Merge remote-tracking branch 'origin/topic/jsiwek/digests'

* origin/topic/jsiwek/digests: Add SHA1 and SHA256 hashing BIFs. (addresses #542) Closes #542.
2025-10-02 14:48:21 +00:00 · 2012-05-04 21:04:34 -07:00 · 2012-05-04 21:04:34 -07:00 · ed9801db98
commit ed9801db98
parent 87ac88cfd2 79afc834ce
21 changed files with 485 additions and 532 deletions
--- a/23
+++ b/23
@ -1,4 +1,27 @@
 2.0-323 | 2012-05-04 21:04:34 -0700
  * Add SHA1 and SHA256 hashing BIFs. Addresses #542.
  * Refactor all internal MD5 stuff to use OpenSSL's. (Jon Siwek)
  * Changes to open-file caching limits and uncached file unserialization. (Jon Siwek)
    - Unserializing files that were previously kicked out of the open-file
      cache would cause them to be fopen'd with the original access
      permissions which is usually 'w' and causes truncation.  They
      are now opened in 'a' mode.  (addresses #780)
    - Add 'max_files_in_cache' script option to manually set the maximum
      amount of opened files to keep cached.  Mainly this just helped
      to create a simple test case for the above change.
    - Remove unused NO_HAVE_SETRLIMIT preprocessor switch.
    - On systems that don't enforce a limit on number of files opened for
      the process, raise default max size of open-file cache from
      32 to 512.
 2.0-319 | 2012-05-03 13:24:44 -0700
  * SSL bugfixes and cleanup. (Seth Hall)
--- a/2
+++ b/2
@ -1 +1 @@
-2.0-319
+2.0-323
--- a/src/Anon.cc
+++ b/src/Anon.cc
@ -5,7 +5,6 @@
 #include "util.h"
 #include "net_util.h"
 #include "md5.h"
 #include "Anon.h"
 #include "Val.h"
 #include "NetVar.h"
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -247,7 +247,6 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
                   WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
 )
 set(dns_SRCS nb_dns.c)
 set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS
                            -fno-strict-aliasing)
@ -403,7 +402,6 @@ set(bro_SRCS
    bsd-getopt-long.c
    bro_inet_ntop.c
    cq.c
    md5.c
    patricia.c
    setsignal.c
    PacketDumper.cc
@ -421,8 +419,8 @@ set(bro_SRCS
    logging/writers/Ascii.cc
    logging/writers/None.cc
-    ${dns_SRCS}
+    nb_dns.c
-    ${openssl_SRCS}
+    digest.h
 )
 collect_headers(bro_HEADERS ${bro_SRCS})
--- a/src/DFA.cc
+++ b/src/DFA.cc
@ -2,9 +2,10 @@
 #include "config.h"
 #include <openssl/md5.h>
 #include "EquivClass.h"
 #include "DFA.h"
 #include "md5.h"
 int dfa_state_cache_size = 10000;
@ -312,8 +313,8 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas,
 	{
 	// We assume that state ID's don't exceed 10 digits, plus
 	// we allow one more character for the delimiter.
-	md5_byte_t id_tag[nfas.length() * 11 + 1];
+	u_char id_tag[nfas.length() * 11 + 1];
-	md5_byte_t* p = id_tag;
+	u_char* p = id_tag;
 	for ( int i = 0; i < nfas.length(); ++i )
 		{
@ -335,12 +336,8 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas,
 	// We use the short MD5 instead of the full string for the
 	// HashKey because the data is copied into the key.
-	md5_state_t state;
+	u_char digest[16];
-	md5_byte_t digest[16];
+	MD5(id_tag, p - id_tag, digest);
 	md5_init(&state);
 	md5_append(&state, id_tag, p - id_tag);
 	md5_finish(&state, digest);
 	*hash = new HashKey(&digest, sizeof(digest));
 	CacheEntry* e = states.Lookup(*hash);
--- a/src/Func.cc
+++ b/src/Func.cc
@ -29,7 +29,6 @@
 #include <algorithm>
 #include "md5.h"
 #include "Base64.h"
 #include "Stmt.h"
 #include "Scope.h"
--- a/src/MIME.cc
+++ b/src/MIME.cc
@ -4,6 +4,7 @@
 #include "MIME.h"
 #include "Event.h"
 #include "Reporter.h"
 #include "digest.h"
 // Here are a few things to do:
 //
@ -1008,7 +1009,7 @@ void MIME_Mail::Done()
 	if ( compute_content_hash && mime_content_hash )
 		{
 		u_char* digest = new u_char[16];
-		md5_finish(&md5_hash, digest);
+		md5_final(&md5_hash, digest);
 		val_list* vl = new val_list;
 		vl->append(analyzer->BuildConnVal());
@ -1096,7 +1097,7 @@ void MIME_Mail::SubmitData(int len, const char* buf)
 	if ( compute_content_hash )
 		{
 		content_hash_length += len;
-		md5_append(&md5_hash, (const u_char*) buf, len);
+		md5_update(&md5_hash, (const u_char*) buf, len);
 		}
 	if ( mime_entity_data || mime_all_data )
--- a/src/MIME.h
+++ b/src/MIME.h
@ -2,13 +2,12 @@
 #define mime_h
 #include <assert.h>
-
+#include <openssl/md5.h>
 #include <stdio.h>
 #include <vector>
 #include <queue>
 using namespace std;
 #include "md5.h"
 #include "Base64.h"
 #include "BroString.h"
 #include "Analyzer.h"
@ -248,7 +247,7 @@ protected:
 	int buffer_offset;
 	int compute_content_hash;
 	int content_hash_length;
-	md5_state_t md5_hash;
+	MD5_CTX md5_hash;
 	vector<const BroString*> entity_content;
 	vector<const BroString*> all_content;
--- a/src/bro.bif
+++ b/src/bro.bif
@ -6,13 +6,13 @@
 %%{ // C segment
 #include <math.h>
 #include <vector>
 #include <algorithm>
 #include <cmath>
 #include <sys/stat.h>
 #include <cstdio>
 #include "digest.h"
 #include "Reporter.h"
 #include "IPAddr.h"
