[openssl] master update
dev at ddvo.net
dev at ddvo.net
Sat May 8 12:43:03 UTC 2021
The branch master has been updated
via 4d49b68504cc494e552bce8e0b82ec8b501d5abe (commit)
from 0a8a6afdfb71e42962921980b51942cea8632697 (commit)
- Log -----------------------------------------------------------------
commit 4d49b68504cc494e552bce8e0b82ec8b501d5abe
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Mar 29 19:32:48 2021 +0200
Crypto: Add deprecation compatibility declarations for SHA* message digest functions
Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc.
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14741)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 76 ++++++++++++----------
crypto/evp/digest.c | 14 ++++
crypto/evp/e_des3.c | 11 ++--
crypto/sha/sha1_one.c | 3 +-
crypto/sha/sha256.c | 28 --------
crypto/sha/sha512.c | 28 --------
doc/man3/EVP_DigestInit.pod | 24 +++++--
doc/man3/SHA256_Init.pod | 28 ++++----
doc/man7/provider-digest.pod | 2 +-
include/crypto/sha.h | 3 +-
include/openssl/evp.h | 3 +
include/openssl/sha.h | 33 +++++-----
providers/fips-sources.checksums | 6 +-
providers/fips.checksum | 2 +-
.../implementations/ciphers/cipher_tdes_wrap.c | 10 +--
util/libcrypto.num | 11 ++--
util/other.syms | 5 ++
17 files changed, 138 insertions(+), 149 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index a2ef2f6b3f..69863b27da 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -240,11 +240,11 @@ OpenSSL 3.0
*Matt Caswell*
- * A number of functions handling low level keys or engines were deprecated
+ * A number of functions handling low-level keys or engines were deprecated
including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(),
EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and
EVP_PKEY_get0_siphash(). Applications using engines should instead use
- providers. Applications getting or setting low level keys in an EVP_PKEY
+ providers. Applications getting or setting low-level keys in an EVP_PKEY
should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively
use EVP_PKEY_fromdata() or EVP_PKEY_get_params().
@@ -405,7 +405,7 @@ OpenSSL 3.0
*Dmitry Belyavskiy*
- * All of the low level EC_KEY functions have been deprecated including:
+ * All of the low-level EC_KEY functions have been deprecated including:
EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
@@ -823,7 +823,7 @@ OpenSSL 3.0
*David von Oheimb*
- * All of the low level RSA functions have been deprecated including:
+ * All of the low-level RSA functions have been deprecated including:
RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
@@ -854,12 +854,12 @@ OpenSSL 3.0
RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
L<EVP_PKEY_decrypt(3)>.
- All of these low level RSA functions have been deprecated without
+ All of these low-level RSA functions have been deprecated without
replacement:
RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version,
@@ -904,7 +904,7 @@ OpenSSL 3.0
*Paul Dale*
- * All of the low level DH functions have been deprecated including:
+ * All of the low-level DH functions have been deprecated including:
DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method,
DH_new_method, DH_new, DH_free, DH_up_ref, DH_bits, DH_set0_pqg, DH_size,
@@ -920,11 +920,11 @@ OpenSSL 3.0
DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish,
DH_meth_get_generate_params and DH_meth_set_generate_params.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_PKEY_derive_init(3)>
and L<EVP_PKEY_derive(3)>.
- These low level DH functions have been deprecated without replacement:
+ These low-level DH functions have been deprecated without replacement:
DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
DH_set_flags and DH_test_flags.
@@ -948,7 +948,7 @@ OpenSSL 3.0
*Paul Dale and Matt Caswell*
- * All of the low level DSA functions have been deprecated including:
+ * All of the low-level DSA functions have been deprecated including:
DSA_new, DSA_free, DSA_up_ref, DSA_bits, DSA_get0_pqg, DSA_set0_pqg,
DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g,
@@ -968,11 +968,11 @@ OpenSSL 3.0
DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_DigestSignInit_ex(3)>,
L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
- These low level DSA functions have been deprecated without replacement:
+ These low-level DSA functions have been deprecated without replacement:
DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and
DSA_test_flags.
