[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Apr 30 04:52:05 UTC 2020
The branch master has been updated
via 588d5d01fefde6a3437d6749b4435c41180df868 (commit)
from 036ee3706352970a15300b5cd4bf0b2cb370e12a (commit)
- Log -----------------------------------------------------------------
commit 588d5d01fefde6a3437d6749b4435c41180df868
Author: Pauli <paul.dale at oracle.com>
Date: Tue Apr 28 19:03:05 2020 +1000
Undeprecate DH, DSA and RSA _bits() functions.
These were deemed information and useful and that they should not be
deprecated.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11669)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 80 +++++++++++++++++++++++++--------------------------
doc/man3/DH_size.pod | 24 ++++++++--------
doc/man3/DSA_size.pod | 22 +++++++-------
doc/man3/RSA_size.pod | 20 ++++++-------
include/openssl/dh.h | 2 +-
include/openssl/dsa.h | 2 +-
include/openssl/rsa.h | 2 +-
util/libcrypto.num | 6 ++--
8 files changed, 79 insertions(+), 79 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 45789ed612..b11ca85c65 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -101,24 +101,22 @@ OpenSSL 3.0
* All of the low level RSA functions have been deprecated including:
- RSA_new_method, RSA_bits, RSA_size, RSA_security_bits,
- RSA_get0_pss_params, RSA_get_version, RSA_get0_engine,
- RSA_generate_key_ex, RSA_generate_multi_prime_key,
- RSA_X931_derive_ex, RSA_X931_generate_key_ex, RSA_check_key,
- RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
+ RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
+ RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
+ RSA_generate_multi_prime_key, RSA_X931_derive_ex, RSA_X931_generate_key_ex,
+ RSA_check_key, RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method,
RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method,
RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify,
- RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING,
- RSA_blinding_on, RSA_blinding_off, RSA_setup_blinding,
- RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
- RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
- PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
- RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1,
- RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
- RSA_padding_add_none, RSA_padding_check_none, RSA_padding_add_X931,
- RSA_padding_check_X931, RSA_X931_hash_id, RSA_verify_PKCS1_PSS,
- RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1,
+ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING, RSA_blinding_on,
+ RSA_blinding_off, RSA_setup_blinding, RSA_padding_add_PKCS1_type_1,
+ RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2,
+ RSA_padding_check_PKCS1_type_2, PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP,
+ RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1,
+ RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23,
+ RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none,
+ RSA_padding_add_X931, RSA_padding_check_X931, RSA_X931_hash_id,
+ RSA_verify_PKCS1_PSS, RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1,
RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data,
RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
@@ -171,20 +169,19 @@ OpenSSL 3.0
* All of the low level DH functions have been deprecated including:
- DH_OpenSSL, DH_set_default_method, DH_get_default_method,
- DH_set_method, DH_new_method, DH_bits, DH_size, DH_security_bits,
- DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data,
- DH_generate_parameters_ex, DH_check_params_ex, DH_check_ex,
- DH_check_pub_key_ex, DH_check, DH_check_pub_key, DH_generate_key,
- DH_compute_key, DH_compute_key_padded, DHparams_print_fp,
- DHparams_print, DH_get_nid, DH_KDF_X9_42, DH_get0_engine, DH_meth_new,
- DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name,
- DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data,
- DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key,
- DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp,
- DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init,
- DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params
- and DH_meth_set_generate_params.
+ DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method,
+ DH_new_method, DH_size, DH_security_bits, DH_get_ex_new_index,
+ DH_set_ex_data, DH_get_ex_data, DH_generate_parameters_ex,
+ DH_check_params_ex, DH_check_ex, DH_check_pub_key_ex,
+ DH_check, DH_check_pub_key, DH_generate_key, DH_compute_key,
+ DH_compute_key_padded, DHparams_print_fp, DHparams_print, DH_get_nid,
+ DH_KDF_X9_42, DH_get0_engine, DH_meth_new, DH_meth_free, DH_meth_dup,
+ DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags,
+ DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key,
+ DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key,
+ DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init,
+ DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish,
+ DH_meth_get_generate_params and DH_meth_set_generate_params.
