The branch master has been updated
via f120fa1efe6377850d1ecd389a02e0e2241912bc (commit)
via e361a7b285f954aead44f70f0dde35e120e1e0b3 (commit)
via 676cc3a67faf8170be910c2149d65616697cb126 (commit)
via 6a32a3c058dbd9fa7cec5b020e4f027808972e4a (commit)
via 31ae516116343defd39d5b5ee800fa25eeab7638 (commit)
via 7eb4c1eb50785c0b32f52e8a5bf20328b6baca34 (commit)
via 64f11ee88883af8995d2991307ff3fb560a96fa6 (commit)
from ce57ac431964f7692af674fd124103d6fe07af2e (commit)
- Log -----------------------------------------------------------------
commit f120fa1efe6377850d1ecd389a02e0e2241912bc
Author: Richard Levitte <[email protected]>
Date: Thu Apr 6 14:11:19 2017 +0200
Fix util/mkdef.pl
The deprecation checking code here didn't work the same way as in
Configure, and used $config{options} to find an --api= option that
was never there. This is replaced with checking $config{api}, which
is the controlling variable for deprecation.
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit e361a7b285f954aead44f70f0dde35e120e1e0b3
Author: Richard Levitte <[email protected]>
Date: Wed Apr 5 22:38:03 2017 +0200
Add a note in CHANGES
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 676cc3a67faf8170be910c2149d65616697cb126
Author: Richard Levitte <[email protected]>
Date: Wed Apr 5 17:06:01 2017 +0200
Act on deprecation of LONG and ZLONG, step 3
Teach util/mkdef.pl to recognise these lines:
#if OPENSSL_API_COMPAT < 0xXXXXXXXXL
#if OPENSSL_API_COMPAT >= 0xXXXXXXXXL
and add corresponding markers in util/*.num
A final 'make update' sets those markers right for LONG and ZLONG.
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 6a32a3c058dbd9fa7cec5b020e4f027808972e4a
Author: Richard Levitte <[email protected]>
Date: Wed Apr 5 13:24:14 2017 +0200
Act on deprecation of LONG and ZLONG, step 2
Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32.
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 31ae516116343defd39d5b5ee800fa25eeab7638
Author: Richard Levitte <[email protected]>
Date: Wed Apr 5 13:21:06 2017 +0200
Act on deprecation of LONG and ZLONG, step 1
Don't compile code that still uses LONG when it's deprecated
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 7eb4c1eb50785c0b32f52e8a5bf20328b6baca34
Author: Richard Levitte <[email protected]>
Date: Wed Apr 5 12:09:21 2017 +0200
Discourage the use of LONG and ZLONG, and deprecate it in the future
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3126)
commit 64f11ee88883af8995d2991307ff3fb560a96fa6
Author: Richard Levitte <[email protected]>
Date: Wed Apr 5 12:07:48 2017 +0200
Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3126)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 6 ++++++
crypto/asn1/asn1_item_list.h | 12 +++++++++++
crypto/asn1/evp_asn1.c | 4 ++--
crypto/asn1/n_pkey.c | 4 ++--
crypto/asn1/x_int64.c | 2 +-
crypto/asn1/x_long.c | 4 ++++
crypto/cms/cms_asn1.c | 26 +++++++++++-----------
crypto/cms/cms_lcl.h | 26 +++++++++++-----------
crypto/dh/dh_asn1.c | 2 +-
crypto/dh/dh_locl.h | 2 +-
crypto/dsa/dsa_asn1.c | 2 +-
crypto/dsa/dsa_locl.h | 2 +-
crypto/ec/ec_asn1.c | 24 ++++++++++-----------
crypto/rsa/rsa_asn1.c | 2 +-
crypto/rsa/rsa_locl.h | 2 +-
fuzz/asn1.c | 12 +++++++++++
include/internal/asn1t.h | 19 -----------------
include/openssl/asn1t.h | 16 ++++++++++++++
ssl/ssl_asn1.c | 2 +-
test/asn1_encode_test.c | 8 ++++++-
util/libcrypto.num | 8 +++----
util/mkdef.pl | 51 +++++++++++++++++++++++++++-----------------
22 files changed, 142 insertions(+), 94 deletions(-)
delete mode 100644 include/internal/asn1t.h
diff --git a/CHANGES b/CHANGES
index 72c78ea..3617e8f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
Changes between 1.1.0e and 1.1.1 [xx XXX xxxx]
+ *) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed
+ with Z. These are meant to replace LONG and ZLONG and to be size safe.
