[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Wed Feb 3 10:12:35 UTC 2021


The branch master has been updated
       via  1409b5f664f21a52d23d7b9d0e0f962e2bde2b9e (commit)
      from  66194839fe9ae48cff51a4cdac25760a13b3868c (commit)


- Log -----------------------------------------------------------------
commit 1409b5f664f21a52d23d7b9d0e0f962e2bde2b9e
Author: Rich Salz <rsalz at akamai.com>
Date:   Thu Jan 28 15:47:53 2021 -0500

    Deprecate EVP_MD_CTX_{set_}update_fn()
    
    They are still used internally in legacy code.
    
    Also fixed up some minor things in EVP_DigestInit.pod
    
    Fixes: #14003
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14008)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                  |  5 +++++
 doc/man3/EVP_DigestInit.pod | 24 ++++++++++++++++--------
 include/openssl/evp.h       |  4 ++++
 util/libcrypto.num          |  4 ++--
 4 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 6877e8ad94..d80016560e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -35,6 +35,11 @@ OpenSSL 3.0
 
    *Tomáš Mráz*
 
+ * Deprecate EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
+   as they are not useful with non-deprecated functions.
+
+   *Rich Salz*
+
  * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
    OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
    OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 082f26370c..3a17243976 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -80,11 +80,6 @@ EVP_MD_do_all_provided
  int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
  int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
  void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
- int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
-                                              const void *data, size_t count);
- void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
-                               int (*update)(EVP_MD_CTX *ctx,
-                                             const void *data, size_t count));
 
  const EVP_MD *EVP_md_null(void);
 
@@ -99,6 +94,17 @@ EVP_MD_do_all_provided
                              void (*fn)(EVP_MD *mac, void *arg),
                              void *arg);
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                              const void *data, size_t count);
+
+ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                               int (*update)(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count));
+
 =head1 DESCRIPTION
 
 The EVP digest routines are a high-level interface to message digests,
@@ -325,7 +331,7 @@ should not be used after the EVP_MD_CTX is freed.
 =item EVP_MD_CTX_set_update_fn()
 
 Sets the update function for I<ctx> to I<update>.
-This is the function that is called by EVP_DigestUpdate. If not set, the
+This is the function that is called by EVP_DigestUpdate(). If not set, the
 update function from the B<EVP_MD> type specified at initialization is used.
 
 =item EVP_MD_CTX_update_fn()
@@ -645,10 +651,12 @@ later, so now EVP_sha1() can be used with RSA and DSA.
 
 The EVP_dss1() function was removed in OpenSSL 1.1.0.
 
-The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.
+The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1.
 
 The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_CTX_set_params()
-and EVP_MD_CTX_get_params() functions were added in 3.0.
+and EVP_MD_CTX_get_params() functions were added in OpenSSL 3.0.
+The EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated
+in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 3b967202da..f5e3592c30 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -533,11 +533,15 @@ int EVP_MD_block_size(const EVP_MD *md);
 unsigned long EVP_MD_flags(const EVP_MD *md);
 
 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
                                              const void *data, size_t count);
+OSSL_DEPRECATEDIN_3_0
 void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
                               int (*update) (EVP_MD_CTX *ctx,
                                              const void *data, size_t count));
+# endif
 # define EVP_MD_CTX_name(e)              EVP_MD_name(EVP_MD_CTX_md(e))
 # define EVP_MD_CTX_size(e)              EVP_MD_size(EVP_MD_CTX_md(e))
 # define EVP_MD_CTX_block_size(e)        EVP_MD_block_size(EVP_MD_CTX_md(e))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 77612218c7..cbba0768b1 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2524,7 +2524,7 @@ EVP_PKEY_meth_new                       2577	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 RSA_padding_check_PKCS1_OAEP            2578	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 OCSP_SERVICELOC_it                      2579	3_0_0	EXIST::FUNCTION:OCSP
 PKCS12_SAFEBAG_get_nid                  2580	3_0_0	EXIST::FUNCTION:
-EVP_MD_CTX_set_update_fn                2581	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_set_update_fn                2581	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 BIO_f_asn1                              2582	3_0_0	EXIST::FUNCTION:
 BIO_dump                                2583	3_0_0	EXIST::FUNCTION:
 ENGINE_load_ssl_client_cert             2584	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -3106,7 +3106,7 @@ IDEA_cfb64_encrypt                      3170	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 BN_mod_sub                              3171	3_0_0	EXIST::FUNCTION:
 ASN1_NULL_new                           3172	3_0_0	EXIST::FUNCTION:
 HMAC_Init                               3173	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0
-EVP_MD_CTX_update_fn                    3174	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_update_fn                    3174	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_aes_128_ecb                         3175	3_0_0	EXIST::FUNCTION:
 i2d_PKCS7_bio_stream                    3176	3_0_0	EXIST::FUNCTION:
 i2a_ACCESS_DESCRIPTION                  3178	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list