I wholeheartedly agree on the static buffer in EVP_Digest(). I
didn't want to add it and it doesn't look like anyone uses it, but I added it to
keep the functionality consistent.
I did discover that I missed one place where digests are
still called directly in the RAND code. (We are using our own library for
rand functions so I overlooked it.) See the attached patch for a fix to use the
EVP layer in rand. (I also included a copy of rand_lcl.h since the patch output
makes it difficult to see what changed in that file.) I did take the liberty to
swap the arguments to MD_Final so that the context comes first (matches EVP
order and seems more consistent with other calls).
I appreciate your feedback. In general, is this type of patch useful for me to submit? You mentioned that some of the work is already done in 0.9.7 so am I submitting redundant changes? What criteria should I use when determining what patches to submit? We are making a number of changes to OpenSSL in order to replace the standard crypto lib, but I only want to submit changes that are generally useful to whole OpenSSL community. Any guidelines would be appreciated. Thanks. Verdon Walker
(801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com >>> [EMAIL PROTECTED] 04/25/01 07:03PM >>> > Verdon Walker wrote: > > We are currently modifying OpenSSL to use a different crypto lib (for > license and export reasons). One thing I have done to help reduce the > entry points into our code is replace all calls directly to digest > functions (MD5_Init, SHA1_Update, etc.) to always use the EVP layer. I > think this is a useful cleanup item to be patched into the openssl > source so I am submitting this patch. > > I created a new function called "EVP_Digest" to replace calls to MD5, > SHA1, etc. I replaced all direct references to digest functions in the > ssl directory to call EVP functions. I believe that I also replaced > all calls in the crypto and apps code. I also removed any references > to the md5.h, sha.h, etc. header files in the sll directory. > > This patch was built using a clean version of 0.9.6a. The code passes > all tests in test.bat. It was built on WindowsNT but should be > portable to all platforms. > > Note: The patch has been copied to [EMAIL PROTECTED] since it > orignates in the USA. The code changes are not in any cryptographic > functions only in the code calling the cryptographic functions. > > I hope that I have submitted this patch correctly. Please let me know > if there is anything more I need to do. I hope the diff is OK. I am > developing on Windows 2000 and my version of diff does not have a -u > option. I hope the slightly different format is OK. > > Any questions, comments or concerns, please contact me. Thanks. > I agree that the applications, and indeed the library should not make low level digest calls and should use EVP. This kind of thing will be needed when/if when digests get added to ENGINE anyway. There is already an EVP_Digest() function in OpenSSL 0.9.7-dev which has similar functionality, except it doesn't use the static buffer if md is NULL which isn't threadsafe anyway. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] |