diff options
author | Matt Caswell <matt@openssl.org> | 2020-10-09 16:24:07 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-10-20 16:39:41 +0100 |
commit | 0a737e16b2bc333cc3a8727458acc5460be10e0e (patch) | |
tree | 7f48869dad6e9a899d7962cdba1e532db262894f | |
parent | 3795b2a302fe0bd49118605f8692591e971c4608 (diff) | |
download | openssl-0a737e16b2bc333cc3a8727458acc5460be10e0e.tar.gz |
Deprecate EVP_PKEY_set1_tls_encodedpoint()
Also deprecate EVP_PKEY_get1_tls_encodedpoint().
The preferred alternative is EVP_PKEY_set1_encoded_public_key() and
EVP_PKEY_get1_encoded_public_key().
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13105)
-rw-r--r-- | CHANGES.md | 10 | ||||
-rw-r--r-- | doc/man3/EVP_PKEY_set1_encoded_public_key.pod | 39 | ||||
-rw-r--r-- | include/openssl/evp.h | 12 | ||||
-rw-r--r-- | util/other.syms | 2 |
4 files changed, 48 insertions, 15 deletions
diff --git a/CHANGES.md b/CHANGES.md index ba068b4f9d..828bbd1b75 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,16 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Deprecated EVP_PKEY_set1_tls_encodedpoint() and + EVP_PKEY_get1_tls_encodedpoint(). These functions were previously used by + libssl to set or get an encoded public key in/from an EVP_PKEY object. With + OpenSSL 3.0 these are replaced by the more generic functions + EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key(). + The old versions have been converted to deprecated macros that just call the + new functions. + + *Matt Caswell* + * The security callback, which can be customised by application code, supports the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY in the "other" parameter. In most places this is what is passed. All these diff --git a/doc/man3/EVP_PKEY_set1_encoded_public_key.pod b/doc/man3/EVP_PKEY_set1_encoded_public_key.pod index 7d43e66c31..be30ad2d11 100644 --- a/doc/man3/EVP_PKEY_set1_encoded_public_key.pod +++ b/doc/man3/EVP_PKEY_set1_encoded_public_key.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key +EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key, +EVP_PKEY_set1_tls_encodedpoint, EVP_PKEY_get1_tls_encodedpoint - functions to set and get public key data within an EVP_PKEY =head1 SYNOPSIS @@ -14,11 +15,14 @@ EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); - #define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ - EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: - #define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ - EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) + int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); + + size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); =head1 DESCRIPTION @@ -46,6 +50,15 @@ be allocated and stored in B<*ppub>. The length of the encoded public key is returned by the function. The application is responsible for freeing the allocated buffer. +The macro EVP_PKEY_set1_tls_encodedpoint() is deprecated and simply calls +EVP_PKEY_set1_encoded_public_key() with all the same arguments. New applications +should use EVP_PKEY_set1_encoded_public_key() instead. + +The macro EVP_PKEY_get1_tls_encodedpoint() is deprecated and simply calls +EVP_PKEY_get1_encoded_public_key() with all the same arguments. New applications +should use EVP_PKEY_get1_encoded_public_key() instead. + + =head1 RETURN VALUES EVP_PKEY_set1_encoded_public_key() returns 1 for success and 0 or a negative @@ -61,7 +74,7 @@ performing a key exchange operation. =head2 Set up a peer's EVP_PKEY ready for a key exchange operation #include <openssl/evp.h> - + int exchange(EVP_PKEY *ourkey, unsigned char *peer_pub, size_t peer_pub_len) { EVP_PKEY *peerkey = EVP_PKEY_new(); @@ -72,11 +85,11 @@ performing a key exchange operation. if (EVP_PKEY_set1_encoded_public_key(peerkey, peer_pub, peer_pub_len) <= 0) return 0; - + /* Do the key exchange here */ - + EVP_PKEY_free(peerkey); - + return 1; } @@ -104,13 +117,17 @@ performing a key exchange operation. =head1 SEE ALSO -L<EVP_PKEY_new(3)>, L<EVP_PKEY_copy_parameters(7)>, +L<EVP_PKEY_new(3)>, L<EVP_PKEY_copy_parameters(3)>, L<EVP_PKEY_derive_init(3)>, L<EVP_PKEY_derive(3)>, L<EVP_PKEY-DH(7)>, L<EVP_PKEY-EC(7)>, L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)> =head1 HISTORY -These functions were added in OpenSSL 3.0. +EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key() were +added in OpenSSL 3.0. + +EVP_PKEY_set1_tls_encodedpoint() and EVP_PKEY_get1_tls_encodedpoint() were +deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 834e00b84d..7c36e78ce1 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1280,22 +1280,26 @@ int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, char *mdname, size_t mdname_sz); int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * For backwards compatibility. Use EVP_PKEY_set1_encoded_public_key in * preference */ -#define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ - EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) +# define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ + EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) +# endif int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub, size_t publen); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * For backwards compatibility. Use EVP_PKEY_get1_encoded_public_key in * preference */ -#define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ - EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) +# define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ + EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) +# endif size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); diff --git a/util/other.syms b/util/other.syms index e5d98a9877..aa85ffa26a 100644 --- a/util/other.syms +++ b/util/other.syms @@ -601,3 +601,5 @@ OSSL_TRACE1 define OSSL_TRACE2 define OSSL_TRACE9 define TS_VERIFY_CTS_set_certs define deprecated 3.0.0 +EVP_PKEY_get1_tls_encodedpoint define deprecated 3.0.0 +EVP_PKEY_set1_tls_encodedpoint define deprecated 3.0.0 |