diff options
| author | Benjamin Kaduk <bkaduk@akamai.com> | 2020-06-19 18:43:58 -0700 |
|---|---|---|
| committer | Benjamin Kaduk <bkaduk@akamai.com> | 2020-08-11 07:07:56 -0700 |
| commit | 79f4417ed940793fe7d48d613c9b903d00630b69 (patch) | |
| tree | 9c5baacb912033464b21b32bf7d1111cea268268 /util | |
| parent | 8489026850b38447d8e3e68c4d4260585b7e8e3a (diff) | |
| download | openssl-79f4417ed940793fe7d48d613c9b903d00630b69.zip openssl-79f4417ed940793fe7d48d613c9b903d00630b69.tar.gz openssl-79f4417ed940793fe7d48d613c9b903d00630b69.tar.bz2 | |
Deprecate and replace EVP_CIPHER_CTX_iv()/etc.
The EVP_CIPHER_CTX_iv() family of functions are incompatible with
the libcrypto/provider separation, since the implied API contract
(they are undocumented) involves a pointer into the active cipher
context structure. However, the active IV data in a provider-side
context need not even be in the same address space as libcrypto,
so a replacement API is needed.
The existing functions for accessing the (even the "original") IV had
remained undocumented for quite some time, presumably due to unease
about exposing the internals of the cipher state in such a manner.
Provide more maintainable new APIs for accessing the initial ("oiv") and
current-state ("iv") IV data, that copy the value into a caller-provided
array, eliminating the need to provide a pointer into the internal
cipher context, which accordingly no longer provides the ability to
write to the internal cipher state.
Unfortunately, in order to maintain API compatibility with OpenSSL
1.1.1, the old functionality is still available, but is marked as
deprecated for future removal. This would entail removing the "octet
pointer" parameter access, leaving only the "octet string" parameter
type.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
Diffstat (limited to 'util')
| -rw-r--r-- | util/libcrypto.num | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/util/libcrypto.num b/util/libcrypto.num index f441232..d5f7d98 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2004,7 +2004,7 @@ PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:RSA OCSP_SINGLERESP_new 2051 3_0_0 EXIST::FUNCTION:OCSP ASN1_SCTX_free 2052 3_0_0 EXIST::FUNCTION: i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:EC,STDIO -EVP_CIPHER_CTX_original_iv 2054 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_original_iv 2054 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PKCS7_SIGNED_free 2055 3_0_0 EXIST::FUNCTION: X509_TRUST_get0_name 2056 3_0_0 EXIST::FUNCTION: ENGINE_get_load_pubkey_function 2057 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -2046,7 +2046,7 @@ CMS_SignerInfo_cert_cmp 2092 3_0_0 EXIST::FUNCTION:CMS PEM_read 2093 3_0_0 EXIST::FUNCTION:STDIO X509_STORE_set_depth 2094 3_0_0 EXIST::FUNCTION: EC_KEY_METHOD_get_sign 2095 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -EVP_CIPHER_CTX_iv 2096 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_iv 2096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_ESS_SIGNING_CERT 2097 3_0_0 EXIST::FUNCTION: TS_RESP_set_tst_info 2098 3_0_0 EXIST::FUNCTION:TS EVP_PKEY_CTX_set_data 2099 3_0_0 EXIST::FUNCTION: @@ -2840,7 +2840,7 @@ EVP_PKEY_encrypt_init 2901 3_0_0 EXIST::FUNCTION: i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO X509_REQ_print 2903 3_0_0 EXIST::FUNCTION: RSA_size 2904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 DH_set_default_method 2906 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH X509_ALGOR_new 2907 3_0_0 EXIST::FUNCTION: EVP_aes_192_ofb 2908 3_0_0 EXIST::FUNCTION: @@ -5250,3 +5250,5 @@ EVP_PKEY_CTX_set_dh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_get_dh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_set0_dh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_get0_dh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:DH +EVP_CIPHER_CTX_get_iv_state ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_iv ? 3_0_0 EXIST::FUNCTION: |