[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Feb 20 09:00:41 UTC 2020
The branch master has been updated
via c5f8713443c8d606ff149b12c478cd6162f2a7ac (commit)
via b9f733c2846329ca6ee6b906b2291e31c0c14183 (commit)
via 4fd8a3e110ee901bc013dc816a6be4d8d1d7b718 (commit)
via f6358b44f1a0bf83a71a37c5099995c388fe78a6 (commit)
via f93107d8de3e499c38ceb5c8f8f4d452631b021a (commit)
from 1f2235ea4e48a48f0c06406c22c8ae31a6ccaae6 (commit)
- Log -----------------------------------------------------------------
commit c5f8713443c8d606ff149b12c478cd6162f2a7ac
Author: Pauli <paul.dale at oracle.com>
Date: Wed Feb 12 15:03:51 2020 +1000
Deprecate the low level RSA functions.
Use of the low level RSA functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
commit b9f733c2846329ca6ee6b906b2291e31c0c14183
Author: Pauli <paul.dale at oracle.com>
Date: Wed Feb 12 15:49:16 2020 +1000
rsa: document deprecated RSA command line apps
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
commit 4fd8a3e110ee901bc013dc816a6be4d8d1d7b718
Author: Pauli <paul.dale at oracle.com>
Date: Wed Feb 12 15:23:01 2020 +1000
rsa: document deprecated low level functions
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
commit f6358b44f1a0bf83a71a37c5099995c388fe78a6
Author: Pauli <paul.dale at oracle.com>
Date: Wed Feb 12 15:05:39 2020 +1000
NEWS: DH, DSA, ECDH, ECDSA and RSA public key function deprecation note
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
commit f93107d8de3e499c38ceb5c8f8f4d452631b021a
Author: Pauli <paul.dale at oracle.com>
Date: Wed Feb 12 13:26:15 2020 +1000
rsa.h: fix preprocessor indentation
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 39 ++
NEWS | 2 +
apps/build.info | 8 +-
apps/genrsa.c | 3 +
apps/progs.c | 12 +-
apps/progs.pl | 5 +-
apps/rsa.c | 3 +
apps/rsautl.c | 3 +
apps/speed.c | 31 +-
crypto/evp/p_dec.c | 6 +
crypto/evp/p_enc.c | 6 +
crypto/rsa/rsa_ameth.c | 6 +
crypto/rsa/rsa_asn1.c | 6 +
crypto/rsa/rsa_chk.c | 6 +
crypto/rsa/rsa_crpt.c | 6 +
crypto/rsa/rsa_depr.c | 6 +
crypto/rsa/rsa_gen.c | 6 +
crypto/rsa/rsa_lib.c | 6 +
crypto/rsa/rsa_meth.c | 6 +
crypto/rsa/rsa_none.c | 6 +
crypto/rsa/rsa_oaep.c | 6 +
crypto/rsa/rsa_ossl.c | 6 +
crypto/rsa/rsa_pk1.c | 6 +
crypto/rsa/rsa_pmeth.c | 6 +
crypto/rsa/rsa_prn.c | 6 +
crypto/rsa/rsa_pss.c | 6 +
crypto/rsa/rsa_saos.c | 6 +
crypto/rsa/rsa_sign.c | 6 +
crypto/rsa/rsa_ssl.c | 6 +
crypto/rsa/rsa_x931.c | 6 +
crypto/rsa/rsa_x931g.c | 6 +
doc/man1/openssl-genrsa.pod.in | 8 +
doc/man1/openssl-rsa.pod.in | 8 +
doc/man1/openssl-rsautl.pod.in | 8 +
doc/man3/RSA_check_key.pod | 10 +
doc/man3/RSA_generate_key.pod | 10 +
doc/man3/RSA_meth_new.pod | 9 +
doc/man3/RSA_padding_add_PKCS1_type_1.pod | 11 +
doc/man3/RSA_private_encrypt.pod | 12 +
doc/man3/RSA_public_encrypt.pod | 12 +
doc/man3/RSA_set_method.pod | 9 +
doc/man3/RSA_sign.pod | 12 +
doc/man3/RSA_sign_ASN1_OCTET_STRING.pod | 11 +
doc/man3/RSA_size.pod | 10 +
engines/build.info | 1 +
engines/e_dasync.c | 274 +++++++----
fuzz/asn1.c | 2 +-
include/openssl/rsa.h | 538 +++++++++++----------
providers/implementations/asymciphers/rsa_enc.c | 6 +
providers/implementations/keymgmt/rsa_kmgmt.c | 6 +
.../implementations/serializers/serializer_rsa.c | 6 +
.../serializers/serializer_rsa_priv.c | 6 +
.../serializers/serializer_rsa_pub.c | 6 +
ssl/t1_lib.c | 12 +-
test/build.info | 24 +-
test/recipes/15-test_genrsa.t | 62 ++-
test/recipes/15-test_mp_rsa.t | 34 +-
test/recipes/15-test_rsa.t | 56 ++-
test/rsa_mp_test.c | 6 +
test/rsa_test.c | 6 +
util/libcrypto.num | 170 +++----
61 files changed, 1070 insertions(+), 513 deletions(-)
diff --git a/CHANGES b/CHANGES
index 15ff91798a..016743a83f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -18,6 +18,45 @@
use the pkeyparam, pkey and genpkey programs.
[Paul Dale]
+ *) All of the low level RSA functions have been deprecated including:
+
+ RSA_new_method, RSA_bits, RSA_size, RSA_security_bits,
+ RSA_get0_pss_params, RSA_get_version, RSA_get0_engine,
+ RSA_generate_key_ex, RSA_generate_multi_prime_key,
+ RSA_X931_derive_ex, RSA_X931_generate_key_ex, RSA_check_key,
+ RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
+ RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method,
+ RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method,
+ RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify,
+ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING,
+ RSA_blinding_on, RSA_blinding_off, RSA_setup_blinding,
+ RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+ RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+ PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+ RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1,
+ RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+ RSA_padding_add_none, RSA_padding_check_none, RSA_padding_add_X931,
+ RSA_padding_check_X931, RSA_X931_hash_id, RSA_verify_PKCS1_PSS,
+ RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1,
+ RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data,
+ RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
+ RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
+ RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_get_pub_enc,
+ RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec,
+ RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec,
+ RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp,
+ RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init,
+ RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish,
+ RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify,
+ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
+ RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen.
+
+ Use of these low level functions has been informally discouraged for a long
+ time. Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
+ L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
+ L<EVP_PKEY_decrypt(3)>.
+ [Paul Dale]
+
*) X509 certificates signed using SHA1 are no longer allowed at security
level 1 and above.
In TLS/SSL the default security level is 1. It can be set either
diff --git a/NEWS b/NEWS
index ac3372dca5..098b73f915 100644
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,8 @@
deprecated.
o All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
RC4, RC5 and SEED cipher functions have been deprecated.
+ o All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions
+ have been deprecated.
Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
diff --git a/apps/build.info b/apps/build.info
index ad3ef74ad4..1b931c8ac1 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -14,9 +14,9 @@ $OPENSSLSRC=\
openssl.c progs.c \
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c \
ec.c ecparam.c enc.c engine.c errstr.c \
- genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \
- pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \
- rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
+ genpkey.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \
+ pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \
+ s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c \
list.c info.c provider.c fipsinstall.c
@@ -32,7 +32,7 @@ IF[{- !$disabled{apps} -}]
ENDIF
IF[{- !$disabled{'deprecated-3.0'} -}]
- SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c
+ SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c rsa.c rsautl.c genrsa.c
ENDIF
SCRIPTS{misc}=CA.pl
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 96fb23aaf5..c45fe19b12 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
diff --git a/apps/progs.c b/apps/progs.c
index c4fb1790e6..3492c93e25 100644
--- a/apps/progs.c
+++ b/apps/progs.c
@@ -49,8 +49,8 @@ FUNCTION functions[] = {
{FT_general, "gendsa", gendsa_main, gendsa_options, "genpkey"},
#endif
{FT_general, "genpkey", genpkey_main, genpkey_options, NULL},
-#ifndef OPENSSL_NO_RSA
- {FT_general, "genrsa", genrsa_main, genrsa_options, NULL},
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ {FT_general, "genrsa", genrsa_main, genrsa_options, "genpkey"},
#endif
{FT_general, "help", help_main, help_options, NULL},
{FT_general, "info", info_main, info_options, NULL},
@@ -75,9 +75,11 @@ FUNCTION functions[] = {
{FT_general, "rand", rand_main, rand_options, NULL},
{FT_general, "rehash", rehash_main, rehash_options, NULL},
{FT_general, "req", req_main, req_options, NULL},
- {FT_general, "rsa", rsa_main, rsa_options, NULL},
-#ifndef OPENSSL_NO_RSA
- {FT_general, "rsautl", rsautl_main, rsautl_options, NULL},
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ {FT_general, "rsa", rsa_main, rsa_options, "pkey"},
+#endif
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ {FT_general, "rsautl", rsautl_main, rsautl_options, "pkeyutl"},
#endif
#ifndef OPENSSL_NO_SOCK
{FT_general, "s_client", s_client_main, s_client_options, NULL},
diff --git a/apps/progs.pl b/apps/progs.pl
index b4ff4b7d55..1d8c305713 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -92,12 +92,13 @@ EOF
my %cmd_disabler = (
ciphers => "sock",
- genrsa => "rsa",
- rsautl => "rsa",
gendh => "dh",
pkcs12 => "des",
);
my %cmd_deprecated = (
+ rsa => [ "3_0", "pkey", "rsa" ],
+ genrsa => [ "3_0", "genpkey", "rsa" ],
+ rsautl => [ "3_0", "pkeyutl", "rsa" ],
dhparam => [ "3_0", "pkeyparam", "dh" ],
dsaparam => [ "3_0", "pkeyparam", "dsa" ],
dsa => [ "3_0", "pkey", "dsa" ],
diff --git a/apps/rsa.c b/apps/rsa.c
index 82b34e7ca3..7d03a862a0 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 99f1c44007..7bb9096bcd 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
diff --git a/apps/speed.c b/apps/speed.c
index 0e94e7cae6..13285d6355 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -94,7 +94,7 @@
#ifndef OPENSSL_NO_CAST
# include <openssl/cast.h>
#endif
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
# include <openssl/rsa.h>
# include "./testrsa.h"
#endif
@@ -416,7 +416,7 @@ static const OPT_PAIR dsa_choices[DSA_NUM] = {
static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
enum {
R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
R_RSA_15360, RSA_NUM
@@ -542,7 +542,7 @@ typedef struct loopargs_st {
unsigned char *key;
unsigned int siglen;
