Add sha2.h
Historically, sha.h included both SHA-1 and SHA-2 functions. But SHA-1
functions mostly shouldn't be used now, and it's useful to be able to
audit at the level of header names in some contexts.
Therefore move SHA-2 things into a new sha2.h. In order not to break
everything, sha.h now includes sha2.h so no changes are needed in
existing callers.
Change-Id: I68d5e991f58a1c74ca377ba017caaff356acc870
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/80327
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/build.json b/build.json
index 6919dea..cb50730 100644
--- a/build.json
+++ b/build.json
@@ -483,6 +483,7 @@
"include/openssl/safestack.h",
"include/openssl/service_indicator.h",
"include/openssl/sha.h",
+ "include/openssl/sha2.h",
"include/openssl/siphash.h",
"include/openssl/slhdsa.h",
"include/openssl/span.h",
diff --git a/crypto/cipher/e_aesctrhmac.cc b/crypto/cipher/e_aesctrhmac.cc
index fc4e0c5..3f624e2 100644
--- a/crypto/cipher/e_aesctrhmac.cc
+++ b/crypto/cipher/e_aesctrhmac.cc
@@ -19,7 +19,7 @@
#include <openssl/cipher.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../fipsmodule/aes/internal.h"
#include "../fipsmodule/cipher/internal.h"
diff --git a/crypto/cipher/internal.h b/crypto/cipher/internal.h
index 3b0fb7c..1a517bb 100644
--- a/crypto/cipher/internal.h
+++ b/crypto/cipher/internal.h
@@ -19,6 +19,7 @@
#include <stdlib.h>
#include <openssl/base.h>
+#include <openssl/sha.h>
#include "../internal.h"
@@ -129,7 +130,7 @@
} out;
};
-#if (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
+#if (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
!defined(OPENSSL_NO_ASM)
static_assert(sizeof(union chacha20_poly1305_open_data) == 48,
diff --git a/crypto/curve25519/curve25519.cc b/crypto/curve25519/curve25519.cc
index 3d44337..cbdb257 100644
--- a/crypto/curve25519/curve25519.cc
+++ b/crypto/curve25519/curve25519.cc
@@ -24,7 +24,7 @@
#include <openssl/mem.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../internal.h"
#include "internal.h"
diff --git a/crypto/curve25519/spake25519.cc b/crypto/curve25519/spake25519.cc
index 5b58086..2a3164b 100644
--- a/crypto/curve25519/spake25519.cc
+++ b/crypto/curve25519/spake25519.cc
@@ -20,7 +20,7 @@
#include <openssl/bytestring.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../fipsmodule/bn/internal.h"
#include "../internal.h"
diff --git a/crypto/digest/digest_extra.cc b/crypto/digest/digest_extra.cc
index 309b61c..4312142 100644
--- a/crypto/digest/digest_extra.cc
+++ b/crypto/digest/digest_extra.cc
@@ -22,6 +22,7 @@
#include <openssl/md5.h>
#include <openssl/nid.h>
#include <openssl/obj.h>
+#include <openssl/sha.h>
#include "../asn1/internal.h"
#include "../fipsmodule/digest/internal.h"
diff --git a/crypto/dsa/dsa.cc b/crypto/dsa/dsa.cc
index 0380525..c1dcd3b 100644
--- a/crypto/dsa/dsa.cc
+++ b/crypto/dsa/dsa.cc
@@ -24,7 +24,7 @@
#include <openssl/ex_data.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../fipsmodule/bn/internal.h"
#include "../fipsmodule/dh/internal.h"
diff --git a/crypto/ecdh/ecdh_test.cc b/crypto/ecdh/ecdh_test.cc
index a740484..2921a1a 100644
--- a/crypto/ecdh/ecdh_test.cc
+++ b/crypto/ecdh/ecdh_test.cc
@@ -28,7 +28,7 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/nid.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../test/file_test.h"
#include "../test/test_util.h"
diff --git a/crypto/fipsmodule/bcm.cc b/crypto/fipsmodule/bcm.cc
index e862014..227e524 100644
--- a/crypto/fipsmodule/bcm.cc
+++ b/crypto/fipsmodule/bcm.cc
@@ -26,7 +26,7 @@
#include <openssl/digest.h>
#include <openssl/hmac.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../bcm_support.h"
