From: Richard Levitte <levitte@openssl.org>
Date: Mon, 30 Sep 2019 15:04:33 +0000 (+0200)
Subject: Move all SHA digests completely to the default provider
X-Git-Tag: openssl-3.0.0-alpha1~1211
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=6d49ec1ada358508389d0d810e69ff11658ba21c

Move all SHA digests completely to the default provider

This leaves minimal implementations of EVP_sha* and EVP_shake*, which
is now only there to provide a name for implicit fetches.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10059)
---

diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index d9df71959c..365fe9c305 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -6,8 +6,8 @@ SOURCE[../../libcrypto]=$COMMON\
         e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
         e_rc4.c e_aes.c names.c e_seed.c e_aria.c e_sm4.c \
         e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
-        m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
-        m_md5_sha1.c m_mdc2.c m_ripemd.c m_sha3.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_wp.c \
+        m_md5_sha1.c m_mdc2.c m_ripemd.c \
         p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
         bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
         c_allc.c c_alld.c bio_ok.c \
@@ -16,7 +16,8 @@ SOURCE[../../libcrypto]=$COMMON\
         e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
         e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
         e_chacha20_poly1305.c \
-        pkey_mac.c exchange.c
+        pkey_mac.c exchange.c \
+        legacy_sha.c
 SOURCE[../../providers/fips]=$COMMON
 
 INCLUDE[e_aes.o]=.. ../modes
@@ -27,4 +28,3 @@ INCLUDE[e_camellia.o]=.. ../modes
 INCLUDE[e_sm4.o]=.. ../modes
 INCLUDE[e_des.o]=..
 INCLUDE[e_des3.o]=..
-INCLUDE[m_sha3.o]=..
diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c
new file mode 100644
index 0000000000..859c129a26
--- /dev/null
+++ b/crypto/evp/legacy_sha.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <openssl/obj_mac.h>
+#include <openssl/sha.h>         /* diverse SHA macros */
+#include "internal/sha3.h"       /* KECCAK1600_WIDTH */
+#include "crypto/evp.h"
+
+static const EVP_MD sha1_md = {
+    NID_sha1,
+    NID_sha1WithRSAEncryption,
+    SHA_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    SHA_CBLOCK,
+};
+
+const EVP_MD *EVP_sha1(void)
+{
+    return &sha1_md;
+}
+
+static const EVP_MD sha224_md = {
+    NID_sha224,
+    NID_sha224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    SHA256_CBLOCK,
+};
+
+const EVP_MD *EVP_sha224(void)
+{
+    return &sha224_md;
+}
+
+static const EVP_MD sha256_md = {
+    NID_sha256,
+    NID_sha256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    SHA256_CBLOCK,
+};
+
+const EVP_MD *EVP_sha256(void)
+{
+    return &sha256_md;
+}
+
+static const EVP_MD sha512_224_md = {
+    NID_sha512_224,
+    NID_sha512_224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+};
+
+const EVP_MD *EVP_sha512_224(void)
+{
+    return &sha512_224_md;
+}
+
+static const EVP_MD sha512_256_md = {
+    NID_sha512_256,
+    NID_sha512_256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+};
+
+const EVP_MD *EVP_sha512_256(void)
+{
+    return &sha512_256_md;
+}
+
+static const EVP_MD sha384_md = {
+    NID_sha384,
+    NID_sha384WithRSAEncryption,
+    SHA384_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+};
+
+const EVP_MD *EVP_sha384(void)
+{
+    return &sha384_md;
+}
+
+static const EVP_MD sha512_md = {
+    NID_sha512,
+    NID_sha512WithRSAEncryption,
+    SHA512_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+};
+
+const EVP_MD *EVP_sha512(void)
+{
+    return &sha512_md;
+}
+
+# define EVP_MD_SHA3(bitlen)                            \
+    const EVP_MD *EVP_sha3_##bitlen(void)               \
+    {                                                   \
+        static const EVP_MD sha3_##bitlen##_md = {      \
+            NID_sha3_##bitlen,                          \
+            NID_RSA_SHA3_##bitlen,                      \
+            bitlen / 8,                                 \
+            EVP_MD_FLAG_DIGALGID_ABSENT,                \
+            NULL,                                       \
+            NULL,                                       \
+            NULL,                                       \
+            NULL,                                       \
+            NULL,                                       \
