From 4d49b68504cc494e552bce8e0b82ec8b501d5abe Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 29 Mar 2021 19:32:48 +0200 Subject: Crypto: Add deprecation compatibility declarations for SHA* message digest functions Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14741) --- providers/implementations/ciphers/cipher_tdes_wrap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'providers/implementations/ciphers') diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index be109129bd..4bfd17f515 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -18,6 +18,7 @@ #include #include "cipher_tdes_default.h" #include "crypto/evp.h" +#include "crypto/sha.h" #include "prov/implementations.h" #include "prov/providercommon.h" @@ -64,10 +65,8 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out, /* Decrypt again using new IV */ ctx->hw->cipher(ctx, out, out, inl - 16); ctx->hw->cipher(ctx, icv, icv, 8); - /* Work out SHA1 hash of first portion */ - SHA1(out, inl - 16, sha1tmp); - - if (!CRYPTO_memcmp(sha1tmp, icv, 8)) + if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ + && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) rv = inl - 16; OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); @@ -93,7 +92,8 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out, /* Copy input to output buffer + 8 so we have space for IV */ memmove(out + ivlen, in, inl); /* Work out ICV */ - SHA1(in, inl, sha1tmp); + if (!ossl_sha1(in, inl, sha1tmp)) + return 0; memcpy(out + inl + ivlen, sha1tmp, icvlen); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); /* Generate random IV */ -- cgit v1.2.3