@ -530,7 +530,7 @@ function piped_exec%(program: string, to_write: string%): bool
 %%{
 static void hash_md5_val(val_list& vlist, unsigned char digest[16])
 	{
-	md5_state_s h;
+	MD5_CTX h;
 	md5_init(&h);
 	loop_over_list(vlist, i)
@ -539,16 +539,16 @@ static void hash_md5_val(val_list& vlist, unsigned char digest[16])
 		if ( v->Type()->Tag() == TYPE_STRING )
 			{
 			const BroString* str = v->AsString();
-			md5_append(&h, str->Bytes(), str->Len());
+			md5_update(&h, str->Bytes(), str->Len());
 			}
 		else
 			{
 			ODesc d(DESC_BINARY);
 			v->Describe(&d);
-			md5_append(&h, (const md5_byte_t *) d.Bytes(), d.Len());
+			md5_update(&h, (const u_char *) d.Bytes(), d.Len());
 			}
 		}
-	md5_finish(&h, digest);
+	md5_final(&h, digest);
 	}
 static void hmac_md5_val(val_list& vlist, unsigned char digest[16])
@ -556,7 +556,53 @@ static void hmac_md5_val(val_list& vlist, unsigned char digest[16])
 	hash_md5_val(vlist, digest);
 	for ( int i = 0; i < 16; ++i )
 		digest[i] = digest[i] ^ shared_hmac_md5_key[i];
-	hash_md5(16, digest, digest);
+	MD5(digest, 16, digest);
 	}
 static void hash_sha1_val(val_list& vlist, unsigned char digest[20])
 	{
 	SHA_CTX h;
 	sha1_init(&h);
 	loop_over_list(vlist, i)
 		{
 		Val* v = vlist[i];
 		if ( v->Type()->Tag() == TYPE_STRING )
 			{
 			const BroString* str = v->AsString();
 			sha1_update(&h, str->Bytes(), str->Len());
 			}
 		else
 			{
 			ODesc d(DESC_BINARY);
 			v->Describe(&d);
 			sha1_update(&h, (const u_char *) d.Bytes(), d.Len());
 			}
 		}
 	sha1_final(&h, digest);
 	}
 static void hash_sha256_val(val_list& vlist, unsigned char digest[32])
 	{
 	SHA256_CTX h;
 	sha256_init(&h);
 	loop_over_list(vlist, i)
 		{
 		Val* v = vlist[i];
 		if ( v->Type()->Tag() == TYPE_STRING )
 			{
 			const BroString* str = v->AsString();
 			sha256_update(&h, str->Bytes(), str->Len());
 			}
 		else
 			{
 			ODesc d(DESC_BINARY);
 			v->Describe(&d);
 			sha256_update(&h, (const u_char *) d.Bytes(), d.Len());
 			}
 		}
 	sha256_final(&h, digest);
 	}
 %%}
@ -565,6 +611,8 @@ static void hmac_md5_val(val_list& vlist, unsigned char digest[16])
 ## Returns: The MD5 hash value of the concatenated arguments.
 ##
 ## .. bro:see:: md5_hmac md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 ##
 ## .. note::
 ##
@ -578,6 +626,46 @@ function md5_hash%(...%): string
 	return new StringVal(md5_digest_print(digest));
 	%}
 ## Computes the SHA1 hash value of the provided list of arguments.
 ##
 ## Returns: The SHA1 hash value of the concatenated arguments.
 ##
 ## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 ##
 ## .. note::
 ##
 ##      This function performs a one-shot computation of its arguments.
 ##      For incremental hash computation, see :bro:id:`sha1_hash_init` and
 ##      friends.
 function sha1_hash%(...%): string
 	%{
 	unsigned char digest[20];
 	hash_sha1_val(@ARG@, digest);
 	return new StringVal(sha1_digest_print(digest));
 	%}
 ## Computes the SHA256 hash value of the provided list of arguments.
 ##
 ## Returns: The SHA256 hash value of the concatenated arguments.
 ##
 ## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash_init sha256_hash_update sha256_hash_finish
 ##
 ## .. note::
 ##
 ##      This function performs a one-shot computation of its arguments.
 ##      For incremental hash computation, see :bro:id:`sha256_hash_init` and
 ##      friends.
 function sha256_hash%(...%): string
 	%{
 	unsigned char digest[32];
 	hash_sha256_val(@ARG@, digest);
 	return new StringVal(sha256_digest_print(digest));
 	%}
 ## Computes an HMAC-MD5 hash value of the provided list of arguments. The HMAC
 ## secret key is generated from available entropy when Bro starts up, or it can
 ## be specified for repeatability using the ``-K`` command line flag.
@ -585,6 +673,8 @@ function md5_hash%(...%): string
 ## Returns: The HMAC-MD5 hash value of the concatenated arguments.
 ##
 ## .. bro:see:: md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 function md5_hmac%(...%): string
 	%{
 	unsigned char digest[16];
@ -593,7 +683,9 @@ function md5_hmac%(...%): string
 	%}
 %%{
-static map<BroString, md5_state_s> md5_states;
+static map<BroString, MD5_CTX> md5_states;
 static map<BroString, SHA_CTX> sha1_states;
 static map<BroString, SHA256_CTX> sha256_states;
 BroString* convert_index_to_string(Val* index)
 	{
@ -618,7 +710,9 @@ BroString* convert_index_to_string(Val* index)
 ##
 ## index: The unique identifier to associate with this hash computation.
 ##
-## .. bro:see:: md5_hash md5_hmac md5_hash_update md5_hash_finish
+## .. bro:see:: md5_hmac md5_hash md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 function md5_hash_init%(index: any%): bool
 	%{
 	BroString* s = convert_index_to_string(index);
@ -626,7 +720,7 @@ function md5_hash_init%(index: any%): bool
 	if ( md5_states.count(*s) < 1 )
 		{
-		md5_state_s h;
+		MD5_CTX h;
 		md5_init(&h);
 		md5_states[*s] = h;
 		status = 1;
@ -636,6 +730,75 @@ function md5_hash_init%(index: any%): bool
 	return new Val(status, TYPE_BOOL);
