From: Nicola Tuveri Date: Fri, 18 Oct 2019 12:54:20 +0000 (+0300) Subject: Deprecate EC_GROUP_clear_free() X-Git-Tag: openssl-3.0.0-alpha1~1093 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4a7a4972296274463c739c658f3361ca17fb8027;p=oweals%2Fopenssl.git Deprecate EC_GROUP_clear_free() There is nothing confidential in `EC_GROUP` so really having a `EC_GROUP_clear_free` function at all does not make much sense anymore. See https://github.com/openssl/openssl/issues/9822 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9874) --- diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 69b3c7fca5..08d018c4e6 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -116,6 +116,7 @@ void EC_GROUP_free(EC_GROUP *group) OPENSSL_free(group); } +#if !OPENSSL_API_3 void EC_GROUP_clear_free(EC_GROUP *group) { if (!group) @@ -134,6 +135,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) OPENSSL_clear_free(group->seed, group->seed_len); OPENSSL_clear_free(group, sizeof(*group)); } +#endif int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index 17284e12c0..2d85e91d19 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -32,7 +32,6 @@ objects EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) void EC_GROUP_free(EC_GROUP *group); - void EC_GROUP_clear_free(EC_GROUP *group); EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); @@ -59,6 +58,12 @@ objects size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + void EC_GROUP_clear_free(EC_GROUP *group); + =head1 DESCRIPTION Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the @@ -129,7 +134,10 @@ that the default library context is always used. EC_GROUP_free frees the memory associated with the EC_GROUP. If B is NULL nothing is done. -EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory. +EC_GROUP_clear_free is deprecated: it was meant to destroy any sensitive data +held within the EC_GROUP and then free its memory, but since all the data stored +in the EC_GROUP is public anyway, this function is unnecessary. +Its use can be safely replaced with EC_GROUP_free. If B is NULL nothing is done. =head1 RETURN VALUES @@ -149,8 +157,18 @@ L =head1 HISTORY +=over 2 + +=item * + EC_GROUP_new_ex and EC_GROUP_new_by_curve_name_ex were added in OpenSSL 3.0. +=item * + +EC_GROUP_clear_free() was deprecated in OpenSSL 3.0; use EC_GROUP_free() instead. + +=back + =head1 COPYRIGHT Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 11999b41fc..b4c50ecfc7 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -131,7 +131,7 @@ void EC_GROUP_free(EC_GROUP *group); /** Clears and frees a EC_GROUP object * \param group EC_GROUP object to be cleared and freed. */ -void EC_GROUP_clear_free(EC_GROUP *group); +DEPRECATEDIN_3(void EC_GROUP_clear_free(EC_GROUP *group)) /** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. * \param dst destination EC_GROUP object diff --git a/util/libcrypto.num b/util/libcrypto.num index 3f76771b4d..644b27cdee 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2577,7 +2577,7 @@ PKCS7_ENVELOPE_it 2632 3_0_0 EXIST::FUNCTION: ASIdentifierChoice_it 2633 3_0_0 EXIST::FUNCTION:RFC3779 CMS_RecipientEncryptedKey_cert_cmp 2634 3_0_0 EXIST::FUNCTION:CMS EVP_PKEY_CTX_get_app_data 2635 3_0_0 EXIST::FUNCTION: -EC_GROUP_clear_free 2636 3_0_0 EXIST::FUNCTION:EC +EC_GROUP_clear_free 2636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3,EC BN_get_rfc2409_prime_1024 2637 3_0_0 EXIST::FUNCTION: CRYPTO_set_mem_functions 2638 3_0_0 EXIST::FUNCTION: i2d_ASN1_VISIBLESTRING 2639 3_0_0 EXIST::FUNCTION: