From 45ada6b92bc7e31772d95ab9dcb0e7d2a764cf20 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 5 Oct 2022 17:52:46 +0200 Subject: [PATCH] Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch 3.1 has been decided to be a FIPS 140-3 release, springing from the branch openssl-3.0, and the master branch to continue with the development of OpenSSL 3.2. Reviewed-by: Matthias St. Pierre Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/19350) --- CHANGES.md | 12 +-- NEWS.md | 6 +- VERSION.dat | 2 +- crypto/lhash/lh_stats.c | 4 +- doc/designs/quic-design/quic-requirements.md | 2 +- doc/internal/man3/DEFINE_LIST_OF.pod | 2 +- .../man3/DEFINE_PRIORITY_QUEUE_OF.pod | 2 +- doc/internal/man3/OSSL_EVENT.pod | 2 +- doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod | 2 +- doc/internal/man3/OSSL_TIME.pod | 2 +- doc/internal/man7/deprecation.pod | 2 +- doc/man1/openssl-cms.pod.in | 2 +- doc/man1/openssl-req.pod.in | 2 +- doc/man1/openssl-s_client.pod.in | 6 +- doc/man1/openssl-s_server.pod.in | 6 +- doc/man3/BIO_ADDR.pod | 2 +- doc/man3/BIO_ctrl.pod | 2 +- doc/man3/BIO_s_accept.pod | 2 +- doc/man3/BIO_s_connect.pod | 2 +- doc/man3/BIO_sendmmsg.pod | 2 +- doc/man3/CMS_EncryptedData_decrypt.pod | 2 +- doc/man3/CMS_final.pod | 2 +- doc/man3/CMS_verify.pod | 2 +- doc/man3/EVP_DigestInit.pod | 2 +- doc/man3/EVP_EncryptInit.pod | 2 +- doc/man3/EVP_PKEY_decapsulate.pod | 2 +- doc/man3/EVP_PKEY_encapsulate.pod | 2 +- doc/man3/OPENSSL_LH_COMPFUNC.pod | 2 +- doc/man3/OPENSSL_LH_stats.pod | 4 +- doc/man3/OSSL_CMP_CTX_new.pod | 4 +- doc/man3/OSSL_QUIC_client_method.pod | 2 +- doc/man3/PKCS12_create.pod | 2 +- doc/man3/SSL_CTX_set_client_hello_cb.pod | 2 +- doc/man3/X509_PUBKEY_new.pod | 2 +- doc/man3/X509_get_default_cert_file.pod | 4 +- doc/man3/X509_new.pod | 2 +- doc/man7/bio.pod | 2 +- doc/man7/provider-kem.pod | 2 +- include/openssl/lhash.h.in | 18 ++-- include/openssl/macros.h | 13 +-- util/libcrypto.num | 90 +++++++++---------- util/libssl.num | 8 +- 42 files changed, 118 insertions(+), 117 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index fb71df56a4..05a3e4bdf6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,7 +10,7 @@ pick the appropriate release branch. OpenSSL Releases ---------------- - - [OpenSSL 3.1](#openssl-31) + - [OpenSSL 3.2](#openssl-32) - [OpenSSL 3.0](#openssl-30) - [OpenSSL 1.1.1](#openssl-111) - [OpenSSL 1.1.0](#openssl-110) @@ -19,10 +19,10 @@ OpenSSL Releases - [OpenSSL 1.0.0](#openssl-100) - [OpenSSL 0.9.x](#openssl-09x) -OpenSSL 3.1 +OpenSSL 3.2 ----------- -### Changes between 3.0 and 3.1 [xx XXX xxxx] +### Changes between 3.0 and 3.2 [xx XXX xxxx] * Add the ability to add custom attributes to PKCS12 files. Add a new API PKCS12_create_ex2, identical to the existing PKCS12_create_ex but allows @@ -136,13 +136,13 @@ OpenSSL 3.1 * The functions `OPENSSL_LH_stats`, `OPENSSL_LH_node_stats`, `OPENSSL_LH_node_usage_stats`, `OPENSSL_LH_stats_bio`, `OPENSSL_LH_node_stats_bio` and `OPENSSL_LH_node_usage_stats_bio` are now - marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining - `OPENSSL_NO_DEPRECATED_3_1`. + marked deprecated from OpenSSL 3.2 onwards and can be disabled by defining + `OPENSSL_NO_DEPRECATED_3_2`. The macro `DEFINE_LHASH_OF` is now deprecated in favour of the macro `DEFINE_LHASH_OF_EX`, which omits the corresponding type-specific function definitions for these functions regardless of whether - `OPENSSL_NO_DEPRECATED_3_1` is defined. + `OPENSSL_NO_DEPRECATED_3_2` is defined. Users of `DEFINE_LHASH_OF` may start receiving deprecation warnings for these functions regardless of whether they are using them. It is recommended that diff --git a/NEWS.md b/NEWS.md index 36a157bc3d..0aa6b8a548 100644 --- a/NEWS.md +++ b/NEWS.md @@ -7,7 +7,7 @@ release. For more details please read the CHANGES file. OpenSSL Releases ---------------- - - [OpenSSL 