#include "../internal.h"
diff --git a/crypto/fipsmodule/rand/ctrdrbg_test.cc b/crypto/fipsmodule/rand/ctrdrbg_test.cc
index 886db83..1a1c40b 100644
--- a/crypto/fipsmodule/rand/ctrdrbg_test.cc
+++ b/crypto/fipsmodule/rand/ctrdrbg_test.cc
@@ -15,7 +15,7 @@
#include <gtest/gtest.h>
#include <openssl/ctrdrbg.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "internal.h"
#include "../../test/file_test.h"
diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
index 571f806..734af72 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator_test.cc
+++ b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -32,6 +32,7 @@
#include <openssl/md5.h>
#include <openssl/rand.h> // TODO(bbe): only for RAND_bytes call below, replace with BCM call
#include <openssl/rsa.h>
+#include <openssl/sha.h>
#include "../../test/abi_test.h"
#include "../../test/test_util.h"
@@ -74,7 +75,7 @@
}
}
- FIPSIndicatorHelper(const FIPSIndicatorHelper&) = delete;
+ FIPSIndicatorHelper(const FIPSIndicatorHelper &) = delete;
FIPSIndicatorHelper &operator=(const FIPSIndicatorHelper &) = delete;
private:
diff --git a/crypto/fipsmodule/slhdsa/thash.cc.inc b/crypto/fipsmodule/slhdsa/thash.cc.inc
index 6aa3d4d..448ac0f 100644
--- a/crypto/fipsmodule/slhdsa/thash.cc.inc
+++ b/crypto/fipsmodule/slhdsa/thash.cc.inc
@@ -17,7 +17,7 @@
#include <assert.h>
#include <string.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../../internal.h"
#include "./params.h"
diff --git a/crypto/hpke/hpke.cc b/crypto/hpke/hpke.cc
index bd10775..5d8e54c 100644
--- a/crypto/hpke/hpke.cc
+++ b/crypto/hpke/hpke.cc
@@ -27,7 +27,7 @@
#include <openssl/hkdf.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../fipsmodule/ec/internal.h"
#include "../internal.h"
diff --git a/crypto/hpke/hpke_test.cc b/crypto/hpke/hpke_test.cc
index 06d8cf0..4503257 100644
--- a/crypto/hpke/hpke_test.cc
+++ b/crypto/hpke/hpke_test.cc
@@ -27,7 +27,7 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/span.h>
#include "../test/file_test.h"
diff --git a/crypto/hrss/hrss.cc b/crypto/hrss/hrss.cc
index 81807c2..35311ef 100644
--- a/crypto/hrss/hrss.cc
+++ b/crypto/hrss/hrss.cc
@@ -23,7 +23,7 @@
#include <openssl/hmac.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../internal.h"
#include "internal.h"
diff --git a/crypto/sha/sha256.cc b/crypto/sha/sha256.cc
index 9a0b6cb..b3f40ce 100644
--- a/crypto/sha/sha256.cc
+++ b/crypto/sha/sha256.cc
@@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/mem.h>
diff --git a/crypto/sha/sha512.cc b/crypto/sha/sha512.cc
index 40a2a79..a24f717 100644
--- a/crypto/sha/sha512.cc
+++ b/crypto/sha/sha512.cc
@@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/mem.h>
diff --git a/crypto/spake2plus/internal.h b/crypto/spake2plus/internal.h
index c5c99cd..7344c57 100644
--- a/crypto/spake2plus/internal.h
+++ b/crypto/spake2plus/internal.h
@@ -19,7 +19,7 @@
#include <sys/types.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/span.h>
#include "../fipsmodule/ec/internal.h"
diff --git a/crypto/spake2plus/spake2plus.cc b/crypto/spake2plus/spake2plus.cc
index 2e29f1f..edf2629 100644
--- a/crypto/spake2plus/spake2plus.cc
+++ b/crypto/spake2plus/spake2plus.cc
@@ -27,7 +27,7 @@
#include <openssl/hmac.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../fipsmodule/bn/internal.h"
#include "../fipsmodule/ec/internal.h"
diff --git a/crypto/trust_token/pmbtoken.cc b/crypto/trust_token/pmbtoken.cc
index 09b5de2..58ba28f 100644
--- a/crypto/trust_token/pmbtoken.cc
+++ b/crypto/trust_token/pmbtoken.cc
@@ -21,7 +21,7 @@
#include <openssl/mem.h>