+            (KECCAK1600_WIDTH - bitlen * 2) / 8,        \
+        };                                              \
+        return &sha3_##bitlen##_md;                     \
+    }
+# define EVP_MD_SHAKE(bitlen)                           \
+    const EVP_MD *EVP_shake##bitlen(void)               \
+    {                                                   \
+        static const EVP_MD shake##bitlen##_md = {      \
+            NID_shake##bitlen,                          \
+            0,                                          \
+            bitlen / 8,                                 \
+            EVP_MD_FLAG_XOF,                            \
+            NULL,                                       \
+            NULL,                                       \
+            NULL,                                       \
+            NULL,                                       \
+            NULL,                                       \
+            (KECCAK1600_WIDTH - bitlen * 2) / 8,        \
+        };                                              \
+        return &shake##bitlen##_md;                     \
+    }
+
+EVP_MD_SHA3(224)
+EVP_MD_SHA3(256)
+EVP_MD_SHA3(384)
+EVP_MD_SHA3(512)
+
+EVP_MD_SHAKE(128)
+EVP_MD_SHAKE(256)
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
deleted file mode 100644
index 421d302582..0000000000
--- a/crypto/evp/m_sha1.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
-#include <openssl/rsa.h>
-#include "crypto/evp.h"
-#include "crypto/sha.h"
-
-static int init(EVP_MD_CTX *ctx)
-{
-    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
-}
-
-static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
-}
-
-static int ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
-{
-    return sha1_ctrl(ctx != NULL ? EVP_MD_CTX_md_data(ctx) : NULL, cmd, p1, p2);
-}
-
-static const EVP_MD sha1_md = {
-    NID_sha1,
-    NID_sha1WithRSAEncryption,
-    SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    init,
-    update,
-    final,
-    NULL,
-    NULL,
-    SHA_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA_CTX),
-    ctrl
-};
-
-const EVP_MD *EVP_sha1(void)
-{
-    return &sha1_md;
-}
-
-static int init224(EVP_MD_CTX *ctx)
-{
-    return SHA224_Init(EVP_MD_CTX_md_data(ctx));
-}
-
-static int update224(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count);
-}
-
-static int final224(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA224_Final(md, EVP_MD_CTX_md_data(ctx));
-}
-
-static int init256(EVP_MD_CTX *ctx)
-{
-    return SHA256_Init(EVP_MD_CTX_md_data(ctx));
-}
-
-static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
-}
-
-static int final256(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
-}
-
-static const EVP_MD sha224_md = {
-    NID_sha224,
-    NID_sha224WithRSAEncryption,
-    SHA224_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    init224,
-    update224,
-    final224,
-    NULL,
-    NULL,
-    SHA256_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
-};
-
-const EVP_MD *EVP_sha224(void)
-{
-    return &sha224_md;
-}
-
-static const EVP_MD sha256_md = {
-    NID_sha256,
-    NID_sha256WithRSAEncryption,
-    SHA256_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    init256,
-    update256,
-    final256,
-    NULL,
-    NULL,
-    SHA256_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
-};
-
-const EVP_MD *EVP_sha256(void)
-{
-    return &sha256_md;
-}
-
-static int init512_224(EVP_MD_CTX *ctx)
-{
-    return sha512_224_init(EVP_MD_CTX_md_data(ctx));
-}
-
-static int init512_256(EVP_MD_CTX *ctx)
-{
-    return sha512_256_init(EVP_MD_CTX_md_data(ctx));
-}
-
-static int init384(EVP_MD_CTX *ctx)
-{
-    return SHA384_Init(EVP_MD_CTX_md_data(ctx));
-}
-
-static int update384(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count);
-}
-
-static int final384(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA384_Final(md, EVP_MD_CTX_md_data(ctx));
-}
-
-static int init512(EVP_MD_CTX *ctx)
-{
-    return SHA512_Init(EVP_MD_CTX_md_data(ctx));
-}
-
-/* See comment in SHA224/256 section */
-static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
-}
-
-static int final512(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
-}
-
-static const EVP_MD sha512_224_md = {
-    NID_sha512_224,
-    NID_sha512_224WithRSAEncryption,
-    SHA224_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    init512_224,
-    update512,
-    final512,
