as well as words of caution.
[Richard Levitte]
+ *) The SSL_CTX_set_tlsext_ticket_key_cb(3) function has been deprecated.
+ Instead used the new SSL_CTX_set_tlsext_ticket_key_evp_cb(3) function.
+ [Paul Dale]
+
+ *) All of the low level HMAC functions have been deprecated including:
+ HMAC, HMAC_size, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free,
+ HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags
+ and HMAC_CTX_get_md.
+ Use of these low level functions has been informally discouraged for a long
+ time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
+ L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+ and L<EVP_MAC_final(3)>.
+ [Paul Dale]
+
*) All of the low level CMAC functions have been deprecated including:
CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_free, CMAC_CTX_get0_cipher_ctx,
CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
#include <stdlib.h>
#include <string.h> /* for memcpy() and strcmp() */
#include "apps.h"
+#include <openssl/core_names.h>
+#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len)
{
- unsigned char *buffer;
+ unsigned char *buffer = NULL;
size_t length = 0;
unsigned short port;
BIO_ADDR *lpeer = NULL, *peer = NULL;
+ int res = 0;
+ EVP_MAC *hmac = NULL;
+ EVP_MAC_CTX *ctx = NULL;
+ OSSL_PARAM params[3], *p = params;
/* Initialize a random secret */
if (!cookie_initialized) {
BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
/* Calculate HMAC of buffer using the secret */
- HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
- buffer, length, cookie, cookie_len);
-
+ hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+ if (hmac == NULL) {
+ BIO_printf(bio_err, "HMAC not found\n");
+ goto end;
+ }
+ ctx = EVP_MAC_CTX_new(hmac);
+ if (ctx == NULL) {
+ BIO_printf(bio_err, "HMAC context allocation failed\n");
+ goto end;
+ }
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA1", 0);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, cookie_secret,
+ COOKIE_SECRET_LENGTH);
+ *p = OSSL_PARAM_construct_end();
+ if (!EVP_MAC_CTX_set_params(ctx, params)) {
+ BIO_printf(bio_err, "HMAC context parameter setting failed\n");
+ goto end;
+ }
+ if (!EVP_MAC_init(ctx)) {
+ BIO_printf(bio_err, "HMAC context initialisation failed\n");
+ goto end;
+ }
+ if (!EVP_MAC_update(ctx, buffer, length)) {
+ BIO_printf(bio_err, "HMAC context update failed\n");
+ goto end;
+ }
+ if (!EVP_MAC_final(ctx, cookie, NULL, (size_t)cookie_len)) {
+ BIO_printf(bio_err, "HMAC context final failed\n");
+ goto end;
+ }
+ res = 1;
+end:
OPENSSL_free(buffer);
BIO_ADDR_free(lpeer);
- return 1;
+ return res;
}
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
OPT_SECTION("Selection"),
{"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
+#ifndef OPENSSL_NO_DEPRECATED_3_0
{"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
+#endif
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
#endif
#endif
#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"md5", D_MD5},
+# ifndef OPENSSL_NO_DEPRECATED_3_0
{"hmac", D_HMAC},
+# endif
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
{"sha1", D_SHA1},
size_t outlen[EC_NUM];
#endif
EVP_CIPHER_CTX *ctx;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
HMAC_CTX *hctx;
+#endif
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
CMAC_CTX *cmac_ctx;
#endif
return count;
}
+# ifndef OPENSSL_NO_DEPRECATED_3_0
static int HMAC_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **) args;
}
return count;
