[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Mon Apr 10 10:11:09 UTC 2017
The branch master has been updated
via f120fa1efe6377850d1ecd389a02e0e2241912bc (commit)
via e361a7b285f954aead44f70f0dde35e120e1e0b3 (commit)
via 676cc3a67faf8170be910c2149d65616697cb126 (commit)
via 6a32a3c058dbd9fa7cec5b020e4f027808972e4a (commit)
via 31ae516116343defd39d5b5ee800fa25eeab7638 (commit)
via 7eb4c1eb50785c0b32f52e8a5bf20328b6baca34 (commit)
via 64f11ee88883af8995d2991307ff3fb560a96fa6 (commit)
from ce57ac431964f7692af674fd124103d6fe07af2e (commit)
- Log -----------------------------------------------------------------
commit f120fa1efe6377850d1ecd389a02e0e2241912bc
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Apr 6 14:11:19 2017 +0200
Fix util/mkdef.pl
The deprecation checking code here didn't work the same way as in
Configure, and used $config{options} to find an --api= option that
was never there. This is replaced with checking $config{api}, which
is the controlling variable for deprecation.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit e361a7b285f954aead44f70f0dde35e120e1e0b3
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 5 22:38:03 2017 +0200
Add a note in CHANGES
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 676cc3a67faf8170be910c2149d65616697cb126
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 5 17:06:01 2017 +0200
Act on deprecation of LONG and ZLONG, step 3
Teach util/mkdef.pl to recognise these lines:
#if OPENSSL_API_COMPAT < 0xXXXXXXXXL
#if OPENSSL_API_COMPAT >= 0xXXXXXXXXL
and add corresponding markers in util/*.num
A final 'make update' sets those markers right for LONG and ZLONG.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 6a32a3c058dbd9fa7cec5b020e4f027808972e4a
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 5 13:24:14 2017 +0200
Act on deprecation of LONG and ZLONG, step 2
Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 31ae516116343defd39d5b5ee800fa25eeab7638
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 5 13:21:06 2017 +0200
Act on deprecation of LONG and ZLONG, step 1
Don't compile code that still uses LONG when it's deprecated
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 7eb4c1eb50785c0b32f52e8a5bf20328b6baca34
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 5 12:09:21 2017 +0200
Discourage the use of LONG and ZLONG, and deprecate it in the future
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 64f11ee88883af8995d2991307ff3fb560a96fa6
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Apr 5 12:07:48 2017 +0200
Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 6 ++++++
crypto/asn1/asn1_item_list.h | 12 +++++++++++
crypto/asn1/evp_asn1.c | 4 ++--
crypto/asn1/n_pkey.c | 4 ++--
crypto/asn1/x_int64.c | 2 +-
crypto/asn1/x_long.c | 4 ++++
crypto/cms/cms_asn1.c | 26 +++++++++++-----------
crypto/cms/cms_lcl.h | 26 +++++++++++-----------
crypto/dh/dh_asn1.c | 2 +-
crypto/dh/dh_locl.h | 2 +-
crypto/dsa/dsa_asn1.c | 2 +-
crypto/dsa/dsa_locl.h | 2 +-
crypto/ec/ec_asn1.c | 24 ++++++++++-----------
crypto/rsa/rsa_asn1.c | 2 +-
crypto/rsa/rsa_locl.h | 2 +-
fuzz/asn1.c | 12 +++++++++++
include/internal/asn1t.h | 19 -----------------
include/openssl/asn1t.h | 16 ++++++++++++++
ssl/ssl_asn1.c | 2 +-
test/asn1_encode_test.c | 8 ++++++-
util/libcrypto.num | 8 +++----
util/mkdef.pl | 51 +++++++++++++++++++++++++++-----------------
22 files changed, 142 insertions(+), 94 deletions(-)
delete mode 100644 include/internal/asn1t.h
diff --git a/CHANGES b/CHANGES
index 72c78ea..3617e8f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
Changes between 1.1.0e and 1.1.1 [xx XXX xxxx]
+ *) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed
+ with Z. These are meant to replace LONG and ZLONG and to be size safe.
