[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sun Jan 19 00:15:46 UTC 2020
The branch master has been updated
via a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e (commit)
via 781aa7ab63eca123ecef6eef90bbf435b881976e (commit)
via 85d843c8eccce937d073a9df7a193032478e21dd (commit)
via 8720b1779442bc0259d89f4fe7f8d46ad4d0b0c0 (commit)
from b2b43d1b698235ee674e588c224db38d9b78d1ea (commit)
- Log -----------------------------------------------------------------
commit a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e
Author: Pauli <paul.dale at oracle.com>
Date: Fri Jan 10 12:43:47 2020 +1000
TODO: undo md5.h and sha.h changes temporarily
Undo the changes to md5.h and sha.h so that the low level symbols are
exported from libcrypto again. This allows libssl to build and link.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)
commit 781aa7ab63eca123ecef6eef90bbf435b881976e
Author: Pauli <paul.dale at oracle.com>
Date: Wed Jan 15 11:13:03 2020 +1000
Deprecate the low level MD5 functions.
Use of the low level MD5 functions has been informally discouraged for a long
time. We now formally deprecate them.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)
commit 85d843c8eccce937d073a9df7a193032478e21dd
Author: Pauli <paul.dale at oracle.com>
Date: Thu Jan 9 13:14:13 2020 +1000
Deprecate the low level SHA functions.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)
commit 8720b1779442bc0259d89f4fe7f8d46ad4d0b0c0
Author: Pauli <paul.dale at oracle.com>
Date: Thu Jan 9 12:04:54 2020 +1000
sha: fix preprocessor indentation
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 12 +++-
crypto/ct/ct_log.c | 4 +-
crypto/ec/curve25519.c | 73 +++++++++++++-------
crypto/ec/ecx_meth.c | 5 +-
crypto/engine/eng_openssl.c | 4 +-
crypto/evp/e_rc4_hmac_md5.c | 4 +-
crypto/evp/legacy_md5.c | 6 ++
crypto/evp/legacy_md5_sha1.c | 7 ++
crypto/evp/legacy_sha.c | 6 ++
crypto/md5/md5_dgst.c | 6 ++
crypto/md5/md5_one.c | 6 ++
crypto/md5/md5_sha1.c | 7 ++
crypto/sha/sha1_one.c | 6 ++
crypto/sha/sha1dgst.c | 6 ++
crypto/sha/sha256.c | 6 ++
crypto/sha/sha512.c | 7 ++
doc/man3/MD5.pod | 4 ++
doc/man3/SHA256_Init.pod | 14 +++-
engines/e_dasync.c | 16 +++--
engines/e_ossltest.c | 79 ++++++++++++----------
include/openssl/sha.h | 8 +--
.../ciphers/cipher_aes_cbc_hmac_sha1_hw.c | 2 +-
.../ciphers/cipher_aes_cbc_hmac_sha256_hw.c | 2 +-
.../implementations/ciphers/cipher_rc4_hmac_md5.c | 4 +-
.../ciphers/cipher_rc4_hmac_md5_hw.c | 4 +-
.../implementations/ciphers/cipher_tdes_wrap.c | 6 ++
providers/implementations/digests/md5_prov.c | 6 ++
providers/implementations/digests/md5_sha1_prov.c | 6 ++
providers/implementations/digests/sha2_prov.c | 6 ++
ssl/s3_cbc.c | 6 ++
test/build.info | 6 +-
test/evp_fetch_prov_test.c | 7 ++
test/rc4test.c | 4 +-
33 files changed, 255 insertions(+), 90 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index d741f315e2..dd07527cde 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -338,13 +338,15 @@ static const OPT_PAIR doit_choices[] = {
#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"md4", D_MD4},
#endif
-#ifndef OPENSSL_NO_MD5
+#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"md5", D_MD5},
{"hmac", D_HMAC},
#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
{"sha1", D_SHA1},
{"sha256", D_SHA256},
{"sha512", D_SHA512},
+#endif
#if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"whirlpool", D_WHIRLPOOL},
#endif
@@ -621,7 +623,7 @@ static int EVP_Digest_MD4_loop(void *args)
}
#endif
-#ifndef OPENSSL_NO_MD5
+#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static int MD5_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **) args;
@@ -650,6 +652,7 @@ static int HMAC_loop(void *args)
}
#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
static int SHA1_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **) args;
@@ -682,6 +685,7 @@ static int SHA512_loop(void *args)
SHA512(buf, lengths[testnum], sha512);
return count;
}
+#endif
#if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static int WHIRLPOOL_loop(void *args)
@@ -2285,7 +2289,7 @@ int speed_main(int argc, char **argv)
}
#endif
-#ifndef OPENSSL_NO_MD5
+#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_MD5]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
@@ -2322,6 +2326,7 @@ int speed_main(int argc, char **argv)
