#include +#include #include int MGF1(unsigned char *mask, long len, @@ -62,7 +62,7 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, seed = to + 1; db = to + SHA_DIGEST_LENGTH + 1; - SHA1(param, plen, db); + EVP_Digest((void *)param, plen, db, NULL, EVP_sha1()); memset(db + SHA_DIGEST_LENGTH, 0, emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; @@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; - SHA1(param, plen, phash); + EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1()); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) goto decoding_err; @@ -159,24 +159,24 @@ int MGF1(unsigned char *mask, long len, { long i, outlen = 0; unsigned char cnt[4]; - SHA_CTX c; + EVP_MD_CTX c; unsigned char md[SHA_DIGEST_LENGTH]; for (i = 0; outlen < len; i++) { cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255, cnt[2] = (i >> 8) & 255, cnt[3] = i & 255; - SHA1_Init(&c); - SHA1_Update(&c, seed, seedlen); - SHA1_Update(&c, cnt, 4); + EVP_DigestInit(&c,EVP_sha1()); + EVP_DigestUpdate(&c, seed, seedlen); + EVP_DigestUpdate(&c, cnt, 4); if (outlen + SHA_DIGEST_LENGTH <= len) { - SHA1_Final(mask + outlen, &c); + EVP_DigestFinal(&c, mask + outlen, NULL); outlen += SHA_DIGEST_LENGTH; } else { - SHA1_Final(md, &c); + EVP_DigestFinal(&c, md, NULL); memcpy(mask + outlen, md, len - outlen); outlen = len; } diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 3b09039cc8..a915981b5b 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -106,7 +106,7 @@ int main(int argc, char *argv[]) unsigned char **P,**R; static unsigned char buf[1000]; char *p,*r; - SHA_CTX c; + EVP_MD_CTX c; unsigned char md[SHA_DIGEST_LENGTH]; #ifdef CHARSET_EBCDIC @@ -119,7 +119,8 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating SHA1 on '%s'\n",*P); @@ -137,10 +138,10 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); #endif /*CHARSET_EBCDIC*/ - SHA1_Init(&c); + EVP_DigestInit(&c,EVP_sha1()); for (i=0; i<1000; i++) - SHA1_Update(&c,buf,1000); - SHA1_Final(md,&c); + EVP_DigestUpdate(&c,buf,1000); + EVP_DigestFinal(&c,md,NULL); p=pt(md); r=bigret; diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c index d3bc4b58c9..d492c1515b 100644 --- a/crypto/sha/shatest.c +++ b/crypto/sha/shatest.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) return(0); } #else -#include +#include #ifdef CHARSET_EBCDIC #include @@ -106,7 +106,7 @@ int main(int argc, char *argv[]) unsigned char **P,**R; static unsigned char buf[1000]; char *p,*r; - SHA_CTX c; + EVP_MD_CTX c; unsigned char md[SHA_DIGEST_LENGTH]; #ifdef CHARSET_EBCDIC @@ -119,7 +119,8 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL)); + EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha()); + p=pt(md); if (strcmp(p,(char *)*R) != 0) { printf("error calculating SHA on '%s'\n",*P); @@ -137,10 +138,10 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); #endif /*CHARSET_EBCDIC*/ - SHA_Init(&c); + EVP_DigestInit(&c,EVP_sha()); for (i=0; i<1000; i++) - SHA_Update(&c,buf,1000); - SHA_Final(md,&c); + EVP_DigestUpdate(&c,buf,1000); + EVP_DigestFinal(&c,md,NULL); p=pt(md); r=bigret; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 7900185f95..1334ff631c 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -79,17 +79,17 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) unsigned long X509_issuer_and_serial_hash(X509 *a) { unsigned long ret=0; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char md[16]; char str[256]; X509_NAME_oneline(a->cert_info->issuer,str,256); ret=strlen(str); - MD5_Init(&ctx); - MD5_Update(&ctx,(unsigned char *)str,ret); - MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data, + EVP_DigestInit(&ctx,EVP_md5()); + EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); + EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, (unsigned long)a->cert_info->serialNumber->length); - MD5_Final(&(md[0]),&ctx); + EVP_DigestFinal(&ctx,&(md[0]),NULL); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) )&0xffffffffL; diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 09fde61b5b..40ca3779bf 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -61,7 +61,7 @@ #include #include #include -#include +#include static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -415,7 +415,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) void ssl2_generate_key_material(SSL *s) { unsigned int i; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; @@ -427,14 +427,14 @@ void ssl2_generate_key_material(SSL *s) km=s->s2->key_material; for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) { - MD5_Init(&ctx); + EVP_DigestInit(&ctx,EVP_md5()); - MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); - MD5_Update(&ctx,&c,1); + EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); + EVP_DigestUpdate(&ctx,&c,1); c++; - MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length); - MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length); - MD5_Final(km,&ctx); + EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); + EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); + EVP_DigestFinal(&ctx,km,NULL); km+=MD5_DIGEST_LENGTH; } } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 625e1ae276..a700c64417 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -60,8 +60,6 @@ #include #include #include -#include -#include #include #include "ssl_locl.h" diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index d1c1946e54..2fbfead2cf 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -57,8 +57,6 @@ */ #include -#include -#include #include #include "ssl_locl.h" @@ -83,8 +81,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { - MD5_CTX m5; - SHA_CTX s1; + EVP_MD_CTX m5; + EVP_MD_CTX s1; unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; unsigned char c='A'; int i,j,k; @@ -106,25 +104,25 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (j=0; jsession->master_key, + EVP_DigestInit(&s1,EVP_sha1()); + EVP_DigestUpdate(&s1,buf,k); + EVP_DigestUpdate(&s1,s->session->master_key, s->session->master_key_length); - SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); - SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); - SHA1_Final( smd,&s1); + EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&s1,smd,NULL); - MD5_Init( &m5); - MD5_Update(&m5,s->session->master_key, + EVP_DigestInit(&m5,EVP_md5()); + EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); - MD5_Update(&m5,smd,SHA_DIGEST_LENGTH); + EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); if ((i+MD5_DIGEST_LENGTH) > num) { - MD5_Final(smd,&m5); + EVP_DigestFinal(&m5,smd,NULL); memcpy(km,smd,(num-i)); } else - MD5_Final(km,&m5); + EVP_DigestFinal(&m5,km,NULL); km+=MD5_DIGEST_LENGTH; } @@ -142,7 +140,7 @@ int ssl3_change_cipher_state(SSL *s, int which) const EVP_CIPHER *c; COMP_METHOD *comp; const EVP_MD *m; - MD5_CTX md; + EVP_MD_CTX md; int exp,n,i,j,k,cl; exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); @@ -252,19 +250,19 @@ int ssl3_change_cipher_state(SSL *s, int which) /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ - MD5_Init(&md); - MD5_Update(&md,key,j); - MD5_Update(&md,er1,SSL3_RANDOM_SIZE); - MD5_Update(&md,er2,SSL3_RANDOM_SIZE); - MD5_Final(&(exp_key[0]),&md); + EVP_DigestInit(&md,EVP_md5()); + EVP_DigestUpdate(&md,key,j); + EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&md,&(exp_key[0]),NULL); key= &(exp_key[0]); if (k > 0) { - MD5_Init(&md); - MD5_Update(&md,er1,SSL3_RANDOM_SIZE); - MD5_Update(&md,er2,SSL3_RANDOM_SIZE); - MD5_Final(&(exp_iv[0]),&md); + EVP_DigestInit(&md,EVP_md5()); + EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&md,&(exp_iv[0]),NULL); iv= &(exp_iv[0]); } } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 31f4f80779..1c57296297 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -110,8 +110,6 @@ */ #include -#include -#include #include #include "ssl_locl.h" diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 0b0eceedb0..09fcc59d00 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -64,8 +64,6 @@ #include #include #include -#include -#include #include #include #include "ssl_locl.h" diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index d3a15e3441..97d92cacd0 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -58,8 +58,6 @@ #include #include -#include -#include #include #include #include "ssl_locl.h" @@ -78,6 +76,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, chunk=EVP_MD_size(md); HMAC_Init(&ctx,sec,sec_len,md); + HMAC_Init(&ctx_tmp,sec,sec_len,md); HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); @@ -85,8 +84,9 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, for (;;) { HMAC_Init(&ctx,NULL,0,NULL); /* re-init */ + HMAC_Init(&ctx_tmp,NULL,0,NULL); /* re-init */ HMAC_Update(&ctx,A1,A1_len); - memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */ + HMAC_Update(&ctx_tmp,A1,A1_len); HMAC_Update(&ctx,seed,seed_len); if (olen > chunk) @@ -642,6 +642,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) HMAC_Update(&hmac,buf,5); HMAC_Update(&hmac,rec->input,rec->length); HMAC_Final(&hmac,md,&md_size); + HMAC_cleanup(&hmac); #ifdef TLS_DEBUG printf("sec="); -- GitLab