[openssl] master update

Dr. Paul Dale pauli at openssl.org
Wed Sep 9 08:00:30 UTC 2020


The branch master has been updated
       via  e942111267f292070cbc8397e0cc5fddaf8371a0 (commit)
       via  5c97eeb726dac6194e7a3aecf8231a512e0243ea (commit)
       via  b924d1b6e1b66def84979dbbf3c79059cff1d554 (commit)
       via  81661a14bcf9fb92eadedb15de75c3eb5b4e97a8 (commit)
       via  b250fc7be771d912460b60285ad7124e0b38ef94 (commit)
      from  b434b2c08d2025936fb8b7ece3a5908613333f6b (commit)


- Log -----------------------------------------------------------------
commit e942111267f292070cbc8397e0cc5fddaf8371a0
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 6 20:39:12 2020 +1000

    In a non-shared build, don't include the md5 object files in legacy provider
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11961)

commit 5c97eeb726dac6194e7a3aecf8231a512e0243ea
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 6 17:14:38 2020 +1000

    TLS fixes for CBC mode and no-deprecated
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11961)

commit b924d1b6e1b66def84979dbbf3c79059cff1d554
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 6 13:44:08 2020 +1000

    TLS: remove legacy code path supporting special CBC mode
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11961)

commit 81661a14bcf9fb92eadedb15de75c3eb5b4e97a8
Author: Pauli <paul.dale at oracle.com>
Date:   Tue May 26 20:20:09 2020 +1000

    legacy: include MD5 code in legacy provider
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11961)

commit b250fc7be771d912460b60285ad7124e0b38ef94
Author: Pauli <paul.dale at oracle.com>
Date:   Tue May 26 19:38:23 2020 +1000

    Deprecate SHA and MD5 again.
    
    This reverts commit a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/11961)

-----------------------------------------------------------------------

Summary of changes:
 crypto/md5/build.info    | 11 ++++++
 include/openssl/md5.h    | 35 ++++++++++--------
 include/openssl/sha.h    | 96 +++++++++++++++++++++++++++---------------------
 ssl/build.info           |  5 ++-
 ssl/record/ssl3_record.c | 23 ++++++++++++
 ssl/s3_cbc.c             | 19 ----------
 util/libcrypto.num       | 56 ++++++++++++++--------------
 7 files changed, 141 insertions(+), 104 deletions(-)

diff --git a/crypto/md5/build.info b/crypto/md5/build.info
index afcf7c4426..bbb70fde3c 100644
--- a/crypto/md5/build.info
+++ b/crypto/md5/build.info
@@ -18,10 +18,21 @@ $COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM
 SOURCE[../../libcrypto]=$COMMON
 SOURCE[../../providers/libimplementations.a]=$COMMON
 
+# A no-deprecated no-shared build ends up with double function definitions
+# without conditioning this on dso. The issue is MD5 which is needed in the
+# legacy provider for one of the spliced algorithms, however it resides in the
+# default provider.  A no-deprecated build removes the external definition from
+# libcrypto and this means that the code needs to be in liblegacy.  However,
+# when building without 'dso', liblegacy is included in libcrypto.
+IF[{- !$disabled{dso} -}]
+  SOURCE[../../providers/liblegacy.a]=$COMMON
+ENDIF
+
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$MD5DEF
 DEFINE[../../providers/libimplementations.a]=$MD5DEF
+DEFINE[../../providers/liblegacy.a]=$MD5DEF
 
 GENERATE[md5-586.s]=asm/md5-586.pl
 
diff --git a/include/openssl/md5.h b/include/openssl/md5.h
index 0a75b084a2..c61b3d94c8 100644
--- a/include/openssl/md5.h
+++ b/include/openssl/md5.h
@@ -19,22 +19,24 @@
 # include <openssl/opensslconf.h>
 
 # ifndef OPENSSL_NO_MD5
-# include <openssl/e_os2.h>
-# include <stddef.h>
-# ifdef  __cplusplus
+#  include <openssl/e_os2.h>
+#  include <stddef.h>
+#  ifdef  __cplusplus
 extern "C" {
-# endif
+#  endif
+
+#  define MD5_DIGEST_LENGTH 16
 
+#  if !defined(OPENSSL_NO_DEPRECATED_3_0)
 /*
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  * ! MD5_LONG has to be at least 32 bits wide.                     !
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  */
-# define MD5_LONG unsigned int
+#   define MD5_LONG unsigned int
 