 	%}
 ## Initializes SHA1 state to enable incremental hash computation. After
 ## initializing the SHA1 state with this function, you can feed data to
 ## :bro:id:`sha1_hash_update` and finally need to call
 ## :bro:id:`sha1_hash_finish` to finish the computation and get the final hash
 ## value.
 ##
 ## For example, when computing incremental SHA1 values of transferred files in
 ## multiple concurrent HTTP connections, one would call ``sha1_hash_init(c$id)``
 ## once before invoking ``sha1_hash_update(c$id, some_more_data)`` in the
 ## :bro:id:`http_entity_data` event handler. When all data has arrived, a call
 ## to :bro:id:`sha1_hash_finish` returns the final hash value.
 ##
 ## index: The unique identifier to associate with this hash computation.
 ##
 ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 function sha1_hash_init%(index: any%): bool
 	%{
 	BroString* s = convert_index_to_string(index);
 	int status = 0;
 	if ( sha1_states.count(*s) < 1 )
 		{
 		SHA_CTX h;
 		sha1_init(&h);
 		sha1_states[*s] = h;
 		status = 1;
 		}
 	delete s;
 	return new Val(status, TYPE_BOOL);
 	%}
 ## Initializes SHA256 state to enable incremental hash computation. After
 ## initializing the SHA256 state with this function, you can feed data to
 ## :bro:id:`sha256_hash_update` and finally need to call
 ## :bro:id:`sha256_hash_finish` to finish the computation and get the final hash
 ## value.
 ##
 ## For example, when computing incremental SHA256 values of transferred files in
 ## multiple concurrent HTTP connections, one would call
 ## ``sha256_hash_init(c$id)`` once before invoking
 ## ``sha256_hash_update(c$id, some_more_data)`` in the
 ## :bro:id:`http_entity_data` event handler. When all data has arrived, a call
 ## to :bro:id:`sha256_hash_finish` returns the final hash value.
 ##
 ## index: The unique identifier to associate with this hash computation.
 ##
 ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_update sha256_hash_finish
 function sha256_hash_init%(index: any%): bool
 	%{
 	BroString* s = convert_index_to_string(index);
 	int status = 0;
 	if ( sha256_states.count(*s) < 1 )
 		{
 		SHA256_CTX h;
 		sha256_init(&h);
 		sha256_states[*s] = h;
 		status = 1;
 		}
 	delete s;
 	return new Val(status, TYPE_BOOL);
 	%}
 ## Update the MD5 value associated with a given index. It is required to
 ## call :bro:id:`md5_hash_init` once before calling this
 ## function.
@ -644,7 +807,9 @@ function md5_hash_init%(index: any%): bool
 ##
 ## data: The data to add to the hash computation.
 ##
-## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_finish
+## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 function md5_hash_update%(index: any, data: string%): bool
 	%{
 	BroString* s = convert_index_to_string(index);
@ -652,7 +817,59 @@ function md5_hash_update%(index: any, data: string%): bool
 	if ( md5_states.count(*s) > 0 )
 		{
-		md5_append(&md5_states[*s], data->Bytes(), data->Len());
+		md5_update(&md5_states[*s], data->Bytes(), data->Len());
 		status = 1;
 		}
 	delete s;
 	return new Val(status, TYPE_BOOL);
 	%}
 ## Update the SHA1 value associated with a given index. It is required to
 ## call :bro:id:`sha1_hash_init` once before calling this
 ## function.
 ##
 ## index: The unique identifier to associate with this hash computation.
 ##
 ## data: The data to add to the hash computation.
 ##
 ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 function sha1_hash_update%(index: any, data: string%): bool
 	%{
 	BroString* s = convert_index_to_string(index);
 	int status = 0;
 	if ( sha1_states.count(*s) > 0 )
 		{
 		sha1_update(&sha1_states[*s], data->Bytes(), data->Len());
 		status = 1;
 		}
 	delete s;
 	return new Val(status, TYPE_BOOL);
 	%}
 ## Update the SHA256 value associated with a given index. It is required to
 ## call :bro:id:`sha256_hash_init` once before calling this
 ## function.
 ##
 ## index: The unique identifier to associate with this hash computation.
 ##
 ## data: The data to add to the hash computation.
 ##
 ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_finish
 function sha256_hash_update%(index: any, data: string%): bool
 	%{
 	BroString* s = convert_index_to_string(index);
 	int status = 0;
 	if ( sha256_states.count(*s) > 0 )
 		{
 		sha256_update(&sha256_states[*s], data->Bytes(), data->Len());
 		status = 1;
 		}
@ -666,7 +883,9 @@ function md5_hash_update%(index: any, data: string%): bool
 ##
 ## Returns: The hash value associated with the computation at *index*.
 ##
-## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update
+## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 function md5_hash_finish%(index: any%): string
 	%{
 	BroString* s = convert_index_to_string(index);
@ -675,7 +894,7 @@ function md5_hash_finish%(index: any%): string
 	if ( md5_states.count(*s) > 0 )
 		{
 		unsigned char digest[16];
-		md5_finish(&md5_states[*s], digest);
+		md5_final(&md5_states[*s], digest);
 		md5_states.erase(*s);
 		printable_digest = new StringVal(md5_digest_print(digest));
 		}
@ -686,6 +905,62 @@ function md5_hash_finish%(index: any%): string
 	return printable_digest;
 	%}
 ## Returns the final SHA1 digest of an incremental hash computation.
 ##
 ## index: The unique identifier of this hash computation.
 ##
 ## Returns: The hash value associated with the computation at *index*.
 ##
 ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
 function sha1_hash_finish%(index: any%): string
 	%{
 	BroString* s = convert_index_to_string(index);
 	StringVal* printable_digest;
 	if ( sha1_states.count(*s) > 0 )
 		{
 		unsigned char digest[20];
 		sha1_final(&sha1_states[*s], digest);
 		sha1_states.erase(*s);
 		printable_digest = new StringVal(sha1_digest_print(digest));
 		}
 	else
 		printable_digest = new StringVal("");
 	delete s;
 	return printable_digest;
