[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Tue Feb 9 12:41:24 UTC 2021
The branch master has been updated
via 4d2a6159db1060ca38a3808cfa60bac46737c670 (commit)
from 604b86d8d360e36fc2fc0d1611d05bf38699d297 (commit)
- Log -----------------------------------------------------------------
commit 4d2a6159db1060ca38a3808cfa60bac46737c670
Author: Tomas Mraz <tomas at openssl.org>
Date: Thu Feb 4 19:25:44 2021 +0100
Deprecate BN_pseudo_rand() and BN_pseudo_rand_range()
The functions are obsolete aliases for BN_rand() and BN_rand_range()
since 1.1.0.
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14080)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 6 ++++++
crypto/bn/bn_rand.c | 2 ++
doc/man3/BN_rand.pod | 15 +++++++++------
include/openssl/bn.h | 4 ++++
test/ec_internal_test.c | 4 ++--
util/libcrypto.num | 4 ++--
6 files changed, 25 insertions(+), 10 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 7c934935eb..318cce84fc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -40,6 +40,12 @@ OpenSSL 3.0
*Rich Salz*
+ * Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range()
+ functions. They are identical to BN_rand() and BN_rand_range()
+ respectively.
+
+ *Tomáš Mráz*
+
* Deprecated the obsolete X9.31 RSA key generation related functions
BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
BN_X931_generate_prime_ex().
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index c6dd6e8814..3068c28710 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -217,6 +217,7 @@ int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
return bnrand_range(PRIVATE, r, range, NULL);
}
+# ifndef OPENSSL_NO_DEPRECATED_3_0
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return BN_rand(rnd, bits, top, bottom);
@@ -226,6 +227,7 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
{
return BN_rand_range(r, range);
}
+# endif
#endif
/*
diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod
index 01c3ff4dd1..38ef8f47f0 100644
--- a/doc/man3/BN_rand.pod
+++ b/doc/man3/BN_rand.pod
@@ -17,14 +17,17 @@ BN_pseudo_rand_range
int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
-
int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+OPENSSL_API_COMPAT with a suitable version value, see
+openssl_user_macros(7):
+
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
=head1 DESCRIPTION
@@ -93,13 +96,13 @@ L<EVP_RAND(7)>
Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical
to BN_rand() and BN_pseudo_rand_range() has been identical to
BN_rand_range().
-The "pseudo" functions should not be used and may be deprecated in
-a future release.
+The BN_pseudo_rand() and BN_pseudo_rand_range() functions were
+deprecated in OpenSSL 3.0.
=item *
-The
-BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.
+The BN_priv_rand() and BN_priv_rand_range() functions were added in
+OpenSSL 1.1.1.
=item *
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 39383f8509..1e4b27bf02 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -222,8 +222,12 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+OSSL_DEPRECATEDIN_3_0
int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+# endif
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG l);
int BN_security_bits(int L, int N);
diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
index d3db698467..345ce199c5 100644
--- a/test/ec_internal_test.c
+++ b/test/ec_internal_test.c
@@ -38,8 +38,8 @@ static int group_field_tests(const EC_GROUP *group, BN_CTX *ctx)
|| !TEST_true(group->meth->field_inv(group, b, BN_value_one(), ctx))
|| !TEST_true(BN_is_one(b))
/* (1/a)*a = 1 */
- || !TEST_true(BN_pseudo_rand(a, BN_num_bits(group->field) - 1,
- BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+ || !TEST_true(BN_rand(a, BN_num_bits(group->field) - 1,
+ BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
|| !TEST_true(group->meth->field_inv(group, b, a, ctx))
|| (group->meth->field_encode &&
!TEST_true(group->meth->field_encode(group, a, a, ctx)))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index f72749f062..226e496fc9 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2423,7 +2423,7 @@ EC_POINT_get_Jprojective_coordinates_GFp 2473 3_0_0 EXIST::FUNCTION:DEPRECATEDIN
EVP_aes_128_cbc_hmac_sha256 2474 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_SIGNED 2475 3_0_0 EXIST::FUNCTION:
TS_VERIFY_CTX_set_data 2476 3_0_0 EXIST::FUNCTION:TS
-BN_pseudo_rand_range 2477 3_0_0 EXIST::FUNCTION:
+BN_pseudo_rand_range 2477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509V3_EXT_add_nconf 2478 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_ctrl 2479 3_0_0 EXIST::FUNCTION:
ASN1_T61STRING_it 2480 3_0_0 EXIST::FUNCTION:
@@ -3435,7 +3435,7 @@ X509_check_host 3506 3_0_0 EXIST::FUNCTION:
PEM_read_ECPKParameters 3507 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509_ATTRIBUTE_get0_data 3508 3_0_0 EXIST::FUNCTION:
CMS_add1_signer 3509 3_0_0 EXIST::FUNCTION:CMS
-BN_pseudo_rand 3510 3_0_0 EXIST::FUNCTION:
+BN_pseudo_rand 3510 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
d2i_DIRECTORYSTRING 3511 3_0_0 EXIST::FUNCTION:
d2i_ASN1_PRINTABLE 3512 3_0_0 EXIST::FUNCTION:
EVP_PKEY_add1_attr_by_NID 3513 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list