3.1](#openssl-31) + - [OpenSSL 3.2](#openssl-32) - [OpenSSL 3.0](#openssl-30) - [OpenSSL 1.1.1](#openssl-111) - [OpenSSL 1.1.0](#openssl-110) @@ -16,10 +16,10 @@ OpenSSL Releases - [OpenSSL 1.0.0](#openssl-100) - [OpenSSL 0.9.x](#openssl-09x) -OpenSSL 3.1 +OpenSSL 3.2 ----------- -### Major changes between OpenSSL 3.0 and OpenSSL 3.1 [under development] +### Major changes between OpenSSL 3.0 and OpenSSL 3.2 [under development] * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings by default. diff --git a/VERSION.dat b/VERSION.dat index bf2063dc0b..848915b9a2 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,5 +1,5 @@ MAJOR=3 -MINOR=1 +MINOR=2 PATCH=0 PRE_RELEASE_TAG=dev BUILD_METADATA= diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index ea0a3252a6..36a177129e 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -23,7 +23,7 @@ #include "lhash_local.h" # ifndef OPENSSL_NO_STDIO -# ifndef OPENSSL_NO_DEPRECATED_3_1 +# ifndef OPENSSL_NO_DEPRECATED_3_2 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) { BIO *bp; @@ -62,7 +62,7 @@ void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp) # endif # endif -# ifndef OPENSSL_NO_DEPRECATED_3_1 +# ifndef OPENSSL_NO_DEPRECATED_3_2 /* * These functions are implemented as separate static functions as they are * called from the stdio functions above and calling deprecated functions will diff --git a/doc/designs/quic-design/quic-requirements.md b/doc/designs/quic-design/quic-requirements.md index 6122c0de1f..6b12b42597 100644 --- a/doc/designs/quic-design/quic-requirements.md +++ b/doc/designs/quic-design/quic-requirements.md @@ -180,7 +180,7 @@ discussions. available to (or supplied by) the application with no further internal copies made. -MVP Requirements (3.1) +MVP Requirements (3.2) ---------------------- This section summarises those requirements from the above that are specific to diff --git a/doc/internal/man3/DEFINE_LIST_OF.pod b/doc/internal/man3/DEFINE_LIST_OF.pod index ade676b326..a0090c7685 100644 --- a/doc/internal/man3/DEFINE_LIST_OF.pod +++ b/doc/internal/man3/DEFINE_LIST_OF.pod @@ -112,7 +112,7 @@ the specified element in the list. =head1 HISTORY -The functions described here were all added in OpenSSL 3.1. +The functions described here were all added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/internal/man3/DEFINE_PRIORITY_QUEUE_OF.pod b/doc/internal/man3/DEFINE_PRIORITY_QUEUE_OF.pod index 1eba8fc7d8..41efae9b75 100644 --- a/doc/internal/man3/DEFINE_PRIORITY_QUEUE_OF.pod +++ b/doc/internal/man3/DEFINE_PRIORITY_QUEUE_OF.pod @@ -111,7 +111,7 @@ element. =head1 HISTORY -The functions described here were all added in OpenSSL 3.1. +The functions described here were all added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/internal/man3/OSSL_EVENT.pod b/doc/internal/man3/OSSL_EVENT.pod index f5d1d8bf6b..9d918fe2c8 100644 --- a/doc/internal/man3/OSSL_EVENT.pod +++ b/doc/internal/man3/OSSL_EVENT.pod @@ -187,7 +187,7 @@ L =head1 HISTORY -This functionality was added to OpenSSL 3.1. +This functionality was added to OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod b/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod index d39e9be834..16bd7f205c 100644 --- a/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod +++ b/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod @@ -95,7 +95,7 @@ It returns zero on overflow. =head1 HISTORY -The functions described here were all added in OpenSSL 3.1. +The functions described here were all added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/internal/man3/OSSL_TIME.pod b/doc/internal/man3/OSSL_TIME.pod index 29224d8326..4f85194a4b 100644 --- a/doc/internal/man3/OSSL_TIME.pod +++ b/doc/internal/man3/OSSL_TIME.pod @@ -189,7 +189,7 @@ B and B choose and return one of the input values. =head1 HISTORY -This functionality was added in OpenSSL 3.1. +This functionality was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/internal/man7/deprecation.pod b/doc/internal/man7/deprecation.pod index de34c30fa2..87cdcb13c8 100644 --- a/doc/internal/man7/deprecation.pod +++ b/doc/internal/man7/deprecation.