From 4d49b68504cc494e552bce8e0b82ec8b501d5abe Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 29 Mar 2021 19:32:48 +0200 Subject: [PATCH] Crypto: Add deprecation compatibility declarations for SHA* message digest functions Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14741) --- CHANGES.md | 76 ++++++++++--------- crypto/evp/digest.c | 14 ++++ crypto/evp/e_des3.c | 11 ++- crypto/sha/sha1_one.c | 3 +- crypto/sha/sha256.c | 28 ------- crypto/sha/sha512.c | 28 ------- doc/man3/EVP_DigestInit.pod | 24 ++++-- doc/man3/SHA256_Init.pod | 28 +++---- doc/man7/provider-digest.pod | 2 +- include/crypto/sha.h | 3 +- include/openssl/evp.h | 3 + include/openssl/sha.h | 33 ++++---- providers/fips-sources.checksums | 6 +- providers/fips.checksum | 2 +- .../ciphers/cipher_tdes_wrap.c | 10 +-- util/libcrypto.num | 11 +-- util/other.syms | 5 ++ 17 files changed, 138 insertions(+), 149 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index a2ef2f6b3f..69863b27da 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -240,11 +240,11 @@ OpenSSL 3.0 *Matt Caswell* - * A number of functions handling low level keys or engines were deprecated + * A number of functions handling low-level keys or engines were deprecated including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(), EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and EVP_PKEY_get0_siphash(). Applications using engines should instead use - providers. Applications getting or setting low level keys in an EVP_PKEY + providers. Applications getting or setting low-level keys in an EVP_PKEY should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively use EVP_PKEY_fromdata() or EVP_PKEY_get_params(). @@ -405,7 +405,7 @@ OpenSSL 3.0 *Dmitry Belyavskiy* - * All of the low level EC_KEY functions have been deprecated including: + * All of the low-level EC_KEY functions have been deprecated including: EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method, EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method @@ -823,7 +823,7 @@ OpenSSL 3.0 *David von Oheimb* - * All of the low level RSA functions have been deprecated including: + * All of the low-level RSA functions have been deprecated including: RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params, RSA_get_version, RSA_get0_engine, RSA_generate_key_ex, @@ -854,12 +854,12 @@ OpenSSL 3.0 RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen. - Use of these low level functions has been informally discouraged for a long + Use of these low-level functions has been informally discouraged for a long time. Instead applications should use L, L, L and L. - All of these low level RSA functions have been deprecated without + All of these low-level RSA functions have been deprecated without replacement: RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version, @@ -904,7 +904,7 @@ OpenSSL 3.0 *Paul Dale* - * All of the low level DH functions have been deprecated including: + * All of the low-level DH functions have been deprecated including: DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_new, DH_free, DH_up_ref, DH_bits, DH_set0_pqg, DH_size, @@ -920,11 +920,11 @@ OpenSSL 3.0 DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params and DH_meth_set_generate_params. - Use of these low level functions has been informally discouraged for a long + Use of these low-level functions has been informally discouraged for a long time. Instead applications should use L and L. - These low level DH functions have been deprecated without replacement: + These low-level DH functions have been deprecated without replacement: DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, DH_set_flags and DH_test_flags. @@ -948,7 +948,7 @@ OpenSSL 3.0 *Paul Dale and Matt Caswell* - * All of the low level DSA functions have been deprecated including: + * All of the low-level DSA functions have been deprecated including: DSA_new, DSA_free, DSA_up_ref, DSA_bits, DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, @@ -968,11 +968,11 @@ OpenSSL 3.0 DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen. - Use of these low level functions has been informally discouraged for a long + Use of these low-level functions has been informally discouraged for a long time. Instead applications should use L, L and L. - These low level DSA functions have been deprecated without replacement: + These low-level DSA functions have been deprecated without replacement: DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and DSA_test_flags. @@ -1002,13 +1002,13 @@ OpenSSL 3.0 *Richard Levitte* - * Deprecated low level ECDH and ECDSA functions. These include: + * Deprecated low-level ECDH and ECDSA functions. These include: ECDH_compute_key, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify and ECDSA_size. - Use of these low level functions has been informally discouraged for a long + Use of these low-level functions has been informally discouraged for a long time. Instead applications should use the EVP_PKEY_derive(3), EVP_DigestSign(3) and