Use of these low level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_PKEY_derive_init(3)>
@@ -195,18 +192,19 @@ OpenSSL 3.0
* All of the low level DSA functions have been deprecated including:
DSA_do_sign, DSA_do_verify, DSA_OpenSSL, DSA_set_default_method,
- DSA_get_default_method, DSA_set_method, DSA_get_method, DSA_new_method,
- DSA_sign_setup, DSA_sign, DSA_verify, DSA_get_ex_new_index,
- DSA_set_ex_data, DSA_get_ex_data, DSA_generate_parameters_ex,
- DSA_generate_key, DSA_meth_new, DSA_get0_engine, DSA_meth_free,
- DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags,
- DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data,
- DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup,
- DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify,
- DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp,
- DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init,
- DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
- DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
+ DSA_get_default_method, DSA_set_method, DSA_get_method,
+ DSA_new_method, DSA_size, DSA_security_bits, DSA_sign_setup, DSA_sign,
+ DSA_verify, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data,
+ DSA_generate_parameters_ex, DSA_generate_key, DSA_meth_new, DSA_get0_engine,
+ DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name,
+ DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data,
+ DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign,
+ DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify,
+ DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp,
+ DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init,
+ DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish,
+ DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen and
+ DSA_meth_set_keygen.
Use of these low level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_DigestSignInit_ex(3)>,
diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod
index 98452524b6..099c1bad3f 100644
--- a/doc/man3/DH_size.pod
+++ b/doc/man3/DH_size.pod
@@ -9,39 +9,39 @@ security bits
#include <openssl/dh.h>
+ int DH_bits(const DH *dh);
+
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DH_size(const DH *dh);
- int DH_bits(const DH *dh);
-
int DH_security_bits(const DH *dh);
=head1 DESCRIPTION
-All of the functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_bits(3)>,
-L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+DH_bits() returns the number of significant bits.
+
+B<dh> and B<dh-E<gt>p> must not be B<NULL>.
+
+The remaining functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_security_bits(3)> and
+L<EVP_PKEY_size(3)>.
DH_size() returns the Diffie-Hellman prime size in bytes. It can be used
to determine how much memory must be allocated for the shared secret
computed by L<DH_compute_key(3)>.
-DH_bits() returns the number of significant bits.
-
-B<dh> and B<dh-E<gt>p> must not be B<NULL>.
-
DH_security_bits() returns the number of security bits of the given B<dh>
key. See L<BN_security_bits(3)>.
=head1 RETURN VALUES
-DH_size() returns the prime size of Diffie-Hellman in bytes.
-
DH_bits() returns the number of bits in the key.
+DH_size() returns the prime size of Diffie-Hellman in bytes.
+
DH_security_bits() returns the number of security bits.
=head1 SEE ALSO
@@ -52,7 +52,7 @@ L<BN_num_bits(3)>
=head1 HISTORY
-All of these functions were deprecated in OpenSSL 3.0.
+The DH_size() and DH_security_bits() functions were deprecated in OpenSSL 3.0.
The DH_bits() function was added in OpenSSL 1.1.0.
diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod
index 2d74eea365..404f1bb231 100644
--- a/doc/man3/DSA_size.pod
+++ b/doc/man3/DSA_size.pod
@@ -8,19 +8,24 @@ DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or secu
#include <openssl/dsa.h>
+ int DSA_bits(const DSA *dsa);
+
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DSA_size(const DSA *dsa);
- int DSA_bits(const DSA *dsa);
+
int DSA_security_bits(const DSA *dsa);
=head1 DESCRIPTION
-All of the functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_bits(3)>,
-L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+DSA_bits() returns the number of bits in key B<dsa>: this is the number
+of bits in the B<p> parameter.
+
+The remaining functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_security_bits(3)> and
+L<EVP_PKEY_size(3)>.
DSA_size() returns the maximum size of an ASN.1 encoded DSA signature
for key B<dsa> in bytes. It can be used to determine how much memory must
@@ -28,18 +33,15 @@ be allocated for a DSA signature.
B<dsa-E<gt>q> must not be B<NULL>.
-DSA_bits() returns the number of bits in key B<dsa>: this is the number
-of bits in the B<p> parameter.
-
DSA_security_bits() returns the number of security bits of the given B<dsa>
key. See L<BN_security_bits(3)>.
=head1 RETURN VALUES
-DSA_size() returns the signature size in bytes.
-
DSA_bits() returns the number of bits in the key.
+DSA_size() returns the signature size in bytes.
+
=head1 SEE ALSO
L<EVP_PKEY_bits(3)>,
@@ -49,7 +51,7 @@ L<DSA_new(3)>, L<DSA_sign(3)>
=head1 HISTORY
-All of these functions were deprecated in OpenSSL 3.0.
