[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Tue Feb 9 12:41:24 UTC 2021 

The branch master has been updated
       via  4d2a6159db1060ca38a3808cfa60bac46737c670 (commit)
      from  604b86d8d360e36fc2fc0d1611d05bf38699d297 (commit)


- Log -----------------------------------------------------------------
commit 4d2a6159db1060ca38a3808cfa60bac46737c670
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Feb 4 19:25:44 2021 +0100

    Deprecate BN_pseudo_rand() and BN_pseudo_rand_range()
    
    The functions are obsolete aliases for BN_rand() and BN_rand_range()
    since 1.1.0.
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14080)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md              |  6 ++++++
 crypto/bn/bn_rand.c     |  2 ++
 doc/man3/BN_rand.pod    | 15 +++++++++------
 include/openssl/bn.h    |  4 ++++
 test/ec_internal_test.c |  4 ++--
 util/libcrypto.num      |  4 ++--
 6 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 7c934935eb..318cce84fc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -40,6 +40,12 @@ OpenSSL 3.0
 
    *Rich Salz*
 
+ * Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range()
+   functions. They are identical to BN_rand() and BN_rand_range()
+   respectively.
+
+   *Tomáš Mráz*
+
  * Deprecated the obsolete X9.31 RSA key generation related functions
    BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
    BN_X931_generate_prime_ex().
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index c6dd6e8814..3068c28710 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -217,6 +217,7 @@ int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
     return bnrand_range(PRIVATE, r, range, NULL);
 }
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
     return BN_rand(rnd, bits, top, bottom);
@@ -226,6 +227,7 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
 {
     return BN_rand_range(r, range);
 }
+# endif
 #endif
 
 /*
diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod
index 01c3ff4dd1..38ef8f47f0 100644
--- a/doc/man3/BN_rand.pod
+++ b/doc/man3/BN_rand.pod
@@ -17,14 +17,17 @@ BN_pseudo_rand_range
  int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
  int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
 
- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
-
  int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
  int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 
  int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
  int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+OPENSSL_API_COMPAT with a suitable version value, see
+openssl_user_macros(7):
+
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
  int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
 
 =head1 DESCRIPTION
@@ -93,13 +96,13 @@ L<EVP_RAND(7)>
 Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical
 to BN_rand() and BN_pseudo_rand_range() has been identical to
 BN_rand_range().
-The "pseudo" functions should not be used and may be deprecated in
-a future release.
+The BN_pseudo_rand() and BN_pseudo_rand_range() functions were
+deprecated in OpenSSL 3.0.
 
 =item *
 
-The
-BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.
+The BN_priv_rand() and BN_priv_rand_range() functions were added in
+OpenSSL 1.1.1.
 
 =item *
 
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 39383f8509..1e4b27bf02 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -222,8 +222,12 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
 int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
 int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
 int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+OSSL_DEPRECATEDIN_3_0
 int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+# endif
 int BN_num_bits(const BIGNUM *a);
 int BN_num_bits_word(BN_ULONG l);
 int BN_security_bits(int L, int N);
diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
index d3db698467..345ce199c5 100644
--- a/test/ec_internal_test.c
+++ b/test/ec_internal_test.c
@@ -38,8 +38,8 @@ static int group_field_tests(const EC_GROUP *group, BN_CTX *ctx)
         || !TEST_true(group->meth->field_inv(group, b, BN_value_one(), ctx))
         || !TEST_true(BN_is_one(b))
         /* (1/a)*a = 1 */
-        || !TEST_true(BN_pseudo_rand(a, BN_num_bits(group->field) - 1,
-                                     BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+        || !TEST_true(BN_rand(a, BN_num_bits(group->field) - 1,
+                              BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
         || !TEST_true(group->meth->field_inv(group, b, a, ctx))
         || (group->meth->field_encode &&
             !TEST_true(group->meth->field_encode(group, a, a, ctx)))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index f72749f062..226e496fc9 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2423,7 +2423,7 @@ EC_POINT_get_Jprojective_coordinates_GFp 2473	3_0_0	EXIST::FUNCTION:DEPRECATEDIN
 EVP_aes_128_cbc_hmac_sha256             2474	3_0_0	EXIST::FUNCTION:
 i2d_PKCS7_SIGNED                        2475	3_0_0	EXIST::FUNCTION:
 TS_VERIFY_CTX_set_data                  2476	3_0_0	EXIST::FUNCTION:TS
-BN_pseudo_rand_range                    2477	3_0_0	EXIST::FUNCTION:
+BN_pseudo_rand_range                    2477	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509V3_EXT_add_nconf                    2478	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_CTX_ctrl                     2479	3_0_0	EXIST::FUNCTION:
 ASN1_T61STRING_it                       2480	3_0_0	EXIST::FUNCTION:
@@ -3435,7 +3435,7 @@ X509_check_host                         3506	3_0_0	EXIST::FUNCTION:
 PEM_read_ECPKParameters                 3507	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 X509_ATTRIBUTE_get0_data                3508	3_0_0	EXIST::FUNCTION:
 CMS_add1_signer                         3509	3_0_0	EXIST::FUNCTION:CMS
-BN_pseudo_rand                          3510	3_0_0	EXIST::FUNCTION:
+BN_pseudo_rand                          3510	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 d2i_DIRECTORYSTRING                     3511	3_0_0	EXIST::FUNCTION:
 d2i_ASN1_PRINTABLE                      3512	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_add1_attr_by_NID               3513	3_0_0	EXIST::FUNCTION:

More information about the openssl-commits mailing list