+ The use of LONG and ZLONG is discouraged and scheduled for deprecation
+ in OpenSSL 1.2.0.
+ [Richard Levitte]
+
*) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string,
'z' is to be used for [s]size_t, and 'j' - with [u]int64_t.
[Richard Levitte, Andy Polyakov]
diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h
index 909ea3e..27608b7 100644
--- a/crypto/asn1/asn1_item_list.h
+++ b/crypto/asn1/asn1_item_list.h
@@ -78,7 +78,9 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(IPAddressRange),
#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
ASN1_ITEM_ref(LONG),
+#endif
ASN1_ITEM_ref(NAME_CONSTRAINTS),
ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
ASN1_ITEM_ref(NETSCAPE_SPKAC),
@@ -159,5 +161,15 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(X509_SIG),
ASN1_ITEM_ref(X509_VAL),
ASN1_ITEM_ref(X509),
+#if OPENSSL_API_COMPAT < 0x10200000L
ASN1_ITEM_ref(ZLONG),
+#endif
+ ASN1_ITEM_ref(INT32),
+ ASN1_ITEM_ref(UINT32),
+ ASN1_ITEM_ref(ZINT32),
+ ASN1_ITEM_ref(ZUINT32),
+ ASN1_ITEM_ref(INT64),
+ ASN1_ITEM_ref(UINT64),
+ ASN1_ITEM_ref(ZINT64),
+ ASN1_ITEM_ref(ZUINT64),
};
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index a458367..718e688 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -47,12 +47,12 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l
}
typedef struct {
- long num;
+ int32_t num;
ASN1_OCTET_STRING *oct;
} asn1_int_oct;
ASN1_SEQUENCE(asn1_int_oct) = {
- ASN1_SIMPLE(asn1_int_oct, num, LONG),
+ ASN1_SIMPLE(asn1_int_oct, num, INT32),
ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(asn1_int_oct)
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 267ce60..34a0d03 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -23,7 +23,7 @@ NON_EMPTY_TRANSLATION_UNIT
# ifndef OPENSSL_NO_RC4
typedef struct netscape_pkey_st {
- long version;
+ int32_t version;
X509_ALGOR *algor;
ASN1_OCTET_STRING *private_key;
} NETSCAPE_PKEY;
@@ -48,7 +48,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_P
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
ASN1_SEQUENCE(NETSCAPE_PKEY) = {
- ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+ ASN1_SIMPLE(NETSCAPE_PKEY, version, INT32),
ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
index d180a3b..9da692c 100644
--- a/crypto/asn1/x_int64.c
+++ b/crypto/asn1/x_int64.c
@@ -9,8 +9,8 @@
#include <stdio.h>
#include "internal/cryptlib.h"
-#include "internal/asn1t.h"
#include "internal/numbers.h"
+#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include "asn1_locl.h"
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index 5895345..4bb6611 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -11,6 +11,9 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
+#if !(OPENSSL_API_COMPAT < 0x10200000L)
+NON_EMPTY_TRANSLATION_UNIT
+#else
/*
* Custom primitive type for long handling. This converts between an
* ASN1_INTEGER and a long directly.
