Provide further abstractions to the OpenSSL integration work

libclamav/7z/Xz.c

@@ -59,9 +59,7 @@ void XzCheck_Init(CXzCheck *p, int mode)
     case XZ_CHECK_CRC32: p->crc = CRC_INIT_VAL; break;
     case XZ_CHECK_CRC64: p->crc64 = CRC64_INIT_VAL; break;
     case XZ_CHECK_SHA256:
-        p->sha = EVP_MD_CTX_create();
-        if ((p->sha))
-            EVP_DigestInit_ex(p->sha, EVP_sha256(), NULL);
+        p->sha = cl_hash_init("sha256");
         break;
   }
 }
@@ -74,7 +72,7 @@ void XzCheck_Update(CXzCheck *p, const void *data, size_t size)
     case XZ_CHECK_CRC64: p->crc64 = Crc64Update(p->crc64, data, size); break;
     case XZ_CHECK_SHA256:
         if ((p->sha))
-            EVP_DigestUpdate(p->sha, (const Byte *)data, size);
+            cl_update_hash(p->sha, (const Byte *)data, size);
         break;
   }
 }
@@ -98,8 +96,7 @@ int XzCheck_Final(CXzCheck *p, Byte *digest)
       if (!(p->sha))
           return 0;
 
-      EVP_DigestFinal_ex(p->sha, digest, NULL);
-      EVP_MD_CTX_destroy(p->sha);
+      cl_finish_hash(p->sha, digest);
       break;
     default:
       return 0;

libclamav/7z/Xz.h

@@ -81,7 +81,7 @@ typedef struct
   int mode;
   UInt32 crc;
   UInt64 crc64;
-  EVP_MD_CTX *sha;
+  void *sha;
 } CXzCheck;
 
 void XzCheck_Init(CXzCheck *p, int mode);
@@ -217,7 +217,7 @@ typedef struct
   CMixCoder decoder;
   CXzBlock block;
   CXzCheck check;
-  EVP_MD_CTX *sha;
+  void *sha;
   Byte shaDigest[SHA256_DIGEST_SIZE];
   Byte buf[XZ_BLOCK_HEADER_SIZE_MAX];
 } CXzUnpacker;

libclamav/7z/XzDec.c

@@ -652,7 +652,7 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,
         unsigned num = Xz_WriteVarInt(temp, p->packSize + p->blockHeaderSize + XzFlags_GetCheckSize(p->streamFlags));
         num += Xz_WriteVarInt(temp + num, p->unpackSize);
         if ((p->sha))
-            EVP_DigestUpdate(p->sha, temp, num);
+            cl_update_hash(p->sha, temp, num);
         p->indexSize += num;
         p->numBlocks++;
         
@@ -687,9 +687,7 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,
         {
           RINOK(Xz_ParseHeader(&p->streamFlags, p->buf));
           p->state = XZ_STATE_BLOCK_HEADER;
-          p->sha = EVP_MD_CTX_create();
-          if ((p->sha))
-              EVP_DigestInit_ex(p->sha, EVP_sha256(), NULL);
+          p->sha = cl_hash_init("sha256");
           p->indexSize = 0;
           p->numBlocks = 0;
           p->pos = 0;
@@ -709,11 +707,8 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,
             p->indexPos = p->indexPreSize;
             p->indexSize += p->indexPreSize;
             if ((p->sha)) {
-                EVP_DigestFinal_ex(p->sha, p->shaDigest, NULL);
-                EVP_MD_CTX_destroy(p->sha);
-                p->sha = EVP_MD_CTX_create();
-                if ((p->sha))
-                    EVP_DigestInit_ex(p->sha, EVP_sha256(), NULL);
+                cl_finish_hash(p->sha, p->shaDigest);
+                p->sha = cl_hash_init("sha256");
             }
             p->crc = CrcUpdate(CRC_INIT_VAL, p->buf, p->indexPreSize);
             p->state = XZ_STATE_STREAM_INDEX;
@@ -793,7 +788,7 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,
               srcRem = (SizeT)cur;
             p->crc = CrcUpdate(p->crc, src, srcRem);
             if ((p->sha))
-                EVP_DigestUpdate(p->sha, src, srcRem);
+                cl_update_hash(p->sha, src, srcRem);
             (*srcLen) += srcRem;
             src += srcRem;
             p->indexPos += srcRem;
@@ -814,10 +809,8 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,
             p->state = XZ_STATE_STREAM_INDEX_CRC;
             p->indexSize += 4;
             p->pos = 0;
-            if ((p->sha)) {
-                EVP_DigestFinal_ex(p->sha, digest, NULL);
-                EVP_MD_CTX_destroy(p->sha);
-            }
+            if ((p->sha))
+                cl_finish_hash(p->sha, digest);
 
             if (memcmp(digest, p->shaDigest, SHA256_DIGEST_SIZE) != 0)
               return SZ_ERROR_CRC;

libclamav/asn1.c

@@ -752,7 +752,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
     unsigned int dsize, message_size, attrs_size;
     cli_crt_hashtype hashtype;
     cli_crt *x509;
-    EVP_MD_CTX *ctx;
+    void *ctx;
     int result;
     int isBlacklisted = 0;
 
@@ -1042,15 +1042,13 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
 	    break;
 	}
 