-# define MD5_CBLOCK      64
-# define MD5_LBLOCK      (MD5_CBLOCK/4)
-# define MD5_DIGEST_LENGTH 16
+#   define MD5_CBLOCK      64
+#   define MD5_LBLOCK      (MD5_CBLOCK/4)
 
 typedef struct MD5state_st {
     MD5_LONG A, B, C, D;
@@ -42,15 +44,18 @@ typedef struct MD5state_st {
     MD5_LONG data[MD5_LBLOCK];
     unsigned int num;
 } MD5_CTX;
+#  endif
 
-int MD5_Init(MD5_CTX *c);
-int MD5_Update(MD5_CTX *c, const void *data, size_t len);
-int MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, const unsigned char *b);
-# ifdef  __cplusplus
+DEPRECATEDIN_3_0(int MD5_Init(MD5_CTX *c))
+DEPRECATEDIN_3_0(int MD5_Update(MD5_CTX *c, const void *data, size_t len))
+DEPRECATEDIN_3_0(int MD5_Final(unsigned char *md, MD5_CTX *c))
+DEPRECATEDIN_3_0(unsigned char *MD5(const unsigned char *d, size_t n,
+                                    unsigned char *md))
+DEPRECATEDIN_3_0(void MD5_Transform(MD5_CTX *c, const unsigned char *b))
+
+#  ifdef  __cplusplus
 }
-# endif
+#  endif
 # endif
 
 #endif
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index 18e584a161..eac7cdbba3 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -23,19 +23,21 @@
 extern "C" {
 # endif
 
+# define SHA_DIGEST_LENGTH 20
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 /*-
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  * ! SHA_LONG has to be at least 32 bits wide.                    !
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  */
-# define SHA_LONG unsigned int
+#  define SHA_LONG unsigned int
 
-# define SHA_LBLOCK      16
-# define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
-                                        * contiguous array of 32 bit wide
-                                        * big-endian values. */
-# define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
-# define SHA_DIGEST_LENGTH 20
+#  define SHA_LBLOCK      16
+#  define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
+                                         * contiguous array of 32 bit wide
+                                         * big-endian values. */
+#  define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
 
 typedef struct SHAstate_st {
     SHA_LONG h0, h1, h2, h3, h4;
@@ -43,14 +45,17 @@ typedef struct SHAstate_st {
     SHA_LONG data[SHA_LBLOCK];
     unsigned int num;
 } SHA_CTX;
+# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
 
-int SHA1_Init(SHA_CTX *c);
-int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
-void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+DEPRECATEDIN_3_0(int SHA1_Init(SHA_CTX *c))
+DEPRECATEDIN_3_0(int SHA1_Update(SHA_CTX *c, const void *data, size_t len))
+DEPRECATEDIN_3_0(int SHA1_Final(unsigned char *md, SHA_CTX *c))
+DEPRECATEDIN_3_0(unsigned char *SHA1(const unsigned char *d, size_t n,
+                 unsigned char *md))
+DEPRECATEDIN_3_0(void SHA1_Transform(SHA_CTX *c, const unsigned char *data))
 
-# define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
                                         * contiguous array of 32 bit wide
                                         * big-endian values. */
 
@@ -60,22 +65,27 @@ typedef struct SHA256state_st {
     SHA_LONG data[SHA_LBLOCK];
     unsigned int num, md_len;
 } SHA256_CTX;
-
-int SHA224_Init(SHA256_CTX *c);
-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
-int SHA256_Init(SHA256_CTX *c);
-int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
-void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
+
+DEPRECATEDIN_3_0(int SHA224_Init(SHA256_CTX *c))
+DEPRECATEDIN_3_0(int SHA224_Update(SHA256_CTX *c, const void *data, size_t len))
+DEPRECATEDIN_3_0(int SHA224_Final(unsigned char *md, SHA256_CTX *c))
+DEPRECATEDIN_3_0(unsigned char *SHA224(const unsigned char *d, size_t n,
+                                       unsigned char *md))
+DEPRECATEDIN_3_0(int SHA256_Init(SHA256_CTX *c))
+DEPRECATEDIN_3_0(int SHA256_Update(SHA256_CTX *c, const void *data, size_t len))
+DEPRECATEDIN_3_0(int SHA256_Final(unsigned char *md, SHA256_CTX *c))
+DEPRECATEDIN_3_0(unsigned char *SHA256(const unsigned char *d, size_t n,
+                                       unsigned char *md))
+DEPRECATEDIN_3_0(void SHA256_Transform(SHA256_CTX *c,
+                                       const unsigned char *data))
 
