[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Tue Feb 2 10:48:08 UTC 2021
The branch master has been updated
via 7ff9fdd4b31757f70080bd3fa2e633ca080408a4 (commit)
from d3372c2f35495d0c61ab09daf7fba3ecbbb595aa (commit)
- Log -----------------------------------------------------------------
commit 7ff9fdd4b31757f70080bd3fa2e633ca080408a4
Author: Rich Salz <rsalz at akamai.com>
Date: Thu Jan 28 10:17:13 2021 -0500
Deprecate X509_certificate_type
Fixes: #13997
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14002)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 6 ++++++
crypto/x509/build.info | 6 +++++-
include/openssl/evp.h | 22 ++++++++++++----------
include/openssl/x509.h.in | 3 ++-
util/libcrypto.num | 2 +-
5 files changed, 26 insertions(+), 13 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index e512b080c7..c10593c327 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,12 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * The undocumented function X509_certificate_type() has been deprecated;
+ applications can use X509_get0_pubkey() and X509_get0_signature() to
+ get the same information.
+
+ *Rich Salz*
+
* Deprecated the obsolete X9.31 RSA key generation related functions
BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
BN_X931_generate_prime_ex().
diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index 93019cc5e6..05c8e3003b 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\
x509_obj.c x509_req.c x509spki.c x509_vfy.c \
x509_set.c x509cset.c x509rset.c x509_err.c \
x509name.c x509_v3.c x509_ext.c x509_att.c \
- x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \
+ x509_meth.c x509_lu.c x_all.c x509_txt.c \
x509_trs.c by_file.c by_dir.c by_store.c x509_vpm.c \
x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c \
@@ -15,3 +15,7 @@ SOURCE[../../libcrypto]=\
v3_pcia.c v3_pci.c v3_ist.c \
pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
+
+IF[{- !$disabled{'deprecated-3.0'} -}]
+ SOURCE[../../libcrypto]=x509type.c
+ENDIF
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 68f2543a60..3b967202da 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -37,16 +37,18 @@
# include <openssl/objects.h>
-# define EVP_PK_RSA 0x0001
-# define EVP_PK_DSA 0x0002
-# define EVP_PK_DH 0x0004
-# define EVP_PK_EC 0x0008
-# define EVP_PKT_SIGN 0x0010
-# define EVP_PKT_ENC 0x0020
-# define EVP_PKT_EXCH 0x0040
-# define EVP_PKS_RSA 0x0100
-# define EVP_PKS_DSA 0x0200
-# define EVP_PKS_EC 0x0400
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define EVP_PK_RSA 0x0001
+# define EVP_PK_DSA 0x0002
+# define EVP_PK_DH 0x0004
+# define EVP_PK_EC 0x0008
+# define EVP_PKT_SIGN 0x0010
+# define EVP_PKT_ENC 0x0020
+# define EVP_PKT_EXCH 0x0040
+# define EVP_PKS_RSA 0x0100
+# define EVP_PKS_DSA 0x0200
+# define EVP_PKS_EC 0x0400
+# endif
# define EVP_PKEY_NONE NID_undef
# define EVP_PKEY_RSA NID_rsaEncryption
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 8a3cb2e4d0..7aef798e5b 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -726,7 +726,6 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
EVP_PKEY *X509_get0_pubkey(const X509 *x);
EVP_PKEY *X509_get_pubkey(X509 *x);
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
-int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
long X509_REQ_get_version(const X509_REQ *req);
int X509_REQ_set_version(X509_REQ *x, long version);
@@ -838,6 +837,8 @@ int X509_cmp(const X509 *a, const X509 *b);
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
#ifndef OPENSSL_NO_DEPRECATED_3_0
# define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL)
+OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x,
+ const EVP_PKEY *pubkey);
#endif
unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx,
const char *propq, int *ok);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index f519518395..77612218c7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -693,7 +693,7 @@ X509_add1_reject_object 710 3_0_0 EXIST::FUNCTION:
ERR_set_mark 711 3_0_0 EXIST::FUNCTION:
d2i_ASN1_VISIBLESTRING 712 3_0_0 EXIST::FUNCTION:
X509_NAME_ENTRY_dup 714 3_0_0 EXIST::FUNCTION:
-X509_certificate_type 715 3_0_0 EXIST::FUNCTION:
+X509_certificate_type 715 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PKCS7_add_signature 716 3_0_0 EXIST::FUNCTION:
OBJ_ln2nid 717 3_0_0 EXIST::FUNCTION:
CRYPTO_128_unwrap 718 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list