[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Feb 11 22:55:21 UTC 2020
The branch master has been updated
via 663247bf1181043d168a542b0d0d56cc0318e2f7 (commit)
via 1ddf2594e18137aeb7ce861e54f46824db76e36f (commit)
via c2ec4a16f79cec06b5449bd8728f2e03fa16e22b (commit)
via 343f0e4a8182ca5c07d9c527f6d681c4109c0700 (commit)
via 57ea7a7a9793a214473302719869c2d41510fc61 (commit)
via c15c538a3dba5dd7a8a6ba1eaca133542b76c34f (commit)
via f41ac0eeab9d2889d44e3acf6ff1e8274d03d73e (commit)
via 7f6deaf68e42e979a2084989db2c32193825d1b3 (commit)
via c5d9414e096c3c269591ecaa71d95d48d19d9608 (commit)
from 97b50f67f212589661c9f1edd5285822c6cc642b (commit)
- Log -----------------------------------------------------------------
commit 663247bf1181043d168a542b0d0d56cc0318e2f7
Author: Pauli <paul.dale at oracle.com>
Date: Mon Feb 10 10:23:57 2020 +1000
Add NEWS entry about deprecation of command line public tools
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
commit 1ddf2594e18137aeb7ce861e54f46824db76e36f
Author: Pauli <paul.dale at oracle.com>
Date: Fri Feb 7 08:09:53 2020 +1000
dsa: deprecate applications that depend on the low level DSA functions.
speed is updated to not support DSA instead of being removed.
The dhparam, dsaparam, dsa and gendsa commands are deprecated but still
exist without NO_DEPRECATED defined.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
commit c2ec4a16f79cec06b5449bd8728f2e03fa16e22b
Author: Pauli <paul.dale at oracle.com>
Date: Wed Feb 5 11:27:23 2020 +1000
app: add a deprecation warning to all deprecated commands.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
commit 343f0e4a8182ca5c07d9c527f6d681c4109c0700
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Feb 6 12:12:49 2020 +0100
test/recipes/80-test_ssl_old.t: Replace 'openssl gendsa'
Use 'openssl genpkey' instead.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10977)
commit 57ea7a7a9793a214473302719869c2d41510fc61
Author: Pauli <paul.dale at oracle.com>
Date: Fri Feb 7 09:00:15 2020 +1000
test_dsa: fix deprecation logic
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
commit c15c538a3dba5dd7a8a6ba1eaca133542b76c34f
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Feb 6 12:10:23 2020 +0100
test/recipes/15-test_dsa.t: Deal with deprecation of 'openssl dsa'
Do not run programs that depend on deprecated APIs when
'no-deprecated' is configured.
We still retain the conversion tests that use 'openssl pkey', and add
the one that's missing.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10977)
commit f41ac0eeab9d2889d44e3acf6ff1e8274d03d73e
Author: Pauli <paul.dale at oracle.com>
Date: Thu Jan 30 07:23:39 2020 +1000
Deprecate the low level DSA functions.
Use of the low level DSA functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
commit 7f6deaf68e42e979a2084989db2c32193825d1b3
Author: Pauli <paul.dale at oracle.com>
Date: Wed Jan 29 14:40:43 2020 +1000
dsa.h: fix preprocessor indentation
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
commit c5d9414e096c3c269591ecaa71d95d48d19d9608
Author: Pauli <paul.dale at oracle.com>
Date: Mon Feb 3 11:41:31 2020 +1000
DSA: fix the DSA parameter logic in test.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 26 ++
NEWS | 3 +
apps/build.info | 4 +
apps/dhparam.c | 5 +-
apps/dsa.c | 6 +-
apps/dsaparam.c | 5 +-
apps/gendsa.c | 5 +-
apps/include/function.h | 3 +
apps/openssl.c | 13 +
apps/progs.c | 348 ++++++++++-----------
apps/progs.pl | 27 +-
apps/speed.c | 26 +-
crypto/asn1/d2i_pu.c | 6 +
crypto/asn1/i2d_pu.c | 6 +
crypto/dh/dh_pmeth.c | 6 +
crypto/dsa/dsa_ameth.c | 6 +
crypto/dsa/dsa_asn1.c | 6 +
crypto/dsa/dsa_depr.c | 6 +
crypto/dsa/dsa_gen.c | 6 +
crypto/dsa/dsa_key.c | 6 +
crypto/dsa/dsa_lib.c | 6 +
crypto/dsa/dsa_meth.c | 2 +
crypto/dsa/dsa_ossl.c | 6 +
crypto/dsa/dsa_pmeth.c | 6 +
crypto/dsa/dsa_prn.c | 6 +
crypto/dsa/dsa_sign.c | 6 +
crypto/dsa/dsa_vrf.c | 6 +
crypto/evp/p_lib.c | 6 +
crypto/pem/pem_all.c | 6 +
crypto/pem/pem_info.c | 6 +
crypto/pem/pvkfmt.c | 6 +
crypto/x509/x_pubkey.c | 6 +
doc/man1/openssl-dhparam.pod.in | 8 +
doc/man1/openssl-dsa.pod.in | 8 +
doc/man1/openssl-dsaparam.pod.in | 8 +
doc/man1/openssl-gendsa.pod.in | 8 +
doc/man3/DSA_meth_new.pod | 12 +-
doc/man3/DSA_size.pod | 15 +
doc/man3/RSA_print.pod | 24 +-
fuzz/asn1.c | 6 +-
include/openssl/dsa.h | 267 ++++++++--------
providers/implementations/keymgmt/dsa_kmgmt.c | 6 +
.../implementations/serializers/serializer_dsa.c | 6 +
.../serializers/serializer_dsa_param.c | 6 +
.../serializers/serializer_dsa_priv.c | 6 +
.../serializers/serializer_dsa_pub.c | 6 +
providers/implementations/signature/dsa.c | 6 +
test/build.info | 21 +-
test/dsa_no_digest_size_test.c | 6 +
test/dsatest.c | 6 +
test/evp_extra_test.c | 11 +-
test/recipes/15-test_dsa.t | 41 ++-
test/recipes/80-test_ssl_old.t | 6 +-
util/libcrypto.num | 98 +++---
54 files changed, 762 insertions(+), 406 deletions(-)
diff --git a/CHANGES b/CHANGES
index 72201c3f69..535269d0a8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -21,6 +21,32 @@
options of the apps.
[Kurt Roeckx]
+ *) The command line utilities dhparam, dsa, gendsa and dsaparam have been
+ deprecated. Instead use the pkeyparam, pkey, genpkey and pkeyparam
+ programs respectively.
+ [Paul Dale]
+
+ *) All of the low level DSA functions have been deprecated including:
+
+ DSA_do_sign, DSA_do_verify, DSA_OpenSSL, DSA_set_default_method,
+ DSA_get_default_method, DSA_set_method, DSA_get_method, DSA_new_method,
+ DSA_sign_setup, DSA_sign, DSA_verify, DSA_get_ex_new_index,
+ DSA_set_ex_data, DSA_get_ex_data, DSA_generate_parameters_ex,
+ DSA_generate_key, DSA_meth_new, DSA_get0_engine, DSA_meth_free,
+ DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags,
+ DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data,
+ DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup,
+ DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify,
+ DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp,
+ DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init,
+ DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
+ DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
+
+ Use of these low level functions has been informally discouraged for a long
+ time. Instead applications should use L<EVP_DigestSignInit_ex(3)>,
+ L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
+ [Paul Dale]
+
*) Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC.
This means that applications don't have to look at the curve NID and
diff --git a/NEWS b/NEWS
index 4d7f0d01c6..ac3372dca5 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@
Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
+ o The algorithm specific public key command line applications have
+ been deprecated. These include dhparam, gendsa and others. The pkey
+ alternatives should be used intead: pkey, pkeyparam and genpkey.
