From 1409b5f664f21a52d23d7b9d0e0f962e2bde2b9e Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 28 Jan 2021 15:47:53 -0500 Subject: [PATCH] Deprecate EVP_MD_CTX_{set_}update_fn() They are still used internally in legacy code. Also fixed up some minor things in EVP_DigestInit.pod Fixes: #14003 Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14008) --- CHANGES.md | 5 +++++ doc/man3/EVP_DigestInit.pod | 24 ++++++++++++++++-------- include/openssl/evp.h | 4 ++++ util/libcrypto.num | 4 ++-- 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6877e8ad94..d80016560e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -35,6 +35,11 @@ OpenSSL 3.0 *Tomáš Mráz* + * Deprecate EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn() + as they are not useful with non-deprecated functions. + + *Rich Salz* + * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(), OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(), diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 082f26370c..3a17243976 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -80,11 +80,6 @@ EVP_MD_do_all_provided int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); - int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, - const void *data, size_t count); - void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, - int (*update)(EVP_MD_CTX *ctx, - const void *data, size_t count)); const EVP_MD *EVP_md_null(void); @@ -99,6 +94,17 @@ EVP_MD_do_all_provided void (*fn)(EVP_MD *mac, void *arg), void *arg); +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); + + void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update)(EVP_MD_CTX *ctx, + const void *data, size_t count)); + =head1 DESCRIPTION The EVP digest routines are a high-level interface to message digests, @@ -325,7 +331,7 @@ should not be used after the EVP_MD_CTX is freed. =item EVP_MD_CTX_set_update_fn() Sets the update function for I to I. -This is the function that is called by EVP_DigestUpdate. If not set, the +This is the function that is called by EVP_DigestUpdate(). If not set, the update function from the B type specified at initialization is used. =item EVP_MD_CTX_update_fn() @@ -645,10 +651,12 @@ later, so now EVP_sha1() can be used with RSA and DSA. The EVP_dss1() function was removed in OpenSSL 1.1.0. -The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. +The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1. The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_CTX_set_params() -and EVP_MD_CTX_get_params() functions were added in 3.0. +and EVP_MD_CTX_get_params() functions were added in OpenSSL 3.0. +The EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated +in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 3b967202da..f5e3592c30 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -533,11 +533,15 @@ int EVP_MD_block_size(const EVP_MD *md); unsigned long EVP_MD_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, const void *data, size_t count); +OSSL_DEPRECATEDIN_3_0 void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count)); +# endif # define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) diff --git a/util/libcrypto.num b/util/libcrypto.num index 77612218c7..cbba0768b1 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2524,7 +2524,7 @@ EVP_PKEY_meth_new 2577 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ RSA_padding_check_PKCS1_OAEP 2578 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OCSP_SERVICELOC_it 2579 3_0_0 EXIST::FUNCTION:OCSP PKCS12_SAFEBAG_get_nid 2580 3_0_0 EXIST::FUNCTION: -EVP_MD_CTX_set_update_fn 2581 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_set_update_fn 2581 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 BIO_f_asn1 2582 3_0_0 EXIST::FUNCTION: BIO_dump 2583 3_0_0 EXIST::FUNCTION: ENGINE_load_ssl_client_cert 2584 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -3106,7 +3106,7 @@ IDEA_cfb64_encrypt 3170 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ BN_mod_sub 3171 3_0_0 EXIST::FUNCTION: ASN1_NULL_new 3172 3_0_0 EXIST::FUNCTION: HMAC_Init 3173 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0 -EVP_MD_CTX_update_fn 3174 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_update_fn 3174 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_aes_128_ecb 3175 3_0_0 EXIST::FUNCTION: i2d_PKCS7_bio_stream 3176 3_0_0 EXIST::FUNCTION: i2a_ACCESS_DESCRIPTION 3178 3_0_0 EXIST::FUNCTION: -- GitLab