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init("sha1");
     if (!(ctx))
         break;
 
-    EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
-	EVP_DigestUpdate(ctx, "\x31", 1);
-	EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);
-	EVP_DigestFinal_ex(ctx, sha1, NULL);
-    EVP_MD_CTX_destroy(ctx);
+	cl_update_hash(ctx, "\x31", 1);
+	cl_update_hash(ctx, attrs + 1, attrs_size - 1);
+	cl_finish_hash(ctx, sha1);
 
 	if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) {
 	    cli_dbgmsg("asn1_parse_mscat: failed to read encryptedDigest\n");
@@ -1288,25 +1286,21 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
 	}
 
 	if(hashtype == CLI_SHA1RSA) {
-        ctx = EVP_MD_CTX_create();
+        ctx = cl_hash_init("sha1");
         if (!(ctx))
             break;
 
-        EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
-        EVP_DigestUpdate(ctx, "\x31", 1);
-        EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);
-        EVP_DigestFinal_ex(ctx, sha1, NULL);
-        EVP_MD_CTX_destroy(ctx);
+        cl_update_hash(ctx, "\x31", 1);
+        cl_update_hash(ctx, attrs + 1, attrs_size - 1);
+        cl_finish_hash(ctx, sha1);
 	} else {
-        ctx = EVP_MD_CTX_create();
+        ctx = cl_hash_init("md5");
         if (!(ctx))
             break;
 
-        EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(ctx, "\x31", 1);
-        EVP_DigestUpdate(ctx, attrs + 1, attrs_size - 1);
-        EVP_DigestFinal_ex(ctx, sha1, NULL);
-        EVP_MD_CTX_destroy(ctx);
+        cl_update_hash(ctx, "\x31", 1);
+        cl_update_hash(ctx, attrs + 1, attrs_size - 1);
+        cl_finish_hash(ctx, sha1);
 	}
 
 	if(!fmap_need_ptr_once(map, asn1.content, asn1.size)) {

libclamav/cache.c

@@ -905,7 +905,7 @@ void cache_remove(unsigned char *md5, size_t size, const struct cl_engine *engin
 int cache_check(unsigned char *hash, cli_ctx *ctx) {
     fmap_t *map;
     size_t todo, at = 0;
-    EVP_MD_CTX *hashctx;
+    void *hashctx;
     int ret;
 
     if(!ctx || !ctx->engine || !ctx->engine->cache)
@@ -919,30 +919,31 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) {
     map = *ctx->fmap;
     todo = map->len;
 
-    hashctx = EVP_MD_CTX_create();
+    hashctx = cl_hash_init("md5");
     if (!(hashctx))
         return CL_VIRUS;
 
-    EVP_DigestInit_ex(hashctx, EVP_md5(), NULL);
 
     while(todo) {
         const void *buf;
         size_t readme = todo < FILEBUFF ? todo : FILEBUFF;
 
-        if(!(buf = fmap_need_off_once(map, at, readme)))
+        if(!(buf = fmap_need_off_once(map, at, readme))) {
+            cl_hash_destroy(hashctx);
             return CL_EREAD;
+        }
 
         todo -= readme;
         at += readme;
 
-        if (!EVP_DigestUpdate(hashctx, buf, readme)) {
+        if (cl_update_hash(hashctx, buf, readme)) {
+            cl_hash_destroy(hashctx);
             cli_errmsg("cache_check: error reading while generating hash!\n");
             return CL_EREAD;
         }
     }
 
-    EVP_DigestFinal_ex(hashctx, hash, NULL);
-    EVP_MD_CTX_destroy(hashctx);
+    cl_finish_hash(hashctx, hash);
 
     ret = cache_lookup_hash(hash, map->len, ctx->engine->cache, ctx->recursion);
     cli_dbgmsg("cache_check: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x is %s\n", hash[0], hash[1], hash[2], hash[3], hash[4], hash[5], hash[6], hash[7], hash[8], hash[9], hash[10], hash[11], hash[12], hash[13], hash[14], hash[15], (ret == CL_VIRUS) ? "negative" : "positive");

libclamav/crypto.c

@@ -1017,3 +1017,59 @@ X509_CRL *cl_load_crl(const char *file)
 
     return x;
 }
+
+void *cl_hash_init(const char *alg)
+{
+    EVP_MD_CTX *ctx;
+    const EVP_MD *md;
+
+    md = EVP_get_digestbyname(alg);
+    if (!(md))
+        return NULL;
+
+    ctx = EVP_MD_CTX_create();
+    if (!(ctx)) {
+        return NULL;
+    }
+
+    if (!EVP_DigestInit_ex(ctx, md, NULL)) {
+        EVP_MD_CTX_destroy(ctx);
+        return NULL;
+    }
+
+    return (void *)ctx;
+}
+
+int cl_update_hash(void *ctx, void *data, size_t sz)
+{
+    if (!(ctx) || !(data))
+        return -1;
+
+    if (!EVP_DigestUpdate((EVP_MD_CTX *)ctx, data, sz))
+        return -1;
+
+    return 0;
+}
+
+int cl_finish_hash(void *ctx, void *buf)
+{
+    int res=0;
+
+    if (!(ctx) || !(buf))
+        return -1;
+
+    if (!EVP_DigestFinal_ex((EVP_MD_CTX *)ctx, (unsigned char *)buf, NULL))
+        res = -1;
+
+    EVP_MD_CTX_destroy((EVP_MD_CTX *)ctx);
+
+    return res;
+}
+
+void cl_hash_destroy(void *ctx)
+{
+    if (!(ctx))
+        return;
+
+    EVP_MD_CTX_destroy((EVP_MD_CTX *)ctx);
+}

libclamav/crypto.h

@@ -270,6 +270,11 @@ unsigned char *cl_sign_file_fp(FILE *fp, EVP_PKEY *pkey, char *alg, unsigned int
  */
 EVP_PKEY *cl_get_pkey_file(char *keypath);
 