@@ -1002,13 +1002,13 @@ OpenSSL 3.0
*Richard Levitte*
- * Deprecated low level ECDH and ECDSA functions. These include:
+ * Deprecated low-level ECDH and ECDSA functions. These include:
ECDH_compute_key, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify,
ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify and
ECDSA_size.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use the EVP_PKEY_derive(3),
EVP_DigestSign(3) and EVP_DigestVerify(3) functions.
@@ -1039,7 +1039,7 @@ OpenSSL 3.0
HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags
and HMAC_CTX_get_md.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)> or the single-shot MAC function L<EVP_Q_mac(3)>.
@@ -1058,19 +1058,19 @@ OpenSSL 3.0
*Rich Salz*
- * All of the low level CMAC functions have been deprecated including:
+ * All of the low-level CMAC functions have been deprecated including:
CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_free, CMAC_CTX_get0_cipher_ctx,
CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)>.
*Paul Dale*
- * All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
+ * The low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
SHA384, SHA512 and Whirlpool digest functions have been deprecated.
These include:
@@ -1079,17 +1079,21 @@ OpenSSL 3.0
MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform,
- SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform, SHA256_Init,
- SHA256_Update, SHA256_Final, SHA256_Transform, SHA384, SHA384_Init,
- SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
- SHA512_Final, SHA512_Transform, WHIRLPOOL, WHIRLPOOL_Init,
+ SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform,
+ SHA256_Init, SHA256_Update, SHA256_Final, SHA256_Transform,
+ SHA384_Init, SHA384_Update, SHA384_Final,
+ SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
+ WHIRLPOOL, WHIRLPOOL_Init,
WHIRLPOOL_Update, WHIRLPOOL_BitUpdate and WHIRLPOOL_Final.
- Use of these low level functions has been informally discouraged
- for a long time. Applications should use the EVP_DigestInit_ex(3),
- EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions instead.
+ Use of these low-level functions has been informally discouraged
+ for a long time. Applications should use the L<EVP_DigestInit_ex(3)>,
+ L<EVP_DigestUpdate(3)>, and L<EVP_DigestFinal_ex(3)> functions instead.
+ Alternatively, the quick one-shot function L<EVP_Q_digest(3)> can be used.
+ SHA1, SHA224, SHA256, SHA384 and SHA512 have changed from functions to macros
+ like this: (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL).
- *Paul Dale*
+ *Paul Dale and David von Oheimb*
* Corrected the documentation of the return values from the `EVP_DigestSign*`
set of functions. The documentation mentioned negative values for some
@@ -1101,7 +1105,7 @@ OpenSSL 3.0
*Richard Levitte*
- * All of the low level cipher functions have been deprecated including:
+ * All of the low-level cipher functions have been deprecated including:
AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
@@ -1133,7 +1137,7 @@ OpenSSL 3.0
SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt,
SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt.
- Use of these low level functions has been informally discouraged for
+ Use of these low-level functions has been informally discouraged for
a long time. Applications should use the high level EVP APIs, e.g.
EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
equivalently named decrypt functions instead.
@@ -1168,7 +1172,7 @@ OpenSSL 3.0
difficult to perform and are not believed likely. Attacks against DH512
are considered just feasible. However, for an attack the target would
have to re-use the DH512 private key, which is not recommended anyway.
- Also applications directly using the low level API BN_mod_exp may be
+ Also applications directly using the low-level API BN_mod_exp may be
affected if they use BN_FLG_CONSTTIME.
([CVE-2019-1551])
@@ -7652,11 +7656,11 @@ OpenSSL 1.0.1
*Steve Henson*
- * Add similar low level API blocking to ciphers.
+ * Add similar low-level API blocking to ciphers.
*Steve Henson*
- * Low level digest APIs are not approved in FIPS mode: any attempt
+ * low-level digest APIs are not approved in FIPS mode: any attempt
to use these will cause a fatal error. Applications that *really* want
to use them can use the `private_*` version instead.
@@ -11044,7 +11048,7 @@ OpenSSL 0.9.8.]
