mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 12:04:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Add deprecation compatibility declarations for SHA* message digest functions

Browse Source 
Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14741)
This commit is contained in:
Dr. David von Oheimb 2021-03-29 19:32:48 +02:00
parent 0a8a6afdfb
commit 4d49b68504
17 changed files with 138 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
CHANGES.md
View File

@ -240,11 +240,11 @@ OpenSSL 3.0
*Matt Caswell*
* A number of functions handling low level keys or engines were deprecated
* A number of functions handling low-level keys or engines were deprecated
including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(),
EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and
EVP_PKEY_get0_siphash(). Applications using engines should instead use
providers. Applications getting or setting low level keys in an EVP_PKEY
providers. Applications getting or setting low-level keys in an EVP_PKEY
should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively
use EVP_PKEY_fromdata() or EVP_PKEY_get_params().
@ -405,7 +405,7 @@ OpenSSL 3.0
*Dmitry Belyavskiy*
* All of the low level EC_KEY functions have been deprecated including:
* All of the low-level EC_KEY functions have been deprecated including:
EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
@ -823,7 +823,7 @@ OpenSSL 3.0
*David von Oheimb*
* All of the low level RSA functions have been deprecated including:
* All of the low-level RSA functions have been deprecated including:
RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
@ -854,12 +854,12 @@ OpenSSL 3.0
RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen.
Use of these low level functions has been informally discouraged for a long
Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
L<EVP_PKEY_decrypt(3)>.
All of these low level RSA functions have been deprecated without
All of these low-level RSA functions have been deprecated without
replacement:
RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version,
@ -904,7 +904,7 @@ OpenSSL 3.0
*Paul Dale*
* All of the low level DH functions have been deprecated including:
* All of the low-level DH functions have been deprecated including:
DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method,
DH_new_method, DH_new, DH_free, DH_up_ref, DH_bits, DH_set0_pqg, DH_size,
@ -920,11 +920,11 @@ OpenSSL 3.0
DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish,
DH_meth_get_generate_params and DH_meth_set_generate_params.
Use of these low level functions has been informally discouraged for a long
Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_PKEY_derive_init(3)>
and L<EVP_PKEY_derive(3)>.
These low level DH functions have been deprecated without replacement:
These low-level DH functions have been deprecated without replacement:
DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
DH_set_flags and DH_test_flags.
@ -948,7 +948,7 @@ OpenSSL 3.0
*Paul Dale and Matt Caswell*
* All of the low level DSA functions have been deprecated including:
* All of the low-level DSA functions have been deprecated including:
DSA_new, DSA_free, DSA_up_ref, DSA_bits, DSA_get0_pqg, DSA_set0_pqg,
DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g,
@ -968,11 +968,11 @@ OpenSSL 3.0
DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
Use of these low level functions has been informally discouraged for a long
Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_DigestSignInit_ex(3)>,
L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
These low level DSA functions have been deprecated without replacement:
These low-level DSA functions have been deprecated without replacement:
DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and
DSA_test_flags.
@ -1002,13 +1002,13 @@ OpenSSL 3.0
*Richard Levitte*
* Deprecated low level ECDH and ECDSA functions. These include:
* Deprecated low-level ECDH and ECDSA functions. These include:
ECDH_compute_key, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify,
ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify and
ECDSA_size.
Use of these low level functions has been informally discouraged for a long
Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use the EVP_PKEY_derive(3),
EVP_DigestSign(3) and EVP_DigestVerify(3) functions.
@ -1039,7 +1039,7 @@ OpenSSL 3.0
HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags
and HMAC_CTX_get_md.
Use of these low level functions has been informally discouraged for a long
Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)> or the single-shot MAC function L<EVP_Q_mac(3)>.
@ -1058,19 +1058,19 @@ OpenSSL 3.0
*Rich Salz*
* All of the low level CMAC functions have been deprecated including:
* All of the low-level CMAC functions have been deprecated including:
CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_free, CMAC_CTX_get0_cipher_ctx,
CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