EVP_DigestVerify(3) functions. @@ -1039,7 +1039,7 @@ OpenSSL 3.0 HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags and HMAC_CTX_get_md. - Use of these low level functions has been informally discouraged for a long + Use of these low-level functions has been informally discouraged for a long time. Instead applications should use L, L, L, L and L or the single-shot MAC function L. @@ -1058,19 +1058,19 @@ OpenSSL 3.0 *Rich Salz* - * All of the low level CMAC functions have been deprecated including: + * All of the low-level CMAC functions have been deprecated including: CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_free, CMAC_CTX_get0_cipher_ctx, CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume. - Use of these low level functions has been informally discouraged for a long + Use of these low-level functions has been informally discouraged for a long time. Instead applications should use L, L, L, L and L. *Paul Dale* - * All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, + * The low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and Whirlpool digest functions have been deprecated. These include: @@ -1079,17 +1079,21 @@ OpenSSL 3.0 MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final, RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final, RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform, - SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform, SHA256_Init, - SHA256_Update, SHA256_Final, SHA256_Transform, SHA384, SHA384_Init, - SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, - SHA512_Final, SHA512_Transform, WHIRLPOOL, WHIRLPOOL_Init, + SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform, + SHA256_Init, SHA256_Update, SHA256_Final, SHA256_Transform, + SHA384_Init, SHA384_Update, SHA384_Final, + SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform, + WHIRLPOOL, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_BitUpdate and WHIRLPOOL_Final. - Use of these low level functions has been informally discouraged - for a long time. Applications should use the EVP_DigestInit_ex(3), - EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions instead. + Use of these low-level functions has been informally discouraged + for a long time. Applications should use the L, + L, and L functions instead. + Alternatively, the quick one-shot function L can be used. + SHA1, SHA224, SHA256, SHA384 and SHA512 have changed from functions to macros + like this: (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL). - *Paul Dale* + *Paul Dale and David von Oheimb* * Corrected the documentation of the return values from the `EVP_DigestSign*` set of functions. The documentation mentioned negative values for some @@ -1101,7 +1105,7 @@ OpenSSL 3.0 *Richard Levitte* - * All of the low level cipher functions have been deprecated including: + * All of the low-level cipher functions have been deprecated including: AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt, AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt, @@ -1133,7 +1137,7 @@ OpenSSL 3.0 SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt, SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt. - Use of these low level functions has been informally discouraged for + Use of these low-level functions has been informally discouraged for a long time. Applications should use the high level EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions instead. @@ -1168,7 +1172,7 @@ OpenSSL 3.0 difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. - Also applications directly using the low level API BN_mod_exp may be + Also applications directly using the low-level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. ([CVE-2019-1551]) @@ -7652,11 +7656,11 @@ OpenSSL 1.0.1 *Steve Henson* - * Add similar low level API blocking to ciphers. + * Add similar low-level API blocking to ciphers. *Steve Henson* - * Low level digest APIs are not approved in FIPS mode: any attempt + * low-level digest APIs are not approved in FIPS mode: any attempt to use these will cause a fatal error. Applications that *really* want to use them can use the `private_*` version instead. @@ -11044,7 +11048,7 @@ OpenSSL 0.9.8.] * Add new 'medium level' PKCS#12 API. Certificates and keys can be added using this API to created arbitrary PKCS#12 - files while avoiding the low level API. + files while avoiding the low-level API. New options to PKCS12_create(), key or cert can be NULL and will then be omitted from the output file. The encryption @@ -11055,7 +11059,7 @@ OpenSSL 0.9.8.] options work when creating a PKCS#12 file. New option -nomac to omit the mac, NONE can be set for an encryption algorithm. New code is modified to use the enhanced PKCS12_create() - instead of the low level API. + instead of the low-level API. *Steve Henson* @@ -12777,7 +12781,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *Richard Levitte* - * Change all calls to low level digest routines in the library and + * Change all