o X509 certificates signed using SHA1 are no longer allowed at security
level 1 or higher. The default security level for TLS is 1, so
certificates signed using SHA1 are by default no longer trusted to
diff --git a/apps/build.info b/apps/build.info
index f49edb4d44..c8835d765c 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -31,6 +31,10 @@ IF[{- !$disabled{apps} -}]
SOURCE[openssl]=openssl.rc
ENDIF
+ IF[{- !$disabled{'deprecated-3.0'} -}]
+ SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c
+ ENDIF
+
SCRIPTS{misc}=CA.pl
SOURCE[CA.pl]=CA.pl.in
# linkname tells build files that a symbolic link or copy of this script
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 7a61241f92..e2a5b7946d 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -7,8 +7,11 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use some deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DH
+#if defined(OPENSSL_NO_DH) || defined(OPENSSL_NO_DEPRECATED_3_0)
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/apps/dsa.c b/apps/dsa.c
index f0c9fc1c52..0156ff8373 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -7,8 +7,11 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use the deprecated DSA_print */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
+#if defined(OPENSSL_NO_DSA) || defined(OPENSSL_NO_DEPRECATED_3_0)
NON_EMPTY_TRANSLATION_UNIT
#else
@@ -173,6 +176,7 @@ int dsa_main(int argc, char **argv)
EVP_PKEY_free(pkey);
}
}
+
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 17068fb9d0..25b86d5cc6 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -7,8 +7,11 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use some deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
+#if defined(OPENSSL_NO_DSA) || defined(OPENSSL_NO_DEPRECATED_3_0)
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 12806ef2dd..686168c692 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -7,8 +7,11 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use some deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
+#if defined(OPENSSL_NO_DSA) || defined(OPENSSL_NO_DEPRECATED_3_0)
NON_EMPTY_TRANSLATION_UNIT
#else
diff --git a/apps/include/function.h b/apps/include/function.h
index 1911a64947..28eb3e5d1c 100644
--- a/apps/include/function.h
+++ b/apps/include/function.h
@@ -13,6 +13,8 @@
# include <openssl/lhash.h>
# include "opt.h"
+#define DEPRECATED_NO_ALTERNATIVE "unknown"
+
typedef enum FUNC_TYPE {
FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
FT_md_alg, FT_cipher_alg
@@ -23,6 +25,7 @@ typedef struct function_st {
const char *name;
int (*func)(int argc, char *argv[]);
const OPTIONS *help;
+ const char *deprecated_alternative;
} FUNCTION;
DEFINE_LHASH_OF(FUNCTION);
diff --git a/apps/openssl.c b/apps/openssl.c
index 00ad9ca0bd..cafe4046e6 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -47,6 +47,15 @@ BIO *bio_in = NULL;
BIO *bio_out = NULL;
BIO *bio_err = NULL;
+static void warn_deprecated(const char *pname,
+ const char *deprecated_alternative)
+{
+ BIO_printf(bio_err, "The command %s is deprecated.", pname);
+ if (strcmp(deprecated_alternative, DEPRECATED_NO_ALTERNATIVE) != 0)
+ BIO_printf(bio_err, " Use '%s' instead.", deprecated_alternative);
+ BIO_printf(bio_err, "\n");
+}
+
static int apps_startup(void)
{
#ifdef SIGPIPE
@@ -277,6 +286,8 @@ int main(int argc, char *argv[])
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp != NULL) {
argv[0] = pname;
+ if (fp->deprecated_alternative != NULL)
+ warn_deprecated(pname, fp->deprecated_alternative);
ret = fp->func(argc, argv);
goto end;
}
@@ -470,6 +481,8 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
}
}
if (fp != NULL) {
+ if (fp->deprecated_alternative != NULL)
+ warn_deprecated(fp->name, fp->deprecated_alternative);
return fp->func(argc, argv);
}
if ((strncmp(argv[0], "no-", 3)) == 0) {
diff --git a/apps/progs.c b/apps/progs.c
index 82cd19bed6..eba50e8daf 100644
--- a/apps/progs.c
+++ b/apps/progs.c
@@ -13,388 +13,388 @@
#include "progs.h"
FUNCTION functions[] = {
- {FT_general, "asn1parse", asn1parse_main, asn1parse_options},
- {FT_general, "ca", ca_main, ca_options},
+ {FT_general, "asn1parse", asn1parse_main, asn1parse_options, NULL},
+ {FT_general, "ca", ca_main, ca_options, NULL},
#ifndef OPENSSL_NO_SOCK
- {FT_general, "ciphers", ciphers_main, ciphers_options},
+ {FT_general, "ciphers", ciphers_main, ciphers_options, NULL},
#endif
#ifndef OPENSSL_NO_CMS
- {FT_general, "cms", cms_main, cms_options},
+ {FT_general, "cms", cms_main, cms_options, NULL},
#endif
- {FT_general, "crl", crl_main, crl_options},
- {FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options},
- {FT_general, "dgst", dgst_main, dgst_options},
-#ifndef OPENSSL_NO_DH
- {FT_general, "dhparam", dhparam_main, dhparam_options},
+ {FT_general, "crl", crl_main, crl_options, NULL},
+ {FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options, NULL},
+ {FT_general, "dgst", dgst_main, dgst_options, NULL},
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ {FT_general, "dhparam", dhparam_main, dhparam_options, "pkeyparam"},
#endif
-#ifndef OPENSSL_NO_DSA
- {FT_general, "dsa", dsa_main, dsa_options},
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ {FT_general, "dsa", dsa_main, dsa_options, "pkey"},
#endif
-#ifndef OPENSSL_NO_DSA
- {FT_general, "dsaparam", dsaparam_main, dsaparam_options},
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ {FT_general, "dsaparam", dsaparam_main, dsaparam_options, "pkeyparam"},
#endif
#ifndef OPENSSL_NO_EC
- {FT_general, "ec", ec_main, ec_options},
+ {FT_general, "ec", ec_main, ec_options, NULL},
#endif
#ifndef OPENSSL_NO_EC
- {FT_general, "ecparam", ecparam_main, ecparam_options},
+ {FT_general, "ecparam", ecparam_main, ecparam_options, NULL},
#endif
- {FT_general, "enc", enc_main, enc_options},
+ {FT_general, "enc", enc_main, enc_options, NULL},
#ifndef OPENSSL_NO_ENGINE
- {FT_general, "engine", engine_main, engine_options},
+ {FT_general, "engine", engine_main, engine_options, NULL},
#endif
- {FT_general, "errstr", errstr_main, errstr_options},
- {FT_general, "fipsinstall", fipsinstall_main, fipsinstall_options},
-#ifndef OPENSSL_NO_DSA
- {FT_general, "gendsa", gendsa_main, gendsa_options},
+ {FT_general, "errstr", errstr_main, errstr_options, NULL},
+ {FT_general, "fipsinstall", fipsinstall_main, fipsinstall_options, NULL},
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ {FT_general, "gendsa", gendsa_main, gendsa_options, "genpkey"},
#endif
- {FT_general, "genpkey", genpkey_main, genpkey_options},
+ {FT_general, "genpkey", genpkey_main, genpkey_options, NULL},
#ifndef OPENSSL_NO_RSA
- {FT_general, "genrsa", genrsa_main, genrsa_options},
-#endif
- {FT_general, "help", help_main, help_options},
- {FT_general, "info", info_main, info_options},
- {FT_general, "kdf", kdf_main, kdf_options},
- {FT_general, "list", list_main, list_options},
- {FT_general, "mac", mac_main, mac_options},
- {FT_general, "nseq", nseq_main, nseq_options},
+ {FT_general, "genrsa", genrsa_main, genrsa_options, NULL},
+#endif
+ {FT_general, "help", help_main, help_options, NULL},
+ {FT_general, "info", info_main, info_options, NULL},
+ {FT_general, "kdf", kdf_main, kdf_options, NULL},
+ {FT_general, "list", list_main, list_options, NULL},
+ {FT_general, "mac", mac_main, mac_options, NULL},
+ {FT_general, "nseq", nseq_main, nseq_options, NULL},
#ifndef OPENSSL_NO_OCSP
- {FT_general, "ocsp", ocsp_main, ocsp_options},
+ {FT_general, "ocsp", ocsp_main, ocsp_options, NULL},
#endif
- {FT_general, "passwd", passwd_main, passwd_options},
+ {FT_general, "passwd", passwd_main, passwd_options, NULL},
#ifndef OPENSSL_NO_DES
- {FT_general, "pkcs12", pkcs12_main, pkcs12_options},
-#endif
- {FT_general, "pkcs7", pkcs7_main, pkcs7_options},
- {FT_general, "pkcs8", pkcs8_main, pkcs8_options},
- {FT_general, "pkey", pkey_main, pkey_options},
- {FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options},
- {FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options},
- {FT_general, "prime", prime_main, prime_options},
- {FT_general, "provider", provider_main, provider_options},
- {FT_general, "rand", rand_main, rand_options},
- {FT_general, "rehash", rehash_main, rehash_options},
- {FT_general, "req", req_main, req_options},
- {FT_general, "rsa", rsa_main, rsa_options},
+ {FT_general, "pkcs12", pkcs12_main, pkcs12_options, NULL},
+#endif
+ {FT_general, "pkcs7", pkcs7_main, pkcs7_options, NULL},
+ {FT_general, "pkcs8", pkcs8_main, pkcs8_options, NULL},
+ {FT_general, "pkey", pkey_main, pkey_options, NULL},
+ {FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options, NULL},
+ {FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options, NULL},
+ {FT_general, "prime", prime_main, prime_options, NULL},
+ {FT_general, "provider", provider_main, provider_options, NULL},
+ {FT_general, "rand", rand_main, rand_options, NULL},
+ {FT_general, "rehash", rehash_main, rehash_options, NULL},
+ {FT_general, "req", req_main, req_options, NULL},
+ {FT_general, "rsa", rsa_main, rsa_options, NULL},
#ifndef OPENSSL_NO_RSA
- {FT_general, "rsautl", rsautl_main, rsautl_options},
+ {FT_general, "rsautl", rsautl_main, rsautl_options, NULL},
#endif
#ifndef OPENSSL_NO_SOCK
- {FT_general, "s_client", s_client_main, s_client_options},
+ {FT_general, "s_client", s_client_main, s_client_options, NULL},
#endif
#ifndef OPENSSL_NO_SOCK
- {FT_general, "s_server", s_server_main, s_server_options},
+ {FT_general, "s_server", s_server_main, s_server_options, NULL},
#endif
#ifndef OPENSSL_NO_SOCK
- {FT_general, "s_time", s_time_main, s_time_options},
+ {FT_general, "s_time", s_time_main, s_time_options, NULL},
#endif
- {FT_general, "sess_id", sess_id_main, sess_id_options},
- {FT_general, "smime", smime_main, smime_options},
- {FT_general, "speed", speed_main, speed_options},
- {FT_general, "spkac", spkac_main, spkac_options},
+ {FT_general, "sess_id", sess_id_main, sess_id_options, NULL},
+ {FT_general, "smime", smime_main, smime_options, NULL},
+ {FT_general, "speed", speed_main, speed_options, NULL},
+ {FT_general, "spkac", spkac_main, spkac_options, NULL},
#ifndef OPENSSL_NO_SRP
- {FT_general, "srp", srp_main, srp_options},
+ {FT_general, "srp", srp_main, srp_options, NULL},
#endif
- {FT_general, "storeutl", storeutl_main, storeutl_options},
+ {FT_general, "storeutl", storeutl_main, storeutl_options, NULL},
#ifndef OPENSSL_NO_TS
- {FT_general, "ts", ts_main, ts_options},
+ {FT_general, "ts", ts_main, ts_options, NULL},
#endif
- {FT_general, "verify", verify_main, verify_options},
- {FT_general, "version", version_main, version_options},
- {FT_general, "x509", x509_main, x509_options},
+ {FT_general, "verify", verify_main, verify_options, NULL},
+ {FT_general, "version", version_main, version_options, NULL},
+ {FT_general, "x509", x509_main, x509_options, NULL},
#ifndef OPENSSL_NO_MD2
- {FT_md, "md2", dgst_main},
+ {FT_md, "md2", dgst_main, NULL, NULL},
#endif
#ifndef OPENSSL_NO_MD4
- {FT_md, "md4", dgst_main},
+ {FT_md, "md4", dgst_main, NULL, NULL},
#endif
- {FT_md, "md5", dgst_main},
+ {FT_md, "md5", dgst_main, NULL, NULL},
#ifndef OPENSSL_NO_GOST
- {FT_md, "gost", dgst_main},
-#endif
- {FT_md, "sha1", dgst_main},
- {FT_md, "sha224", dgst_main},
- {FT_md, "sha256", dgst_main},
- {FT_md, "sha384", dgst_main},
- {FT_md, "sha512", dgst_main},
- {FT_md, "sha512-224", dgst_main},
- {FT_md, "sha512-256", dgst_main},
- {FT_md, "sha3-224", dgst_main},
- {FT_md, "sha3-256", dgst_main},
- {FT_md, "sha3-384", dgst_main},
- {FT_md, "sha3-512", dgst_main},
- {FT_md, "shake128", dgst_main},
- {FT_md, "shake256", dgst_main},
+ {FT_md, "gost", dgst_main, NULL, NULL},
+#endif
+ {FT_md, "sha1", dgst_main, NULL, NULL},
+ {FT_md, "sha224", dgst_main, NULL, NULL},
+ {FT_md, "sha256", dgst_main, NULL, NULL},
+ {FT_md, "sha384", dgst_main, NULL, NULL},
+ {FT_md, "sha512", dgst_main, NULL, NULL},
+ {FT_md, "sha512-224", dgst_main, NULL, NULL},
+ {FT_md, "sha512-256", dgst_main, NULL, NULL},
+ {FT_md, "sha3-224", dgst_main, NULL, NULL},
+ {FT_md, "sha3-256", dgst_main, NULL, NULL},
+ {FT_md, "sha3-384", dgst_main, NULL, NULL},
+ {FT_md, "sha3-512", dgst_main, NULL, NULL},
+ {FT_md, "shake128", dgst_main, NULL, NULL},
+ {FT_md, "shake256", dgst_main, NULL, NULL},
#ifndef OPENSSL_NO_MDC2
- {FT_md, "mdc2", dgst_main},
+ {FT_md, "mdc2", dgst_main, NULL, NULL},
#endif
#ifndef OPENSSL_NO_RMD160
- {FT_md, "rmd160", dgst_main},
+ {FT_md, "rmd160", dgst_main, NULL, NULL},
#endif
#ifndef OPENSSL_NO_BLAKE2
- {FT_md, "blake2b512", dgst_main},
+ {FT_md, "blake2b512", dgst_main, NULL, NULL},
#endif
#ifndef OPENSSL_NO_BLAKE2
- {FT_md, "blake2s256", dgst_main},
+ {FT_md, "blake2s256", dgst_main, NULL, NULL},
#endif
#ifndef OPENSSL_NO_SM3
- {FT_md, "sm3", dgst_main},
-#endif
- {FT_cipher, "aes-128-cbc", enc_main, enc_options},
- {FT_cipher, "aes-128-ecb", enc_main, enc_options},
- {FT_cipher, "aes-192-cbc", enc_main, enc_options},
- {FT_cipher, "aes-192-ecb", enc_main, enc_options},
- {FT_cipher, "aes-256-cbc", enc_main, enc_options},
- {FT_cipher, "aes-256-ecb", enc_main, enc_options},
+ {FT_md, "sm3", dgst_main, NULL, NULL},
+#endif
+ {FT_cipher, "aes-128-cbc", enc_main, enc_options, NULL},
+ {FT_cipher, "aes-128-ecb", enc_main, enc_options, NULL},
+ {FT_cipher, "aes-192-cbc", enc_main, enc_options, NULL},
+ {FT_cipher, "aes-192-ecb", enc_main, enc_options, NULL},
+ {FT_cipher, "aes-256-cbc", enc_main, enc_options, NULL},
+ {FT_cipher, "aes-256-ecb", enc_main, enc_options, NULL},
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-128-cbc", enc_main, enc_options},
+ {FT_cipher, "aria-128-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-128-cfb", enc_main, enc_options},
+ {FT_cipher, "aria-128-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-128-ctr", enc_main, enc_options},
+ {FT_cipher, "aria-128-ctr", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-128-ecb", enc_main, enc_options},
+ {FT_cipher, "aria-128-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-128-ofb", enc_main, enc_options},
+ {FT_cipher, "aria-128-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-128-cfb1", enc_main, enc_options},
+ {FT_cipher, "aria-128-cfb1", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-128-cfb8", enc_main, enc_options},
+ {FT_cipher, "aria-128-cfb8", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-192-cbc", enc_main, enc_options},
+ {FT_cipher, "aria-192-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-192-cfb", enc_main, enc_options},
+ {FT_cipher, "aria-192-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-192-ctr", enc_main, enc_options},
+ {FT_cipher, "aria-192-ctr", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-192-ecb", enc_main, enc_options},
+ {FT_cipher, "aria-192-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-192-ofb", enc_main, enc_options},
+ {FT_cipher, "aria-192-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-192-cfb1", enc_main, enc_options},
+ {FT_cipher, "aria-192-cfb1", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-192-cfb8", enc_main, enc_options},
+ {FT_cipher, "aria-192-cfb8", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-256-cbc", enc_main, enc_options},
+ {FT_cipher, "aria-256-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-256-cfb", enc_main, enc_options},
+ {FT_cipher, "aria-256-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-256-ctr", enc_main, enc_options},
+ {FT_cipher, "aria-256-ctr", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-256-ecb", enc_main, enc_options},
+ {FT_cipher, "aria-256-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-256-ofb", enc_main, enc_options},
+ {FT_cipher, "aria-256-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-256-cfb1", enc_main, enc_options},
+ {FT_cipher, "aria-256-cfb1", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_ARIA
- {FT_cipher, "aria-256-cfb8", enc_main, enc_options},
+ {FT_cipher, "aria-256-cfb8", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAMELLIA
- {FT_cipher, "camellia-128-cbc", enc_main, enc_options},
+ {FT_cipher, "camellia-128-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAMELLIA
- {FT_cipher, "camellia-128-ecb", enc_main, enc_options},
+ {FT_cipher, "camellia-128-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAMELLIA
- {FT_cipher, "camellia-192-cbc", enc_main, enc_options},
+ {FT_cipher, "camellia-192-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAMELLIA
- {FT_cipher, "camellia-192-ecb", enc_main, enc_options},
+ {FT_cipher, "camellia-192-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAMELLIA
- {FT_cipher, "camellia-256-cbc", enc_main, enc_options},
+ {FT_cipher, "camellia-256-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAMELLIA
- {FT_cipher, "camellia-256-ecb", enc_main, enc_options},
+ {FT_cipher, "camellia-256-ecb", enc_main, enc_options, NULL},
#endif
- {FT_cipher, "base64", enc_main, enc_options},
+ {FT_cipher, "base64", enc_main, enc_options, NULL},
#ifdef ZLIB
- {FT_cipher, "zlib", enc_main, enc_options},
+ {FT_cipher, "zlib", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des", enc_main, enc_options},
+ {FT_cipher, "des", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des3", enc_main, enc_options},
+ {FT_cipher, "des3", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "desx", enc_main, enc_options},
+ {FT_cipher, "desx", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_IDEA
- {FT_cipher, "idea", enc_main, enc_options},
+ {FT_cipher, "idea", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SEED
- {FT_cipher, "seed", enc_main, enc_options},
+ {FT_cipher, "seed", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC4
- {FT_cipher, "rc4", enc_main, enc_options},
+ {FT_cipher, "rc4", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC4
- {FT_cipher, "rc4-40", enc_main, enc_options},
+ {FT_cipher, "rc4-40", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC2
- {FT_cipher, "rc2", enc_main, enc_options},
+ {FT_cipher, "rc2", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_BF
- {FT_cipher, "bf", enc_main, enc_options},
+ {FT_cipher, "bf", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAST
- {FT_cipher, "cast", enc_main, enc_options},
+ {FT_cipher, "cast", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC5
- {FT_cipher, "rc5", enc_main, enc_options},
+ {FT_cipher, "rc5", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ecb", enc_main, enc_options},
+ {FT_cipher, "des-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ede", enc_main, enc_options},
+ {FT_cipher, "des-ede", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ede3", enc_main, enc_options},
+ {FT_cipher, "des-ede3", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-cbc", enc_main, enc_options},
+ {FT_cipher, "des-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ede-cbc", enc_main, enc_options},
+ {FT_cipher, "des-ede-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ede3-cbc", enc_main, enc_options},
+ {FT_cipher, "des-ede3-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-cfb", enc_main, enc_options},
+ {FT_cipher, "des-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ede-cfb", enc_main, enc_options},
+ {FT_cipher, "des-ede-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ede3-cfb", enc_main, enc_options},
+ {FT_cipher, "des-ede3-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ofb", enc_main, enc_options},
+ {FT_cipher, "des-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ede-ofb", enc_main, enc_options},
+ {FT_cipher, "des-ede-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_DES
- {FT_cipher, "des-ede3-ofb", enc_main, enc_options},
+ {FT_cipher, "des-ede3-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_IDEA
- {FT_cipher, "idea-cbc", enc_main, enc_options},
+ {FT_cipher, "idea-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_IDEA
- {FT_cipher, "idea-ecb", enc_main, enc_options},
+ {FT_cipher, "idea-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_IDEA
- {FT_cipher, "idea-cfb", enc_main, enc_options},
+ {FT_cipher, "idea-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_IDEA
- {FT_cipher, "idea-ofb", enc_main, enc_options},
+ {FT_cipher, "idea-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SEED
- {FT_cipher, "seed-cbc", enc_main, enc_options},
+ {FT_cipher, "seed-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SEED
- {FT_cipher, "seed-ecb", enc_main, enc_options},
+ {FT_cipher, "seed-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SEED
- {FT_cipher, "seed-cfb", enc_main, enc_options},
+ {FT_cipher, "seed-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SEED
- {FT_cipher, "seed-ofb", enc_main, enc_options},
+ {FT_cipher, "seed-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC2
- {FT_cipher, "rc2-cbc", enc_main, enc_options},
+ {FT_cipher, "rc2-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC2
- {FT_cipher, "rc2-ecb", enc_main, enc_options},
+ {FT_cipher, "rc2-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC2
- {FT_cipher, "rc2-cfb", enc_main, enc_options},
+ {FT_cipher, "rc2-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC2
- {FT_cipher, "rc2-ofb", enc_main, enc_options},
+ {FT_cipher, "rc2-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC2
- {FT_cipher, "rc2-64-cbc", enc_main, enc_options},
+ {FT_cipher, "rc2-64-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC2
- {FT_cipher, "rc2-40-cbc", enc_main, enc_options},
+ {FT_cipher, "rc2-40-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_BF
- {FT_cipher, "bf-cbc", enc_main, enc_options},
+ {FT_cipher, "bf-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_BF
- {FT_cipher, "bf-ecb", enc_main, enc_options},
+ {FT_cipher, "bf-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_BF
- {FT_cipher, "bf-cfb", enc_main, enc_options},
+ {FT_cipher, "bf-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_BF
- {FT_cipher, "bf-ofb", enc_main, enc_options},
+ {FT_cipher, "bf-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAST
- {FT_cipher, "cast5-cbc", enc_main, enc_options},
+ {FT_cipher, "cast5-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAST
- {FT_cipher, "cast5-ecb", enc_main, enc_options},
+ {FT_cipher, "cast5-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAST
- {FT_cipher, "cast5-cfb", enc_main, enc_options},