Use of these low level functions has been informally discouraged for a long
Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)>.
*Paul Dale*
* All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
* The low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
SHA384, SHA512 and Whirlpool digest functions have been deprecated.
These include:
@ -1079,17 +1079,21 @@ OpenSSL 3.0
MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform,
SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform, SHA256_Init,
SHA256_Update, SHA256_Final, SHA256_Transform, SHA384, SHA384_Init,
SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
SHA512_Final, SHA512_Transform, WHIRLPOOL, WHIRLPOOL_Init,
SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform,
SHA256_Init, SHA256_Update, SHA256_Final, SHA256_Transform,
SHA384_Init, SHA384_Update, SHA384_Final,
SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
WHIRLPOOL, WHIRLPOOL_Init,
WHIRLPOOL_Update, WHIRLPOOL_BitUpdate and WHIRLPOOL_Final.
Use of these low level functions has been informally discouraged
for a long time. Applications should use the EVP_DigestInit_ex(3),
EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions instead.
Use of these low-level functions has been informally discouraged
for a long time. Applications should use the L<EVP_DigestInit_ex(3)>,
L<EVP_DigestUpdate(3)>, and L<EVP_DigestFinal_ex(3)> functions instead.
Alternatively, the quick one-shot function L<EVP_Q_digest(3)> can be used.
SHA1, SHA224, SHA256, SHA384 and SHA512 have changed from functions to macros
like this: (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL).
*Paul Dale*
*Paul Dale and David von Oheimb*
* Corrected the documentation of the return values from the `EVP_DigestSign*`
set of functions. The documentation mentioned negative values for some
@ -1101,7 +1105,7 @@ OpenSSL 3.0
*Richard Levitte*
* All of the low level cipher functions have been deprecated including:
* All of the low-level cipher functions have been deprecated including:
AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
@ -1133,7 +1137,7 @@ OpenSSL 3.0
SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt,
SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt.
Use of these low level functions has been informally discouraged for
Use of these low-level functions has been informally discouraged for
a long time. Applications should use the high level EVP APIs, e.g.
EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
equivalently named decrypt functions instead.
@ -1168,7 +1172,7 @@ OpenSSL 3.0
difficult to perform and are not believed likely. Attacks against DH512
are considered just feasible. However, for an attack the target would
have to re-use the DH512 private key, which is not recommended anyway.
Also applications directly using the low level API BN_mod_exp may be
Also applications directly using the low-level API BN_mod_exp may be
affected if they use BN_FLG_CONSTTIME.
([CVE-2019-1551])
@ -7652,11 +7656,11 @@ OpenSSL 1.0.1
*Steve Henson*
* Add similar low level API blocking to ciphers.
* Add similar low-level API blocking to ciphers.
*Steve Henson*
* Low level digest APIs are not approved in FIPS mode: any attempt
* low-level digest APIs are not approved in FIPS mode: any attempt
to use these will cause a fatal error. Applications that *really* want
to use them can use the `private_*` version instead.
@ -11044,7 +11048,7 @@ OpenSSL 0.9.8.]
* Add new 'medium level' PKCS#12 API. Certificates and keys
can be added using this API to created arbitrary PKCS#12
files while avoiding the low level API.
files while avoiding the low-level API.
New options to PKCS12_create(), key or cert can be NULL and
will then be omitted from the output file. The encryption
@ -11055,7 +11059,7 @@ OpenSSL 0.9.8.]
options work when creating a PKCS#12 file. New option -nomac
to omit the mac, NONE can be set for an encryption algorithm.
New code is modified to use the enhanced PKCS12_create()
instead of the low level API.
instead of the low-level API.
*Steve Henson*
@ -12777,7 +12781,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*Richard Levitte*
* Change all calls to low level digest routines in the library and
* Change all calls to low-level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
@ -15360,7 +15364,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*Bodo Moeller*
* New openssl application 'rsautl'. This utility can be
used for low level RSA operations. DER public key
used for low-level RSA operations. DER public key
BIO/fp routines also added.
*Steve Henson*
@ -17240,7 +17244,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
provides hooks that allow the default DSA functions or functions on a
"per key" basis to be replaced. This allows hardware acceleration and
hardware key storage to be handled without major modification to the
library. Also added low level modexp hooks and CRYPTO_EX structure and
library. Also added low-level modexp hooks and CRYPTO_EX structure and
associated functions.
*Steve Henson*

