diff options
| author | Pauli <paul.dale@oracle.com> | 2020-01-09 13:14:13 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-01-19 10:14:39 +1000 |
| commit | 85d843c8eccce937d073a9df7a193032478e21dd (patch) | |
| tree | 747b066f6bae0f7440ccb9e7398f632783012440 | |
| parent | 8720b1779442bc0259d89f4fe7f8d46ad4d0b0c0 (diff) | |
Deprecate the low level SHA functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)
26 files changed, 292 insertions, 141 deletions
diff --git a/apps/speed.c b/apps/speed.c index d741f315e2..773bd222f2 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -342,9 +342,11 @@ static const OPT_PAIR doit_choices[] = { {"md5", D_MD5}, {"hmac", D_HMAC}, #endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 {"sha1", D_SHA1}, {"sha256", D_SHA256}, {"sha512", D_SHA512}, +#endif #if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"whirlpool", D_WHIRLPOOL}, #endif @@ -650,6 +652,7 @@ static int HMAC_loop(void *args) } #endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 static int SHA1_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -682,6 +685,7 @@ static int SHA512_loop(void *args) SHA512(buf, lengths[testnum], sha512); return count; } +#endif #if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0) static int WHIRLPOOL_loop(void *args) @@ -2322,6 +2326,7 @@ int speed_main(int argc, char **argv) HMAC_CTX_free(loopargs[i].hctx); } #endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (doit[D_SHA1]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum], @@ -2352,6 +2357,7 @@ int speed_main(int argc, char **argv) print_result(D_SHA512, testnum, count, d); } } +#endif #if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_WHIRLPOOL]) { for (testnum = 0; testnum < size_num; testnum++) { diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c index 164ff72ac0..695221cba0 100644 --- a/crypto/ct/ct_log.c +++ b/crypto/ct/ct_log.c @@ -76,14 +76,14 @@ static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey, int ret = 0; unsigned char *pkey_der = NULL; int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der); + unsigned int len; if (pkey_der_len <= 0) { CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID); goto err; } - SHA256(pkey_der, pkey_der_len, log_id); - ret = 1; + ret = EVP_Digest(pkey_der, pkey_der_len, log_id, &len, EVP_sha256(), NULL); err: OPENSSL_free(pkey_der); return ret; diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index 89b1e3c2c1..a512aeb237 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -9,6 +9,7 @@ #include <string.h> #include "ec_local.h" +#include <openssl/evp.h> #include <openssl/sha.h> #if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ @@ -5436,39 +5437,50 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, uint8_t nonce[SHA512_DIGEST_LENGTH]; ge_p3 R; uint8_t hram[SHA512_DIGEST_LENGTH]; - SHA512_CTX hash_ctx; + EVP_MD *sha512 = EVP_MD_fetch(NULL, SN_sha512, NULL); + EVP_MD_CTX *hash_ctx = EVP_MD_CTX_new(); + unsigned int sz; + int res = 0; - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, private_key, 32); - SHA512_Final(az, &hash_ctx); + if (sha512 == NULL || hash_ctx == NULL) + goto err; + + if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) + || !EVP_DigestUpdate(hash_ctx, private_key, 32) + || !EVP_DigestFinal_ex(hash_ctx, az, &sz)) + goto err; az[0] &= 248; az[31] &= 63; az[31] |= 64; - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, az + 32, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(nonce, &hash_ctx); + if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) + || !EVP_DigestUpdate(hash_ctx, az + 32, 32) + || !EVP_DigestUpdate(hash_ctx, message, message_len) + || !EVP_DigestFinal_ex(hash_ctx, nonce, &sz)) + goto err; x25519_sc_reduce(nonce); ge_scalarmult_base(&R, nonce); ge_p3_tobytes(out_sig, &R); - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, out_sig, 32); - SHA512_Update(&hash_ctx, public_key, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(hram, &hash_ctx); + if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) + || !EVP_DigestUpdate(hash_ctx, out_sig, 32) + || !EVP_DigestUpdate(hash_ctx, public_key, 32) + || !EVP_DigestUpdate(hash_ctx, message, message_len) + || !EVP_DigestFinal_ex(hash_ctx, hram, &sz)) + goto err; x25519_sc_reduce(hram); sc_muladd(out_sig + 32, hram, az, nonce); - OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx)); + res = 1; +err: OPENSSL_cleanse(nonce, sizeof(nonce)); OPENSSL_cleanse(az, sizeof(az)); - - return 1; + EVP_MD_free(sha512); + EVP_MD_CTX_free(hash_ctx); + return res; } static const char allzeroes[15]; @@ -5479,7 +5491,10 @@ int ED25519_verify(const uint8_t *message, size_t message_len, int i; ge_p3 A; const uint8_t *r, *s; - SHA512_CTX hash_ctx; + EVP_MD *sha512; + EVP_MD_CTX *hash_ctx = NULL; + unsigned int sz; + int res = 0; ge_p2 R; uint8_t rcheck[32]; uint8_t h[SHA512_DIGEST_LENGTH]; @@ -5526,11 +5541,19 @@ int ED25519_verify(const uint8_t *message, size_t message_len, fe_neg(A.X, A.X); fe_neg(A.T, A.T); - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, r, 32); - SHA512_Update(&hash_ctx, public_key, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(h, &hash_ctx); + sha512 = EVP_MD_fetch(NULL, SN_sha512, NULL); + if (sha512 == NULL) + return 0; + hash_ctx = EVP_MD_CTX_new(); + if (hash_ctx == NULL) + goto err; + + if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) + || !EVP_DigestUpdate(hash_ctx, r, 32) + || !EVP_DigestUpdate(hash_ctx, public_key, 32) + || !EVP_DigestUpdate(hash_ctx, message, message_len) + || !EVP_DigestFinal_ex(hash_ctx, h, &sz)) + goto err; x25519_sc_reduce(h); @@ -5538,7 +5561,11 @@ int ED25519_verify(const uint8_t *message, size_t message_len, ge_tobytes(rcheck, &R); - return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; + res = CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; +err: + EVP_MD_free(sha512); + EVP_MD_CTX_free(hash_ctx); + return res; } void ED25519_public_from_private(uint8_t out_public_key[32], diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index d141fe7b81..4e3c630bd2 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -1156,6 +1156,7 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; ECX_KEY *key; unsigned char *privkey = NULL, *pubkey; + unsigned int sz; key = OPENSSL_zalloc(sizeof(*key)); if (key == NULL) { @@ -1174,7 +1175,9 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0) goto err; - SHA512(privkey, 32, buff); + if (!EVP_Digest(privkey, 32, buff, &sz, EVP_sha512(), NULL)) + goto err; + buff[0] &= 248; buff[31] &= 63; buff[31] |= 64; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 704268ad97..42c7127187 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -9,8 +9,8 @@ */ /* - * RC4 low level APIs are deprecated for public use, but still ok for internal - * use. + * RC4 and SHA-1 low level APIs are deprecated for public use, but still ok + * for internal use. */ #include "internal/deprecated.h" diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c index 6da6b4fd95..380cdf4a79 100644 --- a/crypto/evp/legacy_md5_sha1.c +++ b/crypto/evp/legacy_md5_sha1.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. The prov/md5_sha1.h include requires this, but this must + * be the first include loaded. + */ +#include "internal/deprecated.h" + #include "crypto/evp.h" #include "prov/md5_sha1.h" /* diverse MD5_SHA1 macros */ #include "legacy_meth.h" diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c index db289bf2b9..6d3bc0fbc3 100644 --- a/crypto/evp/legacy_sha.c +++ b/crypto/evp/legacy_sha.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * All SHA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <openssl/sha.h> /* diverse SHA macros */ #include "internal/sha3.h" /* KECCAK1600_WIDTH */ #include "crypto/evp.h" diff --git a/crypto/md5/md5_sha1.c b/crypto/md5/md5_sha1.c index 32bf9a13fc..fa2ccde30f 100644 --- a/crypto/md5/md5_sha1.c +++ b/crypto/md5/md5_sha1.c @@ -6,6 +6,13 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ + +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <string.h> #include "prov/md5_sha1.h" #include <openssl/evp.h> diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index 57bef8927f..c01baf7a6f 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include <string.h> #include <openssl/crypto.h> diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 68c0a96718..0e4a4e536c 