* Add new 'medium level' PKCS#12 API. Certificates and keys
can be added using this API to created arbitrary PKCS#12
- files while avoiding the low level API.
+ files while avoiding the low-level API.
New options to PKCS12_create(), key or cert can be NULL and
will then be omitted from the output file. The encryption
@@ -11055,7 +11059,7 @@ OpenSSL 0.9.8.]
options work when creating a PKCS#12 file. New option -nomac
to omit the mac, NONE can be set for an encryption algorithm.
New code is modified to use the enhanced PKCS12_create()
- instead of the low level API.
+ instead of the low-level API.
*Steve Henson*
@@ -12777,7 +12781,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*Richard Levitte*
- * Change all calls to low level digest routines in the library and
+ * Change all calls to low-level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
@@ -15360,7 +15364,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*Bodo Moeller*
* New openssl application 'rsautl'. This utility can be
- used for low level RSA operations. DER public key
+ used for low-level RSA operations. DER public key
BIO/fp routines also added.
*Steve Henson*
@@ -17240,7 +17244,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
provides hooks that allow the default DSA functions or functions on a
"per key" basis to be replaced. This allows hardware acceleration and
hardware key storage to be handled without major modification to the
- library. Also added low level modexp hooks and CRYPTO_EX structure and
+ library. Also added low-level modexp hooks and CRYPTO_EX structure and
associated functions.
*Steve Henson*
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 67f6e839ca..e584bd8b2b 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -629,6 +629,20 @@ int EVP_Digest(const void *data, size_t count,
return ret;
}
+int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
+ const void *data, size_t count,
+ unsigned char *md, unsigned int *size)
+{
+ EVP_MD *digest = EVP_MD_fetch(libctx, name, propq);
+ int ret = 0;
+
+ if (digest != NULL) {
+ ret = EVP_Digest(data, count, md, size, digest, NULL);
+ EVP_MD_free(digest);
+ }
+ return ret;
+}
+
int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
{
if (digest != NULL && digest->get_params != NULL)
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index e8182b628b..9043f3fb1b 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -16,9 +16,9 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_DES
-# include <openssl/evp.h>
# include <openssl/objects.h>
# include "crypto/evp.h"
+# include "crypto/sha.h"
# include <openssl/des.h>
# include <openssl/rand.h>
# include "evp_local.h"
@@ -347,10 +347,8 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Decrypt again using new IV */
des_ede_cbc_cipher(ctx, out, out, inl - 16);
des_ede_cbc_cipher(ctx, icv, icv, 8);
- /* Work out SHA1 hash of first portion */
- SHA1(out, inl - 16, sha1tmp);
-
- if (!CRYPTO_memcmp(sha1tmp, icv, 8))
+ if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
+ && CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
rv = inl - 16;
OPENSSL_cleanse(icv, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
@@ -371,7 +369,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Copy input to output buffer + 8 so we have space for IV */
memmove(out + 8, in, inl);
/* Work out ICV */
- SHA1(in, inl, sha1tmp);
+ if (!ossl_sha1(in, inl, sha1tmp))
+ return -1;
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index 5bd9953d96..b98f078739 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -17,8 +17,9 @@
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/sha.h>
+#include "crypto/sha.h"
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md)
{
SHA_CTX c;
static unsigned char m[SHA_DIGEST_LENGTH];
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 4fa68953d1..7b3855f301 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -53,34 +53,6 @@ int SHA256_Init(SHA256_CTX *c)
return 1;
}
-unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
-{
- SHA256_CTX c;
- static unsigned char m[SHA224_DIGEST_LENGTH];
-
- if (md == NULL)
- md = m;
- SHA224_Init(&c);
- SHA256_Update(&c, d, n);
- SHA256_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
- return md;
-}
-
-unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
-{
- SHA256_CTX c;
- static unsigned char m[SHA256_DIGEST_LENGTH];
-
- if (md == NULL)
- md = m;
- SHA256_Init(&c);
- SHA256_Update(&c, d, n);
- SHA256_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
- return md;
-}
-
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
{
return SHA256_Update(c, data, len);
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index f0cf9ca902..a0d7f88ba9 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -338,34 +338,6 @@ void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
sha512_block_data_order(c, data, 1);
}
-unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
-{
- SHA512_CTX c;
- static unsigned char m[SHA384_DIGEST_LENGTH];
-
- if (md == NULL)
- md = m;
- SHA384_Init(&c);
- SHA512_Update(&c, d, n);
- SHA512_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
- return md;
-}
-
-unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
-{
- SHA512_CTX c;
- static unsigned char m[SHA512_DIGEST_LENGTH];
-
- if (md == NULL)
- md = m;
- SHA512_Init(&c);
- SHA512_Update(&c, d, n);
- SHA512_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
- return md;
-}
-
#ifndef SHA512_ASM
static const SHA_LONG64 K512[80] = {
U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index a405c2be59..4b6aaeeb1c 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -10,7 +10,7 @@ EVP_MD_CTX_set_params, EVP_MD_CTX_get_params,
EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params,
EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params,
EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
-EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit,
+EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit,
EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,
EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number,
EVP_MD_names_do_all, EVP_MD_provider,
@@ -49,6 +49,9 @@ EVP_MD_do_all_provided
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+ int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
+ const void *data, size_t count,
+ unsigned char *md, unsigned int *size);
int EVP_Digest(const void *data, size_t count, unsigned char *md,
unsigned int *size, const EVP_MD *type, ENGINE *impl);
int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
@@ -216,6 +219,12 @@ as a parameter descriptor.
Sets, clears and tests I<ctx> flags. See L</FLAGS> below for more information.
+=item EVP_Q_digest() is a quick one-shot digest function.
+It hashes I<count> bytes of data at I<data> using the digest algorithm I<name>,
+which is fetched using the optional I<libctx> and I<propq> parameters.
+The digest value is placed in I<md> and its length is written at I<size>
+if the pointer is not NULL. At most B<EVP_MAX_MD_SIZE> bytes will be written.
+
=item EVP_Digest()
A wrapper around the Digest Init_ex, Update and Final_ex functions.
@@ -528,12 +537,16 @@ Returns a pointer to a B<EVP_MD> for success or NULL for failure.
Returns 1 for success or 0 for failure.
-=item EVP_DigestInit_ex2(),
+=item EVP_Q_digest(),
+EVP_Digest(),
+EVP_DigestInit_ex2(),
EVP_DigestInit_ex(),
EVP_DigestUpdate(),
-EVP_DigestFinal_ex()
+EVP_DigestFinal_ex(),
+EVP_DigestFinalXOF(), and
+EVP_DigestFinal()
-Returns 1 for
+return 1 for
success and 0 for failure.
=item EVP_MD_CTX_ctrl()
@@ -698,7 +711,8 @@ The EVP_dss1() function was removed in OpenSSL 1.1.0.
The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1.
-The EVP_DigestInit_ex2(), EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(),
+The EVP_Q_digest(), EVP_DigestInit_ex2(),
+EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(),
EVP_MD_get_params(), EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params(),
EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(),
EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and
diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod
index c8ac28de83..ee96cd2381 100644
--- a/doc/man3/SHA256_Init.pod
+++ b/doc/man3/SHA256_Init.pod
@@ -11,6 +11,12 @@ SHA512_Final - Secure Hash Algorithm
#include <openssl/sha.h>
+ unsigned char *SHA1(const void *data, size_t count, unsigned char *md_buf);
+ unsigned char *SHA224(const void *data, size_t count, unsigned char *md_buf);
+ unsigned char *SHA256(const void *data, size_t count, unsigned char *md_buf);
+ unsigned char *SHA384(const void *data, size_t count, unsigned char *md_buf);
+ unsigned char *SHA512(const void *data, size_t count, unsigned char *md_buf);
+
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
@@ -18,38 +24,33 @@ L<openssl_user_macros(7)>:
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
- unsigned char *SHA1(const unsigned char *d, size_t n,
- unsigned char *md);
int SHA224_Init(SHA256_CTX *c);
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA224_Final(unsigned char *md, SHA256_CTX *c);
- unsigned char *SHA224(const unsigned char *d, size_t n,
- unsigned char *md);
int SHA256_Init(SHA256_CTX *c);
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA256_Final(unsigned char *md, SHA256_CTX *c);
- unsigned char *SHA256(const unsigned char *d, size_t n,
- unsigned char *md);
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
- unsigned char *SHA384(const unsigned char *d, size_t n,
- unsigned char *md);
int SHA512_Init(SHA512_CTX *c);
int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
- unsigned char *SHA512(const unsigned char *d, size_t n,
- unsigned char *md);
=head1 DESCRIPTION
-All of the functions described on this page are deprecated.
