Make default_method mostly compile-time

Document thread-safety issues
Have RSA_null return NULL (always fails)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)

diff --git a/CHANGES b/CHANGES
index 0cce21a3bf72289269c23fdd93d54a1322d529ed..72c78eac1b3bc6e90b26ef0ab10d6ee094fc4a51 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -57,6 +57,10 @@
   *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
      [Emilia Käsper]
 
   *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
      [Emilia Käsper]
 

+  *) The RSA "null" method, which was partially supported to avoid patent
+     issues, has been replaced to always returns NULL.
+     [Rich Salz]
+

  Changes between 1.1.0d and 1.1.0e [16 Feb 2017]
 
   *) Encrypt-Then-Mac renegotiation crash
  Changes between 1.1.0d and 1.1.0e [16 Feb 2017]
 
   *) Encrypt-Then-Mac renegotiation crash

diff --git a/apps/speed.c b/apps/speed.c
index 50522ae25a75debec763f57dd7cc5c5838acb62c..f64bea9c68fc2b32266c0119a75e5cb84e5457a6 100644 (file)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1444,12 +1444,8 @@ int speed_main(int argc, char **argv)
             continue;
         }
 #ifndef OPENSSL_NO_RSA
             continue;
         }
 #ifndef OPENSSL_NO_RSA

-# ifndef RSA_NULL
-        if (strcmp(*argv, "openssl") == 0) {
-            RSA_set_default_method(RSA_PKCS1_OpenSSL());
+        if (strcmp(*argv, "openssl") == 0)

             continue;
             continue;

-        }
-# endif

         if (strcmp(*argv, "rsa") == 0) {
             rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] =
                 rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =
         if (strcmp(*argv, "rsa") == 0) {
             rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] =
                 rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 204e5a7a421edf9385a67daa96e30c9bcb6bdee8..fce9ff47f3670fe6be17fab0b8c3f5309516c636 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -56,11 +56,23 @@ static DH_METHOD dh_ossl = {
     NULL
 };
 
     NULL
 };
 

+static const DH_METHOD *default_DH_method = &dh_ossl;
+

 const DH_METHOD *DH_OpenSSL(void)
 {
     return &dh_ossl;
 }
 
 const DH_METHOD *DH_OpenSSL(void)
 {
     return &dh_ossl;
 }
 

+void DH_set_default_method(const DH_METHOD *meth)
+{
+    default_DH_method = meth;
+}
+
+const DH_METHOD *DH_get_default_method(void)
+{
+    return default_DH_method;
+}
+

 static int generate_key(DH *dh)
 {
     int ok = 0;
 static int generate_key(DH *dh)
 {
     int ok = 0;

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 3dfe7c4e58e86a1d32ac0aa14d75bf5fe2143956..f22bcf07062b457585505962e86065225a7946a5 100644 (file)
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -13,20 +13,6 @@
 #include "dh_locl.h"
 #include <openssl/engine.h>
 
 #include "dh_locl.h"
 #include <openssl/engine.h>
 

-static const DH_METHOD *default_DH_method = NULL;
-
-void DH_set_default_method(const DH_METHOD *meth)
-{
-    default_DH_method = meth;
-}
-
-const DH_METHOD *DH_get_default_method(void)
-{
-    if (!default_DH_method)
-        default_DH_method = DH_OpenSSL();
-    return default_DH_method;
-}
-

 int DH_set_method(DH *dh, const DH_METHOD *meth)
 {
     /*
 int DH_set_method(DH *dh, const DH_METHOD *meth)
 {
     /*

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index e24c6b526f569b5121df4c4ae16670a8d28373fb..c90d09b0f06f9a4ca2fc58af85872ca4a875a919 100644 (file)
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -17,20 +17,6 @@
 #include <openssl/engine.h>
 #include <openssl/dh.h>
 
