Commit 323f289c authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files 

Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
parent a45e4a55

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -11,6 +11,11 @@ 
         *) applies to 0.9.6a (/0.9.6b) and 0.9.7

         +) applies to 0.9.7 only



  *) Change all calls to low level digest routines in the library and

     applications to use EVP. Add missing calls to HMAC_cleanup() and

     don't assume HMAC_CTX can be copied using memcpy().

     [Verdon Walker <VWalker@novell.com>, Steve Henson]



  +) Add the possibility to control engines through control names but with

     arbitrary arguments instead of just a string.

     Change the key loaders to take a UI_METHOD instead of a callback

apps/enc.c

+0 −3
Original line number Diff line number Diff line
@@ -66,9 +66,6 @@ 
#include <openssl/objects.h>

#include <openssl/x509.h>

#include <openssl/rand.h>

#ifndef OPENSSL_NO_MD5

#include <openssl/md5.h>

#endif

#include <openssl/pem.h>

#include <openssl/engine.h>

#include <ctype.h>

apps/passwd.c

+27 −27
Original line number Diff line number Diff line
@@ -20,7 +20,7 @@ 
# include <openssl/des.h>

#endif

#ifndef NO_MD5CRYPT_1

# include <openssl/md5.h>

# include <openssl/evp.h>

#endif
@@ -310,7 +310,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) 
	unsigned char buf[MD5_DIGEST_LENGTH];

	char *salt_out;

	int n, i;

	MD5_CTX md;

	EVP_MD_CTX md;

	size_t passwd_len, salt_len;



	passwd_len = strlen(passwd);
@@ -325,48 +325,48 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) 
	salt_len = strlen(salt_out);

	assert(salt_len <= 8);

	

	MD5_Init(&md);

	MD5_Update(&md, passwd, passwd_len);

	MD5_Update(&md, "$", 1);

	MD5_Update(&md, magic, strlen(magic));

	MD5_Update(&md, "$", 1);

	MD5_Update(&md, salt_out, salt_len);

	EVP_DigestInit(&md,EVP_md5());

	EVP_DigestUpdate(&md, passwd, passwd_len);

	EVP_DigestUpdate(&md, "$", 1);

	EVP_DigestUpdate(&md, magic, strlen(magic));

	EVP_DigestUpdate(&md, "$", 1);

	EVP_DigestUpdate(&md, salt_out, salt_len);

	

	 {

		MD5_CTX md2;

		EVP_MD_CTX md2;



		MD5_Init(&md2);

		MD5_Update(&md2, passwd, passwd_len);

		MD5_Update(&md2, salt_out, salt_len);

		MD5_Update(&md2, passwd, passwd_len);

		MD5_Final(buf, &md2);

		EVP_DigestInit(&md2,EVP_md5());

		EVP_DigestUpdate(&md2, passwd, passwd_len);

		EVP_DigestUpdate(&md2, salt_out, salt_len);

		EVP_DigestUpdate(&md2, passwd, passwd_len);

		EVP_DigestFinal(&md2, buf, NULL);

	 }

	for (i = passwd_len; i > sizeof buf; i -= sizeof buf)

		MD5_Update(&md, buf, sizeof buf);

	MD5_Update(&md, buf, i);

		EVP_DigestUpdate(&md, buf, sizeof buf);

	EVP_DigestUpdate(&md, buf, i);

	

	n = passwd_len;

	while (n)

		{

		MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);

		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);

		n >>= 1;

		}

	MD5_Final(buf, &md);

	EVP_DigestFinal(&md, buf, NULL);



	for (i = 0; i < 1000; i++)

		{

		MD5_CTX md2;

		EVP_MD_CTX md2;



		MD5_Init(&md2);

		MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,

		EVP_DigestInit(&md2,EVP_md5());

		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,

		                       (i & 1) ? passwd_len : sizeof buf);

		if (i % 3)

			MD5_Update(&md2, salt_out, salt_len);

			EVP_DigestUpdate(&md2, salt_out, salt_len);

		if (i % 7)

			MD5_Update(&md2, passwd, passwd_len);

		MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,

			EVP_DigestUpdate(&md2, passwd, passwd_len);

		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,

		                       (i & 1) ? sizeof buf : passwd_len);

