[PATCH] Digest Processing Always using EVP layer & HMACProcessing

[Verdon Walker]

This is a resend of patches submitted against 0.9.6a that we had some dialog on last week. This patch is against the current development build openssl-snap-20010503.   Note that the submission is from the USA and is CC'd to [EMAIL PROTECTED] even though it does not change any cryptographic code, only the functions that call cryptographic routines.   The patch does the following:   We are currently modifying OpenSSL to use a different crypto lib (for license and export reasons). One thing I have done to help reduce the entry points into our code is replace all calls directly to digest functions (MD5_Init, SHA1_Update, etc.) to always use the EVP layer. I think this is a useful cleanup item to be patched into the openssl source so I am submitting this patch.   I replaced all direct references to digest functions in the ssl directory to call EVP functions. I believe that I also replaced all calls in the crypto and apps code. I also removed any references to the md5.h, sha.h, etc. header files in the sll directory.   The patch also addresses this issue:   Basically, in tls1_P_hash() (in ssl/t1_enc.c), the assumption is made that an HMAC_CTX can be used multiple times by simply memcpy'ing it into a temporary structure. This works if the context is a complete representation of the entire state of the HMAC. It may not work if the ctx has pointers or references to additional information that is not copied by this process (as is the case with the crypto lib we are using). This problem is fairly simple to fix in this case because the temporary context can simply be computed along side the other rather than memcpy to it. (This may be slightly less efficient, but is certainly a cleaner implementation.)   This patch also includes a couple of fixes to code that use HMAC, but never call HMAC_cleanup. This is critical, again, if the HMAC_CTX contains any references to other objects that must be cleaned up.   The code passes all tests in test.bat. It was built on WindowsNT but should be portable to all platforms.   Any questions, comments or concerns, please contact me. Thanks.     Verdon Walker (801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com