+ The use of LONG and ZLONG is discouraged and scheduled for deprecation
+ in OpenSSL 1.2.0.
+ [Richard Levitte]
+
*) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string,
'z' is to be used for [s]size_t, and 'j' - with [u]int64_t.
[Richard Levitte, Andy Polyakov]
diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h
index 909ea3e..27608b7 100644
--- a/crypto/asn1/asn1_item_list.h
+++ b/crypto/asn1/asn1_item_list.h
@@ -78,7 +78,9 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(IPAddressRange),
#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
ASN1_ITEM_ref(LONG),
+#endif
ASN1_ITEM_ref(NAME_CONSTRAINTS),
ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
ASN1_ITEM_ref(NETSCAPE_SPKAC),
@@ -159,5 +161,15 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(X509_SIG),
ASN1_ITEM_ref(X509_VAL),
ASN1_ITEM_ref(X509),
+#if OPENSSL_API_COMPAT < 0x10200000L
ASN1_ITEM_ref(ZLONG),
+#endif
+ ASN1_ITEM_ref(INT32),
+ ASN1_ITEM_ref(UINT32),
+ ASN1_ITEM_ref(ZINT32),
+ ASN1_ITEM_ref(ZUINT32),
+ ASN1_ITEM_ref(INT64),
+ ASN1_ITEM_ref(UINT64),
+ ASN1_ITEM_ref(ZINT64),
+ ASN1_ITEM_ref(ZUINT64),
};
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index a458367..718e688 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -47,12 +47,12 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned
char *data, int max_l
}
typedef struct {
- long num;
+ int32_t num;
ASN1_OCTET_STRING *oct;
} asn1_int_oct;
ASN1_SEQUENCE(asn1_int_oct) = {
- ASN1_SIMPLE(asn1_int_oct, num, LONG),
+ ASN1_SIMPLE(asn1_int_oct, num, INT32),
ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(asn1_int_oct)
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 267ce60..34a0d03 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -23,7 +23,7 @@ NON_EMPTY_TRANSLATION_UNIT
# ifndef OPENSSL_NO_RC4
typedef struct netscape_pkey_st {
- long version;
+ int32_t version;
X509_ALGOR *algor;
ASN1_OCTET_STRING *private_key;
} NETSCAPE_PKEY;
@@ -48,7 +48,7 @@
DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_P
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
ASN1_SEQUENCE(NETSCAPE_PKEY) = {
- ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+ ASN1_SIMPLE(NETSCAPE_PKEY, version, INT32),
ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
index d180a3b..9da692c 100644
--- a/crypto/asn1/x_int64.c
+++ b/crypto/asn1/x_int64.c
@@ -9,8 +9,8 @@
#include <stdio.h>
#include "internal/cryptlib.h"
-#include "internal/asn1t.h"
#include "internal/numbers.h"
+#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include "asn1_locl.h"
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index 5895345..4bb6611 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -11,6 +11,9 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
+#if !(OPENSSL_API_COMPAT < 0x10200000L)
+NON_EMPTY_TRANSLATION_UNIT
+#else
/*
* Custom primitive type for long handling. This converts between an
* ASN1_INTEGER and a long directly.
