Crypto: Add deprecation compatibility declarations for SHA* message digest functions

Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14741)

3 files changed, 22 insertions, 17 deletions

diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index 20823b8bca..64305d1790 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -12,10 +12,11 @@
 # define OSSL_CRYPTO_SHA_H
 # pragma once
 
-# include <openssl/opensslconf.h>
+# include <openssl/sha.h>
 
 int sha512_224_init(SHA512_CTX *);
 int sha512_256_init(SHA512_CTX *);
 int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
+unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md);
 
 #endif
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9374e86e66..c380f2e539 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -681,6 +681,9 @@ __owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
 __owur int EVP_Digest(const void *data, size_t count,
                           unsigned char *md, unsigned int *size,
                           const EVP_MD *type, ENGINE *impl);
+__owur int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name,
+                        const char *propq, const void *data, size_t count,
+                        unsigned char *md, unsigned int *size);
 
 __owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 __owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index 36339373b7..0dca61c71d 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -17,6 +17,7 @@
 # endif
 
 # include <openssl/e_os2.h>
+# include <openssl/evp.h>
 # include <stddef.h>
 
 # ifdef  __cplusplus
@@ -45,16 +46,16 @@ typedef struct SHAstate_st {
     SHA_LONG data[SHA_LBLOCK];
     unsigned int num;
 } SHA_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
 OSSL_DEPRECATEDIN_3_0 int SHA1_Init(SHA_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA1(const unsigned char *d, size_t n,
-                                          unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 # endif
 
+# define SHA1(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL)
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
                                         * contiguous array of 32 bit wide
@@ -66,24 +67,24 @@ typedef struct SHA256state_st {
     SHA_LONG data[SHA_LBLOCK];
     unsigned int num, md_len;
 } SHA256_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
 OSSL_DEPRECATEDIN_3_0 int SHA224_Init(SHA256_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA224_Update(SHA256_CTX *c,
                                         const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA224(const unsigned char *d, size_t n,
-                                            unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c,
                                         const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA256(const unsigned char *d, size_t n,
-                                            unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
                                             const unsigned char *data);
 # endif
 
+# define SHA224(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA224", NULL, d, n, md, NULL) ? md : NULL)
+# define SHA256(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL)
+
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
@@ -118,24 +119,24 @@ typedef struct SHA512state_st {
     } u;
     unsigned int num, md_len;
 } SHA512_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
 OSSL_DEPRECATEDIN_3_0 int SHA384_Init(SHA512_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA384_Update(SHA512_CTX *c,
                                         const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA384(const unsigned char *d, size_t n,
-                                            unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 int SHA512_Init(SHA512_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA512_Update(SHA512_CTX *c,
                                         const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA512(const unsigned char *d, size_t n,
-                                            unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 void SHA512_Transform(SHA512_CTX *c,
                                             const unsigned char *data);
 # endif
 
+# define SHA384(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA384", NULL, d, n, md, NULL) ? md : NULL)
+# define SHA512(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA512", NULL, d, n, md, NULL) ? md : NULL)
+
 # ifdef  __cplusplus
 }
 # endif