 	%}
 ## Returns the final SHA256 digest of an incremental hash computation.
 ##
 ## index: The unique identifier of this hash computation.
 ##
 ## Returns: The hash value associated with the computation at *index*.
 ##
 ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update
 function sha256_hash_finish%(index: any%): string
 	%{
 	BroString* s = convert_index_to_string(index);
 	StringVal* printable_digest;
 	if ( sha256_states.count(*s) > 0 )
 		{
 		unsigned char digest[32];
 		sha256_final(&sha256_states[*s], digest);
 		sha256_states.erase(*s);
 		printable_digest = new StringVal(sha256_digest_print(digest));
 		}
 	else
 		printable_digest = new StringVal("");
 	delete s;
 	return printable_digest;
 	%}
 ## Generates a random number.
 ##
 ## max: The maximum value the random number.
--- a/src/digest.h
+++ b/src/digest.h
@ -0,0 +1,92 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 /**
 * Wrapper and helper functions for MD5/SHA digest algorithms.
 */
 #ifndef bro_digest_h
 #define bro_digest_h
 #include <openssl/md5.h>
 #include <openssl/sha.h>
 #include "Reporter.h"
 static inline const char* digest_print(const u_char* digest, size_t n)
 	{
 	static char buf[256]; // big enough for any of md5/sha1/sha256
 	for ( size_t i = 0; i < n; ++i )
 		snprintf(buf + i * 2, 3, "%02x", digest[i]);
 	return buf;
 	}
 inline const char* md5_digest_print(const u_char digest[MD5_DIGEST_LENGTH])
 	{
 	return digest_print(digest, MD5_DIGEST_LENGTH);
 	}
 inline const char* sha1_digest_print(const u_char digest[SHA_DIGEST_LENGTH])
 	{
 	return digest_print(digest, SHA_DIGEST_LENGTH);
 	}
 inline const char* sha256_digest_print(const u_char digest[SHA256_DIGEST_LENGTH])
 	{
 	return digest_print(digest, SHA256_DIGEST_LENGTH);
 	}
 inline void md5_init(MD5_CTX* c)
 	{
 	if ( ! MD5_Init(c) )
 		reporter->InternalError("MD5_Init failed");
 	}
 inline void md5_update(MD5_CTX* c, const void* data, unsigned long len)
 	{
 	if ( ! MD5_Update(c, data, len) )
 		reporter->InternalError("MD5_Update failed");
 	}
 inline void md5_final(MD5_CTX* c, u_char md[MD5_DIGEST_LENGTH])
 	{
 	if ( ! MD5_Final(md, c) )
 		reporter->InternalError("MD5_Final failed");
 	}
 inline void sha1_init(SHA_CTX* c)
 	{
 	if ( ! SHA1_Init(c) )
 		reporter->InternalError("SHA_Init failed");
 	}
 inline void sha1_update(SHA_CTX* c, const void* data, unsigned long len)
 	{
 	if ( ! SHA1_Update(c, data, len) )
 		reporter->InternalError("SHA_Update failed");
 	}
 inline void sha1_final(SHA_CTX* c, u_char md[SHA_DIGEST_LENGTH])
 	{
 	if ( ! SHA1_Final(md, c) )
 		reporter->InternalError("SHA_Final failed");
 	}
 inline void sha256_init(SHA256_CTX* c)
 	{
 	if ( ! SHA256_Init(c) )
 		reporter->InternalError("SHA256_Init failed");
 	}
 inline void sha256_update(SHA256_CTX* c, const void* data, unsigned long len)
 	{
 	if ( ! SHA256_Update(c, data, len) )
 		reporter->InternalError("SHA256_Update failed");
 	}
 inline void sha256_final(SHA256_CTX* c, u_char md[SHA256_DIGEST_LENGTH])
 	{
 	if ( ! SHA256_Final(md, c) )
 		reporter->InternalError("SHA256_Final failed");
 	}
 #endif //bro_digest_h
--- a/src/main.cc
+++ b/src/main.cc
@ -18,6 +18,8 @@ extern "C" {
 }
 #endif
 #include <openssl/md5.h>
 extern "C" void OPENSSL_add_all_algorithms_conf(void);
 #include "bsd-getopt-long.h"
@ -570,8 +572,7 @@ int main(int argc, char** argv)
 			break;
 		case 'K':
-			hash_md5(strlen(optarg), (const u_char*) optarg,
+			MD5((const u_char*) optarg, strlen(optarg), shared_hmac_md5_key);
 				 shared_hmac_md5_key);
 			hmac_key_set = 1;
 			break;
--- a/src/md5.c
+++ b/src/md5.c
@ -1,380 +0,0 @@
 /*
  Copyright (C) 1999, 2000, 2002 Aladdin Enterprises.  All rights reserved.
  This software is provided 'as-is', without any express or implied
  warranty.  In no event will the authors be held liable for any damages
  arising from the use of this software.
  Permission is granted to anyone to use this software for any purpose,
  including commercial applications, and to alter it and redistribute it
  freely, subject to the following restrictions:
  1. The origin of this software must not be misrepresented; you must not
     claim that you wrote the original software. If you use this software
     in a product, an acknowledgment in the product documentation would be
     appreciated but is not required.
  2. Altered source versions must be plainly marked as such, and must not be
     misrepresented as being the original software.
  3. This notice may not be removed or altered from any source distribution.
  L. Peter Deutsch
  ghost@aladdin.com
 */
 /*
  Independent implementation of MD5 (RFC 1321).
  This code implements the MD5 Algorithm defined in RFC 1321, whose
  text is available at
 	http://www.ietf.org/rfc/rfc1321.txt
  The code is derived from the text of the RFC, including the test suite
  (section A.5) but excluding the rest of Appendix A.  It does not include
  any code or documentation that is identified in the RFC as being
  copyrighted.
  The original and principal author of md5.c is L. Peter Deutsch
  <ghost@aladdin.com>.  Other authors are noted in the change history
  that follows (in reverse chronological order):
  2002-04-13 lpd Clarified derivation from RFC 1321; now handles byte order
 	either statically or dynamically; added missing #include <string.h>
 	in library.