@@ -194,3 +197,4 @@ static int long_print(BIO *out, ASN1_VALUE **pval, const
ASN1_ITEM *it,
{
return BIO_printf(out, "%ld\n", *(long *)pval);
}
+#endif
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 81e9a53..a6981a7 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -56,7 +56,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
}
ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
- ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+ ASN1_SIMPLE(CMS_SignerInfo, version, INT32),
ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
@@ -76,7 +76,7 @@ ASN1_CHOICE(CMS_RevocationInfoChoice) = {
} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
- ASN1_SIMPLE(CMS_SignedData, version, LONG),
+ ASN1_SIMPLE(CMS_SignedData, version, INT32),
ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
ASN1_SIMPLE(CMS_SignedData, encapContentInfo,
CMS_EncapsulatedContentInfo),
ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates,
CMS_CertificateChoices, 0),
@@ -96,7 +96,7 @@ ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
- ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, INT32),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm,
X509_ALGOR),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -162,7 +162,7 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval,
const ASN1_ITEM *it,
}
ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
- ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, INT32),
ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator,
CMS_OriginatorIdentifierOrKey, 0),
ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm,
X509_ALGOR),
@@ -176,14 +176,14 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
- ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, version, INT32),
ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
- ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, INT32),
ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm,
X509_ALGOR, 0),
ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm,
X509_ALGOR),
ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -225,7 +225,7 @@ ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
- ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+ ASN1_SIMPLE(CMS_EnvelopedData, version, INT32),
ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo,
CMS_EncryptedContentInfo),
@@ -233,20 +233,20 @@ ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
- ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+ ASN1_SIMPLE(CMS_DigestedData, version, INT32),
ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_DigestedData, encapContentInfo,
CMS_EncapsulatedContentInfo),
ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
- ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+ ASN1_SIMPLE(CMS_EncryptedData, version, INT32),
ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo,
CMS_EncryptedContentInfo),
ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs,
X509_ATTRIBUTE, 1)
} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
- ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+ ASN1_SIMPLE(CMS_AuthenticatedData, version, INT32),
ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo,
CMS_OriginatorInfo, 0),
ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
@@ -258,7 +258,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
- ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+ ASN1_SIMPLE(CMS_CompressedData, version, INT32),
ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_CompressedData, encapContentInfo,
CMS_EncapsulatedContentInfo),
} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
@@ -337,7 +337,7 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
ASN1_CHOICE(CMS_ReceiptsFrom) = {
- ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+ ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
@@ -348,7 +348,7 @@ ASN1_SEQUENCE(CMS_ReceiptRequest) = {
} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
ASN1_SEQUENCE(CMS_Receipt) = {
- ASN1_SIMPLE(CMS_Receipt, version, LONG),
+ ASN1_SIMPLE(CMS_Receipt, version, INT32),
ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
index d0c0e81..c277f71 100644
--- a/crypto/cms/cms_lcl.h
+++ b/crypto/cms/cms_lcl.h
@@ -67,7 +67,7 @@ struct CMS_ContentInfo_st {
DEFINE_STACK_OF(CMS_CertificateChoices)
struct CMS_SignedData_st {
- long version;