 #include <openssl/engine.h>
 #include <openssl/dh.h>
 

-static const DSA_METHOD *default_DSA_method = NULL;
-
-void DSA_set_default_method(const DSA_METHOD *meth)
-{
-    default_DSA_method = meth;
-}
-
-const DSA_METHOD *DSA_get_default_method(void)
-{
-    if (!default_DSA_method)
-        default_DSA_method = DSA_OpenSSL();
-    return default_DSA_method;
-}
-

 DSA *DSA_new(void)
 {
     return DSA_new_method(NULL);
 DSA *DSA_new(void)
 {
     return DSA_new_method(NULL);

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index f9f6a136fbee82f97b2ceacc64fdb05470226bd3..479337763b1beee1c8962a51775bdda83fd1a7e6 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -41,6 +41,18 @@ static DSA_METHOD openssl_dsa_meth = {
     NULL
 };
 
     NULL
 };
 

+static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+{
+    default_DSA_method = meth;
+}
+
+const DSA_METHOD *DSA_get_default_method(void)
+{
+    return default_DSA_method;
+}
+

 const DSA_METHOD *DSA_OpenSSL(void)
 {
     return &openssl_dsa_meth;
 const DSA_METHOD *DSA_OpenSSL(void)
 {
     return &openssl_dsa_meth;

diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info
index 39b7464b0e0d0f3120aa729e3c0dcfc641dd9294..4575b28879c047a52f5000d375ae17d49a798985 100644 (file)
--- a/crypto/rsa/build.info
+++ b/crypto/rsa/build.info
@@ -1,6 +1,6 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \

-        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c \

         rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
         rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c
         rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
         rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c

diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 112e5a46ec1f3cc43c83d120006a6858e5b9a04c..c3698986befb378c621419437855e7b1a8996084 100644 (file)
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -41,11 +41,6 @@ static ERR_STRING_DATA RSA_str_functs[] = {
     {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"},
     {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"},
     {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
     {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"},
     {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"},
     {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},

-    {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"},
-    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"},

     {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
     {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
     {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},
     {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
     {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
     {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 0fbda9a9b1bdccc51d8c308cfe2f54f0a76824e7..3c2354bbb4cf2144ff576f849d574f780e701bbb 100644 (file)
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -17,31 +17,9 @@
 #include "internal/evp_int.h"
 #include "rsa_locl.h"
 
 #include "internal/evp_int.h"
 #include "rsa_locl.h"
 

-static const RSA_METHOD *default_RSA_meth = NULL;
-

 RSA *RSA_new(void)
 {
 RSA *RSA_new(void)
 {

-    RSA *r = RSA_new_method(NULL);
-
-    return r;
-}
-
-void RSA_set_default_method(const RSA_METHOD *meth)
-{
-    default_RSA_meth = meth;
-}
-
-const RSA_METHOD *RSA_get_default_method(void)
-{
-    if (default_RSA_meth == NULL) {
-#ifdef RSA_NULL
-        default_RSA_meth = RSA_null_method();
-#else
-        default_RSA_meth = RSA_PKCS1_OpenSSL();
-#endif
-    }
-
-    return default_RSA_meth;
+    return RSA_new_method(NULL);

 }
 
 const RSA_METHOD *RSA_get_method(const RSA *rsa)
 }
 
 const RSA_METHOD *RSA_get_method(const RSA *rsa)

diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c
deleted file mode 100644 (file)
index d339494..0000000
--- a/crypto/rsa/rsa_null.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/bn.h>
-#include "rsa_locl.h"
-
-/*
- * This is a dummy RSA implementation that just returns errors when called.
- * It is designed to allow some RSA functions to work while stopping those
- * covered by the RSA patent. That is RSA, encryption, decryption, signing
- * and verify is not allowed but RSA key generation, key checking and other
- * operations (like storing RSA keys) are permitted.
- */
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding);
-static int RSA_null_init(RSA *rsa);
-static int RSA_null_finish(RSA *rsa);
-static RSA_METHOD rsa_null_meth = {
-    "Null RSA",
-    RSA_null_public_encrypt,
-    RSA_null_public_decrypt,
-    RSA_null_private_encrypt,
-    RSA_null_private_decrypt,
-    NULL,
-    NULL,
-    RSA_null_init,
-    RSA_null_finish,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-
-const RSA_METHOD *RSA_null_method(void)
-{
-    return (&rsa_null_meth);
-}
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT,
-           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-                                    unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT,
-           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-                                   unsigned char *to, RSA *rsa, int padding)
-{
-    RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-    return -1;
-}
-
-static int RSA_null_init(RSA *rsa)
-{
-    return (1);
-}
-
-static int RSA_null_finish(RSA *rsa)
-{
-    return (1);
-}

diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index 782606645bd1b4b4a504e5dbc58ffeb8da85f274..5e0ad92cb1c3c4257f1fd21da0bfad4107d399e5 100644 (file)
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -11,8 +11,6 @@
 #include "internal/bn_int.h"
 #include "rsa_locl.h"
 
 #include "internal/bn_int.h"
 #include "rsa_locl.h"
 

-#ifndef RSA_NULL
-

 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding);
 static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding);
 static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,


@@ -26,7 +24,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
 static int rsa_ossl_init(RSA *rsa);
 static int rsa_ossl_finish(RSA *rsa);
 static RSA_METHOD rsa_pkcs1_ossl_meth = {
 static int rsa_ossl_init(RSA *rsa);
 static int rsa_ossl_finish(RSA *rsa);
 static RSA_METHOD rsa_pkcs1_ossl_meth = {

-    "OpenSSL PKCS#1 RSA (from Eric Young)",
+    "OpenSSL PKCS#1 RSA",

     rsa_ossl_public_encrypt,
     rsa_ossl_public_decrypt,     /* signature verification */
     rsa_ossl_private_encrypt,    /* signing */
     rsa_ossl_public_encrypt,
     rsa_ossl_public_decrypt,     /* signature verification */
     rsa_ossl_private_encrypt,    /* signing */


@@ -43,11 +41,28 @@ static RSA_METHOD rsa_pkcs1_ossl_meth = {
     NULL                        /* rsa_keygen */
 };
 
     NULL                        /* rsa_keygen */
 };
 

+static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth;
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+{
+    default_RSA_meth = meth;
+}
+
+const RSA_METHOD *RSA_get_default_method(void)
+{
+    return default_RSA_meth;
+}
+

 const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
 {
     return &rsa_pkcs1_ossl_meth;
 }
 
 const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
 {
     return &rsa_pkcs1_ossl_meth;
 }
 

+const RSA_METHOD *RSA_null_method(void)
+{
+    return NULL;
+}
+

 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding)
 {
 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding)
 {


@@ -786,5 +801,3 @@ static int rsa_ossl_finish(RSA *rsa)
     BN_MONT_CTX_free(rsa->_method_mod_q);
     return (1);
 }
     BN_MONT_CTX_free(rsa->_method_mod_q);
     return (1);
 }

-
-#endif

diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 7f30a5b0af768174c04f9f391f1f05f87004f153..e48e4add1de355d875b4de9d80e4b81fd5ddacbd 100644 (file)
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -15,8 +15,6 @@
 #include <openssl/err.h>
 #include "ui_locl.h"
 
 #include <openssl/err.h>
 #include "ui_locl.h"
 

-static const UI_METHOD *default_UI_meth = NULL;
-

 UI *UI_new(void)
 {
     return (UI_new_method(NULL));
 UI *UI_new(void)
 {
     return (UI_new_method(NULL));