#include <openssl/nid.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../ec/internal.h"
#include "../fipsmodule/bn/internal.h"
diff --git a/crypto/trust_token/trust_token.cc b/crypto/trust_token/trust_token.cc
index 41ef6b7..a5c2b87 100644
--- a/crypto/trust_token/trust_token.cc
+++ b/crypto/trust_token/trust_token.cc
@@ -16,7 +16,7 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/mem.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/trust_token.h>
#include "internal.h"
diff --git a/crypto/trust_token/trust_token_test.cc b/crypto/trust_token/trust_token_test.cc
index 5c89807..97875c3 100644
--- a/crypto/trust_token/trust_token_test.cc
+++ b/crypto/trust_token/trust_token_test.cc
@@ -31,7 +31,7 @@
#include <openssl/evp.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/trust_token.h>
#include "../ec/internal.h"
diff --git a/crypto/trust_token/voprf.cc b/crypto/trust_token/voprf.cc
index 02ba58d..9eca4bf 100644
--- a/crypto/trust_token/voprf.cc
+++ b/crypto/trust_token/voprf.cc
@@ -21,7 +21,7 @@
#include <openssl/mem.h>
#include <openssl/nid.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../ec/internal.h"
#include "../fipsmodule/ec/internal.h"
diff --git a/fuzz/crl_getcrlstatusforcert_fuzzer.cc b/fuzz/crl_getcrlstatusforcert_fuzzer.cc
index 800458e..2e77e17 100644
--- a/fuzz/crl_getcrlstatusforcert_fuzzer.cc
+++ b/fuzz/crl_getcrlstatusforcert_fuzzer.cc
@@ -18,7 +18,7 @@
#include "../pki/crl.h"
#include "../pki/input.h"
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
const bssl::der::Input input_der(data, size);
diff --git a/gen/sources.bzl b/gen/sources.bzl
index 1cc5d0c..dc70c3f 100644
--- a/gen/sources.bzl
+++ b/gen/sources.bzl
@@ -584,6 +584,7 @@
"include/openssl/safestack.h",
"include/openssl/service_indicator.h",
"include/openssl/sha.h",
+ "include/openssl/sha2.h",
"include/openssl/siphash.h",
"include/openssl/slhdsa.h",
"include/openssl/span.h",
diff --git a/gen/sources.cmake b/gen/sources.cmake
index 99ddde4..df53126 100644
--- a/gen/sources.cmake
+++ b/gen/sources.cmake
@@ -600,6 +600,7 @@
include/openssl/safestack.h
include/openssl/service_indicator.h
include/openssl/sha.h
+ include/openssl/sha2.h
include/openssl/siphash.h
include/openssl/slhdsa.h
include/openssl/span.h
diff --git a/gen/sources.gni b/gen/sources.gni
index a900f27..c6d3ef1 100644
--- a/gen/sources.gni
+++ b/gen/sources.gni
@@ -584,6 +584,7 @@
"include/openssl/safestack.h",
"include/openssl/service_indicator.h",
"include/openssl/sha.h",
+ "include/openssl/sha2.h",
"include/openssl/siphash.h",
"include/openssl/slhdsa.h",
"include/openssl/span.h",
diff --git a/gen/sources.json b/gen/sources.json
index c045f3d..8e07625 100644
--- a/gen/sources.json
+++ b/gen/sources.json
@@ -567,6 +567,7 @@
"include/openssl/safestack.h",
"include/openssl/service_indicator.h",
"include/openssl/sha.h",
+ "include/openssl/sha2.h",
"include/openssl/siphash.h",
"include/openssl/slhdsa.h",
"include/openssl/span.h",
diff --git a/gen/sources.mk b/gen/sources.mk
index 29460cf..05e0f9f 100644
--- a/gen/sources.mk
+++ b/gen/sources.mk
@@ -577,6 +577,7 @@
include/openssl/safestack.h \
include/openssl/service_indicator.h \
include/openssl/sha.h \
+ include/openssl/sha2.h \
include/openssl/siphash.h \
include/openssl/slhdsa.h \
include/openssl/span.h \
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index ca1ca2f..ffae26b 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -16,7 +16,7 @@
#define OPENSSL_HEADER_CRYPTO_H
#include <openssl/base.h> // IWYU pragma: export
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
// Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than
// mem.h.
