[openssl] master update

Dr. Paul Dale pauli at openssl.org
Sun Jan 12 02:01:57 UTC 2020


The branch master has been updated
       via  601fca1778f8d3cb38031655d2aa01b91b8f0cde (commit)
       via  65167dba890b2e92821ee3b90e8f7f46fa30f9c1 (commit)
      from  e683582bf37de45a9512aea7ff33b9a3ebdf07f4 (commit)


- Log -----------------------------------------------------------------
commit 601fca1778f8d3cb38031655d2aa01b91b8f0cde
Author: Pauli <paul.dale at oracle.com>
Date:   Thu Jan 9 09:08:31 2020 +1000

    Deprecate the low level RIPEMD160 functions.
    
    Use of the low level RIPEMD160 functions has been informally discouraged for a
    long time. We now formally deprecate them.
    
    Applications should instead use the EVP APIs, e.g. EVP_Digest,
    EVP_DigestInit_ex, EVP_DigestUpdate and EVP_DigestFinal_ex.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/10789)

commit 65167dba890b2e92821ee3b90e8f7f46fa30f9c1
Author: Pauli <paul.dale at oracle.com>
Date:   Thu Jan 9 08:20:30 2020 +1000

    ripemd: fix preprocessor indentation
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/10789)

-----------------------------------------------------------------------

Summary of changes:
 apps/speed.c                                    |  6 ++--
 crypto/evp/legacy_ripemd.c                      |  6 ++++
 crypto/ripemd/build.info                        | 14 ++++++--
 crypto/ripemd/rmd_dgst.c                        |  6 ++++
 crypto/ripemd/rmd_one.c                         |  6 ++++
 doc/man3/RIPEMD160_Init.pod                     | 12 +++++++
 include/openssl/ripemd.h                        | 45 ++++++++++++++-----------
 providers/implementations/digests/ripemd_prov.c |  6 ++++
 util/libcrypto.num                              | 10 +++---
 9 files changed, 80 insertions(+), 31 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 861140c4fb..a600116483 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -348,7 +348,7 @@ static const OPT_PAIR doit_choices[] = {
 #ifndef OPENSSL_NO_WHIRLPOOL
     {"whirlpool", D_WHIRLPOOL},
 #endif
-#ifndef OPENSSL_NO_RMD160
+#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     {"ripemd", D_RMD160},
     {"rmd160", D_RMD160},
     {"ripemd160", D_RMD160},
@@ -696,7 +696,7 @@ static int WHIRLPOOL_loop(void *args)
 }
 #endif
 
-#ifndef OPENSSL_NO_RMD160
+#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 static int EVP_Digest_RMD160_loop(void *args)
 {
     loopargs_t *tempargs = *(loopargs_t **) args;
@@ -2363,7 +2363,7 @@ int speed_main(int argc, char **argv)
     }
 #endif
 
-#ifndef OPENSSL_NO_RMD160
+#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_RMD160]) {
         for (testnum = 0; testnum < size_num; testnum++) {
             print_message(names[D_RMD160], c[D_RMD160][testnum],
diff --git a/crypto/evp/legacy_ripemd.c b/crypto/evp/legacy_ripemd.c
index 8edcbba371..fd1739c7cd 100644
--- a/crypto/evp/legacy_ripemd.c
+++ b/crypto/evp/legacy_ripemd.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RIPEMD160 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/ripemd.h>
 #include "crypto/evp.h"
 #include "legacy_meth.h"
diff --git a/crypto/ripemd/build.info b/crypto/ripemd/build.info
index a0a45b0e84..055da5dab8 100644
--- a/crypto/ripemd/build.info
+++ b/crypto/ripemd/build.info
@@ -12,12 +12,20 @@ IF[{- !$disabled{asm} -}]
   ENDIF
 ENDIF
 
-SOURCE[../../libcrypto]=rmd_dgst.c rmd_one.c $RMD160ASM
-
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules
-DEFINE[../../libcrypto]=$RMD160DEF
 DEFINE[../providers/libimplementations.a]=$RMD160DEF
 