14
crypto/evp/digest.c
View File

@ -629,6 +629,20 @@ int EVP_Digest(const void *data, size_t count,
return ret;
}
int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
const void *data, size_t count,
unsigned char *md, unsigned int *size)
{
EVP_MD *digest = EVP_MD_fetch(libctx, name, propq);
int ret = 0;
if (digest != NULL) {
ret = EVP_Digest(data, count, md, size, digest, NULL);
EVP_MD_free(digest);
}
return ret;
}
int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
{
if (digest != NULL && digest->get_params != NULL)

11
crypto/evp/e_des3.c
View File

@ -16,9 +16,9 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#ifndef OPENSSL_NO_DES
# include <openssl/evp.h>
# include <openssl/objects.h>
# include "crypto/evp.h"
# include "crypto/sha.h"
# include <openssl/des.h>
# include <openssl/rand.h>
# include "evp_local.h"
@ -347,10 +347,8 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Decrypt again using new IV */
des_ede_cbc_cipher(ctx, out, out, inl - 16);
des_ede_cbc_cipher(ctx, icv, icv, 8);
/* Work out SHA1 hash of first portion */
SHA1(out, inl - 16, sha1tmp);
if (!CRYPTO_memcmp(sha1tmp, icv, 8))
if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
&& CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
rv = inl - 16;
OPENSSL_cleanse(icv, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
@ -371,7 +369,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Copy input to output buffer + 8 so we have space for IV */
memmove(out + 8, in, inl);
/* Work out ICV */
SHA1(in, inl, sha1tmp);
if (!ossl_sha1(in, inl, sha1tmp))
return -1;
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */

3
crypto/sha/sha1_one.c
View File

@ -17,8 +17,9 @@
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/sha.h>
#include "crypto/sha.h"
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md)
{
SHA_CTX c;
static unsigned char m[SHA_DIGEST_LENGTH];

28
crypto/sha/sha256.c
View File

@ -53,34 +53,6 @@ int SHA256_Init(SHA256_CTX *c)
return 1;
}
unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
{
SHA256_CTX c;
static unsigned char m[SHA224_DIGEST_LENGTH];
if (md == NULL)
md = m;
SHA224_Init(&c);
SHA256_Update(&c, d, n);
SHA256_Final(md, &c);
OPENSSL_cleanse(&c, sizeof(c));
return md;
}
unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
{
SHA256_CTX c;
static unsigned char m[SHA256_DIGEST_LENGTH];
if (md == NULL)
md = m;
SHA256_Init(&c);
SHA256_Update(&c, d, n);
SHA256_Final(md, &c);
OPENSSL_cleanse(&c, sizeof(c));
return md;
}
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
{
return SHA256_Update(c, data, len);

28
crypto/sha/sha512.c
View File

@ -338,34 +338,6 @@ void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
sha512_block_data_order(c, data, 1);
}
unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
{
SHA512_CTX c;
static unsigned char m[SHA384_DIGEST_LENGTH];
if (md == NULL)
md = m;
SHA384_Init(&c);
SHA512_Update(&c, d, n);
SHA512_Final(md, &c);
OPENSSL_cleanse(&c, sizeof(c));
return md;
}
unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
{
SHA512_CTX c;
static unsigned char m[SHA512_DIGEST_LENGTH];
if (md == NULL)
md = m;
SHA512_Init(&c);
SHA512_Update(&c, d, n);
SHA512_Final(md, &c);
OPENSSL_cleanse(&c, sizeof(c));
return md;
}
#ifndef SHA512_ASM
static const SHA_LONG64 K512[80] = {
U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),

24
doc/man3/EVP_DigestInit.pod
View File

@ -10,7 +10,7 @@ EVP_MD_CTX_set_params, EVP_MD_CTX_get_params,
EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params,
EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params,
EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit,
EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit,
EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,
EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number,
EVP_MD_names_do_all, EVP_MD_provider,
@ -49,6 +49,9 @@ EVP_MD_do_all_provided
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
const void *data, size_t count,
unsigned char *md, unsigned int *size);
int EVP_Digest(const void *data, size_t count, unsigned char *md,
unsigned int *size, const EVP_MD *type, ENGINE *impl);
int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
@ -216,6 +219,12 @@ as a parameter descriptor.
Sets, clears and tests I<ctx> flags. See L</FLAGS> below for more information.
=item EVP_Q_digest() is a quick one-shot digest function.
It hashes I<count> bytes of data at I<data> using the digest algorithm I<name>,
which is fetched using the optional I<libctx> and I<propq> parameters.
The digest value is placed in I<md> and its length is written at I<size>
if the pointer is not NULL. At most B<EVP_MAX_MD_SIZE> bytes will be written.
=item EVP_Digest()
A wrapper around the Digest Init_ex, Update and Final_ex functions.
@ -528,12 +537,16 @@ Returns a pointer to a B<EVP_MD> for success or NULL for failure.
Returns 1 for success or 0 for failure.
=item EVP_DigestInit_ex2(),
=item EVP_Q_digest(),
EVP_Digest(),
EVP_DigestInit_ex2(),
EVP_DigestInit_ex(),
EVP_DigestUpdate(),
EVP_DigestFinal_ex()
EVP_DigestFinal_ex(),
EVP_DigestFinalXOF(), and
EVP_DigestFinal()
Returns 1 for
return 1 for
success and 0 for failure.
=item EVP_MD_CTX_ctrl()
@ -698,7 +711,8 @@ The EVP_dss1() function was removed in OpenSSL 1.1.0.
The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1.
The EVP_DigestInit_ex2(), EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(),
The EVP_Q_digest(), EVP_DigestInit_ex2(),
EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(),
EVP_MD_get_params(), EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params(),
EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(),
EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and