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index 27435e5..4ac28eb 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -15,8 +15,13 @@
#ifndef OPENSSL_HEADER_SHA_H
#define OPENSSL_HEADER_SHA_H
-#include <openssl/base.h> // IWYU pragma: export
-#include <openssl/bcm_public.h> // IWYU pragma: export
+#include <openssl/base.h> // IWYU pragma: export
+#include <openssl/bcm_public.h> // IWYU pragma: export
+
+// `sha.h` historically included SHA-1 and SHA-2 hash functions. So, for
+// backward compatibility `sha2.h` is included here. New uses of this header
+// should include sha2.h unless SHA-1 family functions are required.
+#include <openssl/sha2.h> // IWYU pragma: export
#if defined(__cplusplus)
extern "C" {
@@ -74,160 +79,6 @@
uint8_t *out, size_t out_len, const uint8_t xkey[SHA_DIGEST_LENGTH]);
-// SHA-224.
-
-// SHA224_CBLOCK is the block size of SHA-224.
-#define SHA224_CBLOCK 64
-
-// SHA224_DIGEST_LENGTH is the length of a SHA-224 digest.
-#define SHA224_DIGEST_LENGTH 28
-
-// SHA224_Init initialises |sha| and returns 1.
-OPENSSL_EXPORT int SHA224_Init(SHA256_CTX *sha);
-
-// SHA224_Update adds |len| bytes from |data| to |sha| and returns 1.
-OPENSSL_EXPORT int SHA224_Update(SHA256_CTX *sha, const void *data, size_t len);
-
-// SHA224_Final adds the final padding to |sha| and writes the resulting digest
-// to |out|, which must have at least |SHA224_DIGEST_LENGTH| bytes of space. It
-// returns 1.
-OPENSSL_EXPORT int SHA224_Final(uint8_t out[SHA224_DIGEST_LENGTH],
- SHA256_CTX *sha);
-
-// SHA224 writes the digest of |len| bytes from |data| to |out| and returns
-// |out|. There must be at least |SHA224_DIGEST_LENGTH| bytes of space in
-// |out|.
-OPENSSL_EXPORT uint8_t *SHA224(const uint8_t *data, size_t len,
- uint8_t out[SHA224_DIGEST_LENGTH]);
-
-
-// SHA-256.
-
-// SHA256_CBLOCK is the block size of SHA-256.
-#define SHA256_CBLOCK 64
-
-// SHA256_DIGEST_LENGTH is the length of a SHA-256 digest.
-#define SHA256_DIGEST_LENGTH 32
-
-// SHA256_Init initialises |sha| and returns 1.
-OPENSSL_EXPORT int SHA256_Init(SHA256_CTX *sha);
-
-// SHA256_Update adds |len| bytes from |data| to |sha| and returns 1.
-OPENSSL_EXPORT int SHA256_Update(SHA256_CTX *sha, const void *data, size_t len);
-
-// SHA256_Final adds the final padding to |sha| and writes the resulting digest
-// to |out|, which must have at least |SHA256_DIGEST_LENGTH| bytes of space. It
-// returns one on success and zero on programmer error.