size_t sigsize;
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
RSA *rsa_key[RSA_NUM];
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@@ -1021,7 +1021,7 @@ static int EVP_CMAC_loop(void *args)
}
#endif
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
static int RSA_sign_loop(void *args)
@@ -1503,7 +1503,7 @@ int speed_main(int argc, char **argv)
#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
CAMELLIA_KEY camellia_ks[3];
#endif
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static const struct {
const unsigned char *data;
unsigned int length;
@@ -1707,8 +1707,10 @@ int speed_main(int argc, char **argv)
goto end;
break;
case OPT_PRIMES:
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (!opt_int(opt_arg(), &primes))
goto end;
+#endif
break;
case OPT_SECONDS:
seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
@@ -1746,7 +1748,7 @@ int speed_main(int argc, char **argv)
doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
continue;
}
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (strcmp(algo, "openssl") == 0) /* just for compatibility */
continue;
if (strncmp(algo, "rsa", 3) == 0) {
@@ -1909,7 +1911,7 @@ int speed_main(int argc, char **argv)
if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC] && !doit[D_EVP_CMAC]) {
memset(doit, 1, sizeof(doit));
doit[D_EVP] = doit[D_EVP_HMAC] = doit[D_EVP_CMAC] = 0;
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
memset(rsa_doit, 1, sizeof(rsa_doit));
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@@ -1933,7 +1935,7 @@ int speed_main(int argc, char **argv)
"You have chosen to measure elapsed time "
"instead of user CPU time.\n");
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (i = 0; i < loopargs_len; i++) {
if (primes > RSA_DEFAULT_PRIME_NUM) {
/* for multi-prime RSA, skip this */
@@ -2103,7 +2105,7 @@ int speed_main(int argc, char **argv)
c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
}
-# ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
rsa_c[R_RSA_512][0] = count / 2000;
rsa_c[R_RSA_512][1] = count / 400;
for (i = 1; i < RSA_NUM; i++) {
@@ -2859,7 +2861,7 @@ int speed_main(int argc, char **argv)
if (RAND_bytes(loopargs[i].buf, 36) <= 0)
goto end;
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (testnum = 0; testnum < RSA_NUM; testnum++) {
int st = 0;
if (!rsa_doit[testnum])
@@ -3564,7 +3566,7 @@ int speed_main(int argc, char **argv)
}
printf("\n");
}
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
testnum = 1;
for (k = 0; k < RSA_NUM; k++) {
if (!rsa_doit[k])
@@ -3691,7 +3693,7 @@ int speed_main(int argc, char **argv)
OPENSSL_free(loopargs[i].buf_malloc);
OPENSSL_free(loopargs[i].buf2_malloc);
-#ifndef OPENSSL_NO_RSA
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (k = 0; k < RSA_NUM; k++)
RSA_free(loopargs[i].rsa_key[k]);
#endif
@@ -3887,7 +3889,9 @@ static int do_multi(int multi, int size_num)
sstrsep(&p, sep);
for (j = 0; j < size_num; ++j)
results[alg][j] += atof(sstrsep(&p, sep));
- } else if (strncmp(buf, "+F2:", 4) == 0) {
+ }
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ else if (strncmp(buf, "+F2:", 4) == 0) {
int k;
double d;
@@ -3901,6 +3905,7 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep));
rsa_results[k][1] += d;
}
+#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
else if (strncmp(buf, "+F3:", 4) == 0) {
int k;
diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
index d1d8b0b59e..9a6f271000 100644
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/rsa.h>
diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
index 4c169857c2..349eabde4c 100644
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/rsa.h>
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index a94cb54b5e..71aa435bd7 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
index e6b81253fa..8798bd52d6 100644
--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
index 6ba0010c77..e6b700bc0d 100644
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/bn.h>
#include <openssl/err.h>
#include "crypto/rsa.h"
diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c
index 6abee298c6..83cae46103 100644
--- a/crypto/rsa/rsa_crpt.c
+++ b/crypto/rsa/rsa_crpt.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
index ed63262645..8ba6e8c2ee 100644
--- a/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
@@ -12,6 +12,12 @@
* "new" versions).
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DEPRECATED_0_9_8
NON_EMPTY_TRANSLATION_UNIT
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index cb2abff6a1..5778bdada5 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -13,6 +13,12 @@
* Geoff
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index d6c5da752b..c43c9fdd48 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/core_names.h>
diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c
index a2a0426ee4..6bbe21814e 100644
--- a/crypto/rsa/rsa_meth.c
+++ b/crypto/rsa/rsa_meth.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <string.h>
#include "rsa_local.h"
#include <openssl/err.h>
diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c
index 833ab94028..5298ca7328 100644
--- a/crypto/rsa/rsa_none.c
+++ b/crypto/rsa/rsa_none.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index d1150f09a8..23fb8f9f2b 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -20,6 +20,12 @@
* one-wayness. For the RSA function, this is an equivalent notion.
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/constant_time.h"
#include <stdio.h>
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index 6332a5a411..4b54aa86fe 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/cryptlib.h"
#include "crypto/bn.h"
#include "rsa_local.h"
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index eedc558e3f..33391c4fcb 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/constant_time.h"
#include <stdio.h>
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 34cbba658e..174271874a 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/constant_time.h"
#include <stdio.h>
diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c
index 5e4c098a16..1e52e9e3e6 100644
--- a/crypto/rsa/rsa_prn.c
+++ b/crypto/rsa/rsa_prn.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/rsa.h>
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 15014ef4b1..054fca9fd1 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 7041535cc0..e7041ca2ae 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 6479d12684..31b8ed11fa 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index 99e541881d..48731dfb90 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c
index 3caafb699f..7a1503752f 100644
--- a/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
index 1f6042a3d2..7b65133ec8 100644
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
#include <time.h>
diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in
index ed264332ba..348f8cbbc6 100644
--- a/doc/man1/openssl-genrsa.pod.in
+++ b/doc/man1/openssl-genrsa.pod.in
@@ -36,6 +36,9 @@ B<openssl> B<genrsa>
=head1 DESCRIPTION
+This command has been deprecated.
+The L<openssl-genpkey(1)> command should be used instead.
+
This command generates an RSA private key.
=head1 OPTIONS
@@ -106,8 +109,13 @@ of a key.
=head1 SEE ALSO
L<openssl(1)>,
+L<openssl-genpkey(1)>,
L<openssl-gendsa(1)>
+=head1 HISTORY
+
+This command was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index b391487719..a688260270 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -45,6 +45,9 @@ B<openssl> B<rsa>
=head1 DESCRIPTION
+This command has been deprecated.
+The L<openssl-pkey(1)> command should be used instead.
+
This command processes RSA keys. They can be converted between
various forms and their components printed out. B<Note> this command uses the
traditional SSLeay compatible format for private key encryption: newer
@@ -169,11 +172,16 @@ without having to manually edit them.
=head1 SEE ALSO
L<openssl(1)>,
+L<openssl-pkey(1)>,
L<openssl-pkcs8(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-gendsa(1)>
+=head1 HISTORY
+
+This command was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
index 628e83c87c..b9d0572883 100644
--- a/doc/man1/openssl-rsautl.pod.in
+++ b/doc/man1/openssl-rsautl.pod.in
@@ -38,6 +38,9 @@ B<openssl> B<rsautl>
=head1 DESCRIPTION
+This command has been deprecated.
+The L<openssl-pkeyutl(1)> command should be used instead.
+
This command can be used to sign, verify, encrypt and decrypt
data using the RSA algorithm.
@@ -219,10 +222,15 @@ which it can be seen agrees with the recovered value above.
=head1 SEE ALSO
L<openssl(1)>,
+L<openssl-pkeyutl(1)>,
L<openssl-dgst(1)>,
L<openssl-rsa(1)>,
L<openssl-genrsa(1)>
+=head1 HISTORY
+
+This command was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/RSA_check_key.pod b/doc/man3/RSA_check_key.pod
index fb7bd235a6..137ec7eb68 100644
--- a/doc/man3/RSA_check_key.pod
+++ b/doc/man3/RSA_check_key.pod
@@ -8,12 +8,20 @@ RSA_check_key_ex, RSA_check_key - validate private RSA keys
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb);
int RSA_check_key(RSA *rsa);
=head1 DESCRIPTION
+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_public_check(3)>,
+L<EVP_PKEY_private_check(3)> and L<EVP_PKEY_pairwise_check(3)>.
+
RSA_check_key_ex() function validates RSA keys.
It checks that B<p> and B<q> are
in fact prime, and that B<n = p*q>.
@@ -70,6 +78,8 @@ L<ERR_get_error(3)>
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
RSA_check_key_ex() appeared after OpenSSL 1.0.2.
=head1 COPYRIGHT
diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod
index 9d8b4228f0..110880f9a0 100644
--- a/doc/man3/RSA_generate_key.pod
+++ b/doc/man3/RSA_generate_key.pod
@@ -9,6 +9,10 @@ RSA_generate_multi_prime_key - generate RSA key pair
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
@@ -21,6 +25,10 @@ L<openssl_user_macros(7)>:
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_keygen_init(3)> and
+L<EVP_PKEY_keygen(3)>.
+
RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the
B<RSA> structure provided in B<rsa>. The pseudo-random number generator must
be seeded prior to calling RSA_generate_key_ex().
