diff options
author | Pauli <paul.dale@oracle.com> | 2020-01-09 13:14:13 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-01-19 10:14:39 +1000 |
commit | 85d843c8eccce937d073a9df7a193032478e21dd (patch) | |
tree | 747b066f6bae0f7440ccb9e7398f632783012440 /crypto | |
parent | 8720b1779442bc0259d89f4fe7f8d46ad4d0b0c0 (diff) | |
download | openssl-new-85d843c8eccce937d073a9df7a193032478e21dd.tar.gz |
Deprecate the low level SHA functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10791)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ct/ct_log.c | 4 | ||||
-rw-r--r-- | crypto/ec/curve25519.c | 73 | ||||
-rw-r--r-- | crypto/ec/ecx_meth.c | 5 | ||||
-rw-r--r-- | crypto/engine/eng_openssl.c | 4 | ||||
-rw-r--r-- | crypto/evp/legacy_md5_sha1.c | 7 | ||||
-rw-r--r-- | crypto/evp/legacy_sha.c | 6 | ||||
-rw-r--r-- | crypto/md5/md5_sha1.c | 7 | ||||
-rw-r--r-- | crypto/sha/sha1_one.c | 6 | ||||
-rw-r--r-- | crypto/sha/sha1dgst.c | 6 | ||||
-rw-r--r-- | crypto/sha/sha256.c | 6 | ||||
-rw-r--r-- | crypto/sha/sha512.c | 7 |
11 files changed, 103 insertions, 28 deletions
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c index 164ff72ac0..695221cba0 100644 --- a/crypto/ct/ct_log.c +++ b/crypto/ct/ct_log.c @@ -76,14 +76,14 @@ static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey, int ret = 0; unsigned char *pkey_der = NULL; int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der); + unsigned int len; if (pkey_der_len <= 0) { CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID); goto err; } - SHA256(pkey_der, pkey_der_len, log_id); - ret = 1; + ret = EVP_Digest(pkey_der, pkey_der_len, log_id, &len, EVP_sha256(), NULL); err: OPENSSL_free(pkey_der); return ret; diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index 89b1e3c2c1..a512aeb237 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -9,6 +9,7 @@ #include <string.h> #include "ec_local.h" +#include <openssl/evp.h> #include <openssl/sha.h> #if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ @@ -5436,39 +5437,50 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, uint8_t nonce[SHA512_DIGEST_LENGTH]; ge_p3 R; uint8_t hram[SHA512_DIGEST_LENGTH]; - SHA512_CTX hash_ctx; + EVP_MD *sha512 = EVP_MD_fetch(NULL, SN_sha512, NULL); + EVP_MD_CTX *hash_ctx = EVP_MD_CTX_new(); + unsigned int sz; + int res = 0; - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, private_key, 32); - SHA512_Final(az, &hash_ctx); + if (sha512 == NULL || hash_ctx == NULL) + goto err; + + if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) + || !EVP_DigestUpdate(hash_ctx, private_key, 32) + || !EVP_DigestFinal_ex(hash_ctx, az, &sz)) + goto err; az[0] &= 248; az[31] &= 63; az[31] |= 64; - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, az + 32, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(nonce, &hash_ctx); + if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) + || !EVP_DigestUpdate(hash_ctx, az + 32, 32) + || !EVP_DigestUpdate(hash_ctx, message, message_len) + || !EVP_DigestFinal_ex(hash_ctx, nonce, &sz)) + goto err; x25519_sc_reduce(nonce); ge_scalarmult_base(&R, nonce); ge_p3_tobytes(out_sig, &R); - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, out_sig, 32); - SHA512_Update(&hash_ctx, public_key, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(hram, &hash_ctx); + if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) + || !EVP_DigestUpdate(hash_ctx, out_sig, 32) + || !EVP_DigestUpdate(hash_ctx, public_key, 32) + || !EVP_DigestUpdate(hash_ctx, message, message_len) + || !EVP_DigestFinal_ex(hash_ctx, hram, &sz)) + goto err; x25519_sc_reduce(hram); sc_muladd(out_sig + 32, hram, az, nonce); - OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx)); + res = 1; +err: OPENSSL_cleanse(nonce, sizeof(nonce)); OPENSSL_cleanse(az, sizeof(az)); - - return 1; + EVP_MD_free(sha512); + EVP_MD_CTX_free(hash_ctx); + return res; } static const char allzeroes[15]; @@ -5479,7 +5491,10 @@ int ED25519_verify(const uint8_t *message, size_t message_len, int i; ge_p3 A; const uint8_t *r, *s; - SHA512_CTX hash_ctx; + EVP_MD *sha512; + EVP_MD_CTX *hash_ctx = NULL; + unsigned int sz; + int res = 0; ge_p2 R; uint8_t rcheck[32]; uint8_t h[SHA512_DIGEST_LENGTH]; @@ -5526,11 +5541,19 @@ int ED25519_verify(const uint8_t *message, size_t message_len, fe_neg(A.X, A.X); fe_neg(A.T, A.T); - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, r, 32); - SHA512_Update(&hash_ctx, public_key, 32); - SHA512_Update(&hash_ctx, message, message_len); - SHA512_Final(h, &hash_ctx); + sha512 = EVP_MD_fetch(NULL, SN_sha512, NULL); + if (sha512 == NULL) + return 0; + hash_ctx = EVP_MD_CTX_new(); + if (hash_ctx == NULL) + goto err; + + if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) + || !EVP_DigestUpdate(hash_ctx, r, 32) + || !EVP_DigestUpdate(hash_ctx, public_key, 32) + || !EVP_DigestUpdate(hash_ctx, message, message_len) + || !EVP_DigestFinal_ex(hash_ctx, h, &sz)) + goto err; x25519_sc_reduce(h); @@ -5538,7 +5561,11 @@ int ED25519_verify(const uint8_t *message, size_t message_len, ge_tobytes(rcheck, &R); - return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; + res = CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; +err: + EVP_MD_free(sha512); + EVP_MD_CTX_free(hash_ctx); + return res; } void ED25519_public_from_private(uint8_t out_public_key[32], diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index d141fe7b81..4e3c630bd2 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -1156,6 +1156,7 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; ECX_KEY *key; unsigned char *privkey = NULL, *pubkey; + unsigned int sz; key = OPENSSL_zalloc(sizeof(*key)); if (key == NULL) { @@ -1174,7 +1175,9 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0) goto err; - SHA512(privkey, 32, buff); + if (!EVP_Digest(privkey, 32, buff, &sz, EVP_sha512(), NULL)) + goto err; + buff[0] &= 248; buff[31] &= 63; buff[31] |= 64; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 704268ad97..42c7127187 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -9,8 +9,8 @@ */ /* - * RC4 low level APIs are deprecated for public use, but still ok for internal - * use. + * RC4 and SHA-1 low level APIs are deprecated for public use, but still ok + * for internal use. */ #include "internal/deprecated.h" diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c index 6da6b4fd95..380cdf4a79 100644 --- a/crypto/evp/legacy_md5_sha1.c +++ b/crypto/evp/legacy_md5_sha1.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. The prov/md5_sha1.h include requires this, but this must + * be the first include loaded. + */ +#include "internal/deprecated.h" + #include "crypto/evp.h" #include "prov/md5_sha1.h" /* diverse MD5_SHA1 macros */ #include "legacy_meth.h" diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c index db289bf2b9..6d3bc0fbc3 100644 --- a/crypto/evp/legacy_sha.c +++ b/crypto/evp/legacy_sha.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * All SHA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <openssl/sha.h> /* diverse SHA macros */ #include "internal/sha3.h" /* KECCAK1600_WIDTH */ #include "crypto/evp.h" diff --git a/crypto/md5/md5_sha1.c b/crypto/md5/md5_sha1.c index 32bf9a13fc..fa2ccde30f 100644 --- a/crypto/md5/md5_sha1.c +++ b/crypto/md5/md5_sha1.c @@ -6,6 +6,13 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ + +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <string.h> #include "prov/md5_sha1.h" #include <openssl/evp.h> diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index 57bef8927f..c01baf7a6f 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include <string.h> #include <openssl/crypto.h> diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 68c0a96718..0e4a4e536c 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA-1 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <openssl/crypto.h> #include <openssl/opensslconf.h> diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 99833924b0..9006eced75 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA256 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <openssl/opensslconf.h> #include <stdlib.h> diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index c70edf572a..39ebe68558 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * SHA512 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include <stdio.h> #include <openssl/opensslconf.h> /*- * IMPLEMENTATION NOTES. |