+All of the functions described on this page
+except for SHA1(), SHA224(), SHA256(), SHA384() and SHA512() are deprecated.
Applications should instead use L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
-and L<EVP_DigestFinal_ex(3)>.
+and L<EVP_DigestFinal_ex(3)>, or the quick one-shot function L<EVP_Q_digest(3)>.
+SHA1(), SHA224(), SHA256(), SHA384(), and SHA256()
+can continue to be used. They can also be replaced by, e.g.,
+
+ (EVP_Q_digest(d, n, md, NULL, NULL, "SHA256", NULL) ? md : NULL)
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
@@ -95,11 +96,12 @@ ANSI X9.30
=head1 SEE ALSO
+L<EVP_Q_digest(3)>,
L<EVP_DigestInit(3)>
=head1 HISTORY
-All of these functions were deprecated in OpenSSL 3.0.
+All of these functions except SHA*() were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod
index e92991afa8..bacdbf4821 100644
--- a/doc/man7/provider-digest.pod
+++ b/doc/man7/provider-digest.pod
@@ -255,7 +255,7 @@ algorithm.
=head1 BUGS
-The EVP_Digest() and EVP_DigestFinal_ex() libcrypto API calls do not
+The EVP_Q_digest(), EVP_Digest() and EVP_DigestFinal_ex() API calls do not
expect the digest size to be larger than EVP_MAX_MD_SIZE. Any algorithm which
produces larger digests is unusable with those API calls.
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index 20823b8bca..64305d1790 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -12,10 +12,11 @@
# define OSSL_CRYPTO_SHA_H
# pragma once
-# include <openssl/opensslconf.h>
+# include <openssl/sha.h>
int sha512_224_init(SHA512_CTX *);
int sha512_256_init(SHA512_CTX *);
int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
+unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md);
#endif
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9374e86e66..c380f2e539 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -681,6 +681,9 @@ __owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
__owur int EVP_Digest(const void *data, size_t count,
unsigned char *md, unsigned int *size,
const EVP_MD *type, ENGINE *impl);
+__owur int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name,
+ const char *propq, const void *data, size_t count,
+ unsigned char *md, unsigned int *size);
__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index 36339373b7..0dca61c71d 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -17,6 +17,7 @@
# endif
# include <openssl/e_os2.h>
+# include <openssl/evp.h>
# include <stddef.h>
# ifdef __cplusplus
@@ -45,16 +46,16 @@ typedef struct SHAstate_st {
SHA_LONG data[SHA_LBLOCK];
unsigned int num;
} SHA_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
OSSL_DEPRECATEDIN_3_0 int SHA1_Init(SHA_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA1(const unsigned char *d, size_t n,
- unsigned char *md);
OSSL_DEPRECATEDIN_3_0 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
# endif
+# define SHA1(d, n, md) \
+ (EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL)
+
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a
* contiguous array of 32 bit wide
@@ -66,24 +67,24 @@ typedef struct SHA256state_st {
SHA_LONG data[SHA_LBLOCK];
unsigned int num, md_len;
} SHA256_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
OSSL_DEPRECATEDIN_3_0 int SHA224_Init(SHA256_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA224_Update(SHA256_CTX *c,
const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA224(const unsigned char *d, size_t n,
- unsigned char *md);
OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c,
const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA256(const unsigned char *d, size_t n,
- unsigned char *md);
OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
const unsigned char *data);
# endif
+# define SHA224(d, n, md) \
+ (EVP_Q_digest(NULL, "SHA224", NULL, d, n, md, NULL) ? md : NULL)
+# define SHA256(d, n, md) \
+ (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL)