HMAC_CTX_free(loopargs[i].hctx);
}
#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (doit[D_SHA1]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
@@ -2352,6 +2357,7 @@ int speed_main(int argc, char **argv)
print_result(D_SHA512, testnum, count, d);
}
}
+#endif
#if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_WHIRLPOOL]) {
for (testnum = 0; testnum < size_num; testnum++) {
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index 164ff72ac0..695221cba0 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -76,14 +76,14 @@ static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey,
int ret = 0;
unsigned char *pkey_der = NULL;
int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
+ unsigned int len;
if (pkey_der_len <= 0) {
CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
goto err;
}
- SHA256(pkey_der, pkey_der_len, log_id);
- ret = 1;
+ ret = EVP_Digest(pkey_der, pkey_der_len, log_id, &len, EVP_sha256(), NULL);
err:
OPENSSL_free(pkey_der);
return ret;
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c
index 89b1e3c2c1..a512aeb237 100644
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -9,6 +9,7 @@
#include <string.h>
#include "ec_local.h"
+#include <openssl/evp.h>
#include <openssl/sha.h>
#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
@@ -5436,39 +5437,50 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
uint8_t nonce[SHA512_DIGEST_LENGTH];
ge_p3 R;
uint8_t hram[SHA512_DIGEST_LENGTH];
- SHA512_CTX hash_ctx;
+ EVP_MD *sha512 = EVP_MD_fetch(NULL, SN_sha512, NULL);
+ EVP_MD_CTX *hash_ctx = EVP_MD_CTX_new();
+ unsigned int sz;
+ int res = 0;
- SHA512_Init(&hash_ctx);
- SHA512_Update(&hash_ctx, private_key, 32);
- SHA512_Final(az, &hash_ctx);
+ if (sha512 == NULL || hash_ctx == NULL)
+ goto err;
+
+ if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL)
+ || !EVP_DigestUpdate(hash_ctx, private_key, 32)
+ || !EVP_DigestFinal_ex(hash_ctx, az, &sz))
+ goto err;
az[0] &= 248;
az[31] &= 63;
az[31] |= 64;
- SHA512_Init(&hash_ctx);
- SHA512_Update(&hash_ctx, az + 32, 32);
- SHA512_Update(&hash_ctx, message, message_len);
- SHA512_Final(nonce, &hash_ctx);
+ if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL)
+ || !EVP_DigestUpdate(hash_ctx, az + 32, 32)
+ || !EVP_DigestUpdate(hash_ctx, message, message_len)
+ || !EVP_DigestFinal_ex(hash_ctx, nonce, &sz))
+ goto err;
x25519_sc_reduce(nonce);
ge_scalarmult_base(&R, nonce);
ge_p3_tobytes(out_sig, &R);
- SHA512_Init(&hash_ctx);
- SHA512_Update(&hash_ctx, out_sig, 32);
- SHA512_Update(&hash_ctx, public_key, 32);
- SHA512_Update(&hash_ctx, message, message_len);
- SHA512_Final(hram, &hash_ctx);
+ if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL)
+ || !EVP_DigestUpdate(hash_ctx, out_sig, 32)
+ || !EVP_DigestUpdate(hash_ctx, public_key, 32)
+ || !EVP_DigestUpdate(hash_ctx, message, message_len)
+ || !EVP_DigestFinal_ex(hash_ctx, hram, &sz))
+ goto err;
x25519_sc_reduce(hram);
sc_muladd(out_sig + 32, hram, az, nonce);
- OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
+ res = 1;
+err:
OPENSSL_cleanse(nonce, sizeof(nonce));
OPENSSL_cleanse(az, sizeof(az));
-
- return 1;
+ EVP_MD_free(sha512);
+ EVP_MD_CTX_free(hash_ctx);
+ return res;
}
static const char allzeroes[15];
@@ -5479,7 +5491,10 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
int i;
ge_p3 A;
const uint8_t *r, *s;
- SHA512_CTX hash_ctx;
+ EVP_MD *sha512;
+ EVP_MD_CTX *hash_ctx = NULL;
+ unsigned int sz;
+ int res = 0;
ge_p2 R;
uint8_t rcheck[32];
uint8_t h[SHA512_DIGEST_LENGTH];
@@ -5526,11 +5541,19 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
fe_neg(A.X, A.X);
fe_neg(A.T, A.T);
- SHA512_Init(&hash_ctx);
- SHA512_Update(&hash_ctx, r, 32);
- SHA512_Update(&hash_ctx, public_key, 32);
- SHA512_Update(&hash_ctx, message, message_len);
- SHA512_Final(h, &hash_ctx);
+ sha512 = EVP_MD_fetch(NULL, SN_sha512, NULL);
+ if (sha512 == NULL)
+ return 0;
+ hash_ctx = EVP_MD_CTX_new();
+ if (hash_ctx == NULL)
+ goto err;
+
+ if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL)
+ || !EVP_DigestUpdate(hash_ctx, r, 32)
+ || !EVP_DigestUpdate(hash_ctx, public_key, 32)
+ || !EVP_DigestUpdate(hash_ctx, message, message_len)
+ || !EVP_DigestFinal_ex(hash_ctx, h, &sz))
+ goto err;
x25519_sc_reduce(h);
@@ -5538,7 +5561,11 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
ge_tobytes(rcheck, &R);