+ {FT_cipher, "cast5-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAST
- {FT_cipher, "cast5-ofb", enc_main, enc_options},
+ {FT_cipher, "cast5-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_CAST
- {FT_cipher, "cast-cbc", enc_main, enc_options},
+ {FT_cipher, "cast-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC5
- {FT_cipher, "rc5-cbc", enc_main, enc_options},
+ {FT_cipher, "rc5-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC5
- {FT_cipher, "rc5-ecb", enc_main, enc_options},
+ {FT_cipher, "rc5-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC5
- {FT_cipher, "rc5-cfb", enc_main, enc_options},
+ {FT_cipher, "rc5-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_RC5
- {FT_cipher, "rc5-ofb", enc_main, enc_options},
+ {FT_cipher, "rc5-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SM4
- {FT_cipher, "sm4-cbc", enc_main, enc_options},
+ {FT_cipher, "sm4-cbc", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SM4
- {FT_cipher, "sm4-ecb", enc_main, enc_options},
+ {FT_cipher, "sm4-ecb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SM4
- {FT_cipher, "sm4-cfb", enc_main, enc_options},
+ {FT_cipher, "sm4-cfb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SM4
- {FT_cipher, "sm4-ofb", enc_main, enc_options},
+ {FT_cipher, "sm4-ofb", enc_main, enc_options, NULL},
#endif
#ifndef OPENSSL_NO_SM4
- {FT_cipher, "sm4-ctr", enc_main, enc_options},
+ {FT_cipher, "sm4-ctr", enc_main, enc_options, NULL},
#endif
- {0, NULL, NULL}
+ {0, NULL, NULL, NULL, NULL}
};
diff --git a/apps/progs.pl b/apps/progs.pl
index 1b304a03a7..4f1d1c29af 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -94,20 +94,33 @@ EOF
ciphers => "sock",
genrsa => "rsa",
rsautl => "rsa",
- gendsa => "dsa",
- dsaparam => "dsa",
gendh => "dh",
- dhparam => "dh",
ecparam => "ec",
pkcs12 => "des",
);
+ my %cmd_deprecated = (
+ dhparam => [ "3_0", "pkeyparam", "dh" ],
+ dsaparam => [ "3_0", "pkeyparam", "dsa" ],
+ dsa => [ "3_0", "pkey", "dsa" ],
+ gendsa => [ "3_0", "genpkey", "dsa" ],
+ );
print "FUNCTION functions[] = {\n";
foreach my $cmd ( @ARGV ) {
my $str =
- " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options},\n";
+ " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options, NULL},\n";
if ($cmd =~ /^s_/) {
print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n";
+ } elsif (my $deprecated = $cmd_deprecated{$cmd}) {
+ my @dep = @{$deprecated};
+ print "#if ";
+ if ($dep[2]) {
+ print "!defined(OPENSSL_NO_" . uc($dep[2]) . ") && ";
+ }
+ print "!defined(OPENSSL_NO_DEPRECATED_" . $dep[0] . ")";
+ my $dalt = "\"" . $dep[1] . "\"";
+ $str =~ s/NULL/$dalt/;
+ print "\n${str}#endif\n";
} elsif (grep { $cmd eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
} elsif (my $disabler = $cmd_disabler{$cmd}) {
@@ -131,7 +144,7 @@ EOF
"mdc2", "rmd160", "blake2b512", "blake2s256",
"sm3"
) {
- my $str = " {FT_md, \"$cmd\", dgst_main},\n";
+ my $str = " {FT_md, \"$cmd\", dgst_main, NULL, NULL},\n";
if (grep { $cmd eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
} elsif (my $disabler = $md_disabler{$cmd}) {
@@ -177,7 +190,7 @@ EOF
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb",
"sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr"
) {
- my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options},\n";
+ my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options, NULL},\n";
(my $algo = $cmd) =~ s/-.*//g;
if ($cmd eq "zlib") {
print "#ifdef ZLIB\n${str}#endif\n";
@@ -190,5 +203,5 @@ EOF
}
}
- print " {0, NULL, NULL}\n};\n";
+ print " {0, NULL, NULL, NULL, NULL}\n};\n";
}
diff --git a/apps/speed.c b/apps/speed.c
index 17f2cf3924..0e94e7cae6 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -99,7 +99,7 @@
# include "./testrsa.h"
#endif
#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
# include <openssl/dsa.h>
# include "./testdsa.h"
#endif
@@ -406,7 +406,7 @@ static const OPT_PAIR doit_choices[] = {
static double results[ALGOR_NUM][SIZE_NUM];
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM };
static const OPT_PAIR dsa_choices[DSA_NUM] = {
{"dsa512", R_DSA_512},
@@ -545,7 +545,7 @@ typedef struct loopargs_st {
#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
@@ -1066,7 +1066,7 @@ static int RSA_verify_loop(void *args)
}
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static long dsa_c[DSA_NUM][2];
static int DSA_sign_loop(void *args)
{
@@ -1520,7 +1520,7 @@ int speed_main(int argc, char **argv)
uint8_t rsa_doit[RSA_NUM] = { 0 };
int primes = RSA_DEFAULT_PRIME_NUM;
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
uint8_t dsa_doit[DSA_NUM] = { 0 };
#endif
@@ -1760,7 +1760,7 @@ int speed_main(int argc, char **argv)
}
}
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (strncmp(algo, "dsa", 3) == 0) {
if (algo[3] == '\0') {
memset(dsa_doit, 1, sizeof(dsa_doit));
@@ -1912,7 +1912,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_RSA
memset(rsa_doit, 1, sizeof(rsa_doit));
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
memset(dsa_doit, 1, sizeof(dsa_doit));
#endif
#ifndef OPENSSL_NO_EC
@@ -1952,7 +1952,7 @@ int speed_main(int argc, char **argv)
}
}
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (i = 0; i < loopargs_len; i++) {
loopargs[i].dsa_key[0] = get_dsa(512);
loopargs[i].dsa_key[1] = get_dsa(1024);
@@ -2120,7 +2120,7 @@ int speed_main(int argc, char **argv)
}
# endif
-# ifndef OPENSSL_NO_DSA
+# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
dsa_c[R_DSA_512][0] = count / 1000;
dsa_c[R_DSA_512][1] = count / 1000 / 2;
for (i = 1; i < DSA_NUM; i++) {
@@ -2955,7 +2955,7 @@ int speed_main(int argc, char **argv)
if (RAND_bytes(loopargs[i].buf, 36) <= 0)
goto end;
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (testnum = 0; testnum < DSA_NUM; testnum++) {
int st = 0;
if (!dsa_doit[testnum])
@@ -3582,7 +3582,7 @@ int speed_main(int argc, char **argv)
rsa_results[k][0], rsa_results[k][1]);
}
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
testnum = 1;
for (k = 0; k < DSA_NUM; k++) {
if (!dsa_doit[k])
@@ -3695,7 +3695,7 @@ int speed_main(int argc, char **argv)
for (k = 0; k < RSA_NUM; k++)
RSA_free(loopargs[i].rsa_key[k]);
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (k = 0; k < DSA_NUM; k++)
DSA_free(loopargs[i].dsa_key[k]);
#endif
@@ -3901,7 +3901,7 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep));
rsa_results[k][1] += d;
}
-# ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
else if (strncmp(buf, "+F3:", 4) == 0) {
int k;
double d;
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 4b26ec0400..8688bb677e 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
index 8195dda881..b14668823d 100644
--- a/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 38935fd9e2..3b163bbe4e 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index a68928497e..9715a75d0d 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index ba1cbad2ae..5586b6a6c3 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dsa_local.h"
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index 2b363e2642..5c8f9af2b9 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -12,6 +12,12 @@
* version(s).
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
/*
* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
* also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index aa6b84c091..ac5907c4f8 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/opensslconf.h>
#include <stdio.h>
#include "internal/cryptlib.h"
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index e0a3c82570..00e7213b97 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 334ee747dd..11f09891b2 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c
index 226ea34085..0a46002bd6 100644
--- a/crypto/dsa/dsa_meth.c
+++ b/crypto/dsa/dsa_meth.c
@@ -19,6 +19,7 @@
#include <string.h>
#include <openssl/err.h>
+#ifndef OPENSSL_NO_DEPRECATED_3_0
DSA_METHOD *DSA_meth_new(const char *name, int flags)
{
DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam));
@@ -222,3 +223,4 @@ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
dsam->dsa_keygen = keygen;
return 1;
}
+#endif
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 91cb83396d..6ff22e8c87 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include "crypto/bn.h"
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 0ab5372bac..008a607bc6 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c
index 4bc4b0d11c..65edf63d41 100644
--- a/crypto/dsa/dsa_prn.c
+++ b/crypto/dsa/dsa_prn.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index d3e8cfa1ff..1ee9272ced 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/bn.h>
#include "internal/cryptlib.h"
#include "dsa_local.h"
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index cf4412b5e1..329c07ad79 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/cryptlib.h"
#include "dsa_local.h"
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 76b4df1dc3..98e0704347 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index ba98371d46..d4b069d326 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bio.h>
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 919769ae4f..6c8eb2a919 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 95bd4da3f5..7f9de421f1 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -12,6 +12,12 @@
* and PRIVATEKEYBLOB).
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/cryptlib.h"
#include <openssl/pem.h>
#include <openssl/rand.h>
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index a583813b58..c4d2806ea1 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in
index 9da15f7ad2..906af1c25c 100644
--- a/doc/man1/openssl-dhparam.pod.in
+++ b/doc/man1/openssl-dhparam.pod.in
@@ -29,6 +29,9 @@ B<openssl dhparam>
=head1 DESCRIPTION
+This command has been deprecated.
+The L<openssl-pkeyparam(1)> command should be used instead.
+
This command is used to manipulate DH parameter files.
=head1 OPTIONS
@@ -125,8 +128,13 @@ There should be a way to generate and manipulate DH keys.
=head1 SEE ALSO
L<openssl(1)>,
+L<openssl-pkeyparam(1)>,
L<openssl-dsaparam(1)>
+=head1 HISTORY
+
+This command was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
index 548d36874f..4ba948a41b 100644
--- a/doc/man1/openssl-dsa.pod.in
+++ b/doc/man1/openssl-dsa.pod.in
@@ -42,6 +42,9 @@ B<openssl> B<dsa>
=head1 DESCRIPTION
+This command has been deprecated.
+The L<openssl-pkey(1)> command should be used instead.
+
This command processes DSA keys. They can be converted between various
forms and their components printed out. B<Note> This command uses the
traditional SSLeay compatible format for private key encryption: newer
@@ -147,11 +150,16 @@ To just output the public part of a private key:
=head1 SEE ALSO
L<openssl(1)>,
+L<openssl-pkey(1)>,
L<openssl-dsaparam(1)>,
L<openssl-gendsa(1)>,
L<openssl-rsa(1)>,
L<openssl-genrsa(1)>
+=head1 HISTORY
+
+This command was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in
index bab743672f..51d44bd9ac 100644
--- a/doc/man1/openssl-dsaparam.pod.in
+++ b/doc/man1/openssl-dsaparam.pod.in
@@ -24,6 +24,9 @@ B<openssl dsaparam>
=head1 DESCRIPTION
+This command has been deprecated.