+void *cl_hash_init(const char *alg);
+int cl_update_hash(void *ctx, void *data, size_t sz);
+int cl_finish_hash(void *ctx, void *buf);
+void cl_hash_destroy(void *ctx);
+
 /**
  * @}
  */

libclamav/cvd.c

@@ -199,7 +199,7 @@ static void cli_tgzload_cleanup(int comp, struct cli_dbio *dbio, int fdd)
     }
 
     if (dbio->hashctx) {
-        EVP_MD_CTX_destroy(dbio->hashctx);
+        cl_hash_destroy(dbio->hashctx);
         dbio->hashctx = NULL;
     }
 }
@@ -321,12 +321,11 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un
 	dbio->bufpt = NULL;
 	dbio->readpt = dbio->buf;
     if (!(dbio->hashctx)) {
-        dbio->hashctx = EVP_MD_CTX_create();
+        dbio->hashctx = cl_hash_init("sha256");
         if (!(dbio->hashctx)) {
             cli_tgzload_cleanup(compr, dbio, fdd);
             return CL_EMALFDB;
         }
-        EVP_DigestInit_ex(dbio->hashctx, EVP_sha256(), NULL);
     }
 	dbio->bread = 0;
 
@@ -361,8 +360,12 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un
 			cli_tgzload_cleanup(compr, dbio, fdd);
 			return CL_EMALFDB;
 		    }
-            EVP_DigestFinal_ex(dbio->hashctx, hash, NULL);
-            EVP_DigestInit_ex(dbio->hashctx, EVP_sha256(), NULL);
+            cl_finish_hash(dbio->hashctx, hash);
+            dbio->hashctx = cl_hash_init("sha256");
+            if (!(dbio->hashctx)) {
+                cli_tgzload_cleanup(compr, dbio, fdd);
+                return CL_EMALFDB;
+            }
 		    if(memcmp(db->hash, hash, 32)) {
 			cli_errmsg("cli_tgzload: Invalid checksum for file %s\n", name);
 			cli_tgzload_cleanup(compr, dbio, fdd);

libclamav/cvd.h

@@ -32,7 +32,7 @@ struct cli_dbio {
     char *buf, *bufpt, *readpt;
     unsigned int usebuf, bufsize, readsize;
     unsigned int chkonly;
-    EVP_MD_CTX *hashctx;
+    void *hashctx;
 };
 
 int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, unsigned int dbtype, const char *filename, unsigned int chkonly);

libclamav/dsig.c

@@ -158,7 +158,7 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n
 	unsigned char *decoded, digest1[HASH_LEN], digest2[HASH_LEN], digest3[HASH_LEN], *salt;
 	unsigned char mask[BLK_LEN], data[BLK_LEN], final[8 + 2 * HASH_LEN], c[4];
 	unsigned int i, rounds;
-    EVP_MD_CTX *ctx;
+    void *ctx;
 	mp_int n, e;
 
     mp_init(&e);
@@ -187,15 +187,13 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n
 	c[2] = (unsigned char) (i / 256);
 	c[3] = (unsigned char) i;
 
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init("sha256");
     if (!(ctx))
         return CL_EMEM;
 
-    EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
-	EVP_DigestUpdate(ctx, digest2, HASH_LEN);
-	EVP_DigestUpdate(ctx, c, 4);
-	EVP_DigestFinal_ex(ctx, digest3, NULL);
-    EVP_MD_CTX_destroy(ctx);
+	cl_update_hash(ctx, digest2, HASH_LEN);
+	cl_update_hash(ctx, c, 4);
+	cl_finish_hash(ctx, digest3);
 	if(i + 1 == rounds)
             memcpy(&data[i * 32], digest3, BLK_LEN - i * HASH_LEN);
 	else
@@ -217,14 +215,12 @@ int cli_versig2(const unsigned char *sha256, const char *dsig_str, const char *n
     memcpy(&final[8], sha256, HASH_LEN);
     memcpy(&final[8 + HASH_LEN], salt, SALT_LEN);
 
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init("sha256");
     if (!(ctx))
         return CL_EMEM;
 