+The DSA_size() and DSA_security_bits() functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod
index b2a7c96788..a23f51abc2 100644
--- a/doc/man3/RSA_size.pod
+++ b/doc/man3/RSA_size.pod
@@ -8,19 +8,23 @@ RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits
#include <openssl/rsa.h>
+ int RSA_bits(const RSA *rsa);
+
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int RSA_size(const RSA *rsa);
- int RSA_bits(const RSA *rsa);
-
int RSA_security_bits(const RSA *rsa)
=head1 DESCRIPTION
-All of the functions described on this page are deprecated.
+RSA_bits() returns the number of significant bits.
+
+B<rsa> and B<rsa-E<gt>n> must not be B<NULL>.
+
+The remaining functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>
and L<EVP_PKEY_security_bits(3)>.
@@ -28,18 +32,14 @@ RSA_size() returns the RSA modulus size in bytes. It can be used to
determine how much memory must be allocated for an RSA encrypted
value.
-RSA_bits() returns the number of significant bits.
-
-B<rsa> and B<rsa-E<gt>n> must not be B<NULL>.
-
RSA_security_bits() returns the number of security bits of the given B<rsa>
key. See L<BN_security_bits(3)>.
=head1 RETURN VALUES
-RSA_size() returns the size of modulus in bytes.
+RSA_bits() returns the number of bits in the key.
-DSA_bits() returns the number of bits in the key.
+RSA_size() returns the size of modulus in bytes.
RSA_security_bits() returns the number of security bits.
@@ -49,7 +49,7 @@ L<BN_num_bits(3)>
=head1 HISTORY
-All of these functions were deprecated in OpenSSL 3.0.
+The RSA_size() and RSA_security_bits() functions were deprecated in OpenSSL 3.0.
The RSA_bits() function was added in OpenSSL 1.1.0.
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 437d303299..4907bc6567 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -146,7 +146,7 @@ DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine))
DH *DH_new(void);
void DH_free(DH *dh);
int DH_up_ref(DH *dh);
-DEPRECATEDIN_3_0(int DH_bits(const DH *dh))
+int DH_bits(const DH *dh);
DEPRECATEDIN_3_0(int DH_size(const DH *dh))
DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh))
# ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 92be4760e6..a7d32eee98 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -114,7 +114,7 @@ void DSA_free(DSA *r);
/* "up" the DSA object's reference count */
int DSA_up_ref(DSA *r);
DEPRECATEDIN_3_0(int DSA_size(const DSA *))
-DEPRECATEDIN_3_0(int DSA_bits(const DSA *d))
+int DSA_bits(const DSA *d);
DEPRECATEDIN_3_0(int DSA_security_bits(const DSA *d))
/* next 4 return -1 on error */
DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 27be5f5e39..2508abd81c 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -192,7 +192,7 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
RSA *RSA_new(void);
DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine))
-DEPRECATEDIN_3_0(int RSA_bits(const RSA *rsa))
+int RSA_bits(const RSA *rsa);
DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa))
DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 79f8fd86c0..6c7ce4c0c3 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2586,7 +2586,7 @@ d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION:
ERR_load_COMP_strings 2641 3_0_0 EXIST::FUNCTION:COMP
EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION:
EVP_rc4_40 2643 3_0_0 EXIST::FUNCTION:RC4
-RSA_bits 2645 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_bits 2645 3_0_0 EXIST::FUNCTION:RSA
ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION:
GENERAL_NAMES_it 2647 3_0_0 EXIST::FUNCTION:
X509_issuer_name_hash 2648 3_0_0 EXIST::FUNCTION:
@@ -3163,7 +3163,7 @@ ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION:
BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION:
i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO
ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:ENGINE
-DH_bits 3232 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_bits 3232 3_0_0 EXIST::FUNCTION:DH
i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION:
EVP_camellia_192_cfb1 3234 3_0_0 EXIST::FUNCTION:CAMELLIA
TS_RESP_CTX_add_failure_info 3235 3_0_0 EXIST::FUNCTION:TS
@@ -4045,7 +4045,7 @@ X509_STORE_unlock 4133 3_0_0 EXIST::FUNCTION:
X509_STORE_lock 4134 3_0_0 EXIST::FUNCTION:
X509_set_proxy_pathlen 4135 3_0_0 EXIST::FUNCTION:
X509_get_proxy_pathlen 4136 3_0_0 EXIST::FUNCTION:
-DSA_bits 4137 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_bits 4137 3_0_0 EXIST::FUNCTION:DSA
EVP_PKEY_set1_tls_encodedpoint 4138 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get1_tls_encodedpoint 4139 3_0_0 EXIST::FUNCTION:
ASN1_STRING_get0_data 4140 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list