From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Tue, 8 Feb 2022 16:45:53 +0000 (+0100)
Subject: MINOR: ssl: Use high level OpenSSL APIs in sha2 converter
X-Git-Tag: v2.6-dev2~196
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2559bc831885b7a8462822eee5c2b78232a60ea0;p=thirdparty%2Fhaproxy.git

MINOR: ssl: Use high level OpenSSL APIs in sha2 converter

The sha2 converter's implementation used low level interfaces such as
SHA256_Update which are flagged as deprecated starting from OpenSSLv3.
This patch replaces those calls by EVP ones which already existed on
older versions. It should be fully isofunctional.
---

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index ca09829b1d..191c54a40f 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -117,58 +117,39 @@ static int sample_conv_sha2(const struct arg *arg_p, struct sample *smp, void *p
 {
 	struct buffer *trash = get_trash_chunk();
 	int bits = 256;
+	EVP_MD_CTX *mdctx;
+	const EVP_MD *evp = NULL;
+	unsigned int digest_length = 0;
 	if (arg_p->data.sint)
 		bits = arg_p->data.sint;
 
 	switch (bits) {
-	case 224: {
-		SHA256_CTX ctx;
-
-		memset(&ctx, 0, sizeof(ctx));
-
-		SHA224_Init(&ctx);
-		SHA224_Update(&ctx, smp->data.u.str.area, smp->data.u.str.data);
-		SHA224_Final((unsigned char *) trash->area, &ctx);
-		trash->data = SHA224_DIGEST_LENGTH;
+	case 224:
+		evp = EVP_sha224();
 		break;
-	}
-	case 256: {
-		SHA256_CTX ctx;
-
-		memset(&ctx, 0, sizeof(ctx));
-
-		SHA256_Init(&ctx);
-		SHA256_Update(&ctx, smp->data.u.str.area, smp->data.u.str.data);
-		SHA256_Final((unsigned char *) trash->area, &ctx);
-		trash->data = SHA256_DIGEST_LENGTH;
+	case 256:
+		evp = EVP_sha256();
 		break;
-	}
-	case 384: {
-		SHA512_CTX ctx;
-
-		memset(&ctx, 0, sizeof(ctx));
-
-		SHA384_Init(&ctx);
-		SHA384_Update(&ctx, smp->data.u.str.area, smp->data.u.str.data);
-		SHA384_Final((unsigned char *) trash->area, &ctx);
-		trash->data = SHA384_DIGEST_LENGTH;
+	case 384:
+		evp = EVP_sha384();
 		break;
-	}
-	case 512: {
-		SHA512_CTX ctx;
-
-		memset(&ctx, 0, sizeof(ctx));
-
-		SHA512_Init(&ctx);
-		SHA512_Update(&ctx, smp->data.u.str.area, smp->data.u.str.data);
-		SHA512_Final((unsigned char *) trash->area, &ctx);
-		trash->data = SHA512_DIGEST_LENGTH;
+	case 512:
+		evp = EVP_sha512();
 		break;
-	}
 	default:
 		return 0;
 	}
 
+	mdctx = EVP_MD_CTX_new();
+	if (!mdctx)
+		return 0;
+	EVP_DigestInit_ex(mdctx, evp, NULL);
+	EVP_DigestUpdate(mdctx, smp->data.u.str.area, smp->data.u.str.data);
+	EVP_DigestFinal_ex(mdctx, (unsigned char*)trash->area, &digest_length);
+	trash->data = digest_length;
+
+	EVP_MD_CTX_free(mdctx);
+
 	smp->data.u.str = *trash;
 	smp->data.type = SMP_T_BIN;
 	smp->flags &= ~SMP_F_CONST;