-    NULL,
-    NULL,
-    SHA512_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
-};
-
-const EVP_MD *EVP_sha512_224(void)
-{
-    return &sha512_224_md;
-}
-
-static const EVP_MD sha512_256_md = {
-    NID_sha512_256,
-    NID_sha512_256WithRSAEncryption,
-    SHA256_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    init512_256,
-    update512,
-    final512,
-    NULL,
-    NULL,
-    SHA512_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
-};
-
-const EVP_MD *EVP_sha512_256(void)
-{
-    return &sha512_256_md;
-}
-
-static const EVP_MD sha384_md = {
-    NID_sha384,
-    NID_sha384WithRSAEncryption,
-    SHA384_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    init384,
-    update384,
-    final384,
-    NULL,
-    NULL,
-    SHA512_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
-};
-
-const EVP_MD *EVP_sha384(void)
-{
-    return &sha384_md;
-}
-
-static const EVP_MD sha512_md = {
-    NID_sha512,
-    NID_sha512WithRSAEncryption,
-    SHA512_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
-    init512,
-    update512,
-    final512,
-    NULL,
-    NULL,
-    SHA512_CBLOCK,
-    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
-};
-
-const EVP_MD *EVP_sha512(void)
-{
-    return &sha512_md;
-}
diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c
deleted file mode 100644
index a4a556d98d..0000000000
--- a/crypto/evp/m_sha3.c
+++ /dev/null
@@ -1,319 +0,0 @@
-/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "crypto/evp.h"
-#include "internal/sha3.h"
-#include "evp_local.h"
-
-static int init(EVP_MD_CTX *ctx)
-{
-    return sha3_init(EVP_MD_CTX_md_data(ctx), '\x06', ctx->digest->md_size * 8);
-}
-
-static int update(EVP_MD_CTX *ctx, const void *_inp, size_t len)
-{
-    return sha3_update(EVP_MD_CTX_md_data(ctx), _inp, len);
-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return sha3_final(md, EVP_MD_CTX_md_data(ctx));
-}
-
-static int shake_init(EVP_MD_CTX *ctx)
-{
-    return sha3_init(EVP_MD_CTX_md_data(ctx), '\x1f', ctx->digest->md_size * 8);
-}
-
-static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
-{
-    KECCAK1600_CTX *ctx = evp_ctx->md_data;
-
-    switch (cmd) {
-    case EVP_MD_CTRL_XOF_LEN:
-        ctx->md_size = p1;
-        return 1;
-    default:
-        return 0;
-    }
-}
-
-#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
-/*
- * IBM S390X support
- */
-# include "s390x_arch.h"
-
-# define S390X_SHA3_FC(ctx)     ((ctx)->pad)
-
-# define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
-                                  S390X_CAPBIT(S390X_SHA3_224)) &&  \
-                                 (OPENSSL_s390xcap_P.klmd[0] &      \
-                                  S390X_CAPBIT(S390X_SHA3_224)))
-# define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
-                                  S390X_CAPBIT(S390X_SHA3_256)) &&  \
-                                 (OPENSSL_s390xcap_P.klmd[0] &      \
-                                  S390X_CAPBIT(S390X_SHA3_256)))
-# define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
-                                  S390X_CAPBIT(S390X_SHA3_384)) &&  \
-                                 (OPENSSL_s390xcap_P.klmd[0] &      \
-                                  S390X_CAPBIT(S390X_SHA3_384)))
-# define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
-                                  S390X_CAPBIT(S390X_SHA3_512)) &&  \
-                                 (OPENSSL_s390xcap_P.klmd[0] &      \
-                                  S390X_CAPBIT(S390X_SHA3_512)))
-# define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
-                                  S390X_CAPBIT(S390X_SHAKE_128)) && \
-                                 (OPENSSL_s390xcap_P.klmd[0] &      \
-                                  S390X_CAPBIT(S390X_SHAKE_128)))
-# define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
-                                  S390X_CAPBIT(S390X_SHAKE_256)) && \
-                                 (OPENSSL_s390xcap_P.klmd[0] &      \
-                                  S390X_CAPBIT(S390X_SHAKE_256)))
-
-/* Convert md-size to block-size. */
-# define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3)
-
-static int s390x_sha3_init(EVP_MD_CTX *evp_ctx)
-{
-    KECCAK1600_CTX *ctx = evp_ctx->md_data;
-    const size_t bsz = evp_ctx->digest->block_size;
-
-    /*-
-     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
-     * function code.