-    EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
-	EVP_DigestUpdate(ctx, final, sizeof(final));
-	EVP_DigestFinal_ex(ctx, digest1, NULL);
-    EVP_MD_CTX_destroy(ctx);
+	cl_update_hash(ctx, final, sizeof(final));
+	cl_finish_hash(ctx, digest1);
 
     return memcmp(digest1, digest2, HASH_LEN) ? CL_EVERIFY : CL_SUCCESS;
 }

libclamav/hostid.c

@@ -244,7 +244,7 @@ char *internal_get_host_id(void)
     unsigned char raw_md5[16];
     char *printable_md5;
     struct device *devices;
-    EVP_MD_CTX *ctx;
+    void *ctx;
 
     devices = get_devices();
     if (!(devices))
@@ -256,7 +256,7 @@ char *internal_get_host_id(void)
         return NULL;
     }
 
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init("md5");
     if (!(ctx)) {
         for (i=0; devices[i].name != NULL; i++)
             free(devices[i].name);
@@ -267,12 +267,10 @@ char *internal_get_host_id(void)
         return NULL;
     }
 
-    EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
     for (i=0; devices[i].name != NULL; i++)
-        EVP_DigestUpdate(ctx, devices[i].mac, sizeof(devices[i].mac));
+        cl_update_hash(ctx, devices[i].mac, sizeof(devices[i].mac));
 
-    EVP_DigestFinal_ex(ctx, raw_md5, NULL);
-    EVP_MD_CTX_destroy(ctx);
+    cl_finish_hash(ctx, raw_md5);
 
     for (i=0; devices[i].name != NULL; i++)
         free(devices[i].name);

libclamav/libclamav.map

@@ -51,6 +51,10 @@ CLAMAV_PUBLIC {
     cl_engine_set_clcb_stats_get_num;
     cl_engine_set_clcb_stats_get_size;
     cl_engine_set_clcb_stats_get_hostid;
+    cl_hash_init;
+    cl_update_hash;
+    cl_finish_hash;
+    cl_hash_destroy;
 };
 CLAMAV_PRIVATE {
   global:

libclamav/matcher.c

@@ -721,42 +721,30 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
     const char *virname = NULL;
     uint32_t viroffset = 0;
     uint32_t viruses_found = 0;
-    EVP_MD_CTX *md5ctx, *sha1ctx, *sha256ctx;
+    void *md5ctx, *sha1ctx, *sha256ctx;
 
     if(!ctx->engine) {
         cli_errmsg("cli_scandesc: engine == NULL\n");
         return CL_ENULLARG;
     }
 
-    md5ctx = EVP_MD_CTX_create();
+    md5ctx = cl_hash_init("md5");
     if (!(md5ctx))
         return CL_EMEM;
 
-    sha1ctx = EVP_MD_CTX_create();
+    sha1ctx = cl_hash_init("sha1");
     if (!(sha1ctx)) {
-        EVP_MD_CTX_destroy(md5ctx);
+        cl_hash_destroy(md5ctx);
         return CL_EMEM;
     }
 
-    sha256ctx = EVP_MD_CTX_create();
+    sha256ctx = cl_hash_init("sha256");
     if (!(sha256ctx)) {
-        EVP_MD_CTX_destroy(md5ctx);
-        EVP_MD_CTX_destroy(sha1ctx);
+        cl_hash_destroy(md5ctx);
+        cl_hash_destroy(sha1ctx);
         return CL_EMEM;
     }
 
-    if (!EVP_DigestInit_ex(md5ctx, EVP_md5(), NULL)) {
-        return CL_CLEAN;
-    }
-
-    if (!EVP_DigestInit_ex(sha1ctx, EVP_sha1(), NULL)) {
-        return CL_CLEAN;
-    }
-
-    if (!EVP_DigestInit_ex(sha256ctx, EVP_sha256(), NULL)) {
-        return CL_CLEAN;
-    }
-
     if(!ftonly)
         groot = ctx->engine->root[0]; /* generic signatures */
 
@@ -774,9 +762,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
 
     if(ftonly) {
         if(!troot) {
-            EVP_MD_CTX_destroy(md5ctx);
-            EVP_MD_CTX_destroy(sha1ctx);
-            EVP_MD_CTX_destroy(sha256ctx);
+            cl_hash_destroy(md5ctx);
+            cl_hash_destroy(sha1ctx);
+            cl_hash_destroy(sha256ctx);
             return CL_CLEAN;
         }
 
@@ -796,9 +784,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
                 free(info.exeinfo.section);
 
             cli_hashset_destroy(&info.exeinfo.vinfo);
-            EVP_MD_CTX_destroy(md5ctx);
-            EVP_MD_CTX_destroy(sha1ctx);
-            EVP_MD_CTX_destroy(sha256ctx);
+            cl_hash_destroy(md5ctx);
+            cl_hash_destroy(sha1ctx);
+            cl_hash_destroy(sha256ctx);
             return ret;
         }
     }
@@ -811,9 +799,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
                 free(info.exeinfo.section);
 
             cli_hashset_destroy(&info.exeinfo.vinfo);
-            EVP_MD_CTX_destroy(md5ctx);
-            EVP_MD_CTX_destroy(sha1ctx);
-            EVP_MD_CTX_destroy(sha256ctx);
+            cl_hash_destroy(md5ctx);
+            cl_hash_destroy(sha1ctx);
+            cl_hash_destroy(sha256ctx);
             return ret;
         }
         if(troot->bm_offmode) {
@@ -827,9 +815,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
                         free(info.exeinfo.section);
 
                     cli_hashset_destroy(&info.exeinfo.vinfo);
-                    EVP_MD_CTX_destroy(md5ctx);
-                    EVP_MD_CTX_destroy(sha1ctx);
-                    EVP_MD_CTX_destroy(sha256ctx);
+                    cl_hash_destroy(md5ctx);
+                    cl_hash_destroy(sha1ctx);
+                    cl_hash_destroy(sha256ctx);
                     return ret;
                 }
 