		MD5_Final(buf, &md2);

		EVP_DigestFinal(&md2, buf, NULL);

		}

	

	 {

apps/speed.c

+7 −6
Original line number Diff line number Diff line
@@ -924,7 +924,7 @@ int MAIN(int argc, char **argv) 
			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);

			Time_F(START,usertime);

			for (count=0,run=1; COND(c[D_MD2][j]); count++)

				MD2(buf,(unsigned long)lengths[j],&(md2[0]));

				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2());

			d=Time_F(STOP,usertime);

			BIO_printf(bio_err,"%ld %s's in %.2fs\n",

				count,names[D_MD2],d);
@@ -940,7 +940,7 @@ int MAIN(int argc, char **argv) 
			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);

			Time_F(START,usertime);

			for (count=0,run=1; COND(c[D_MDC2][j]); count++)

				MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));

				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2());

			d=Time_F(STOP,usertime);

			BIO_printf(bio_err,"%ld %s's in %.2fs\n",

				count,names[D_MDC2],d);
@@ -957,7 +957,7 @@ int MAIN(int argc, char **argv) 
			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);

			Time_F(START,usertime);

			for (count=0,run=1; COND(c[D_MD4][j]); count++)

				MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));

				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4());

			d=Time_F(STOP,usertime);

			BIO_printf(bio_err,"%ld %s's in %.2fs\n",

				count,names[D_MD4],d);
@@ -974,7 +974,7 @@ int MAIN(int argc, char **argv) 
			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);

			Time_F(START,usertime);

			for (count=0,run=1; COND(c[D_MD5][j]); count++)

				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));

				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_md5());

			d=Time_F(STOP,usertime);

			BIO_printf(bio_err,"%ld %s's in %.2fs\n",

				count,names[D_MD5],d);
@@ -1005,6 +1005,7 @@ int MAIN(int argc, char **argv) 
				count,names[D_HMAC],d);

			results[D_HMAC][j]=((double)count)/d*lengths[j];

			}

		HMAC_cleanup(&hctx);

		}

#endif

#ifndef OPENSSL_NO_SHA
@@ -1015,7 +1016,7 @@ int MAIN(int argc, char **argv) 
			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);

			Time_F(START,usertime);

			for (count=0,run=1; COND(c[D_SHA1][j]); count++)

				SHA1(buf,(unsigned long)lengths[j],&(sha[0]));

				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1());

			d=Time_F(STOP,usertime);

			BIO_printf(bio_err,"%ld %s's in %.2fs\n",

				count,names[D_SHA1],d);
@@ -1031,7 +1032,7 @@ int MAIN(int argc, char **argv) 
			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);

			Time_F(START,usertime);

			for (count=0,run=1; COND(c[D_RMD160][j]); count++)

				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));

				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160());

			d=Time_F(STOP,usertime);

			BIO_printf(bio_err,"%ld %s's in %.2fs\n",

				count,names[D_RMD160],d);

crypto/asn1/t_x509.c

+3 −8
Original line number Diff line number Diff line
@@ -259,7 +259,6 @@ int X509_ocspid_print (BIO *bp, X509 *x) 
	unsigned char *dertmp;

	int derlen;

	int i;

	SHA_CTX SHA1buf ;

	unsigned char SHA1md[SHA_DIGEST_LENGTH];



	/* display the hash of the subject as it would appear
@@ -271,9 +270,7 @@ int X509_ocspid_print (BIO *bp, X509 *x) 
		goto err;

	i2d_X509_NAME(x->cert_info->subject, &dertmp);



	SHA1_Init(&SHA1buf);

	SHA1_Update(&SHA1buf, der, derlen);

	SHA1_Final(SHA1md,&SHA1buf);

	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1());

	for (i=0; i < SHA_DIGEST_LENGTH; i++)

		{

		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
@@ -286,10 +283,8 @@ int X509_ocspid_print (BIO *bp, X509 *x) 
	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)

		goto err;



	SHA1_Init(&SHA1buf);

	SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,

		x->cert_info->key->public_key->length);

	SHA1_Final(SHA1md,&SHA1buf);

	EVP_Digest(x->cert_info->key->public_key->data,

		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1());

	for (i=0; i < SHA_DIGEST_LENGTH; i++)

		{

		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)