28
doc/man3/SHA256_Init.pod
View File

@ -11,6 +11,12 @@ SHA512_Final - Secure Hash Algorithm
#include <openssl/sha.h>
unsigned char *SHA1(const void *data, size_t count, unsigned char *md_buf);
unsigned char *SHA224(const void *data, size_t count, unsigned char *md_buf);
unsigned char *SHA256(const void *data, size_t count, unsigned char *md_buf);
unsigned char *SHA384(const void *data, size_t count, unsigned char *md_buf);
unsigned char *SHA512(const void *data, size_t count, unsigned char *md_buf);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
@ -18,38 +24,33 @@ L<openssl_user_macros(7)>:
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
unsigned char *SHA1(const unsigned char *d, size_t n,
unsigned char *md);
int SHA224_Init(SHA256_CTX *c);
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA224_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA224(const unsigned char *d, size_t n,
unsigned char *md);
int SHA256_Init(SHA256_CTX *c);
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA256_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA256(const unsigned char *d, size_t n,
unsigned char *md);
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA384(const unsigned char *d, size_t n,
unsigned char *md);
int SHA512_Init(SHA512_CTX *c);
int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA512(const unsigned char *d, size_t n,
unsigned char *md);
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
All of the functions described on this page
except for SHA1(), SHA224(), SHA256(), SHA384() and SHA512() are deprecated.
Applications should instead use L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
and L<EVP_DigestFinal_ex(3)>.
and L<EVP_DigestFinal_ex(3)>, or the quick one-shot function L<EVP_Q_digest(3)>.
SHA1(), SHA224(), SHA256(), SHA384(), and SHA256()
can continue to be used. They can also be replaced by, e.g.,
(EVP_Q_digest(d, n, md, NULL, NULL, "SHA256", NULL) ? md : NULL)
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
@ -95,11 +96,12 @@ ANSI X9.30
=head1 SEE ALSO
L<EVP_Q_digest(3)>,
L<EVP_DigestInit(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
All of these functions except SHA*() were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT

2
doc/man7/provider-digest.pod
View File

@ -255,7 +255,7 @@ algorithm.
=head1 BUGS
The EVP_Digest() and EVP_DigestFinal_ex() libcrypto API calls do not
The EVP_Q_digest(), EVP_Digest() and EVP_DigestFinal_ex() API calls do not
expect the digest size to be larger than EVP_MAX_MD_SIZE. Any algorithm which
produces larger digests is unusable with those API calls.

3
include/crypto/sha.h
View File

@ -12,10 +12,11 @@
# define OSSL_CRYPTO_SHA_H
# pragma once
# include <openssl/opensslconf.h>
# include <openssl/sha.h>
int sha512_224_init(SHA512_CTX *);
int sha512_256_init(SHA512_CTX *);
int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md);
#endif

3
include/openssl/evp.h
View File

@ -681,6 +681,9 @@ __owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
__owur int EVP_Digest(const void *data, size_t count,
unsigned char *md, unsigned int *size,
const EVP_MD *type, ENGINE *impl);
__owur int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name,
const char *propq, const void *data, size_t count,
unsigned char *md, unsigned int *size);
__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);