@@ -95,6 +103,8 @@ L<RAND(7)>
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
RSA_generate_key() was deprecated in OpenSSL 0.9.8; use
RSA_generate_key_ex() instead.
diff --git a/doc/man3/RSA_meth_new.pod b/doc/man3/RSA_meth_new.pod
index 100c64cbce..a6a5f4738b 100644
--- a/doc/man3/RSA_meth_new.pod
+++ b/doc/man3/RSA_meth_new.pod
@@ -20,6 +20,10 @@ RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
RSA_METHOD *RSA_meth_new(const char *name, int flags);
void RSA_meth_free(RSA_METHOD *meth);
@@ -123,6 +127,9 @@ RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use the OSSL_PROVIDER APIs.
+
The B<RSA_METHOD> type is a structure used for the provision of custom
RSA implementations. It provides a set of functions used by OpenSSL
for the implementation of the various RSA capabilities.
@@ -244,6 +251,8 @@ L<RSA_generate_multi_prime_key(3)>
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were
added in OpenSSL 1.1.1.
diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
index 6e679bba0f..0a7b5c3a20 100644
--- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod
+++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
@@ -14,6 +14,10 @@ padding
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *f, int fl);
@@ -58,6 +62,9 @@ padding
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use the EVP PKEY APIs.
+
The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
decrypt, sign and verify functions. Normally they should not be called
from application programs.
@@ -148,6 +155,10 @@ L<RSA_private_decrypt(3)>,
L<RSA_sign(3)>, L<RSA_verify(3)>,
L<RAND(7)>
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod
index 2df8bce564..6589bb62e4 100644
--- a/doc/man3/RSA_private_encrypt.pod
+++ b/doc/man3/RSA_private_encrypt.pod
@@ -8,6 +8,10 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
@@ -16,6 +20,10 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
=head1 DESCRIPTION
+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_encrypt_init(3)>,
+L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>.
+
These functions handle RSA signatures at a low level.
RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
@@ -62,6 +70,10 @@ obtained by L<ERR_get_error(3)>.
L<ERR_get_error(3)>,
L<RSA_sign(3)>, L<RSA_verify(3)>
+=head1 HISTORY
+
+Both of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod
index 09f26ebc07..dbd4c555bf 100644
--- a/doc/man3/RSA_public_encrypt.pod
+++ b/doc/man3/RSA_public_encrypt.pod
@@ -8,6 +8,10 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
@@ -16,6 +20,10 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
=head1 DESCRIPTION
+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_encrypt_init(3)>,
+L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>.
+
RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
session key) using the public key B<rsa> and stores the ciphertext in
B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
@@ -97,6 +105,10 @@ SSL, PKCS #1 v2.0
L<ERR_get_error(3)>, L<RAND_bytes(3)>,
L<RSA_size(3)>
+=head1 HISTORY
+
+Both of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod
index 77af35f246..72963780a0 100644
--- a/doc/man3/RSA_set_method.pod
+++ b/doc/man3/RSA_set_method.pod
@@ -10,6 +10,10 @@ RSA_new_method - select RSA method
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
void RSA_set_default_method(const RSA_METHOD *meth);
RSA_METHOD *RSA_get_default_method(void);
@@ -26,6 +30,9 @@ RSA_new_method - select RSA method
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use the OSSL_PROVIDER APIs.
+
An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
operations. By modifying the method, alternative implementations such as
hardware accelerators may be used. IMPORTANT: See the NOTES section for
@@ -171,6 +178,8 @@ L<RSA_new(3)>
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
The RSA_null_method(), which was a partial attempt to avoid patent issues,
was replaced to always return NULL in OpenSSL 1.1.1.
diff --git a/doc/man3/RSA_sign.pod b/doc/man3/RSA_sign.pod
index a459f2b74f..2cc50a6f1a 100644
--- a/doc/man3/RSA_sign.pod
+++ b/doc/man3/RSA_sign.pod
@@ -8,6 +8,10 @@ RSA_sign, RSA_verify - RSA signatures
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
@@ -16,6 +20,10 @@ RSA_sign, RSA_verify - RSA signatures
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_sign_init(3)>, L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify_init(3)> and L<EVP_PKEY_verify(3)>.
+
RSA_sign() signs the message digest B<m> of size B<m_len> using the
private key B<rsa> using RSASSA-PKCS1-v1_5 as specified in RFC 3447. It
stores the signature in B<sigret> and the signature size in B<siglen>.
@@ -53,6 +61,10 @@ L<ERR_get_error(3)>,
L<RSA_private_encrypt(3)>,
L<RSA_public_decrypt(3)>
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
index 27e7cdf6b8..7a156866f8 100644
--- a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
@@ -8,6 +8,10 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
unsigned int m_len, unsigned char *sigret,
unsigned int *siglen, RSA *rsa);
@@ -18,6 +22,9 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use EVP PKEY APIs.
+
RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
B<m_len> using the private key B<rsa> represented in DER using PKCS #1
padding. It stores the signature in B<sigret> and the signature size
@@ -55,6 +62,10 @@ L<RAND_bytes(3)>, L<RSA_sign(3)>,
L<RSA_verify(3)>,
L<RAND(7)>
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod
index ccc11ba7ab..15db17c299 100644
--- a/doc/man3/RSA_size.pod
+++ b/doc/man3/RSA_size.pod
@@ -8,6 +8,10 @@ RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits
#include <openssl/rsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int RSA_size(const RSA *rsa);
int RSA_bits(const RSA *rsa);
@@ -16,6 +20,10 @@ RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>
+and L<EVP_PKEY_security_bits(3)>.
+
RSA_size() returns the RSA modulus size in bytes. It can be used to
determine how much memory must be allocated for an RSA encrypted
value.
@@ -41,6 +49,8 @@ L<BN_num_bits(3)>
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
The RSA_bits() function was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/engines/build.info b/engines/build.info
index fca41358e9..3bfe1dc057 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -78,6 +78,7 @@ IF[{- !$disabled{"engine"} -}]
SOURCE[dasync]=dasync.ld
GENERATE[dasync.ld]=../util/engines.num
ENDIF
+
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto
INCLUDE[ossltest]=../include
diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index c5d58ded09..446680e535 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -15,6 +15,7 @@
*/
#include "internal/deprecated.h"
+#include <openssl/opensslconf.h>
#if defined(_WIN32)
# include <windows.h>
#endif
@@ -101,22 +102,29 @@ static int dasync_digest_nids(const int **nids)
}
/* RSA */
-
-static int dasync_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int dasync_pub_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx);
-
-static int dasync_rsa_init(RSA *rsa);
-static int dasync_rsa_finish(RSA *rsa);
-
-static RSA_METHOD *dasync_rsa_method = NULL;
+static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+ const int **pnids, int nid);
+
+static int dasync_rsa_init(EVP_PKEY_CTX *ctx);
+static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx);
+static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx);
+static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx);
+static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx);
+static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t inlen);
+static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx);
+static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t inlen);
+static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+ const char *value);
+
+static EVP_PKEY_METHOD *dasync_rsa;
+static const EVP_PKEY_METHOD *dasync_rsa_orig;
/* AES */
@@ -197,26 +205,30 @@ static int dasync_cipher_nids[] = {
static int bind_dasync(ENGINE *e)
{
- /* Setup RSA_METHOD */
- if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
- || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
- || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
- || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
- || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
- || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
- || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
- || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
- || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
- DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
+ /* Setup RSA */
+ ;
+ if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL
+ || (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0)) == NULL)
return 0;
- }
+ EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init);
+ EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup);
+ EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init,
+ dasync_rsa_paramgen);
+ EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init,
+ dasync_rsa_keygen);
+ EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init,
+ dasync_rsa_encrypt);
+ EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init,
+ dasync_rsa_decrypt);
+ EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl,
+ dasync_rsa_ctrl_str);
/* Ensure the dasync error handling is set up */
ERR_load_DASYNC_strings();
if (!ENGINE_set_id(e, engine_dasync_id)
|| !ENGINE_set_name(e, engine_dasync_name)
- || !ENGINE_set_RSA(e, dasync_rsa_method)
+ || !ENGINE_set_pkey_meths(e, dasync_pkey)
|| !ENGINE_set_digests(e, dasync_digests)
|| !ENGINE_set_ciphers(e, dasync_ciphers)
|| !ENGINE_set_destroy_function(e, dasync_destroy)
@@ -295,6 +307,13 @@ static int bind_dasync(ENGINE *e)
return 1;
}
+static void destroy_pkey(void)
+{
+ EVP_PKEY_meth_free(dasync_rsa);
+ dasync_rsa_orig = NULL;
+ dasync_rsa = NULL;
+}
+
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
@@ -347,11 +366,30 @@ static int dasync_destroy(ENGINE *e)
{
destroy_digests();
destroy_ciphers();
- RSA_meth_free(dasync_rsa_method);
+ destroy_pkey();
ERR_unload_DASYNC_strings();
return 1;
}
+static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+ const int **pnids, int nid)
+{
+ static const int rnid = EVP_PKEY_RSA;
+
+ if (pmeth == NULL) {
+ *pnids = &rnid;
+ return 1;
+ }
+
+ if (nid == EVP_PKEY_RSA) {
+ *pmeth = dasync_rsa;
+ return 1;
+ }
+
+ *pmeth = NULL;
+ return 0;
+}
+
static int dasync_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
@@ -522,60 +560,6 @@ static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
return EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
}
-/*
- * RSA implementation
- */
-
-static int dasync_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding) {
- /* Ignore errors - we carry on anyway */
- dummy_pause_job();
- return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL())
- (flen, from, to, rsa, padding);
-}
-
-static int dasync_pub_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding) {
- /* Ignore errors - we carry on anyway */
- dummy_pause_job();
- return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL())
- (flen, from, to, rsa, padding);
-}
-
-static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
-{
- /* Ignore errors - we carry on anyway */
- dummy_pause_job();
- return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL())