@@ -194,3 +197,4 @@ static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
return BIO_printf(out, "%ld\n", *(long *)pval);
}
+#endif
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 81e9a53..a6981a7 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -56,7 +56,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
}
ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
- ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+ ASN1_SIMPLE(CMS_SignerInfo, version, INT32),
ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
@@ -76,7 +76,7 @@ ASN1_CHOICE(CMS_RevocationInfoChoice) = {
} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
- ASN1_SIMPLE(CMS_SignedData, version, LONG),
+ ASN1_SIMPLE(CMS_SignedData, version, INT32),
ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
@@ -96,7 +96,7 @@ ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
- ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, INT32),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -162,7 +162,7 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
}
ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
- ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, INT32),
ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
@@ -176,14 +176,14 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
- ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, version, INT32),
ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
- ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, INT32),
ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -225,7 +225,7 @@ ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
- ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+ ASN1_SIMPLE(CMS_EnvelopedData, version, INT32),
ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
@@ -233,20 +233,20 @@ ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
- ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+ ASN1_SIMPLE(CMS_DigestedData, version, INT32),
ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
- ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+ ASN1_SIMPLE(CMS_EncryptedData, version, INT32),
ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
- ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+ ASN1_SIMPLE(CMS_AuthenticatedData, version, INT32),
ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
@@ -258,7 +258,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
- ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+ ASN1_SIMPLE(CMS_CompressedData, version, INT32),
ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
@@ -337,7 +337,7 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
ASN1_CHOICE(CMS_ReceiptsFrom) = {
- ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+ ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
@@ -348,7 +348,7 @@ ASN1_SEQUENCE(CMS_ReceiptRequest) = {
} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
ASN1_SEQUENCE(CMS_Receipt) = {
- ASN1_SIMPLE(CMS_Receipt, version, LONG),
+ ASN1_SIMPLE(CMS_Receipt, version, INT32),
ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
index d0c0e81..c277f71 100644
--- a/crypto/cms/cms_lcl.h
+++ b/crypto/cms/cms_lcl.h
@@ -67,7 +67,7 @@ struct CMS_ContentInfo_st {
DEFINE_STACK_OF(CMS_CertificateChoices)
struct CMS_SignedData_st {
- long version;
+ int32_t version;
STACK_OF(X509_ALGOR) *digestAlgorithms;
CMS_EncapsulatedContentInfo *encapContentInfo;
STACK_OF(CMS_CertificateChoices) *certificates;
@@ -83,7 +83,7 @@ struct CMS_EncapsulatedContentInfo_st {
};
struct CMS_SignerInfo_st {
- long version;
+ int32_t version;
CMS_SignerIdentifier *sid;
X509_ALGOR *digestAlgorithm;
STACK_OF(X509_ATTRIBUTE) *signedAttrs;
@@ -107,7 +107,7 @@ struct CMS_SignerIdentifier_st {
};
struct CMS_EnvelopedData_st {
- long version;
+ int32_t version;
CMS_OriginatorInfo *originatorInfo;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
CMS_EncryptedContentInfo *encryptedContentInfo;
