[openssl] master update
Richard Levitte
levitte at openssl.org
Thu Feb 27 22:21:21 UTC 2020
The branch master has been updated
via 12d99aac973e5e6723f62f19b07b9c8bcc81c57b (commit)
from 8efc4a9c656b8b3eabeac64c54efdeb07dd42f8e (commit)
- Log -----------------------------------------------------------------
commit 12d99aac973e5e6723f62f19b07b9c8bcc81c57b
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Feb 24 22:33:52 2020 +0100
Deprecate ASN1_sign(), ASN1_verify() and ASN1_digest()
These are old functions that fell out of use with OpenSL 0.9.7.
It's more than time to deprecate them.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11161)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 5 +++++
crypto/asn1/a_digest.c | 2 +-
crypto/asn1/a_sign.c | 2 +-
crypto/asn1/a_verify.c | 2 +-
include/openssl/x509.h | 16 +++++++++-------
util/libcrypto.num | 6 +++---
6 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 84867ff29c..c552e9a0a8 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,11 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ###
+ * `ASN1_verify()`, `ASN1_digest()` and `ASN1_sign()` have been deprecated.
+ They are old functions that we don't use, and that you could disable with
+ the macro `NO_ASN1_OLD`. This goes all the way back to OpenSSL 0.9.7.
+
+ *Richard Levitte*
* The main project documents (README, NEWS, CHANGES, INSTALL, SUPPORT)
have been converted to Markdown with the goal to produce documents
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index ad6a17d245..22758feac9 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -18,7 +18,7 @@
#include <openssl/buffer.h>
#include <openssl/x509.h>
-#ifndef NO_ASN1_OLD
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
unsigned char *md, unsigned int *len)
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 0089ce29dd..4b3a6da9a1 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -22,7 +22,7 @@
#include "crypto/asn1.h"
#include "crypto/evp.h"
-#ifndef NO_ASN1_OLD
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 94a11c18d4..8314ec13f9 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -21,7 +21,7 @@
#include "crypto/asn1.h"
#include "crypto/evp.h"
-#ifndef NO_ASN1_OLD
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey)
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 2b4d14ea5f..a2d6e44e96 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -623,15 +623,17 @@ X509_INFO *X509_INFO_new(void);
void X509_INFO_free(X509_INFO *a);
char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
- ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
+DEPRECATEDIN_3_0(int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
+ ASN1_BIT_STRING *signature, char *data,
+ EVP_PKEY *pkey))
-int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
- unsigned char *md, unsigned int *len);
+DEPRECATEDIN_3_0(int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type,
+ char *data,
+ unsigned char *md, unsigned int *len))
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
- X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
- char *data, EVP_PKEY *pkey, const EVP_MD *type);
+DEPRECATEDIN_3_0(int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+ char *data, EVP_PKEY *pkey, const EVP_MD *type))
int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
unsigned char *md, unsigned int *len);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 6c8487e20b..aefe1b4100 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -555,7 +555,7 @@ CT_POLICY_EVAL_CTX_get0_issuer 566 3_0_0 EXIST::FUNCTION:CT
TLS_FEATURE_new 567 3_0_0 EXIST::FUNCTION:
RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
CRYPTO_cts128_encrypt_block 569 3_0_0 EXIST::FUNCTION:
-ASN1_digest 570 3_0_0 EXIST::FUNCTION:
+ASN1_digest 570 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_cleanup 572 3_0_0 EXIST::FUNCTION:
d2i_X509 574 3_0_0 EXIST::FUNCTION:
@@ -2723,7 +2723,7 @@ OPENSSL_sk_value 2781 3_0_0 EXIST::FUNCTION:
NCONF_get_section 2782 3_0_0 EXIST::FUNCTION:
PKCS12_MAC_DATA_it 2783 3_0_0 EXIST::FUNCTION:
X509_REQ_add1_attr_by_NID 2784 3_0_0 EXIST::FUNCTION:
-ASN1_sign 2785 3_0_0 EXIST::FUNCTION:
+ASN1_sign 2785 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
CMS_RecipientInfo_encrypt 2786 3_0_0 EXIST::FUNCTION:CMS
X509_get_pubkey_parameters 2787 3_0_0 EXIST::FUNCTION:
PKCS12_setup_mac 2788 3_0_0 EXIST::FUNCTION:
@@ -3596,7 +3596,7 @@ X509v3_asid_canonize 3675 3_0_0 EXIST::FUNCTION:RFC3779
i2d_ASIdOrRange 3676 3_0_0 EXIST::FUNCTION:RFC3779
OCSP_url_svcloc_new 3677 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_mem_ctrl 3678 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
-ASN1_verify 3679 3_0_0 EXIST::FUNCTION:
+ASN1_verify 3679 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
DSA_generate_parameters_ex 3680 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
X509_sign 3681 3_0_0 EXIST::FUNCTION:
SHA256_Transform 3682 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list