sha256: avoid functions deprecated in OpenSSL 3+

OpenSSL 3+ deprecates the SHA256_Init, SHA256_Update, and SHA256_Final
functions, leading to errors when building with `DEVELOPER=1'.

Use the newer EVP_* API with OpenSSL 3+ despite being more
error-prone and less efficient due to heap allocations.

Signed-off-by: Eric Wong <e@80x24.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Makefile b/Makefile
index e440728c2461b9367e01db5a817ae48479afcf65..29f6d3b31eaf30007b947abf982d2c7e07783de6 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -3215,6 +3215,9 @@ $(SP_OBJ): %.sp: %.c %.o
 sparse: $(SP_OBJ)
 
 EXCEPT_HDRS := $(GENERATED_H) unicode-width.h compat/% xdiff/%
+ifndef OPENSSL_SHA256
+       EXCEPT_HDRS += sha256/openssl.h
+endif
 ifndef NETTLE_SHA256
        EXCEPT_HDRS += sha256/nettle.h
 endif

diff --git a/hash-ll.h b/hash-ll.h
index 80509251370523029710e2e691b832e601be939f..5173a2698cea5cdd22eb0fb290fe21aec712bf21 100644 (file)
--- a/hash-ll.h
+++ b/hash-ll.h
@@ -17,7 +17,11 @@
 #define SHA256_NEEDS_CLONE_HELPER
 #include "sha256/gcrypt.h"
 #elif defined(SHA256_OPENSSL)
-#include <openssl/sha.h>
+#  include <openssl/sha.h>
+#  if defined(OPENSSL_API_LEVEL) && OPENSSL_API_LEVEL >= 3
+#    define SHA256_NEEDS_CLONE_HELPER
+#    include "sha256/openssl.h"
+#  endif
 #else
 #include "sha256/block/sha256.h"
 #endif

diff --git a/sha256/openssl.h b/sha256/openssl.h
new file mode 100644 (file)
index 0000000..c1083d9
--- /dev/null
+++ b/sha256/openssl.h
@@ -0,0 +1,49 @@
+/* wrappers for the EVP API of OpenSSL 3+ */
+#ifndef SHA256_OPENSSL_H
+#define SHA256_OPENSSL_H
+#include <openssl/evp.h>
+
+struct openssl_SHA256_CTX {
+       EVP_MD_CTX *ectx;
+};
+
+typedef struct openssl_SHA256_CTX openssl_SHA256_CTX;
+
+static inline void openssl_SHA256_Init(struct openssl_SHA256_CTX *ctx)
+{
+       const EVP_MD *type = EVP_sha256();
+
+       ctx->ectx = EVP_MD_CTX_new();
+       if (!ctx->ectx)
+               die("EVP_MD_CTX_new: out of memory");
+
+       EVP_DigestInit_ex(ctx->ectx, type, NULL);
+}
+
+static inline void openssl_SHA256_Update(struct openssl_SHA256_CTX *ctx,
+                                       const void *data,
+                                       size_t len)
+{
+       EVP_DigestUpdate(ctx->ectx, data, len);
+}
+
+static inline void openssl_SHA256_Final(unsigned char *digest,
+                                      struct openssl_SHA256_CTX *ctx)
+{
+       EVP_DigestFinal_ex(ctx->ectx, digest, NULL);
+       EVP_MD_CTX_free(ctx->ectx);
+}
+
+static inline void openssl_SHA256_Clone(struct openssl_SHA256_CTX *dst,
+                                       const struct openssl_SHA256_CTX *src)
+{
+       EVP_MD_CTX_copy_ex(dst->ectx, src->ectx);
+}
+
+#define platform_SHA256_CTX openssl_SHA256_CTX
+#define platform_SHA256_Init openssl_SHA256_Init
+#define platform_SHA256_Clone openssl_SHA256_Clone
+#define platform_SHA256_Update openssl_SHA256_Update
+#define platform_SHA256_Final openssl_SHA256_Final
+
+#endif /* SHA256_OPENSSL_H */