+SOURCE[../../libcrypto]=rmd_dgst.c rmd_one.c $RMD160ASM
+DEFINE[../../libcrypto]=$RMD160DEF
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# RIPEMD160 functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{"deprecated"}
+      && (defined $config{"api"} && $config{"api"} >= 30000) -}]
+  SOURCE[../../providers/liblegacy.a]=rmd_dgst.c rmd_one.c $RMD160ASM
+  DEFINE[../../providers/liblegacy.a]=$RMD160DEF
+ENDIF
+
 GENERATE[rmd-586.s]=asm/rmd-586.pl
 DEPEND[rmd-586.s]=../perlasm/x86asm.pl
diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c
index f4a69c8862..d815f173cd 100644
--- a/crypto/ripemd/rmd_dgst.c
+++ b/crypto/ripemd/rmd_dgst.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RIPEMD160 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "rmd_local.h"
 #include <openssl/opensslv.h>
diff --git a/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c
index 5efb36b887..30a83da8db 100644
--- a/crypto/ripemd/rmd_one.c
+++ b/crypto/ripemd/rmd_one.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RIPEMD160 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <string.h>
 #include <openssl/ripemd.h>
diff --git a/doc/man3/RIPEMD160_Init.pod b/doc/man3/RIPEMD160_Init.pod
index 27ff3779a7..d6ed734883 100644
--- a/doc/man3/RIPEMD160_Init.pod
+++ b/doc/man3/RIPEMD160_Init.pod
@@ -9,6 +9,10 @@ RIPEMD-160 hash function
 
  #include <openssl/ripemd.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
                           unsigned char *md);
 
@@ -18,6 +22,10 @@ RIPEMD-160 hash function
 
 =head1 DESCRIPTION
 
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
+and L<EVP_DigestFinal_ex(3)>.
+
 RIPEMD-160 is a cryptographic hash function with a
 160 bit output.
 
@@ -59,6 +67,10 @@ ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).
 
 L<EVP_DigestInit(3)>
 
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/ripemd.h b/include/openssl/ripemd.h
index 3db616d186..936d4e4346 100644
--- a/include/openssl/ripemd.h
+++ b/include/openssl/ripemd.h
@@ -18,18 +18,21 @@
 
 # include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_RMD160
-# include <openssl/e_os2.h>
-# include <stddef.h>
-# ifdef  __cplusplus
+# ifndef OPENSSL_NO_RMD160
+#  include <openssl/e_os2.h>
+#  include <stddef.h>
+
+#  define RIPEMD160_DIGEST_LENGTH 20
+
+#  ifdef  __cplusplus
 extern "C" {
-# endif
+#  endif
+#  if !defined(OPENSSL_NO_DEPRECATED_3_0)
 
-# define RIPEMD160_LONG unsigned int
+#   define RIPEMD160_LONG unsigned int
 
-# define RIPEMD160_CBLOCK        64
-# define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
-# define RIPEMD160_DIGEST_LENGTH 20
+#   define RIPEMD160_CBLOCK        64
+#   define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
 