-     */
-    switch (bsz) {
-    case S390X_KECCAK1600_BSZ(224):
-        ctx->pad = S390X_SHA3_224;
-        break;
-    case S390X_KECCAK1600_BSZ(256):
-        ctx->pad = S390X_SHA3_256;
-        break;
-    case S390X_KECCAK1600_BSZ(384):
-        ctx->pad = S390X_SHA3_384;
-        break;
-    case S390X_KECCAK1600_BSZ(512):
-        ctx->pad = S390X_SHA3_512;
-        break;
-    default:
-        return 0;
-    }
-
-    memset(ctx->A, 0, sizeof(ctx->A));
-    ctx->bufsz = 0;
-    ctx->block_size = bsz;
-    ctx->md_size = evp_ctx->digest->md_size;
-    return 1;
-}
-
-static int s390x_shake_init(EVP_MD_CTX *evp_ctx)
-{
-    KECCAK1600_CTX *ctx = evp_ctx->md_data;
-    const size_t bsz = evp_ctx->digest->block_size;
-
-    /*-
-     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
-     * function code.
-     */
-    switch (bsz) {
-    case S390X_KECCAK1600_BSZ(128):
-        ctx->pad = S390X_SHAKE_128;
-        break;
-    case S390X_KECCAK1600_BSZ(256):
-        ctx->pad = S390X_SHAKE_256;
-        break;
-    default:
-        return 0;
-    }
-
-    memset(ctx->A, 0, sizeof(ctx->A));
-    ctx->bufsz = 0;
-    ctx->block_size = bsz;
-    ctx->md_size = evp_ctx->digest->md_size;
-    return 1;
-}
-
-static int s390x_sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
-{
-    KECCAK1600_CTX *ctx = evp_ctx->md_data;
-    const unsigned char *inp = _inp;
-    const size_t bsz = ctx->block_size;
-    size_t num, rem;
-
-    if (len == 0)
-        return 1;
-
-    if ((num = ctx->bufsz) != 0) {
-        rem = bsz - num;
-
-        if (len < rem) {
-            memcpy(ctx->buf + num, inp, len);
-            ctx->bufsz += len;
-            return 1;
-        }
-        memcpy(ctx->buf + num, inp, rem);
-        inp += rem;
-        len -= rem;
-        s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A);
-        ctx->bufsz = 0;
-    }
-    rem = len % bsz;
-
-    s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
-
-    if (rem) {
-        memcpy(ctx->buf, inp + len - rem, rem);
-        ctx->bufsz = rem;
-    }
-    return 1;
-}
-
-static int s390x_sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
-{
-    KECCAK1600_CTX *ctx = evp_ctx->md_data;
-
-    s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
-    memcpy(md, ctx->A, ctx->md_size);
-    return 1;
-}
-
-static int s390x_shake_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
-{
-    KECCAK1600_CTX *ctx = evp_ctx->md_data;
-
-    s390x_klmd(ctx->buf, ctx->bufsz, md, ctx->md_size, ctx->pad, ctx->A);
-    return 1;
-}
-
-# define EVP_MD_SHA3(bitlen)                         \
-const EVP_MD *EVP_sha3_##bitlen(void)                \
-{                                                    \
-    static const EVP_MD s390x_sha3_##bitlen##_md = { \
-        NID_sha3_##bitlen,                           \
-        NID_RSA_SHA3_##bitlen,                       \
-        bitlen / 8,                                  \
-        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
-        s390x_sha3_init,                             \
-        s390x_sha3_update,                           \
-        s390x_sha3_final,                            \
-        NULL,                                        \
-        NULL,                                        \
-        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
-        sizeof(KECCAK1600_CTX),                      \
-    };                                               \
-    static const EVP_MD sha3_##bitlen##_md = {       \
-        NID_sha3_##bitlen,                           \
-        NID_RSA_SHA3_##bitlen,                       \
-        bitlen / 8,                                  \
-        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
-        init,                                        \
-        update,                                      \
-        final,                                       \
-        NULL,                                        \
-        NULL,                                        \
-        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
-        sizeof(KECCAK1600_CTX),                      \