- return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0;
+ res = CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0;
+err:
+ EVP_MD_free(sha512);
+ EVP_MD_CTX_free(hash_ctx);
+ return res;
}
void ED25519_public_from_private(uint8_t out_public_key[32],
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index d141fe7b81..4e3c630bd2 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -1156,6 +1156,7 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH];
ECX_KEY *key;
unsigned char *privkey = NULL, *pubkey;
+ unsigned int sz;
key = OPENSSL_zalloc(sizeof(*key));
if (key == NULL) {
@@ -1174,7 +1175,9 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0)
goto err;
- SHA512(privkey, 32, buff);
+ if (!EVP_Digest(privkey, 32, buff, &sz, EVP_sha512(), NULL))
+ goto err;
+
buff[0] &= 248;
buff[31] &= 63;
buff[31] |= 64;
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 704268ad97..42c7127187 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -9,8 +9,8 @@
*/
/*
- * RC4 low level APIs are deprecated for public use, but still ok for internal
- * use.
+ * RC4 and SHA-1 low level APIs are deprecated for public use, but still ok
+ * for internal use.
*/
#include "internal/deprecated.h"
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index fa838bf4b2..d3b1dfe258 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -8,8 +8,8 @@
*/
/*
- * RC4 low level APIs are deprecated for public use, but still ok for internal
- * use.
+ * MD5 and RC4 low level APIs are deprecated for public use, but still ok for
+ * internal use.
*/
#include "internal/deprecated.h"
diff --git a/crypto/evp/legacy_md5.c b/crypto/evp/legacy_md5.c
index 9bb1258e47..3ca5305622 100644
--- a/crypto/evp/legacy_md5.c
+++ b/crypto/evp/legacy_md5.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * MD5 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/md5.h>
#include "crypto/evp.h"
#include "legacy_meth.h"
diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c
index 6da6b4fd95..9910892af8 100644
--- a/crypto/evp/legacy_md5_sha1.c
+++ b/crypto/evp/legacy_md5_sha1.c
@@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use. The prov/md5_sha1.h include requires this, but this must
+ * be the first include loaded.
+ */
+#include "internal/deprecated.h"
+
#include "crypto/evp.h"
#include "prov/md5_sha1.h" /* diverse MD5_SHA1 macros */
#include "legacy_meth.h"
diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c
index db289bf2b9..6d3bc0fbc3 100644
--- a/crypto/evp/legacy_sha.c
+++ b/crypto/evp/legacy_sha.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * All SHA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/sha.h> /* diverse SHA macros */
#include "internal/sha3.h" /* KECCAK1600_WIDTH */
#include "crypto/evp.h"
diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c
index b594652f0d..72b641f4f8 100644
--- a/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * MD5 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "md5_local.h"
#include <openssl/opensslv.h>
diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
index c31760bb39..96f4f96f42 100644
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * MD5 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
#include <openssl/md5.h>
diff --git a/crypto/md5/md5_sha1.c b/crypto/md5/md5_sha1.c
index 32bf9a13fc..054f634ac8 100644
--- a/crypto/md5/md5_sha1.c
+++ b/crypto/md5/md5_sha1.c
@@ -6,6 +6,13 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
+
+/*
+ * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <string.h>
#include "prov/md5_sha1.h"
#include <openssl/evp.h>
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index 57bef8927f..c01baf7a6f 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index 68c0a96718..0e4a4e536c 100644
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/crypto.h>
#include <openssl/opensslconf.h>
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 99833924b0..9006eced75 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SHA256 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/opensslconf.h>
#include <stdlib.h>
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index c70edf572a..39ebe68558 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SHA512 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+#include <stdio.h>
#include <openssl/opensslconf.h>
/*-
* IMPLEMENTATION NOTES.
diff --git a/doc/man3/MD5.pod b/doc/man3/MD5.pod
index 8efc8240ae..8d24e5ad04 100644
--- a/doc/man3/MD5.pod
+++ b/doc/man3/MD5.pod
@@ -35,6 +35,10 @@ L<openssl_user_macros(7)>:
#include <openssl/md5.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
int MD5_Init(MD5_CTX *c);
diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod
index 2135e1a093..074f4bf16f 100644
--- a/doc/man3/SHA256_Init.pod
+++ b/doc/man3/SHA256_Init.pod
@@ -11,6 +11,10 @@ SHA512_Final - Secure Hash Algorithm
#include <openssl/sha.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
@@ -43,9 +47,9 @@ SHA512_Final - Secure Hash Algorithm
=head1 DESCRIPTION
-Applications should use the higher level functions
-L<EVP_DigestInit(3)> etc. instead of calling the hash
-functions directly.
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
+and L<EVP_DigestFinal_ex(3)>.
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
@@ -96,6 +100,10 @@ ANSI X9.30
L<EVP_DigestInit(3)>
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index 74a62b86e0..c5d58ded09 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -7,6 +7,14 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use. Note, that due to symbols not being exported, only the
+ * #defines and strucures can be accessed, in this case SHA_CBLOCK and
+ * sizeof(SHA_CTX).
+ */
+#include "internal/deprecated.h"
+
#if defined(_WIN32)
# include <windows.h>
#endif
@@ -492,13 +500,11 @@ static void dummy_pause_job(void) {
* SHA1 implementation. At the moment we just defer to the standard
* implementation
*/
-#undef data
-#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
static int dasync_sha1_init(EVP_MD_CTX *ctx)
{
dummy_pause_job();
- return SHA1_Init(data(ctx));
+ return EVP_MD_meth_get_init(EVP_sha1())(ctx);
}
static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
@@ -506,14 +512,14 @@ static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data,
{
dummy_pause_job();
- return SHA1_Update(data(ctx), data, (size_t)count);
+ return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count);
}
static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
{
dummy_pause_job();
- return SHA1_Final(md, data(ctx));
+ return EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
}
/*
diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
index 1284742ec3..55ecc1f89c 100644
--- a/engines/e_ossltest.c
+++ b/engines/e_ossltest.c
@@ -13,6 +13,15 @@
* used for any purpose except testing
*/
+/*
+ * SHA low level APIs are deprecated for public use, but still ok for
+ * internal use. Note, that due to symbols not being exported, only the
+ * #defines and type definitions can be accessed, function calls are not
+ * available. The digest lengths, block sizes and sizeof(CTX) are used herein
+ * for several different digests.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
@@ -134,10 +143,13 @@ static const EVP_MD *digest_sha256(void)
/* SHA384/SHA512 */
static int digest_sha384_init(EVP_MD_CTX *ctx);
+static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data,
+ size_t count);
+static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
+
static int digest_sha512_init(EVP_MD_CTX *ctx);
static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
size_t count);
-static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md);
static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md);
static EVP_MD *_hidden_sha384_md = NULL;
@@ -153,7 +165,7 @@ static const EVP_MD *digest_sha384(void)
sizeof(EVP_MD *) + sizeof(SHA512_CTX))
|| !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(md, digest_sha384_init)
- || !EVP_MD_meth_set_update(md, digest_sha512_update)
+ || !EVP_MD_meth_set_update(md, digest_sha384_update)
|| !EVP_MD_meth_set_final(md, digest_sha384_final)) {
EVP_MD_meth_free(md);
md = NULL;
@@ -454,23 +466,20 @@ static void fill_known_data(unsigned char *md, unsigned int len)
* value, so that all "MD5" digests using the test engine always end up with
* the same value.