33
include/openssl/sha.h
View File

@ -17,6 +17,7 @@
# endif
# include <openssl/e_os2.h>
# include <openssl/evp.h>
# include <stddef.h>
# ifdef __cplusplus
@ -45,16 +46,16 @@ typedef struct SHAstate_st {
SHA_LONG data[SHA_LBLOCK];
unsigned int num;
} SHA_CTX;
# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 int SHA1_Init(SHA_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c);
OSSL_DEPRECATEDIN_3_0 unsigned char *SHA1(const unsigned char *d, size_t n,
unsigned char *md);
OSSL_DEPRECATEDIN_3_0 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
# endif
# define SHA1(d, n, md) \
(EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a
* contiguous array of 32 bit wide
@ -66,24 +67,24 @@ typedef struct SHA256state_st {
SHA_LONG data[SHA_LBLOCK];
unsigned int num, md_len;
} SHA256_CTX;
# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 int SHA224_Init(SHA256_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA224_Update(SHA256_CTX *c,
const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
OSSL_DEPRECATEDIN_3_0 unsigned char *SHA224(const unsigned char *d, size_t n,
unsigned char *md);
OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c,
const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
OSSL_DEPRECATEDIN_3_0 unsigned char *SHA256(const unsigned char *d, size_t n,
unsigned char *md);
OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
const unsigned char *data);
# endif
# define SHA224(d, n, md) \
(EVP_Q_digest(NULL, "SHA224", NULL, d, n, md, NULL) ? md : NULL)
# define SHA256(d, n, md) \
(EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL)
# define SHA224_DIGEST_LENGTH 28
# define SHA256_DIGEST_LENGTH 32
# define SHA384_DIGEST_LENGTH 48
@ -118,24 +119,24 @@ typedef struct SHA512state_st {
} u;
unsigned int num, md_len;
} SHA512_CTX;
# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 int SHA384_Init(SHA512_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA384_Update(SHA512_CTX *c,
const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
OSSL_DEPRECATEDIN_3_0 unsigned char *SHA384(const unsigned char *d, size_t n,
unsigned char *md);
OSSL_DEPRECATEDIN_3_0 int SHA512_Init(SHA512_CTX *c);
OSSL_DEPRECATEDIN_3_0 int SHA512_Update(SHA512_CTX *c,
const void *data, size_t len);
OSSL_DEPRECATEDIN_3_0 int SHA512_Final(unsigned char *md, SHA512_CTX *c);
OSSL_DEPRECATEDIN_3_0 unsigned char *SHA512(const unsigned char *d, size_t n,
unsigned char *md);
OSSL_DEPRECATEDIN_3_0 void SHA512_Transform(SHA512_CTX *c,
const unsigned char *data);
# endif
# define SHA384(d, n, md) \
(EVP_Q_digest(NULL, "SHA384", NULL, d, n, md, NULL) ? md : NULL)
# define SHA512(d, n, md) \
(EVP_Q_digest(NULL, "SHA512", NULL, d, n, md, NULL) ? md : NULL)
# ifdef __cplusplus
}
# endif

6
providers/fips-sources.checksums
View File

@ -166,7 +166,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84 crypto/ec/ecp_
22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c
7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128 crypto/evp/asymcipher.c
0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c
4433d40517d9550f6a1db90dfb912e32ee10b95497ddfc2a7edb2116f87ee531 crypto/evp/digest.c
e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5 crypto/evp/digest.c
87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8 crypto/evp/ec_support.c
c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0 crypto/evp/evp_enc.c
9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561 crypto/evp/evp_fetch.c
@ -297,9 +297,9 @@ f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699 crypto/sha/asm
8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl
4d13c5020a92190d43721018c50776fd4df858fe92f3cce1d465ed98dfb142d1 crypto/sha/keccak1600.c
306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c
b40bd40b91a2ecdba63777758f84c5405a92e673636dba2cb83512c34aae3882 crypto/sha/sha256.c
4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b crypto/sha/sha256.c
01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07 crypto/sha/sha3.c
7598a626c55fb6505cc234cb438c78846756cde95c4400ca07bf9460b9bec834 crypto/sha/sha512.c
65ef028da082f1a9b6ce2c45ae5644895b7fca356a798fca65428852ccf24b96 crypto/sha/sha512.c
86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7 crypto/sparse_array.c
32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df crypto/stack/stack.c
7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c

2
providers/fips.checksum
View File

@ -1 +1 @@
4d501c5fb8a5646c618eb02511a7a1ffab71823f6adee558ee30df8bb4bd6f40 providers/fips-sources.checksums
db2202782291f6e77fbe9f6271517cb41d7c06790a606a61f69e564f002f76f5 providers/fips-sources.checksums

