Support all available hash functions to compute message digests

Author: Vitaly Isaev

.gitignore

@@ -1 +1,2 @@
 openssl.test
+.idea

cert.go

@@ -26,24 +26,6 @@ import (
 	"unsafe"
 )
 
-type EVP_MD int
-
-const (
-	EVP_NULL      EVP_MD = iota
-	EVP_MD5       EVP_MD = iota
-	EVP_MD4       EVP_MD = iota
-	EVP_SHA       EVP_MD = iota
-	EVP_SHA1      EVP_MD = iota
-	EVP_DSS       EVP_MD = iota
-	EVP_DSS1      EVP_MD = iota
-	EVP_MDC2      EVP_MD = iota
-	EVP_RIPEMD160 EVP_MD = iota
-	EVP_SHA224    EVP_MD = iota
-	EVP_SHA256    EVP_MD = iota
-	EVP_SHA384    EVP_MD = iota
-	EVP_SHA512    EVP_MD = iota
-)
-
 // X509_Version represents a version on an x509 certificate.
 type X509_Version int
 

ctx.go

@@ -298,8 +298,7 @@ func (s *CertificateStore) AddCertificate(cert *Certificate) error {
 }
 
 type CertificateStoreCtx struct {
-	ctx     *C.X509_STORE_CTX
-	ssl_ctx *Ctx
+	ctx *C.X509_STORE_CTX
 }
 
 func (self *CertificateStoreCtx) VerifyResult() VerifyResult {

digest_computer.go

@@ -0,0 +1,68 @@
+package openssl
+
+// #include "shim.h"
+import "C"
+import (
+	"fmt"
+	"runtime"
+	"unsafe"
+)
+
+// DigestComputer is a generic structure to compute message digest
+// with any hash function supported by OpenSSL
+type DigestComputer struct {
+	ctx    *C.EVP_MD_CTX
+	engine *Engine
+	evpMD  EVP_MD
+}
+
+func NewDigestComputer(digestType EVP_MD) (*DigestComputer, error) {
+	return NewDigestComputerWithEngine(nil, digestType)
+}
+
+func NewDigestComputerWithEngine(e *Engine, digestType EVP_MD) (*DigestComputer, error) {
+	hash := &DigestComputer{engine: e, evpMD: digestType}
+	hash.ctx = C.X_EVP_MD_CTX_new()
+	if hash.ctx == nil {
+		return nil, fmt.Errorf("openssl: %s: unable to allocate ctx", digestType.String())
+	}
+	runtime.SetFinalizer(hash, func(hash *DigestComputer) { hash.Close() })
+	if err := hash.Reset(); err != nil {
+		return nil, err
+	}
+	return hash, nil
+}
+
+func (s *DigestComputer) Close() {
+	if s.ctx != nil {
+		C.X_EVP_MD_CTX_free(s.ctx)
+		s.ctx = nil
+	}
+}
+
+func (s *DigestComputer) Reset() error {
+	if 1 != C.X_EVP_DigestInit_ex(s.ctx, s.evpMD.c(), engineRef(s.engine)) {
+		return fmt.Errorf("openssl: %v: cannot init evpMD ctx", s.evpMD.String())
+	}
+	return nil
+}
+
+func (s *DigestComputer) Write(p []byte) (n int, err error) {
+	if len(p) == 0 {
+		return 0, nil
+	}
+	if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]),
+		C.size_t(len(p))) {
+		return 0, fmt.Errorf("openssl: %v: cannot update evpMD", s.evpMD.String())
+	}
+	return len(p), nil
+}
+
+func (s *DigestComputer) Sum() ([]byte, error) {
+	result := make([]byte, s.evpMD.Size())
+	if 1 != C.X_EVP_DigestFinal_ex(s.ctx,
+		(*C.uchar)(unsafe.Pointer(&result[0])), nil) {
+		return result, fmt.Errorf("openssl: %v: cannot finalize ctx", s.evpMD.String())
+	}
+	return result, s.Reset()
+}

engine.go

@@ -48,3 +48,10 @@ func EngineById(name string) (*Engine, error) {
 	})
 	return e, nil
 }
+
+func engineRef(e *Engine) *C.ENGINE {
+	if e == nil {
+		return nil
+	}
+	return e.e
+}

