[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Jan 15 21:06:47 UTC 2020
The branch master has been updated
via 28c690cb7dd80c15c9fa45df518c555c66ad67f8 (commit)
via fb8ce41398bae4e0b1fdba03a281b93daddc9eaf (commit)
from ed086e2318fb97ebafcd724fbfd1834e17d581d9 (commit)
- Log -----------------------------------------------------------------
commit 28c690cb7dd80c15c9fa45df518c555c66ad67f8
Author: Pauli <paul.dale at oracle.com>
Date: Tue Jan 14 08:35:12 2020 +1000
Deprecate the low level SEED functions
Use of the low level SEED functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10833)
commit fb8ce41398bae4e0b1fdba03a281b93daddc9eaf
Author: Pauli <paul.dale at oracle.com>
Date: Tue Jan 14 08:18:58 2020 +1000
seed: fix preprocessor indentation
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10833)
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 8 +--
crypto/evp/e_seed.c | 6 ++
crypto/seed/seed.c | 6 ++
crypto/seed/seed_cbc.c | 6 ++
crypto/seed/seed_cfb.c | 6 ++
crypto/seed/seed_ecb.c | 6 ++
crypto/seed/seed_ofb.c | 6 ++
include/openssl/seed.h | 84 ++++++++++++----------
providers/implementations/ciphers/cipher_seed.c | 6 ++
providers/implementations/ciphers/cipher_seed_hw.c | 6 ++
util/libcrypto.num | 14 ++--
11 files changed, 105 insertions(+), 49 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 67bf650ec2..ef14ad6380 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -380,7 +380,7 @@ static const OPT_PAIR doit_choices[] = {
{"idea-cbc", D_CBC_IDEA},
{"idea", D_CBC_IDEA},
#endif
-#ifndef OPENSSL_NO_SEED
+#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"seed-cbc", D_CBC_SEED},
{"seed", D_CBC_SEED},
#endif
@@ -1458,7 +1458,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_IDEA
IDEA_KEY_SCHEDULE idea_ks;
#endif
-#ifndef OPENSSL_NO_SEED
+#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0)
SEED_KEY_SCHEDULE seed_ks;
#endif
#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@@ -1969,7 +1969,7 @@ int speed_main(int argc, char **argv)
if (doit[D_CBC_IDEA])
IDEA_set_encrypt_key(key16, &idea_ks);
#endif
-#ifndef OPENSSL_NO_SEED
+#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_SEED])
SEED_set_key(key16, &seed_ks);
#endif
@@ -2585,7 +2585,7 @@ int speed_main(int argc, char **argv)
}
}
#endif
-#ifndef OPENSSL_NO_SEED
+#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_SEED]) {
if (async_jobs > 0) {
BIO_printf(bio_err, "Async mode is not supported with %s\n",
diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
index 9a9938deaf..224003d9dd 100644
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SEED low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_SEED
NON_EMPTY_TRANSLATION_UNIT
diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c
index 224fb1f8af..492853d5c8 100644
--- a/crypto/seed/seed.c
+++ b/crypto/seed/seed.c
@@ -34,6 +34,12 @@
*/
#ifndef OPENSSL_NO_SEED
+/*
+ * SEED low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
diff --git a/crypto/seed/seed_cbc.c b/crypto/seed/seed_cbc.c
index 26116ab727..59ebbeef58 100644
--- a/crypto/seed/seed_cbc.c
+++ b/crypto/seed/seed_cbc.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SEED low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/seed.h>
#include <openssl/modes.h>
diff --git a/crypto/seed/seed_cfb.c b/crypto/seed/seed_cfb.c
index b8ee9e9151..0e86e1696c 100644
--- a/crypto/seed/seed_cfb.c
+++ b/crypto/seed/seed_cfb.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SEED low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/seed.h>
#include <openssl/modes.h>
diff --git a/crypto/seed/seed_ecb.c b/crypto/seed/seed_ecb.c
index d7f34ec99a..b7ea0d4349 100644
--- a/crypto/seed/seed_ecb.c
+++ b/crypto/seed/seed_ecb.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SEED low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/seed.h>
void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/crypto/seed/seed_ofb.c b/crypto/seed/seed_ofb.c
