The branch master has been updated
via 249d559545ab61dcec5089db3380d19b0ab5cb42 (commit)
via a08489e241501303c487ea84ca30acecfc271f28 (commit)
via 8ce7579d7dd2060ac43c6c621b018b65af10bff0 (commit)
via a61fba5da6eec31d7b790602c1e21f06d722cdaa (commit)
via cb75a155b67942d32b808031199a7c947098e1e6 (commit)
via 908465be599df1531457a476fc3a894c7dfbc6c8 (commit)
from 52c6c12c1cad6f1046b34f4139d1aa3e967a5530 (commit)
- Log -----------------------------------------------------------------
commit 249d559545ab61dcec5089db3380d19b0ab5cb42
Author: Dmitry Belyavskiy <beld...@gmail.com>
Date: Sat Dec 12 06:23:20 2020 +0100
Skip tests depending on deprecated list -*-commands options
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)
commit a08489e241501303c487ea84ca30acecfc271f28
Author: Dmitry Belyavskiy <beld...@gmail.com>
Date: Fri Dec 11 06:15:04 2020 +0100
Documenting the options deprecating in CHANGES.md
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)
commit 8ce7579d7dd2060ac43c6c621b018b65af10bff0
Author: Dmitry Belyavskiy <beld...@gmail.com>
Date: Fri Dec 11 06:13:41 2020 +0100
Documenting the options deprecating
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)
commit a61fba5da6eec31d7b790602c1e21f06d722cdaa
Author: Dmitry Belyavskiy <beld...@gmail.com>
Date: Fri Dec 11 03:15:09 2020 +0100
Skip unavailable digests and ciphers in -*-commands
Fixes #13594
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)
commit cb75a155b67942d32b808031199a7c947098e1e6
Author: Dmitry Belyavskiy <beld...@gmail.com>
Date: Fri Dec 11 01:31:30 2020 +0100
Deprecate -cipher-commands and -digest-commands options
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)
commit 908465be599df1531457a476fc3a894c7dfbc6c8
Author: Dmitry Belyavskiy <beld...@gmail.com>
Date: Fri Dec 11 01:23:02 2020 +0100
OPENSSL_NO_GOST has nothing to do with low-level algos
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13669)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 6 +++++
apps/include/apps.h | 2 ++
apps/lib/engine.c | 28 +++++++++++++++++++++++
apps/list.c | 53 ++++++++++++++++++++++++++++++++++++++++++--
apps/progs.pl | 1 -
doc/man1/openssl-list.pod.in | 21 +++++++++++++-----
test/recipes/20-test_enc.t | 2 ++
7 files changed, 104 insertions(+), 9 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index b099baa27a..e31ee42db3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,12 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * The -cipher-commands and -digest-commands options of the command line
+ utility list has been deprecated.
+ Instead use the -cipher-algorithms and -digest-algorithms options.
+
+ *Dmitry Belyavskiy*
+
* Deprecated all the libcrypto and libssl error string loading
functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(),
ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(),
diff --git a/apps/include/apps.h b/apps/include/apps.h
index ddfa3c8383..0a8d6f4060 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -159,6 +159,8 @@ int finish_engine(ENGINE *e);
char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc);
int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
+const EVP_MD *get_digest_from_engine(const char *name);
+const EVP_CIPHER *get_cipher_from_engine(const char *name);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
diff --git a/apps/lib/engine.c b/apps/lib/engine.c
index e4a65b04e2..209c4b6b03 100644
--- a/apps/lib/engine.c
+++ b/apps/lib/engine.c
@@ -163,3 +163,31 @@ int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char
*algname, ENGINE *e)
return pkey_id;
}
+
+const EVP_MD *get_digest_from_engine(const char *name)
+{
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *eng;
+
+ eng = ENGINE_get_digest_engine(OBJ_sn2nid(name));
+ if (eng != NULL) {
+ ENGINE_finish(eng);
+ return EVP_get_digestbyname(name);
+ }
+#endif
+ return NULL;
+}
+
+const EVP_CIPHER *get_cipher_from_engine(const char *name)
+{
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *eng;
+
+ eng = ENGINE_get_cipher_engine(OBJ_sn2nid(name));
+ if (eng != NULL) {
+ ENGINE_finish(eng);
+ return EVP_get_cipherbyname(name);
+ }
+#endif
+ return NULL;
+}
diff --git a/apps/list.c b/apps/list.c
index 20973298a8..df25e00363 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -945,6 +945,38 @@ static void list_options_for_command(const char *command)
BIO_printf(bio_out, "- -\n");
}
+static int is_md_available(const char *name)
+{
+ EVP_MD *md;
+
+ /* Look through providers' digests */
+ ERR_set_mark();
+ md = EVP_MD_fetch(NULL, name, NULL);
+ ERR_pop_to_mark();
+ if (md != NULL) {
+ EVP_MD_free(md);
+ return 1;
+ }
+
+ return (get_digest_from_engine(name) == NULL) ? 0 : 1;
+}
+
+static int is_cipher_available(const char *name)
+{
+ EVP_CIPHER *cipher;
+
+ /* Look through providers' ciphers */
+ ERR_set_mark();
+ cipher = EVP_CIPHER_fetch(NULL, name, NULL);
+ ERR_pop_to_mark();
+ if (cipher != NULL) {
+ EVP_CIPHER_free(cipher);
+ return 1;
+ }
+
+ return (get_cipher_from_engine(name) == NULL) ? 0 : 1;
+}
+
static void list_type(FUNC_TYPE ft, int one)
{
FUNCTION *fp;
@@ -958,6 +990,18 @@ static void list_type(FUNC_TYPE ft, int one)
for (fp = functions; fp->name != NULL; fp++) {
if (fp->type != ft)
continue;
+ switch (ft) {
+ case FT_cipher:
+ if (!is_cipher_available(fp->name))
+ continue;
+ break;
+ case FT_md:
+ if (!is_md_available(fp->name))
+ continue;
+ break;
+ default:
+ break;
+ }
if (one) {
BIO_printf(bio_out, "%s\n", fp->name);
} else {
@@ -1295,8 +1339,10 @@ const OPTIONS list_options[] = {
{"select", OPT_SELECT_NAME, 's', "Select a single algorithm"},
{"commands", OPT_COMMANDS, '-', "List of standard commands"},
{"standard-commands", OPT_COMMANDS, '-', "List of standard commands"},
+#ifndef OPENSSL_NO_DEPRECATED_3_0
{"digest-commands", OPT_DIGEST_COMMANDS, '-',
- "List of message digest commands"},
+ "List of message digest commands (deprecated)"},
+#endif
{"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
"List of message digest algorithms"},
{"kdf-algorithms", OPT_KDF_ALGORITHMS, '-',
@@ -1307,7 +1353,10 @@ const OPTIONS list_options[] = {
"List of random number generators"},
{"mac-algorithms", OPT_MAC_ALGORITHMS, '-',
"List of message authentication code algorithms"},
- {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"},
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ {"cipher-commands", OPT_CIPHER_COMMANDS, '-',
+ "List of cipher commands (deprecated)"},
+#endif
{"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
"List of cipher algorithms"},
{"encoders", OPT_ENCODERS, '-', "List of encoding methods" },
diff --git a/apps/progs.pl b/apps/progs.pl
index 3ddb713238..a03b83139c 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -150,7 +150,6 @@ EOF
);
foreach my $cmd (
"md2", "md4", "md5",
- "gost",
"sha1", "sha224", "sha256", "sha384",
"sha512", "sha512-224", "sha512-256",
"sha3-224", "sha3-256", "sha3-384", "sha3-512",
diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in
index 7d7ba6504e..b06478e711 100644
--- a/doc/man1/openssl-list.pod.in
+++ b/doc/man1/openssl-list.pod.in
@@ -14,13 +14,17 @@ B<openssl list>
[B<-1>]
[B<-commands>]
[B<-digest-commands>]
-[B<-digest-algorithms>]
-[B<-kdf-algorithms>]
+{- output_off() if $disabled{"deprecated-3.0"}; ""
+-}[B<-digest-algorithms>]
+{- output_on() if $disabled{"deprecated-3.0"}; ""
+-}[B<-kdf-algorithms>]
[B<-mac-algorithms>]
[B<-random-generators>]
[B<-cipher-commands>]
-[B<-cipher-algorithms>]
-[B<-encoders>]
+{- output_off() if $disabled{"deprecated-3.0"}; ""
+-}[B<-cipher-algorithms>]
+{- output_on() if $disabled{"deprecated-3.0"}; ""
+-}[B<-encoders>]
[B<-decoders>]
[B<-key-managers>]
[B<-key-exchange-algorithms>]
@@ -71,13 +75,17 @@ Display a list of standard commands.
=item B<-digest-commands>
+This option is deprecated. Use B<digest-algorithms> instead.
+
Display a list of message digest commands, which are typically used
as input to the L<openssl-dgst(1)> or L<openssl-speed(1)> commands.
=item B<-cipher-commands>
+This option is deprecated. Use B<cipher-algorithms> instead.
+
Display a list of cipher commands, which are typically used as input
-to the L<openssl-dgst(1)> or L<openssl-speed(1)> commands.
+to the L<openssl-enc(1)> or L<openssl-speed(1)> commands.
=item B<-digest-algorithms>, B<-kdf-algorithms>, B<-mac-algorithms>,
B<-cipher-algorithms>
@@ -209,7 +217,8 @@ In both cases, C<bar> is the name of the provider.
=head1 HISTORY
-The B<-engines> option was deprecated in OpenSSL 3.0.
+The B<-engines>, B<-digest-commands>, and B<-cipher-commands> options
+were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t
index 8cd4cf98b7..32a62ef2fd 100644
--- a/test/recipes/20-test_enc.t
+++ b/test/recipes/20-test_enc.t
@@ -18,6 +18,8 @@ use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;
setup("test_enc");
+plan skip_all => "Deprecated functions are disabled in this OpenSSL build"
+ if disabled("deprecated");
# We do it this way, because setup() may have moved us around,
# so the directory portion of $0 might not be correct any more.