-OPENSSL_EXPORT int SHA256_Final(uint8_t out[SHA256_DIGEST_LENGTH],
- SHA256_CTX *sha);
-
-// SHA256 writes the digest of |len| bytes from |data| to |out| and returns
-// |out|. There must be at least |SHA256_DIGEST_LENGTH| bytes of space in
-// |out|.
-OPENSSL_EXPORT uint8_t *SHA256(const uint8_t *data, size_t len,
- uint8_t out[SHA256_DIGEST_LENGTH]);
-
-// SHA256_Transform is a low-level function that performs a single, SHA-256
-// block transformation using the state from |sha| and |SHA256_CBLOCK| bytes
-// from |block|.
-OPENSSL_EXPORT void SHA256_Transform(SHA256_CTX *sha,
- const uint8_t block[SHA256_CBLOCK]);
-
-// SHA256_TransformBlocks is a low-level function that takes |num_blocks| *
-// |SHA256_CBLOCK| bytes of data and performs SHA-256 transforms on it to update
-// |state|. You should not use this function unless you are implementing a
-// derivative of SHA-256.
-OPENSSL_EXPORT void SHA256_TransformBlocks(uint32_t state[8],
- const uint8_t *data,
- size_t num_blocks);
-
-
-// SHA-384.
-
-// SHA384_CBLOCK is the block size of SHA-384.
-#define SHA384_CBLOCK 128
-
-// SHA384_DIGEST_LENGTH is the length of a SHA-384 digest.
-#define SHA384_DIGEST_LENGTH 48
-
-// SHA384_Init initialises |sha| and returns 1.
-OPENSSL_EXPORT int SHA384_Init(SHA512_CTX *sha);
-
-// SHA384_Update adds |len| bytes from |data| to |sha| and returns 1.
-OPENSSL_EXPORT int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len);
-
-// SHA384_Final adds the final padding to |sha| and writes the resulting digest
-// to |out|, which must have at least |SHA384_DIGEST_LENGTH| bytes of space. It
-// returns one on success and zero on programmer error.
-OPENSSL_EXPORT int SHA384_Final(uint8_t out[SHA384_DIGEST_LENGTH],
- SHA512_CTX *sha);
-
-// SHA384 writes the digest of |len| bytes from |data| to |out| and returns
-// |out|. There must be at least |SHA384_DIGEST_LENGTH| bytes of space in
-// |out|.
-OPENSSL_EXPORT uint8_t *SHA384(const uint8_t *data, size_t len,
- uint8_t out[SHA384_DIGEST_LENGTH]);
-
-
-// SHA-512.
-
-// SHA512_CBLOCK is the block size of SHA-512.
-#define SHA512_CBLOCK 128
-
-// SHA512_DIGEST_LENGTH is the length of a SHA-512 digest.
-#define SHA512_DIGEST_LENGTH 64
-
-// SHA512_Init initialises |sha| and returns 1.
-OPENSSL_EXPORT int SHA512_Init(SHA512_CTX *sha);
-
-// SHA512_Update adds |len| bytes from |data| to |sha| and returns 1.
-OPENSSL_EXPORT int SHA512_Update(SHA512_CTX *sha, const void *data, size_t len);
-
-// SHA512_Final adds the final padding to |sha| and writes the resulting digest
-// to |out|, which must have at least |SHA512_DIGEST_LENGTH| bytes of space. It
-// returns one on success and zero on programmer error.
-OPENSSL_EXPORT int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH],
- SHA512_CTX *sha);
-
-// SHA512 writes the digest of |len| bytes from |data| to |out| and returns
-// |out|. There must be at least |SHA512_DIGEST_LENGTH| bytes of space in
-// |out|.
-OPENSSL_EXPORT uint8_t *SHA512(const uint8_t *data, size_t len,
- uint8_t out[SHA512_DIGEST_LENGTH]);
-
-// SHA512_Transform is a low-level function that performs a single, SHA-512
-// block transformation using the state from |sha| and |SHA512_CBLOCK| bytes
-// from |block|.
-OPENSSL_EXPORT void SHA512_Transform(SHA512_CTX *sha,
- const uint8_t block[SHA512_CBLOCK]);
-
-
-// SHA-512-256
-//
-// See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf section 5.3.6
-
-#define SHA512_256_DIGEST_LENGTH 32
-
-// SHA512_256_Init initialises |sha| and returns 1.