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_NO_DEPRECATED_3_1, OSSL_DEPRECATEDIN_3_1, +OPENSSL_NO_DEPRECATED_3_2, OSSL_DEPRECATEDIN_3_2, OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0, OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1, OPENSSL_NO_DEPRECATED_1_1_0, OSSL_DEPRECATEDIN_1_1_0, diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index 07c46ba20c..50845b772e 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -911,7 +911,7 @@ The B<-nameopt> option was added in OpenSSL 3.0.0. The B<-engine> option was deprecated in OpenSSL 3.0. -The B<-digest> option was added in OpenSSL 3.1. +The B<-digest> option was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 2f525f411b..b677160f6b 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -768,7 +768,7 @@ has no effect. The B<-engine> option was deprecated in OpenSSL 3.0. The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead. -The B<-reqexts> option has been made an alias of B<-extensions> in OpenSSL 3.1. +The B<-reqexts> option has been made an alias of B<-extensions> in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 6e380cb147..5f6f74c51d 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -781,8 +781,8 @@ deprecated. =item B<-ktls> Enable Kernel TLS for sending and receiving. -This option was introduced in OpenSSL 3.1.0. -Kernel TLS is off by default as of OpenSSL 3.1.0. +This option was introduced in OpenSSL 3.2.0. +Kernel TLS is off by default as of OpenSSL 3.2.0. =item B<-tfo> @@ -930,7 +930,7 @@ The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. The B<-engine> option was deprecated in OpenSSL 3.0. -The -tfo option was added in OpenSSL 3.1. +The -tfo option was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 06c2c6d67a..8fa041c2fe 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -771,8 +771,8 @@ The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. =item B<-ktls> Enable Kernel TLS for sending and receiving. -This option was introduced in OpenSSL 3.1.0. -Kernel TLS is off by default as of OpenSSL 3.1.0. +This option was introduced in OpenSSL 3.2.0. +Kernel TLS is off by default as of OpenSSL 3.2.0. =item B<-sendfile> @@ -947,7 +947,7 @@ The The B<-srpvfile>, B<-srpuserseed>, and B<-engine> option were deprecated in OpenSSL 3.0. -The -tfo option was added in OpenSSL 3.1. +The -tfo option was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/BIO_ADDR.pod b/doc/man3/BIO_ADDR.pod index b58bcd9feb..aa5bf77191 100644 --- a/doc/man3/BIO_ADDR.pod +++ b/doc/man3/BIO_ADDR.pod @@ -121,7 +121,7 @@ L, L =head1 HISTORY -BIO_ADDR_dup() was added in OpenSSL 3.1. +BIO_ADDR_dup() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod index f7e9217b16..2f9f3978e8 100644 --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -175,7 +175,7 @@ The BIO_get_ktls_send() and BIO_get_ktls_recv() macros were added in OpenSSL 3.0. They were modified to never return -1 in OpenSSL 3.0.4. The BIO_get_conn_mode(), BIO_set_conn_mode() and BIO_set_tfo() functions -were added in OpenSSL 3.1. +were added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/BIO_s_accept.pod b/doc/man3/BIO_s_accept.pod index aa89ed992f..9abdb2be64 100644 --- a/doc/man3/BIO_s_accept.pod +++ b/doc/man3/BIO_s_accept.pod @@ -240,7 +240,7 @@ down each and finally closes both down. =head1 HISTORY -BIO_set_tfo_accept() was added in OpenSSL 3.1. +BIO_set_tfo_accept() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod index 782e076a94..9f81c02188 100644 --- a/doc/man3/BIO_s_connect.pod +++ b/doc/man3/BIO_s_connect.pod @@ -199,7 +199,7 @@ BIO_set_conn_int_port(), BIO_get_conn_int_port(), BIO_set_conn_ip(), and BIO_get