-    };                                               \
-    return S390X_sha3_##bitlen##_CAPABLE ?           \
-           &s390x_sha3_##bitlen##_md :               \
-           &sha3_##bitlen##_md;                      \
-}
-
-# define EVP_MD_SHAKE(bitlen)                        \
-const EVP_MD *EVP_shake##bitlen(void)                \
-{                                                    \
-    static const EVP_MD s390x_shake##bitlen##_md = { \
-        NID_shake##bitlen,                           \
-        0,                                           \
-        bitlen / 8,                                  \
-        EVP_MD_FLAG_XOF,                             \
-        s390x_shake_init,                            \
-        s390x_sha3_update,                           \
-        s390x_shake_final,                           \
-        NULL,                                        \
-        NULL,                                        \
-        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
-        sizeof(KECCAK1600_CTX),                      \
-        shake_ctrl                                   \
-    };                                               \
-    static const EVP_MD shake##bitlen##_md = {       \
-        NID_shake##bitlen,                           \
-        0,                                           \
-        bitlen / 8,                                  \
-        EVP_MD_FLAG_XOF,                             \
-        shake_init,                                  \
-        update,                                      \
-        final,                                       \
-        NULL,                                        \
-        NULL,                                        \
-        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
-        sizeof(KECCAK1600_CTX),                      \
-        shake_ctrl                                   \
-    };                                               \
-    return S390X_shake##bitlen##_CAPABLE ?           \
-           &s390x_shake##bitlen##_md :               \
-           &shake##bitlen##_md;                      \
-}
-
-#else
-
-# define EVP_MD_SHA3(bitlen)                    \
-const EVP_MD *EVP_sha3_##bitlen(void)           \
-{                                               \
-    static const EVP_MD sha3_##bitlen##_md = {  \
-        NID_sha3_##bitlen,                      \
-        NID_RSA_SHA3_##bitlen,                  \
-        bitlen / 8,                             \
-        EVP_MD_FLAG_DIGALGID_ABSENT,            \
-        init,                                   \
-        update,                                 \
-        final,                                  \
-        NULL,                                   \
-        NULL,                                   \
-        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
-        sizeof(KECCAK1600_CTX),                 \
-    };                                          \
-    return &sha3_##bitlen##_md;                 \
-}
-
-# define EVP_MD_SHAKE(bitlen)                   \
-const EVP_MD *EVP_shake##bitlen(void)           \
-{                                               \
-    static const EVP_MD shake##bitlen##_md = {  \
-        NID_shake##bitlen,                      \
-        0,                                      \
-        bitlen / 8,                             \
-        EVP_MD_FLAG_XOF,                        \
-        shake_init,                             \
-        update,                                 \
-        final,                                  \
-        NULL,                                   \
-        NULL,                                   \
-        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
-        sizeof(KECCAK1600_CTX),                 \
-        shake_ctrl                              \
-    };                                          \
-    return &shake##bitlen##_md;                 \
-}
-
-#endif
-
-EVP_MD_SHA3(224)
-EVP_MD_SHA3(256)
-EVP_MD_SHA3(384)
-EVP_MD_SHA3(512)
-
-EVP_MD_SHAKE(128)
-EVP_MD_SHAKE(256)