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
 # define SHA512_DIGEST_LENGTH    64
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 /*
  * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
  * being exactly 64-bit wide. See Implementation Notes in sha512.c
@@ -86,14 +96,14 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
  * contiguous array of 64 bit
  * wide big-endian values.
  */
-# define SHA512_CBLOCK   (SHA_LBLOCK*8)
-# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#  define SHA_LONG64 unsigned __int64
-# elif defined(__arch64__)
-#  define SHA_LONG64 unsigned long
-# else
-#  define SHA_LONG64 unsigned long long
-# endif
+#  define SHA512_CBLOCK   (SHA_LBLOCK*8)
+#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#   define SHA_LONG64 unsigned __int64
+#  elif defined(__arch64__)
+#   define SHA_LONG64 unsigned long
+#  else
+#   define SHA_LONG64 unsigned long long
+#  endif
 
 typedef struct SHA512state_st {
     SHA_LONG64 h[8];
@@ -104,16 +114,20 @@ typedef struct SHA512state_st {
     } u;
     unsigned int num, md_len;
 } SHA512_CTX;
-
-int SHA384_Init(SHA512_CTX *c);
-int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md);
-int SHA512_Init(SHA512_CTX *c);
-int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
-void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
+
+DEPRECATEDIN_3_0(int SHA384_Init(SHA512_CTX *c))
+DEPRECATEDIN_3_0(int SHA384_Update(SHA512_CTX *c, const void *data, size_t len))
+DEPRECATEDIN_3_0(int SHA384_Final(unsigned char *md, SHA512_CTX *c))
+DEPRECATEDIN_3_0(unsigned char *SHA384(const unsigned char *d, size_t n,
+                                       unsigned char *md))
+DEPRECATEDIN_3_0(int SHA512_Init(SHA512_CTX *c))
+DEPRECATEDIN_3_0(int SHA512_Update(SHA512_CTX *c, const void *data, size_t len))
+DEPRECATEDIN_3_0(int SHA512_Final(unsigned char *md, SHA512_CTX *c))
+DEPRECATEDIN_3_0(unsigned char *SHA512(const unsigned char *d, size_t n,
+                                       unsigned char *md))
+DEPRECATEDIN_3_0(void SHA512_Transform(SHA512_CTX *c,
+                                       const unsigned char *data))
 
 # ifdef  __cplusplus
 }
diff --git a/ssl/build.info b/ssl/build.info
index e5b7befbaa..fd9a16784e 100644
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -23,7 +23,7 @@ SOURCE[../libssl]=\
         pqueue.c ../crypto/packet.c \
         statem/statem_srvr.c statem/statem_clnt.c  s3_lib.c  s3_enc.c record/rec_layer_s3.c \
         statem/statem_lib.c statem/extensions.c statem/extensions_srvr.c \
-        statem/extensions_clnt.c statem/extensions_cust.c s3_cbc.c s3_msg.c \
+        statem/extensions_clnt.c statem/extensions_cust.c s3_msg.c \
         methods.c   t1_lib.c  t1_enc.c tls13_enc.c \
         d1_lib.c  record/rec_layer_d1.c d1_msg.c \
         statem/statem_dtls.c d1_srtp.c \
@@ -34,6 +34,9 @@ SOURCE[../libssl]=\
         record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \
         statem/statem.c record/ssl3_record_tls13.c record/tls_pad.c \
         $KTLSSRC
+IF[{- !$disabled{'deprecated-3.0'} -}]
+  SOURCE[../libssl]=s3_cbc.c
+ENDIF
 DEFINE[../libssl]=$AESDEF
 
 SOURCE[../providers/libcommon.a]=record/tls_pad.c
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index baa4f239bf..046d6f2054 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1307,6 +1307,25 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
     return 1;
 }
 
+/*
+ * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
+ * which ssl3_cbc_digest_record supports.
+ */
+char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
+{
+    switch (EVP_MD_CTX_type(ctx)) {
+    case NID_md5:
+    case NID_sha1:
+    case NID_sha224:
+    case NID_sha256:
+    case NID_sha384:
+    case NID_sha512:
+        return 1;
+    default:
+        return 0;
+    }
+}
+
 int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
 {
     unsigned char *mac_sec, *seq;
@@ -1335,6 +1354,9 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
     if (!sending &&
         EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
         ssl3_cbc_record_digest_supported(hash)) {
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+        return 0;
+#else
         /*
          * This is a CBC-encrypted record. We must avoid leaking any
          * timing-side channel information about how many blocks of data we
@@ -1368,6 +1390,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
                                    rec->length, rec->orig_len,
                                    mac_sec, md_size, 1) <= 0)
             return 0;
+#endif
     } else {
         unsigned int md_size_u;
         /* Chop the digest off the end :-) */
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 4895f43568..26f12654e4 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -132,25 +132,6 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
 #undef  LARGEST_DIGEST_CTX
 #define LARGEST_DIGEST_CTX SHA512_CTX
 