}
+# endif
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
return count;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
static const EVP_MD *evp_hmac_md = NULL;
static char *evp_hmac_name = NULL;
static int EVP_HMAC_loop(void *args)
}
return count;
}
+#endif
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static const EVP_CIPHER *evp_cmac_cipher = NULL;
doit[D_EVP] = 1;
break;
case OPT_HMAC:
+#ifndef OPENSSL_NO_DEPRECATED_3_0
evp_hmac_md = EVP_get_digestbyname(opt_arg());
if (evp_hmac_md == NULL) {
BIO_printf(bio_err, "%s: %s is an unknown digest\n",
}
doit[D_EVP_HMAC] = 1;
break;
+#endif
case OPT_CMAC:
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
evp_cmac_cipher = EVP_get_cipherbyname(opt_arg());
}
}
+# ifndef OPENSSL_NO_DEPRECATED_3_0
if (doit[D_HMAC]) {
static const char hmac_key[] = "This is a key...";
int len = strlen(hmac_key);
for (i = 0; i < loopargs_len; i++)
HMAC_CTX_free(loopargs[i].hctx);
}
+# endif
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (doit[D_SHA1]) {
}
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (doit[D_EVP_HMAC] && evp_hmac_md != NULL) {
const char *md_name = OBJ_nid2ln(EVP_MD_type(evp_hmac_md));
print_result(D_EVP_HMAC, testnum, count, d);
}
}
+#endif
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_EVP_CMAC] && evp_cmac_cipher != NULL) {
OPENSSL_free(loopargs[i].secret_b);
#endif
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
OPENSSL_free(evp_hmac_name);
+#endif
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
OPENSSL_free(evp_cmac_name);
#endif
* https://www.openssl.org/source/license.html
*/
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
* https://www.openssl.org/source/license.html
*/
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
* https://www.openssl.org/source/license.html
*/
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/crypto.h>
* https://www.openssl.org/source/license.html
*/
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/hmac.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
int key_len, const unsigned char *d, int n,
unsigned char *md, unsigned int *md_len);
=head1 DESCRIPTION
+All of the functions described on this page are deprecated. Applications should
+instead use L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>,
+L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)>.
+
HMAC is a MAC (message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.
HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.
extern "C" {
# endif
-size_t HMAC_size(const HMAC_CTX *e);
-HMAC_CTX *HMAC_CTX_new(void);
-int HMAC_CTX_reset(HMAC_CTX *ctx);
-void HMAC_CTX_free(HMAC_CTX *ctx);
+DEPRECATEDIN_3_0(size_t HMAC_size(const HMAC_CTX *e))
+DEPRECATEDIN_3_0(HMAC_CTX *HMAC_CTX_new(void))
+DEPRECATEDIN_3_0(int HMAC_CTX_reset(HMAC_CTX *ctx))
+DEPRECATEDIN_3_0(void HMAC_CTX_free(HMAC_CTX *ctx))
DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md))
-
-/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md, ENGINE *impl);
-/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
- size_t len);
-/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
- unsigned int *len);
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
- const unsigned char *d, size_t n, unsigned char *md,
- unsigned int *md_len);
-__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+ const EVP_MD *md))
+
+DEPRECATEDIN_3_0(int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md, ENGINE *impl))