@@ -145,7 +145,7 @@ struct CMS_RecipientInfo_st {
typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
struct CMS_KeyTransRecipientInfo_st {
- long version;
+ int32_t version;
CMS_RecipientIdentifier *rid;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -157,7 +157,7 @@ struct CMS_KeyTransRecipientInfo_st {
};
struct CMS_KeyAgreeRecipientInfo_st {
- long version;
+ int32_t version;
CMS_OriginatorIdentifierOrKey *originator;
ASN1_OCTET_STRING *ukm;
X509_ALGOR *keyEncryptionAlgorithm;
@@ -204,7 +204,7 @@ struct CMS_RecipientKeyIdentifier_st {
};
struct CMS_KEKRecipientInfo_st {
- long version;
+ int32_t version;
CMS_KEKIdentifier *kekid;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -220,7 +220,7 @@ struct CMS_KEKIdentifier_st {
};
struct CMS_PasswordRecipientInfo_st {
- long version;
+ int32_t version;
X509_ALGOR *keyDerivationAlgorithm;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -235,20 +235,20 @@ struct CMS_OtherRecipientInfo_st {
};
struct CMS_DigestedData_st {
- long version;
+ int32_t version;
X509_ALGOR *digestAlgorithm;
CMS_EncapsulatedContentInfo *encapContentInfo;
ASN1_OCTET_STRING *digest;
};
struct CMS_EncryptedData_st {
- long version;
+ int32_t version;
CMS_EncryptedContentInfo *encryptedContentInfo;
STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
};
struct CMS_AuthenticatedData_st {
- long version;
+ int32_t version;
CMS_OriginatorInfo *originatorInfo;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
X509_ALGOR *macAlgorithm;
@@ -260,7 +260,7 @@ struct CMS_AuthenticatedData_st {
};
struct CMS_CompressedData_st {
- long version;
+ int32_t version;
X509_ALGOR *compressionAlgorithm;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
CMS_EncapsulatedContentInfo *encapContentInfo;
@@ -332,14 +332,14 @@ struct CMS_ReceiptRequest_st {
struct CMS_ReceiptsFrom_st {
int type;
union {
- long allOrFirstTier;
+ int32_t allOrFirstTier;
STACK_OF(GENERAL_NAMES) *receiptList;
} d;
};
# endif
struct CMS_Receipt_st {
- long version;
+ int32_t version;
ASN1_OBJECT *contentType;
ASN1_OCTET_STRING *signedContentIdentifier;
ASN1_OCTET_STRING *originatorSignatureValue;
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index 7c72fd6..f65d065 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -34,7 +34,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
ASN1_SIMPLE(DH, p, BIGNUM),
ASN1_SIMPLE(DH, g, BIGNUM),
- ASN1_OPT(DH, length, ZLONG),
+ ASN1_OPT(DH, length, ZINT32),
} ASN1_SEQUENCE_END_cb(DH, DHparams)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h
index 6867555..0a8391a 100644
--- a/crypto/dh/dh_locl.h
+++ b/crypto/dh/dh_locl.h
@@ -19,7 +19,7 @@ struct dh_st {
int version;
BIGNUM *p;
BIGNUM *g;
- long length; /* optional */
+ int32_t length; /* optional */
BIGNUM *pub_key; /* g^x % p */
BIGNUM *priv_key; /* x */
int flags;
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 551c107..6f9fe3e 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -75,7 +75,7 @@ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
}
ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
- ASN1_SIMPLE(DSA, version, LONG),
+ ASN1_SIMPLE(DSA, version, INT32),
ASN1_SIMPLE(DSA, p, BIGNUM),
ASN1_SIMPLE(DSA, q, BIGNUM),
ASN1_SIMPLE(DSA, g, BIGNUM),
diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
index f575195..a81a4b4 100644
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -16,7 +16,7 @@ struct dsa_st {
* instead of of a EVP_PKEY
*/
int pad;
- long version;
+ int32_t version;
BIGNUM *p;
BIGNUM *q; /* == 20 */
BIGNUM *g;
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 271178f..6493515 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -87,13 +87,13 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
/* some structures needed for the asn1 encoding */
typedef struct x9_62_pentanomial_st {
- long k1;
- long k2;
- long k3;
+ int32_t k1;
+ int32_t k2;
+ int32_t k3;
} X9_62_PENTANOMIAL;
typedef struct x9_62_characteristic_two_st {