*/
-#undef data
-#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_md5_init(EVP_MD_CTX *ctx)
{
- return MD5_Init(data(ctx));
+ return EVP_MD_meth_get_init(EVP_md5())(ctx);
}
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
- return MD5_Update(data(ctx), data, (size_t)count);
+ return EVP_MD_meth_get_update(EVP_md5())(ctx, data, count);
}
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
{
- int ret;
- ret = MD5_Final(md, data(ctx));
+ int ret = EVP_MD_meth_get_final(EVP_md5())(ctx, md);
if (ret > 0) {
fill_known_data(md, MD5_DIGEST_LENGTH);
@@ -481,23 +490,20 @@ static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
/*
* SHA1 implementation.
*/
-#undef data
-#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha1_init(EVP_MD_CTX *ctx)
{
- return SHA1_Init(data(ctx));
+ return EVP_MD_meth_get_init(EVP_sha1())(ctx);
}
static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
- return SHA1_Update(data(ctx), data, (size_t)count);
+ return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count);
}
static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
{
- int ret;
- ret = SHA1_Final(md, data(ctx));
+ int ret = EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
if (ret > 0) {
fill_known_data(md, SHA_DIGEST_LENGTH);
@@ -508,23 +514,20 @@ static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
/*
* SHA256 implementation.
*/
-#undef data
-#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha256_init(EVP_MD_CTX *ctx)
{
- return SHA256_Init(data(ctx));
+ return EVP_MD_meth_get_init(EVP_sha256())(ctx);
}
static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
- return SHA256_Update(data(ctx), data, (size_t)count);
+ return EVP_MD_meth_get_update(EVP_sha256())(ctx, data, count);
}
static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
{
- int ret;
- ret = SHA256_Final(md, data(ctx));
+ int ret = EVP_MD_meth_get_final(EVP_sha256())(ctx, md);
if (ret > 0) {
fill_known_data(md, SHA256_DIGEST_LENGTH);
@@ -533,31 +536,22 @@ static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
}
/*
- * SHA384/512 implementation.
+ * SHA384 implementation.
*/
-#undef data
-#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx))
static int digest_sha384_init(EVP_MD_CTX *ctx)
{
- return SHA384_Init(data(ctx));
-}
-
-static int digest_sha512_init(EVP_MD_CTX *ctx)
-{
- return SHA512_Init(data(ctx));
+ return EVP_MD_meth_get_init(EVP_sha384())(ctx);
}
-static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
- return SHA512_Update(data(ctx), data, (size_t)count);
+ return EVP_MD_meth_get_update(EVP_sha384())(ctx, data, count);
}
static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
{
- int ret;
- /* Actually uses SHA512_Final! */
- ret = SHA512_Final(md, data(ctx));
+ int ret = EVP_MD_meth_get_final(EVP_sha384())(ctx, md);
if (ret > 0) {
fill_known_data(md, SHA384_DIGEST_LENGTH);
@@ -565,10 +559,23 @@ static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
return ret;
}
+/*
+ * SHA512 implementation.
+ */
+static int digest_sha512_init(EVP_MD_CTX *ctx)
+{
+ return EVP_MD_meth_get_init(EVP_sha512())(ctx);
+}
+
+static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data,
+ size_t count)
+{
+ return EVP_MD_meth_get_update(EVP_sha512())(ctx, data, count);
+}
+
static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
{
- int ret;
- ret = SHA512_Final(md, data(ctx));
+ int ret = EVP_MD_meth_get_final(EVP_sha512())(ctx, md);
if (ret > 0) {
fill_known_data(md, SHA512_DIGEST_LENGTH);
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index be27e2c972..3a31bb606b 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -19,9 +19,9 @@
# include <openssl/e_os2.h>
# include <stddef.h>
-#ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
-#endif
+# endif
/*-
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@@ -115,8 +115,8 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
-#ifdef __cplusplus
+# ifdef __cplusplus
}
-#endif
+# endif
#endif
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index 056dd7866c..57e59c30c3 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -8,7 +8,7 @@
*/
/*
- * AES low level APIs are deprecated for public use, but still ok for internal
+ * All low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index a7b3c199b3..26bc8f7c49 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -8,7 +8,7 @@
*/
/*
- * AES low level APIs are deprecated for public use, but still ok for internal
+ * All low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
index 876c81d34d..55bdfe7384 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
@@ -10,8 +10,8 @@
/* Dispatch functions for RC4_HMAC_MD5 cipher */
/*
- * RC4 low level APIs are deprecated for public use, but still ok for internal
- * use.