+The L<openssl-pkeyparam(1)> command should be used instead.
+
This command is used to manipulate or generate DSA parameter files.
DSA parameter generation can be a slow process and as a result the same set of
@@ -95,11 +98,16 @@ the input file (if any) is ignored.
=head1 SEE ALSO
L<openssl(1)>,
+L<openssl-pkeyparam(1)>,
L<openssl-gendsa(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-rsa(1)>
+=head1 HISTORY
+
+This command was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in
index e98d662a5a..f1f8fe5b91 100644
--- a/doc/man1/openssl-gendsa.pod.in
+++ b/doc/man1/openssl-gendsa.pod.in
@@ -32,6 +32,9 @@ B<openssl> B<gendsa>
=head1 DESCRIPTION
+This command has been deprecated.
+The L<openssl-genpkey(1)> command should be used instead.
+
This command generates a DSA private key from a DSA parameter file
(which will be typically generated by the L<openssl-dsaparam(1)> command).
@@ -83,11 +86,16 @@ much quicker that RSA key generation for example.
=head1 SEE ALSO
L<openssl(1)>,
+L<openssl-genpkey(1)>,
L<openssl-dsaparam(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-rsa(1)>
+=head1 HISTORY
+
+This command was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/DSA_meth_new.pod b/doc/man3/DSA_meth_new.pod
index c5e6ccd052..1e23c0e694 100644
--- a/doc/man3/DSA_meth_new.pod
+++ b/doc/man3/DSA_meth_new.pod
@@ -16,6 +16,10 @@ DSA_meth_set_keygen - Routines to build up DSA methods
#include <openssl/dsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
DSA_METHOD *DSA_meth_new(const char *name, int flags);
void DSA_meth_free(DSA_METHOD *dsam);
@@ -86,6 +90,10 @@ DSA_meth_set_keygen - Routines to build up DSA methods
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications and extension implementations should instead use the
+OSSL_PROVIDER APIs.
+
The B<DSA_METHOD> type is a structure used for the provision of custom DSA
implementations. It provides a set of functions used by OpenSSL for the
implementation of the various DSA capabilities.
@@ -200,11 +208,13 @@ L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_get0_pqg(3)>
=head1 HISTORY
+The functions described here were deprecated in OpenSSL 3.0.
+
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod
index e74b32580f..473ab985ff 100644
--- a/doc/man3/DSA_size.pod
+++ b/doc/man3/DSA_size.pod
@@ -8,12 +8,20 @@ DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or secu
#include <openssl/dsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int DSA_size(const DSA *dsa);
int DSA_bits(const DSA *dsa);
int DSA_security_bits(const DSA *dsa);
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_bits(3)>,
+L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+
DSA_size() returns the maximum size of an ASN.1 encoded DSA signature
for key B<dsa> in bytes. It can be used to determine how much memory must
be allocated for a DSA signature.
@@ -34,8 +42,15 @@ DSA_bits() returns the number of bits in the key.
=head1 SEE ALSO
+L<EVP_PKEY_bits(3)>,
+L<EVP_PKEY_security_bits(3)>,
+L<EVP_PKEY_size(3)>,
L<DSA_new(3)>, L<DSA_sign(3)>
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/RSA_print.pod b/doc/man3/RSA_print.pod
index a0904b66b0..8318b5528b 100644
--- a/doc/man3/RSA_print.pod
+++ b/doc/man3/RSA_print.pod
@@ -10,11 +10,19 @@ DHparams_print, DHparams_print_fp - print cryptographic parameters
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_print(BIO *bp, RSA *x, int offset);
int RSA_print_fp(FILE *fp, RSA *x, int offset);
#include <openssl/dsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int DSAparams_print(BIO *bp, DSA *x);
int DSAparams_print_fp(FILE *fp, DSA *x);
int DSA_print(BIO *bp, DSA *x, int offset);
@@ -22,11 +30,19 @@ DHparams_print, DHparams_print_fp - print cryptographic parameters
#include <openssl/dh.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int DHparams_print(BIO *bp, DH *x);
int DHparams_print_fp(FILE *fp, DH *x);
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_print_params(3)> and
+L<EVP_PKEY_print_private(3)>.
+
A human-readable hexadecimal output of the components of the RSA
key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
@@ -38,7 +54,13 @@ These functions return 1 on success, 0 on error.
=head1 SEE ALSO
-L<BN_bn2bin(3)>
+ L<EVP_PKEY_print_params(3)>,
+ L<EVP_PKEY_print_private(3)>,
+ L<BN_bn2bin(3)>
+
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 0dbccb0698..846bb8fa3d 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -334,9 +334,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
#endif
#ifndef OPENSSL_NO_DSA
DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);
- DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print);
- DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print);
- DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print);
+ DO_TEST_NO_PRINT(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey);
+ DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey);
+ DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams);
#endif
DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
#ifndef OPENSSL_NO_EC
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 9697a9cafd..5fe87bee1a 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -19,33 +19,35 @@
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_DSA
-# ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
-# endif
-# include <openssl/e_os2.h>
-# include <openssl/asn1.h>
-# include <openssl/bio.h>
-# include <openssl/crypto.h>
-# include <openssl/types.h>
-# include <openssl/bn.h>
-# ifndef OPENSSL_NO_DEPRECATED_1_1_0
-# include <openssl/dh.h>
-# endif
-# include <openssl/dsaerr.h>
+# endif
+# include <openssl/e_os2.h>
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/types.h>
+# include <openssl/bn.h>
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# include <openssl/dh.h>
+# endif
+# include <openssl/dsaerr.h>
-# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
-# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
-# endif
+# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
+# endif
-# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-# define DSA_FLAG_CACHE_MONT_P 0x01
-# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
-# define DSA_FLAG_NO_EXP_CONSTTIME 0x00
-# endif
+# define DSA_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define DSA_FLAG_CACHE_MONT_P 0x01
/*
* If this flag is set the DSA method is FIPS compliant and can be used in
@@ -54,7 +56,7 @@ extern "C" {
* result is compliant.
*/
-# define DSA_FLAG_FIPS_METHOD 0x0400
+# define DSA_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
@@ -62,8 +64,9 @@ extern "C" {
* usage is compliant.
*/
-# define DSA_FLAG_NON_FIPS_ALLOW 0x0400
-# define DSA_FLAG_FIPS_CHECKED 0x0800
+# define DSA_FLAG_NON_FIPS_ALLOW 0x0400
+# define DSA_FLAG_FIPS_CHECKED 0x0800
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/* Already defined in ossl_typ.h */
/* typedef struct dsa_st DSA; */
@@ -71,12 +74,20 @@ extern "C" {
typedef struct DSA_SIG_st DSA_SIG;
-# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
- (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
-# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
- (unsigned char *)(x))
-# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
-# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of(DSA,i2d_DSAparams,bp,x)
+/*
+ * TODO(3.0): consider removing the ASN.1 encoding and decoding when
+ * deserialisation is completed elsewhere.
+ */
+# define d2i_DSAparams_fp(fp, x) \
+ (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+ (char *(*)())d2i_DSAparams, (fp), \
+ (unsigned char **)(x))
+# define i2d_DSAparams_fp(fp, x) \
+ ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x))
+# define d2i_DSAparams_bio(bp, x) \
+ ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x)
+# define i2d_DSAparams_bio(bp, x) \
+ ASN1_i2d_bio_of(DSA, i2d_DSAparams, bp, x)
DECLARE_ASN1_DUP_FUNCTION_name(DSA, DSAparams)
DSA_SIG *DSA_SIG_new(void);
@@ -85,35 +96,41 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA_SIG, DSA_SIG)
void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-int DSA_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
+DEPRECATEDIN_3_0(DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa))
+DEPRECATEDIN_3_0(int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa))
-const DSA_METHOD *DSA_OpenSSL(void);
+DEPRECATEDIN_3_0(const DSA_METHOD *DSA_OpenSSL(void))
-void DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_method(void);
-int DSA_set_method(DSA *dsa, const DSA_METHOD *);
-const DSA_METHOD *DSA_get_method(DSA *d);
+DEPRECATEDIN_3_0(void DSA_set_default_method(const DSA_METHOD *))
+DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_default_method(void))
+DEPRECATEDIN_3_0(int DSA_set_method(DSA *dsa, const DSA_METHOD *))
+DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_method(DSA *d))
DSA *DSA_new(void);
-DSA *DSA_new_method(ENGINE *engine);
+DEPRECATEDIN_3_0(DSA *DSA_new_method(ENGINE *engine))
void DSA_free(DSA *r);
/* "up" the DSA object's reference count */
int DSA_up_ref(DSA *r);
-int DSA_size(const DSA *);
-int DSA_bits(const DSA *d);
-int DSA_security_bits(const DSA *d);
+DEPRECATEDIN_3_0(int DSA_size(const DSA *))
+DEPRECATEDIN_3_0(int DSA_bits(const DSA *d))
+DEPRECATEDIN_3_0(int DSA_security_bits(const DSA *d))
/* next 4 return -1 on error */
-DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
-int DSA_sign(int type, const unsigned char *dgst, int dlen,
- unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
- const unsigned char *sigbuf, int siglen, DSA *dsa);
-#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
-int DSA_set_ex_data(DSA *d, int idx, void *arg);
-void *DSA_get_ex_data(DSA *d, int idx);
+DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp))
+DEPRECATEDIN_3_0(int DSA_sign(int type, const unsigned char *dgst, int dlen,
+ unsigned char *sig, unsigned int *siglen,
+ DSA *dsa))
+DEPRECATEDIN_3_0(int DSA_verify(int type, const unsigned char *dgst,
+ int dgst_len, const unsigned char *sigbuf,
+ int siglen, DSA *dsa))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
+# endif
+DEPRECATEDIN_3_0(int DSA_set_ex_data(DSA *d, int idx, void *arg))
+DEPRECATEDIN_3_0(void *DSA_get_ex_data(DSA *d, int idx))
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPublicKey)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPrivateKey)
@@ -130,53 +147,56 @@ DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
void *cb_arg))
/* New version */
-int DSA_generate_parameters_ex(DSA *dsa, int bits,
- const unsigned char *seed, int seed_len,
- int *counter_ret, unsigned long *h_ret,
- BN_GENCB *cb);
-
-int DSA_generate_key(DSA *a);
-
-int DSAparams_print(BIO *bp, const DSA *x);
-int DSA_print(BIO *bp, const DSA *x, int off);
-# ifndef OPENSSL_NO_STDIO
-int DSAparams_print_fp(FILE *fp, const DSA *x);
-int DSA_print_fp(FILE *bp, const DSA *x, int off);
-# endif
+DEPRECATEDIN_3_0(int DSA_generate_parameters_ex(DSA *dsa, int bits,
+ const unsigned char *seed,
+ int seed_len, int *counter_ret,
+ unsigned long *h_ret,
+ BN_GENCB *cb))
+
+DEPRECATEDIN_3_0(int DSA_generate_key(DSA *a))
+
+DEPRECATEDIN_3_0(int DSAparams_print(BIO *bp, const DSA *x))
+DEPRECATEDIN_3_0(int DSA_print(BIO *bp, const DSA *x, int off))
+# ifndef OPENSSL_NO_STDIO
+DEPRECATEDIN_3_0(int DSAparams_print_fp(FILE *fp, const DSA *x))
+DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off))
+# endif
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-# define DSS_prime_checks 64
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define DSS_prime_checks 64
/*
* Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
* have one value here we set the number of checks to 64 which is the 128 bit
* security level that is the highest level and valid for creating a 3072 bit
* DSA key.
*/
-# define DSA_is_prime(n, callback, cb_arg) \
- BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
-# endif
+# define DSA_is_prime(n, callback, cb_arg) \
+ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+# endif
-# ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
/*
* Convert DSA structure (key or just parameters) into DH structure (be
* careful to avoid small subgroup attacks when using this!)
+ *
+ * TODO(3.0): figure out how to remove this monstrosity
*/
DH *DSA_dup_DH(const DSA *r);
-# endif
+# endif
-# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL)
-# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md))
+# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
+# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL)
+# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md))
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
void DSA_get0_pqg(const DSA *d,
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
@@ -192,55 +212,54 @@ const BIGNUM *DSA_get0_priv_key(const DSA *d);
void DSA_clear_flags(DSA *d, int flags);
int DSA_test_flags(const DSA *d, int flags);
void DSA_set_flags(DSA *d, int flags);
-ENGINE *DSA_get0_engine(DSA *d);
-
-DSA_METHOD *DSA_meth_new(const char *name, int flags);
-void DSA_meth_free(DSA_METHOD *dsam);
-DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
-const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
-int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
-int DSA_meth_get_flags(const DSA_METHOD *dsam);
-int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
-void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
-int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
-DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
- (const unsigned char *, int, DSA *);
-int DSA_meth_set_sign(DSA_METHOD *dsam,
- DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
-int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
- (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
-int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
- int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
-int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
- (const unsigned char *, int, DSA_SIG *, DSA *);
-int DSA_meth_set_verify(DSA_METHOD *dsam,
- int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
-int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+DEPRECATEDIN_3_0(ENGINE *DSA_get0_engine(DSA *d))
+
+DEPRECATEDIN_3_0(DSA_METHOD *DSA_meth_new(const char *name, int flags))
+DEPRECATEDIN_3_0(void DSA_meth_free(DSA_METHOD *dsam))
+DEPRECATEDIN_3_0(DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam))
+DEPRECATEDIN_3_0(const char *DSA_meth_get0_name(const DSA_METHOD *dsam))
+DEPRECATEDIN_3_0(int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name))
+DEPRECATEDIN_3_0(int DSA_meth_get_flags(const DSA_METHOD *dsam))
+DEPRECATEDIN_3_0(int DSA_meth_set_flags(DSA_METHOD *dsam, int flags))
+DEPRECATEDIN_3_0(void *DSA_meth_get0_app_data(const DSA_METHOD *dsam))
+DEPRECATEDIN_3_0(int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data))
+DEPRECATEDIN_3_0(DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+ (const unsigned char *, int, DSA *))
+DEPRECATEDIN_3_0(int DSA_meth_set_sign(DSA_METHOD *dsam,
+ DSA_SIG *(*sign) (const unsigned char *, int, DSA *)))
+DEPRECATEDIN_3_0(int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+ (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))
+DEPRECATEDIN_3_0(int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+ int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)))
+DEPRECATEDIN_3_0(int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+ (const unsigned char *, int, DSA_SIG *, DSA *))
+DEPRECATEDIN_3_0(int DSA_meth_set_verify(DSA_METHOD *dsam,
+ int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)))
+DEPRECATEDIN_3_0(int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
- const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
-int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+ const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+DEPRECATEDIN_3_0(int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
- BN_MONT_CTX *));
-int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+ BN_MONT_CTX *)))
+DEPRECATEDIN_3_0(int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
- BN_CTX *, BN_MONT_CTX *);
-int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+ BN_CTX *, BN_MONT_CTX *))
+DEPRECATEDIN_3_0(int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
- const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
-int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
-int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
-int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
-int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
-int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+ const BIGNUM *, BN_CTX *, BN_MONT_CTX *)))
+DEPRECATEDIN_3_0(int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *))
+DEPRECATEDIN_3_0(int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)))
+DEPRECATEDIN_3_0(int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *))
+DEPRECATEDIN_3_0(int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)))
+DEPRECATEDIN_3_0(int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
(DSA *, int, const unsigned char *, int, int *, unsigned long *,
- BN_GENCB *);
-int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+ BN_GENCB *))
+DEPRECATEDIN_3_0(int DSA_meth_set_paramgen(DSA_METHOD *dsam,
int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
- unsigned long *, BN_GENCB *));
-int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
-int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
-
+ unsigned long *, BN_GENCB *)))
+DEPRECATEDIN_3_0(int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *))
+DEPRECATEDIN_3_0(int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)))
# ifdef __cplusplus
}
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 00fa492b22..78c479e671 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/bn.h>
diff --git a/providers/implementations/serializers/serializer_dsa.c b/providers/implementations/serializers/serializer_dsa.c
index e24d66fc82..16ecb0d952 100644
--- a/providers/implementations/serializers/serializer_dsa.c
+++ b/providers/implementations/serializers/serializer_dsa.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/dsa.h>
#include <openssl/err.h>
#include "prov/bio.h" /* ossl_prov_bio_printf() */
diff --git a/providers/implementations/serializers/serializer_dsa_param.c b/providers/implementations/serializers/serializer_dsa_param.c
index 59549887af..bed37fe3b6 100644
--- a/providers/implementations/serializers/serializer_dsa_param.c
+++ b/providers/implementations/serializers/serializer_dsa_param.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/pem.h>
#include <openssl/dsa.h>
diff --git a/providers/implementations/serializers/serializer_dsa_priv.c b/providers/implementations/serializers/serializer_dsa_priv.c
index f3a9ef8f87..94ee86dd2f 100644
--- a/providers/implementations/serializers/serializer_dsa_priv.c
+++ b/providers/implementations/serializers/serializer_dsa_priv.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
diff --git a/providers/implementations/serializers/serializer_dsa_pub.c b/providers/implementations/serializers/serializer_dsa_pub.c
index 933f1efa4b..8fab41ec64 100644
--- a/providers/implementations/serializers/serializer_dsa_pub.c
+++ b/providers/implementations/serializers/serializer_dsa_pub.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/err.h>
#include <openssl/pem.h>
diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c
index 72cf71927d..6c5550bf42 100644
--- a/providers/implementations/signature/dsa.c
+++ b/providers/implementations/signature/dsa.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <string.h>
#include <openssl/crypto.h>
diff --git a/test/build.info b/test/build.info
index dcdc345b81..dfeabdbc5d 100644
--- a/test/build.info
+++ b/test/build.info
@@ -35,7 +35,7 @@ IF[{- !$disabled{tests} -}]
ectest ecstresstest gmdifftest pbelutest \
destest mdc2test \
dhtest enginetest \
- ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
+ ssltest_old exptest rsa_test \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@@ -121,14 +121,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[ssltest_old]=.. ../include ../apps/include
DEPEND[ssltest_old]=../libcrypto ../libssl
- SOURCE[dsatest]=dsatest.c
- INCLUDE[dsatest]=../include ../apps/include
- DEPEND[dsatest]=../libcrypto libtestutil.a
-
- SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c
- INCLUDE[dsa_no_digest_size_test]=../include ../apps/include
- DEPEND[dsa_no_digest_size_test]=../libcrypto libtestutil.a
-
SOURCE[exptest]=exptest.c
INCLUDE[exptest]=../include ../apps/include
DEPEND[exptest]=../libcrypto libtestutil.a
@@ -502,7 +494,7 @@ IF[{- !$disabled{tests} -}]
rdrand_sanitytest property_test ideatest \
rsa_sp800_56b_test bn_internal_test ecdsatest \
rc2test rc4test rc5test hmactest \
- asn1_dsa_internal_test
+ asn1_dsa_internal_test dsatest dsa_no_digest_size_test
IF[{- !$disabled{poly1305} -}]
PROGRAMS{noinst}=poly1305_internal_test
@@ -543,10 +535,19 @@ IF[{- !$disabled{tests} -}]
INCLUDE[x509_internal_test]=.. ../include ../apps/include
DEPEND[x509_internal_test]=../libcrypto.a libtestutil.a
+
SOURCE[ecdsatest]=ecdsatest.c
INCLUDE[ecdsatest]=../include ../apps/include