- long m;
+ int32_t m;
ASN1_OBJECT *type;
union {
char *ptr;
@@ -128,7 +128,7 @@ typedef struct x9_62_curve_st {
} X9_62_CURVE;
struct ec_parameters_st {
- long version;
+ int32_t version;
X9_62_FIELDID *fieldID;
X9_62_CURVE *curve;
ASN1_OCTET_STRING *base;
@@ -147,7 +147,7 @@ struct ecpk_parameters_st {
/* SEC1 ECPrivateKey */
typedef struct ec_privatekey_st {
- long version;
+ int32_t version;
ASN1_OCTET_STRING *privateKey;
ECPKPARAMETERS *parameters;
ASN1_BIT_STRING *publicKey;
@@ -155,9 +155,9 @@ typedef struct ec_privatekey_st {
/* the OpenSSL ASN.1 definitions */
ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, INT32),
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, INT32),
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, INT32)
} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
@@ -172,7 +172,7 @@ ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
+ ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, INT32),
ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
@@ -199,7 +199,7 @@ ASN1_SEQUENCE(X9_62_CURVE) = {
} static_ASN1_SEQUENCE_END(X9_62_CURVE)
ASN1_SEQUENCE(ECPARAMETERS) = {
- ASN1_SIMPLE(ECPARAMETERS, version, LONG),
+ ASN1_SIMPLE(ECPARAMETERS, version, INT32),
ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
@@ -221,7 +221,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
ASN1_SEQUENCE(EC_PRIVATEKEY) = {
- ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
+ ASN1_SIMPLE(EC_PRIVATEKEY, version, INT32),
ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
index 626a479..ef79a27 100644
--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
@@ -32,7 +32,7 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
}
ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
- ASN1_SIMPLE(RSA, version, LONG),
+ ASN1_SIMPLE(RSA, version, INT32),
ASN1_SIMPLE(RSA, n, BIGNUM),
ASN1_SIMPLE(RSA, e, BIGNUM),
ASN1_SIMPLE(RSA, d, CBIGNUM),
diff --git a/crypto/rsa/rsa_locl.h b/crypto/rsa/rsa_locl.h
index f2681f9..be3ef0c 100644
--- a/crypto/rsa/rsa_locl.h
+++ b/crypto/rsa/rsa_locl.h
@@ -16,7 +16,7 @@ struct rsa_st {
* instead of aEVP_PKEY, it is set to 0
*/
int pad;
- long version;
+ int32_t version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index f29fde5..0c61315 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -100,7 +100,9 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(IPAddressRange),
#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
ASN1_ITEM_ref(LONG),
+#endif
ASN1_ITEM_ref(NAME_CONSTRAINTS),
ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
ASN1_ITEM_ref(NETSCAPE_SPKAC),
@@ -180,7 +182,17 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(X509_REVOKED),
ASN1_ITEM_ref(X509_SIG),
ASN1_ITEM_ref(X509_VAL),
+#if OPENSSL_API_COMPAT < 0x10200000L
ASN1_ITEM_ref(ZLONG),
+#endif
+ ASN1_ITEM_ref(INT32),
+ ASN1_ITEM_ref(ZINT32),
+ ASN1_ITEM_ref(UINT32),
+ ASN1_ITEM_ref(ZUINT32),
+ ASN1_ITEM_ref(INT64),
+ ASN1_ITEM_ref(ZINT64),
+ ASN1_ITEM_ref(UINT64),
+ ASN1_ITEM_ref(ZUINT64),
NULL
};
diff --git a/include/internal/asn1t.h b/include/internal/asn1t.h
deleted file mode 100644
index 32d637d..0000000
--- a/include/internal/asn1t.h
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/asn1t.h>
-
-DECLARE_ASN1_ITEM(INT32)
-DECLARE_ASN1_ITEM(ZINT32)
-DECLARE_ASN1_ITEM(UINT32)
-DECLARE_ASN1_ITEM(ZUINT32)
-DECLARE_ASN1_ITEM(INT64)
-DECLARE_ASN1_ITEM(ZINT64)
-DECLARE_ASN1_ITEM(UINT64)
-DECLARE_ASN1_ITEM(ZUINT64)
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 59b28cf..a73d4a8 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -901,8 +901,24 @@ DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
DECLARE_ASN1_ITEM(CBIGNUM)
DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/*
+ * LONG and ZLONG are strongly discouraged for use as stored data, as the
+ * underlying C type (long) differs in size depending on the architecture.
+ * They are designed with 32-bit longs in mind.