@@ -535,19 +533,6 @@ void *UI_get_ex_data(UI *r, int idx)
     return (CRYPTO_get_ex_data(&r->ex_data, idx));
 }
 
     return (CRYPTO_get_ex_data(&r->ex_data, idx));
 }
 

-void UI_set_default_method(const UI_METHOD *meth)
-{
-    default_UI_meth = meth;
-}
-
-const UI_METHOD *UI_get_default_method(void)
-{
-    if (default_UI_meth == NULL) {
-        default_UI_meth = UI_OpenSSL();
-    }
-    return default_UI_meth;
-}
-

 const UI_METHOD *UI_get_method(UI *ui)
 {
     return ui->meth;
 const UI_METHOD *UI_get_method(UI *ui)
 {
     return ui->meth;

diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 400b0562f41abe2cd263d7dae1c49c84c594dce3..42c932656c3c57368c3871dda5a7fd64040e3d77 100644 (file)
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -202,6 +202,18 @@ static UI_METHOD ui_openssl = {
     NULL
 };
 
     NULL
 };
 

+static const UI_METHOD *default_UI_meth = &ui_openssl;
+
+void UI_set_default_method(const UI_METHOD *meth)
+{
+    default_UI_meth = meth;
+}
+
+const UI_METHOD *UI_get_default_method(void)
+{
+    return default_UI_meth;
+}
+

 /* The method with all the built-in thingies */
 UI_METHOD *UI_OpenSSL(void)
 {
 /* The method with all the built-in thingies */
 UI_METHOD *UI_OpenSSL(void)
 {

diff --git a/doc/man3/DH_set_method.pod b/doc/man3/DH_set_method.pod
index 59e8277a62a9e358765abf5d239f206d30fbef2f..ea45961f1500149b70b0f86f42ac2fedde3910ae 100644 (file)
--- a/doc/man3/DH_set_method.pod
+++ b/doc/man3/DH_set_method.pod
@@ -31,8 +31,11 @@ Initially, the default DH_METHOD is the OpenSSL internal implementation, as
 returned by DH_OpenSSL().
 
 DH_set_default_method() makes B<meth> the default method for all DH
 returned by DH_OpenSSL().
 
 DH_set_default_method() makes B<meth> the default method for all DH

-structures created later. B<NB>: This is true only whilst no ENGINE has been set
+structures created later.
+B<NB>: This is true only whilst no ENGINE has been set

 as a default for DH, so this function is no longer recommended.
 as a default for DH, so this function is no longer recommended.

+This function is not thread-safe and should not be called at the same time
+as other OpenSSL functions.

 
 DH_get_default_method() returns a pointer to the current default DH_METHOD.
 However, the meaningfulness of this result is dependent on whether the ENGINE
 
 DH_get_default_method() returns a pointer to the current default DH_METHOD.
 However, the meaningfulness of this result is dependent on whether the ENGINE

diff --git a/doc/man3/DSA_set_method.pod b/doc/man3/DSA_set_method.pod
index 807515ebb8e82831974a5e7f08637af31e76765a..f10307e66d66ccb13fbdb0b59b3b508c47df0753 100644 (file)
--- a/doc/man3/DSA_set_method.pod
+++ b/doc/man3/DSA_set_method.pod
@@ -31,8 +31,11 @@ Initially, the default DSA_METHOD is the OpenSSL internal implementation,
 as returned by DSA_OpenSSL().
 
 DSA_set_default_method() makes B<meth> the default method for all DSA
 as returned by DSA_OpenSSL().
 
 DSA_set_default_method() makes B<meth> the default method for all DSA

-structures created later. B<NB>: This is true only whilst no ENGINE has
+structures created later.
+B<NB>: This is true only whilst no ENGINE has

 been set as a default for DSA, so this function is no longer recommended.
 been set as a default for DSA, so this function is no longer recommended.

+This function is not thread-safe and should not be called at the same time
+as other OpenSSL functions.