index e556c440ea..3bc6c17d4d 100644
--- a/crypto/seed/seed_ofb.c
+++ b/crypto/seed/seed_ofb.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SEED low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/seed.h>
#include <openssl/modes.h>
diff --git a/include/openssl/seed.h b/include/openssl/seed.h
index 81533f203b..2e1ba2a7bc 100644
--- a/include/openssl/seed.h
+++ b/include/openssl/seed.h
@@ -44,59 +44,67 @@
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_SEED
-# include <openssl/e_os2.h>
-# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include <sys/types.h>
-#ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
-#endif
-
-/* look whether we need 'long' to get 32 bits */
-# ifdef AES_LONG
-# ifndef SEED_LONG
-# define SEED_LONG 1
# endif
-# endif
-# include <sys/types.h>
+# define SEED_BLOCK_SIZE 16
+# define SEED_KEY_LENGTH 16
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+/* look whether we need 'long' to get 32 bits */
+# ifdef AES_LONG
+# ifndef SEED_LONG
+# define SEED_LONG 1
+# endif
+# endif
-# define SEED_BLOCK_SIZE 16
-# define SEED_KEY_LENGTH 16
typedef struct seed_key_st {
-# ifdef SEED_LONG
+# ifdef SEED_LONG
unsigned long data[32];
-# else
+# else
unsigned int data[32];
-# endif
+# endif
} SEED_KEY_SCHEDULE;
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
- SEED_KEY_SCHEDULE *ks);
+DEPRECATEDIN_3_0(void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+ SEED_KEY_SCHEDULE *ks))
-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
- unsigned char d[SEED_BLOCK_SIZE],
- const SEED_KEY_SCHEDULE *ks);
-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
- unsigned char d[SEED_BLOCK_SIZE],
- const SEED_KEY_SCHEDULE *ks);
+DEPRECATEDIN_3_0(void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
+ const SEED_KEY_SCHEDULE *ks))
+DEPRECATEDIN_3_0(void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
+ const SEED_KEY_SCHEDULE *ks))
-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const SEED_KEY_SCHEDULE *ks, int enc);
-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
- const SEED_KEY_SCHEDULE *ks,
- unsigned char ivec[SEED_BLOCK_SIZE], int enc);
-void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks,
- unsigned char ivec[SEED_BLOCK_SIZE], int *num,
- int enc);
-void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks,
- unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+DEPRECATEDIN_3_0(void SEED_ecb_encrypt(const unsigned char *in,
+ unsigned char *out,
+ const SEED_KEY_SCHEDULE *ks, int enc))
+DEPRECATEDIN_3_0(void SEED_cbc_encrypt(const unsigned char *in,
+ unsigned char *out, size_t len,
+ const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE],
+ int enc))
+DEPRECATEDIN_3_0(void SEED_cfb128_encrypt(const unsigned char *in,
+ unsigned char *out, size_t len,
+ const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE],
+ int *num, int enc))
+DEPRECATEDIN_3_0(void SEED_ofb128_encrypt(const unsigned char *in,
+ unsigned char *out, size_t len,
+ const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE],
+ int *num))
-# ifdef __cplusplus
+# ifdef __cplusplus
}
-# endif
+# endif
# endif
#endif
diff --git a/providers/implementations/ciphers/cipher_seed.c b/providers/implementations/ciphers/cipher_seed.c
index ee90669fda..0c83482d4e 100644
--- a/providers/implementations/ciphers/cipher_seed.c
+++ b/providers/implementations/ciphers/cipher_seed.c
@@ -9,6 +9,12 @@
/* Dispatch functions for Seed cipher modes ecb, cbc, ofb, cfb */
+/*
+ * SEED low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "cipher_seed.h"
#include "prov/implementations.h"
diff --git a/providers/implementations/ciphers/cipher_seed_hw.c b/providers/implementations/ciphers/cipher_seed_hw.c
index 3bd3323dc0..c7dee292ea 100644
--- a/providers/implementations/ciphers/cipher_seed_hw.c
