diff options
author | Rich Salz <rsalz@akamai.com> | 2021-01-28 10:17:13 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-02-02 11:47:49 +0100 |
commit | 7ff9fdd4b31757f70080bd3fa2e633ca080408a4 (patch) | |
tree | f01db1c3029defd6101689d130456779878b976a | |
parent | d3372c2f35495d0c61ab09daf7fba3ecbbb595aa (diff) |
Deprecate X509_certificate_type
Fixes: #13997
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14002)
-rw-r--r-- | CHANGES.md | 6 | ||||
-rw-r--r-- | crypto/x509/build.info | 6 | ||||
-rw-r--r-- | include/openssl/evp.h | 22 | ||||
-rw-r--r-- | include/openssl/x509.h.in | 3 | ||||
-rw-r--r-- | util/libcrypto.num | 2 |
5 files changed, 26 insertions, 13 deletions
diff --git a/CHANGES.md b/CHANGES.md index e512b080c7..c10593c327 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,12 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * The undocumented function X509_certificate_type() has been deprecated; + applications can use X509_get0_pubkey() and X509_get0_signature() to + get the same information. + + *Rich Salz* + * Deprecated the obsolete X9.31 RSA key generation related functions BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and BN_X931_generate_prime_ex(). diff --git a/crypto/x509/build.info b/crypto/x509/build.info index 93019cc5e6..05c8e3003b 100644 --- a/crypto/x509/build.info +++ b/crypto/x509/build.info @@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\ x509_obj.c x509_req.c x509spki.c x509_vfy.c \ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ - x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \ + x509_meth.c x509_lu.c x_all.c x509_txt.c \ x509_trs.c by_file.c by_dir.c by_store.c x509_vpm.c \ x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \ x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c \ @@ -15,3 +15,7 @@ SOURCE[../../libcrypto]=\ v3_pcia.c v3_pci.c v3_ist.c \ pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \ v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c + +IF[{- !$disabled{'deprecated-3.0'} -}] + SOURCE[../../libcrypto]=x509type.c +ENDIF diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 68f2543a60..3b967202da 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -37,16 +37,18 @@ # include <openssl/objects.h> -# define EVP_PK_RSA 0x0001 -# define EVP_PK_DSA 0x0002 -# define EVP_PK_DH 0x0004 -# define EVP_PK_EC 0x0008 -# define EVP_PKT_SIGN 0x0010 -# define EVP_PKT_ENC 0x0020 -# define EVP_PKT_EXCH 0x0040 -# define EVP_PKS_RSA 0x0100 -# define EVP_PKS_DSA 0x0200 -# define EVP_PKS_EC 0x0400 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 +# endif # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 8a3cb2e4d0..7aef798e5b 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -726,7 +726,6 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); EVP_PKEY *X509_get0_pubkey(const X509 *x); EVP_PKEY *X509_get_pubkey(X509 *x); ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); -int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); long X509_REQ_get_version(const X509_REQ *req); int X509_REQ_set_version(X509_REQ *x, long version); @@ -838,6 +837,8 @@ int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); #ifndef OPENSSL_NO_DEPRECATED_3_0 # define X509_NAME_hash(x) X509_NAME_hash_ex(x, NULL, NULL, NULL) +OSSL_DEPRECATEDIN_3_0 int X509_certificate_type(const X509 *x, + const EVP_PKEY *pubkey); #endif unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, const char *propq, int *ok); diff --git a/util/libcrypto.num b/util/libcrypto.num index f519518395..77612218c7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -693,7 +693,7 @@ X509_add1_reject_object 710 3_0_0 EXIST::FUNCTION: ERR_set_mark 711 3_0_0 EXIST::FUNCTION: d2i_ASN1_VISIBLESTRING 712 3_0_0 EXIST::FUNCTION: X509_NAME_ENTRY_dup 714 3_0_0 EXIST::FUNCTION: -X509_certificate_type 715 3_0_0 EXIST::FUNCTION: +X509_certificate_type 715 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PKCS7_add_signature 716 3_0_0 EXIST::FUNCTION: OBJ_ln2nid 717 3_0_0 EXIST::FUNCTION: CRYPTO_128_unwrap 718 3_0_0 EXIST::FUNCTION: |