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <openssl/crypto.h> #include <openssl/opensslconf.h> diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 99833924b0..9006eced75 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA256 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <openssl/opensslconf.h> #include <stdlib.h> diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index c70edf572a..39ebe68558 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA512 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include <stdio.h> #include <openssl/opensslconf.h> /*- * IMPLEMENTATION NOTES. diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod index 2135e1a093..074f4bf16f 100644 --- a/doc/man3/SHA256_Init.pod +++ b/doc/man3/SHA256_Init.pod @@ -11,6 +11,10 @@ SHA512_Final - Secure Hash Algorithm #include <openssl/sha.h> +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); @@ -43,9 +47,9 @@ SHA512_Final - Secure Hash Algorithm =head1 DESCRIPTION -Applications should use the higher level functions -L<EVP_DigestInit(3)> etc. instead of calling the hash -functions directly. +All of the functions described on this page are deprecated. +Applications should instead use L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)> +and L<EVP_DigestFinal_ex(3)>. SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. @@ -96,6 +100,10 @@ ANSI X9.30 L<EVP_DigestInit(3)> +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 74a62b86e0..c5d58ded09 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -7,6 +7,14 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. Note, that due to symbols not being exported, only the + * #defines and strucures can be accessed, in this case SHA_CBLOCK and + * sizeof(SHA_CTX). + */ +#include "internal/deprecated.h" + #if defined(_WIN32) # include <windows.h> #endif @@ -492,13 +500,11 @@ static void dummy_pause_job(void) { * SHA1 implementation. At the moment we just defer to the standard * implementation */ -#undef data -#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) static int dasync_sha1_init(EVP_MD_CTX *ctx) { dummy_pause_job(); - return SHA1_Init(data(ctx)); + return EVP_MD_meth_get_init(EVP_sha1())(ctx); } static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, @@ -506,14 +512,14 @@ static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, { dummy_pause_job(); - return SHA1_Update(data(ctx), data, (size_t)count); + return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count); } static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) { dummy_pause_job(); - return SHA1_Final(md, data(ctx)); + return EVP_MD_meth_get_final(EVP_sha1())(ctx, md); } /* diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index 1284742ec3..55ecc1f89c 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -13,6 +13,15 @@ * used for any purpose except testing */ +/* + * SHA low level APIs are deprecated for public use, but still ok for + * internal use. Note, that due to symbols not being exported, only the + * #defines and type definitions can be accessed, function calls are not + * available. The digest lengths, block sizes and sizeof(CTX) are used herein + * for several different digests. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include <string.h> @@ -134,10 +143,13 @@ static const EVP_MD *digest_sha256(void) /* SHA384/SHA512 */ static int digest_sha384_init(EVP_MD_CTX *ctx); +static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data, + size_t count); +static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md); + static int digest_sha512_init(EVP_MD_CTX *ctx); static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, size_t count); -static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md); static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md); static EVP_MD *_hidden_sha384_md = NULL; @@ -153,7 +165,7 @@ static const EVP_MD *digest_sha384(void) sizeof(EVP_MD *) + sizeof(SHA512_CTX)) || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) || !EVP_MD_meth_set_init(md, digest_sha384_init) - || !EVP_MD_meth_set_update(md, digest_sha512_update) + || !EVP_MD_meth_set_update(md, digest_sha384_update) || !EVP_MD_meth_set_final(md, digest_sha384_final)) { EVP_MD_meth_free(md); md = NULL; @@ -454,23 +466,20 @@ static void fill_known_data(unsigned char *md, unsigned int len) * value, so that all "MD5" digests using the test engine always end up with * the same value. */ -#undef data -#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_md5_init(EVP_MD_CTX *ctx) { - return MD5_Init(data(ctx)); + return EVP_MD_meth_get_init(EVP_md5())(ctx); } static int digest_md5_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD5_Update(data(ctx), data, (size_t)count); + return EVP_MD_meth_get_update(EVP_md5())(ctx, data, count); } static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md) { - int ret; - ret = MD5_Final(md, data(ctx)); + int ret = EVP_MD_meth_get_final(EVP_md5())(ctx, md); if (ret > 0) { fill_known_data(md, MD5_DIGEST_LENGTH); @@ -481,23 +490,20 @@ static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md) /* * SHA1 implementation. */ -#undef data -#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha1_init(EVP_MD_CTX *ctx) { - return SHA1_Init(data(ctx)); + return EVP_MD_meth_get_init(EVP_sha1())(ctx); } static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA1_Update(data(ctx), data, (size_t)count); + return EVP_MD_meth_get_update(EVP_sha1())(ctx, data, count); } static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) { - int ret; - ret = SHA1_Final(md, data(ctx)); + int ret = EVP_MD_meth_get_final(EVP_sha1())(ctx, md); if (ret > 0) { fill_known_data(md, SHA_DIGEST_LENGTH); @@ -508,23 +514,20 @@ static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) /* * SHA256 implementation. */ -#undef data -#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha256_init(EVP_MD_CTX *ctx) { - return SHA256_Init(data(ctx)); + return EVP_MD_meth_get_init(EVP_sha256())(ctx); } static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA256_Update(data(ctx), data, (size_t)count); + return EVP_MD_meth_get_update(EVP_sha256())(ctx, data, count); } static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) { - int ret; - ret = SHA256_Final(md, data(ctx)); + int ret = EVP_MD_meth_get_final(EVP_sha256())(ctx, md); if (ret > 0) { fill_known_data(md, SHA256_DIGEST_LENGTH); @@ -533,31 +536,22 @@ static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) } /* - * SHA384/512 implementation. + * SHA384 implementation. */ -#undef data -#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha384_init(EVP_MD_CTX *ctx) { - return SHA384_Init(data(ctx)); -} - -static int digest_sha512_init(EVP_MD_CTX *ctx) -{ - return SHA512_Init(data(ctx)); + return EVP_MD_meth_get_init(EVP_sha384())(ctx); } -static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, +static int digest_sha384_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA512_Update(data(ctx), data, (size_t)count); + return EVP_MD_meth_get_update(EVP_sha384())(ctx, data, count); } static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md) { - int ret; - /* Actually uses SHA512_Final! */ - ret = SHA512_Final(md, data(ctx)); + int ret = EVP_MD_meth_get_final(EVP_sha384())(ctx, md); if (ret > 0) { fill_known_data(md, SHA384_DIGEST_LENGTH); @@ -565,10 +559,23 @@ static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md) return ret; } +/* + * SHA512 implementation. + */ +static int digest_sha512_init(EVP_MD_CTX *ctx) +{ + return EVP_MD_meth_get_init(EVP_sha512())(ctx); +} + +static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, + size_t count) +{ + return EVP_MD_meth_get_update(EVP_sha512())(ctx, data, count); +} + static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md) { - int ret; - ret = SHA512_Final(md, data(ctx)); + int ret = EVP_MD_meth_get_final(EVP_sha512())(ctx, md); if (ret > 0) { fill_known_data(md, SHA512_DIGEST_LENGTH); diff --git a/include/openssl/sha.h b/include/openssl/sha.h index 3a31bb606b..860b2edb97 100644 --- a/include/openssl/sha.h +++ b/include/openssl/sha.h @@ -23,19 +23,21 @@ extern "C" { # endif +# define SHA_DIGEST_LENGTH 20 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! SHA_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define SHA_LONG unsigned int +# define SHA_LONG unsigned int -# define SHA_LBLOCK 16 -# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a - * contiguous