-/*
- * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
- * which ssl3_cbc_digest_record supports.
- */
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
-{
-    switch (EVP_MD_CTX_type(ctx)) {
-    case NID_md5:
-    case NID_sha1:
-    case NID_sha224:
-    case NID_sha256:
-    case NID_sha384:
-    case NID_sha512:
-        return 1;
-    default:
-        return 0;
-    }
-}
-
 /*-
  * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
  * record.
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 777d8ce8a8..e3ca2fe625 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1001,7 +1001,7 @@ i2d_PKCS8PrivateKey_nid_bio             1026	3_0_0	EXIST::FUNCTION:
 ERR_put_error                           1027	3_0_0	NOEXIST::FUNCTION:
 ERR_add_error_data                      1028	3_0_0	EXIST::FUNCTION:
 X509_ALGORS_it                          1029	3_0_0	EXIST::FUNCTION:
-MD5_Update                              1030	3_0_0	EXIST::FUNCTION:MD5
+MD5_Update                              1030	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5
 X509_policy_check                       1031	3_0_0	EXIST::FUNCTION:
 X509_CRL_METHOD_new                     1032	3_0_0	EXIST::FUNCTION:
 ASN1_ANY_it                             1033	3_0_0	EXIST::FUNCTION:
@@ -1145,7 +1145,7 @@ BN_security_bits                        1171	3_0_0	EXIST::FUNCTION:
 X509_PURPOSE_get0_name                  1172	3_0_0	EXIST::FUNCTION:
 TS_TST_INFO_get_serial                  1173	3_0_0	EXIST::FUNCTION:TS
 ASN1_PCTX_get_str_flags                 1174	3_0_0	EXIST::FUNCTION:
-SHA256                                  1175	3_0_0	EXIST::FUNCTION:
+SHA256                                  1175	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_LOOKUP_hash_dir                    1176	3_0_0	EXIST::FUNCTION:
 ASN1_BIT_STRING_check                   1177	3_0_0	EXIST::FUNCTION:
 ENGINE_set_default_RAND                 1178	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -1252,7 +1252,7 @@ ASN1_INTEGER_set_int64                  1280	3_0_0	EXIST::FUNCTION:
 ASN1_TIME_free                          1281	3_0_0	EXIST::FUNCTION:
 i2o_SCT_LIST                            1282	3_0_0	EXIST::FUNCTION:CT
 AES_encrypt                             1283	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-MD5_Init                                1284	3_0_0	EXIST::FUNCTION:MD5
+MD5_Init                                1284	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5
 UI_add_error_string                     1285	3_0_0	EXIST::FUNCTION:
 X509_TRUST_cleanup                      1286	3_0_0	EXIST::FUNCTION:
 PEM_read_X509                           1287	3_0_0	EXIST::FUNCTION:STDIO
@@ -1376,7 +1376,7 @@ EVP_MD_meth_get_cleanup                 1408	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 SRP_Calc_server_key                     1409	3_0_0	EXIST::FUNCTION:SRP
 BN_mod_exp_simple                       1410	3_0_0	EXIST::FUNCTION:
 BIO_set_ex_data                         1411	3_0_0	EXIST::FUNCTION:
-SHA512                                  1412	3_0_0	EXIST::FUNCTION:
+SHA512                                  1412	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_STORE_CTX_get_explicit_policy      1413	3_0_0	EXIST::FUNCTION:
 EVP_DecodeBlock                         1414	3_0_0	EXIST::FUNCTION:
 OCSP_REQ_CTX_http                       1415	3_0_0	EXIST::FUNCTION:
@@ -1441,7 +1441,7 @@ X509V3_section_free                     1474	3_0_0	EXIST::FUNCTION:
 CRYPTO_mem_debug_free                   1475	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 d2i_OCSP_REQUEST                        1476	3_0_0	EXIST::FUNCTION:OCSP
 ENGINE_get_cipher_engine                1477	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-SHA384_Final                            1478	3_0_0	EXIST::FUNCTION:
+SHA384_Final                            1478	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 TS_RESP_CTX_set_certs                   1479	3_0_0	EXIST::FUNCTION:TS
 BN_MONT_CTX_free                        1480	3_0_0	EXIST::FUNCTION:
 BN_GF2m_mod_solve_quad_arr              1481	3_0_0	EXIST::FUNCTION:EC2M
