-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mac: deprecate low level calls to CMAC and HMAC. #10836
Conversation
CMAC is complete. HMAC is more problematic. |
Bringing this out of WiP for review. The Travis failure isn't relevant. |
* Test 10: TLSv1.2, ticket key callback, ticket, renewal | ||
* Test 11: TLSv1.3, ticket key callback, ticket, renewal | ||
*/ | ||
static int test_ticket_callbacks(int tst) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Surely test_ticket_callbacks
and test_old_ticket_callbacks
can be combined in some way. Virtually of the code is identical. Tests 0-7 are identical aren't they (no ticket key callback)? Probably we should have just one function with tests 12-15 added which use the new callback instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought about this but got worried about the #ifdefs. I'll revisit the idea.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This ended up pretty clean.
I think that's all the comments addressed. |
b55e515
to
37af71e
Compare
Ping? |
This does look good enough to me, but I would like to see @mattcaswell pitch in one last time as well before approval. |
Use of the low level CMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3).
Use of the low level HMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3).
Backwards compatibility with the old ticket key call back is maintained. This will be removed when the low level HMAC APIs are finally removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Merged to master. Thanks for the positive input. |
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #10836)
Use of the low level CMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #10836)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #10836)
Use of the low level HMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #10836)
Backwards compatibility with the old ticket key call back is maintained. This will be removed when the low level HMAC APIs are finally removed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #10836)
Use of the low level CMAC and HMAC functions has been informally discouraged for a long time. We now formally deprecate them.