were removed in OpenSSL 1.1.0. Use BIO_set_conn_address() and BIO_get_conn_address() instead. -Connect BIOs support BIO_gets() since OpenSSL 3.1. +Connect BIOs support BIO_gets() since OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/BIO_sendmmsg.pod b/doc/man3/BIO_sendmmsg.pod index c8789ba0ad..4566a715cc 100644 --- a/doc/man3/BIO_sendmmsg.pod +++ b/doc/man3/BIO_sendmmsg.pod @@ -211,7 +211,7 @@ error which is transient in nature. =head1 HISTORY -These functions were added in OpenSSL 3.1. +These functions were added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/CMS_EncryptedData_decrypt.pod b/doc/man3/CMS_EncryptedData_decrypt.pod index 930ac3340b..07a2449c12 100644 --- a/doc/man3/CMS_EncryptedData_decrypt.pod +++ b/doc/man3/CMS_EncryptedData_decrypt.pod @@ -52,7 +52,7 @@ L, L, L =head1 HISTORY -CMS_EnvelopedData_decrypt() was added in OpenSSL 3.1. +CMS_EnvelopedData_decrypt() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/CMS_final.pod b/doc/man3/CMS_final.pod index d21c7d9c12..eec4cf3161 100644 --- a/doc/man3/CMS_final.pod +++ b/doc/man3/CMS_final.pod @@ -47,7 +47,7 @@ L =head1 HISTORY -CMS_final_digest() was added in OpenSSL 3.1. +CMS_final_digest() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod index aa86c05af0..d124234ab1 100644 --- a/doc/man3/CMS_verify.pod +++ b/doc/man3/CMS_verify.pod @@ -156,7 +156,7 @@ L, L =head1 HISTORY -CMS_SignedData_verify() was added in OpenSSL 3.1. +CMS_SignedData_verify() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 9413b41e90..2bbd35f395 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -772,7 +772,7 @@ EVP_MD_CTX_get0_md() instead. EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated in OpenSSL 3.0. -EVP_MD_CTX_dup() was added in OpenSSL 3.1. +EVP_MD_CTX_dup() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index c3d7fc8fd2..2b75b71b04 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -1730,7 +1730,7 @@ non-deprecated alias macro. The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0. -EVP_CIPHER_CTX_dup() was added in OpenSSL 3.1. +EVP_CIPHER_CTX_dup() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_decapsulate.pod b/doc/man3/EVP_PKEY_decapsulate.pod index cdda54d12f..9ae87ddcec 100644 --- a/doc/man3/EVP_PKEY_decapsulate.pod +++ b/doc/man3/EVP_PKEY_decapsulate.pod @@ -95,7 +95,7 @@ L, L, L The functions EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() were added in OpenSSL 3.0. -The function EVP_PKEY_auth_decapsulate_init() was added in OpenSSL 3.1. +The function EVP_PKEY_auth_decapsulate_init() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_encapsulate.pod b/doc/man3/EVP_PKEY_encapsulate.pod index 262481f2ce..1a6f998f5a 100644 --- a/doc/man3/EVP_PKEY_encapsulate.pod +++ b/doc/man3/EVP_PKEY_encapsulate.pod @@ -97,7 +97,7 @@ L, L, L These functions EVP_PKEY_encapsulate_init() and EVP_PKEY_encapsulate() were added in OpenSSL 3.0. -The function EVP_PKEY_auth_encapsulate_init() was added in OpenSSL 3.1. +The function EVP_PKEY_auth_encapsulate_init() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index d3091f6a56..e1eba6b965 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -280,7 +280,7 @@ L In OpenSSL 1.0.0, the lhash interface was revamped for better type checking. -In OpenSSL 3.1, B() was introduced and B() +In OpenSSL 3.2, B() was introduced and B() was deprecated. =head1 COPYRIGHT diff --git a/doc/man3/OPENSSL_LH_stats.pod b/doc/man3/OPENSSL_LH_stats.pod index 5bc69674f8..01381e9216 100644 --- a/doc/man3/OPENSSL_LH_stats.pod +++ b/doc/man3/OPENSSL_LH_stats.pod @@ -16,7 +16,7 @@ OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); -The following functions have been deprecated since OpenSSL 3.1, and can be +The following functions have been deprecated since OpenSSL 3.2, and can be hidden entirely by defining B with a suitable version value, see L: @@ -62,7 +62,7 @@ L for