-OPENSSL_EXPORT int SHA512_256_Init(SHA512_CTX *sha);
-
-// SHA512_256_Update adds |len| bytes from |data| to |sha| and returns 1.
-OPENSSL_EXPORT int SHA512_256_Update(SHA512_CTX *sha, const void *data,
- size_t len);
-
-// SHA512_256_Final adds the final padding to |sha| and writes the resulting
-// digest to |out|, which must have at least |SHA512_256_DIGEST_LENGTH| bytes of
-// space. It returns one on success and zero on programmer error.
-OPENSSL_EXPORT int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH],
- SHA512_CTX *sha);
-
-// SHA512_256 writes the digest of |len| bytes from |data| to |out| and returns
-// |out|. There must be at least |SHA512_256_DIGEST_LENGTH| bytes of space in
-// |out|.
-OPENSSL_EXPORT uint8_t *SHA512_256(const uint8_t *data, size_t len,
- uint8_t out[SHA512_256_DIGEST_LENGTH]);
-
-
#if defined(__cplusplus)
} // extern C
#endif
diff --git a/include/openssl/sha2.h b/include/openssl/sha2.h
new file mode 100644
index 0000000..286c416
--- /dev/null
+++ b/include/openssl/sha2.h
@@ -0,0 +1,184 @@
+// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef OPENSSL_HEADER_SHA2_H
+#define OPENSSL_HEADER_SHA2_H
+
+#include <openssl/base.h> // IWYU pragma: export
+#include <openssl/bcm_public.h> // IWYU pragma: export
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+// SHA-224.
+
+// SHA224_CBLOCK is the block size of SHA-224.
+#define SHA224_CBLOCK 64
+
+// SHA224_DIGEST_LENGTH is the length of a SHA-224 digest.
+#define SHA224_DIGEST_LENGTH 28
+
+// SHA224_Init initialises |sha| and returns 1.
+OPENSSL_EXPORT int SHA224_Init(SHA256_CTX *sha);
+
+// SHA224_Update adds |len| bytes from |data| to |sha| and returns 1.
+OPENSSL_EXPORT int SHA224_Update(SHA256_CTX *sha, const void *data, size_t len);
+
+// SHA224_Final adds the final padding to |sha| and writes the resulting digest
+// to |out|, which must have at least |SHA224_DIGEST_LENGTH| bytes of space. It
+// returns 1.
+OPENSSL_EXPORT int SHA224_Final(uint8_t out[SHA224_DIGEST_LENGTH],
+ SHA256_CTX *sha);
+
+// SHA224 writes the digest of |len| bytes from |data| to |out| and returns
+// |out|. There must be at least |SHA224_DIGEST_LENGTH| bytes of space in
+// |out|.
+OPENSSL_EXPORT uint8_t *SHA224(const uint8_t *data, size_t len,
+ uint8_t out[SHA224_DIGEST_LENGTH]);
+
+
+// SHA-256.
+
+// SHA256_CBLOCK is the block size of SHA-256.
+#define SHA256_CBLOCK 64
+
+// SHA256_DIGEST_LENGTH is the length of a SHA-256 digest.
+#define SHA256_DIGEST_LENGTH 32
+
+// SHA256_Init initialises |sha| and returns 1.
+OPENSSL_EXPORT int SHA256_Init(SHA256_CTX *sha);
+
+// SHA256_Update adds |len| bytes from |data| to |sha| and returns 1.
+OPENSSL_EXPORT int SHA256_Update(SHA256_CTX *sha, const void *data, size_t len);
+
+// SHA256_Final adds the final padding to |sha| and writes the resulting digest
+// to |out|, which must have at least |SHA256_DIGEST_LENGTH| bytes of space. It
+// returns one on success and zero on programmer error.