- (flen, from, to, rsa, padding);
-}
-
-static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
-{
- /* Ignore errors - we carry on anyway */
- dummy_pause_job();
- return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL())
- (flen, from, to, rsa, padding);
-}
-
-static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
- /* Ignore errors - we carry on anyway */
- dummy_pause_job();
- return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx);
-}
-
-static int dasync_rsa_init(RSA *rsa)
-{
- return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa);
-}
-static int dasync_rsa_finish(RSA *rsa)
-{
- return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa);
-}
-
/* Cipher helper functions */
static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
@@ -803,3 +787,125 @@ static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
*/
return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
}
+
+
+/*
+ * RSA implementation
+ */
+static int dasync_rsa_init(EVP_PKEY_CTX *ctx)
+{
+ static int (*pinit)(EVP_PKEY_CTX *ctx);
+
+ if (pinit == NULL)
+ EVP_PKEY_meth_get_init(dasync_rsa_orig, &pinit);
+ return pinit(ctx);
+}
+
+static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx)
+{
+ static void (*pcleanup)(EVP_PKEY_CTX *ctx);
+
+ if (pcleanup == NULL)
+ EVP_PKEY_meth_get_cleanup(dasync_rsa_orig, &pcleanup);
+ pcleanup(ctx);
+}
+
+static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx)
+{
+ static int (*pparamgen_init)(EVP_PKEY_CTX *ctx);
+
+ if (pparamgen_init == NULL)
+ EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, &pparamgen_init, NULL);
+ return pparamgen_init(ctx);
+}
+
+static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static int (*pparamgen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
+
+ if (pparamgen == NULL)
+ EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, NULL, &pparamgen);
+ return pparamgen(ctx, pkey);
+}
+
+static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx)
+{
+ static int (*pkeygen_init)(EVP_PKEY_CTX *ctx);
+
+ if (pkeygen_init == NULL)
+ EVP_PKEY_meth_get_keygen(dasync_rsa_orig, &pkeygen_init, NULL);
+ return pkeygen_init(ctx);
+}
+
+static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static int (*pkeygen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
+
+ if (pkeygen == NULL)
+ EVP_PKEY_meth_get_keygen(dasync_rsa_orig, NULL, &pkeygen);
+ return pkeygen(ctx, pkey);
+}
+
+static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx)
+{
+ static int (*pencrypt_init)(EVP_PKEY_CTX *ctx);
+
+ if (pencrypt_init == NULL)
+ EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, &pencrypt_init, NULL);
+ return pencrypt_init(ctx);
+}
+
+static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t inlen)
+{
+ static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t inlen);
+
+ if (pencryptfn == NULL)
+ EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn);
+ return pencryptfn(ctx, out, outlen, in, inlen);
+}
+
+static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx)
+{
+ static int (*pdecrypt_init)(EVP_PKEY_CTX *ctx);
+
+ if (pdecrypt_init == NULL)
+ EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, &pdecrypt_init, NULL);
+ return pdecrypt_init(ctx);
+}
+
+static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t inlen)
+{
+ static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out,
+ size_t *outlen, const unsigned char *in,
+ size_t inlen);
+
+ if (pdecrypt == NULL)
+ EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt);
+ return pdecrypt(ctx, out, outlen, in, inlen);
+}
+
+static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+ static int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+
+ if (pctrl == NULL)
+ EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, &pctrl, NULL);
+ return pctrl(ctx, type, p1, p2);
+}
+
+static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+ const char *value)
+{
+ static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type,
+ const char *value);
+
+ if (pctrl_str == NULL)
+ EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str);
+ return pctrl_str(ctx, type, value);
+}
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 846bb8fa3d..6ef6712e4d 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -338,7 +338,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey);
DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams);
#endif
- DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
+ DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey);
#ifndef OPENSSL_NO_EC
DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 9753c22c2c..12ee01192e 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -19,60 +19,64 @@
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_RSA
-# include <openssl/asn1.h>
-# include <openssl/bio.h>
-# include <openssl/crypto.h>
-# include <openssl/types.h>
-# ifndef OPENSSL_NO_DEPRECATED_1_1_0
-# include <openssl/bn.h>
-# endif
-# include <openssl/rsaerr.h>
-# include <openssl/safestack.h>
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/types.h>
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# include <openssl/bn.h>
+# endif
+# include <openssl/rsaerr.h>
+# include <openssl/safestack.h>
-# ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
-# endif
+# endif
-/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
+# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
+# endif
-# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
-# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
-# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
-# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
-# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
-# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
-# endif
-# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
+# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+# endif
/* exponent limit enforced for "large" modulus only */
-# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
-# endif
+# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
+# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
+# endif
-# define RSA_3 0x3L
-# define RSA_F4 0x10001L
+# define RSA_3 0x3L
+# define RSA_F4 0x10001L
/* based on RFC 8017 appendix A.1.2 */
-# define RSA_ASN1_VERSION_DEFAULT 0
-# define RSA_ASN1_VERSION_MULTI 1
+# define RSA_ASN1_VERSION_DEFAULT 0
+# define RSA_ASN1_VERSION_MULTI 1
-# define RSA_DEFAULT_PRIME_NUM 2
+# define RSA_DEFAULT_PRIME_NUM 2
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
-# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private
- * match */
+/* Don't check pub/private match */
+/* TODO(3.0): deprecate this? It is exposed for sls/t1_lib.c's use */
+# define RSA_METHOD_FLAG_NO_CHECK 0x0001
-# define RSA_FLAG_CACHE_PUBLIC 0x0002
-# define RSA_FLAG_CACHE_PRIVATE 0x0004
-# define RSA_FLAG_BLINDING 0x0008
-# define RSA_FLAG_THREAD_SAFE 0x0010
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define RSA_FLAG_CACHE_PUBLIC 0x0002
+# define RSA_FLAG_CACHE_PRIVATE 0x0004
+# define RSA_FLAG_BLINDING 0x0008
+# define RSA_FLAG_THREAD_SAFE 0x0010
/*
* This flag means the private key operations will be handled by rsa_mod_exp
* and that they do not depend on the private key components being present:
* for example a key stored in external hardware. Without this flag
* bn_mod_exp gets called when private key components are absent.
*/
-# define RSA_FLAG_EXT_PKEY 0x0020
+# define RSA_FLAG_EXT_PKEY 0x0020
/*
* new with 0.9.6j and 0.9.7b; the built-in
@@ -80,14 +84,14 @@ extern "C" {
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
-# define RSA_FLAG_NO_BLINDING 0x0080
-# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# define RSA_FLAG_NO_BLINDING 0x0080
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
-# define RSA_FLAG_NO_CONSTTIME 0x0000
-# endif
-# ifndef OPENSSL_NO_DEPRECATED_0_9_8
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# define RSA_FLAG_NO_CONSTTIME 0x0000
+# endif
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
@@ -97,41 +101,42 @@ extern "C" {
* faster variable sliding window method to
* be used for all exponents.
*/
-# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
-# endif
+# ifndef OPENSSL_NO_DEPRECATED_0_9_8
+# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
+# endif
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode);
int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode);
-# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
/* Salt length matches digest */
-# define RSA_PSS_SALTLEN_DIGEST -1
+# define RSA_PSS_SALTLEN_DIGEST -1
/* Verify only: auto detect salt length */
-# define RSA_PSS_SALTLEN_AUTO -2
+# define RSA_PSS_SALTLEN_AUTO -2
/* Set salt length to maximum possible */
-# define RSA_PSS_SALTLEN_MAX -3
+# define RSA_PSS_SALTLEN_MAX -3
/* Old compatible max salt length for sign only */
-# define RSA_PSS_SALTLEN_MAX_SIGN -2
+# define RSA_PSS_SALTLEN_MAX_SIGN -2
-# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \
+# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
-# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
+# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen)
-# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
-# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
-# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \
+# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \
RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL)
@@ -142,8 +147,7 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name,
size_t namelen);
-
-# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
+# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
@@ -153,55 +157,54 @@ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name,
size_t namelen);
-int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label,
- int llen);
+int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen);
int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
-# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
+# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \
EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \
0, (void *)(md))
-# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
-# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
-# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
-# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
-# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
-# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
-# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
-# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
-# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11)
-# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
-# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13)
-# define RSA_PKCS1_PADDING 1
-# define RSA_SSLV23_PADDING 2
-# define RSA_NO_PADDING 3
-# define RSA_PKCS1_OAEP_PADDING 4
-# define RSA_X931_PADDING 5
+# define RSA_PKCS1_PADDING 1
+# define RSA_SSLV23_PADDING 2
+# define RSA_NO_PADDING 3
+# define RSA_PKCS1_OAEP_PADDING 4
+# define RSA_X931_PADDING 5
/* EVP_PKEY_ only */
-# define RSA_PKCS1_PSS_PADDING 6
-# define RSA_PKCS1_WITH_TLS_PADDING 7
+# define RSA_PKCS1_PSS_PADDING 6
+# define RSA_PKCS1_WITH_TLS_PADDING 7
-# define RSA_PKCS1_PADDING_SIZE 11
+# define RSA_PKCS1_PADDING_SIZE 11
-# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
-# define RSA_get_app_data(s) RSA_get_ex_data(s,0)
+# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
+# define RSA_get_app_data(s) RSA_get_ex_data(s,0)
RSA *RSA_new(void);
-RSA *RSA_new_method(ENGINE *engine);
-int RSA_bits(const RSA *rsa);
-int RSA_size(const RSA *rsa);
-int RSA_security_bits(const RSA *rsa);
+DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine))
+DEPRECATEDIN_3_0(int RSA_bits(const RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa))
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
@@ -226,12 +229,12 @@ const BIGNUM *RSA_get0_q(const RSA *d);
const BIGNUM *RSA_get0_dmp1(const RSA *r);
const BIGNUM *RSA_get0_dmq1(const RSA *r);
const BIGNUM *RSA_get0_iqmp(const RSA *r);
-const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
+DEPRECATEDIN_3_0(const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r))
void RSA_clear_flags(RSA *r, int flags);
int RSA_test_flags(const RSA *r, int flags);
void RSA_set_flags(RSA *r, int flags);
-int RSA_get_version(RSA *r);
-ENGINE *RSA_get0_engine(const RSA *r);
+DEPRECATEDIN_3_0(int RSA_get_version(RSA *r))
+DEPRECATEDIN_3_0(ENGINE *RSA_get0_engine(const RSA *r))
/* Deprecated version */
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
@@ -239,43 +242,52 @@ DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
void *cb_arg))
/* New version */
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+DEPRECATEDIN_3_0(int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb))
/* Multi-prime version */
-int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
- BIGNUM *e, BN_GENCB *cb);
-
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
- BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
- const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
- BN_GENCB *cb);
-
-int RSA_check_key(const RSA *);
-int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
+DEPRECATEDIN_3_0(int RSA_generate_multi_prime_key(RSA *rsa, int bits,
+ int primes, BIGNUM *e,
+ BN_GENCB *cb))
+
+DEPRECATEDIN_3_0(int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *q1, BIGNUM *q2,
+ const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *Xp, const BIGNUM *Xq1,
+ const BIGNUM *Xq2, const BIGNUM *Xq,
+ const BIGNUM *e, BN_GENCB *cb))
+DEPRECATEDIN_3_0(int RSA_X931_generate_key_ex(RSA *rsa, int bits,
+ const BIGNUM *e, BN_GENCB *cb))
+
+DEPRECATEDIN_3_0(int RSA_check_key(const RSA *))
+DEPRECATEDIN_3_0(int RSA_check_key_ex(const RSA *, BN_GENCB *cb))
/* next 4 return -1 on error */
-int RSA_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-int RSA_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-int RSA_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-int RSA_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+DEPRECATEDIN_3_0(int RSA_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding))
+DEPRECATEDIN_3_0(int RSA_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding))
+DEPRECATEDIN_3_0(int RSA_public_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding))
+DEPRECATEDIN_3_0(int RSA_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding))
void RSA_free(RSA *r);
/* "up" the RSA object's reference count */
int RSA_up_ref(RSA *r);
+/* TODO(3.0): deprecate this one ssl/ssl_rsa.c can be changed to avoid it */
int RSA_flags(const RSA *r);
-void RSA_set_default_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_method(void);
-const RSA_METHOD *RSA_null_method(void);
-const RSA_METHOD *RSA_get_method(const RSA *rsa);
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+DEPRECATEDIN_3_0(void RSA_set_default_method(const RSA_METHOD *meth))
+DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void))
+DEPRECATEDIN_3_0(const RSA_METHOD *RSA_null_method(void))
+DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_method(const RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth))
/* these are the actual RSA functions */
-const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+DEPRECATEDIN_3_0(const RSA_METHOD *RSA_PKCS1_OpenSSL(void))
int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
@@ -303,102 +315,130 @@ typedef struct rsa_oaep_params_st {
DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
-# ifndef OPENSSL_NO_STDIO
-int RSA_print_fp(FILE *fp, const RSA *r, int offset);
-# endif
+# ifndef OPENSSL_NO_STDIO
+DEPRECATEDIN_3_0(int RSA_print_fp(FILE *fp, const RSA *r, int offset))
+# endif
-int RSA_print(BIO *bp, const RSA *r, int offset);
+DEPRECATEDIN_3_0(int RSA_print(BIO *bp, const RSA *r, int offset))
/*
* The following 2 functions sign and verify a X509_SIG ASN1 object inside
* PKCS#1 padded RSA encryption
*/
-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
- const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+DEPRECATEDIN_3_0(int RSA_sign(int type, const unsigned char *m,
+ unsigned int m_length, unsigned char *sigret,
+ unsigned int *siglen, RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_verify(int type, const unsigned char *m,
+ unsigned int m_length,
+ const unsigned char *sigbuf,
+ unsigned int siglen, RSA *rsa))
/*
* The following 2 function sign and verify a ASN1_OCTET_STRING object inside
* PKCS#1 padded RSA encryption
*/
-int RSA_sign_ASN1_OCTET_STRING(int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen,
- RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
- unsigned int m_length, unsigned char *sigbuf,
- unsigned int siglen, RSA *rsa);
-
+DEPRECATEDIN_3_0(int RSA_sign_ASN1_OCTET_STRING(int type,
+ const unsigned char *m,
+ unsigned int m_length,
+ unsigned char *sigret,
+ unsigned int *siglen, RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_verify_ASN1_OCTET_STRING(int type,
+ const unsigned char *m,
+ unsigned int m_length,
+ unsigned char *sigbuf,
+ unsigned int siglen,
+ RSA *rsa))
+
+/* TODO(3.0): figure out how to deprecate these two */
int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
void RSA_blinding_off(RSA *rsa);
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
- const unsigned char *f, int fl);
-int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
- const unsigned char *f, int fl,
- int rsa_len);
-int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
- const unsigned char *f, int fl);
-int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
- const unsigned char *f, int fl,
- int rsa_len);
-int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
- long seedlen, const EVP_MD *dgst);
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
- const unsigned char *f, int fl,
- const unsigned char *p, int pl);
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
- const unsigned char *f, int fl, int rsa_len,
- const unsigned char *p, int pl);
-int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
- const unsigned char *from, int flen,
- const unsigned char *param, int plen,
- const EVP_MD *md, const EVP_MD *mgf1md);
-int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
- const unsigned char *from, int flen,
- int num, const unsigned char *param,
- int plen, const EVP_MD *md,
- const EVP_MD *mgf1md);
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
- const unsigned char *f, int fl);
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
- const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
- int fl);
-int RSA_padding_check_none(unsigned char *to, int tlen,
- const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
- int fl);
-int RSA_padding_check_X931(unsigned char *to, int tlen,
- const unsigned char *f, int fl, int rsa_len);
-int RSA_X931_hash_id(int nid);
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
- const EVP_MD *Hash, const unsigned char *EM,
- int sLen);
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
- const unsigned char *mHash, const EVP_MD *Hash,
- int sLen);
-
-int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
- const EVP_MD *Hash, const EVP_MD *mgf1Hash,
- const unsigned char *EM, int sLen);
-
-int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
- const unsigned char *mHash,
- const EVP_MD *Hash, const EVP_MD *mgf1Hash,
- int sLen);
-
-#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
+DEPRECATEDIN_3_0(BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx))
+
+DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *f,
+ int fl))
+DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *f,
+ int fl, int rsa_len))
+DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *f,
+ int fl))
+DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *f,
+ int fl, int rsa_len))
+DEPRECATEDIN_3_0(int PKCS1_MGF1(unsigned char *mask, long len,
+ const unsigned char *seed, long seedlen,
+ const EVP_MD *dgst))
+DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ const unsigned char *p, int pl))
+DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+ const unsigned char *f,
+ int fl, int rsa_len,
+ const unsigned char *p,
+ int pl))
+DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to,
+ int tlen,
+ const unsigned char *from,
+ int flen,
+ const unsigned char *param,
+ int plen,
+ const EVP_MD *md,
+ const EVP_MD *mgf1md))
+DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to,
+ int tlen,
+ const unsigned char *from,
+ int flen, int num,
+ const unsigned char *param,
+ int plen, const EVP_MD *md,
+ const EVP_MD *mgf1md))
+DEPRECATEDIN_3_0(int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *f, int fl))
+DEPRECATEDIN_3_0(int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len))
+DEPRECATEDIN_3_0(int RSA_padding_add_none(unsigned char *to, int tlen,
+ const unsigned char *f, int fl))
+DEPRECATEDIN_3_0(int RSA_padding_check_none(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len))
+DEPRECATEDIN_3_0(int RSA_padding_add_X931(unsigned char *to, int tlen,
+ const unsigned char *f, int fl))
+DEPRECATEDIN_3_0(int RSA_padding_check_X931(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len))
+DEPRECATEDIN_3_0(int RSA_X931_hash_id(int nid))
+
+DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+ const EVP_MD *Hash,
+ const unsigned char *EM, int sLen))
+DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+ const unsigned char *mHash,
+ const EVP_MD *Hash, int sLen))
+
+DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa,
+ const unsigned char *mHash,
+ const EVP_MD *Hash,
+ const EVP_MD *mgf1Hash,
+ const unsigned char *EM,
+ int sLen))
+
+DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa,
+ unsigned char *EM,
+ const unsigned char *mHash,
+ const EVP_MD *Hash,
+ const EVP_MD *mgf1Hash,
+ int sLen))
+
+# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef)
-int RSA_set_ex_data(RSA *r, int idx, void *arg);
-void *RSA_get_ex_data(const RSA *r, int idx);
+DEPRECATEDIN_3_0(int RSA_set_ex_data(RSA *r, int idx, void *arg))
+DEPRECATEDIN_3_0(void *RSA_get_ex_data(const RSA *r, int idx))
DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPublicKey)
DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* If this flag is set the RSA method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
@@ -406,7 +446,7 @@ DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey)
* result is compliant.
*/
-# define RSA_FLAG_FIPS_METHOD 0x0400
+# define RSA_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
@@ -414,99 +454,101 @@ DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey)
* usage is compliant.
*/
-# define RSA_FLAG_NON_FIPS_ALLOW 0x0400
+# define RSA_FLAG_NON_FIPS_ALLOW 0x0400
/*
* Application has decided PRNG is good enough to generate a key: don't
* check.
*/
-# define RSA_FLAG_CHECKED 0x0800
-
-RSA_METHOD *RSA_meth_new(const char *name, int flags);
-void RSA_meth_free(RSA_METHOD *meth);
-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
-const char *RSA_meth_get0_name(const RSA_METHOD *meth);
-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
-int RSA_meth_get_flags(const RSA_METHOD *meth);
-int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
-void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
-int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
-int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+# define RSA_FLAG_CHECKED 0x0800
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
+DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_new(const char *name, int flags))
+DEPRECATEDIN_3_0(void RSA_meth_free(RSA_METHOD *meth))
+DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth))
+DEPRECATEDIN_3_0(const char *RSA_meth_get0_name(const RSA_METHOD *meth))
+DEPRECATEDIN_3_0(int RSA_meth_set1_name(RSA_METHOD *meth, const char *name))
+DEPRECATEDIN_3_0(int RSA_meth_get_flags(const RSA_METHOD *meth))
+DEPRECATEDIN_3_0(int RSA_meth_set_flags(RSA_METHOD *meth, int flags))
+DEPRECATEDIN_3_0(void *RSA_meth_get0_app_data(const RSA_METHOD *meth))
+DEPRECATEDIN_3_0(int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+ unsigned char *to, RSA *rsa, int padding))
+DEPRECATEDIN_3_0(int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
int (*pub_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
- int padding));
-int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+ int padding)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+ unsigned char *to, RSA *rsa, int padding))
+DEPRECATEDIN_3_0(int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
int (*pub_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
- int padding));
-int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+ int padding)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+ unsigned char *to, RSA *rsa, int padding))
+DEPRECATEDIN_3_0(int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
int (*priv_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
- int padding));
-int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+ int padding)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+ unsigned char *to, RSA *rsa, int padding))
+DEPRECATEDIN_3_0(int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
int (*priv_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
- int padding));
-int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
-int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+ int padding)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+ (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx))
+DEPRECATEDIN_3_0(int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
- BN_CTX *ctx));
-int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+ BN_CTX *ctx)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx))
+DEPRECATEDIN_3_0(int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
int (*bn_mod_exp) (BIGNUM *r,
const BIGNUM *a,
const BIGNUM *p,
const BIGNUM *m,
BN_CTX *ctx,
- BN_MONT_CTX *m_ctx));
-int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
-int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
-int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
-int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
-int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+ BN_MONT_CTX *m_ctx)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_meth_set_finish(RSA_METHOD *rsa,
+ int (*finish) (RSA *rsa)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_sign(const RSA_METHOD *meth))
(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa);
-int RSA_meth_set_sign(RSA_METHOD *rsa,
+ const RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_meth_set_sign(RSA_METHOD *rsa,
int (*sign) (int type, const unsigned char *m,
unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa));
-int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+ const RSA *rsa)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_verify(const RSA_METHOD *meth))
(int dtype, const unsigned char *m,
unsigned int m_length, const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa);
-int RSA_meth_set_verify(RSA_METHOD *rsa,
+ unsigned int siglen, const RSA *rsa))
+DEPRECATEDIN_3_0(int RSA_meth_set_verify(RSA_METHOD *rsa,
int (*verify) (int dtype, const unsigned char *m,
unsigned int m_length,
const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa));
-int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
- (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-int RSA_meth_set_keygen(RSA_METHOD *rsa,
+ unsigned int siglen, const RSA *rsa)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+ (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb))
+DEPRECATEDIN_3_0(int RSA_meth_set_keygen(RSA_METHOD *rsa,
int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
- BN_GENCB *cb));
-int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
- (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
-int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+ BN_GENCB *cb)))
+DEPRECATEDIN_3_0(int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
+ (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb))
+DEPRECATEDIN_3_0(int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
int (*keygen) (RSA *rsa, int bits,
int primes, BIGNUM *e,
- BN_GENCB *cb));
+ BN_GENCB *cb)))
# ifdef __cplusplus
}
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 87349ed64b..5f071a56ca 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/core_numbers.h>
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index f43520f857..8f3f25eb60 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/bn.h>
diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c
index 9aaefb56bc..ddc7074927 100644
--- a/providers/implementations/serializers/serializer_rsa.c
+++ b/providers/implementations/serializers/serializer_rsa.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "crypto/rsa.h" /* rsa_get0_all_params() */
#include "prov/bio.h" /* ossl_prov_bio_printf() */
#include "prov/implementations.h" /* rsa_keymgmt_functions */
diff --git a/providers/implementations/serializers/serializer_rsa_priv.c b/providers/implementations/serializers/serializer_rsa_priv.c
index c236739e0e..8ac9f30ad5 100644
--- a/providers/implementations/serializers/serializer_rsa_priv.c
+++ b/providers/implementations/serializers/serializer_rsa_priv.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
diff --git a/providers/implementations/serializers/serializer_rsa_pub.c b/providers/implementations/serializers/serializer_rsa_pub.c
index f7eccf7624..3ee0501ee1 100644
--- a/providers/implementations/serializers/serializer_rsa_pub.c
+++ b/providers/implementations/serializers/serializer_rsa_pub.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index aedb521015..923cf5b5cd 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -919,16 +919,16 @@ int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
* with a 128 byte (1024 bit) key.
*/
#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2)
-static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const RSA *rsa,
+static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey,
const SIGALG_LOOKUP *lu)
{
const EVP_MD *md;
- if (rsa == NULL)
+ if (pkey == NULL)
return 0;
if (!tls1_lookup_md(ctx, lu, &md) || md == NULL)
return 0;
- if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md))
+ if (EVP_PKEY_size(pkey) < RSA_PSS_MINIMUM_KEY_SIZE(md))
return 0;
return 1;
}
@@ -2823,7 +2823,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
#endif
} else if (lu->sig == EVP_PKEY_RSA_PSS) {
/* validate that key is large enough for the signature algorithm */
- if (!rsa_pss_check_min_key_size(s->ctx, EVP_PKEY_get0(tmppkey), lu))
+ if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu))
continue;
}
break;
@@ -2909,9 +2909,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
/* validate that key is large enough for the signature algorithm */
EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey;
- if (!rsa_pss_check_min_key_size(s->ctx,
- EVP_PKEY_get0(pkey),
- lu))
+ if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu))
continue;
}
#ifndef OPENSSL_NO_EC
diff --git a/test/build.info b/test/build.info
index f964dec4ba..84229bdd2d 100644
--- a/test/build.info
+++ b/test/build.info
@@ -35,7 +35,7 @@ IF[{- !$disabled{tests} -}]
ectest ecstresstest gmdifftest pbelutest \
destest mdc2test \
dhtest enginetest \
- ssltest_old exptest rsa_test \
+ ssltest_old exptest \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@@ -53,7 +53,7 @@ IF[{- !$disabled{tests} -}]
recordlentest drbgtest sslbuffertest \
recordlentest drbgtest drbg_cavs_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
- servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
+ servername_test ocspapitest fatalerrtest tls13ccstest \
sysdefaulttest errtest ssl_ctx_test gosttest \
context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
keymgmt_internal_test
@@ -125,14 +125,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[exptest]=../include ../apps/include
DEPEND[exptest]=../libcrypto libtestutil.a
- SOURCE[rsa_test]=rsa_test.c
- INCLUDE[rsa_test]=../include ../apps/include
- DEPEND[rsa_test]=../libcrypto libtestutil.a
-
- SOURCE[rsa_mp_test]=rsa_mp_test.c
- INCLUDE[rsa_mp_test]=../include ../apps/include
- DEPEND[rsa_mp_test]=../libcrypto.a libtestutil.a
-
SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c
INCLUDE[fatalerrtest]=../include ../apps/include
DEPEND[fatalerrtest]=../libcrypto ../libssl libtestutil.a
@@ -495,12 +487,11 @@ IF[{- !$disabled{tests} -}]
IF[1]
PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \
tls13encryptiontest wpackettest ctype_internal_test \
- rdrand_sanitytest property_test ideatest \
- rsa_sp800_56b_test bn_internal_test ecdsatest \
+ rdrand_sanitytest property_test ideatest rsa_mp_test \
+ rsa_sp800_56b_test bn_internal_test ecdsatest rsa_test \
rc2test rc4test rc5test hmactest ffc_internal_test \
asn1_dsa_internal_test dsatest dsa_no_digest_size_test
-
IF[{- !$disabled{poly1305} -}]
PROGRAMS{noinst}=poly1305_internal_test
ENDIF
@@ -540,6 +531,13 @@ IF[{- !$disabled{tests} -}]
INCLUDE[x509_internal_test]=.. ../include ../apps/include
DEPEND[x509_internal_test]=../libcrypto.a libtestutil.a
+ SOURCE[rsa_test]=rsa_test.c
+ INCLUDE[rsa_test]=../include ../apps/include
+ DEPEND[rsa_test]=../libcrypto.a libtestutil.a
+
+ SOURCE[rsa_mp_test]=rsa_mp_test.c
+ INCLUDE[rsa_mp_test]=../include ../apps/include
+ DEPEND[rsa_mp_test]=../libcrypto.a libtestutil.a
SOURCE[ecdsatest]=ecdsatest.c
INCLUDE[ecdsatest]=../include ../apps/include
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index d7d146a1d9..0ec0e65f18 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -16,10 +16,18 @@ use OpenSSL::Test::Utils;
setup("test_genrsa");
-plan tests => 5;
+plan tests => 9;
# We want to know that an absurdly small number of bits isn't support
-is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
+if (disabled("deprecated-3.0")) {
+ is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+ '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
+ '-pkeyopt', 'rsa_keygen_pubexp:3'])),
+ 0, "genrsa -3 8");
+} else {
+ is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
+ 0, "genrsa -3 8");