+
# define SHA224_DIGEST_LENGTH 28
# define SHA256_DIGEST_LENGTH 32
# define SHA384_DIGEST_LENGTH 48
@@ -118,24 +119,24 @@ typedef struct SHA512state_st {
} u;
unsigned int num, md_len;
} SHA512_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
OSSL_DEPRECATEDIN_3_0 int SHA384_Init(SHA512_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA384_Update(SHA512_CTX *c,
const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA384(const unsigned char *d, size_t n,
- unsigned char *md);
OSSL_DEPRECATEDIN_3_0 int SHA512_Init(SHA512_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA512_Update(SHA512_CTX *c,
const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA512(const unsigned char *d, size_t n,
- unsigned char *md);
OSSL_DEPRECATEDIN_3_0 void SHA512_Transform(SHA512_CTX *c,
const unsigned char *data);
# endif
+# define SHA384(d, n, md) \
+ (EVP_Q_digest(NULL, "SHA384", NULL, d, n, md, NULL) ? md : NULL)
+# define SHA512(d, n, md) \
+ (EVP_Q_digest(NULL, "SHA512", NULL, d, n, md, NULL) ? md : NULL)
+
# ifdef __cplusplus
}
# endif
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 6175384c2d..0ab5e40394 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -166,7 +166,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84 crypto/ec/ecp_
22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c
7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128 crypto/evp/asymcipher.c
0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c
-4433d40517d9550f6a1db90dfb912e32ee10b95497ddfc2a7edb2116f87ee531 crypto/evp/digest.c
+e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5 crypto/evp/digest.c
87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8 crypto/evp/ec_support.c
c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0 crypto/evp/evp_enc.c
9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561 crypto/evp/evp_fetch.c
@@ -297,9 +297,9 @@ f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699 crypto/sha/asm
8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl
4d13c5020a92190d43721018c50776fd4df858fe92f3cce1d465ed98dfb142d1 crypto/sha/keccak1600.c
306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c
-b40bd40b91a2ecdba63777758f84c5405a92e673636dba2cb83512c34aae3882 crypto/sha/sha256.c
+4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b crypto/sha/sha256.c
01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07 crypto/sha/sha3.c
-7598a626c55fb6505cc234cb438c78846756cde95c4400ca07bf9460b9bec834 crypto/sha/sha512.c
+65ef028da082f1a9b6ce2c45ae5644895b7fca356a798fca65428852ccf24b96 crypto/sha/sha512.c
86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7 crypto/sparse_array.c
32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df crypto/stack/stack.c
7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 50a9c51b5c..cbb359f123 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-4d501c5fb8a5646c618eb02511a7a1ffab71823f6adee558ee30df8bb4bd6f40 providers/fips-sources.checksums
+db2202782291f6e77fbe9f6271517cb41d7c06790a606a61f69e564f002f76f5 providers/fips-sources.checksums
diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c
index be109129bd..4bfd17f515 100644
--- a/providers/implementations/ciphers/cipher_tdes_wrap.c
+++ b/providers/implementations/ciphers/cipher_tdes_wrap.c
@@ -18,6 +18,7 @@
#include <openssl/proverr.h>
#include "cipher_tdes_default.h"
#include "crypto/evp.h"
+#include "crypto/sha.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
@@ -64,10 +65,8 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
/* Decrypt again using new IV */
ctx->hw->cipher(ctx, out, out, inl - 16);
ctx->hw->cipher(ctx, icv, icv, 8);
- /* Work out SHA1 hash of first portion */
- SHA1(out, inl - 16, sha1tmp);
-
- if (!CRYPTO_memcmp(sha1tmp, icv, 8))
+ if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
+ && CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
rv = inl - 16;
OPENSSL_cleanse(icv, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
@@ -93,7 +92,8 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
/* Copy input to output buffer + 8 so we have space for IV */
memmove(out + ivlen, in, inl);
/* Work out ICV */
- SHA1(in, inl, sha1tmp);
+ if (!ossl_sha1(in, inl, sha1tmp))
+ return 0;
memcpy(out + inl + ivlen, sha1tmp, icvlen);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 2e89c5dd26..019a6ecb52 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1144,7 +1144,7 @@ BN_security_bits 1171 3_0_0 EXIST::FUNCTION:
X509_PURPOSE_get0_name 1172 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_get_serial 1173 3_0_0 EXIST::FUNCTION:TS
ASN1_PCTX_get_str_flags 1174 3_0_0 EXIST::FUNCTION:
-SHA256 1175 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA256 1175 3_0_0 NOEXIST::FUNCTION:
X509_LOOKUP_hash_dir 1176 3_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_check 1177 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_RAND 1178 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -1375,7 +1375,7 @@ EVP_MD_meth_get_cleanup 1408 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
SRP_Calc_server_key 1409 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
BN_mod_exp_simple 1410 3_0_0 EXIST::FUNCTION:
BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION:
-SHA512 1412 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA512 1412 3_0_0 NOEXIST::FUNCTION:
X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION:
EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION:
@@ -2460,7 +2460,7 @@ BN_generate_dsa_nonce 2512 3_0_0 EXIST::FUNCTION:
X509_verify_cert 2513 3_0_0 EXIST::FUNCTION:
X509_policy_level_get0_node 2514 3_0_0 EXIST::FUNCTION:
X509_REQ_get_attr 2515 3_0_0 EXIST::FUNCTION:
-SHA1 2516 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA1 2516 3_0_0 NOEXIST::FUNCTION:
X509_print 2517 3_0_0 EXIST::FUNCTION:
d2i_AutoPrivateKey 2518 3_0_0 EXIST::FUNCTION:
X509_REQ_new 2519 3_0_0 EXIST::FUNCTION:
@@ -2927,7 +2927,7 @@ EC_GROUP_set_asn1_flag 2991 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_new 2992 3_0_0 EXIST::FUNCTION:
i2d_POLICYINFO 2993 3_0_0 EXIST::FUNCTION:
BN_get_flags 2994 3_0_0 EXIST::FUNCTION:
-SHA384 2995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA384 2995 3_0_0 NOEXIST::FUNCTION:
NCONF_get_string 2996 3_0_0 EXIST::FUNCTION:
d2i_PROXY_CERT_INFO_EXTENSION 2997 3_0_0 EXIST::FUNCTION:
EC_POINT_point2buf 2998 3_0_0 EXIST::FUNCTION:EC
@@ -3510,7 +3510,7 @@ EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION:
OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP
-SHA224 3592 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA224 3592 3_0_0 NOEXIST::FUNCTION:
MD2_options 3593 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2
X509_REQ_it 3595 3_0_0 EXIST::FUNCTION:
RAND_bytes 3596 3_0_0 EXIST::FUNCTION:
@@ -5320,6 +5320,7 @@ OSSL_ESS_signing_cert_new_init ? 3_0_0 EXIST::FUNCTION:
OSSL_ESS_signing_cert_v2_new_init ? 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_it ? 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_V2_it ? 3_0_0 EXIST::FUNCTION:
+EVP_Q_digest ? 3_0_0 EXIST::FUNCTION:
EVP_DigestInit_ex2 ? 3_0_0 EXIST::FUNCTION:
EVP_EncryptInit_ex2 ? 3_0_0 EXIST::FUNCTION:
EVP_DecryptInit_ex2 ? 3_0_0 EXIST::FUNCTION:
diff --git a/util/other.syms b/util/other.syms
index 3f36f53076..fb8efcb12a 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -431,6 +431,11 @@ PEM_FLAG_EAY_COMPATIBLE define
PEM_FLAG_ONLY_B64 define
PEM_FLAG_SECURE define
RAND_cleanup define deprecated 1.1.0
+SHA1 define
+SHA224 define
+SHA256 define
+SHA384 define
+SHA512 define
SSL_COMP_free_compression_methods define deprecated 1.1.0
SSL_CTX_add0_chain_cert define
SSL_CTX_add1_chain_cert define
More information about the openssl-commits
mailing list