@@ -896,9 +884,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
                     free(info.exeinfo.section);
 
                 cli_hashset_destroy(&info.exeinfo.vinfo);
-                EVP_MD_CTX_destroy(md5ctx);
-                EVP_MD_CTX_destroy(sha1ctx);
-                EVP_MD_CTX_destroy(sha256ctx);
+                cl_hash_destroy(md5ctx);
+                cl_hash_destroy(sha1ctx);
+                cl_hash_destroy(sha256ctx);
                 return ret;
             }
         }
@@ -935,11 +923,11 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
                 uint32_t data_len = bytes - maxpatlen * (offset!=0);
 
                 if(compute_hash[CLI_HASH_MD5])
-                    EVP_DigestUpdate(md5ctx, data, data_len);
+                    cl_update_hash(md5ctx, data, data_len);
                 if(compute_hash[CLI_HASH_SHA1])
-                    EVP_DigestUpdate(sha1ctx, data, data_len);
+                    cl_update_hash(sha1ctx, data, data_len);
                 if(compute_hash[CLI_HASH_SHA256])
-                    EVP_DigestUpdate(sha256ctx, data, data_len);
+                    cl_update_hash(sha256ctx, data, data_len);
             }
         }
 
@@ -958,15 +946,18 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
         enum CLI_HASH_TYPE hashtype, hashtype2;
 
         if(compute_hash[CLI_HASH_MD5]) {
-            EVP_DigestFinal_ex(md5ctx, digest[CLI_HASH_MD5], NULL);
+            cl_finish_hash(md5ctx, digest[CLI_HASH_MD5]);
+            md5ctx = NULL;
         }
         if(refhash)
             compute_hash[CLI_HASH_MD5] = 1;
         if(compute_hash[CLI_HASH_SHA1]) {
-            EVP_DigestFinal_ex(sha1ctx, digest[CLI_HASH_SHA1], NULL);
+            cl_finish_hash(sha1ctx, digest[CLI_HASH_SHA1]);
+            sha1ctx = NULL;
         }
         if(compute_hash[CLI_HASH_SHA256]) {
-            EVP_DigestFinal_ex(sha256ctx, digest[CLI_HASH_SHA256], NULL);
+            cl_finish_hash(sha256ctx, digest[CLI_HASH_SHA256]);
+            sha256ctx = NULL;
         }
 
         virname = NULL;
@@ -1024,9 +1015,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
         }
     }
 
-    EVP_MD_CTX_destroy(md5ctx);
-    EVP_MD_CTX_destroy(sha1ctx);
-    EVP_MD_CTX_destroy(sha256ctx);
+    cl_hash_destroy(md5ctx);
+    cl_hash_destroy(sha1ctx);
+    cl_hash_destroy(sha256ctx);
 
     if(troot) {
         if(ret != CL_VIRUS || SCAN_ALL)

libclamav/others.c

@@ -880,25 +880,33 @@ char *cli_hashstream(FILE *fs, unsigned char *digcpy, int type)
     unsigned char digest[32];
     char buff[FILEBUFF];
     char *hashstr, *pt;
+    const char *alg=NULL;
     int i, bytes, size;
-    EVP_MD_CTX *ctx;
+    void *ctx;
+
+    switch (type) {
+        case 1:
+            alg = "md5";
+            size = 16;
+            break;
+        case 2:
+            alg = "sha1";
+            size = 20;
+            break;
+        default:
+            alg = "sha256";
+            size = 32;
+            break;
+    }
 
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init(alg);
     if (!(ctx))
         return NULL;
 
-    if(type == 1)
-        EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
-    else if(type == 2)
-        EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
-    else
-        EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
-
     while((bytes = fread(buff, 1, FILEBUFF, fs)))
-        EVP_DigestUpdate(ctx, buff, bytes);
+        cl_update_hash(ctx, buff, bytes);
 
-    EVP_DigestFinal_ex(ctx, digest, &size);
-    EVP_MD_CTX_destroy(ctx);
+    cl_finish_hash(ctx, digest);
 
     if(!(hashstr = (char *) cli_calloc(size*2 + 1, sizeof(char))))
         return NULL;

libclamav/pe.c

@@ -2800,7 +2800,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin
     struct cli_exe_section *exe_sections;
     struct pe_image_data_dir *dirs;
     fmap_t *map = *ctx->fmap;
-    EVP_MD_CTX *hashctx=NULL;
+    void *hashctx=NULL;
 
     if (flags & CL_CHECKFP_PE_FLAG_STATS)
         if (!(hashes))
@@ -2927,13 +2927,11 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin
     }
 
     cli_qsort(exe_sections, nsections, sizeof(*exe_sections), sort_sects);
-    hashctx = EVP_MD_CTX_create();
+    hashctx = cl_hash_init("sha1");
     if (!(hashctx)) {
         if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE)
             flags ^= CL_CHECKFP_PE_FLAG_AUTHENTICODE;
     }
-    if (hashctx)
-        EVP_DigestInit_ex(hashctx, EVP_sha1(), NULL);
 