+ int32_t version;
STACK_OF(X509_ALGOR) *digestAlgorithms;
CMS_EncapsulatedContentInfo *encapContentInfo;
STACK_OF(CMS_CertificateChoices) *certificates;
@@ -83,7 +83,7 @@ struct CMS_EncapsulatedContentInfo_st {
};
struct CMS_SignerInfo_st {
- long version;
+ int32_t version;
CMS_SignerIdentifier *sid;
X509_ALGOR *digestAlgorithm;
STACK_OF(X509_ATTRIBUTE) *signedAttrs;
@@ -107,7 +107,7 @@ struct CMS_SignerIdentifier_st {
};
struct CMS_EnvelopedData_st {
- long version;
+ int32_t version;
CMS_OriginatorInfo *originatorInfo;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
CMS_EncryptedContentInfo *encryptedContentInfo;
@@ -145,7 +145,7 @@ struct CMS_RecipientInfo_st {
typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
struct CMS_KeyTransRecipientInfo_st {
- long version;
+ int32_t version;
CMS_RecipientIdentifier *rid;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -157,7 +157,7 @@ struct CMS_KeyTransRecipientInfo_st {
};
struct CMS_KeyAgreeRecipientInfo_st {
- long version;
+ int32_t version;
CMS_OriginatorIdentifierOrKey *originator;
ASN1_OCTET_STRING *ukm;
X509_ALGOR *keyEncryptionAlgorithm;
@@ -204,7 +204,7 @@ struct CMS_RecipientKeyIdentifier_st {
};
struct CMS_KEKRecipientInfo_st {
- long version;
+ int32_t version;
CMS_KEKIdentifier *kekid;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -220,7 +220,7 @@ struct CMS_KEKIdentifier_st {
};
struct CMS_PasswordRecipientInfo_st {
- long version;
+ int32_t version;
X509_ALGOR *keyDerivationAlgorithm;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -235,20 +235,20 @@ struct CMS_OtherRecipientInfo_st {
};
struct CMS_DigestedData_st {
- long version;
+ int32_t version;
X509_ALGOR *digestAlgorithm;
CMS_EncapsulatedContentInfo *encapContentInfo;
ASN1_OCTET_STRING *digest;
};
struct CMS_EncryptedData_st {
- long version;
+ int32_t version;
CMS_EncryptedContentInfo *encryptedContentInfo;
STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
};
struct CMS_AuthenticatedData_st {
- long version;
+ int32_t version;
CMS_OriginatorInfo *originatorInfo;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
X509_ALGOR *macAlgorithm;
@@ -260,7 +260,7 @@ struct CMS_AuthenticatedData_st {
};
struct CMS_CompressedData_st {
- long version;
+ int32_t version;
X509_ALGOR *compressionAlgorithm;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
CMS_EncapsulatedContentInfo *encapContentInfo;
@@ -332,14 +332,14 @@ struct CMS_ReceiptRequest_st {
struct CMS_ReceiptsFrom_st {
int type;
union {
- long allOrFirstTier;
+ int32_t allOrFirstTier;
STACK_OF(GENERAL_NAMES) *receiptList;
} d;
};
# endif
struct CMS_Receipt_st {
- long version;
+ int32_t version;
ASN1_OBJECT *contentType;
ASN1_OCTET_STRING *signedContentIdentifier;
ASN1_OCTET_STRING *originatorSignatureValue;
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index 7c72fd6..f65d065 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -34,7 +34,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
ASN1_SIMPLE(DH, p, BIGNUM),
ASN1_SIMPLE(DH, g, BIGNUM),
- ASN1_OPT(DH, length, ZLONG),
+ ASN1_OPT(DH, length, ZINT32),
} ASN1_SEQUENCE_END_cb(DH, DHparams)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h
index 6867555..0a8391a 100644
--- a/crypto/dh/dh_locl.h
+++ b/crypto/dh/dh_locl.h
@@ -19,7 +19,7 @@ struct dh_st {
int version;
BIGNUM *p;
BIGNUM *g;
- long length; /* optional */
+ int32_t length; /* optional */
BIGNUM *pub_key; /* g^x % p */
BIGNUM *priv_key; /* x */
int flags;
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 551c107..6f9fe3e 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -75,7 +75,7 @@ static int dsa_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
}
ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
- ASN1_SIMPLE(DSA, version, LONG),
+ ASN1_SIMPLE(DSA, version, INT32),
ASN1_SIMPLE(DSA, p, BIGNUM),
ASN1_SIMPLE(DSA, q, BIGNUM),
ASN1_SIMPLE(DSA, g, BIGNUM),
diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
index f575195..a81a4b4 100644
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -16,7 +16,7 @@ struct dsa_st {
* instead of of a EVP_PKEY
*/
int pad;
- long version;
+ int32_t version;
BIGNUM *p;
BIGNUM *q; /* == 20 */
BIGNUM *g;
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 271178f..6493515 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -87,13 +87,13 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group,
