From: Matt Caswell Date: Fri, 9 Oct 2020 15:24:07 +0000 (+0100) Subject: Deprecate EVP_PKEY_set1_tls_encodedpoint() X-Git-Tag: openssl-3.0.0-alpha8~45 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0a737e16b2bc333cc3a8727458acc5460be10e0e;p=thirdparty%2Fopenssl.git Deprecate EVP_PKEY_set1_tls_encodedpoint() Also deprecate EVP_PKEY_get1_tls_encodedpoint(). The preferred alternative is EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key(). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13105) --- diff --git a/CHANGES.md b/CHANGES.md index ba068b4f9d..828bbd1b75 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,16 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Deprecated EVP_PKEY_set1_tls_encodedpoint() and + EVP_PKEY_get1_tls_encodedpoint(). These functions were previously used by + libssl to set or get an encoded public key in/from an EVP_PKEY object. With + OpenSSL 3.0 these are replaced by the more generic functions + EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key(). + The old versions have been converted to deprecated macros that just call the + new functions. + + *Matt Caswell* + * The security callback, which can be customised by application code, supports the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY in the "other" parameter. In most places this is what is passed. All these diff --git a/doc/man3/EVP_PKEY_set1_encoded_public_key.pod b/doc/man3/EVP_PKEY_set1_encoded_public_key.pod index 7d43e66c31..be30ad2d11 100644 --- a/doc/man3/EVP_PKEY_set1_encoded_public_key.pod +++ b/doc/man3/EVP_PKEY_set1_encoded_public_key.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key +EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key, +EVP_PKEY_set1_tls_encodedpoint, EVP_PKEY_get1_tls_encodedpoint - functions to set and get public key data within an EVP_PKEY =head1 SYNOPSIS @@ -14,11 +15,14 @@ EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); - #define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ - EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ - EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) + int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); + + size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); =head1 DESCRIPTION @@ -46,6 +50,15 @@ be allocated and stored in B<*ppub>. The length of the encoded public key is returned by the function. The application is responsible for freeing the allocated buffer. +The macro EVP_PKEY_set1_tls_encodedpoint() is deprecated and simply calls +EVP_PKEY_set1_encoded_public_key() with all the same arguments. New applications +should use EVP_PKEY_set1_encoded_public_key() instead. + +The macro EVP_PKEY_get1_tls_encodedpoint() is deprecated and simply calls +EVP_PKEY_get1_encoded_public_key() with all the same arguments. New applications +should use EVP_PKEY_get1_encoded_public_key() instead. + + =head1 RETURN VALUES EVP_PKEY_set1_encoded_public_key() returns 1 for success and 0 or a negative @@ -61,7 +74,7 @@ performing a key exchange operation. =head2 Set up a peer's EVP_PKEY ready for a key exchange operation #include - + int exchange(EVP_PKEY *ourkey, unsigned char *peer_pub, size_t peer_pub_len) { EVP_PKEY *peerkey = EVP_PKEY_new(); @@ -72,11 +85,11 @@ performing a key exchange operation. if (EVP_PKEY_set1_encoded_public_key(peerkey, peer_pub, peer_pub_len) <= 0) return 0; - + /* Do the key exchange here */ - + EVP_PKEY_free(peerkey); - + return 1; } @@ -104,13 +117,17 @@ performing a key exchange operation. =head1 SEE ALSO -L, L, +L, L, L, L, L, L, L, L =head1 HISTORY -These functions were added in OpenSSL 3.0. +EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key() were +added in OpenSSL 3.0. + +EVP_PKEY_set1_tls_encodedpoint() and EVP_PKEY_get1_tls_encodedpoint() were +deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 834e00b84d..7c36e78ce1 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1280,22 +1280,26 @@ int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, char *mdname, size_t mdname_sz); int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * For backwards compatibility. Use EVP_PKEY_set1_encoded_public_key in * preference */ -#define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ - EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) +# define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ + EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) +# endif int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub, size_t publen); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * For backwards compatibility. Use EVP_PKEY_get1_encoded_public_key in * preference */ -#define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ - EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) +# define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ + EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) +# endif size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); diff --git a/util/other.syms b/util/other.syms index e5d98a9877..aa85ffa26a 100644 --- a/util/other.syms +++ b/util/other.syms @@ -601,3 +601,5 @@ OSSL_TRACE1 define OSSL_TRACE2 define OSSL_TRACE9 define TS_VERIFY_CTS_set_certs define deprecated 3.0.0 +EVP_PKEY_get1_tls_encodedpoint define deprecated 3.0.0 +EVP_PKEY_set1_tls_encodedpoint define deprecated 3.0.0