+OPENSSL_EXPORT int SHA256_Final(uint8_t out[SHA256_DIGEST_LENGTH],
+ SHA256_CTX *sha);
+
+// SHA256 writes the digest of |len| bytes from |data| to |out| and returns
+// |out|. There must be at least |SHA256_DIGEST_LENGTH| bytes of space in
+// |out|.
+OPENSSL_EXPORT uint8_t *SHA256(const uint8_t *data, size_t len,
+ uint8_t out[SHA256_DIGEST_LENGTH]);
+
+// SHA256_Transform is a low-level function that performs a single, SHA-256
+// block transformation using the state from |sha| and |SHA256_CBLOCK| bytes
+// from |block|.
+OPENSSL_EXPORT void SHA256_Transform(SHA256_CTX *sha,
+ const uint8_t block[SHA256_CBLOCK]);
+
+// SHA256_TransformBlocks is a low-level function that takes |num_blocks| *
+// |SHA256_CBLOCK| bytes of data and performs SHA-256 transforms on it to update
+// |state|. You should not use this function unless you are implementing a
+// derivative of SHA-256.
+OPENSSL_EXPORT void SHA256_TransformBlocks(uint32_t state[8],
+ const uint8_t *data,
+ size_t num_blocks);
+
+
+// SHA-384.
+
+// SHA384_CBLOCK is the block size of SHA-384.
+#define SHA384_CBLOCK 128
+
+// SHA384_DIGEST_LENGTH is the length of a SHA-384 digest.
+#define SHA384_DIGEST_LENGTH 48
+
+// SHA384_Init initialises |sha| and returns 1.
+OPENSSL_EXPORT int SHA384_Init(SHA512_CTX *sha);
+
+// SHA384_Update adds |len| bytes from |data| to |sha| and returns 1.
+OPENSSL_EXPORT int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len);
+
+// SHA384_Final adds the final padding to |sha| and writes the resulting digest
+// to |out|, which must have at least |SHA384_DIGEST_LENGTH| bytes of space. It
+// returns one on success and zero on programmer error.
+OPENSSL_EXPORT int SHA384_Final(uint8_t out[SHA384_DIGEST_LENGTH],
+ SHA512_CTX *sha);
+
+// SHA384 writes the digest of |len| bytes from |data| to |out| and returns
+// |out|. There must be at least |SHA384_DIGEST_LENGTH| bytes of space in
+// |out|.
+OPENSSL_EXPORT uint8_t *SHA384(const uint8_t *data, size_t len,
+ uint8_t out[SHA384_DIGEST_LENGTH]);
+
+
+// SHA-512.
+
+// SHA512_CBLOCK is the block size of SHA-512.
+#define SHA512_CBLOCK 128
+
+// SHA512_DIGEST_LENGTH is the length of a SHA-512 digest.
+#define SHA512_DIGEST_LENGTH 64
+
+// SHA512_Init initialises |sha| and returns 1.
+OPENSSL_EXPORT int SHA512_Init(SHA512_CTX *sha);
+
+// SHA512_Update adds |len| bytes from |data| to |sha| and returns 1.
+OPENSSL_EXPORT int SHA512_Update(SHA512_CTX *sha, const void *data, size_t len);
+
+// SHA512_Final adds the final padding to |sha| and writes the resulting digest
+// to |out|, which must have at least |SHA512_DIGEST_LENGTH| bytes of space. It
+// returns one on success and zero on programmer error.
+OPENSSL_EXPORT int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH],
+ SHA512_CTX *sha);
+
+// SHA512 writes the digest of |len| bytes from |data| to |out| and returns
+// |out|. There must be at least |SHA512_DIGEST_LENGTH| bytes of space in
+// |out|.
+OPENSSL_EXPORT uint8_t *SHA512(const uint8_t *data, size_t len,
+ uint8_t out[SHA512_DIGEST_LENGTH]);
+
+// SHA512_Transform is a low-level function that performs a single, SHA-512
+// block transformation using the state from |sha| and |SHA512_CBLOCK| bytes
+// from |block|.
+OPENSSL_EXPORT void SHA512_Transform(SHA512_CTX *sha,
+ const uint8_t block[SHA512_CBLOCK]);
+
+
+// SHA-512-256
+//
+// See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf section 5.3.6
+
+#define SHA512_256_DIGEST_LENGTH 32
+
+// SHA512_256_Init initialises |sha| and returns 1.