+++ b/providers/implementations/ciphers/cipher_seed_hw.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * SEED low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "cipher_seed.h"
static int cipher_hw_seed_initkey(PROV_CIPHER_CTX *ctx,
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c2eff0edb9..4484b361c3 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -233,7 +233,7 @@ d2i_ASN1_SET_ANY 236 3_0_0 EXIST::FUNCTION:
ASN1_item_i2d 238 3_0_0 EXIST::FUNCTION:
OCSP_copy_nonce 239 3_0_0 EXIST::FUNCTION:OCSP
OBJ_txt2nid 240 3_0_0 EXIST::FUNCTION:
-SEED_set_key 241 3_0_0 EXIST::FUNCTION:SEED
+SEED_set_key 241 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
EC_KEY_clear_flags 242 3_0_0 EXIST::FUNCTION:EC
CMS_RecipientInfo_ktri_get0_algs 243 3_0_0 EXIST::FUNCTION:CMS
i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:EC
@@ -360,7 +360,7 @@ CMS_signed_add1_attr_by_txt 366 3_0_0 EXIST::FUNCTION:CMS
i2d_NETSCAPE_SPKAC 367 3_0_0 EXIST::FUNCTION:
X509V3_add_value_bool_nf 368 3_0_0 EXIST::FUNCTION:
ASN1_item_verify 369 3_0_0 EXIST::FUNCTION:
-SEED_ecb_encrypt 370 3_0_0 EXIST::FUNCTION:SEED
+SEED_ecb_encrypt 370 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
X509_PUBKEY_get0_param 371 3_0_0 EXIST::FUNCTION:
ASN1_i2d_fp 372 3_0_0 EXIST::FUNCTION:STDIO
BIO_new_mem_buf 373 3_0_0 EXIST::FUNCTION:
@@ -971,7 +971,7 @@ BIO_printf 995 3_0_0 EXIST::FUNCTION:
a2i_IPADDRESS 996 3_0_0 EXIST::FUNCTION:
ERR_peek_error_line_data 997 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ERR_unload_strings 998 3_0_0 EXIST::FUNCTION:
-SEED_cfb128_encrypt 999 3_0_0 EXIST::FUNCTION:SEED
+SEED_cfb128_encrypt 999 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
ASN1_BIT_STRING_it 1000 3_0_0 EXIST::FUNCTION:
PKCS12_decrypt_skey 1001 3_0_0 EXIST::FUNCTION:
ENGINE_register_EC 1002 3_0_0 EXIST::FUNCTION:ENGINE
@@ -2094,7 +2094,7 @@ ASN1_PRINTABLE_new 2139 3_0_0 EXIST::FUNCTION:
OBJ_NAME_new_index 2140 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_add_alias 2141 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get1_DSA 2142 3_0_0 EXIST::FUNCTION:DSA
-SEED_cbc_encrypt 2143 3_0_0 EXIST::FUNCTION:SEED
+SEED_cbc_encrypt 2143 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
EVP_rc2_40_cbc 2144 3_0_0 EXIST::FUNCTION:RC2
ECDSA_SIG_new 2145 3_0_0 EXIST::FUNCTION:EC
i2d_PKCS8PrivateKey_nid_fp 2146 3_0_0 EXIST::FUNCTION:STDIO
@@ -2559,7 +2559,7 @@ OPENSSL_LH_node_usage_stats 2613 3_0_0 EXIST::FUNCTION:STDIO
DIRECTORYSTRING_it 2614 3_0_0 EXIST::FUNCTION:
BIO_write 2615 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_get_ext_by_OBJ 2616 3_0_0 EXIST::FUNCTION:OCSP
-SEED_encrypt 2617 3_0_0 EXIST::FUNCTION:SEED
+SEED_encrypt 2617 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
IPAddressRange_it 2618 3_0_0 EXIST::FUNCTION:RFC3779
PEM_read_bio_DSAPrivateKey 2619 3_0_0 EXIST::FUNCTION:DSA
CMS_get0_type 2620 3_0_0 EXIST::FUNCTION:CMS
@@ -2663,7 +2663,7 @@ i2d_TS_TST_INFO_bio 2719 3_0_0 EXIST::FUNCTION:TS
CMS_sign_receipt 2720 3_0_0 EXIST::FUNCTION:CMS
ENGINE_set_RAND 2721 3_0_0 EXIST::FUNCTION:ENGINE
X509_REVOKED_get_ext_by_OBJ 2722 3_0_0 EXIST::FUNCTION:
-SEED_decrypt 2723 3_0_0 EXIST::FUNCTION:SEED
+SEED_decrypt 2723 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
PEM_write_PKCS8PrivateKey 2724 3_0_0 EXIST::FUNCTION:STDIO
ENGINE_new 2725 3_0_0 EXIST::FUNCTION:ENGINE
X509_check_issued 2726 3_0_0 EXIST::FUNCTION:
@@ -2937,7 +2937,7 @@ RSA_padding_add_PKCS1_OAEP_mgf1 2999 3_0_0 EXIST::FUNCTION:RSA
COMP_CTX_get_type 3000 3_0_0 EXIST::FUNCTION:COMP
TS_RESP_CTX_set_status_info 3001 3_0_0 EXIST::FUNCTION:TS
BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION:
-SEED_ofb128_encrypt 3003 3_0_0 EXIST::FUNCTION:SEED
+SEED_ofb128_encrypt 3003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:RSA
DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:CMS,DH
EVP_PKEY_meth_set_signctx 3006 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list