     if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE) {
         /* Check to see if we have a security section. */
@@ -2943,7 +2941,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin
                 flags ^= CL_CHECKFP_PE_FLAG_AUTHENTICODE;
             } else {
                 if (hashctx)
-                    EVP_MD_CTX_destroy(hashctx);
+                    cl_hash_destroy(hashctx);
                 return CL_BREAK;
             }
         }
@@ -2956,19 +2954,17 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin
         if(!(hptr = fmap_need_off_once(map, where, size))){ \
             free(exe_sections); \
             if (hashctx) \
-                EVP_MD_CTX_destroy(hashctx); \
+                cl_hash_destroy(hashctx); \
             return CL_EFORMAT; \
         } \
         if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE && hashctx) \
-            EVP_DigestUpdate(hashctx, hptr, size); \
+            cl_update_hash(hashctx, hptr, size); \
         if (isStatAble && flags & CL_CHECKFP_PE_FLAG_STATS) { \
-            EVP_MD_CTX *md5ctx; \
-            md5ctx = EVP_MD_CTX_create(); \
+            void *md5ctx; \
+            md5ctx = cl_hash_init("md5"); \
             if (md5ctx) { \
-                EVP_DigestInit_ex(md5ctx, EVP_md5(), NULL); \
-                EVP_DigestUpdate(md5ctx, hptr, size); \
-                EVP_DigestFinal_ex(md5ctx, hashes->sections[section].md5, NULL); \
-                EVP_MD_CTX_destroy(md5ctx); \
+                cl_update_hash(md5ctx, hptr, size); \
+                cl_finish_hash(md5ctx, hashes->sections[section].md5); \
             } \
         } \
     } while(0)
@@ -2995,7 +2991,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin
             } else {
                 free(exe_sections);
                 if (hashctx)
-                    EVP_MD_CTX_destroy(hashctx);
+                    cl_hash_destroy(hashctx);
                 return CL_EFORMAT;
             }
         }
@@ -3028,7 +3024,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin
                 } else {
                     free(exe_sections);
                     if (hashctx)
-                        EVP_MD_CTX_destroy(hashctx);
+                        cl_hash_destroy(hashctx);
                     return CL_EFORMAT;
                 }
             }
@@ -3044,7 +3040,7 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin
     free(exe_sections);
 
     if (flags & CL_CHECKFP_PE_FLAG_AUTHENTICODE && hashctx) {
-        EVP_DigestFinal_ex(hashctx, authsha1, NULL);
+        cl_finish_hash(hashctx, authsha1);
 
         if(cli_debug_flag) {
             char shatxt[SHA1_HASH_SIZE*2+1];
@@ -3059,11 +3055,10 @@ int cli_checkfp_pe(cli_ctx *ctx, uint8_t *authsha1, stats_section_t *hashes, uin
 
         hlen -= 8;
 
-        EVP_MD_CTX_destroy(hashctx);
         return asn1_check_mscat((struct cl_engine *)(ctx->engine), map, at + 8, hlen, authsha1);
     } else {
         if (hashctx)
-            EVP_MD_CTX_destroy(hashctx);
+            cl_hash_destroy(hashctx);
         return CL_VIRUS;
     }
 }

libclamav/phishcheck.c

@@ -1202,17 +1202,15 @@ static int hash_match(const struct regex_matcher *rlist, const char *host, size_
 	    unsigned char h[65];
 	    unsigned char sha256_dig[32];
 	    unsigned i;
-        EVP_MD_CTX *sha256;
+        void *sha256;
 
-        sha256 = EVP_MD_CTX_create();
+        sha256 = cl_hash_init("sha256");
         if (!(sha256))
             return CL_EMEM;
 
-        EVP_DigestInit_ex(sha256, EVP_sha256(), NULL);
-        EVP_DigestUpdate(sha256, host, hlen);
-        EVP_DigestUpdate(sha256, path, plen);
-        EVP_DigestFinal_ex(sha256, sha256_dig, NULL);
-        EVP_MD_CTX_destroy(sha256);
+        cl_update_hash(sha256, host, hlen);
+        cl_update_hash(sha256, path, plen);
+        cl_finish_hash(sha256, sha256_dig);
 
 	    for(i=0;i<32;i++) {
 		h[2*i] = hexchars[sha256_dig[i]>>4];

libclamav/readdb.c

@@ -421,7 +421,7 @@ char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio)
 		dbio->size -= bread;
 		dbio->bread += bread;
         if (dbio->hashctx)
-            EVP_DigestUpdate(dbio->hashctx, dbio->readpt, bread);
+            cl_update_hash(dbio->hashctx, dbio->readpt, bread);
 	    }
 	    if(dbio->chkonly && dbio->bufpt) {
 		dbio->bufpt = NULL;
@@ -479,7 +479,7 @@ char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio)
 	dbio->size -= bs;
 	dbio->bread += bs;
     if (dbio->hashctx)
-        EVP_DigestUpdate(dbio->hashctx, buff, bs);
+        cl_update_hash(dbio->hashctx, buff, bs);
 	return pt;
     }
 }
@@ -1733,7 +1733,7 @@ static int cli_loadinfo(FILE *fs, struct cl_engine *engine, unsigned int options
 	unsigned char hash[32];
         struct cli_dbinfo *last = NULL, *new;
 	int ret = CL_SUCCESS, dsig = 0;
-    EVP_MD_CTX *ctx;
+    void *ctx;
 
 
     if(!dbio) {
@@ -1741,18 +1741,15 @@ static int cli_loadinfo(FILE *fs, struct cl_engine *engine, unsigned int options
 	return CL_EMALFDB;
     }
 