  2002-03-11 lpd Corrected argument list for main(), and added int return
 	type, in test program and T value program.
  2002-02-21 lpd Added missing #include <stdio.h> in test program.
  2000-07-03 lpd Patched to eliminate warnings about "constant is
 	unsigned in ANSI C, signed in traditional"; made test program
 	self-checking.
  1999-11-04 lpd Edited comments slightly for automatic TOC extraction.
  1999-10-18 lpd Fixed typo in header comment (ansi2knr rather than md5).
  1999-05-03 lpd Original version.
 */
 #include "md5.h"
 #include <string.h>
 #undef BYTE_ORDER	/* 1 = big-endian, -1 = little-endian, 0 = unknown */
 #ifdef ARCH_IS_BIG_ENDIAN
 #  define BYTE_ORDER (ARCH_IS_BIG_ENDIAN ? 1 : -1)
 #else
 #  define BYTE_ORDER 0
 #endif
 #define T_MASK ((md5_word_t)~0)
 #define T1 /* 0xd76aa478 */ (T_MASK ^ 0x28955b87)
 #define T2 /* 0xe8c7b756 */ (T_MASK ^ 0x173848a9)
 #define T3    0x242070db
 #define T4 /* 0xc1bdceee */ (T_MASK ^ 0x3e423111)
 #define T5 /* 0xf57c0faf */ (T_MASK ^ 0x0a83f050)
 #define T6    0x4787c62a
 #define T7 /* 0xa8304613 */ (T_MASK ^ 0x57cfb9ec)
 #define T8 /* 0xfd469501 */ (T_MASK ^ 0x02b96afe)
 #define T9    0x698098d8
 #define T10 /* 0x8b44f7af */ (T_MASK ^ 0x74bb0850)
 #define T11 /* 0xffff5bb1 */ (T_MASK ^ 0x0000a44e)
 #define T12 /* 0x895cd7be */ (T_MASK ^ 0x76a32841)
 #define T13    0x6b901122
 #define T14 /* 0xfd987193 */ (T_MASK ^ 0x02678e6c)
 #define T15 /* 0xa679438e */ (T_MASK ^ 0x5986bc71)
 #define T16    0x49b40821
 #define T17 /* 0xf61e2562 */ (T_MASK ^ 0x09e1da9d)
 #define T18 /* 0xc040b340 */ (T_MASK ^ 0x3fbf4cbf)
 #define T19    0x265e5a51
 #define T20 /* 0xe9b6c7aa */ (T_MASK ^ 0x16493855)
 #define T21 /* 0xd62f105d */ (T_MASK ^ 0x29d0efa2)
 #define T22    0x02441453
 #define T23 /* 0xd8a1e681 */ (T_MASK ^ 0x275e197e)
 #define T24 /* 0xe7d3fbc8 */ (T_MASK ^ 0x182c0437)
 #define T25    0x21e1cde6
 #define T26 /* 0xc33707d6 */ (T_MASK ^ 0x3cc8f829)
 #define T27 /* 0xf4d50d87 */ (T_MASK ^ 0x0b2af278)
 #define T28    0x455a14ed
 #define T29 /* 0xa9e3e905 */ (T_MASK ^ 0x561c16fa)
 #define T30 /* 0xfcefa3f8 */ (T_MASK ^ 0x03105c07)
 #define T31    0x676f02d9
 #define T32 /* 0x8d2a4c8a */ (T_MASK ^ 0x72d5b375)
 #define T33 /* 0xfffa3942 */ (T_MASK ^ 0x0005c6bd)
 #define T34 /* 0x8771f681 */ (T_MASK ^ 0x788e097e)
 #define T35    0x6d9d6122
 #define T36 /* 0xfde5380c */ (T_MASK ^ 0x021ac7f3)
 #define T37 /* 0xa4beea44 */ (T_MASK ^ 0x5b4115bb)
 #define T38    0x4bdecfa9
 #define T39 /* 0xf6bb4b60 */ (T_MASK ^ 0x0944b49f)
 #define T40 /* 0xbebfbc70 */ (T_MASK ^ 0x4140438f)
 #define T41    0x289b7ec6
 #define T42 /* 0xeaa127fa */ (T_MASK ^ 0x155ed805)
 #define T43 /* 0xd4ef3085 */ (T_MASK ^ 0x2b10cf7a)
 #define T44    0x04881d05
 #define T45 /* 0xd9d4d039 */ (T_MASK ^ 0x262b2fc6)
 #define T46 /* 0xe6db99e5 */ (T_MASK ^ 0x1924661a)
 #define T47    0x1fa27cf8
 #define T48 /* 0xc4ac5665 */ (T_MASK ^ 0x3b53a99a)
 #define T49 /* 0xf4292244 */ (T_MASK ^ 0x0bd6ddbb)
 #define T50    0x432aff97
 #define T51 /* 0xab9423a7 */ (T_MASK ^ 0x546bdc58)
 #define T52 /* 0xfc93a039 */ (T_MASK ^ 0x036c5fc6)
 #define T53    0x655b59c3
 #define T54 /* 0x8f0ccc92 */ (T_MASK ^ 0x70f3336d)
 #define T55 /* 0xffeff47d */ (T_MASK ^ 0x00100b82)
 #define T56 /* 0x85845dd1 */ (T_MASK ^ 0x7a7ba22e)
 #define T57    0x6fa87e4f
 #define T58 /* 0xfe2ce6e0 */ (T_MASK ^ 0x01d3191f)
 #define T59 /* 0xa3014314 */ (T_MASK ^ 0x5cfebceb)
 #define T60    0x4e0811a1
 #define T61 /* 0xf7537e82 */ (T_MASK ^ 0x08ac817d)
 #define T62 /* 0xbd3af235 */ (T_MASK ^ 0x42c50dca)
 #define T63    0x2ad7d2bb
 #define T64 /* 0xeb86d391 */ (T_MASK ^ 0x14792c6e)
 static void
 md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/)
 {
    md5_word_t
 	a = pms->abcd[0], b = pms->abcd[1],
 	c = pms->abcd[2], d = pms->abcd[3];
    md5_word_t t;
 #if BYTE_ORDER > 0
    /* Define storage only for big-endian CPUs. */
    md5_word_t X[16];
 #else
    /* Define storage for little-endian or both types of CPUs. */
    md5_word_t xbuf[16];
    const md5_word_t *X;
 #endif
    {
 #if BYTE_ORDER == 0
 	/*
 	 * Determine dynamically whether this is a big-endian or
 	 * little-endian machine, since we can use a more efficient
 	 * algorithm on the latter.