+DEPRECATEDIN_3_0(int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
+ size_t len))
+DEPRECATEDIN_3_0(int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
+ unsigned int *len))
+DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+ int key_len, const unsigned char *d,
+ size_t n, unsigned char *md,
+ unsigned int *md_len))
+DEPRECATEDIN_3_0(__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx))
+
+DEPRECATEDIN_3_0(void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags))
+DEPRECATEDIN_3_0(const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx))
# ifdef __cplusplus
}
* https://www.openssl.org/source/license.html
*/
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
* https://www.openssl.org/source/license.html
*/
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
* https://www.openssl.org/source/license.html
*/
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
aborttest test_test \
sanitytest rsa_complex exdatatest bntest \
ectest ecstresstest ecdsatest gmdifftest pbelutest \
- hmactest \
destest mdc2test \
dhtest enginetest \
ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
INCLUDE[pbelutest]=../include ../apps/include
DEPEND[pbelutest]=../libcrypto libtestutil.a
- SOURCE[hmactest]=hmactest.c
- INCLUDE[hmactest]=../include ../apps/include
- DEPEND[hmactest]=../libcrypto libtestutil.a
-
SOURCE[mdc2test]=mdc2test.c
INCLUDE[mdc2test]=../include ../apps/include
DEPEND[mdc2test]=../libcrypto libtestutil.a
tls13encryptiontest wpackettest ctype_internal_test \
rdrand_sanitytest property_test ideatest \
rsa_sp800_56b_test bn_internal_test \
- rc2test rc4test rc5test \
+ rc2test rc4test rc5test hmactest \
asn1_dsa_internal_test
IF[{- !$disabled{poly1305} -}]
INCLUDE[sparse_array_test]=../crypto/include ../include ../apps/include
DEPEND[sparse_array_test]=../libcrypto.a libtestutil.a
+ SOURCE[hmactest]=hmactest.c
+ INCLUDE[hmactest]=../include ../apps/include
+ DEPEND[hmactest]=../libcrypto.a libtestutil.a
+
SOURCE[siphash_internal_test]=siphash_internal_test.c
INCLUDE[siphash_internal_test]=.. ../include ../apps/include ../crypto/include
DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a
* https://www.openssl.org/source/license.html
*/
+/*
+ * HMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
WHIRLPOOL_Final 115 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL
CMS_get1_ReceiptRequest 116 3_0_0 EXIST::FUNCTION:CMS
BIO_sock_non_fatal_error 117 3_0_0 EXIST::FUNCTION:SOCK
-HMAC_Update 118 3_0_0 EXIST::FUNCTION:
+HMAC_Update 118 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
i2d_PKCS12 119 3_0_0 EXIST::FUNCTION:
EVP_BytesToKey 120 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_pkey_asn1_meths 121 3_0_0 EXIST::FUNCTION:ENGINE
ASN1_STRING_print_ex_fp 402 3_0_0 EXIST::FUNCTION:STDIO
PKCS7_SIGNED_new 403 3_0_0 EXIST::FUNCTION:
CMS_get0_eContentType 404 3_0_0 EXIST::FUNCTION:CMS
-HMAC_Final 405 3_0_0 EXIST::FUNCTION:
+HMAC_Final 405 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_CRL_delete_ext 406 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_get_ordering 407 3_0_0 EXIST::FUNCTION:TS
X509_get_extended_key_usage 408 3_0_0 EXIST::FUNCTION:
X509_STORE_add_cert 1262 3_0_0 EXIST::FUNCTION:
EC_GROUP_precompute_mult 1263 3_0_0 EXIST::FUNCTION:EC
d2i_DISPLAYTEXT 1265 3_0_0 EXIST::FUNCTION:
-HMAC_CTX_copy 1266 3_0_0 EXIST::FUNCTION:
+HMAC_CTX_copy 1266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
CRYPTO_gcm128_init 1267 3_0_0 EXIST::FUNCTION:
i2d_X509_CINF 1268 3_0_0 EXIST::FUNCTION:
X509_REVOKED_delete_ext 1269 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_init 1320 3_0_0 EXIST::FUNCTION:
X509_check_trust 1321 3_0_0 EXIST::FUNCTION:
b2i_PrivateKey 1322 3_0_0 EXIST::FUNCTION:DSA
-HMAC_Init_ex 1323 3_0_0 EXIST::FUNCTION:
+HMAC_Init_ex 1323 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SMIME_read_CMS 1324 3_0_0 EXIST::FUNCTION:CMS
X509_subject_name_cmp 1325 3_0_0 EXIST::FUNCTION:
CRYPTO_ocb128_finish 1326 3_0_0 EXIST::FUNCTION:OCB
X509_ATTRIBUTE_set1_object 1438 3_0_0 EXIST::FUNCTION:
i2d_ECPrivateKey_bio 1439 3_0_0 EXIST::FUNCTION:EC
BN_GENCB_free 1440 3_0_0 EXIST::FUNCTION:
-HMAC_size 1441 3_0_0 EXIST::FUNCTION:
+HMAC_size 1441 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_get0_DH 1442 3_0_0 EXIST::FUNCTION:DH
d2i_OCSP_CRLID 1443 3_0_0 EXIST::FUNCTION:OCSP
EVP_CIPHER_CTX_set_padding 1444 3_0_0 EXIST::FUNCTION:
i2o_SCT 2076 3_0_0 EXIST::FUNCTION:CT
d2i_TS_STATUS_INFO 2077 3_0_0 EXIST::FUNCTION:TS
ERR_error_string_n 2078 3_0_0 EXIST::FUNCTION:
-HMAC 2079 3_0_0 EXIST::FUNCTION:
+HMAC 2079 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
BN_mul 2080 3_0_0 EXIST::FUNCTION:
BN_get0_nist_prime_384 2081 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1_ip_asc 2082 3_0_0 EXIST::FUNCTION:
ASN1_STRING_get_default_mask 2310 3_0_0 EXIST::FUNCTION:
X509_alias_set1 2311 3_0_0 EXIST::FUNCTION:
ASN1_item_unpack 2312 3_0_0 EXIST::FUNCTION:
-HMAC_CTX_free 2313 3_0_0 EXIST::FUNCTION:
+HMAC_CTX_free 2313 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EC_POINT_new 2314 3_0_0 EXIST::FUNCTION:EC
PKCS7_ISSUER_AND_SERIAL_digest 2315 3_0_0 EXIST::FUNCTION:
EVP_des_ofb 2316 3_0_0 EXIST::FUNCTION:DES
DH_get_ex_data 2977 3_0_0 EXIST::FUNCTION:DH
CRYPTO_secure_malloc 2978 3_0_0 EXIST::FUNCTION:
TS_RESP_get_status_info 2979 3_0_0 EXIST::FUNCTION:TS
-HMAC_CTX_new 2980 3_0_0 EXIST::FUNCTION:
+HMAC_CTX_new 2980 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ENGINE_get_default_DH 2981 3_0_0 EXIST::FUNCTION:ENGINE
ECDSA_do_verify 2982 3_0_0 EXIST::FUNCTION:EC
DSO_flags 2983 3_0_0 EXIST::FUNCTION:
CRYPTO_get_ex_data 3465 3_0_0 EXIST::FUNCTION:
X509_PURPOSE_get0_sname 3466 3_0_0 EXIST::FUNCTION:
RSA_verify_PKCS1_PSS 3467 3_0_0 EXIST::FUNCTION:RSA
-HMAC_CTX_reset 3468 3_0_0 EXIST::FUNCTION:
+HMAC_CTX_reset 3468 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_meth_set_init 3469 3_0_0 EXIST::FUNCTION:
X509_REQ_extension_nid 3470 3_0_0 EXIST::FUNCTION:
ENGINE_up_ref 3471 3_0_0 EXIST::FUNCTION:ENGINE
DES_set_odd_parity 3477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
CMAC_CTX_free 3478 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
d2i_ESS_ISSUER_SERIAL 3479 3_0_0 EXIST::FUNCTION:
-HMAC_CTX_set_flags 3480 3_0_0 EXIST::FUNCTION:
+HMAC_CTX_set_flags 3480 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
d2i_PKCS8_bio 3481 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_get_ext_count 3482 3_0_0 EXIST::FUNCTION:OCSP
PEM_read_bio_PKCS8_PRIV_KEY_INFO 3483 3_0_0 EXIST::FUNCTION:
ECDSA_SIG_set0 4093 3_0_0 EXIST::FUNCTION:EC
DSA_SIG_set0 4094 3_0_0 EXIST::FUNCTION:DSA
EVP_PKEY_get0_hmac 4095 3_0_0 EXIST::FUNCTION:
-HMAC_CTX_get_md 4096 3_0_0 EXIST::FUNCTION:
+HMAC_CTX_get_md 4096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
NAME_CONSTRAINTS_check_CN 4097 3_0_0 EXIST::FUNCTION:
OCSP_resp_get0_id 4098 3_0_0 EXIST::FUNCTION:OCSP
OCSP_resp_get0_certs 4099 3_0_0 EXIST::FUNCTION:OCSP
projects / openssl.git / commitdiff