DEPEND[ecdsatest]=../libcrypto.a libtestutil.a
+ SOURCE[dsatest]=dsatest.c
+ INCLUDE[dsatest]=../include ../apps/include
+ DEPEND[dsatest]=../libcrypto.a libtestutil.a
+
+ SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c
+ INCLUDE[dsa_no_digest_size_test]=../include ../apps/include
+ DEPEND[dsa_no_digest_size_test]=../libcrypto.a libtestutil.a
+
SOURCE[tls13encryptiontest]=tls13encryptiontest.c
INCLUDE[tls13encryptiontest]=.. ../include ../apps/include
DEPEND[tls13encryptiontest]=../libcrypto ../libssl.a libtestutil.a
diff --git a/test/dsa_no_digest_size_test.c b/test/dsa_no_digest_size_test.c
index 81a563ad00..3ccf39ca30 100644
--- a/test/dsa_no_digest_size_test.c
+++ b/test/dsa_no_digest_size_test.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdlib.h>
#include <string.h>
diff --git a/test/dsatest.c b/test/dsatest.c
index 23991fa096..288efb71d0 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 024ef6ad17..5d3847e92f 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1263,11 +1263,14 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
|| !TEST_ptr(p)
|| !TEST_ptr(q)
|| !TEST_ptr(g)
- || !TEST_ptr(pub)
- || !DSA_set0_pqg(dsa, p, q, g)
- || !DSA_set0_key(dsa, pub, priv))
+ || !DSA_set0_pqg(dsa, p, q, g))
goto err;
- p = q = g = pub = priv = NULL;
+ p = q = g = NULL;
+ if (!TEST_ptr(pub)
+ || !TEST_ptr(priv)
+ || !DSA_set0_key(dsa, pub, priv))
+ goto err;
+ pub = priv = NULL;
pkey = EVP_PKEY_new();
if (!TEST_ptr(pkey)
diff --git a/test/recipes/15-test_dsa.t b/test/recipes/15-test_dsa.t
index eb22ed876e..aa8c75a93a 100644
--- a/test/recipes/15-test_dsa.t
+++ b/test/recipes/15-test_dsa.t
@@ -16,25 +16,40 @@ use OpenSSL::Test::Utils;
setup("test_dsa");
-plan tests => 6;
+plan skip_all => 'DSA is not supported in this build' if disabled('dsa');
+plan tests => 7;
+
+my $deprecated_dsa =
+ disabled('deprecated') || !defined config('api') || config('api') >= 30000;
require_ok(srctop_file('test','recipes','tconversion.pl'));
-ok(run(test(["dsatest"])), "running dsatest");
-ok(run(test(["dsa_no_digest_size_test"])), "running dsa_no_digest_size_test");
+ SKIP: {
+ skip "Skipping initial dsa tests", 2
+ if $deprecated_dsa;
+
+ ok(run(test(["dsatest"])), "running dsatest");
+ ok(run(test(["dsa_no_digest_size_test"])),
+ "running dsa_no_digest_size_test");
+}
SKIP: {
- skip "Skipping dsa conversion test", 3
- if disabled("dsa");
+ skip "Skipping dsa conversion test using 'openssl dsa'", 2
+ if $deprecated_dsa;
- subtest 'dsa conversions -- private key' => sub {
- tconversion("dsa", srctop_file("test","testdsa.pem"));
- };
- subtest 'dsa conversions -- private key PKCS#8' => sub {
- tconversion("dsa", srctop_file("test","testdsa.pem"), "pkey");
+ subtest "dsa conversions using 'openssl dsa' -- private key"> sub {
+ tconversion("dsa", srctop_file("test","testdsa.pem"));
};
- subtest 'dsa conversions -- public key' => sub {
- tconversion("msb", srctop_file("test","testdsapub.pem"), "dsa",
- "-pubin", "-pubout");
+ subtest "dsa conversions using 'openssl dsa' -- public key" => sub {
+ tconversion("msb", srctop_file("test","testdsapub.pem"), "dsa",
+ "-pubin", "-pubout");
};
}
+
+subtest "dsa conversions using 'openssl pkey' -- private key PKCS#8" => sub {
+ tconversion("dsa", srctop_file("test","testdsa.pem"), "pkey");
+};
+subtest "dsa conversions using 'openssl pkey' -- public key" => sub {
+ tconversion("dsa", srctop_file("test","testdsapub.pem"), "pkey",
+ "-pubin", "-pubout");
+};
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 2d213b7daa..d6e638d2f1 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -36,7 +36,7 @@ my $digest = "-sha1";
my @reqcmd = ("openssl", "req");
my @x509cmd = ("openssl", "x509", $digest);
my @verifycmd = ("openssl", "verify");
-my @gendsacmd = ("openssl", "gendsa");
+my @genpkeycmd = ("openssl", "genpkey");
my $dummycnf = srctop_file("apps", "openssl.cnf");
my $CAkey = "keyCA.ss";
@@ -178,8 +178,8 @@ sub testss {
SKIP: {
$ENV{CN2} = "DSA Certificate";
skip 'failure', 4 unless
- ok(run(app([@gendsacmd, "-out", $Dkey,
- $dsaparams],
+ ok(run(app([@genpkeycmd, "-out", $Dkey,
+ "-paramfile", $dsaparams],
stdout => "err.ss")),
"make a DSA key");
skip 'failure', 3 unless
diff --git a/util/libcrypto.num b/util/libcrypto.num
index aa6ce17e7d..29e37b4a41 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -88,7 +88,7 @@ d2i_OCSP_RESPBYTES 89 3_0_0 EXIST::FUNCTION:OCSP
TS_REQ_get_ext_by_NID 90 3_0_0 EXIST::FUNCTION:TS
ASN1_item_ndef_i2d 91 3_0_0 EXIST::FUNCTION:
OCSP_archive_cutoff_new 92 3_0_0 EXIST::FUNCTION:OCSP
-DSA_size 93 3_0_0 EXIST::FUNCTION:DSA
+DSA_size 93 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
IPAddressRange_free 94 3_0_0 EXIST::FUNCTION:RFC3779
CMS_ContentInfo_free 95 3_0_0 EXIST::FUNCTION:CMS
BIO_accept 96 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
@@ -96,7 +96,7 @@ X509_VERIFY_PARAM_set1_policies 97 3_0_0 EXIST::FUNCTION:
SCT_set0_extensions 98 3_0_0 EXIST::FUNCTION:CT
PKCS5_pbe2_set_scrypt 99 3_0_0 EXIST::FUNCTION:SCRYPT
X509_find_by_subject 100 3_0_0 EXIST::FUNCTION:
-DSAparams_print 101 3_0_0 EXIST::FUNCTION:DSA
+DSAparams_print 101 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
BF_set_key 102 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
d2i_DHparams 103 3_0_0 EXIST::FUNCTION:DH
i2d_PKCS7_ENC_CONTENT 104 3_0_0 EXIST::FUNCTION:
@@ -222,7 +222,7 @@ ASN1_put_eoc 225 3_0_0 EXIST::FUNCTION:
EVP_MD_meth_set_input_blocksize 226 3_0_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_get0_attrs 227 3_0_0 EXIST::FUNCTION:
PKCS8_get_attr 228 3_0_0 EXIST::FUNCTION:
-DSAparams_print_fp 229 3_0_0 EXIST::FUNCTION:DSA,STDIO
+DSAparams_print_fp 229 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
EC_POINT_set_Jprojective_coordinates_GFp 230 3_0_0 EXIST::FUNCTION:EC
DIST_POINT_NAME_new 231 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_file 232 3_0_0 EXIST::FUNCTION:
@@ -269,7 +269,7 @@ CRYPTO_gcm128_tag 274 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_parse_url 275 3_0_0 EXIST::FUNCTION:
UI_get0_test_string 276 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_free 277 3_0_0 EXIST::FUNCTION:
-DSA_print_fp 278 3_0_0 EXIST::FUNCTION:DSA,STDIO
+DSA_print_fp 278 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
X509_get_ext_d2i 279 3_0_0 EXIST::FUNCTION:
d2i_PKCS7_ENC_CONTENT 280 3_0_0 EXIST::FUNCTION:
BUF_MEM_grow 281 3_0_0 EXIST::FUNCTION:
@@ -488,7 +488,7 @@ X509_INFO_new 497 3_0_0 EXIST::FUNCTION:
OCSP_RESPDATA_it 498 3_0_0 EXIST::FUNCTION:OCSP
X509_CRL_print 499 3_0_0 EXIST::FUNCTION:
WHIRLPOOL_Update 500 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL
-DSA_get_ex_data 501 3_0_0 EXIST::FUNCTION:DSA
+DSA_get_ex_data 501 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
BN_copy 502 3_0_0 EXIST::FUNCTION:
FIPS_mode_set 503 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_add0_policy 504 3_0_0 EXIST::FUNCTION:
@@ -497,7 +497,7 @@ X509_TRUST_get_trust 506 3_0_0 EXIST::FUNCTION:
DES_string_to_key 507 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
ERR_error_string 508 3_0_0 EXIST::FUNCTION:
BIO_new_connect 509 3_0_0 EXIST::FUNCTION:SOCK
-DSA_new_method 511 3_0_0 EXIST::FUNCTION:DSA
+DSA_new_method 511 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
OCSP_CERTID_new 512 3_0_0 EXIST::FUNCTION:OCSP
X509_CRL_get_signature_nid 513 3_0_0 EXIST::FUNCTION:
X509_policy_level_node_count 514 3_0_0 EXIST::FUNCTION:
@@ -760,7 +760,7 @@ PKCS7_add_attrib_smimecap 778 3_0_0 EXIST::FUNCTION:
ERR_peek_last_error_line_data 779 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_meth_set_sign 780 3_0_0 EXIST::FUNCTION:
ASN1_i2d_bio 781 3_0_0 EXIST::FUNCTION:
-DSA_verify 782 3_0_0 EXIST::FUNCTION:DSA
+DSA_verify 782 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
i2a_ASN1_OBJECT 783 3_0_0 EXIST::FUNCTION:
i2d_PKEY_USAGE_PERIOD 784 3_0_0 EXIST::FUNCTION:
DSA_new 785 3_0_0 EXIST::FUNCTION:DSA
@@ -1546,7 +1546,7 @@ PEM_write_X509_REQ_NEW 1579 3_0_0 EXIST::FUNCTION:STDIO
CONF_imodule_set_usr_data 1580 3_0_0 EXIST::FUNCTION:
d2i_TS_RESP_fp 1581 3_0_0 EXIST::FUNCTION:STDIO,TS
X509_policy_tree_get0_user_policies 1582 3_0_0 EXIST::FUNCTION:
-DSA_do_sign 1584 3_0_0 EXIST::FUNCTION:DSA
+DSA_do_sign 1584 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
EVP_CIPHER_CTX_reset 1585 3_0_0 EXIST::FUNCTION:
OCSP_REVOKEDINFO_new 1586 3_0_0 EXIST::FUNCTION:OCSP
SRP_Verify_A_mod_N 1587 3_0_0 EXIST::FUNCTION:SRP
@@ -1821,7 +1821,7 @@ X509_PURPOSE_get0 1863 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_DSA 1864 3_0_0 EXIST::FUNCTION:DSA
X509_NAME_it 1865 3_0_0 EXIST::FUNCTION:
OBJ_add_object 1866 3_0_0 EXIST::FUNCTION:
-DSA_generate_key 1867 3_0_0 EXIST::FUNCTION:DSA
+DSA_generate_key 1867 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
EVP_DigestUpdate 1868 3_0_0 EXIST::FUNCTION:
X509_get_ext_by_OBJ 1869 3_0_0 EXIST::FUNCTION:
PBEPARAM_new 1870 3_0_0 EXIST::FUNCTION:
@@ -1954,7 +1954,7 @@ PEM_read_PrivateKey 1999 3_0_0 EXIST::FUNCTION:STDIO
X509V3_get_d2i 2000 3_0_0 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_sign 2001 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_free 2002 3_0_0 EXIST::FUNCTION:TS
-DSA_security_bits 2003 3_0_0 EXIST::FUNCTION:DSA
+DSA_security_bits 2003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
X509v3_addr_is_canonical 2004 3_0_0 EXIST::FUNCTION:RFC3779
BN_mod_mul_reciprocal 2005 3_0_0 EXIST::FUNCTION:
TS_REQ_get_version 2006 3_0_0 EXIST::FUNCTION:TS