more details about the locks required when using the LHASH data structure. The functions OPENSSH_LH_stats() and OPENSSH_LH_stats_bio() were deprecated in -version 3.1. +version 3.2. =head1 SEE ALSO diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 636bce94bf..d53e2dfba2 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -778,9 +778,9 @@ The OpenSSL CMP support was added in OpenSSL 3.0. OSSL_CMP_CTX_get0_trustedStore() was renamed to OSSL_CMP_CTX_get0_trusted() and OSSL_CMP_CTX_set0_trustedStore() was renamed to OSSL_CMP_CTX_set0_trusted(), using macros, while keeping the old names for backward compatibility, -in OpenSSL 3.1. +in OpenSSL 3.2. -OSSL_CMP_CTX_get0_validatedSrvCert() was added in OpenSSL 3.1. +OSSL_CMP_CTX_get0_validatedSrvCert() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_QUIC_client_method.pod b/doc/man3/OSSL_QUIC_client_method.pod index 862e36d035..65d37e88b3 100644 --- a/doc/man3/OSSL_QUIC_client_method.pod +++ b/doc/man3/OSSL_QUIC_client_method.pod @@ -42,7 +42,7 @@ L =head1 HISTORY OSSL_QUIC_client_method(), OSSL_QUIC_client_thread_method(), and -OSSL_QUIC_server_method() were added in OpenSSL 3.1. +OSSL_QUIC_server_method() were added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 8a61e2c76b..224ae64180 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -107,7 +107,7 @@ L =head1 HISTORY PKCS12_create_ex() was added in OpenSSL 3.0. -PKCS12_create_ex2() was added in OpenSSL 3.1. +PKCS12_create_ex2() was added in OpenSSL 3.2. The defaults for encryption algorithms, MAC algorithm, and the MAC key derivation iteration count were changed in OpenSSL 3.0 to more modern diff --git a/doc/man3/SSL_CTX_set_client_hello_cb.pod b/doc/man3/SSL_CTX_set_client_hello_cb.pod index 60520bd46a..74468ab8ac 100644 --- a/doc/man3/SSL_CTX_set_client_hello_cb.pod +++ b/doc/man3/SSL_CTX_set_client_hello_cb.pod @@ -138,7 +138,7 @@ SSL_client_hello_get0_ciphers(), SSL_client_hello_get0_compression_methods(), SSL_client_hello_get0_ext(), and SSL_client_hello_get1_extensions_present() were added in OpenSSL 1.1.1. SSL_client_hello_get_extension_order() -was added in OpenSSL 3.1.0. +was added in OpenSSL 3.2.0. =head1 COPYRIGHT diff --git a/doc/man3/X509_PUBKEY_new.pod b/doc/man3/X509_PUBKEY_new.pod index d523643c89..e92184f1a5 100644 --- a/doc/man3/X509_PUBKEY_new.pod +++ b/doc/man3/X509_PUBKEY_new.pod @@ -150,7 +150,7 @@ L, The X509_PUBKEY_new_ex() and X509_PUBKEY_eq() functions were added in OpenSSL 3.0. -X509_PUBKEY_set0_public_key() was added in OpenSSL 3.1. +X509_PUBKEY_set0_public_key() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/X509_get_default_cert_file.pod b/doc/man3/X509_get_default_cert_file.pod index 22e6f836cc..ad426956b0 100644 --- a/doc/man3/X509_get_default_cert_file.pod +++ b/doc/man3/X509_get_default_cert_file.pod @@ -67,7 +67,7 @@ uses the value returned by X509_get_default_cert_dir()). =head1 NOTES X509_get_default_cert_uri(), X509_get_default_cert_uri_env() and -X509_get_default_cert_path_env() were introduced in OpenSSL 3.1. Prior to this +X509_get_default_cert_path_env() were introduced in OpenSSL 3.2. Prior to this release, store URIs were expressed via the environment variable returned by X509_get_default_cert_dir_env(); this environment variable could be used to specify either a list of directories or a store URI. This creates an ambiguity @@ -99,7 +99,7 @@ L =head1 HISTORY X509_get_default_cert_uri(), X509_get_default_cert_path_env() and -X509_get_default_cert_uri_env() were introduced in OpenSSL 3.1. +X509_get_default_cert_uri_env() were introduced in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/X509_new.pod b/doc/man3/X509_new.pod index f1d07bf79e..dcebb55fe6 100644 --- a/doc/man3/X509_new.pod +++ b/doc/man3/X509_new.pod @@ -92,7 +92,7 @@ L X509_new_ex() was added in OpenSSL 3.0. -OSSL_STACK_OF_X509_free() was added in OpenSSL 3.1. +OSSL_STACK_OF_X509_free() was added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man7/bio.pod b/doc/man7/bio.pod index 194cdb2586..ca20e115cd 100644 --- a/doc/man7/bio.pod +++ b/doc/man7/bio.pod @@ -54,7 +54,7 @@ a filter BIO with I. =head2 TCP Fast Open TCP Fast Open (RFC7413), abbreviated "TFO", is supported by the BIO -interface since OpenSSL 3.1. TFO is supported in the following operating systems: +interface since OpenSSL 3.2. TFO is supported in the following operating systems: =over 4 diff --git a/doc/man7/provider-kem.pod b/doc/man7/provider-kem.pod index 4e80e5beb7..938a25b7e8 100644 --- a/doc/man7/provider-kem.pod +++ b/doc/man7/provider-kem.pod @@ -220,7 +220,7 @@ L The provider KEM interface was introduced in OpenSSL 3.0. OSSL_FUNC_kem_auth_encapsulate_init() and OSSL_FUNC_kem_auth_decapsulate_init() -were added in OpenSSL 3.1. +were added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/include/openssl/lhash.h.in b/include/openssl/lhash.h.in index 97dd3a4b84..780639bd49 100644 --- a/include/openssl/lhash.h.in +++ b/include/openssl/lhash.h.in @@ -97,16 +97,16 @@ unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); # ifndef OPENSSL_NO_STDIO -# ifndef OPENSSL_NO_DEPRECATED_3_1 -OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); -OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); -OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# ifndef OPENSSL_NO_DEPRECATED_3_2 +OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); # endif # endif -# ifndef OPENSSL_NO_DEPRECATED_3_1 -OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +# ifndef OPENSSL_NO_DEPRECATED_3_2 +OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); # endif # ifndef OPENSSL_NO_DEPRECATED_1_1_0 @@ -181,7 +181,7 @@ OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH * } \ LHASH_OF(type) -# ifndef OPENSSL_NO_DEPRECATED_3_1 +# ifndef OPENSSL_NO_DEPRECATED_3_2 # define DEFINE_LHASH_OF_DEPRECATED(type) \ static ossl_unused ossl_inline void \ lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ diff --git a/include/openssl/macros.h b/include/openssl/macros.h index 1db8ad9f56..b59c6ed341 100644 --- a/include/openssl/macros.h +++ b/include/openssl/macros.h @@ -169,6 +169,7 @@ * 'no-deprecated'. */ +# undef OPENSSL_NO_DEPRECATED_3_2 # undef OPENSSL_NO_DEPRECATED_3_0 # undef OPENSSL_NO_DEPRECATED_1_1_1 # undef OPENSSL_NO_DEPRECATED_1_1_0 @@ -177,16 +178,16 @@ # undef OPENSSL_NO_DEPRECATED_1_0_0 # undef OPENSSL_NO_DEPRECATED_0_9_8 -# if OPENSSL_API_LEVEL >= 30100 +# if OPENSSL_API_LEVEL >= 30200 # ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_3_1 OSSL_DEPRECATED(3.1) -# define OSSL_DEPRECATEDIN_3_1_FOR(msg) OSSL_DEPRECATED_FOR(3.1, msg) +# define OSSL_DEPRECATEDIN_3_2 OSSL_DEPRECATED(3.2) +# define OSSL_DEPRECATEDIN_3_2_FOR(msg) OSSL_DEPRECATED_FOR(3.2, msg) # else -# define OPENSSL_NO_DEPRECATED_3_1 +# define OPENSSL_NO_DEPRECATED_3_2 # endif # else -# define OSSL_DEPRECATEDIN_3_1 -# define OSSL_DEPRECATEDIN_3_1_FOR(msg) +# define OSSL_DEPRECATEDIN_3_2 +# define OSSL_DEPRECATEDIN_3_2_FOR(msg) # endif # if OPENSSL_API_LEVEL >= 30000 # ifndef OPENSSL_NO_DEPRECATED diff --git a/util/libcrypto.num b/util/libcrypto.num index f9c1395859..4518ef477d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1178,7 +1178,7 @@ OPENSSL_uni2asc 1205 3_0_0 EXIST::FUNCTION: SCT_validation_status_string 1206 3_0_0 EXIST::FUNCTION:CT PKCS7_add_attribute 1207 3_0_0 EXIST::FUNCTION: ENGINE_register_DSA 1208 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -OPENSSL_LH_node_stats 1209 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1,STDIO +OPENSSL_LH_node_stats 1209 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2,STDIO X509_policy_tree_free 1210 3_0_0 EXIST::FUNCTION: EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_it 1212 3_0_0 EXIST::FUNCTION: @@ -1317,7 +1317,7 @@ BIO_f_linebuffer 1346 3_0_0 EXIST::FUNCTION: ASN1_item_d2i_bio 1347 3_0_0 EXIST::FUNCTION: ENGINE_get_flags 1348 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_resp_find 1349 3_0_0 EXIST::FUNCTION:OCSP -OPENSSL_LH_node_usage_stats_bio 1350 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1 +OPENSSL_LH_node_usage_stats_bio 1350 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2 EVP_PKEY_encrypt 1351 3_0_0 EXIST::FUNCTION: CRYPTO_cfb128_8_encrypt 1352 3_0_0 EXIST::FUNCTION: SXNET_get_id_INTEGER 1353 3_0_0 EXIST::FUNCTION: @@ -1790,7 +1790,7 @@ X509V3_EXT_REQ_add_conf 1832 3_0_0 EXIST::FUNCTION: ASN1_STRING_to_UTF8 1833 3_0_0 EXIST::FUNCTION: EVP_MD_meth_set_update 1835 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_camellia_192_cbc 1836 3_0_0 EXIST::FUNCTION:CAMELLIA -OPENSSL_LH_stats_bio 1837 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1 +OPENSSL_LH_stats_bio 1837 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2 PKCS7_set_signed_attributes 1838 3_0_0 EXIST::FUNCTION: EC_KEY_priv2buf 1839 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BN_BLINDING_free 1840 3_0_0 EXIST::FUNCTION: @@ -1973,7 +1973,7 @@ i2d_TS_REQ_fp 2019 3_0_0 EXIST::FUNCTION:STDIO,TS i2d_OTHERNAME 2020 3_0_0 EXIST::FUNCTION: EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SCT_get0_extensions 2022 3_0_0 EXIST::FUNCTION:CT -OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1 +OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2 i2d_DIRECTORYSTRING 2024 3_0_0 EXIST::FUNCTION: BN_X931_derive_prime_ex 2025 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_get_pkey_asn1_meth_str 2026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -2553,7 +2553,7 @@ EVP_DecodeUpdate 2609 3_0_0 EXIST::FUNCTION: ENGINE_get_default_RAND 2610 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ERR_peek_last_error_line 2611 3_0_0 EXIST::FUNCTION: ENGINE_get_ssl_client_cert_function 2612 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -OPENSSL_LH_node_usage_stats 2613 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1,STDIO +OPENSSL_LH_node_usage_stats 2613 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2,STDIO DIRECTORYSTRING_it 2614 3_0_0 EXIST::FUNCTION: BIO_write 2615 3_0_0 EXIST::FUNCTION: OCSP_ONEREQ_get_ext_by_OBJ 2616 3_0_0 EXIST::FUNCTION:OCSP @@ -3073,7 +3073,7 @@ TXT_DB_free 3139 3_0_0 EXIST::FUNCTION: ASN1_STRING_set 3140 3_0_0 EXIST::FUNCTION: d2i_ESS_CERT_ID 3141 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_derive 3142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -OPENSSL_LH_stats 3143 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1,STDIO +OPENSSL_LH_stats 3143 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2,STDIO NCONF_dump_fp 3144 3_0_0 EXIST::FUNCTION:STDIO TS_STATUS_INFO_print_bio 3145 3_0_0 EXIST::FUNCTION:TS OPENSSL_sk_dup 3146 3_0_0 EXIST::FUNCTION: @@ -5425,44 +5425,44 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION: ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: -X509_PUBKEY_set0_public_key ? 3_1_0 EXIST::FUNCTION: -OSSL_STACK_OF_X509_free ? 3_1_0 EXIST::FUNCTION: -EVP_MD_CTX_dup ? 3_1_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_dup ? 3_1_0 EXIST::FUNCTION: -BN_signed_bin2bn ? 3_1_0 EXIST::FUNCTION: -BN_signed_bn2bin ? 3_1_0 EXIST::FUNCTION: -BN_signed_lebin2bn ? 3_1_0 EXIST::FUNCTION: -BN_signed_bn2lebin ? 3_1_0 EXIST::FUNCTION: -BN_signed_native2bn ? 3_1_0 EXIST::FUNCTION: -BN_signed_bn2native ? 3_1_0 EXIST::FUNCTION: -ASYNC_set_mem_functions ? 3_1_0 EXIST::FUNCTION: -ASYNC_get_mem_functions ? 3_1_0 EXIST::FUNCTION: -BIO_ADDR_dup ? 3_1_0 EXIST::FUNCTION:SOCK -OSSL_CMP_CTX_get0_validatedSrvCert ? 3_1_0 EXIST::FUNCTION:CMP -OSSL_CRMF_CERTTEMPLATE_get0_publicKey ? 3_1_0 EXIST::FUNCTION:CRMF -CMS_final_digest ? 3_1_0 EXIST::FUNCTION:CMS -CMS_EnvelopedData_it ? 3_1_0 EXIST::FUNCTION:CMS -CMS_EnvelopedData_decrypt ? 