[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Tue Feb 2 10:48:08 UTC 2021


The branch master has been updated
       via  7ff9fdd4b31757f70080bd3fa2e633ca080408a4 (commit)
      from  d3372c2f35495d0c61ab09daf7fba3ecbbb595aa (commit)


- Log -----------------------------------------------------------------
commit 7ff9fdd4b31757f70080bd3fa2e633ca080408a4
Author: Rich Salz <rsalz at akamai.com>
Date:   Thu Jan 28 10:17:13 2021 -0500

    Deprecate X509_certificate_type
    
    Fixes: #13997
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14002)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                |  6 ++++++
 crypto/x509/build.info    |  6 +++++-
 include/openssl/evp.h     | 22 ++++++++++++----------
 include/openssl/x509.h.in |  3 ++-
 util/libcrypto.num        |  2 +-
 5 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index e512b080c7..c10593c327 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,12 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * The undocumented function X509_certificate_type() has been deprecated;
+   applications can use X509_get0_pubkey() and X509_get0_signature() to
+   get the same information.
+
+   *Rich Salz*
+
  * Deprecated the obsolete X9.31 RSA key generation related functions
    BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
    BN_X931_generate_prime_ex().
diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index 93019cc5e6..05c8e3003b 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\
         x509_obj.c x509_req.c x509spki.c x509_vfy.c \
         x509_set.c x509cset.c x509rset.c x509_err.c \
         x509name.c x509_v3.c x509_ext.c x509_att.c \
-        x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \
+        x509_meth.c x509_lu.c x_all.c x509_txt.c \
         x509_trs.c by_file.c by_dir.c by_store.c x509_vpm.c \
         x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
         x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c \
@@ -15,3 +15,7 @@ SOURCE[../../libcrypto]=\
         v3_pcia.c v3_pci.c v3_ist.c \
         pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
         v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
+
+IF[{- !$disabled{'deprecated-3.0'} -}]
+  SOURCE[../../libcrypto]=x509type.c
+ENDIF
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 68f2543a60..3b967202da 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -37,16 +37,18 @@
 
 # include <openssl/objects.h>
 
-# define EVP_PK_RSA      0x0001
-# define EVP_PK_DSA      0x0002
-# define EVP_PK_DH       0x0004
-# define EVP_PK_EC       0x0008
-# define EVP_PKT_SIGN    0x0010
-# define EVP_PKT_ENC     0x0020
-# define EVP_PKT_EXCH    0x0040
-# define EVP_PKS_RSA     0x0100
-# define EVP_PKS_DSA     0x0200
-# define EVP_PKS_EC      0x0400
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define EVP_PK_RSA      0x0001
+#  define EVP_PK_DSA      0x0002
+#  define EVP_PK_DH       0x0004
+#  define EVP_PK_EC       0x0008
+#  define EVP_PKT_SIGN    0x0010
+#  define EVP_PKT_ENC     0x0020
+#  define EVP_PKT_EXCH    0x0040
+#  define EVP_PKS_RSA     0x0100
+#  define EVP_PKS_DSA     0x0200
+#  define EVP_PKS_EC      0x0400
+# endif
 
 # define EVP_PKEY_NONE   NID_undef
 # define EVP_PKEY_RSA    NID_rsaEncryption
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 8a3cb2e4d0..7aef798e5b 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -726,7 +726,6 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 EVP_PKEY *X509_get0_pubkey(const X509 *x);
 EVP_PKEY *X509_get_pubkey(X509 *x);
 ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
-int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
 
 long X509_REQ_get_version(const X509_REQ *req);
 int X509_REQ_set_version(X509_REQ *x, long version);
@@ -838,6 +837,8 @@ int X509_cmp(const X509 *a, const X509 *b);
 int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 # define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL)
+OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x,
+                                                const EVP_PKEY *pubkey);
 #endif
 unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx,
                                 const char *propq, int *ok);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index f519518395..77612218c7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -693,7 +693,7 @@ X509_add1_reject_object                 710	3_0_0	EXIST::FUNCTION:
 ERR_set_mark                            711	3_0_0	EXIST::FUNCTION:
 d2i_ASN1_VISIBLESTRING                  712	3_0_0	EXIST::FUNCTION:
 X509_NAME_ENTRY_dup                     714	3_0_0	EXIST::FUNCTION:
-X509_certificate_type                   715	3_0_0	EXIST::FUNCTION:
+X509_certificate_type                   715	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 PKCS7_add_signature                     716	3_0_0	EXIST::FUNCTION:
 OBJ_ln2nid                              717	3_0_0	EXIST::FUNCTION:
 CRYPTO_128_unwrap                       718	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list