From: Matt Caswell Date: Fri, 19 Dec 2025 13:42:23 +0000 (+0000) Subject: Remove some legacy fields from the EVP_MD_CTX structure X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2168cd81db0d571bc4f5de11a328aa9e98180a0;p=thirdparty%2Fopenssl.git Remove some legacy fields from the EVP_MD_CTX structure Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/29460) --- diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 63d103fd5b6..85a0c634d9b 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -498,7 +498,6 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) out->pctx = NULL; out->flags = in->flags; - out->update = in->update; } else { evp_md_ctx_reset_ex(out, 1); digest_change = (out->fetched_digest != in->fetched_digest); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 9eae1d421c2..312452221de 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -909,23 +909,12 @@ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) } #endif /* !defined(FIPS_MODULE) */ +#ifndef OPENSSL_NO_DEPRECATED_4_0 void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx) { - return ctx->md_data; -} - -int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, - const void *data, size_t count) -{ - return ctx->update; -} - -void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, - int (*update)(EVP_MD_CTX *ctx, - const void *data, size_t count)) -{ - ctx->update = update; + return NULL; } +#endif void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) { diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index c5d55f05e5c..08baae95d88 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -16,11 +16,9 @@ struct evp_md_ctx_st { const EVP_MD *reqdigest; /* The original requested digest */ const EVP_MD *digest; unsigned long flags; - void *md_data; + /* Public key context for sign/verify */ EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); /* * Opaque ctx returned from a providers digest algorithm implementation diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 54a9a92f7ce..7178812f5b0 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -19,7 +19,7 @@ EVP_MD_names_do_all, EVP_MD_get0_provider, EVP_MD_get_type, EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags, EVP_MD_CTX_get0_name, EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, EVP_MD_CTX_get_type, EVP_MD_CTX_get_size_ex, EVP_MD_CTX_get_block_size, -EVP_MD_CTX_get0_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, +EVP_MD_CTX_get0_md_data, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_get_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, @@ -97,7 +97,6 @@ EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data int EVP_MD_CTX_get_size_ex(const EVP_MD_CTX *ctx); int EVP_MD_CTX_get_block_size(const EVP_MD_CTX *ctx); int EVP_MD_CTX_get_type(const EVP_MD_CTX *ctx); - void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); const EVP_MD *EVP_md_null(void); @@ -124,7 +123,7 @@ EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data #define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size #define EVP_MD_CTX_type EVP_MD_CTX_get_type #define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx - #define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data + The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining B with a suitable version value, @@ -132,12 +131,13 @@ see L: const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); - int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, - const void *data, size_t count); +The following functions have been deprecated since OpenSSL 4.0, and can be +hidden entirely by defining B with a suitable version value, +see L: + + void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); - void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, - int (*update)(EVP_MD_CTX *ctx, - const void *data, size_t count)); + #define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data =head1 DESCRIPTION @@ -437,9 +437,8 @@ returns B. This function is normally used when setting ASN1 OIDs. =item EVP_MD_CTX_get0_md_data() -Return the digest method private data for the passed B. This -function exists for legacy backward compatibility reasons and always returns -NULL. +This function is deprecated and exists for legacy backward compatibility reasons +and always returns NULL. =item EVP_MD_CTX_get0_md(), EVP_MD_CTX_get1_md() @@ -453,16 +452,6 @@ should not be used after the EVP_MD_CTX is freed. EVP_MD_CTX_get1_md() is