3_1_0 EXIST::FUNCTION:CMS -CMS_SignedData_free ? 3_1_0 EXIST::FUNCTION:CMS -CMS_SignedData_new ? 3_1_0 EXIST::FUNCTION:CMS -CMS_SignedData_verify ? 3_1_0 EXIST::FUNCTION:CMS +X509_PUBKEY_set0_public_key ? 3_2_0 EXIST::FUNCTION: +OSSL_STACK_OF_X509_free ? 3_2_0 EXIST::FUNCTION: +EVP_MD_CTX_dup ? 3_2_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_dup ? 3_2_0 EXIST::FUNCTION: +BN_signed_bin2bn ? 3_2_0 EXIST::FUNCTION: +BN_signed_bn2bin ? 3_2_0 EXIST::FUNCTION: +BN_signed_lebin2bn ? 3_2_0 EXIST::FUNCTION: +BN_signed_bn2lebin ? 3_2_0 EXIST::FUNCTION: +BN_signed_native2bn ? 3_2_0 EXIST::FUNCTION: +BN_signed_bn2native ? 3_2_0 EXIST::FUNCTION: +ASYNC_set_mem_functions ? 3_2_0 EXIST::FUNCTION: +ASYNC_get_mem_functions ? 3_2_0 EXIST::FUNCTION: +BIO_ADDR_dup ? 3_2_0 EXIST::FUNCTION:SOCK +OSSL_CMP_CTX_get0_validatedSrvCert ? 3_2_0 EXIST::FUNCTION:CMP +OSSL_CRMF_CERTTEMPLATE_get0_publicKey ? 3_2_0 EXIST::FUNCTION:CRMF +CMS_final_digest ? 3_2_0 EXIST::FUNCTION:CMS +CMS_EnvelopedData_it ? 3_2_0 EXIST::FUNCTION:CMS +CMS_EnvelopedData_decrypt ? 3_2_0 EXIST::FUNCTION:CMS +CMS_SignedData_free ? 3_2_0 EXIST::FUNCTION:CMS +CMS_SignedData_new ? 3_2_0 EXIST::FUNCTION:CMS +CMS_SignedData_verify ? 3_2_0 EXIST::FUNCTION:CMS OPENSSL_strcasecmp ? 3_0_3 EXIST::FUNCTION: OPENSSL_strncasecmp ? 3_0_3 EXIST::FUNCTION: -BIO_s_dgram_mem ? 3_1_0 EXIST::FUNCTION: -BIO_recvmmsg ? 3_1_0 EXIST::FUNCTION: -BIO_sendmmsg ? 3_1_0 EXIST::FUNCTION: -BIO_meth_set_sendmmsg ? 3_1_0 EXIST::FUNCTION: -BIO_meth_get_sendmmsg ? 3_1_0 EXIST::FUNCTION: -BIO_meth_set_recvmmsg ? 3_1_0 EXIST::FUNCTION: -BIO_meth_get_recvmmsg ? 3_1_0 EXIST::FUNCTION: -BIO_err_is_non_fatal ? 3_1_0 EXIST::FUNCTION:SOCK -X509_get_default_cert_uri ? 3_1_0 EXIST::FUNCTION: -X509_get_default_cert_uri_env ? 3_1_0 EXIST::FUNCTION: -X509_get_default_cert_path_env ? 3_1_0 EXIST::FUNCTION: -BIO_s_dgram_pair ? 3_1_0 EXIST::FUNCTION:DGRAM -BIO_new_bio_dgram_pair ? 3_1_0 EXIST::FUNCTION:DGRAM -EVP_PKEY_auth_encapsulate_init ? 3_1_0 EXIST::FUNCTION: -EVP_PKEY_auth_decapsulate_init ? 3_1_0 EXIST::FUNCTION: -PKCS12_SAFEBAG_set0_attrs ? 3_1_0 EXIST::FUNCTION: -PKCS12_create_ex2 ? 3_1_0 EXIST::FUNCTION: -OSSL_sleep ? 3_1_0 EXIST::FUNCTION: +BIO_s_dgram_mem ? 3_2_0 EXIST::FUNCTION: +BIO_recvmmsg ? 3_2_0 EXIST::FUNCTION: +BIO_sendmmsg ? 3_2_0 EXIST::FUNCTION: +BIO_meth_set_sendmmsg ? 3_2_0 EXIST::FUNCTION: +BIO_meth_get_sendmmsg ? 3_2_0 EXIST::FUNCTION: +BIO_meth_set_recvmmsg ? 3_2_0 EXIST::FUNCTION: +BIO_meth_get_recvmmsg ? 3_2_0 EXIST::FUNCTION: +BIO_err_is_non_fatal ? 3_2_0 EXIST::FUNCTION:SOCK +X509_get_default_cert_uri ? 3_2_0 EXIST::FUNCTION: +X509_get_default_cert_uri_env ? 3_2_0 EXIST::FUNCTION: +X509_get_default_cert_path_env ? 3_2_0 EXIST::FUNCTION: +BIO_s_dgram_pair ? 3_2_0 EXIST::FUNCTION:DGRAM +BIO_new_bio_dgram_pair ? 3_2_0 EXIST::FUNCTION:DGRAM +EVP_PKEY_auth_encapsulate_init ? 3_2_0 EXIST::FUNCTION: +EVP_PKEY_auth_decapsulate_init ? 3_2_0 EXIST::FUNCTION: +PKCS12_SAFEBAG_set0_attrs ? 3_2_0 EXIST::FUNCTION: +PKCS12_create_ex2 ? 3_2_0 EXIST::FUNCTION: +OSSL_sleep ? 3_2_0 EXIST::FUNCTION: diff --git a/util/libssl.num b/util/libssl.num index f38012075c..adb095bd53 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -520,7 +520,7 @@ SSL_load_client_CA_file_ex 520 3_0_0 EXIST::FUNCTION: SSL_set0_tmp_dh_pkey 521 3_0_0 EXIST::FUNCTION: SSL_CTX_set0_tmp_dh_pkey 522 3_0_0 EXIST::FUNCTION: SSL_group_to_name 523 3_0_0 EXIST::FUNCTION: -SSL_client_hello_get_extension_order ? 3_1_0 EXIST::FUNCTION: -OSSL_QUIC_client_method ? 3_1_0 EXIST::FUNCTION:QUIC -OSSL_QUIC_client_thread_method ? 3_1_0 EXIST::FUNCTION:QUIC -OSSL_QUIC_server_method ? 3_1_0 EXIST::FUNCTION:QUIC +SSL_client_hello_get_extension_order ? 3_2_0 EXIST::FUNCTION: +OSSL_QUIC_client_method ? 3_2_0 EXIST::FUNCTION:QUIC +OSSL_QUIC_client_thread_method ? 3_2_0 EXIST::FUNCTION:QUIC +OSSL_QUIC_server_method ? 3_2_0 EXIST::FUNCTION:QUIC