10
providers/implementations/ciphers/cipher_tdes_wrap.c
View File

@ -18,6 +18,7 @@
#include <openssl/proverr.h>
#include "cipher_tdes_default.h"
#include "crypto/evp.h"
#include "crypto/sha.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
@ -64,10 +65,8 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
/* Decrypt again using new IV */
ctx->hw->cipher(ctx, out, out, inl - 16);
ctx->hw->cipher(ctx, icv, icv, 8);
/* Work out SHA1 hash of first portion */
SHA1(out, inl - 16, sha1tmp);
if (!CRYPTO_memcmp(sha1tmp, icv, 8))
if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
&& CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
rv = inl - 16;
OPENSSL_cleanse(icv, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
@ -93,7 +92,8 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
/* Copy input to output buffer + 8 so we have space for IV */
memmove(out + ivlen, in, inl);
/* Work out ICV */
SHA1(in, inl, sha1tmp);
if (!ossl_sha1(in, inl, sha1tmp))
return 0;
memcpy(out + inl + ivlen, sha1tmp, icvlen);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */

11
util/libcrypto.num
View File

@ -1144,7 +1144,7 @@ BN_security_bits 1171 3_0_0 EXIST::FUNCTION:
X509_PURPOSE_get0_name 1172 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_get_serial 1173 3_0_0 EXIST::FUNCTION:TS
ASN1_PCTX_get_str_flags 1174 3_0_0 EXIST::FUNCTION:
SHA256 1175 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SHA256 1175 3_0_0 NOEXIST::FUNCTION:
X509_LOOKUP_hash_dir 1176 3_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_check 1177 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_RAND 1178 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@ -1375,7 +1375,7 @@ EVP_MD_meth_get_cleanup 1408 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
SRP_Calc_server_key 1409 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
BN_mod_exp_simple 1410 3_0_0 EXIST::FUNCTION:
BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION:
SHA512 1412 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SHA512 1412 3_0_0 NOEXIST::FUNCTION:
X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION:
EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION:
@ -2460,7 +2460,7 @@ BN_generate_dsa_nonce 2512 3_0_0 EXIST::FUNCTION:
X509_verify_cert 2513 3_0_0 EXIST::FUNCTION:
X509_policy_level_get0_node 2514 3_0_0 EXIST::FUNCTION:
X509_REQ_get_attr 2515 3_0_0 EXIST::FUNCTION:
SHA1 2516 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SHA1 2516 3_0_0 NOEXIST::FUNCTION:
X509_print 2517 3_0_0 EXIST::FUNCTION:
d2i_AutoPrivateKey 2518 3_0_0 EXIST::FUNCTION:
X509_REQ_new 2519 3_0_0 EXIST::FUNCTION:
@ -2927,7 +2927,7 @@ EC_GROUP_set_asn1_flag 2991 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_new 2992 3_0_0 EXIST::FUNCTION:
i2d_POLICYINFO 2993 3_0_0 EXIST::FUNCTION:
BN_get_flags 2994 3_0_0 EXIST::FUNCTION:
SHA384 2995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SHA384 2995 3_0_0 NOEXIST::FUNCTION:
NCONF_get_string 2996 3_0_0 EXIST::FUNCTION:
d2i_PROXY_CERT_INFO_EXTENSION 2997 3_0_0 EXIST::FUNCTION:
EC_POINT_point2buf 2998 3_0_0 EXIST::FUNCTION:EC
@ -3510,7 +3510,7 @@ EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION:
OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP
SHA224 3592 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SHA224 3592 3_0_0 NOEXIST::FUNCTION:
MD2_options 3593 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2
X509_REQ_it 3595 3_0_0 EXIST::FUNCTION:
RAND_bytes 3596 3_0_0 EXIST::FUNCTION:
@ -5320,6 +5320,7 @@ OSSL_ESS_signing_cert_new_init ? 3_0_0 EXIST::FUNCTION:
OSSL_ESS_signing_cert_v2_new_init ? 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_it ? 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_V2_it ? 3_0_0 EXIST::FUNCTION:
EVP_Q_digest ? 3_0_0 EXIST::FUNCTION:
EVP_DigestInit_ex2 ? 3_0_0 EXIST::FUNCTION:
EVP_EncryptInit_ex2 ? 3_0_0 EXIST::FUNCTION:
EVP_DecryptInit_ex2 ? 3_0_0 EXIST::FUNCTION:

5
util/other.syms
View File

@ -431,6 +431,11 @@ PEM_FLAG_EAY_COMPATIBLE define
PEM_FLAG_ONLY_B64 define
PEM_FLAG_SECURE define
RAND_cleanup define deprecated 1.1.0
SHA1 define
SHA224 define
SHA256 define
SHA384 define
SHA512 define
SSL_COMP_free_compression_methods define deprecated 1.1.0
SSL_CTX_add0_chain_cert define
SSL_CTX_add1_chain_cert define