You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2023/03/05 17:26:35 UTC
[trafficserver] branch 9.2.x updated: Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469) (#9473)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.2.x by this push:
new b83f53581 Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469) (#9473)
b83f53581 is described below
commit b83f535817373339d49b3a10a20fc587443ddc98
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Sun Mar 5 10:26:28 2023 -0700
Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469) (#9473)
* Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469)
(cherry picked from commit 2c1c6d2632f147e6858bc758ba7c4ffbc163dc65)
Conflicts:
include/tscore/INK_MD5.h
include/tscore/SHA256.h
* Fix compile errors
---
configure.ac | 2 ++
include/tscore/SHA256.h | 48 +++++++++++++++++++++++++++++++++++++++++++-----
2 files changed, 45 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index aee344338..481897f31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1327,6 +1327,8 @@ AC_CHECK_FUNCS([ \
X509_get0_signature \
ERR_get_error_all \
SHA1 \
+ SHA256_Init \
+ MD5_Init \
SSL_SESSION_dup \
])
diff --git a/include/tscore/SHA256.h b/include/tscore/SHA256.h
index cbe8a5903..933d0ce28 100644
--- a/include/tscore/SHA256.h
+++ b/include/tscore/SHA256.h
@@ -26,30 +26,68 @@
#include "tscore/ink_code.h"
#include "tscore/ink_defs.h"
#include "tscore/CryptoHash.h"
+#if HAVE_SHA256_INIT
+#include <openssl/sha.h>
+#else
#include <openssl/evp.h>
+#endif
class SHA256Context : public ats::CryptoContextBase
{
+#ifndef HAVE_SHA256_INIT
protected:
EVP_MD_CTX *ctx;
+#endif
public:
SHA256Context()
{
- ctx = EVP_MD_CTX_new();
- EVP_DigestInit_ex(ctx, EVP_sha256(), nullptr);
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ SHA256_Init(&_sha256ctx);
+#pragma GCC diagnostic pop
+#else
+ _ctx = EVP_MD_CTX_new();
+ EVP_DigestInit_ex(_ctx, EVP_sha256(), nullptr);
+#endif
+ }
+ ~SHA256Context()
+ {
+#if HAVE_SHA256_INIT
+ // _sha256ctx does not need to be freed
+#else
+ EVP_MD_CTX_free(_ctx);
+#endif
}
- ~SHA256Context() { EVP_MD_CTX_free(ctx); }
/// Update the hash with @a data of @a length bytes.
bool
update(void const *data, int length) override
{
- return EVP_DigestUpdate(ctx, data, length);
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ return SHA256_Update(&_sha256ctx, data, length);
+#pragma GCC diagnostic pop
+#else
+ return EVP_DigestUpdate(_ctx, data, length);
+#endif
}
/// Finalize and extract the @a hash.
bool
finalize(CryptoHash &hash) override
{
- return EVP_DigestFinal_ex(ctx, hash.u8, nullptr);
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ return SHA256_Final(hash.u8, &_sha256ctx);
+#pragma GCC diagnostic pop
+#else
+ return EVP_DigestFinal_ex(_ctx, hash.u8, nullptr);
+#endif
}
+#if HAVE_SHA256_INIT
+private:
+ SHA256_CTX _sha256ctx;
+#endif
};