 
 DSA_get_default_method() returns a pointer to the current default
 DSA_METHOD. However, the meaningfulness of this result is dependent on
 
 DSA_get_default_method() returns a pointer to the current default
 DSA_METHOD. However, the meaningfulness of this result is dependent on

diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod
index 7e7d27cf93c4d81dc2f854787d0a0cb34d6be4c4..f34aac668a1fca7734c7fe47518486d87166bc5c 100644 (file)
--- a/doc/man3/RSA_set_method.pod
+++ b/doc/man3/RSA_set_method.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 RSA_set_default_method, RSA_get_default_method, RSA_set_method,
 =head1 NAME
 
 RSA_set_default_method, RSA_get_default_method, RSA_set_method,

-RSA_get_method, RSA_PKCS1_OpenSSL, RSA_null_method, RSA_flags,
+RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags,

 RSA_new_method - select RSA method
 
 =head1 SYNOPSIS
 RSA_new_method - select RSA method
 
 =head1 SYNOPSIS


@@ -20,8 +20,6 @@ RSA_new_method - select RSA method
 
  RSA_METHOD *RSA_PKCS1_OpenSSL(void);
 
 
  RSA_METHOD *RSA_PKCS1_OpenSSL(void);
 

- RSA_METHOD *RSA_null_method(void);
-

  int RSA_flags(const RSA *rsa);
 
  RSA *RSA_new_method(ENGINE *engine);
  int RSA_flags(const RSA *rsa);
 
  RSA *RSA_new_method(ENGINE *engine);


@@ -38,8 +36,11 @@ Initially, the default RSA_METHOD is the OpenSSL internal implementation,
 as returned by RSA_PKCS1_OpenSSL().
 
 RSA_set_default_method() makes B<meth> the default method for all RSA
 as returned by RSA_PKCS1_OpenSSL().
 
 RSA_set_default_method() makes B<meth> the default method for all RSA

-structures created later. B<NB>: This is true only whilst no ENGINE has
+structures created later.
+B<NB>: This is true only whilst no ENGINE has

 been set as a default for RSA, so this function is no longer recommended.
 been set as a default for RSA, so this function is no longer recommended.

+This function is not thread-safe and should not be called at the same time
+as other OpenSSL functions.

 
 RSA_get_default_method() returns a pointer to the current default
 RSA_METHOD. However, the meaningfulness of this result is dependent on
 
 RSA_get_default_method() returns a pointer to the current default
 RSA_METHOD. However, the meaningfulness of this result is dependent on


@@ -168,6 +169,11 @@ not currently exist).
 
 L<RSA_new(3)>
 
 
 L<RSA_new(3)>
 

+=head1 HISTORY
+
+The RSA_null_method(), which was a partial attempt to avoid patent issues,
+was replaced to always return NULL in OpenSSL 1.1.1.
+

 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

diff --git a/doc/man3/UI_new.pod b/doc/man3/UI_new.pod
index 037e8bf10e4e699131ee5d3af6bbb83185a85b64..c5ebfddc89ac913362aad62b774a760f1a5df745 100644 (file)
--- a/doc/man3/UI_new.pod
+++ b/doc/man3/UI_new.pod
@@ -168,6 +168,8 @@ B<UI_CTRL_IS_REDOABLE>, which returns a flag saying if the used UI can
 be used again or not.
 
 UI_set_default_method() changes the default UI method to the one given.
 be used again or not.
 
 UI_set_default_method() changes the default UI method to the one given.

+This function is not thread-safe and should not be called at the same time
+as other OpenSSL functions.

 
 UI_get_default_method() returns a pointer to the current default UI method.
 
 
 UI_get_default_method() returns a pointer to the current default UI method.
 

diff --git a/fuzz/client.c b/fuzz/client.c
index 8c316216450f23489369b7d1853d79ba31a912b9..9404a95a6838983af3cef3b8f3df1487bcfa97f0 100644 (file)
--- a/fuzz/client.c
+++ b/fuzz/client.c
@@ -36,16 +36,6 @@ int FuzzerInitialize(int *argc, char ***argv)
     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
     RAND_add("", 1, ENTROPY_NEEDED);
     RAND_status();
     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
     RAND_add("", 1, ENTROPY_NEEDED);
     RAND_status();