+ */
DECLARE_ASN1_ITEM(LONG)
DECLARE_ASN1_ITEM(ZLONG)
+# endif
DEFINE_STACK_OF(ASN1_VALUE)
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 0802dd4..b4eb98e 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -37,7 +37,7 @@
#include <stdio.h>
#include <stdlib.h>
#include "ssl_locl.h"
-#include "internal/asn1t.h"
+#include <openssl/asn1t.h>
#include <openssl/x509.h>
typedef struct {
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index 02455fc..9b33314 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -10,7 +10,7 @@
#include <stdio.h>
#include <string.h>
-#include "internal/asn1t.h"
+#include <openssl/asn1t.h>
#include "internal/numbers.h"
#include "test_main.h"
#include "testutil.h"
@@ -170,6 +170,7 @@ typedef struct {
ENCDEC_DATA(-1, -1), \
ENCDEC_DATA(0, ASN1_LONG_UNDEF)
+#if OPENSSL_API_COMPAT < 0x10200000L
/***** LONG ******************************************************************/
typedef struct {
@@ -255,6 +256,7 @@ static TEST_PACKAGE long_test_package_64bit = {
(i2d_fn *)i2d_ASN1_LONG_DATA, (d2i_fn *)d2i_ASN1_LONG_DATA,
(ifree_fn *)ASN1_LONG_DATA_free
};
+#endif
/***** INT32 *****************************************************************/
@@ -676,6 +678,7 @@ static int test_intern(const TEST_PACKAGE *package)
return fail == 0;
}
+#if OPENSSL_API_COMPAT < 0x10200000L
static int test_long_32bit(void)
{
return test_intern(&long_test_package_32bit);
@@ -685,6 +688,7 @@ static int test_long_64bit(void)
{
return test_intern(&long_test_package_64bit);
}
+#endif
static int test_int32(void)
{
@@ -708,8 +712,10 @@ static int test_uint64(void)
void register_tests(void)
{
+#if OPENSSL_API_COMPAT < 0x10200000L
ADD_TEST(test_long_32bit);
ADD_TEST(test_long_64bit);
+#endif
ADD_TEST(test_int32);
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 4df5422..1a19273 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1768,8 +1768,8 @@ ASYNC_init_thread 1755 1_1_0 EXIST::FUNCTION:
OCSP_BASICRESP_get_ext_by_OBJ 1756 1_1_0 EXIST::FUNCTION:OCSP
X509_reject_clear 1757 1_1_0 EXIST::FUNCTION:
DH_security_bits 1758 1_1_0 EXIST::FUNCTION:DH
-LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-LONG_it 1759 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0
+LONG_it 1759 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0
ASN1_dup 1760 1_1_0 EXIST::FUNCTION:
TS_RESP_new 1761 1_1_0 EXIST::FUNCTION:TS
i2d_PKCS8PrivateKeyInfo_fp 1762 1_1_0 EXIST::FUNCTION:STDIO
@@ -1834,8 +1834,8 @@ X509V3_EXT_add_list 1821 1_1_0 EXIST::FUNCTION:
CMS_compress 1822 1_1_0 EXIST::FUNCTION:CMS
X509_get_ext_by_critical 1823 1_1_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_clear_fd 1824 1_1_0 EXIST::FUNCTION:
-ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0
+ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0
OPENSSL_sk_find_ex 1826 1_1_0 EXIST::FUNCTION:
ASN1_ENUMERATED_to_BN 1827 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_d2i 1828 1_1_0 EXIST::FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 36b4efe..c9fa98e 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -114,6 +114,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"DEPRECATEDIN_0_9_8",