evp_md.go

@@ -0,0 +1,356 @@
+package openssl
+
+// #include "openssl/opensslv.h"
+// #include "shim.h"
+import "C"
+
+// EVP_MD represents hash function implemented by OpenSSL
+type EVP_MD int
+
+const (
+	EVP_NULL      EVP_MD = iota
+	EVP_MD5
+	EVP_MD4
+	EVP_SHA
+	EVP_SHA1
+	EVP_DSS
+	EVP_DSS1
+	EVP_MDC2
+	EVP_RIPEMD160
+	EVP_SHA224
+	EVP_SHA256
+	EVP_SHA384
+	EVP_SHA512
+	EVP_SHA512_224
+	EVP_SHA512_256
+	EVP_BLAKE2B_512
+	EVP_BLAKE2S_256
+	EVP_GOST
+	EVP_MD2
+	EVP_SHA3_224
+	EVP_SHA3_256
+	EVP_SHA3_384
+	EVP_SHA3_512
+	EVP_SHAKE128
+	EVP_SHAKE256
+	EVP_SM3
+	EVP_WHIRLPOOL
+)
+
+// Size returns the size of the digest
+func (evp EVP_MD) Size() int {
+	var bits int
+	switch evp {
+	case EVP_BLAKE2B_512:
+		bits = 512
+	case EVP_BLAKE2S_256:
+		bits = 256
+	case EVP_GOST:
+		bits = 256
+	case EVP_MD2:
+		bits = 128
+	case EVP_MD4:
+		bits = 128
+	case EVP_MD5:
+		bits = 128
+	case EVP_RIPEMD160:
+		bits = 160
+	case EVP_SHA1:
+		bits = 160
+	case EVP_SHA224:
+		bits = 224
+	case EVP_SHA256:
+		bits = 256
+	case EVP_SHA384:
+		bits = 384
+	case EVP_SHA512:
+		bits = 512
+	case EVP_SHA512_224:
+		bits = 224
+	case EVP_SHA512_256:
+		bits = 256
+	case EVP_SHA3_224:
+		bits = 224
+	case EVP_SHA3_256:
+		bits = 256
+	case EVP_SHA3_384:
+		bits = 384
+	case EVP_SHA3_512:
+		bits = 512
+	case EVP_SHAKE128:
+		bits = 128
+	case EVP_SHAKE256:
+		bits = 256
+	case EVP_SM3:
+		bits = 256
+	}
+	return bits / 8
+}
+
+// Size returns hash function block size in bytes
+func (evp EVP_MD) BlockSize() int {
+	var bits int
+	switch evp {
+	case EVP_BLAKE2B_512:
+		bits = 1024
+	case EVP_BLAKE2S_256:
+		bits = 512
+	case EVP_GOST:
+		bits = 256
+	case EVP_MD2:
+		bits = 128
+	case EVP_MD4:
+		bits = 512
+	case EVP_MD5:
+		bits = 512
+	case EVP_RIPEMD160:
+		bits = 512
+	case EVP_SHA1:
+		bits = 512
+	case EVP_SHA224:
+		bits = 512
+	case EVP_SHA256:
+		bits = 512
+	case EVP_SHA384:
+		bits = 1024
+	case EVP_SHA512:
+		bits = 1024
+	case EVP_SHA512_224:
+		bits = 1024
+	case EVP_SHA512_256:
+		bits = 1024
+	case EVP_SHA3_224:
+		bits = 1124
+	case EVP_SHA3_256:
+		bits = 1088
+	case EVP_SHA3_384:
+		bits = 832
+	case EVP_SHA3_512:
+		bits = 576
+	case EVP_SHAKE128:
+		bits = 1344
+	case EVP_SHAKE256:
+		bits = 1088
+	case EVP_SM3:
+		bits = 512
+	}
+	return bits / 8
+}
+
+func (evp EVP_MD) String() string {
+	switch evp {
+	case EVP_BLAKE2B_512:
+		return "BLAKE2B_512"
+	case EVP_BLAKE2S_256:
+		return "BLAKE2S_256"
+	case EVP_GOST:
+		return "GOST"
+	case EVP_MD2:
+		return "MD2"
+	case EVP_MD4:
+		return "MD4"
+	case EVP_MD5:
+		return "MD5"
+	case EVP_RIPEMD160:
+		return "RMD160"
+	case EVP_SHA1:
+		return "SHA1"
+	case EVP_SHA224:
+		return "SHA224"
+	case EVP_SHA256:
+		return "SHA256"
+	case EVP_SHA384:
+		return "SHA384"
+	case EVP_SHA512:
+		return "SHA512"
+	case EVP_SHA512_224:
+		return "SHA512_224"
+	case EVP_SHA512_256:
+		return "SHA512_256"
+	case EVP_SHA3_224:
+		return "SHA3_224"
+	case EVP_SHA3_256:
+		return "SHA3_256"
+	case EVP_SHA3_384:
+		return "SHA3_384"
+	case EVP_SHA3_512:
+		return "SHA3_512"
+	case EVP_SHAKE128:
+		return "SHAKE128"
+	case EVP_SHAKE256:
+		return "SHAKE256"
+	case EVP_SM3:
+		return "SM3"
+	default:
+		return "UNKNOWN"
+	}
+}
+
+
+/*
+OpenSSL compatibility table:
+
+1.1.1 -> 0x1010100fL
+1.1.0 -> 0x1010000fL
+
+Digest	    1.0.2	1.1.0	1.1.1
+BLAKE2B512	-	    +	    +
+BLAKE2S256	-	    +	    +
+GOST	    -	    +	    +
+MD2	        -	    +	    +
+MD4	        +	    +	    +
+MD5	        +	    +	    +
+RIPEMD160	+	    +	    +
+SHA1	    +	    +	    +