the same except the ownership is passed to the caller and is from the passed B. -=item EVP_MD_CTX_set_update_fn() - -Sets the update function for I to I. -This is the function that is called by EVP_DigestUpdate(). If not set, the -update function from the B type specified at initialization is used. - -=item EVP_MD_CTX_update_fn() - -Returns the update function for I. - =item EVP_MD_get_flags() Returns the I flags. Note that these are different from the B diff --git a/doc/man7/ossl-guide-migration.pod b/doc/man7/ossl-guide-migration.pod index 64284c9091c..c80955eb5cc 100644 --- a/doc/man7/ossl-guide-migration.pod +++ b/doc/man7/ossl-guide-migration.pod @@ -37,11 +37,25 @@ features available in OpenSSL 4.0. Some functions have been removed that were deprecated in previous versions of OpenSSL. See L. +=head2 Upgrading from OpenSSL 3.x + +=head3 Removal of atexit() usage + libcrypto no longer arms OPENSSL_cleanup() function as atexit(3) handler. Memory leak detectors may report there is allocated, but still reachable, allocated memory at application exit. If clean report is desired, then application must call OPENSSL_cleanup() explicitly before main() returns. +=head3 Deprecation of EVP_MD_CTX_get0_md_data() + +The function EVP_MD_CTX_get0_md_data() has been deprecated in 4.0. This function +is only useful in previous versions to obtain the data stored in an +B by a custom EVP_MD implementation. However, the ability to create +custom EVP_MD implementations has been removed in OpenSSL 4.0, so this function +is no longer useful. It always returns NULL, so should simply be removed from +applications that call it. Applications wishing to use a custom digest +implementation should instead use the provider API. + =head1 OPENSSL 3.6 =head2 Main Changes from OpenSSL 3.5 diff --git a/doc/man7/ossl-removed-api.pod b/doc/man7/ossl-removed-api.pod index 3189bdfeec0..a0c5a5d14c9 100644 --- a/doc/man7/ossl-removed-api.pod +++ b/doc/man7/ossl-removed-api.pod @@ -94,6 +94,8 @@ EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, BIO_f_reliable, +EVP_MD_CTX_update_fn, +EVP_MD_CTX_set_update_fn, ossl-removed-api - API that has been removed from OpenSSL =head1 SYNOPSIS @@ -307,6 +309,10 @@ This includes consulting the L documentation. =item BIO_f_reliable (Broken since 3.0.0) - removed without replacement +=item EVP_MD_CTX_update_fn (Deprecated in 3.0.0) - consult L + +=item EVP_MD_CTX_set_update_fn (Deprecated in 3.0.0) - consult L + =back =head1 SEE ALSO diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d2a5736ad23..dd6ebe3b98c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -473,13 +473,7 @@ EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); -OSSL_DEPRECATEDIN_3_0 -int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, - const void *data, size_t count); -OSSL_DEPRECATEDIN_3_0 -void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, - int (*update)(EVP_MD_CTX *ctx, - const void *data, size_t count)); + #endif int EVP_MD_CTX_get_size_ex(const EVP_MD_CTX *ctx); @@ -493,8 +487,11 @@ int EVP_MD_CTX_get_size_ex(const EVP_MD_CTX *ctx); EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); #define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +#ifndef OPENSSL_NO_DEPRECATED_4_0 +OSSL_DEPRECATEDIN_4_0 void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); #define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data +#endif int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher); #define EVP_CIPHER_nid EVP_CIPHER_get_nid diff --git a/util/libcrypto.num b/util/libcrypto.num index 78d5fa5114a..0323b02e3f1 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -841,12 +841,10 @@ EVP_MD_xof ? 4_0_0 EXIST::FUNCTION: EVP_MD_CTX_get0_md ? 4_0_0 EXIST::FUNCTION: EVP_MD_CTX_get1_md ? 4_0_0 EXIST::FUNCTION: EVP_MD_CTX_md ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_MD_CTX_update_fn ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_MD_CTX_set_update_fn ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_MD_CTX_get_size_ex ? 4_0_0 EXIST::FUNCTION: EVP_MD_CTX_get_pkey_ctx ? 4_0_0 EXIST::FUNCTION: EVP_MD_CTX_set_pkey_ctx ? 4_0_0 EXIST::FUNCTION: -EVP_MD_CTX_get0_md_data ? 4_0_0 EXIST::FUNCTION: +EVP_MD_CTX_get0_md_data ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_4_0 EVP_CIPHER_get_nid ? 4_0_0 EXIST::FUNCTION: EVP_CIPHER_get0_name ? 4_0_0 EXIST::FUNCTION: EVP_CIPHER_get0_description ? 4_0_0 EXIST::FUNCTION: