You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2023/02/28 20:34:16 UTC

[trafficserver] branch master updated: Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469)

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 2c1c6d263 Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469)
2c1c6d263 is described below

commit 2c1c6d2632f147e6858bc758ba7c4ffbc163dc65
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Feb 28 13:34:04 2023 -0700

    Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469)
---
 configure.ac            |  2 ++
 include/tscore/MD5.h    | 42 +++++++++++++++++++++++++++++++++++++++++-
 include/tscore/SHA256.h | 38 +++++++++++++++++++++++++++++++++++++-
 3 files changed, 80 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 41271b89b..096c08257 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1331,6 +1331,8 @@ AC_CHECK_FUNCS([ \
   X509_get0_signature \
   ERR_get_error_all \
   SHA1 \
+  SHA256_Init \
+  MD5_Init \
   SSL_SESSION_dup \
 ])
 
diff --git a/include/tscore/MD5.h b/include/tscore/MD5.h
index 8b1e5bb26..b26a2e1ca 100644
--- a/include/tscore/MD5.h
+++ b/include/tscore/MD5.h
@@ -25,29 +25,69 @@
 
 #include "tscore/ink_defs.h"
 #include "tscore/CryptoHash.h"
+#if HAVE_MD5_INIT
+#include <openssl/md5.h>
+#else
 #include <openssl/evp.h>
+#endif
 
 class MD5Context : public ats::CryptoContextBase
 {
 public:
   MD5Context()
   {
+#if HAVE_MD5_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    MD5_Init(&_md5ctx);
+#pragma GCC diagnostic pop
+#else
     _ctx = EVP_MD_CTX_new();
     EVP_DigestInit_ex(_ctx, EVP_md5(), nullptr);
+#endif
+  }
+  ~MD5Context()
+  {
+#if HAVE_MD5_INIT
+    // _md5ctx does not need to be freed
+#else
+    EVP_MD_CTX_free(_ctx);
+#endif
   }
-  ~MD5Context() { EVP_MD_CTX_free(_ctx); }
   /// Update the hash with @a data of @a length bytes.
   bool
   update(void const *data, int length) override
   {
+#if HAVE_MD5_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    return MD5_Update(&_md5ctx, data, length);
+#pragma GCC diagnostic pop
+#else
     return EVP_DigestUpdate(_ctx, data, length);
+#endif
   }
   /// Finalize and extract the @a hash.
   bool
   finalize(CryptoHash &hash) override
   {
+#if HAVE_MD5_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    return MD5_Final(hash.u8, &_md5ctx);
+#pragma GCC diagnostic pop
+#else
     return EVP_DigestFinal_ex(_ctx, hash.u8, nullptr);
+#endif
   }
+
+#if HAVE_MD5_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+private:
+  MD5_CTX _md5ctx;
+#pragma GCC diagnostic pop
+#endif
 };
 
 typedef CryptoHash INK_MD5;
diff --git a/include/tscore/SHA256.h b/include/tscore/SHA256.h
index 446ae0cb8..268908d9b 100644
--- a/include/tscore/SHA256.h
+++ b/include/tscore/SHA256.h
@@ -25,27 +25,63 @@
 
 #include "tscore/ink_defs.h"
 #include "tscore/CryptoHash.h"
+#if HAVE_SHA256_INIT
+#include <openssl/sha.h>
+#else
 #include <openssl/evp.h>
+#endif
 
 class SHA256Context : public ats::CryptoContextBase
 {
 public:
   SHA256Context()
   {
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    SHA256_Init(&_sha256ctx);
+#pragma GCC diagnostic pop
+#else
     _ctx = EVP_MD_CTX_new();
     EVP_DigestInit_ex(_ctx, EVP_sha256(), nullptr);
+#endif
+  }
+  ~SHA256Context()
+  {
+#if HAVE_SHA256_INIT
+    // _sha256ctx does not need to be freed
+#else
+    EVP_MD_CTX_free(_ctx);
+#endif
   }
-  ~SHA256Context() { EVP_MD_CTX_free(_ctx); }
   /// Update the hash with @a data of @a length bytes.
   bool
   update(void const *data, int length) override
   {
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    return SHA256_Update(&_sha256ctx, data, length);
+#pragma GCC diagnostic pop
+#else
     return EVP_DigestUpdate(_ctx, data, length);
+#endif
   }
   /// Finalize and extract the @a hash.
   bool
   finalize(CryptoHash &hash) override
   {
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+    return SHA256_Final(hash.u8, &_sha256ctx);
+#pragma GCC diagnostic pop
+#else
     return EVP_DigestFinal_ex(_ctx, hash.u8, nullptr);
+#endif
   }
+#if HAVE_SHA256_INIT
+private:
+  SHA256_CTX _sha256ctx;
+#endif
 };