[openssl] master update

Richard Levitte levitte at openssl.org
Sun Oct 6 08:57:01 UTC 2019


The branch master has been updated
       via  7cfc0a555c85220ecfd6ed038a7b859668595b72 (commit)
      from  833f7c8c55c3c8a572db2112a5c2eac92c8262b8 (commit)


- Log -----------------------------------------------------------------
commit 7cfc0a555c85220ecfd6ed038a7b859668595b72
Author: Rich Salz <rsalz at akamai.com>
Date:   Mon Aug 12 16:55:25 2019 -0400

    Deprecate NCONF_WIN32() function
    
    Extensive documentation added in HISTORY section in doc/man5/config.pod
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9578)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                |  4 ++++
 crypto/conf/conf_def.c | 16 +++++++++++-----
 crypto/conf/conf_def.h |  2 ++
 crypto/conf/keysets.pl |  2 ++
 doc/man5/config.pod    | 11 +++++++++++
 include/openssl/conf.h |  2 +-
 util/libcrypto.num     |  2 +-
 7 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index cb6c77bf14..442807f1d3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) The undocumented function NCONF_WIN32() has been deprecated; for
+     conversion details see the HISTORY section of doc/man5/config.pod
+     [Rich Salz]
+
   *) Introduced the new functions EVP_DigestSignInit_ex() and
      EVP_DigestVerifyInit_ex(). The macros EVP_DigestSignUpdate() and
      EVP_DigestVerifyUpdate() have been converted to functions. See the man
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index ff4c43fc75..a43225ecf7 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -54,7 +54,9 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx);
 
 static CONF *def_create(CONF_METHOD *meth);
 static int def_init_default(CONF *conf);
+#if !OPENSSL_API_3
 static int def_init_WIN32(CONF *conf);
+#endif
 static int def_destroy(CONF *conf);
 static int def_destroy_data(CONF *conf);
 static int def_load(CONF *conf, const char *name, long *eline);
@@ -76,6 +78,12 @@ static CONF_METHOD default_method = {
     def_load
 };
 
+CONF_METHOD *NCONF_default(void)
+{
+    return &default_method;
+}
+
+#if ! OPENSSL_API_3
 static CONF_METHOD WIN32_method = {
     "WIN32",
     def_create,
@@ -89,15 +97,11 @@ static CONF_METHOD WIN32_method = {
     def_load
 };
 
-CONF_METHOD *NCONF_default(void)
-{
-    return &default_method;
-}
-
 CONF_METHOD *NCONF_WIN32(void)
 {
     return &WIN32_method;
 }
+#endif
 
 static CONF *def_create(CONF_METHOD *meth)
 {
@@ -124,6 +128,7 @@ static int def_init_default(CONF *conf)
     return 1;
 }
 
+#if ! OPENSSL_API_3
 static int def_init_WIN32(CONF *conf)
 {
     if (conf == NULL)
@@ -135,6 +140,7 @@ static int def_init_WIN32(CONF *conf)
 
     return 1;
 }
+#endif
 
 static int def_destroy(CONF *conf)
 {
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 9b2a3c1bb9..725c430c63 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -56,6 +56,7 @@ static const unsigned short CONF_type_default[128] = {
     0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
 };
 
+#if ! OPENSSL_API_3
 static const unsigned short CONF_type_win32[128] = {
     0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
     0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
@@ -74,3 +75,4 @@ static const unsigned short CONF_type_win32[128] = {
     0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
     0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
 };
+#endif
diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl
index 68addbfe20..05b086f7fa 100644
--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
@@ -108,9 +108,11 @@ for ($i = 0; $i < 128; $i++) {
 }
 print "\n};\n\n";
 
+print "#if ! OPENSSL_API_3\n";
 print "static const unsigned short CONF_type_win32[128] = {";
 for ($i = 0; $i < 128; $i++) {
     print "\n   " if ($i % 8) == 0;
     printf " 0x%04X,", $V_w32[$i];
 }
 print "\n};\n";
+print "#endif\n";
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 7245132aa1..817a8d1d0c 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -507,6 +507,17 @@ Files are loaded in a single pass. This means that an variable expansion
 will only work if the variables referenced are defined earlier in the
 file.
 
+=head1 HISTORY
+
+An undocumented API, NCONF_WIN32(), used a slightly different set
+of parsing rules there were intended to be tailored to
+the Microsoft Windows platform.
+Specifically, the backslash character was not an escape character and
+could be used in pathnames, only the double-quote character was recognized,
+and comments began with a semi-colon.
+This function was deprecated in OpenSSL 3.0; applications with
+configuration files using that syntax will have to be modified.
+
 =head1 SEE ALSO
 
 L<x509(1)>, L<req(1)>, L<ca(1)>, L<fips_config(5)>
diff --git a/include/openssl/conf.h b/include/openssl/conf.h
index b2f93dda8e..c2bd31176f 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -114,7 +114,7 @@ struct conf_st {
 
 CONF *NCONF_new(CONF_METHOD *meth);
 CONF_METHOD *NCONF_default(void);
-CONF_METHOD *NCONF_WIN32(void);
+DEPRECATEDIN_3(CONF_METHOD *NCONF_WIN32(void))
 void NCONF_free(CONF *conf);
 void NCONF_free_data(CONF *conf);
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 0b1e57e9e5..90c355bfbe 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1663,7 +1663,7 @@ X509_PURPOSE_cleanup                    1700	3_0_0	EXIST::FUNCTION:
 ESS_SIGNING_CERT_dup                    1701	3_0_0	EXIST::FUNCTION:
 ENGINE_set_default_DSA                  1702	3_0_0	EXIST::FUNCTION:ENGINE
 X509_REVOKED_new                        1703	3_0_0	EXIST::FUNCTION:
-NCONF_WIN32                             1704	3_0_0	EXIST::FUNCTION:
+NCONF_WIN32                             1704	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3
 RSA_padding_check_PKCS1_OAEP_mgf1       1705	3_0_0	EXIST::FUNCTION:RSA
 X509_policy_tree_get0_level             1706	3_0_0	EXIST::FUNCTION:
 ASN1_parse_dump                         1708	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list