array of 32 bit wide - * big-endian values. */ -# define SHA_LAST_BLOCK (SHA_CBLOCK-8) -# define SHA_DIGEST_LENGTH 20 +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) typedef struct SHAstate_st { SHA_LONG h0, h1, h2, h3, h4; @@ -43,14 +45,17 @@ typedef struct SHAstate_st { SHA_LONG data[SHA_LBLOCK]; unsigned int num; } SHA_CTX; +# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ -int SHA1_Init(SHA_CTX *c); -int SHA1_Update(SHA_CTX *c, const void *data, size_t len); -int SHA1_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); -void SHA1_Transform(SHA_CTX *c, const unsigned char *data); +DEPRECATEDIN_3_0(int SHA1_Init(SHA_CTX *c)) +DEPRECATEDIN_3_0(int SHA1_Update(SHA_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA1_Final(unsigned char *md, SHA_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA1(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void SHA1_Transform(SHA_CTX *c, const unsigned char *data)) -# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a * contiguous array of 32 bit wide * big-endian values. */ @@ -60,22 +65,27 @@ typedef struct SHA256state_st { SHA_LONG data[SHA_LBLOCK]; unsigned int num, md_len; } SHA256_CTX; - -int SHA224_Init(SHA256_CTX *c); -int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); -int SHA224_Final(unsigned char *md, SHA256_CTX *c); -unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); -int SHA256_Init(SHA256_CTX *c); -int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); -int SHA256_Final(unsigned char *md, SHA256_CTX *c); -unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); -void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ + +DEPRECATEDIN_3_0(int SHA224_Init(SHA256_CTX *c)) +DEPRECATEDIN_3_0(int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA224_Final(unsigned char *md, SHA256_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA224(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(int SHA256_Init(SHA256_CTX *c)) +DEPRECATEDIN_3_0(int SHA256_Update(SHA256_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA256_Final(unsigned char *md, SHA256_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA256(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void SHA256_Transform(SHA256_CTX *c, + const unsigned char *data)) # define SHA224_DIGEST_LENGTH 28 # define SHA256_DIGEST_LENGTH 32 # define SHA384_DIGEST_LENGTH 48 # define SHA512_DIGEST_LENGTH 64 +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 * being exactly 64-bit wide. See Implementation Notes in sha512.c @@ -86,14 +96,14 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); * contiguous array of 64 bit * wide big-endian values. */ -# define SHA512_CBLOCK (SHA_LBLOCK*8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define SHA_LONG64 unsigned __int64 -# elif defined(__arch64__) -# define SHA_LONG64 unsigned long -# else -# define SHA_LONG64 unsigned long long -# endif +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# else +# define SHA_LONG64 unsigned long long +# endif typedef struct SHA512state_st { SHA_LONG64 h[8]; @@ -104,16 +114,20 @@ typedef struct SHA512state_st { } u; unsigned int num, md_len; } SHA512_CTX; - -int SHA384_Init(SHA512_CTX *c); -int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); -int SHA384_Final(unsigned char *md, SHA512_CTX *c); -unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); -int SHA512_Init(SHA512_CTX *c); -int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); -int SHA512_Final(unsigned char *md, SHA512_CTX *c); -unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); -void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ + +DEPRECATEDIN_3_0(int SHA384_Init(SHA512_CTX *c)) +DEPRECATEDIN_3_0(int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA384_Final(unsigned char *md, SHA512_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA384(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(int SHA512_Init(SHA512_CTX *c)) +DEPRECATEDIN_3_0(int SHA512_Update(SHA512_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int SHA512_Final(unsigned char *md, SHA512_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *SHA512(const unsigned char *d, size_t n, + unsigned char *md)) |