You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2023/03/05 17:26:35 UTC

[trafficserver] branch 9.2.x updated: Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469) (#9473)

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.2.x by this push:
     new b83f53581 Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469) (#9473)
b83f53581 is described below

commit b83f535817373339d49b3a10a20fc587443ddc98
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Sun Mar 5 10:26:28 2023 -0700

    Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469) (#9473)
    
    * Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469)
    
    (cherry picked from commit 2c1c6d2632f147e6858bc758ba7c4ffbc163dc65)
    
     Conflicts:
            include/tscore/INK_MD5.h
            include/tscore/SHA256.h
    
    * Fix compile errors
---
 configure.ac            |  2 ++
 include/tscore/SHA256.h | 48 +++++++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index aee344338..481897f31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1327,6 +1327,8 @@ AC_CHECK_FUNCS([ \
   X509_get0_signature \
   ERR_get_error_all \
   SHA1 \
+  SHA256_Init \
+  MD5_Init \
   SSL_SESSION_dup \
 ])
 
diff --git a/include/tscore/SHA256.h b/include/tscore/SHA256.h
index cbe8a5903..933d0ce28 100644
--- a/include/tscore/SHA256.h
+++ b/include/tscore/SHA256.h
@@ -26,30 +26,68 @@
 #include "tscore/ink_code.h"
 #include "tscore/ink_defs.h"
 #include "tscore/CryptoHash.h"
+#if HAVE_SHA256_INIT
+#include <openssl/sha.h>
+#else
 #include <openssl/evp.h>
+#endif
 
 class SHA256Context : public ats::CryptoContextBase
 {
+#ifndef HAVE_SHA256_INIT
 protected:
   EVP_MD_CTX *ctx;
+#endif
 
 public:
   SHA256Context()
   {
-    ctx = EVP_MD_CTX_new();
-    EVP_DigestInit_ex(ctx, EVP_sha256(), nullptr);
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    SHA256_Init(&_sha256ctx);
+#pragma GCC diagnostic pop
+#else
+    _ctx = EVP_MD_CTX_new();
+    EVP_DigestInit_ex(_ctx, EVP_sha256(), nullptr);
+#endif
+  }
+  ~SHA256Context()
+  {
+#if HAVE_SHA256_INIT
+    // _sha256ctx does not need to be freed
+#else
+    EVP_MD_CTX_free(_ctx);
+#endif
   }
-  ~SHA256Context() { EVP_MD_CTX_free(ctx); }
   /// Update the hash with @a data of @a length bytes.
   bool
   update(void const *data, int length) override
   {
-    return EVP_DigestUpdate(ctx, data, length);
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    return SHA256_Update(&_sha256ctx, data, length);
+#pragma GCC diagnostic pop
+#else
+    return EVP_DigestUpdate(_ctx, data, length);
+#endif
   }
   /// Finalize and extract the @a hash.
   bool
   finalize(CryptoHash &hash) override
   {
-    return EVP_DigestFinal_ex(ctx, hash.u8, nullptr);
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    return SHA256_Final(hash.u8, &_sha256ctx);
+#pragma GCC diagnostic pop
+#else
+    return EVP_DigestFinal_ex(_ctx, hash.u8, nullptr);
+#endif
   }
+#if HAVE_SHA256_INIT
+private:
+  SHA256_CTX _sha256ctx;
+#endif
 };