Deprecate EVP_PKEY_set1_tls_encodedpoint()

Also deprecate EVP_PKEY_get1_tls_encodedpoint().

The preferred alternative is EVP_PKEY_set1_encoded_public_key() and
EVP_PKEY_get1_encoded_public_key().

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13105)

diff --git a/CHANGES.md b/CHANGES.md
index ba068b4f9dc96343f91413ff3c1de1f3de8df2fa..828bbd1b75b66e1d8575f4e03a3defe95cbc875d 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,16 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Deprecated EVP_PKEY_set1_tls_encodedpoint() and
+   EVP_PKEY_get1_tls_encodedpoint(). These functions were previously used by
+   libssl to set or get an encoded public key in/from an EVP_PKEY object. With
+   OpenSSL 3.0 these are replaced by the more generic functions
+   EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key().
+   The old versions have been converted to deprecated macros that just call the
+   new functions.
+
+   *Matt Caswell*
+
  * The security callback, which can be customised by application code, supports
    the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
    in the "other" parameter. In most places this is what is passed. All these

diff --git a/doc/man3/EVP_PKEY_set1_encoded_public_key.pod b/doc/man3/EVP_PKEY_set1_encoded_public_key.pod
index 7d43e66c3142f33c548d1c8e059c4640b7c5471f..be30ad2d11681f5cfbc0b0c86b21e86106384cfc 100644 (file)
--- a/doc/man3/EVP_PKEY_set1_encoded_public_key.pod
+++ b/doc/man3/EVP_PKEY_set1_encoded_public_key.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key
+EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key,
+EVP_PKEY_set1_tls_encodedpoint, EVP_PKEY_get1_tls_encodedpoint
 - functions to set and get public key data within an EVP_PKEY
 
 =head1 SYNOPSIS
@@ -14,11 +15,14 @@ EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key
 
  size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub);
 
- #define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \
-         EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen))
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
 
- #define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \
-         EVP_PKEY_get1_encoded_public_key((pkey), (ppt))
+ int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                                    const unsigned char *pt, size_t ptlen);
+
+ size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt);
 
 =head1 DESCRIPTION
 
@@ -46,6 +50,15 @@ be allocated and stored in B<*ppub>. The length of the encoded public key is
 returned by the function. The application is responsible for freeing the
 allocated buffer.
 
+The macro EVP_PKEY_set1_tls_encodedpoint() is deprecated and simply calls
+EVP_PKEY_set1_encoded_public_key() with all the same arguments. New applications
+should use EVP_PKEY_set1_encoded_public_key() instead.
+
+The macro EVP_PKEY_get1_tls_encodedpoint() is deprecated and simply calls
+EVP_PKEY_get1_encoded_public_key() with all the same arguments. New applications
+should use EVP_PKEY_get1_encoded_public_key() instead.
+
+
 =head1 RETURN VALUES
 
 EVP_PKEY_set1_encoded_public_key() returns 1 for success and 0 or a negative
@@ -61,7 +74,7 @@ performing a key exchange operation.
 =head2 Set up a peer's EVP_PKEY ready for a key exchange operation
 
  #include <openssl/evp.h>
- 
+
  int exchange(EVP_PKEY *ourkey, unsigned char *peer_pub, size_t peer_pub_len)
  {
      EVP_PKEY *peerkey = EVP_PKEY_new();
@@ -72,11 +85,11 @@ performing a key exchange operation.
      if (EVP_PKEY_set1_encoded_public_key(peerkey, peer_pub,
                                           peer_pub_len) <= 0)
          return 0;
- 
+
      /* Do the key exchange here */
- 
+
      EVP_PKEY_free(peerkey);
- 
+
      return 1;
  }
 
@@ -104,13 +117,17 @@ performing a key exchange operation.
 
 =head1 SEE ALSO
 
-L<EVP_PKEY_new(3)>, L<EVP_PKEY_copy_parameters(7)>,
+L<EVP_PKEY_new(3)>, L<EVP_PKEY_copy_parameters(3)>,
 L<EVP_PKEY_derive_init(3)>, L<EVP_PKEY_derive(3)>,
 L<EVP_PKEY-DH(7)>, L<EVP_PKEY-EC(7)>, L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>
 
 =head1 HISTORY
 
-These functions were added in OpenSSL 3.0.
+EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key() were
+added in OpenSSL 3.0.
+
+EVP_PKEY_set1_tls_encodedpoint() and EVP_PKEY_get1_tls_encodedpoint() were
+deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 834e00b84dd7c358d331376f8efaf7e78d7284fb..7c36e78ce17064ec962e9c4f4b4ac804e269be02 100644 (file)
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1280,22 +1280,26 @@ int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
                                      char *mdname, size_t mdname_sz);
 int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 /*
  * For backwards compatibility. Use EVP_PKEY_set1_encoded_public_key in
  * preference
  */
-#define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \
-        EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen))
+#  define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \
+          EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen))
+# endif
 
 int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey,
                                      const unsigned char *pub, size_t publen);
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 /*
  * For backwards compatibility. Use EVP_PKEY_get1_encoded_public_key in
  * preference
  */
-#define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \
-        EVP_PKEY_get1_encoded_public_key((pkey), (ppt))
+#  define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \
+          EVP_PKEY_get1_encoded_public_key((pkey), (ppt))
+# endif
 
 size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub);
 

diff --git a/util/other.syms b/util/other.syms
index e5d98a9877ff46c285f2e025596537ec23979408..aa85ffa26a410ffe678648ceeadd4c0020834874 100644 (file)
--- a/util/other.syms
+++ b/util/other.syms
@@ -601,3 +601,5 @@ OSSL_TRACE1                             define
 OSSL_TRACE2                             define
 OSSL_TRACE9                             define
 TS_VERIFY_CTS_set_certs                 define deprecated 3.0.0
+EVP_PKEY_get1_tls_encodedpoint          define deprecated 3.0.0
+EVP_PKEY_set1_tls_encodedpoint          define deprecated 3.0.0