-    RSA_get_default_method();
-#ifndef OPENSSL_NO_DSA
-    DSA_get_default_method();
-#endif
-#ifndef OPENSSL_NO_EC
-    EC_KEY_get_default_method();
-#endif
-#ifndef OPENSSL_NO_DH
-    DH_get_default_method();
-#endif

     comp_methods = SSL_COMP_get_compression_methods();
     OPENSSL_sk_sort((OPENSSL_STACK *)comp_methods);
 
     comp_methods = SSL_COMP_get_compression_methods();
     OPENSSL_sk_sort((OPENSSL_STACK *)comp_methods);
 

diff --git a/fuzz/server.c b/fuzz/server.c
index 3e103159cff50709e3b9bf5a9a47226f883b1bd9..5bbba1c26aed941da347e9d6f7d19aa4b6beadcd 100644 (file)
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -484,16 +484,6 @@ int FuzzerInitialize(int *argc, char ***argv)
     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
     RAND_add("", 1, ENTROPY_NEEDED);
     RAND_status();
     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
     RAND_add("", 1, ENTROPY_NEEDED);
     RAND_status();

-    RSA_get_default_method();
-#ifndef OPENSSL_NO_DSA
-    DSA_get_default_method();
-#endif
-#ifndef OPENSSL_NO_EC
-    EC_KEY_get_default_method();
-#endif
-#ifndef OPENSSL_NO_DH
-    DH_get_default_method();
-#endif

     comp_methods = SSL_COMP_get_compression_methods();
     OPENSSL_sk_sort((OPENSSL_STACK *)comp_methods);
 
     comp_methods = SSL_COMP_get_compression_methods();
     OPENSSL_sk_sort((OPENSSL_STACK *)comp_methods);
 

diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 8ad4cdaf1ea157f1935ee24c904e0b3c303456d7..f94ec5f5bbde24ad0be5831bb098968fc3a71456 100644 (file)
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -236,14 +236,13 @@ int RSA_flags(const RSA *r);
 
 void RSA_set_default_method(const RSA_METHOD *meth);
 const RSA_METHOD *RSA_get_default_method(void);
 
 void RSA_set_default_method(const RSA_METHOD *meth);
 const RSA_METHOD *RSA_get_default_method(void);

+const RSA_METHOD *RSA_null_method(void);

 const RSA_METHOD *RSA_get_method(const RSA *rsa);
 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
 /* these are the actual RSA functions */
 const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
 
 const RSA_METHOD *RSA_get_method(const RSA *rsa);
 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
 /* these are the actual RSA functions */
 const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
 

-const RSA_METHOD *RSA_null_method(void);
-

 int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
 
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
 int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
 
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)


@@ -502,11 +501,11 @@ int ERR_load_RSA_strings(void);
 # define RSA_F_RSA_METH_SET1_NAME                         163
 # define RSA_F_RSA_MGF1_TO_MD                             157
 # define RSA_F_RSA_NEW_METHOD                             106
 # define RSA_F_RSA_METH_SET1_NAME                         163
 # define RSA_F_RSA_MGF1_TO_MD                             157
 # define RSA_F_RSA_NEW_METHOD                             106

-# define RSA_F_RSA_NULL                                   124
-# define RSA_F_RSA_NULL_PRIVATE_DECRYPT                   132
-# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                   133
-# define RSA_F_RSA_NULL_PUBLIC_DECRYPT                    134
-# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    135
+# define RSA_F_RSA_NULL                                   0
+# define RSA_F_RSA_NULL_PRIVATE_DECRYPT                   0
+# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                   0
+# define RSA_F_RSA_NULL_PUBLIC_DECRYPT                    0
+# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    0

 # define RSA_F_RSA_OSSL_PRIVATE_DECRYPT                   101
 # define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT                   102
 # define RSA_F_RSA_OSSL_PUBLIC_DECRYPT                    103
 # define RSA_F_RSA_OSSL_PRIVATE_DECRYPT                   101
 # define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT                   102
 # define RSA_F_RSA_OSSL_PUBLIC_DECRYPT                    103