@@ -2162,7 +2162,7 @@ EVP_idea_ecb 2209 3_0_0 EXIST::FUNCTION:IDEA
i2d_TS_ACCURACY 2210 3_0_0 EXIST::FUNCTION:TS
ASN1_VISIBLESTRING_free 2211 3_0_0 EXIST::FUNCTION:
NCONF_load_bio 2212 3_0_0 EXIST::FUNCTION:
-DSA_get_default_method 2213 3_0_0 EXIST::FUNCTION:DSA
+DSA_get_default_method 2213 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
OPENSSL_LH_retrieve 2214 3_0_0 EXIST::FUNCTION:
CRYPTO_ccm128_decrypt_ccm64 2215 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_clock_precision_digits 2216 3_0_0 EXIST::FUNCTION:TS
@@ -2266,7 +2266,7 @@ HMAC_CTX_free 2313 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EC_POINT_new 2314 3_0_0 EXIST::FUNCTION:EC
PKCS7_ISSUER_AND_SERIAL_digest 2315 3_0_0 EXIST::FUNCTION:
EVP_des_ofb 2316 3_0_0 EXIST::FUNCTION:DES
-DSA_set_method 2317 3_0_0 EXIST::FUNCTION:DSA
+DSA_set_method 2317 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
EVP_PKEY_get1_RSA 2318 3_0_0 EXIST::FUNCTION:RSA
EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:EC
EVP_camellia_192_ofb 2320 3_0_0 EXIST::FUNCTION:CAMELLIA
@@ -2404,9 +2404,9 @@ d2i_TS_TST_INFO_bio 2454 3_0_0 EXIST::FUNCTION:TS
BIGNUM_it 2455 3_0_0 EXIST::FUNCTION:
BN_BLINDING_get_flags 2456 3_0_0 EXIST::FUNCTION:
X509_EXTENSION_get_critical 2457 3_0_0 EXIST::FUNCTION:
-DSA_set_default_method 2458 3_0_0 EXIST::FUNCTION:DSA
+DSA_set_default_method 2458 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
PEM_write_bio_DHxparams 2459 3_0_0 EXIST::FUNCTION:DH
-DSA_set_ex_data 2460 3_0_0 EXIST::FUNCTION:DSA
+DSA_set_ex_data 2460 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
BIO_s_datagram_sctp 2461 3_0_0 EXIST::FUNCTION:DGRAM,SCTP
SXNET_add_id_asc 2462 3_0_0 EXIST::FUNCTION:
X509_print_fp 2463 3_0_0 EXIST::FUNCTION:STDIO
@@ -2472,7 +2472,7 @@ i2d_USERNOTICE 2523 3_0_0 EXIST::FUNCTION:
d2i_NETSCAPE_SPKI 2524 3_0_0 EXIST::FUNCTION:
CRYPTO_mem_leaks 2525 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
BN_get_rfc3526_prime_1536 2526 3_0_0 EXIST::FUNCTION:DH
-DSA_sign 2527 3_0_0 EXIST::FUNCTION:DSA
+DSA_sign 2527 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
RAND_egd 2528 3_0_0 EXIST::FUNCTION:EGD
ASN1_d2i_bio 2529 3_0_0 EXIST::FUNCTION:
X509_REQ_digest 2531 3_0_0 EXIST::FUNCTION:
@@ -3296,7 +3296,7 @@ OCSP_SINGLERESP_get_ext_by_OBJ 3363 3_0_0 EXIST::FUNCTION:OCSP
ECDSA_SIG_get0 3364 3_0_0 EXIST::FUNCTION:EC
BN_set_word 3365 3_0_0 EXIST::FUNCTION:
ENGINE_set_flags 3366 3_0_0 EXIST::FUNCTION:ENGINE
-DSA_OpenSSL 3367 3_0_0 EXIST::FUNCTION:DSA
+DSA_OpenSSL 3367 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
CMS_RecipientInfo_kari_get0_alg 3368 3_0_0 EXIST::FUNCTION:CMS
PKCS7_ENVELOPE_new 3369 3_0_0 EXIST::FUNCTION:
EDIPARTYNAME_new 3370 3_0_0 EXIST::FUNCTION:
@@ -3451,7 +3451,7 @@ EVP_DecryptFinal_ex 3521 3_0_0 EXIST::FUNCTION:
SCT_get_signature_nid 3522 3_0_0 EXIST::FUNCTION:CT
PROXY_CERT_INFO_EXTENSION_new 3523 3_0_0 EXIST::FUNCTION:
EVP_bf_cbc 3524 3_0_0 EXIST::FUNCTION:BF
-DSA_do_verify 3525 3_0_0 EXIST::FUNCTION:DSA
+DSA_do_verify 3525 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
EC_GROUP_get_seed_len 3526 3_0_0 EXIST::FUNCTION:EC
EC_POINT_set_affine_coordinates_GF2m 3527 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M
TS_REQ_set_policy_id 3528 3_0_0 EXIST::FUNCTION:TS
@@ -3564,7 +3564,7 @@ SCT_get0_signature 3641 3_0_0 EXIST::FUNCTION:CT
DISPLAYTEXT_it 3643 3_0_0 EXIST::FUNCTION:
OPENSSL_gmtime_adj 3644 3_0_0 EXIST::FUNCTION:
ASN1_INTEGER_dup 3645 3_0_0 EXIST::FUNCTION:
-DSA_print 3646 3_0_0 EXIST::FUNCTION:DSA
+DSA_print 3646 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
X509_REQ_set_extension_nids 3647 3_0_0 EXIST::FUNCTION:
X509_free 3648 3_0_0 EXIST::FUNCTION:
ERR_load_ERR_strings 3649 3_0_0 EXIST::FUNCTION:
@@ -3597,7 +3597,7 @@ i2d_ASIdOrRange 3676 3_0_0 EXIST::FUNCTION:RFC3779
OCSP_url_svcloc_new 3677 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_mem_ctrl 3678 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
ASN1_verify 3679 3_0_0 EXIST::FUNCTION:
-DSA_generate_parameters_ex 3680 3_0_0 EXIST::FUNCTION:DSA
+DSA_generate_parameters_ex 3680 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
X509_sign 3681 3_0_0 EXIST::FUNCTION:
SHA256_Transform 3682 3_0_0 EXIST::FUNCTION:
BIO_ADDR_free 3683 3_0_0 EXIST::FUNCTION:SOCK
@@ -3868,42 +3868,42 @@ BIO_meth_get_destroy 3951 3_0_0 EXIST::FUNCTION:
BIO_meth_get_read 3952 3_0_0 EXIST::FUNCTION:
BIO_set_retry_reason 3953 3_0_0 EXIST::FUNCTION:
BIO_meth_free 3954 3_0_0 EXIST::FUNCTION:
-DSA_meth_set_bn_mod_exp 3955 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_init 3956 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_free 3957 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_mod_exp 3958 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_sign 3959 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_finish 3960 3_0_0 EXIST::FUNCTION:DSA
+DSA_meth_set_bn_mod_exp 3955 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_init 3956 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_free 3957 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_mod_exp 3958 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_sign 3959 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_get_finish 3960 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
DSA_set_flags 3961 3_0_0 EXIST::FUNCTION:DSA
DSA_get0_pqg 3962 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get0_app_data 3963 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_keygen 3964 3_0_0 EXIST::FUNCTION:DSA
+DSA_meth_get0_app_data 3963 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_get_keygen 3964 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
DSA_clear_flags 3965 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get0_name 3966 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_paramgen 3967 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_sign 3968 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_paramgen 3969 3_0_0 EXIST::FUNCTION:DSA
+DSA_meth_get0_name 3966 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_get_paramgen 3967 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_get_sign 3968 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_paramgen 3969 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
DSA_test_flags 3970 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set0_app_data 3971 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set1_name 3972 3_0_0 EXIST::FUNCTION:DSA
+DSA_meth_set0_app_data 3971 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set1_name 3972 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
DSA_get0_key 3973 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_mod_exp 3974 3_0_0 EXIST::FUNCTION:DSA
+DSA_meth_get_mod_exp 3974 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
DSA_set0_pqg 3975 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_flags 3976 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_verify 3977 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_verify 3978 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_finish 3979 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_keygen 3980 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_dup 3981 3_0_0 EXIST::FUNCTION:DSA
+DSA_meth_get_flags 3976 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_get_verify 3977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_verify 3978 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_finish 3979 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_keygen 3980 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_dup 3981 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
DSA_set0_key 3982 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_init 3983 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_sign_setup 3984 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_bn_mod_exp 3985 3_0_0 EXIST::FUNCTION:DSA
-DSA_get_method 3986 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_new 3987 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_set_flags 3988 3_0_0 EXIST::FUNCTION:DSA
-DSA_meth_get_sign_setup 3989 3_0_0 EXIST::FUNCTION:DSA
-DSA_get0_engine 3990 3_0_0 EXIST::FUNCTION:DSA
+DSA_meth_get_init 3983 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_sign_setup 3984 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_get_bn_mod_exp 3985 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_get_method 3986 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_new 3987 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_set_flags 3988 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_meth_get_sign_setup 3989 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
+DSA_get0_engine 3990 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
X509_VERIFY_PARAM_set_auth_level 3991 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_get_auth_level 3992 3_0_0 EXIST::FUNCTION:
X509_REQ_get0_pubkey 3993 3_0_0 EXIST::FUNCTION:
@@ -4045,7 +4045,7 @@ X509_STORE_unlock 4133 3_0_0 EXIST::FUNCTION:
X509_STORE_lock 4134 3_0_0 EXIST::FUNCTION:
X509_set_proxy_pathlen 4135 3_0_0 EXIST::FUNCTION:
X509_get_proxy_pathlen 4136 3_0_0 EXIST::FUNCTION:
-DSA_bits 4137 3_0_0 EXIST::FUNCTION:DSA
+DSA_bits 4137 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
EVP_PKEY_set1_tls_encodedpoint 4138 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get1_tls_encodedpoint 4139 3_0_0 EXIST::FUNCTION:
ASN1_STRING_get0_data 4140 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list