calls to low-level digest routines in the library and applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). @@ -15360,7 +15364,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *Bodo Moeller* * New openssl application 'rsautl'. This utility can be - used for low level RSA operations. DER public key + used for low-level RSA operations. DER public key BIO/fp routines also added. *Steve Henson* @@ -17240,7 +17244,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k provides hooks that allow the default DSA functions or functions on a "per key" basis to be replaced. This allows hardware acceleration and hardware key storage to be handled without major modification to the - library. Also added low level modexp hooks and CRYPTO_EX structure and + library. Also added low-level modexp hooks and CRYPTO_EX structure and associated functions. *Steve Henson* diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 67f6e839ca..e584bd8b2b 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -629,6 +629,20 @@ int EVP_Digest(const void *data, size_t count, return ret; } +int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq, + const void *data, size_t count, + unsigned char *md, unsigned int *size) +{ + EVP_MD *digest = EVP_MD_fetch(libctx, name, propq); + int ret = 0; + + if (digest != NULL) { + ret = EVP_Digest(data, count, md, size, digest, NULL); + EVP_MD_free(digest); + } + return ret; +} + int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]) { if (digest != NULL && digest->get_params != NULL) diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index e8182b628b..9043f3fb1b 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -16,9 +16,9 @@ #include #include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES -# include # include # include "crypto/evp.h" +# include "crypto/sha.h" # include # include # include "evp_local.h" @@ -347,10 +347,8 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Decrypt again using new IV */ des_ede_cbc_cipher(ctx, out, out, inl - 16); des_ede_cbc_cipher(ctx, icv, icv, 8); - /* Work out SHA1 hash of first portion */ - SHA1(out, inl - 16, sha1tmp); - - if (!CRYPTO_memcmp(sha1tmp, icv, 8)) + if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ + && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) rv = inl - 16; OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); @@ -371,7 +369,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Copy input to output buffer + 8 so we have space for IV */ memmove(out + 8, in, inl); /* Work out ICV */ - SHA1(in, inl, sha1tmp); + if (!ossl_sha1(in, inl, sha1tmp)) + return -1; memcpy(out + inl + 8, sha1tmp, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); /* Generate random IV */ diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index 5bd9953d96..b98f078739 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -17,8 +17,9 @@ #include #include #include +#include "crypto/sha.h" -unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) +unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; static unsigned char m[SHA_DIGEST_LENGTH]; diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 4fa68953d1..7b3855f301 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -53,34 +53,6 @@ int SHA256_Init(SHA256_CTX *c) return 1; } -unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) -{ - SHA256_CTX c; - static unsigned char m[SHA224_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - SHA224_Init(&c); - SHA256_Update(&c, d, n); - SHA256_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); - return md; -} - -unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) -{ - SHA256_CTX c; - static unsigned char m[SHA256_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - SHA256_Init(&c); - SHA256_Update(&c, d, n); - SHA256_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); - return md; -} - int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) { return SHA256_Update(c, data, len); diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index f0cf9ca902..a0d7f88ba9 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -338,34 +338,6 @@ void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) sha512_block_data_order(c, data, 1); } -unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) -{ - SHA512_CTX c; - static unsigned char m[SHA384_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - SHA384_Init(&c); - SHA512_Update(&c, d, n); - SHA512_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); - return md; -} - -unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) -{ - SHA512_CTX c; - static unsigned char m[SHA512_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - SHA512_Init(&c); - SHA512_Update(&c, d, n); - SHA512_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); - return md; -} - #ifndef SHA512_ASM static const SHA_LONG64 K512[80] = { U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index a405c2be59..4b6aaeeb1c 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -10,7 +10,7 @@ EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params, EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, -EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, +EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number, EVP_MD_names_do_all, EVP_MD_provider, @@ -49,6 +49,9 @@ EVP_MD_do_all_provided void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); + int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq, + const void *data, size_t count, + unsigned char *md, unsigned int *size); int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, @@ -216,6 +219,12 @@ as a parameter descriptor. Sets, clears and tests I flags. See L below for more information. +=item EVP_Q_digest() is a quick one-shot digest function. +It hashes I bytes of data at I using the digest algorithm I, +which is fetched using the optional I and I parameters. +The digest value is placed in I and its length is written at I +if the pointer is not NULL. At most B bytes will be written. + =item EVP_Digest() A wrapper around the Digest Init_ex, Update and Final_ex functions. @@ -528,12 +537,16 @@ Returns a pointer to a B for success or NULL for failure. Returns 1 for success or 0 for failure. -=item EVP_DigestInit_ex2(), +=item EVP_Q_digest(), +EVP_Digest(), +EVP_DigestInit_ex2(), EVP_DigestInit_ex(), EVP_DigestUpdate(), -EVP_DigestFinal_ex() +EVP_DigestFinal_ex(), +EVP_DigestFinalXOF(), and +EVP_DigestFinal() -Returns 1 for +return 1 for success and 0 for failure. =item EVP_MD_CTX_ctrl() @@ -698,7 +711,8 @@ The EVP_dss1() function was removed in OpenSSL 1.1.0. The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1. -The EVP_DigestInit_ex2(), EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), +The EVP_Q_digest(), EVP_DigestInit_ex2(), +EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_get_params(), EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params(), EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod index c8ac28de83..ee96cd2381 100644 --- a/doc/man3/SHA256_Init.pod +++ b/doc/man3/SHA256_Init.pod @@ -11,6 +11,12 @@ SHA512_Final - Secure Hash Algorithm #include + unsigned char *SHA1(const void *data, size_t count, unsigned char *md_buf); + unsigned char *SHA224(const void *data, size_t count, unsigned char *md_buf); + unsigned char *SHA256(const void *data, size_t count, unsigned char *md_buf); + unsigned char *SHA384(const void *data, size_t count, unsigned char *md_buf); + unsigned char *SHA512(const void *data, size_t count, unsigned char *md_buf); + Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: @@ -18,38 +24,33 @@ L: int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); - unsigned char *SHA1(const unsigned char *d, size_t n, - unsigned char *md); int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); - unsigned char *SHA224(const unsigned char *d, size_t n, - unsigned char *md); int SHA256_Init(SHA256_CTX *c); int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); int SHA256_Final(unsigned char *md, SHA256_CTX *c); - unsigned char *SHA256(const unsigned char *d, size_t n, - unsigned char *md); int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); - unsigned char *SHA384(const unsigned char *d, size_t n, - unsigned char *md); int SHA512_Init(SHA512_CTX *c); int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c); - unsigned char *SHA512(const unsigned char *d, size_t n, - unsigned char *md); =head1 DESCRIPTION -All of the functions described on this page are deprecated. +All of the functions described on this page +except for SHA1(), SHA224(), SHA256(), SHA384() and SHA512() are deprecated. Applications should instead use L, L -and L. +and L, or the quick one-shot function L. +SHA1(), SHA224(), SHA256(), SHA384(), and SHA256() +can continue to be used. They can also be replaced by, e.g., + + (EVP_Q_digest(d, n, md, NULL, NULL, "SHA256", NULL) ? md : NULL) SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. @@ -95,11 +96,12 @@ ANSI X9.30 =head1 SEE ALSO +L, L =head1 HISTORY -All of these functions were deprecated in OpenSSL 3.0. +All of these functions except SHA*() were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index e92991afa8..bacdbf4821 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -255,7 +255,7 @@ algorithm. =head1 BUGS -The EVP_Digest() and EVP_DigestFinal_ex() libcrypto API calls do not +The EVP_Q_digest(), EVP_Digest() and EVP_DigestFinal_ex() API calls do not expect the digest size to be larger than EVP_MAX_MD_SIZE. Any algorithm which produces larger digests is unusable with those API calls. diff --git a/include/crypto/sha.h b/include/crypto/sha.h index 20823b8bca..64305d1790 100644 --- a/include/crypto/sha.h +++ b/include/crypto/sha.h @@ -12,10 +12,11 @@ # define OSSL_CRYPTO_SHA_H # pragma once -# include +# include int sha512_224_init(SHA512_CTX *); int sha512_256_init(SHA512_CTX *); int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms); +unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md); #endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 