+OPENSSL_EXPORT int SHA512_256_Init(SHA512_CTX *sha);
+
+// SHA512_256_Update adds |len| bytes from |data| to |sha| and returns 1.
+OPENSSL_EXPORT int SHA512_256_Update(SHA512_CTX *sha, const void *data,
+ size_t len);
+
+// SHA512_256_Final adds the final padding to |sha| and writes the resulting
+// digest to |out|, which must have at least |SHA512_256_DIGEST_LENGTH| bytes of
+// space. It returns one on success and zero on programmer error.
+OPENSSL_EXPORT int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH],
+ SHA512_CTX *sha);
+
+// SHA512_256 writes the digest of |len| bytes from |data| to |out| and returns
+// |out|. There must be at least |SHA512_256_DIGEST_LENGTH| bytes of space in
+// |out|.
+OPENSSL_EXPORT uint8_t *SHA512_256(const uint8_t *data, size_t len,
+ uint8_t out[SHA512_256_DIGEST_LENGTH]);
+
+
+#if defined(__cplusplus)
+} // extern C
+#endif
+
+#endif // OPENSSL_HEADER_SHA2_H
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index e1e3a9c..0cd8716 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -34,7 +34,7 @@
#include <openssl/pkcs7.h>
#include <openssl/pool.h>
#include <openssl/rsa.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/stack.h>
#include <openssl/x509v3_errors.h> // IWYU pragma: export
diff --git a/pki/path_builder.cc b/pki/path_builder.cc
index d3b396d..876cc9b 100644
--- a/pki/path_builder.cc
+++ b/pki/path_builder.cc
@@ -21,7 +21,7 @@
#include <openssl/base.h>
#include <openssl/pki/verify_error.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "cert_issuer_source.h"
#include "certificate_policies.h"
diff --git a/pki/verify_signed_data.cc b/pki/verify_signed_data.cc
index 668598c..e77dcc4 100644
--- a/pki/verify_signed_data.cc
+++ b/pki/verify_signed_data.cc
@@ -20,7 +20,7 @@
#include <openssl/evp.h>
#include <openssl/pki/signature_verify_cache.h>
#include <openssl/rsa.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "cert_errors.h"
#include "input.h"
diff --git a/pki/verify_unittest.cc b/pki/verify_unittest.cc
index 98f5195..de70632 100644
--- a/pki/verify_unittest.cc
+++ b/pki/verify_unittest.cc
@@ -21,7 +21,7 @@
#include <gtest/gtest.h>
#include <openssl/pki/verify.h>
#include <openssl/pki/verify_error.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "test_helpers.h"
diff --git a/rust/bssl-sys/wrapper.h b/rust/bssl-sys/wrapper.h
index 6428234..b8e328b 100644
--- a/rust/bssl-sys/wrapper.h
+++ b/rust/bssl-sys/wrapper.h
@@ -63,7 +63,7 @@
#include <openssl/ripemd.h>
#include <openssl/rsa.h>
#include <openssl/safestack.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/siphash.h>
#include <openssl/slhdsa.h>
#include <openssl/span.h>
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 4ce8d18..77d02fd 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -34,7 +34,7 @@
#include <openssl/md5.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../crypto/internal.h"
#include "internal.h"
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index a37a06f..d30cabb 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -29,7 +29,7 @@
#include <openssl/mem.h>
#include <openssl/nid.h>
#include <openssl/rand.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include "../crypto/internal.h"
#include "internal.h"
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index abff5c9..ae330da 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc
@@ -26,7 +26,7 @@
#include <openssl/ec_key.h>
#include <openssl/err.h>
#include <openssl/mem.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/x509.h>
#include "../crypto/internal.h"
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index eca654f..e18ad11 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -24,7 +24,7 @@
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/mem.h>
-#include <openssl/sha.h>
+#include <openssl/sha2.h>
#include <openssl/stack.h>
#include "../crypto/internal.h"