 typedef struct RIPEMD160state_st {
     RIPEMD160_LONG A, B, C, D, E;
@@ -37,17 +40,19 @@ typedef struct RIPEMD160state_st {
     RIPEMD160_LONG data[RIPEMD160_LBLOCK];
     unsigned int num;
 } RIPEMD160_CTX;
-
-int RIPEMD160_Init(RIPEMD160_CTX *c);
-int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
-int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md);
-void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
-
-# ifdef  __cplusplus
+#  endif
+
+DEPRECATEDIN_3_0(int RIPEMD160_Init(RIPEMD160_CTX *c))
+DEPRECATEDIN_3_0(int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data,
+                                      size_t len))
+DEPRECATEDIN_3_0(int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c))
+DEPRECATEDIN_3_0(unsigned char *RIPEMD160(const unsigned char *d, size_t n,
+                                          unsigned char *md))
+DEPRECATEDIN_3_0(void RIPEMD160_Transform(RIPEMD160_CTX *c,
+                                          const unsigned char *b))
+
+#  ifdef  __cplusplus
 }
+#  endif
 # endif
-# endif
-
-
 #endif
diff --git a/providers/implementations/digests/ripemd_prov.c b/providers/implementations/digests/ripemd_prov.c
index 023e46cf83..697d895106 100644
--- a/providers/implementations/digests/ripemd_prov.c
+++ b/providers/implementations/digests/ripemd_prov.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RIPEMD160 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/crypto.h>
 #include <openssl/ripemd.h>
 #include "prov/digestcommon.h"
diff --git a/util/libcrypto.num b/util/libcrypto.num
index e2729895d9..57479a3b03 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -381,7 +381,7 @@ OPENSSL_strlcpy                         388	3_0_0	EXIST::FUNCTION:
 BIO_get_port                            389	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
 DISPLAYTEXT_free                        390	3_0_0	EXIST::FUNCTION:
 BN_div                                  391	3_0_0	EXIST::FUNCTION:
-RIPEMD160_Update                        392	3_0_0	EXIST::FUNCTION:RMD160
+RIPEMD160_Update                        392	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160
 PEM_write_bio_CMS                       393	3_0_0	EXIST::FUNCTION:CMS
 ASN1_OBJECT_new                         394	3_0_0	EXIST::FUNCTION:
 EVP_des_ede3_cfb8                       395	3_0_0	EXIST::FUNCTION:DES
@@ -412,7 +412,7 @@ d2i_EXTENDED_KEY_USAGE                  419	3_0_0	EXIST::FUNCTION:
 ASYNC_unblock_pause                     420	3_0_0	EXIST::FUNCTION:
 i2d_X509_VAL                            421	3_0_0	EXIST::FUNCTION:
 ASN1_SCTX_get_flags                     422	3_0_0	EXIST::FUNCTION:
-RIPEMD160                               423	3_0_0	EXIST::FUNCTION:RMD160
+RIPEMD160                               423	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160
 CRYPTO_ocb128_setiv                     424	3_0_0	EXIST::FUNCTION:OCB
 X509_CRL_digest                         425	3_0_0	EXIST::FUNCTION:
 EVP_aes_128_cbc_hmac_sha1               426	3_0_0	EXIST::FUNCTION:
@@ -3399,7 +3399,7 @@ EVP_PKEY_meth_set_init                  3469	3_0_0	EXIST::FUNCTION:
 X509_REQ_extension_nid                  3470	3_0_0	EXIST::FUNCTION:
 ENGINE_up_ref                           3471	3_0_0	EXIST::FUNCTION:ENGINE
 BN_BLINDING_invert_ex                   3472	3_0_0	EXIST::FUNCTION:
-RIPEMD160_Init                          3473	3_0_0	EXIST::FUNCTION:RMD160
+RIPEMD160_Init                          3473	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160
 ASYNC_WAIT_CTX_get_changed_fds          3474	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_save_parameters                3475	3_0_0	EXIST::FUNCTION:
 SCT_set_source                          3476	3_0_0	EXIST::FUNCTION:CT
@@ -3744,7 +3744,7 @@ X509_supported_extension                3825	3_0_0	EXIST::FUNCTION:
 ECDSA_sign_setup                        3826	3_0_0	EXIST::FUNCTION:EC
 EVP_camellia_192_cfb128                 3827	3_0_0	EXIST::FUNCTION:CAMELLIA
 d2i_AUTHORITY_KEYID                     3828	3_0_0	EXIST::FUNCTION:
-RIPEMD160_Transform                     3829	3_0_0	EXIST::FUNCTION:RMD160
+RIPEMD160_Transform                     3829	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160
 DES_random_key                          3830	3_0_0	EXIST::FUNCTION:DES
 i2d_PKCS12_MAC_DATA                     3831	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get0_EC_KEY                    3832	3_0_0	EXIST::FUNCTION:EC
@@ -3766,7 +3766,7 @@ OCSP_REQ_CTX_get0_mem_bio               3847	3_0_0	EXIST::FUNCTION:OCSP
 i2d_PKCS8PrivateKeyInfo_bio             3848	3_0_0	EXIST::FUNCTION:
 d2i_OCSP_CERTID                         3849	3_0_0	EXIST::FUNCTION:OCSP
 EVP_CIPHER_meth_set_init                3850	3_0_0	EXIST::FUNCTION:
-RIPEMD160_Final                         3851	3_0_0	EXIST::FUNCTION:RMD160
+RIPEMD160_Final                         3851	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160
 NETSCAPE_SPKI_free                      3852	3_0_0	EXIST::FUNCTION:
 BIO_asn1_get_prefix                     3853	3_0_0	EXIST::FUNCTION:
 d2i_OCSP_ONEREQ                         3854	3_0_0	EXIST::FUNCTION:OCSP


More information about the openssl-commits mailing list