9374e86e66..c380f2e539 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -681,6 +681,9 @@ __owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, __owur int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); +__owur int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, + const char *propq, const void *data, size_t count, + unsigned char *md, unsigned int *size); __owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); __owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); diff --git a/include/openssl/sha.h b/include/openssl/sha.h index 36339373b7..0dca61c71d 100644 --- a/include/openssl/sha.h +++ b/include/openssl/sha.h @@ -17,6 +17,7 @@ # endif # include +# include # include # ifdef __cplusplus @@ -45,16 +46,16 @@ typedef struct SHAstate_st { SHA_LONG data[SHA_LBLOCK]; unsigned int num; } SHA_CTX; -# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 + OSSL_DEPRECATEDIN_3_0 int SHA1_Init(SHA_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c); -OSSL_DEPRECATEDIN_3_0 unsigned char *SHA1(const unsigned char *d, size_t n, - unsigned char *md); OSSL_DEPRECATEDIN_3_0 void SHA1_Transform(SHA_CTX *c, const unsigned char *data); # endif +# define SHA1(d, n, md) \ + (EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL) + # ifndef OPENSSL_NO_DEPRECATED_3_0 # define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a * contiguous array of 32 bit wide @@ -66,24 +67,24 @@ typedef struct SHA256state_st { SHA_LONG data[SHA_LBLOCK]; unsigned int num, md_len; } SHA256_CTX; -# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 + OSSL_DEPRECATEDIN_3_0 int SHA224_Init(SHA256_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA224_Final(unsigned char *md, SHA256_CTX *c); -OSSL_DEPRECATEDIN_3_0 unsigned char *SHA224(const unsigned char *d, size_t n, - unsigned char *md); OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c); -OSSL_DEPRECATEDIN_3_0 unsigned char *SHA256(const unsigned char *d, size_t n, - unsigned char *md); OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); # endif +# define SHA224(d, n, md) \ + (EVP_Q_digest(NULL, "SHA224", NULL, d, n, md, NULL) ? md : NULL) +# define SHA256(d, n, md) \ + (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL) + # define SHA224_DIGEST_LENGTH 28 # define SHA256_DIGEST_LENGTH 32 # define SHA384_DIGEST_LENGTH 48 @@ -118,24 +119,24 @@ typedef struct SHA512state_st { } u; unsigned int num, md_len; } SHA512_CTX; -# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */ -# ifndef OPENSSL_NO_DEPRECATED_3_0 + OSSL_DEPRECATEDIN_3_0 int SHA384_Init(SHA512_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA384_Final(unsigned char *md, SHA512_CTX *c); -OSSL_DEPRECATEDIN_3_0 unsigned char *SHA384(const unsigned char *d, size_t n, - unsigned char *md); OSSL_DEPRECATEDIN_3_0 int SHA512_Init(SHA512_CTX *c); OSSL_DEPRECATEDIN_3_0 int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); OSSL_DEPRECATEDIN_3_0 int SHA512_Final(unsigned char *md, SHA512_CTX *c); -OSSL_DEPRECATEDIN_3_0 unsigned char *SHA512(const unsigned char *d, size_t n, - unsigned char *md); OSSL_DEPRECATEDIN_3_0 void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); # endif +# define SHA384(d, n, md) \ + (EVP_Q_digest(NULL, "SHA384", NULL, d, n, md, NULL) ? md : NULL) +# define SHA512(d, n, md) \ + (EVP_Q_digest(NULL, "SHA512", NULL, d, n, md, NULL) ? md : NULL) + # ifdef __cplusplus } # endif diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 6175384c2d..0ab5e40394 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -166,7 +166,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84 crypto/ec/ecp_ 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128 crypto/evp/asymcipher.c 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c -4433d40517d9550f6a1db90dfb912e32ee10b95497ddfc2a7edb2116f87ee531 crypto/evp/digest.c +e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5 crypto/evp/digest.c 87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8 crypto/evp/ec_support.c c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0 crypto/evp/evp_enc.c 9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561 crypto/evp/evp_fetch.c @@ -297,9 +297,9 @@ f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699 crypto/sha/asm 8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl 4d13c5020a92190d43721018c50776fd4df858fe92f3cce1d465ed98dfb142d1 crypto/sha/keccak1600.c 306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c -b40bd40b91a2ecdba63777758f84c5405a92e673636dba2cb83512c34aae3882 crypto/sha/sha256.c +4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b crypto/sha/sha256.c 01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07 crypto/sha/sha3.c -7598a626c55fb6505cc234cb438c78846756cde95c4400ca07bf9460b9bec834 crypto/sha/sha512.c +65ef028da082f1a9b6ce2c45ae5644895b7fca356a798fca65428852ccf24b96 crypto/sha/sha512.c 86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7 crypto/sparse_array.c 32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df crypto/stack/stack.c 