+SHA224	    +	    +	    +
+SHA256	    +	    +	    +
+SHA384	    +	    +	    +
+SHA512	    +	    +	    +
+SHA512-224	-	    -	    +
+SHA512-256	-	    -	    +
+SHA3-224	-	    -	    +
+SHA3-256	-	    -	    +
+SHA3-384	-	    -	    +
+SHA3-512	-	    -	    +
+SHAKE128	-	    -	    +
+SHAKE256	-	    -	    +
+SM3	        -	    -	    +
+WHIRLPOOL	+	    +	    +
+*/
+
+var hashFunctionsOpenSSLv111 = map[EVP_MD]bool{
+	EVP_BLAKE2B_512: true,
+	EVP_BLAKE2S_256: true,
+	EVP_GOST: true,
+	EVP_MD2: true,
+	EVP_MD4: true,
+	EVP_MD5: true,
+	EVP_RIPEMD160: true,
+	EVP_SHA1: true,
+	EVP_SHA224: true,
+	EVP_SHA256: true,
+	EVP_SHA384: true,
+	EVP_SHA512: true,
+	EVP_SHA512_224: true,
+	EVP_SHA512_256: true,
+	EVP_SHA3_224: true,
+	EVP_SHA3_256: true,
+	EVP_SHA3_384: true,
+	EVP_SHA3_512: true,
+	EVP_SHAKE128: true,
+	EVP_SHAKE256: true,
+	EVP_SM3: true,
+	EVP_WHIRLPOOL: true,
+}
+
+var hashFunctionsOpenSSLv110 = map[EVP_MD]bool{
+	EVP_BLAKE2B_512: true,
+	EVP_BLAKE2S_256: true,
+	EVP_GOST: true,
+	EVP_MD2: true,
+	EVP_MD4: true,
+	EVP_MD5: true,
+	EVP_RIPEMD160: true,
+	EVP_SHA1: true,
+	EVP_SHA224: true,
+	EVP_SHA256: true,
+	EVP_SHA384: true,
+	EVP_SHA512: true,
+	EVP_SHA512_224: false,
+	EVP_SHA512_256: false,
+	EVP_SHA3_224: false,
+	EVP_SHA3_256: false,
+	EVP_SHA3_384: false,
+	EVP_SHA3_512: false,
+	EVP_SHAKE128: false,
+	EVP_SHAKE256: false,
+	EVP_SM3: false,
+	EVP_WHIRLPOOL: true,
+}
+
+var hashFunctionsOpenSSLv102 = map[EVP_MD]bool{
+	EVP_BLAKE2B_512: false,
+	EVP_BLAKE2S_256: false,
+	EVP_GOST: false,
+	EVP_MD2: false,
+	EVP_MD4: true,
+	EVP_MD5: true,
+	EVP_RIPEMD160: true,
+	EVP_SHA1: true,
+	EVP_SHA224: true,
+	EVP_SHA256: true,
+	EVP_SHA384: true,
+	EVP_SHA512: true,
+	EVP_SHA512_224: false,
+	EVP_SHA512_256: false,
+	EVP_SHA3_224: false,
+	EVP_SHA3_256: false,
+	EVP_SHA3_384: false,
+	EVP_SHA3_512: false,
+	EVP_SHAKE128: false,
+	EVP_SHAKE256: false,
+	EVP_SM3: false,
+	EVP_WHIRLPOOL: true,
+}
+
+// Supported checks if this hash function is supported by the installed version of OpenSSL
+func (evp EVP_MD) Supported() bool {
+	if C.OPENSSL_VERSION_NUMBER >= 0x1010100f {
+		return hashFunctionsOpenSSLv111[evp]
+	} else if C.OPENSSL_VERSION_NUMBER >= 0x1010000f {
+		return hashFunctionsOpenSSLv110[evp]
+	}
+	return hashFunctionsOpenSSLv102[evp]
+}
+
+// c returns pointer to the struct that is used during digest initialization
+func (evp EVP_MD) c() (evpMD *C.EVP_MD) {
+	switch evp {
+	case EVP_BLAKE2B_512:
+		evpMD = C.X_EVP_blake2b512()
+	case EVP_BLAKE2S_256:
+		evpMD = C.X_EVP_blake2s256()
+	case EVP_GOST:
+		panic("Not implemented yet")
+	case EVP_MD2:
+		evpMD = C.X_EVP_md2()
+	case EVP_MD4:
+		evpMD = C.X_EVP_md4()
+	case EVP_MD5:
+		evpMD = C.X_EVP_md5()
+	case EVP_RIPEMD160:
+		evpMD = C.X_EVP_ripemd160()
+	case EVP_SHA1:
+		evpMD = C.X_EVP_sha1()
+	case EVP_SHA224:
+		evpMD = C.X_EVP_sha224()
+	case EVP_SHA256:
+		evpMD = C.X_EVP_sha256()
+	case EVP_SHA384:
+		evpMD = C.X_EVP_sha384()
+	case EVP_SHA512:
+		evpMD = C.X_EVP_sha512()
+	case EVP_SHA512_224:
+		evpMD = C.X_EVP_sha512_224()
+	case EVP_SHA512_256:
+		evpMD = C.X_EVP_sha512_256()
+	case EVP_SHA3_224:
+		evpMD = C.X_EVP_sha3_224()
+	case EVP_SHA3_256:
+		evpMD = C.X_EVP_sha3_256()
+	case EVP_SHA3_384:
+		evpMD = C.X_EVP_sha3_384()
+	case EVP_SHA3_512:
+		evpMD = C.X_EVP_sha3_512()
+	case EVP_SHAKE128:
+		evpMD = C.X_EVP_shake128()
+	case EVP_SHAKE256:
+		evpMD = C.X_EVP_shake256()
+	case EVP_SM3:
+		panic("Not implemented yet")
+	default:
+		panic("Not implemented yet")
+	}
+	return
+}
+