"DEPRECATEDIN_1_0_0",
"DEPRECATEDIN_1_1_0",
+ "DEPRECATEDIN_1_2_0",
# SCTP
"SCTP",
# SRTP
@@ -141,6 +142,14 @@ foreach (@known_algorithms) {
# disabled by default
$disabled_algorithms{"STATIC_ENGINE"} = 1;
+my $apiv = sprintf "%x%02x%02x", split(/\./, $config{api});
+foreach (keys %disabled_algorithms) {
+ if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) {
+ my $depv = sprintf "%x%02x%02x", $1, $2, $3;
+ $disabled_algorithms{$_} = 1 if $apiv ge $depv;
+ }
+}
+
my $zlib;
foreach (@ARGV, split(/ /, $config{options}))
@@ -176,25 +185,9 @@ foreach (@ARGV, split(/ /, $config{options}))
$do_ctest=1 if $_ eq "ctest";
$do_ctestall=1 if $_ eq "ctestall";
$do_checkexist=1 if $_ eq "exist";
- if (/^--api=(\d+)\.(\d+)\.(\d+)$/) {
- my $apiv = sprintf "%x%02x%02x", $1, $2, $3;
- foreach (keys %disabled_algorithms) {
- if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) {
- my $depv = sprintf "%x%02x%02x", $1, $2, $3;
- $disabled_algorithms{$_} = 1 if $apiv ge $depv;
- }
- }
- }
- if (/^no-deprecated$/) {
- foreach (keys %disabled_algorithms) {
- if (/^DEPRECATEDIN_/) {
- $disabled_algorithms{$_} = 1;
- }
- }
- }
- elsif (/^(enable|disable|no)-(.*)$/) {
+ if (/^(enable|disable|no)-(.*)$/) {
my $alg = uc $2;
- $alg =~ tr/-/_/;
+ $alg =~ tr/-/_/;
if (exists $disabled_algorithms{$alg}) {
$disabled_algorithms{$alg} = $1 eq "enable" ? 0 : 1;
}
@@ -239,7 +232,6 @@ my $crypto ="include/openssl/crypto.h";
$crypto.=" include/internal/o_dir.h";
$crypto.=" include/internal/o_str.h";
$crypto.=" include/internal/err.h";
-$crypto.=" include/internal/asn1t.h";
$crypto.=" include/openssl/des.h" ; # unless $no_des;
$crypto.=" include/openssl/idea.h" ; # unless $no_idea;
$crypto.=" include/openssl/rc4.h" ; # unless $no_rc4;
@@ -395,6 +387,7 @@ sub do_defs
(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
(map { "OPENSSL_USE_".$_ => 0 } @known_algorithms),
+ (grep /^DEPRECATED_/, @known_algorithms),
NOPROTO => 0,
PERL5 => 0,
_WINDLL => 0,
@@ -507,7 +500,22 @@ sub do_defs
s/{[^{}]*}//gs; # ignore {} blocks
print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
- if (/^\#\s*ifndef\s+(.*)/) {
+ if (/^\#\s*if\s+OPENSSL_API_COMPAT\s*(\S)\s*(0x[0-9a-fA-F]{8})L\s*$/) {
+ my $op = $1;
+ my $v = hex($2);
+ if ($op ne '<' && $op ne '>=') {
+ die "$file unacceptable operator $op: $_\n";
+ }
+ my ($one, $major, $minor) =
+ ( ($v >> 28) & 0xf,
+ ($v >> 20) & 0xff,
+ ($v >> 12) & 0xff );
+ my $t = "DEPRECATEDIN_${one}_${major}_${minor}";
+ push(@tag,"-");
+ push(@tag,$t);
+ $tag{$t}=($op eq '<' ? 1 : -1);
+ print STDERR "DEBUG: $file: found tag $t = $tag{$t}\n" if $debug;
+ } elsif (/^\#\s*ifndef\s+(.*)/) {
push(@tag,"-");
push(@tag,$1);
$tag{$1}=-1;
@@ -638,6 +646,9 @@ sub do_defs
, grep(!/^$/,
map { $tag{"OPENSSL_USE_".$_} == 1 ? $_ : "" }
@known_algorithms);
+ push @current_algorithms,
+ grep { /^DEPRECATEDIN_/ && $tag{$_} == 1 }
+ @known_algorithms;
$def .=
"#INFO:"
.join(',', at current_platforms).":"
More information about the openssl-commits
mailing list