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c diff --git a/providers/fips.checksum b/providers/fips.checksum index 50a9c51b5c..cbb359f123 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -4d501c5fb8a5646c618eb02511a7a1ffab71823f6adee558ee30df8bb4bd6f40 providers/fips-sources.checksums +db2202782291f6e77fbe9f6271517cb41d7c06790a606a61f69e564f002f76f5 providers/fips-sources.checksums diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index be109129bd..4bfd17f515 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -18,6 +18,7 @@ #include #include "cipher_tdes_default.h" #include "crypto/evp.h" +#include "crypto/sha.h" #include "prov/implementations.h" #include "prov/providercommon.h" @@ -64,10 +65,8 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out, /* Decrypt again using new IV */ ctx->hw->cipher(ctx, out, out, inl - 16); ctx->hw->cipher(ctx, icv, icv, 8); - /* Work out SHA1 hash of first portion */ - SHA1(out, inl - 16, sha1tmp); - - if (!CRYPTO_memcmp(sha1tmp, icv, 8)) + if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ + && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) rv = inl - 16; OPENSSL_cleanse(icv, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); @@ -93,7 +92,8 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out, /* Copy input to output buffer + 8 so we have space for IV */ memmove(out + ivlen, in, inl); /* Work out ICV */ - SHA1(in, inl, sha1tmp); + if (!ossl_sha1(in, inl, sha1tmp)) + return 0; memcpy(out + inl + ivlen, sha1tmp, icvlen); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); /* Generate random IV */ diff --git a/util/libcrypto.num b/util/libcrypto.num index 2e89c5dd26..019a6ecb52 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1144,7 +1144,7 @@ BN_security_bits 1171 3_0_0 EXIST::FUNCTION: X509_PURPOSE_get0_name 1172 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_serial 1173 3_0_0 EXIST::FUNCTION:TS ASN1_PCTX_get_str_flags 1174 3_0_0 EXIST::FUNCTION: -SHA256 1175 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +SHA256 1175 3_0_0 NOEXIST::FUNCTION: X509_LOOKUP_hash_dir 1176 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_check 1177 3_0_0 EXIST::FUNCTION: ENGINE_set_default_RAND 1178 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -1375,7 +1375,7 @@ EVP_MD_meth_get_cleanup 1408 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ SRP_Calc_server_key 1409 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP BN_mod_exp_simple 1410 3_0_0 EXIST::FUNCTION: BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION: -SHA512 1412 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +SHA512 1412 3_0_0 NOEXIST::FUNCTION: X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION: EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION: OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION: @@ -2460,7 +2460,7 @@ BN_generate_dsa_nonce 2512 3_0_0 EXIST::FUNCTION: X509_verify_cert 2513 3_0_0 EXIST::FUNCTION: X509_policy_level_get0_node 2514 3_0_0 EXIST::FUNCTION: X509_REQ_get_attr 2515 3_0_0 EXIST::FUNCTION: -SHA1 2516 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +SHA1 2516 3_0_0 NOEXIST::FUNCTION: X509_print 2517 3_0_0 EXIST::FUNCTION: d2i_AutoPrivateKey 2518 3_0_0 EXIST::FUNCTION: X509_REQ_new 2519 3_0_0 EXIST::FUNCTION: @@ -2927,7 +2927,7 @@ EC_GROUP_set_asn1_flag 2991 3_0_0 EXIST::FUNCTION:EC EVP_PKEY_new 2992 3_0_0 EXIST::FUNCTION: i2d_POLICYINFO 2993 3_0_0 EXIST::FUNCTION: BN_get_flags 2994 3_0_0 EXIST::FUNCTION: -SHA384 2995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +SHA384 2995 3_0_0 NOEXIST::FUNCTION: NCONF_get_string 2996 3_0_0 EXIST::FUNCTION: d2i_PROXY_CERT_INFO_EXTENSION 2997 3_0_0 EXIST::FUNCTION: EC_POINT_point2buf 2998 3_0_0 EXIST::FUNCTION:EC @@ -3510,7 +3510,7 @@ EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION: OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP -SHA224 3592 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +SHA224 3592 3_0_0 NOEXIST::FUNCTION: MD2_options 3593 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 X509_REQ_it 3595 3_0_0 EXIST::FUNCTION: RAND_bytes 3596 3_0_0 EXIST::FUNCTION: @@ -5320,6 +5320,7 @@ OSSL_ESS_signing_cert_new_init ? 3_0_0 EXIST::FUNCTION: OSSL_ESS_signing_cert_v2_new_init ? 3_0_0 EXIST::FUNCTION: ESS_SIGNING_CERT_it ? 3_0_0 EXIST::FUNCTION: ESS_SIGNING_CERT_V2_it ? 3_0_0 EXIST::FUNCTION: +EVP_Q_digest ? 3_0_0 EXIST::FUNCTION: EVP_DigestInit_ex2 ? 3_0_0 EXIST::FUNCTION: EVP_EncryptInit_ex2 ? 3_0_0 EXIST::FUNCTION: EVP_DecryptInit_ex2 ? 3_0_0 EXIST::FUNCTION: diff --git a/util/other.syms b/util/other.syms index 3f36f53076..fb8efcb12a 100644 --- a/util/other.syms +++ b/util/other.syms @@ -431,6 +431,11 @@ PEM_FLAG_EAY_COMPATIBLE define PEM_FLAG_ONLY_B64 define PEM_FLAG_SECURE define RAND_cleanup define deprecated 1.1.0 +SHA1 define +SHA224 define +SHA256 define +SHA384 define +SHA512 define SSL_COMP_free_compression_methods define deprecated 1.1.0 SSL_CTX_add0_chain_cert define SSL_CTX_add1_chain_cert define -- 2.34.1