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init("sha256");
     if (!(ctx))
         return CL_EMALFDB;
 
-    EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
-
     while(cli_dbgets(buffer, FILEBUFF, fs, dbio)) {
 	line++;
 	if(!(options & CL_DB_UNSIGNED) && !strncmp(buffer, "DSIG:", 5)) {
 	    dsig = 1;
-	    EVP_DigestFinal_ex(ctx, hash, NULL);
-        EVP_MD_CTX_destroy(ctx);
+	    cl_finish_hash(ctx, hash);
 	    if(cli_versig2(hash, buffer + 5, INFO_NSTR, INFO_ESTR) != CL_SUCCESS) {
 		cli_errmsg("cli_loadinfo: Incorrect digital signature\n");
 		ret = CL_EMALFDB;
@@ -1770,7 +1767,7 @@ static int cli_loadinfo(FILE *fs, struct cl_engine *engine, unsigned int options
             buffer[len + 1] = 0;
         }
     }
-	EVP_DigestUpdate(ctx, buffer, strlen(buffer));
+	cl_update_hash(ctx, buffer, strlen(buffer));
 	cli_chomp(buffer);
 	if(!strncmp("ClamAV-VDB:", buffer, 11)) {
 	    if(engine->dbinfo) { /* shouldn't be initialized at this point */

libclamav/xar.c

@@ -325,26 +325,24 @@ static int xar_scan_subdocuments(xmlTextReaderPtr reader, cli_ctx *ctx)
     return rc;
 }
 
-static EVP_MD_CTX * xar_hash_init(int hash, EVP_MD_CTX **sc, EVP_MD_CTX **mc)
+static void * xar_hash_init(int hash, void **sc, void **mc)
 {
     if (!sc && !mc)
         return NULL;
     switch (hash) {
     case XAR_CKSUM_SHA1:
-        *sc = EVP_MD_CTX_create();
+        *sc = cl_hash_init("sha1");
         if (!(*sc)) {
             return NULL;
         }
 
-        EVP_DigestInit_ex(*sc, EVP_sha1(), NULL);
         return *sc;
     case XAR_CKSUM_MD5:
-        *mc = EVP_MD_CTX_create();
+        *mc = cl_hash_init("md5");
         if (!(*mc)) {
             return NULL;
         }
 
-        EVP_DigestInit_ex(*mc, EVP_md5(), NULL);
         return *mc;
     case XAR_CKSUM_OTHER:
     case XAR_CKSUM_NONE:
@@ -353,7 +351,7 @@ static EVP_MD_CTX * xar_hash_init(int hash, EVP_MD_CTX **sc, EVP_MD_CTX **mc)
     }
 }
 
-static void xar_hash_update(EVP_MD_CTX * hash_ctx, const void * data, unsigned long size, int hash)
+static void xar_hash_update(void * hash_ctx, const void * data, unsigned long size, int hash)
 {
     if (!hash_ctx || !data || !size)
         return;
@@ -364,10 +362,10 @@ static void xar_hash_update(EVP_MD_CTX * hash_ctx, const void * data, unsigned l
         return;
     }
 
-    EVP_DigestUpdate(hash_ctx, data, size);
+    cl_update_hash(hash_ctx, data, size);
 }
 
-static void xar_hash_final(EVP_MD_CTX * hash_ctx, void * result, int hash)
+static void xar_hash_final(void * hash_ctx, void * result, int hash)
 {
     if (!hash_ctx || !result)
         return;
@@ -378,8 +376,7 @@ static void xar_hash_final(EVP_MD_CTX * hash_ctx, void * result, int hash)
         return;
     }
 
-    EVP_DigestFinal_ex(hash_ctx, result, NULL);
-    EVP_MD_CTX_destroy(hash_ctx);
+    cl_finish_hash(hash_ctx, result);
 }
 
 static int xar_hash_check(int hash, const void * result, const void * expected)
@@ -539,9 +536,9 @@ int cli_scanxar(cli_ctx *ctx)
                                                        &a_cksum, &a_hash, &e_cksum, &e_hash))) {
         int do_extract_cksum = 1;
         unsigned char * blockp;
-        EVP_MD_CTX *a_sc, *e_sc;
-        EVP_MD_CTX *a_mc, *e_mc;
-        EVP_MD_CTX *a_hash_ctx, *e_hash_ctx;
+        void *a_sc, *e_sc;
+        void *a_mc, *e_mc;
+        void *a_hash_ctx, *e_hash_ctx;
         char result[SHA1_HASH_SIZE];
         char * expected;
 

sigtool/sigtool.c

@@ -401,27 +401,25 @@ static char *sha256file(const char *file, unsigned int *size)
 	unsigned int i, bytes;
 	unsigned char digest[32], buffer[FILEBUFF];
 	char *sha;
-	EVP_MD_CTX *ctx;
+	void *ctx;
 