@@ -1467,7 +1467,7 @@ ASYNC_get_wait_ctx                      1500	3_0_0	EXIST::FUNCTION:
 ENGINE_set_load_privkey_function        1501	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 CRYPTO_ccm128_setiv                     1502	3_0_0	EXIST::FUNCTION:
 PKCS7_dataFinal                         1503	3_0_0	EXIST::FUNCTION:
-SHA1_Final                              1504	3_0_0	EXIST::FUNCTION:
+SHA1_Final                              1504	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 i2a_ASN1_STRING                         1505	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_CTX_rand_key                 1506	3_0_0	EXIST::FUNCTION:
 AES_set_encrypt_key                     1507	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -1835,7 +1835,7 @@ RSA_verify_ASN1_OCTET_STRING            1877	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 SCT_set_log_entry_type                  1878	3_0_0	EXIST::FUNCTION:CT
 BN_new                                  1879	3_0_0	EXIST::FUNCTION:
 X509_OBJECT_retrieve_by_subject         1880	3_0_0	EXIST::FUNCTION:
-MD5_Final                               1881	3_0_0	EXIST::FUNCTION:MD5
+MD5_Final                               1881	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5
 X509_STORE_set_verify_cb                1882	3_0_0	EXIST::FUNCTION:
 OCSP_REQUEST_print                      1883	3_0_0	EXIST::FUNCTION:OCSP
 CMS_add1_crl                            1884	3_0_0	EXIST::FUNCTION:CMS
@@ -1876,7 +1876,7 @@ CMS_SignedData_init                     1920	3_0_0	EXIST::FUNCTION:CMS
 X509_REQ_free                           1921	3_0_0	EXIST::FUNCTION:
 ASN1_INTEGER_set                        1922	3_0_0	EXIST::FUNCTION:
 EVP_DecodeFinal                         1923	3_0_0	EXIST::FUNCTION:
-MD5_Transform                           1925	3_0_0	EXIST::FUNCTION:MD5
+MD5_Transform                           1925	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5
 SRP_create_verifier_BN                  1926	3_0_0	EXIST::FUNCTION:SRP
 ENGINE_register_all_EC                  1927	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 EVP_camellia_128_ofb                    1928	3_0_0	EXIST::FUNCTION:CAMELLIA
@@ -1893,7 +1893,7 @@ PKCS5_PBE_keyivgen                      1938	3_0_0	EXIST::FUNCTION:
 i2d_OCSP_SERVICELOC                     1939	3_0_0	EXIST::FUNCTION:OCSP
 EC_POINT_copy                           1940	3_0_0	EXIST::FUNCTION:EC
 X509V3_EXT_CRL_add_nconf                1941	3_0_0	EXIST::FUNCTION:
-SHA256_Init                             1942	3_0_0	EXIST::FUNCTION:
+SHA256_Init                             1942	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_NAME_ENTRY_get_object              1943	3_0_0	EXIST::FUNCTION:
 ASN1_ENUMERATED_free                    1944	3_0_0	EXIST::FUNCTION:
 X509_CRL_set_meth_data                  1945	3_0_0	EXIST::FUNCTION:
@@ -1914,7 +1914,7 @@ EVP_PKEY_add1_attr                      1959	3_0_0	EXIST::FUNCTION:
 X509_STORE_CTX_purpose_inherit          1960	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_meth_get_keygen                1961	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 ENGINE_get_pkey_asn1_meth               1962	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-SHA256_Update                           1963	3_0_0	EXIST::FUNCTION:
+SHA256_Update                           1963	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 d2i_PKCS7_ISSUER_AND_SERIAL             1964	3_0_0	EXIST::FUNCTION:
 PKCS12_unpack_authsafes                 1965	3_0_0	EXIST::FUNCTION:
 X509_CRL_it                             1966	3_0_0	EXIST::FUNCTION:
@@ -2073,7 +2073,7 @@ BIO_s_file                              2118	3_0_0	EXIST::FUNCTION:
 RSA_X931_derive_ex                      2119	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
 EVP_PKEY_decrypt_init                   2120	3_0_0	EXIST::FUNCTION:
 ENGINE_get_destroy_function             2121	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-SHA224_Init                             2122	3_0_0	EXIST::FUNCTION:
+SHA224_Init                             2122	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509V3_EXT_add_conf                     2123	3_0_0	EXIST::FUNCTION:
 ASN1_object_size                        2124	3_0_0	EXIST::FUNCTION:
 X509_REVOKED_free                       2125	3_0_0	EXIST::FUNCTION:
@@ -2191,7 +2191,7 @@ PEM_write_bio_PKCS8_PRIV_KEY_INFO       2238	3_0_0	EXIST::FUNCTION:
 EC_GROUP_set_curve_GF2m                 2239	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M
 ENGINE_load_builtin_engines             2240	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 SRP_VBASE_init                          2241	3_0_0	EXIST::FUNCTION:SRP
-SHA224_Final                            2242	3_0_0	EXIST::FUNCTION:
+SHA224_Final                            2242	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 OCSP_CERTSTATUS_free                    2243	3_0_0	EXIST::FUNCTION:OCSP
 d2i_TS_TST_INFO                         2244	3_0_0	EXIST::FUNCTION:TS
 IPAddressOrRange_it                     2245	3_0_0	EXIST::FUNCTION:RFC3779
@@ -2201,7 +2201,7 @@ TS_OBJ_print_bio                        2248	3_0_0	EXIST::FUNCTION:TS
 X509_time_adj_ex                        2249	3_0_0	EXIST::FUNCTION:
 OCSP_request_add1_cert                  2250	3_0_0	EXIST::FUNCTION:OCSP
 ERR_load_X509_strings                   2251	3_0_0	EXIST::FUNCTION:
-SHA1_Transform                          2252	3_0_0	EXIST::FUNCTION:
+SHA1_Transform                          2252	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 CMS_signed_get_attr_by_NID              2253	3_0_0	EXIST::FUNCTION:CMS
 X509_STORE_CTX_get_by_subject           2254	3_0_0	EXIST::FUNCTION:
 ASN1_OCTET_STRING_it                    2255	3_0_0	EXIST::FUNCTION:
@@ -2461,7 +2461,7 @@ BN_generate_dsa_nonce                   2512	3_0_0	EXIST::FUNCTION:
 X509_verify_cert                        2513	3_0_0	EXIST::FUNCTION:
 X509_policy_level_get0_node             2514	3_0_0	EXIST::FUNCTION:
 X509_REQ_get_attr                       2515	3_0_0	EXIST::FUNCTION:
-SHA1                                    2516	3_0_0	EXIST::FUNCTION:
+SHA1                                    2516	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_print                              2517	3_0_0	EXIST::FUNCTION:
 d2i_AutoPrivateKey                      2518	3_0_0	EXIST::FUNCTION:
 X509_REQ_new                            2519	3_0_0	EXIST::FUNCTION:
@@ -2497,7 +2497,7 @@ d2i_NETSCAPE_CERT_SEQUENCE              2550	3_0_0	EXIST::FUNCTION:
 X509_CRL_set_version                    2551	3_0_0	EXIST::FUNCTION:
 ASN1_PCTX_set_cert_flags                2552	3_0_0	EXIST::FUNCTION:
 PKCS8_PRIV_KEY_INFO_free                2553	3_0_0	EXIST::FUNCTION:
-SHA224_Update                           2554	3_0_0	EXIST::FUNCTION:
+SHA224_Update                           2554	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EC_GROUP_new_by_curve_name              2555	3_0_0	EXIST::FUNCTION:EC
 X509_STORE_set_purpose                  2556	3_0_0	EXIST::FUNCTION:
 X509_CRL_get0_signature                 2557	3_0_0	EXIST::FUNCTION:
@@ -2728,7 +2728,7 @@ CMS_RecipientInfo_encrypt               2786	3_0_0	EXIST::FUNCTION:CMS
 X509_get_pubkey_parameters              2787	3_0_0	EXIST::FUNCTION:
 PKCS12_setup_mac                        2788	3_0_0	EXIST::FUNCTION:
 PEM_read_bio_PKCS7                      2789	3_0_0	EXIST::FUNCTION:
-SHA512_Final                            2790	3_0_0	EXIST::FUNCTION:
+SHA512_Final                            2790	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_VERIFY_PARAM_set1_host             2791	3_0_0	EXIST::FUNCTION:
 OCSP_resp_find_status                   2792	3_0_0	EXIST::FUNCTION:OCSP
 d2i_ASN1_T61STRING                      2793	3_0_0	EXIST::FUNCTION:
@@ -2902,14 +2902,14 @@ EC_curve_nid2nist                       2964	3_0_0	EXIST::FUNCTION:EC
 ENGINE_get_finish_function              2965	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 EC_POINT_add                            2966	3_0_0	EXIST::FUNCTION:EC
 EC_KEY_oct2key                          2967	3_0_0	EXIST::FUNCTION:EC