 	 */
 	static const int w = 1;
 	if (*((const md5_byte_t *)&w)) /* dynamic little-endian */
 #endif
 #if BYTE_ORDER <= 0		/* little-endian */
 	{
 	    /*
 	     * On little-endian machines, we can process properly aligned
 	     * data without copying it.
 	     */
 	    if (!((data - (const md5_byte_t *)0) & 3)) {
 		/* data are properly aligned */
 		X = (const md5_word_t *)data;
 	    } else {
 		/* not aligned */
 		memcpy(xbuf, data, 64);
 		X = xbuf;
 	    }
 	}
 #endif
 #if BYTE_ORDER == 0
 	else			/* dynamic big-endian */
 #endif
 #if BYTE_ORDER >= 0		/* big-endian */
 	{
 	    /*
 	     * On big-endian machines, we must arrange the bytes in the
 	     * right order.
 	     */
 	    const md5_byte_t *xp = data;
 	    int i;
 #  if BYTE_ORDER == 0
 	    X = xbuf;		/* (dynamic only) */
 #  else
 #    define xbuf X		/* (static only) */
 #  endif
 	    for (i = 0; i < 16; ++i, xp += 4)
 		xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
 	}
 #endif
    }
 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
    /* Round 1. */
    /* Let [abcd k s i] denote the operation
       a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */
 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
 #define SET(a, b, c, d, k, s, Ti)\
  t = a + F(b,c,d) + X[k] + Ti;\
  a = ROTATE_LEFT(t, s) + b
    /* Do the following 16 operations. */
    SET(a, b, c, d,  0,  7,  T1);
    SET(d, a, b, c,  1, 12,  T2);
    SET(c, d, a, b,  2, 17,  T3);
    SET(b, c, d, a,  3, 22,  T4);
    SET(a, b, c, d,  4,  7,  T5);
    SET(d, a, b, c,  5, 12,  T6);
    SET(c, d, a, b,  6, 17,  T7);
    SET(b, c, d, a,  7, 22,  T8);
    SET(a, b, c, d,  8,  7,  T9);
    SET(d, a, b, c,  9, 12, T10);
    SET(c, d, a, b, 10, 17, T11);
    SET(b, c, d, a, 11, 22, T12);
    SET(a, b, c, d, 12,  7, T13);
    SET(d, a, b, c, 13, 12, T14);
    SET(c, d, a, b, 14, 17, T15);
    SET(b, c, d, a, 15, 22, T16);
 #undef SET
     /* Round 2. */
     /* Let [abcd k s i] denote the operation
          a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */
 #define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
 #define SET(a, b, c, d, k, s, Ti)\
  t = a + G(b,c,d) + X[k] + Ti;\
  a = ROTATE_LEFT(t, s) + b
     /* Do the following 16 operations. */
    SET(a, b, c, d,  1,  5, T17);
    SET(d, a, b, c,  6,  9, T18);
    SET(c, d, a, b, 11, 14, T19);
    SET(b, c, d, a,  0, 20, T20);
    SET(a, b, c, d,  5,  5, T21);
    SET(d, a, b, c, 10,  9, T22);
    SET(c, d, a, b, 15, 14, T23);
    SET(b, c, d, a,  4, 20, T24);
    SET(a, b, c, d,  9,  5, T25);
    SET(d, a, b, c, 14,  9, T26);
    SET(c, d, a, b,  3, 14, T27);
    SET(b, c, d, a,  8, 20, T28);
    SET(a, b, c, d, 13,  5, T29);
    SET(d, a, b, c,  2,  9, T30);
    SET(c, d, a, b,  7, 14, T31);
    SET(b, c, d, a, 12, 20, T32);
 #undef SET
     /* Round 3. */
     /* Let [abcd k s t] denote the operation
          a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */
 #define H(x, y, z) ((x) ^ (y) ^ (z))
 #define SET(a, b, c, d, k, s, Ti)\
  t = a + H(b,c,d) + X[k] + Ti;\
  a = ROTATE_LEFT(t, s) + b
     /* Do the following 16 operations. */
    SET(a, b, c, d,  5,  4, T33);
    SET(d, a, b, c,  8, 11, T34);
    SET(c, d, a, b, 11, 16, T35);
    SET(b, c, d, a, 14, 23, T36);
    SET(a, b, c, d,  1,  4, T37);
    SET(d, a, b, c,  4, 11, T38);
    SET(c, d, a, b,  7, 16, T39);
    SET(b, c, d, a, 10, 23, T40);
    SET(a, b, c, d, 13,  4, T41);
    SET(d, a, b, c,  0, 11, T42);
    SET(c, d, a, b,  3, 16, T43);
    SET(b, c, d, a,  6, 23, T44);
    SET(a, b, c, d,  9,  4, T45);
    SET(d, a, b, c, 12, 11, T46);
    SET(c, d, a, b, 15, 16, T47);
    SET(b, c, d, a,  2, 23, T48);
 #undef SET
     /* Round 4. */
     /* Let [abcd k s t] denote the operation
          a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */
 #define I(x, y, z) ((y) ^ ((x) | ~(z)))
 #define SET(a, b, c, d, k, s, Ti)\
  t = a + I(b,c,d) + X[k] + Ti;\
  a = ROTATE_LEFT(t, s) + b
     /* Do the following 16 operations. */
    SET(a, b, c, d,  0,  6, T49);
    SET(d, a, b, c,  7, 10, T50);
    SET(c, d, a, b, 14, 15, T51);
    SET(b, c, d, a,  5, 21, T52);
    SET(a, b, c, d, 12,  6, T53);
    SET(d, a, b, c,  3, 10, T54);
    SET(c, d, a, b, 10, 15, T55);
    SET(b, c, d, a,  1, 21, T56);
    SET(a, b, c, d,  8,  6, T57);
    SET(d, a, b, c, 15, 10, T58);
    SET(c, d, a, b,  6, 15, T59);
    SET(b, c, d, a, 13, 21, T60);
    SET(a, b, c, d,  4,  6, T61);
    SET(d, a, b, c, 11, 10, T62);
    SET(c, d, a, b,  2, 15, T63);
    SET(b, c, d, a,  9, 21, T64);
 #undef SET
     /* Then perform the following additions. (That is increment each
        of the four registers by the value it had before this block
        was started.) */
    pms->abcd[0] += a;
    pms->abcd[1] += b;
    pms->abcd[2] += c;
    pms->abcd[3] += d;
 }
 void
 md5_init(md5_state_t *pms)
 {
    pms->count[0] = pms->count[1] = 0;
    pms->abcd[0] = 0x67452301;
    pms->abcd[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476;
    pms->abcd[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301;
    pms->abcd[3] = 0x10325476;
 }
 void
 md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes)
 {
    const md5_byte_t *p = data;
    int left = nbytes;
    int offset = (pms->count[0] >> 3) & 63;
    md5_word_t nbits = (md5_word_t)(nbytes << 3);
    if (nbytes <= 0)
 	return;
    /* Update the message length. */
    pms->count[1] += nbytes >> 29;
    pms->count[0] += nbits;
    if (pms->count[0] < nbits)
 	pms->count[1]++;
    /* Process an initial partial block. */
    if (offset) {
 	int copy = (offset + nbytes > 64 ? 64 - offset : nbytes);
 	memcpy(pms->buf + offset, p, copy);
 	if (offset + copy < 64)
 	    return;
 	p += copy;
 	left -= copy;
 	md5_process(pms, pms->buf);
    }
    /* Process full blocks. */
    for (; left >= 64; p += 64, left -= 64)
 	md5_process(pms, p);
    /* Process a final partial block. */
    if (left)
 	memcpy(pms->buf, p, left);
 }
 void
 md5_finish(md5_state_t *pms, md5_byte_t digest[16])
 {
    static const md5_byte_t pad[64] = {
 	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
    };
    md5_byte_t data[8];
    int i;
    /* Save the length before padding. */
    for (i = 0; i < 8; ++i)
 	data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3));
    /* Pad to 56 bytes mod 64. */
    md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1);
    /* Append the length. */
    md5_append(pms, data, 8);
    for (i = 0; i < 16; ++i)
 	digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3));
 }
--- a/src/md5.h
+++ b/src/md5.h
@ -1,90 +0,0 @@
 /*
  Copyright (C) 1999, 2002 Aladdin Enterprises.  All rights reserved.
  This software is provided 'as-is', without any express or implied
  warranty.  In no event will the authors be held liable for any damages
  arising from the use of this software.
  Permission is granted to anyone to use this software for any purpose,
  including commercial applications, and to alter it and redistribute it
  freely, subject to the following restrictions:
  1. The origin of this software must not be misrepresented; you must not
     claim that you wrote the original software. If you use this software
     in a product, an acknowledgment in the product documentation would be
     appreciated but is not required.
  2. Altered source versions must be plainly marked as such, and must not be
     misrepresented as being the original software.
  3. This notice may not be removed or altered from any source distribution.
  L. Peter Deutsch
  ghost@aladdin.com
 */
 /*
  Independent implementation of MD5 (RFC 1321).
  This code implements the MD5 Algorithm defined in RFC 1321, whose
  text is available at
 	http://www.ietf.org/rfc/rfc1321.txt
  The code is derived from the text of the RFC, including the test suite
  (section A.5) but excluding the rest of Appendix A.  It does not include
  any code or documentation that is identified in the RFC as being
  copyrighted.
  The original and principal author of md5.h is L. Peter Deutsch
  <ghost@aladdin.com>.  Other authors are noted in the change history
  that follows (in reverse chronological order):
  2002-04-13 lpd Removed support for non-ANSI compilers; removed
 	references to Ghostscript; clarified derivation from RFC 1321;
 	now handles byte order either statically or dynamically.
  1999-11-04 lpd Edited comments slightly for automatic TOC extraction.
  1999-10-18 lpd Fixed typo in header comment (ansi2knr rather than md5);
 	added conditionalization for C++ compilation from Martin
 	Purschke <purschke@bnl.gov>.
  1999-05-03 lpd Original version.
 */
 #ifndef md5_INCLUDED
 #  define md5_INCLUDED
 /*
 * This package supports both compile-time and run-time determination of CPU
 * byte order.  If ARCH_IS_BIG_ENDIAN is defined as 0, the code will be
 * compiled to run only on little-endian CPUs; if ARCH_IS_BIG_ENDIAN is
 * defined as non-zero, the code will be compiled to run only on big-endian
 * CPUs; if ARCH_IS_BIG_ENDIAN is not defined, the code will be compiled to
 * run on either big- or little-endian CPUs, but will run slightly less
 * efficiently on either one than if ARCH_IS_BIG_ENDIAN is defined.