unsigned int *k1,
/* some structures needed for the asn1 encoding */
typedef struct x9_62_pentanomial_st {
- long k1;
- long k2;
- long k3;
+ int32_t k1;
+ int32_t k2;
+ int32_t k3;
} X9_62_PENTANOMIAL;
typedef struct x9_62_characteristic_two_st {
- long m;
+ int32_t m;
ASN1_OBJECT *type;
union {
char *ptr;
@@ -128,7 +128,7 @@ typedef struct x9_62_curve_st {
} X9_62_CURVE;
struct ec_parameters_st {
- long version;
+ int32_t version;
X9_62_FIELDID *fieldID;
X9_62_CURVE *curve;
ASN1_OCTET_STRING *base;
@@ -147,7 +147,7 @@ struct ecpk_parameters_st {
/* SEC1 ECPrivateKey */
typedef struct ec_privatekey_st {
- long version;
+ int32_t version;
ASN1_OCTET_STRING *privateKey;
ECPKPARAMETERS *parameters;
ASN1_BIT_STRING *publicKey;
@@ -155,9 +155,9 @@ typedef struct ec_privatekey_st {
/* the OpenSSL ASN.1 definitions */
ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, INT32),
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, INT32),
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, INT32)
} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
@@ -172,7 +172,7 @@ ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
+ ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, INT32),
ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
@@ -199,7 +199,7 @@ ASN1_SEQUENCE(X9_62_CURVE) = {
} static_ASN1_SEQUENCE_END(X9_62_CURVE)
ASN1_SEQUENCE(ECPARAMETERS) = {
- ASN1_SIMPLE(ECPARAMETERS, version, LONG),
+ ASN1_SIMPLE(ECPARAMETERS, version, INT32),
ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
@@ -221,7 +221,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS,
ECPKPARAMETERS)
IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
ASN1_SEQUENCE(EC_PRIVATEKEY) = {
- ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
+ ASN1_SIMPLE(EC_PRIVATEKEY, version, INT32),
ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
index 626a479..ef79a27 100644
--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
@@ -32,7 +32,7 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it,
}
ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
- ASN1_SIMPLE(RSA, version, LONG),
+ ASN1_SIMPLE(RSA, version, INT32),
ASN1_SIMPLE(RSA, n, BIGNUM),
ASN1_SIMPLE(RSA, e, BIGNUM),
ASN1_SIMPLE(RSA, d, CBIGNUM),
diff --git a/crypto/rsa/rsa_locl.h b/crypto/rsa/rsa_locl.h
index f2681f9..be3ef0c 100644
--- a/crypto/rsa/rsa_locl.h
+++ b/crypto/rsa/rsa_locl.h
@@ -16,7 +16,7 @@ struct rsa_st {
* instead of aEVP_PKEY, it is set to 0
*/
int pad;
- long version;
+ int32_t version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index f29fde5..0c61315 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -100,7 +100,9 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(IPAddressRange),
#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
ASN1_ITEM_ref(LONG),
+#endif
ASN1_ITEM_ref(NAME_CONSTRAINTS),
ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
ASN1_ITEM_ref(NETSCAPE_SPKAC),
@@ -180,7 +182,17 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(X509_REVOKED),
ASN1_ITEM_ref(X509_SIG),
ASN1_ITEM_ref(X509_VAL),
+#if OPENSSL_API_COMPAT < 0x10200000L
ASN1_ITEM_ref(ZLONG),
+#endif
+ ASN1_ITEM_ref(INT32),
+ ASN1_ITEM_ref(ZINT32),
+ ASN1_ITEM_ref(UINT32),
+ ASN1_ITEM_ref(ZUINT32),
+ ASN1_ITEM_ref(INT64),
+ ASN1_ITEM_ref(ZINT64),
+ ASN1_ITEM_ref(UINT64),
+ ASN1_ITEM_ref(ZUINT64),
NULL
};
diff --git a/include/internal/asn1t.h b/include/internal/asn1t.h
deleted file mode 100644
index 32d637d..0000000
--- a/include/internal/asn1t.h
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/asn1t.h>
-
-DECLARE_ASN1_ITEM(INT32)
-DECLARE_ASN1_ITEM(ZINT32)
-DECLARE_ASN1_ITEM(UINT32)
-DECLARE_ASN1_ITEM(ZUINT32)
-DECLARE_ASN1_ITEM(INT64)
-DECLARE_ASN1_ITEM(ZINT64)
-DECLARE_ASN1_ITEM(UINT64)
-DECLARE_ASN1_ITEM(ZUINT64)
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 59b28cf..a73d4a8 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -901,8 +901,24 @@ DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
DECLARE_ASN1_ITEM(CBIGNUM)
DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/*
+ * LONG and ZLONG are strongly discouraged for use as stored data, as the
+ * underlying C type (long) differs in size depending on the architecture.
+ * They are designed with 32-bit longs in mind.