md4.go

@@ -17,63 +17,27 @@ package openssl
 // #include "shim.h"
 import "C"
 
-import (
-	"errors"
-	"runtime"
-	"unsafe"
-)
-
 type MD4Hash struct {
-	ctx    *C.EVP_MD_CTX
-	engine *Engine
+	*DigestComputer
 }
 
 func NewMD4Hash() (*MD4Hash, error) { return NewMD4HashWithEngine(nil) }
 
 func NewMD4HashWithEngine(e *Engine) (*MD4Hash, error) {
-	hash := &MD4Hash{engine: e}
-	hash.ctx = C.X_EVP_MD_CTX_new()
-	if hash.ctx == nil {
-		return nil, errors.New("openssl: md4: unable to allocate ctx")
-	}
-	runtime.SetFinalizer(hash, func(hash *MD4Hash) { hash.Close() })
-	if err := hash.Reset(); err != nil {
+	dc, err := NewDigestComputerWithEngine(e, EVP_MD4)
+	if err != nil {
 		return nil, err
 	}
-	return hash, nil
-}
-
-func (s *MD4Hash) Close() {
-	if s.ctx != nil {
-		C.X_EVP_MD_CTX_free(s.ctx)
-		s.ctx = nil
-	}
-}
-
-func (s *MD4Hash) Reset() error {
-	if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md4(), engineRef(s.engine)) {
-		return errors.New("openssl: md4: cannot init digest ctx")
-	}
-	return nil
-}
-
-func (s *MD4Hash) Write(p []byte) (n int, err error) {
-	if len(p) == 0 {
-		return 0, nil
-	}
-	if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]),
-		C.size_t(len(p))) {
-		return 0, errors.New("openssl: md4: cannot update digest")
-	}
-	return len(p), nil
+	return &MD4Hash{DigestComputer: dc}, nil
 }
 
 func (s *MD4Hash) Sum() (result [16]byte, err error) {
-	if 1 != C.X_EVP_DigestFinal_ex(s.ctx,
-		(*C.uchar)(unsafe.Pointer(&result[0])), nil) {
-		return result, errors.New("openssl: md4: cannot finalize ctx")
+	sum, err := s.DigestComputer.Sum()
+	if err != nil {
+		return
 	}
-	return result, s.Reset()
+	copy(result[:], sum)
+	return
 }
 
 func MD4(data []byte) (result [16]byte, err error) {

md4_test.go

@@ -120,9 +120,17 @@ func benchmarkMD4(b *testing.B, length int64, fn md4func) {
 }
 
 func BenchmarkMD4Large_openssl(b *testing.B) {
-	benchmarkMD4(b, 1024*1024, func(buf []byte) { MD4(buf) })
+	benchmarkMD4(b, 1024*1024, func(buf []byte) {
+		if _, err := MD4(buf); err != nil {
+			b.Fatal(err)
+		}
+	})
 }
 
 func BenchmarkMD4Small_openssl(b *testing.B) {
-	benchmarkMD4(b, 1, func(buf []byte) { MD4(buf) })
+	benchmarkMD4(b, 1, func(buf []byte) {
+		if _, err := MD4(buf); err != nil {
+			b.Fatal(err)
+		}
+	})
 }

md5.go

@@ -17,63 +17,27 @@ package openssl
 // #include "shim.h"
 import "C"
 
-import (
-	"errors"
-	"runtime"
-	"unsafe"
-)
-
 type MD5Hash struct {
-	ctx    *C.EVP_MD_CTX
-	engine *Engine
+	*DigestComputer
 }
 
 func NewMD5Hash() (*MD5Hash, error) { return NewMD5HashWithEngine(nil) }
 
 func NewMD5HashWithEngine(e *Engine) (*MD5Hash, error) {
-	hash := &MD5Hash{engine: e}
-	hash.ctx = C.X_EVP_MD_CTX_new()
-	if hash.ctx == nil {
-		return nil, errors.New("openssl: md5: unable to allocate ctx")
-	}
-	runtime.SetFinalizer(hash, func(hash *MD5Hash) { hash.Close() })
-	if err := hash.Reset(); err != nil {
+	dc, err := NewDigestComputerWithEngine(e, EVP_MD5)
+	if err != nil {
 		return nil, err
 	}
-	return hash, nil
-}
-
-func (s *MD5Hash) Close() {
-	if s.ctx != nil {
-		C.X_EVP_MD_CTX_free(s.ctx)
-		s.ctx = nil
-	}
-}
-
-func (s *MD5Hash) Reset() error {
-	if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md5(), engineRef(s.engine)) {
-		return errors.New("openssl: md5: cannot init digest ctx")
-	}
-	return nil
-}
-
-func (s *MD5Hash) Write(p []byte) (n int, err error) {
-	if len(p) == 0 {
-		return 0, nil
-	}
-	if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]),
-		C.size_t(len(p))) {
-		return 0, errors.New("openssl: md5: cannot update digest")
-	}
-	return len(p), nil
+	return &MD5Hash{DigestComputer: dc}, nil
 }
 
 func (s *MD5Hash) Sum() (result [16]byte, err error) {
-	if 1 != C.X_EVP_DigestFinal_ex(s.ctx,
-		(*C.uchar)(unsafe.Pointer(&result[0])), nil) {
-		return result, errors.New("openssl: md5: cannot finalize ctx")
+	sum, err := s.DigestComputer.Sum()
+	if err != nil {
+		return
 	}
-	return result, s.Reset()
+	copy(result[:], sum)
+	return
 }
 
 func MD5(data []byte) (result [16]byte, err error) {

sha1.go

@@ -17,70 +17,27 @@ package openssl
 // #include "shim.h"
 import "C"
 