 */
 typedef unsigned char md5_byte_t; /* 8-bit byte */
 typedef unsigned int md5_word_t; /* 32-bit word */
 /* Define the state of the MD5 Algorithm. */
 typedef struct md5_state_s {
    md5_word_t count[2];	/* message length in bits, lsw first */
    md5_word_t abcd[4];		/* digest buffer */
    md5_byte_t buf[64];		/* accumulate block */
 } md5_state_t;
 #ifdef __cplusplus
 extern "C"
 {
 #endif
 /* Initialize the algorithm. */
 void md5_init(md5_state_t *pms);
 /* Append a string to the message. */
 void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes);
 /* Finish the message and return the digest. */
 void md5_finish(md5_state_t *pms, md5_byte_t digest[16]);
 #ifdef __cplusplus
 }  /* end extern "C" */
 #endif
 #endif /* md5_INCLUDED */
--- a/src/util.cc
+++ b/src/util.cc
@ -27,6 +27,8 @@
 #include <errno.h>
 #include <signal.h>
 #include <libgen.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
 #ifdef HAVE_MALLINFO
 # include <malloc.h>
@ -35,7 +37,6 @@
 #include "input.h"
 #include "util.h"
 #include "Obj.h"
 #include "md5.h"
 #include "Val.h"
 #include "NetVar.h"
 #include "Net.h"
@ -546,24 +547,6 @@ bool is_dir(const char* path)
 	return S_ISDIR(st.st_mode);
 	}
 void hash_md5(size_t size, const unsigned char* bytes, unsigned char digest[16])
 	{
 	md5_state_s h;
 	md5_init(&h);
 	md5_append(&h, bytes, size);
 	md5_finish(&h, digest);
 	}
 const char* md5_digest_print(const unsigned char digest[16])
 	{
 	static char digest_print[256];
 	for ( int i = 0; i < 16; ++i )
 		snprintf(digest_print + i * 2, 3, "%02x", digest[i]);
 	return digest_print;
 	}
 int hmac_key_set = 0;
 uint8 shared_hmac_md5_key[16];
@ -572,12 +555,12 @@ void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16])
 	if ( ! hmac_key_set )
 		reporter->InternalError("HMAC-MD5 invoked before the HMAC key is set");
-	hash_md5(size, bytes, digest);
+	MD5(bytes, size, digest);
 	for ( int i = 0; i < 16; ++i )
 		digest[i] ^= shared_hmac_md5_key[i];
-	hash_md5(16, digest, digest);
+	MD5(digest, 16, digest);
 	}
 static bool read_random_seeds(const char* read_file, uint32* seed,
@ -724,7 +707,7 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file
 	if ( ! hmac_key_set )
 		{
-		hash_md5(sizeof(buf), (u_char*) buf, shared_hmac_md5_key);
+		MD5((const u_char*) buf, sizeof(buf), shared_hmac_md5_key);
 		hmac_key_set = 1;
 		}
--- a/src/util.h
+++ b/src/util.h
@ -136,16 +136,12 @@ extern bool ensure_dir(const char *dirname);
 bool is_dir(const char* path); 
 extern uint8 shared_hmac_md5_key[16];
 extern void hash_md5(size_t size, const unsigned char* bytes,
 			unsigned char digest[16]);
 extern int hmac_key_set;
 extern unsigned char shared_hmac_md5_key[16];
 extern void hmac_md5(size_t size, const unsigned char* bytes,
 			unsigned char digest[16]);
 extern const char* md5_digest_print(const unsigned char digest[16]);
 // Initializes RNGs for bro_random() and MD5 usage.  If seed is given, then
 // it is used (to provide determinism).  If load_file is given, the seeds
 // (both random & MD5) are loaded from that file.  This takes precedence
--- a/testing/btest/Baseline/bifs.md5/output
+++ b/testing/btest/Baseline/bifs.md5/output
@ -0,0 +1,4 @@
 f97c5d29941bfb1b2fdab0874906ab82
 7b0391feb2e0cd271f1cf39aafb4376f
 f97c5d29941bfb1b2fdab0874906ab82
 7b0391feb2e0cd271f1cf39aafb4376f
--- a/testing/btest/Baseline/bifs.sha1/output
+++ b/testing/btest/Baseline/bifs.sha1/output
@ -0,0 +1,4 @@
 fe05bcdcdc4928012781a5f1a2a77cbb5398e106
 3e949019500deb1369f13d9644d420d3a920aa5e
 fe05bcdcdc4928012781a5f1a2a77cbb5398e106
 3e949019500deb1369f13d9644d420d3a920aa5e
--- a/testing/btest/Baseline/bifs.sha256/output
+++ b/testing/btest/Baseline/bifs.sha256/output
@ -0,0 +1,4 @@
 7692c3ad3540bb803c020b3aee66cd8887123234ea0c6e7143c0add73ff431ed
 4592092e1061c7ea85af2aed194621cc17a2762bae33a79bf8ce33fd0168b801
 7692c3ad3540bb803c020b3aee66cd8887123234ea0c6e7143c0add73ff431ed
 4592092e1061c7ea85af2aed194621cc17a2762bae33a79bf8ce33fd0168b801
--- a/testing/btest/bifs/md5.test
+++ b/testing/btest/bifs/md5.test
@ -0,0 +1,16 @@
 # @TEST-EXEC: bro -b %INPUT >output
 # @TEST-EXEC: btest-diff output
 print md5_hash("one");
 print md5_hash("one", "two", "three");
 md5_hash_init("a");
 md5_hash_init("b");
 md5_hash_update("a", "one");
 md5_hash_update("b", "one");
 md5_hash_update("b", "two");
 md5_hash_update("b", "three");
 print md5_hash_finish("a");
 print md5_hash_finish("b");
--- a/testing/btest/bifs/sha1.test
+++ b/testing/btest/bifs/sha1.test
@ -0,0 +1,16 @@
 # @TEST-EXEC: bro -b %INPUT >output
 # @TEST-EXEC: btest-diff output
 print sha1_hash("one");
 print sha1_hash("one", "two", "three");
 sha1_hash_init("a");
 sha1_hash_init("b");
 sha1_hash_update("a", "one");
 sha1_hash_update("b", "one");
 sha1_hash_update("b", "two");
 sha1_hash_update("b", "three");
 print sha1_hash_finish("a");
 print sha1_hash_finish("b");
--- a/testing/btest/bifs/sha256.test
+++ b/testing/btest/bifs/sha256.test
@ -0,0 +1,16 @@
 # @TEST-EXEC: bro -b %INPUT >output
 # @TEST-EXEC: btest-diff output
 print sha256_hash("one");
 print sha256_hash("one", "two", "three");
 sha256_hash_init("a");
 sha256_hash_init("b");
 sha256_hash_update("a", "one");
 sha256_hash_update("b", "one");
 sha256_hash_update("b", "two");
 sha256_hash_update("b", "three");
 print sha256_hash_finish("a");
 print sha256_hash_finish("b");