+ */
DECLARE_ASN1_ITEM(LONG)
DECLARE_ASN1_ITEM(ZLONG)
+# endif
DEFINE_STACK_OF(ASN1_VALUE)
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 0802dd4..b4eb98e 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -37,7 +37,7 @@
#include <stdio.h>
#include <stdlib.h>
#include "ssl_locl.h"
-#include "internal/asn1t.h"
+#include <openssl/asn1t.h>
#include <openssl/x509.h>
typedef struct {
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index 02455fc..9b33314 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -10,7 +10,7 @@
#include <stdio.h>
#include <string.h>
-#include "internal/asn1t.h"
+#include <openssl/asn1t.h>
#include "internal/numbers.h"
#include "test_main.h"
#include "testutil.h"
@@ -170,6 +170,7 @@ typedef struct {
ENCDEC_DATA(-1, -1), \
ENCDEC_DATA(0, ASN1_LONG_UNDEF)
+#if OPENSSL_API_COMPAT < 0x10200000L
/***** LONG ******************************************************************/
typedef struct {
@@ -255,6 +256,7 @@ static TEST_PACKAGE long_test_package_64bit = {
(i2d_fn *)i2d_ASN1_LONG_DATA, (d2i_fn *)d2i_ASN1_LONG_DATA,
(ifree_fn *)ASN1_LONG_DATA_free
};
+#endif
/***** INT32 *****************************************************************/
@@ -676,6 +678,7 @@ static int test_intern(const TEST_PACKAGE *package)
return fail == 0;
}
+#if OPENSSL_API_COMPAT < 0x10200000L
static int test_long_32bit(void)
{
return test_intern(&long_test_package_32bit);
@@ -685,6 +688,7 @@ static int test_long_64bit(void)
{
return test_intern(&long_test_package_64bit);
}
+#endif
static int test_int32(void)
{
@@ -708,8 +712,10 @@ static int test_uint64(void)
void register_tests(void)
{
+#if OPENSSL_API_COMPAT < 0x10200000L
ADD_TEST(test_long_32bit);
ADD_TEST(test_long_64bit);
+#endif
ADD_TEST(test_int32);
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 4df5422..1a19273 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1768,8 +1768,8 @@ ASYNC_init_thread 1755 1_1_0
EXIST::FUNCTION:
OCSP_BASICRESP_get_ext_by_OBJ 1756 1_1_0 EXIST::FUNCTION:OCSP
X509_reject_clear 1757 1_1_0 EXIST::FUNCTION:
DH_security_bits 1758 1_1_0 EXIST::FUNCTION:DH
-LONG_it 1759 1_1_0
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-LONG_it 1759 1_1_0
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+LONG_it 1759 1_1_0
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0
+LONG_it 1759 1_1_0
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0
ASN1_dup 1760 1_1_0 EXIST::FUNCTION:
TS_RESP_new 1761 1_1_0 EXIST::FUNCTION:TS
i2d_PKCS8PrivateKeyInfo_fp 1762 1_1_0 EXIST::FUNCTION:STDIO
@@ -1834,8 +1834,8 @@ X509V3_EXT_add_list 1821 1_1_0
EXIST::FUNCTION:
CMS_compress 1822 1_1_0 EXIST::FUNCTION:CMS
X509_get_ext_by_critical 1823 1_1_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_clear_fd 1824 1_1_0 EXIST::FUNCTION:
-ZLONG_it 1825 1_1_0
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ZLONG_it 1825 1_1_0
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZLONG_it 1825 1_1_0
EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0
+ZLONG_it 1825 1_1_0
EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0
OPENSSL_sk_find_ex 1826 1_1_0 EXIST::FUNCTION:
ASN1_ENUMERATED_to_BN 1827 1_1_0 EXIST::FUNCTION:
X509_CRL_get_ext_d2i 1828 1_1_0 EXIST::FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 36b4efe..c9fa98e 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -114,6 +114,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA",
"DES", "BF",
"DEPRECATEDIN_0_9_8",
"DEPRECATEDIN_1_0_0",
"DEPRECATEDIN_1_1_0",
+ "DEPRECATEDIN_1_2_0",
# SCTP
"SCTP",
# SRTP
@@ -141,6 +142,14 @@ foreach (@known_algorithms) {
# disabled by default
$disabled_algorithms{"STATIC_ENGINE"} = 1;
+my $apiv = sprintf "%x%02x%02x", split(/\./, $config{api});
+foreach (keys %disabled_algorithms) {
+ if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) {
+ my $depv = sprintf "%x%02x%02x", $1, $2, $3;
+ $disabled_algorithms{$_} = 1 if $apiv ge $depv;
+ }
+}
+
my $zlib;
foreach (@ARGV, split(/ /, $config{options}))
@@ -176,25 +185,9 @@ foreach (@ARGV, split(/ /, $config{options}))
$do_ctest=1 if $_ eq "ctest";
$do_ctestall=1 if $_ eq "ctestall";
$do_checkexist=1 if $_ eq "exist";
- if (/^--api=(\d+)\.(\d+)\.(\d+)$/) {
- my $apiv = sprintf "%x%02x%02x", $1, $2, $3;
- foreach (keys %disabled_algorithms) {
- if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) {
- my $depv = sprintf "%x%02x%02x", $1, $2, $3;
- $disabled_algorithms{$_} = 1 if $apiv ge $depv;
- }
- }
- }
- if (/^no-deprecated$/) {
- foreach (keys %disabled_algorithms) {
- if (/^DEPRECATEDIN_/) {
- $disabled_algorithms{$_} = 1;
- }
- }
- }
- elsif (/^(enable|disable|no)-(.*)$/) {
+ if (/^(enable|disable|no)-(.*)$/) {
my $alg = uc $2;
- $alg =~ tr/-/_/;
+ $alg =~ tr/-/_/;
if (exists $disabled_algorithms{$alg}) {
$disabled_algorithms{$alg} = $1 eq "enable" ? 0 : 1;
}
@@ -239,7 +232,6 @@ my $crypto ="include/openssl/crypto.h";
$crypto.=" include/internal/o_dir.h";
$crypto.=" include/internal/o_str.h";
$crypto.=" include/internal/err.h";
-$crypto.=" include/internal/asn1t.h";
$crypto.=" include/openssl/des.h" ; # unless $no_des;
$crypto.=" include/openssl/idea.h" ; # unless $no_idea;
$crypto.=" include/openssl/rc4.h" ; # unless $no_rc4;
@@ -395,6 +387,7 @@ sub do_defs
(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
(map { "OPENSSL_USE_".$_ => 0 } @known_algorithms),
+ (grep /^DEPRECATED_/, @known_algorithms),
NOPROTO => 0,
PERL5 => 0,
_WINDLL => 0,
@@ -507,7 +500,22 @@ sub do_defs
s/{[^{}]*}//gs; # ignore {} blocks
print STDERR "DEBUG: \$def=\"$def\"\n" if $debug &&
$def ne "";
print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
- if (/^\#\s*ifndef\s+(.*)/) {
+ if
(/^\#\s*if\s+OPENSSL_API_COMPAT\s*(\S)\s*(0x[0-9a-fA-F]{8})L\s*$/) {
+ my $op = $1;
+ my $v = hex($2);
+ if ($op ne '<' && $op ne '>=') {
+ die "$file unacceptable operator $op: $_\n";
+ }
+ my ($one, $major, $minor) =
+ ( ($v >> 28) & 0xf,
+ ($v >> 20) & 0xff,
+ ($v >> 12) & 0xff );
+ my $t = "DEPRECATEDIN_${one}_${major}_${minor}";
+ push(@tag,"-");
+ push(@tag,$t);
+ $tag{$t}=($op eq '<' ? 1 : -1);
+ print STDERR "DEBUG: $file: found tag $t =
$tag{$t}\n" if $debug;
+ } elsif (/^\#\s*ifndef\s+(.*)/) {
push(@tag,"-");
push(@tag,$1);
$tag{$1}=-1;
@@ -638,6 +646,9 @@ sub do_defs
, grep(!/^$/,
map { $tag{"OPENSSL_USE_".$_} == 1 ?
$_ : "" }
@known_algorithms);
+ push @current_algorithms,
+ grep { /^DEPRECATEDIN_/ && $tag{$_} == 1 }
+ @known_algorithms;
$def .=
"#INFO:"
.join(',',@current_platforms).":"
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