-SHA384_Init                             2968	3_0_0	EXIST::FUNCTION:
+SHA384_Init                             2968	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 ASN1_UNIVERSALSTRING_new                2969	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_print_private                  2970	3_0_0	EXIST::FUNCTION:
 ASN1_INTEGER_new                        2971	3_0_0	EXIST::FUNCTION:
 NAME_CONSTRAINTS_it                     2972	3_0_0	EXIST::FUNCTION:
 TS_REQ_get_cert_req                     2973	3_0_0	EXIST::FUNCTION:TS
 BIO_pop                                 2974	3_0_0	EXIST::FUNCTION:
-SHA256_Final                            2975	3_0_0	EXIST::FUNCTION:
+SHA256_Final                            2975	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_PKEY_set1_DH                        2976	3_0_0	EXIST::FUNCTION:DH
 DH_get_ex_data                          2977	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 CRYPTO_secure_malloc                    2978	3_0_0	EXIST::FUNCTION:
@@ -2929,7 +2929,7 @@ EC_GROUP_set_asn1_flag                  2991	3_0_0	EXIST::FUNCTION:EC
 EVP_PKEY_new                            2992	3_0_0	EXIST::FUNCTION:
 i2d_POLICYINFO                          2993	3_0_0	EXIST::FUNCTION:
 BN_get_flags                            2994	3_0_0	EXIST::FUNCTION:
-SHA384                                  2995	3_0_0	EXIST::FUNCTION:
+SHA384                                  2995	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 NCONF_get_string                        2996	3_0_0	EXIST::FUNCTION:
 d2i_PROXY_CERT_INFO_EXTENSION           2997	3_0_0	EXIST::FUNCTION:
 EC_POINT_point2buf                      2998	3_0_0	EXIST::FUNCTION:EC
@@ -2981,7 +2981,7 @@ i2d_X509_PUBKEY                         3045	3_0_0	EXIST::FUNCTION:
 EVP_DecryptUpdate                       3046	3_0_0	EXIST::FUNCTION:
 CAST_cbc_encrypt                        3047	3_0_0	EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
 BN_BLINDING_invert                      3048	3_0_0	EXIST::FUNCTION:
-SHA512_Update                           3049	3_0_0	EXIST::FUNCTION:
+SHA512_Update                           3049	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 ESS_ISSUER_SERIAL_new                   3050	3_0_0	EXIST::FUNCTION:
 PKCS12_SAFEBAG_get0_pkcs8               3051	3_0_0	EXIST::FUNCTION:
 X509_get_ext_by_NID                     3052	3_0_0	EXIST::FUNCTION:
@@ -3003,7 +3003,7 @@ EVP_des_ede_cfb64                       3067	3_0_0	EXIST::FUNCTION:DES
 d2i_RSAPrivateKey                       3068	3_0_0	EXIST::FUNCTION:RSA
 ERR_load_BN_strings                     3069	3_0_0	EXIST::FUNCTION:
 BF_encrypt                              3070	3_0_0	EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
-MD5                                     3071	3_0_0	EXIST::FUNCTION:MD5
+MD5                                     3071	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5
 BN_GF2m_arr2poly                        3072	3_0_0	EXIST::FUNCTION:EC2M
 EVP_PKEY_meth_get_ctrl                  3073	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 i2d_X509_REQ_bio                        3074	3_0_0	EXIST::FUNCTION:
@@ -3326,7 +3326,7 @@ d2i_PKCS8_PRIV_KEY_INFO_fp              3395	3_0_0	EXIST::FUNCTION:STDIO
 X509_OBJECT_retrieve_match              3396	3_0_0	EXIST::FUNCTION:
 EVP_aes_128_ctr                         3397	3_0_0	EXIST::FUNCTION:
 EVP_PBE_find                            3398	3_0_0	EXIST::FUNCTION:
-SHA512_Transform                        3399	3_0_0	EXIST::FUNCTION:
+SHA512_Transform                        3399	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 ERR_add_error_vdata                     3400	3_0_0	EXIST::FUNCTION:
 OCSP_REQUEST_get_ext                    3401	3_0_0	EXIST::FUNCTION:OCSP
 NETSCAPE_SPKAC_new                      3402	3_0_0	EXIST::FUNCTION:
@@ -3363,7 +3363,7 @@ EVP_OpenFinal                           3432	3_0_0	EXIST::FUNCTION:RSA
 RAND_egd_bytes                          3433	3_0_0	EXIST::FUNCTION:EGD
 UI_method_get_writer                    3434	3_0_0	EXIST::FUNCTION:
 BN_secure_new                           3435	3_0_0	EXIST::FUNCTION:
-SHA1_Update                             3437	3_0_0	EXIST::FUNCTION:
+SHA1_Update                             3437	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 BIO_s_connect                           3438	3_0_0	EXIST::FUNCTION:SOCK
 EVP_MD_meth_get_init                    3439	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 ASN1_BIT_STRING_free                    3440	3_0_0	EXIST::FUNCTION:
@@ -3513,7 +3513,7 @@ EVP_MD_meth_dup                         3588	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 ENGINE_unregister_ciphers               3589	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 X509_issuer_and_serial_cmp              3590	3_0_0	EXIST::FUNCTION:
 OCSP_response_create                    3591	3_0_0	EXIST::FUNCTION:OCSP
-SHA224                                  3592	3_0_0	EXIST::FUNCTION:
+SHA224                                  3592	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 MD2_options                             3593	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2
 X509_REQ_it                             3595	3_0_0	EXIST::FUNCTION:
 RAND_bytes                              3596	3_0_0	EXIST::FUNCTION:
@@ -3554,7 +3554,7 @@ PKCS5_pbe_set                           3631	3_0_0	EXIST::FUNCTION:
 TS_RESP_CTX_free                        3632	3_0_0	EXIST::FUNCTION:TS
 d2i_PUBKEY                              3633	3_0_0	EXIST::FUNCTION:
 ASYNC_cleanup_thread                    3634	3_0_0	EXIST::FUNCTION:
-SHA384_Update                           3635	3_0_0	EXIST::FUNCTION:
+SHA384_Update                           3635	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 CRYPTO_cfb128_1_encrypt                 3636	3_0_0	EXIST::FUNCTION:
 BIO_set_cipher                          3637	3_0_0	EXIST::FUNCTION:
 PEM_read_PUBKEY                         3638	3_0_0	EXIST::FUNCTION:STDIO
@@ -3576,7 +3576,7 @@ Camellia_ecb_encrypt                    3654	3_0_0	EXIST::FUNCTION:CAMELLIA,DEPR
 ENGINE_set_default_RSA                  3655	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 EVP_EncodeBlock                         3656	3_0_0	EXIST::FUNCTION:
 SXNETID_free                            3657	3_0_0	EXIST::FUNCTION:
-SHA1_Init                               3658	3_0_0	EXIST::FUNCTION:
+SHA1_Init                               3658	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 CRYPTO_atomic_add                       3659	3_0_0	EXIST::FUNCTION:
 TS_CONF_load_certs                      3660	3_0_0	EXIST::FUNCTION:TS
 PEM_write_bio_DSAPrivateKey             3661	3_0_0	EXIST::FUNCTION:DSA
@@ -3599,7 +3599,7 @@ CRYPTO_mem_ctrl                         3678	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG
 ASN1_verify                             3679	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 DSA_generate_parameters_ex              3680	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
 X509_sign                               3681	3_0_0	EXIST::FUNCTION:
-SHA256_Transform                        3682	3_0_0	EXIST::FUNCTION:
+SHA256_Transform                        3682	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 BIO_ADDR_free                           3683	3_0_0	EXIST::FUNCTION:SOCK
 ASN1_STRING_free                        3684	3_0_0	EXIST::FUNCTION:
 X509_VERIFY_PARAM_inherit               3685	3_0_0	EXIST::FUNCTION:
@@ -3816,7 +3816,7 @@ CRL_DIST_POINTS_free                    3899	3_0_0	EXIST::FUNCTION:
 d2i_OCSP_SINGLERESP                     3900	3_0_0	EXIST::FUNCTION:OCSP
 EVP_CIPHER_CTX_num                      3901	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_verify_recover_init            3902	3_0_0	EXIST::FUNCTION:
-SHA512_Init                             3903	3_0_0	EXIST::FUNCTION:
+SHA512_Init                             3903	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 TS_MSG_IMPRINT_set_msg                  3904	3_0_0	EXIST::FUNCTION:TS
 CMS_unsigned_add1_attr                  3905	3_0_0	EXIST::FUNCTION:CMS
 OPENSSL_LH_doall                        3906	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list