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init("sha256");
     if (!(ctx))
         return NULL;
 
-    EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
     if(!(fh = fopen(file, "rb"))) {
 	mprintf("!sha256file: Can't open file %s\n", file);
-    EVP_MD_CTX_destroy(ctx);
+    cl_hash_destroy(ctx);
 	return NULL;
     }
     if(size)
 	*size = 0;
     while((bytes = fread(buffer, 1, sizeof(buffer), fh))) {
-	EVP_DigestUpdate(ctx, buffer, bytes);
+	cl_update_hash(ctx, buffer, bytes);
 	if(size)
 	    *size += bytes;
     }
-    EVP_DigestFinal_ex(ctx, digest, NULL);
-    EVP_MD_CTX_destroy(ctx);
+    cl_finish_hash(ctx, digest);
     sha = (char *) malloc(65);
     if(!sha)
     {
@@ -441,7 +439,7 @@ static int writeinfo(const char *dbname, const char *builder, const char *header
 	unsigned int i, bytes;
 	char file[32], *pt, dbfile[32];
 	unsigned char digest[32], buffer[FILEBUFF];
-	EVP_MD_CTX *ctx;
+	void *ctx;
 
     snprintf(file, sizeof(file), "%s.info", dbname);
     if(!access(file, R_OK)) {
@@ -498,17 +496,15 @@ static int writeinfo(const char *dbname, const char *builder, const char *header
     }
     if(!optget(opts, "unsigned")->enabled) {
 	rewind(fh);
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init("sha256");
     if (!(ctx)) {
         fclose(fh);
         return -1;
     }
 
-	EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
 	while((bytes = fread(buffer, 1, sizeof(buffer), fh)))
-	    EVP_DigestUpdate(ctx, buffer, bytes);
-	EVP_DigestFinal_ex(ctx, digest, NULL);
-    EVP_MD_CTX_destroy(ctx);
+	    cl_update_hash(ctx, buffer, bytes);
+	cl_finish_hash(ctx, digest);
 	if(!(pt = getdsig(optget(opts, "server")->strarg, builder, digest, 32, 3))) {
 	    mprintf("!writeinfo: Can't get digital signature from remote server\n");
 	    fclose(fh);
@@ -528,7 +524,7 @@ static int script2cdiff(const char *script, const char *builder, const struct op
 {
 	char *cdiff, *pt, buffer[FILEBUFF];
 	unsigned char digest[32];
-	EVP_MD_CTX *ctx;
+	void *ctx;
 	STATBUF sb;
 	FILE *scripth, *cdiffh;
 	gzFile gzh;
@@ -612,21 +608,19 @@ static int script2cdiff(const char *script, const char *builder, const struct op
 	return -1;
     }
 
-    ctx = EVP_MD_CTX_create();
+    ctx = cl_hash_init("sha256");
     if (!(ctx)) {
         unlink(cdiff);
         free(cdiff);
         fclose(cdiffh);
         return -1;
     }
-    EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
 
     while((bytes = fread(buffer, 1, sizeof(buffer), cdiffh)))
-	EVP_DigestUpdate(ctx, (unsigned char *) buffer, bytes);
+	cl_update_hash(ctx, (unsigned char *) buffer, bytes);
 
     fclose(cdiffh);
-    EVP_DigestFinal_ex(ctx, digest, NULL);
-    EVP_MD_CTX_destroy(ctx);
+    cl_finish_hash(ctx, digest);
 
     if(!(pt = getdsig(optget(opts, "server")->strarg, builder, digest, 32, 2))) {
 	mprintf("!script2cdiff: Can't get digital signature from remote server\n");

unit_tests/check_clamav.c

@@ -794,7 +794,7 @@ static uint8_t res256[3][SHA256_HASH_SIZE] = {
 
 START_TEST (test_sha256)
 {
-    EVP_MD_CTX *sha256;
+    void *sha256;
     uint8_t hsha256[SHA256_HASH_SIZE];
     uint8_t buf[1000];
     int i;
@@ -807,14 +807,12 @@ START_TEST (test_sha256)
     cl_sha256(tv2, sizeof(tv2), hsha256, NULL);
     fail_unless(!memcmp (hsha256, res256[1], sizeof (hsha256)), "sha256 test vector #2 failed");
 
-    sha256 = EVP_MD_CTX_create();
+    sha256 = cl_hash_init("sha256");
     fail_unless(sha256 != NULL, "Could not create EVP_MD_CTX for sha256");
 
-    EVP_DigestInit_ex(sha256, EVP_sha256(), NULL);
     for (i = 0; i < 1000; i++)
-        EVP_DigestUpdate (sha256, buf, sizeof (buf));
-    EVP_DigestFinal_ex(sha256, hsha256, NULL);
-    EVP_MD_CTX_destroy(sha256);
+        cl_update_hash (sha256, buf, sizeof (buf));
+    cl_finish_hash(sha256, hsha256);
     fail_unless(!memcmp (hsha256, res256[2], sizeof (hsha256)), "sha256 test vector #3 failed");
 }
 END_TEST