From 12d99aac973e5e6723f62f19b07b9c8bcc81c57b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 24 Feb 2020 22:33:52 +0100 Subject: [PATCH] Deprecate ASN1_sign(), ASN1_verify() and ASN1_digest() These are old functions that fell out of use with OpenSL 0.9.7. It's more than time to deprecate them. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11161) --- CHANGES.md | 5 +++++ crypto/asn1/a_digest.c | 2 +- crypto/asn1/a_sign.c | 2 +- crypto/asn1/a_verify.c | 2 +- include/openssl/x509.h | 16 +++++++++------- util/libcrypto.num | 6 +++--- 6 files changed, 20 insertions(+), 13 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 84867ff29c..c552e9a0a8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,11 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ### + * `ASN1_verify()`, `ASN1_digest()` and `ASN1_sign()` have been deprecated. + They are old functions that we don't use, and that you could disable with + the macro `NO_ASN1_OLD`. This goes all the way back to OpenSSL 0.9.7. + + *Richard Levitte* * The main project documents (README, NEWS, CHANGES, INSTALL, SUPPORT) have been converted to Markdown with the goal to produce documents diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index ad6a17d245..22758feac9 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -18,7 +18,7 @@ #include #include -#ifndef NO_ASN1_OLD +#ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, unsigned char *md, unsigned int *len) diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 0089ce29dd..4b3a6da9a1 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -22,7 +22,7 @@ #include "crypto/asn1.h" #include "crypto/evp.h" -#ifndef NO_ASN1_OLD +#ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 94a11c18d4..8314ec13f9 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -21,7 +21,7 @@ #include "crypto/asn1.h" #include "crypto/evp.h" -#ifndef NO_ASN1_OLD +#ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 2b4d14ea5f..a2d6e44e96 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -623,15 +623,17 @@ X509_INFO *X509_INFO_new(void); void X509_INFO_free(X509_INFO *a); char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); -int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); +DEPRECATEDIN_3_0(int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, + EVP_PKEY *pkey)) -int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, - unsigned char *md, unsigned int *len); +DEPRECATEDIN_3_0(int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, + char *data, + unsigned char *md, unsigned int *len)) -int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - char *data, EVP_PKEY *pkey, const EVP_MD *type); +DEPRECATEDIN_3_0(int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type)) int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, unsigned char *md, unsigned int *len); diff --git a/util/libcrypto.num b/util/libcrypto.num index 6c8487e20b..aefe1b4100 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -555,7 +555,7 @@ CT_POLICY_EVAL_CTX_get0_issuer 566 3_0_0 EXIST::FUNCTION:CT TLS_FEATURE_new 567 3_0_0 EXIST::FUNCTION: RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CRYPTO_cts128_encrypt_block 569 3_0_0 EXIST::FUNCTION: -ASN1_digest 570 3_0_0 EXIST::FUNCTION: +ASN1_digest 570 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_cleanup 572 3_0_0 EXIST::FUNCTION: d2i_X509 574 3_0_0 EXIST::FUNCTION: @@ -2723,7 +2723,7 @@ OPENSSL_sk_value 2781 3_0_0 EXIST::FUNCTION: NCONF_get_section 2782 3_0_0 EXIST::FUNCTION: PKCS12_MAC_DATA_it 2783 3_0_0 EXIST::FUNCTION: X509_REQ_add1_attr_by_NID 2784 3_0_0 EXIST::FUNCTION: -ASN1_sign 2785 3_0_0 EXIST::FUNCTION: +ASN1_sign 2785 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CMS_RecipientInfo_encrypt 2786 3_0_0 EXIST::FUNCTION:CMS X509_get_pubkey_parameters 2787 3_0_0 EXIST::FUNCTION: PKCS12_setup_mac 2788 3_0_0 EXIST::FUNCTION: @@ -3596,7 +3596,7 @@ X509v3_asid_canonize 3675 3_0_0 EXIST::FUNCTION:RFC3779 i2d_ASIdOrRange 3676 3_0_0 EXIST::FUNCTION:RFC3779 OCSP_url_svcloc_new 3677 3_0_0 EXIST::FUNCTION:OCSP CRYPTO_mem_ctrl 3678 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 -ASN1_verify 3679 3_0_0 EXIST::FUNCTION: +ASN1_verify 3679 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 DSA_generate_parameters_ex 3680 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA X509_sign 3681 3_0_0 EXIST::FUNCTION: SHA256_Transform 3682 3_0_0 EXIST::FUNCTION: -- 2.25.1