-import (
-	"errors"
-	"runtime"
-	"unsafe"
-)
-
 type SHA1Hash struct {
-	ctx    *C.EVP_MD_CTX
-	engine *Engine
+	*DigestComputer
 }
 
 func NewSHA1Hash() (*SHA1Hash, error) { return NewSHA1HashWithEngine(nil) }
 
 func NewSHA1HashWithEngine(e *Engine) (*SHA1Hash, error) {
-	hash := &SHA1Hash{engine: e}
-	hash.ctx = C.X_EVP_MD_CTX_new()
-	if hash.ctx == nil {
-		return nil, errors.New("openssl: sha1: unable to allocate ctx")
-	}
-	runtime.SetFinalizer(hash, func(hash *SHA1Hash) { hash.Close() })
-	if err := hash.Reset(); err != nil {
+	dc, err := NewDigestComputerWithEngine(e, EVP_SHA1)
+	if err != nil {
 		return nil, err
 	}
-	return hash, nil
-}
-
-func (s *SHA1Hash) Close() {
-	if s.ctx != nil {
-		C.X_EVP_MD_CTX_free(s.ctx)
-		s.ctx = nil
-	}
-}
-
-func engineRef(e *Engine) *C.ENGINE {
-	if e == nil {
-		return nil
-	}
-	return e.e
-}
-
-func (s *SHA1Hash) Reset() error {
-	if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha1(), engineRef(s.engine)) {
-		return errors.New("openssl: sha1: cannot init digest ctx")
-	}
-	return nil
-}
-
-func (s *SHA1Hash) Write(p []byte) (n int, err error) {
-	if len(p) == 0 {
-		return 0, nil
-	}
-	if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]),
-		C.size_t(len(p))) {
-		return 0, errors.New("openssl: sha1: cannot update digest")
-	}
-	return len(p), nil
+	return &SHA1Hash{DigestComputer: dc}, nil
 }
 
 func (s *SHA1Hash) Sum() (result [20]byte, err error) {
-	if 1 != C.X_EVP_DigestFinal_ex(s.ctx,
-		(*C.uchar)(unsafe.Pointer(&result[0])), nil) {
-		return result, errors.New("openssl: sha1: cannot finalize ctx")
+	sum, err := s.DigestComputer.Sum()
+	if err != nil {
+		return
 	}
-	return result, s.Reset()
+	copy(result[:], sum)
+	return
 }
 
 func SHA1(data []byte) (result [20]byte, err error) {

sha256.go

@@ -17,63 +17,27 @@ package openssl
 // #include "shim.h"
 import "C"
 
-import (
-	"errors"
-	"runtime"
-	"unsafe"
-)
-
 type SHA256Hash struct {
-	ctx    *C.EVP_MD_CTX
-	engine *Engine
+	*DigestComputer
 }
 
 func NewSHA256Hash() (*SHA256Hash, error) { return NewSHA256HashWithEngine(nil) }
 
 func NewSHA256HashWithEngine(e *Engine) (*SHA256Hash, error) {
-	hash := &SHA256Hash{engine: e}
-	hash.ctx = C.X_EVP_MD_CTX_new()
-	if hash.ctx == nil {
-		return nil, errors.New("openssl: sha256: unable to allocate ctx")
-	}
-	runtime.SetFinalizer(hash, func(hash *SHA256Hash) { hash.Close() })
-	if err := hash.Reset(); err != nil {
+	dc, err := NewDigestComputerWithEngine(e, EVP_SHA256)
+	if err != nil {
 		return nil, err
 	}
-	return hash, nil
-}
-
-func (s *SHA256Hash) Close() {
-	if s.ctx != nil {
-		C.X_EVP_MD_CTX_free(s.ctx)
-		s.ctx = nil
-	}
-}
-
-func (s *SHA256Hash) Reset() error {
-	if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha256(), engineRef(s.engine)) {
-		return errors.New("openssl: sha256: cannot init digest ctx")
-	}
-	return nil
-}
-
-func (s *SHA256Hash) Write(p []byte) (n int, err error) {
-	if len(p) == 0 {
-		return 0, nil
-	}
-	if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]),
-		C.size_t(len(p))) {
-		return 0, errors.New("openssl: sha256: cannot update digest")
-	}
-	return len(p), nil
+	return &SHA256Hash{DigestComputer: dc}, nil
 }
 
 func (s *SHA256Hash) Sum() (result [32]byte, err error) {
-	if 1 != C.X_EVP_DigestFinal_ex(s.ctx,
-		(*C.uchar)(unsafe.Pointer(&result[0])), nil) {
-		return result, errors.New("openssl: sha256: cannot finalize ctx")
+	sum, err := s.DigestComputer.Sum()
+	if err != nil {
+		return
 	}
-	return result, s.Reset()
+	copy(result[:], sum)
+	return
 }
 
 func SHA256(data []byte) (result [32]byte, err error) {

shim.c

@@ -598,26 +598,50 @@ const EVP_MD *X_EVP_md_null() {
 	return EVP_md_null();
 }
 
-const EVP_MD *X_EVP_md5() {
-	return EVP_md5();
+const EVP_MD *X_EVP_blake2b512() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+	return EVP_blake2b512();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_blake2s256() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+	return EVP_blake2s256();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_md2() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+	return EVP_md2();
+#else
+	return NULL;
+#endif
 }
 
 const EVP_MD *X_EVP_md4() {
 	return EVP_md4();
 }
 
-const EVP_MD *X_EVP_ripemd160() {
-	return EVP_ripemd160();
+const EVP_MD *X_EVP_md5() {
+	return EVP_md5();
 }
 
-const EVP_MD *X_EVP_sha224() {
-	return EVP_sha224();
+const EVP_MD *X_EVP_ripemd160() {
+	return EVP_ripemd160();
 }
 
 const EVP_MD *X_EVP_sha1() {
 	return EVP_sha1();
 }
 
+const EVP_MD *X_EVP_sha224() {
+	return EVP_sha224();
+}
+
 const EVP_MD *X_EVP_sha256() {
 	return EVP_sha256();
 }
@@ -630,6 +654,74 @@ const EVP_MD *X_EVP_sha512() {
 	return EVP_sha512();
 }
 
+const EVP_MD *X_EVP_sha512_224() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	return EVP_sha512_224();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_sha512_256() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	return EVP_sha512_256();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_sha3_224() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	return EVP_sha3_224();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_sha3_256() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	return EVP_sha3_256();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_sha3_384() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	return EVP_sha3_384();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_sha3_512() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	return EVP_sha3_512();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_shake128() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	return EVP_shake128();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_shake256() {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	return EVP_shake256();
+#else
+	return NULL;
+#endif
+}
+
+const EVP_MD *X_EVP_whirlpool() {
+	return EVP_whirlpool();
+}
+
 int X_EVP_MD_size(const EVP_MD *md) {
 	return EVP_MD_size(md);
 }

shim.h

@@ -108,8 +108,9 @@ extern const EVP_MD *X_EVP_get_digestbyname(const char *name);
 extern EVP_MD_CTX *X_EVP_MD_CTX_new();
 extern void X_EVP_MD_CTX_free(EVP_MD_CTX *ctx);
 extern const EVP_MD *X_EVP_md_null();
-extern const EVP_MD *X_EVP_md5();
+extern const EVP_MD *X_EVP_md2();
 extern const EVP_MD *X_EVP_md4();
+extern const EVP_MD *X_EVP_md5();
 extern const EVP_MD *X_EVP_sha();
 extern const EVP_MD *X_EVP_sha1();
 extern const EVP_MD *X_EVP_dss();
@@ -119,6 +120,16 @@ extern const EVP_MD *X_EVP_sha224();
 extern const EVP_MD *X_EVP_sha256();
 extern const EVP_MD *X_EVP_sha384();
 extern const EVP_MD *X_EVP_sha512();
+extern const EVP_MD *X_EVP_sha512_224();
+extern const EVP_MD *X_EVP_sha512_256();
+extern const EVP_MD *X_EVP_sha3_224();
+extern const EVP_MD *X_EVP_sha3_256();
+extern const EVP_MD *X_EVP_sha3_384();
+extern const EVP_MD *X_EVP_sha3_512();
+extern const EVP_MD *X_EVP_blake2b512();
+extern const EVP_MD *X_EVP_blake2s256();
+extern const EVP_MD *X_EVP_shake128();
+extern const EVP_MD *X_EVP_shake256();
 extern int X_EVP_MD_size(const EVP_MD *md);
 extern int X_EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 extern int X_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);