You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2023/02/28 20:34:16 UTC
[trafficserver] branch master updated: Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469)
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 2c1c6d263 Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469)
2c1c6d263 is described below
commit 2c1c6d2632f147e6858bc758ba7c4ffbc163dc65
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Feb 28 13:34:04 2023 -0700
Use deprecated OpenSSL APIs for MD5 and SHA256 if available (#9469)
---
configure.ac | 2 ++
include/tscore/MD5.h | 42 +++++++++++++++++++++++++++++++++++++++++-
include/tscore/SHA256.h | 38 +++++++++++++++++++++++++++++++++++++-
3 files changed, 80 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 41271b89b..096c08257 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1331,6 +1331,8 @@ AC_CHECK_FUNCS([ \
X509_get0_signature \
ERR_get_error_all \
SHA1 \
+ SHA256_Init \
+ MD5_Init \
SSL_SESSION_dup \
])
diff --git a/include/tscore/MD5.h b/include/tscore/MD5.h
index 8b1e5bb26..b26a2e1ca 100644
--- a/include/tscore/MD5.h
+++ b/include/tscore/MD5.h
@@ -25,29 +25,69 @@
#include "tscore/ink_defs.h"
#include "tscore/CryptoHash.h"
+#if HAVE_MD5_INIT
+#include <openssl/md5.h>
+#else
#include <openssl/evp.h>
+#endif
class MD5Context : public ats::CryptoContextBase
{
public:
MD5Context()
{
+#if HAVE_MD5_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ MD5_Init(&_md5ctx);
+#pragma GCC diagnostic pop
+#else
_ctx = EVP_MD_CTX_new();
EVP_DigestInit_ex(_ctx, EVP_md5(), nullptr);
+#endif
+ }
+ ~MD5Context()
+ {
+#if HAVE_MD5_INIT
+ // _md5ctx does not need to be freed
+#else
+ EVP_MD_CTX_free(_ctx);
+#endif
}
- ~MD5Context() { EVP_MD_CTX_free(_ctx); }
/// Update the hash with @a data of @a length bytes.
bool
update(void const *data, int length) override
{
+#if HAVE_MD5_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ return MD5_Update(&_md5ctx, data, length);
+#pragma GCC diagnostic pop
+#else
return EVP_DigestUpdate(_ctx, data, length);
+#endif
}
/// Finalize and extract the @a hash.
bool
finalize(CryptoHash &hash) override
{
+#if HAVE_MD5_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ return MD5_Final(hash.u8, &_md5ctx);
+#pragma GCC diagnostic pop
+#else
return EVP_DigestFinal_ex(_ctx, hash.u8, nullptr);
+#endif
}
+
+#if HAVE_MD5_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+private:
+ MD5_CTX _md5ctx;
+#pragma GCC diagnostic pop
+#endif
};
typedef CryptoHash INK_MD5;
diff --git a/include/tscore/SHA256.h b/include/tscore/SHA256.h
index 446ae0cb8..268908d9b 100644
--- a/include/tscore/SHA256.h
+++ b/include/tscore/SHA256.h
@@ -25,27 +25,63 @@
#include "tscore/ink_defs.h"
#include "tscore/CryptoHash.h"
+#if HAVE_SHA256_INIT
+#include <openssl/sha.h>
+#else
#include <openssl/evp.h>
+#endif
class SHA256Context : public ats::CryptoContextBase
{
public:
SHA256Context()
{
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ SHA256_Init(&_sha256ctx);
+#pragma GCC diagnostic pop
+#else
_ctx = EVP_MD_CTX_new();
EVP_DigestInit_ex(_ctx, EVP_sha256(), nullptr);
+#endif
+ }
+ ~SHA256Context()
+ {
+#if HAVE_SHA256_INIT
+ // _sha256ctx does not need to be freed
+#else
+ EVP_MD_CTX_free(_ctx);
+#endif
}
- ~SHA256Context() { EVP_MD_CTX_free(_ctx); }
/// Update the hash with @a data of @a length bytes.
bool
update(void const *data, int length) override
{
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ return SHA256_Update(&_sha256ctx, data, length);
+#pragma GCC diagnostic pop
+#else
return EVP_DigestUpdate(_ctx, data, length);
+#endif
}
/// Finalize and extract the @a hash.
bool
finalize(CryptoHash &hash) override
{
+#if HAVE_SHA256_INIT
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+ return SHA256_Final(hash.u8, &_sha256ctx);
+#pragma GCC diagnostic pop
+#else
return EVP_DigestFinal_ex(_ctx, hash.u8, nullptr);
+#endif
}
+#if HAVE_SHA256_INIT
+private:
+ SHA256_CTX _sha256ctx;
+#endif
};