+ * MD5 and RC4 low level APIs are deprecated for public use, but still ok for
+ * internal use.
*/
#include "internal/deprecated.h"
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
index 767a1e3e6b..253bb54faf 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
@@ -10,8 +10,8 @@
/* RC4_HMAC_MD5 cipher implementation */
/*
- * RC4 low level APIs are deprecated for public use, but still ok for internal
- * use.
+ * MD5 and RC4 low level APIs are deprecated for public use, but still ok for
+ * internal use.
*/
#include "internal/deprecated.h"
diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c
index a889b22322..a6f4e4efe4 100644
--- a/providers/implementations/ciphers/cipher_tdes_wrap.c
+++ b/providers/implementations/ciphers/cipher_tdes_wrap.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/sha.h>
#include "cipher_tdes_default.h"
#include "crypto/evp.h"
diff --git a/providers/implementations/digests/md5_prov.c b/providers/implementations/digests/md5_prov.c
index 7b92b6139c..73071cdd95 100644
--- a/providers/implementations/digests/md5_prov.c
+++ b/providers/implementations/digests/md5_prov.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * MD5 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/crypto.h>
#include <openssl/md5.h>
#include "prov/digestcommon.h"
diff --git a/providers/implementations/digests/md5_sha1_prov.c b/providers/implementations/digests/md5_sha1_prov.c
index 09c502d839..4d87e2fec6 100644
--- a/providers/implementations/digests/md5_sha1_prov.c
+++ b/providers/implementations/digests/md5_sha1_prov.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
diff --git a/providers/implementations/digests/sha2_prov.c b/providers/implementations/digests/sha2_prov.c
index 8055ce5ad2..1602f5fd20 100644
--- a/providers/implementations/digests/sha2_prov.c
+++ b/providers/implementations/digests/sha2_prov.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SHA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/crypto.h>
#include <openssl/core_numbers.h>
#include <openssl/evp.h>
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 1fe2846cd4..888ff3c2f6 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/constant_time.h"
#include "ssl_local.h"
#include "internal/cryptlib.h"
diff --git a/test/build.info b/test/build.info
index 9afbdfdbe7..837dbba934 100644
--- a/test/build.info
+++ b/test/build.info
@@ -34,7 +34,6 @@ IF[{- !$disabled{tests} -}]
sanitytest rsa_complex exdatatest bntest \
ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
hmactest \
- rc2test rc4test rc5test \
destest mdc2test \
dhtest enginetest \
ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
@@ -508,6 +507,7 @@ IF[{- !$disabled{tests} -}]
tls13encryptiontest wpackettest ctype_internal_test \
rdrand_sanitytest property_test \
rsa_sp800_56b_test bn_internal_test \
+ rc2test rc4test rc5test \
asn1_dsa_internal_test
IF[{- !$disabled{poly1305} -}]
@@ -601,6 +601,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[curve448_internal_test]=.. ../include ../apps/include ../crypto/ec/curve448
DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a
+ SOURCE[rc4test]=rc4test.c
+ INCLUDE[rc4test]=../include ../apps/include
+ DEPEND[rc4test]=../libcrypto.a libtestutil.a
+
SOURCE[rdrand_sanitytest]=rdrand_sanitytest.c
INCLUDE[rdrand_sanitytest]=../include ../apps/include
DEPEND[rdrand_sanitytest]=../libcrypto.a libtestutil.a
diff --git a/test/evp_fetch_prov_test.c b/test/evp_fetch_prov_test.c
index 3fd695e84b..15d2bfc4b0 100644
--- a/test/evp_fetch_prov_test.c
+++ b/test/evp_fetch_prov_test.c
@@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SHA256 low level APIs are deprecated for public use, but still ok for
+ * internal use. Note, that due to symbols not being exported, only the
+ * #defines can be accessed. In this case SHA256_CBLOCK.
+ */
+#include "internal/deprecated.h"
+
#include <string.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
diff --git a/test/rc4test.c b/test/rc4test.c
index ed0bef5006..dad3140e8d 100644
--- a/test/rc4test.c
+++ b/test/rc4test.c
@@ -8,8 +8,8 @@
*/
/*
- * RC4 low level APIs are deprecated for public use, but still ok for internal
- * use.
+ * RC4 and SHA-1 low level APIs are deprecated for public use, but still ok for
+ * internal use.
*/
#include "internal/deprecated.h"
More information about the openssl-commits
mailing list