+}
# Depending on the shared library, we might have different lower limits.
# Let's find it! This is a simple binary search
@@ -29,10 +37,21 @@ is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "ge
note "Looking for lowest amount of bits";
my $bad = 3; # Log2 of number of bits (2 << 3 == 8)
my $good = 11; # Log2 of number of bits (2 << 11 == 2048)
+my $fin;
while ($good > $bad + 1) {
my $checked = int(($good + $bad + 1) / 2);
- if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
- 2 ** $checked ], stderr => undef))) {
+ my $bits = 2 ** $checked;
+ if (disabled("deprecated-3.0")) {
+ $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+ '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:3',
+ '-pkeyopt', "rsa_keygen_bits:$bits",
+ ], stderr => undef));
+ } else {
+ $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
+ $bits
+ ], stderr => undef));
+ }
+ if ($fin) {
note 2 ** $checked, " bits is good";
$good = $checked;
} else {
@@ -44,11 +63,30 @@ $good++ if $good == $bad;
$good = 2 ** $good;
note "Found lowest allowed amount of bits to be $good";
-ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
- "genrsa -3 $good");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
- "rsa -check");
-ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
- "genrsa -f4 $good");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
- "rsa -check");
+ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
+ '-pkeyopt', 'rsa_keygen_pubexp:3',
+ '-pkeyopt', "rsa_keygen_bits:$good",
+ '-out', 'genrsatest.pem' ])),
+ "genpkey -3 $good");
+ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "pkey -check");
+ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
+ '-pkeyopt', 'rsa_keygen_pubexp:65537',
+ '-pkeyopt', "rsa_keygen_bits:$good",
+ '-out', 'genrsatest.pem' ])),
+ "genpkey -f4 $good");
+ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "pkey -check");
+
+ SKIP: {
+ skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0");
+
+ ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
+ "genrsa -3 $good");
+ ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "rsa -check");
+ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
+ "genrsa -f4 $good");
+ ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "rsa -check");
+}
diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t
index 4a4ac3569d..6ecf80c4e2 100644
--- a/test/recipes/15-test_mp_rsa.t
+++ b/test/recipes/15-test_mp_rsa.t
@@ -17,12 +17,6 @@ use OpenSSL::Test::Utils;
setup("test_mp_rsa");
-plan tests => 31;
-
-ok(run(test(["rsa_mp_test"])), "running rsa multi prime test");
-
-my $cleartext = data_file("plain_text");
-
my @test_param = (
# 3 primes, 2048-bit
{
@@ -41,8 +35,14 @@ my @test_param = (
},
);
+plan tests => 1 + scalar(@test_param) * 5 * (disabled('deprecated-3.0') ? 1 : 2);
+
+ok(run(test(["rsa_mp_test"])), "running rsa multi prime test");
+
+my $cleartext = data_file("plain_text");
+
# genrsa
-run_mp_tests(0);
+run_mp_tests(0) if !disabled('deprecated-3.0');
# evp
run_mp_tests(1);
@@ -60,17 +60,9 @@ sub run_mp_tests {
'-pkeyopt', "rsa_keygen_primes:$primes",
'-pkeyopt', "rsa_keygen_bits:$bits"])),
"genrsa $name");
- } else {
- ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem",
- '-primes', $primes, $bits])),
- "genrsa $name");
- }
-
- ok(run(app([ 'openssl', 'rsa', '-check', '-in', "rsamptest-$name.pem",
- '-noout'])),
- "rsa -check $name");
-
- if ($evp) {
+ ok(run(app([ 'openssl', 'pkey', '-check',
+ '-in', "rsamptest-$name.pem", '-noout'])),
+ "rsa -check $name");
ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
'-encrypt', '-in', $cleartext,
'-out', "rsamptest-$name.enc" ])),
@@ -80,6 +72,11 @@ sub run_mp_tests {
'-out', "rsamptest-$name.dec" ])),
"rsa $name decrypt");
} else {
+ ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem",
+ '-primes', $primes, $bits])), "genrsa $name");
+ ok(run(app([ 'openssl', 'rsa', '-check',
+ '-in', "rsamptest-$name.pem", '-noout'])),
+ "rsa -check $name");
ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
'-encrypt', '-in', $cleartext,
'-out', "rsamptest-$name.enc" ])),
@@ -89,7 +86,6 @@ sub run_mp_tests {
'-out', "rsamptest-$name.dec" ])),
"rsa $name decrypt");
}
-
ok(check_msg("rsamptest-$name.dec"), "rsa $name check result");
}
}
diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t
index 3b1a0fcd5d..2e8afa8213 100644
--- a/test/recipes/15-test_rsa.t
+++ b/test/recipes/15-test_rsa.t
@@ -16,32 +16,48 @@ use OpenSSL::Test::Utils;
setup("test_rsa");
-plan tests => 6;
+#plan skip_all => "RSA command line tool not built"
+# if disabled("deprecated-3.0");
-require_ok(srctop_file('test','recipes','tconversion.pl'));
+plan tests => 10;
+
+require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
ok(run(test(["rsa_test"])), "running rsatest");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])), "rsa -check");
+run_rsa_tests("pkey");
SKIP: {
- skip "Skipping rsa conversion test", 3
- if disabled("rsa");
-
- subtest 'rsa conversions -- private key' => sub {
- tconversion("rsa", srctop_file("test","testrsa.pem"));
- };
- subtest 'rsa conversions -- private key PKCS#8' => sub {
- tconversion("rsa", srctop_file("test","testrsa.pem"), "pkey");
- };
-}
+ skip "Skipping rsa command line tests", 4 if disabled('deprecated-3.0');
- SKIP: {
- skip "Skipping msblob conversion test", 1
- if disabled("rsa") || disabled("dsa");
+ run_rsa_tests("rsa");
+}
- subtest 'rsa conversions -- public key' => sub {
- tconversion("msb", srctop_file("test","testrsapub.pem"), "rsa",
- "-pubin", "-pubout");
- };
+sub run_rsa_tests {
+ my $cmd = shift;
+
+ ok(run(app([ 'openssl', $cmd, '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])),
+ "$cmd -check" );
+
+ SKIP: {
+ skip "Skipping $cmd conversion test", 3
+ if disabled("rsa");
+
+ subtest "$cmd conversions -- private key" => sub {
+ tconversion($cmd, srctop_file("test", "testrsa.pem"));
+ };
+ subtest "$cmd conversions -- private key PKCS#8" => sub {
+ tconversion($cmd, srctop_file("test", "testrsa.pem"), "pkey");
+ };
+ }
+
+ SKIP: {
+ skip "Skipping msblob conversion test", 1
+ if disabled($cmd) || disabled("dsa") || $cmd == 'pkey';
+
+ subtest "$cmd conversions -- public key" => sub {
+ tconversion("msb", srctop_file("test", "testrsapub.pem"), "rsa",
+ "-pubin", "-pubout");
+ };
+ }
}
diff --git a/test/rsa_mp_test.c b/test/rsa_mp_test.c
index baa9dd2272..53e2966997 100644
--- a/test/rsa_mp_test.c
+++ b/test/rsa_mp_test.c
@@ -10,6 +10,12 @@
/* This aims to test the setting functions, including internal ones */
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
diff --git a/test/rsa_test.c b/test/rsa_test.c
index 084f533ac1..1fbfe821cb 100644
--- a/test/rsa_test.c
+++ b/test/rsa_test.c
@@ -9,6 +9,12 @@
/* test vectors from p1ovect1.txt */
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 50f1f1f745..cf98794b5a 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -205,7 +205,7 @@ d2i_CRL_DIST_POINTS 208 3_0_0 EXIST::FUNCTION:
X509_CRL_INFO_free 209 3_0_0 EXIST::FUNCTION:
ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION:
ERR_load_strings 211 3_0_0 EXIST::FUNCTION:
-RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:RSA
+RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC
PEM_write_PKCS8_PRIV_KEY_INFO 214 3_0_0 EXIST::FUNCTION:STDIO
X509at_get0_data_by_OBJ 215 3_0_0 EXIST::FUNCTION:
@@ -241,7 +241,7 @@ MDC2 245 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
BN_clear_free 246 3_0_0 EXIST::FUNCTION:
ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:ENGINE
DSO_merge 248 3_0_0 EXIST::FUNCTION:
-RSA_get_ex_data 249 3_0_0 EXIST::FUNCTION:RSA
+RSA_get_ex_data 249 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_PKEY_meth_get_decrypt 250 3_0_0 EXIST::FUNCTION:
DES_cfb_encrypt 251 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
CMS_SignerInfo_set1_signer_cert 252 3_0_0 EXIST::FUNCTION:CMS
@@ -275,7 +275,7 @@ d2i_PKCS7_ENC_CONTENT 280 3_0_0 EXIST::FUNCTION:
BUF_MEM_grow 281 3_0_0 EXIST::FUNCTION:
TS_REQ_free 282 3_0_0 EXIST::FUNCTION:TS
PEM_read_DHparams 283 3_0_0 EXIST::FUNCTION:DH,STDIO
-RSA_private_decrypt 284 3_0_0 EXIST::FUNCTION:RSA
+RSA_private_decrypt 284 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509V3_EXT_get_nid 285 3_0_0 EXIST::FUNCTION:
BIO_s_log 286 3_0_0 EXIST::FUNCTION:
EC_POINT_set_to_infinity 287 3_0_0 EXIST::FUNCTION:EC
@@ -345,7 +345,7 @@ RC4 350 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
PKCS7_stream 352 3_0_0 EXIST::FUNCTION:
i2t_ASN1_OBJECT 353 3_0_0 EXIST::FUNCTION:
EC_GROUP_get0_generator 354 3_0_0 EXIST::FUNCTION:EC
-RSA_padding_add_PKCS1_PSS_mgf1 355 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS_mgf1 355 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_MD_meth_set_init 356 3_0_0 EXIST::FUNCTION:
X509_get_issuer_name 357 3_0_0 EXIST::FUNCTION:
EVP_SignFinal 358 3_0_0 EXIST::FUNCTION:
@@ -367,7 +367,7 @@ BIO_new_mem_buf 373 3_0_0 EXIST::FUNCTION:
UI_get_input_flags 374 3_0_0 EXIST::FUNCTION:
X509V3_EXT_REQ_add_nconf 375 3_0_0 EXIST::FUNCTION:
X509v3_asid_subset 376 3_0_0 EXIST::FUNCTION:RFC3779
-RSA_check_key_ex 377 3_0_0 EXIST::FUNCTION:RSA
+RSA_check_key_ex 377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
d2i_TS_MSG_IMPRINT_bio 378 3_0_0 EXIST::FUNCTION:TS
i2d_ASN1_TYPE 379 3_0_0 EXIST::FUNCTION:
EVP_aes_256_wrap_pad 380 3_0_0 EXIST::FUNCTION:
@@ -440,7 +440,7 @@ X509_get_default_private_dir 447 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_set0_dane 448 3_0_0 EXIST::FUNCTION:
EVP_des_ecb 449 3_0_0 EXIST::FUNCTION:DES
OCSP_resp_get0 450 3_0_0 EXIST::FUNCTION:OCSP
-RSA_X931_generate_key_ex 452 3_0_0 EXIST::FUNCTION:RSA
+RSA_X931_generate_key_ex 452 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_get_serialNumber 453 3_0_0 EXIST::FUNCTION:
BIO_sock_should_retry 454 3_0_0 EXIST::FUNCTION:SOCK
ENGINE_get_digests 455 3_0_0 EXIST::FUNCTION:ENGINE
@@ -533,7 +533,7 @@ CONF_get_number 544 3_0_0 EXIST::FUNCTION:
X509_EXTENSION_get_object 545 3_0_0 EXIST::FUNCTION:
X509_EXTENSIONS_it 546 3_0_0 EXIST::FUNCTION:
EC_POINT_set_compressed_coordinates_GF2m 547 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M
-RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:RSA
+RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
d2i_X509_CRL_fp 549 3_0_0 EXIST::FUNCTION:STDIO
i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:RSA
EVP_aes_128_ccm 551 3_0_0 EXIST::FUNCTION:
@@ -553,7 +553,7 @@ X509_EXTENSION_free 564 3_0_0 EXIST::FUNCTION:
EVP_DigestSignInit 565 3_0_0 EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_get0_issuer 566 3_0_0 EXIST::FUNCTION:CT
TLS_FEATURE_new 567 3_0_0 EXIST::FUNCTION:
-RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:RSA
+RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
CRYPTO_cts128_encrypt_block 569 3_0_0 EXIST::FUNCTION:
ASN1_digest 570 3_0_0 EXIST::FUNCTION:
ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION:
@@ -726,7 +726,7 @@ BN_set_params 744 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0
BN_add 745 3_0_0 EXIST::FUNCTION:
OPENSSL_sk_free 746 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_get_ext_d2i 747 3_0_0 EXIST::FUNCTION:TS
-RSA_check_key 748 3_0_0 EXIST::FUNCTION:RSA
+RSA_check_key 748 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
TS_MSG_IMPRINT_set_algo 749 3_0_0 EXIST::FUNCTION:TS
BN_nist_mod_521 750 3_0_0 EXIST::FUNCTION:
CRYPTO_THREAD_get_local 751 3_0_0 EXIST::FUNCTION:
@@ -838,18 +838,18 @@ X509_STORE_free 858 3_0_0 EXIST::FUNCTION:
ECDSA_sign_ex 859 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
TXT_DB_insert 860 3_0_0 EXIST::FUNCTION:
EC_POINTs_make_affine 861 3_0_0 EXIST::FUNCTION:EC
-RSA_padding_add_PKCS1_PSS 862 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS 862 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
BF_options 863 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
OCSP_BASICRESP_it 864 3_0_0 EXIST::FUNCTION:OCSP
X509_VERIFY_PARAM_get0_name 865 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_signer_digest 866 3_0_0 EXIST::FUNCTION:TS
X509_VERIFY_PARAM_set1_email 867 3_0_0 EXIST::FUNCTION:
BIO_sock_error 868 3_0_0 EXIST::FUNCTION:SOCK
-RSA_set_default_method 869 3_0_0 EXIST::FUNCTION:RSA
+RSA_set_default_method 869 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
BN_GF2m_mod_sqrt_arr 870 3_0_0 EXIST::FUNCTION:EC2M
X509_get0_extensions 871 3_0_0 EXIST::FUNCTION:
TS_STATUS_INFO_set_status 872 3_0_0 EXIST::FUNCTION:TS
-RSA_verify 873 3_0_0 EXIST::FUNCTION:RSA
+RSA_verify 873 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ASN1_FBOOLEAN_it 874 3_0_0 EXIST::FUNCTION:
d2i_ASN1_TIME 875 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_signctx 876 3_0_0 EXIST::FUNCTION:
@@ -899,7 +899,7 @@ CONF_set_default_method 920 3_0_0 EXIST::FUNCTION:
ASN1_PCTX_get_nm_flags 921 3_0_0 EXIST::FUNCTION:
X509_add1_ext_i2d 922 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_RECIP_INFO 924 3_0_0 EXIST::FUNCTION:
-PKCS1_MGF1 925 3_0_0 EXIST::FUNCTION:RSA
+PKCS1_MGF1 925 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
BIO_vsnprintf 926 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_current_issuer 927 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_malloc_initialized 928 3_0_0 EXIST::FUNCTION:
@@ -936,7 +936,7 @@ PKEY_USAGE_PERIOD_new 959 3_0_0 EXIST::FUNCTION:
OBJ_NAME_init 960 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_keygen 961 3_0_0 EXIST::FUNCTION:
RSA_PSS_PARAMS_new 962 3_0_0 EXIST::FUNCTION:RSA
-RSA_sign 963 3_0_0 EXIST::FUNCTION:RSA
+RSA_sign 963 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_DigestVerifyFinal 964 3_0_0 EXIST::FUNCTION:
d2i_RSA_PUBKEY_bio 965 3_0_0 EXIST::FUNCTION:RSA
TS_RESP_dup 966 3_0_0 EXIST::FUNCTION:TS
@@ -1078,7 +1078,7 @@ PEM_read_bio_EC_PUBKEY 1104 3_0_0 EXIST::FUNCTION:EC
BN_MONT_CTX_set 1105 3_0_0 EXIST::FUNCTION:
TS_CONF_set_serial 1106 3_0_0 EXIST::FUNCTION:TS
X509_NAME_ENTRY_new 1107 3_0_0 EXIST::FUNCTION:
-RSA_security_bits 1108 3_0_0 EXIST::FUNCTION:RSA
+RSA_security_bits 1108 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509v3_addr_add_prefix 1109 3_0_0 EXIST::FUNCTION:RFC3779
X509_REQ_print_fp 1110 3_0_0 EXIST::FUNCTION:STDIO
ASN1_item_ex_new 1111 3_0_0 EXIST::FUNCTION:
@@ -1089,7 +1089,7 @@ ASN1_TYPE_get 1115 3_0_0 EXIST::FUNCTION:
i2d_X509_EXTENSIONS 1116 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_store 1117 3_0_0 EXIST::FUNCTION:
PKCS12_pack_p7data 1118 3_0_0 EXIST::FUNCTION:
-RSA_print_fp 1119 3_0_0 EXIST::FUNCTION:RSA,STDIO
+RSA_print_fp 1119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
OPENSSL_INIT_set_config_appname 1120 3_0_0 EXIST::FUNCTION:STDIO
EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:EC,STDIO
BIO_dup_chain 1122 3_0_0 EXIST::FUNCTION:
@@ -1192,7 +1192,7 @@ OCSP_CERTSTATUS_it 1218 3_0_0 EXIST::FUNCTION:OCSP
BIO_f_reliable 1219 3_0_0 EXIST::FUNCTION:
OCSP_resp_count 1220 3_0_0 EXIST::FUNCTION:OCSP
i2d_X509_AUX 1221 3_0_0 EXIST::FUNCTION:
-RSA_verify_PKCS1_PSS_mgf1 1222 3_0_0 EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS_mgf1 1222 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_time_adj 1223 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_find_str 1224 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_get_flags 1225 3_0_0 EXIST::FUNCTION:
@@ -1209,7 +1209,7 @@ X509_NAME_hash_old 1235 3_0_0 EXIST::FUNCTION:
PBKDF2PARAM_free 1236 3_0_0 EXIST::FUNCTION:
i2d_CMS_ContentInfo 1237 3_0_0 EXIST::FUNCTION:CMS
EVP_CIPHER_meth_set_ctrl 1238 3_0_0 EXIST::FUNCTION:
-RSA_public_decrypt 1239 3_0_0 EXIST::FUNCTION:RSA
+RSA_public_decrypt 1239 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ENGINE_get_id 1240 3_0_0 EXIST::FUNCTION:ENGINE
PKCS12_item_decrypt_d2i 1241 3_0_0 EXIST::FUNCTION:
PEM_read_bio_DSAparams 1242 3_0_0 EXIST::FUNCTION:DSA
@@ -1299,7 +1299,7 @@ EVP_CIPHER_do_all 1327 3_0_0 EXIST::FUNCTION:
POLICY_MAPPINGS_it 1328 3_0_0 EXIST::FUNCTION:
SCT_set0_log_id 1329 3_0_0 EXIST::FUNCTION:CT
CRYPTO_cfb128_encrypt 1330 3_0_0 EXIST::FUNCTION:
-RSA_padding_add_PKCS1_type_2 1331 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_2 1331 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
TS_CONF_set_signer_cert 1332 3_0_0 EXIST::FUNCTION:TS
i2d_ASN1_OBJECT 1333 3_0_0 EXIST::FUNCTION:
d2i_PKCS8_PRIV_KEY_INFO_bio 1334 3_0_0 EXIST::FUNCTION:
@@ -1392,7 +1392,7 @@ EVP_PBE_get 1424 3_0_0 EXIST::FUNCTION:
CRYPTO_nistcts128_encrypt 1425 3_0_0 EXIST::FUNCTION:
CONF_modules_finish 1426 3_0_0 EXIST::FUNCTION:
BN_value_one 1427 3_0_0 EXIST::FUNCTION:
-RSA_padding_add_SSLv23 1428 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_SSLv23 1428 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
OCSP_RESPBYTES_it 1429 3_0_0 EXIST::FUNCTION:OCSP
EVP_aes_192_wrap 1430 3_0_0 EXIST::FUNCTION:
OCSP_CERTID_it 1431 3_0_0 EXIST::FUNCTION:OCSP
@@ -1559,7 +1559,7 @@ CTLOG_get0_name 1593 3_0_0 EXIST::FUNCTION:CT
ASN1_TBOOLEAN_it 1594 3_0_0 EXIST::FUNCTION:
RC2_set_key 1595 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
X509_REVOKED_get_ext_by_NID 1596 3_0_0 EXIST::FUNCTION:
-RSA_padding_add_none 1597 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_none 1597 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_rc5_32_12_16_cbc 1599 3_0_0 EXIST::FUNCTION:RC5
PEM_dek_info 1600 3_0_0 EXIST::FUNCTION:
ASN1_SCTX_get_template 1601 3_0_0 EXIST::FUNCTION:
@@ -1613,7 +1613,7 @@ i2d_EDIPARTYNAME 1649 3_0_0 EXIST::FUNCTION:
X509_policy_tree_get0_policies 1650 3_0_0 EXIST::FUNCTION:
X509at_add1_attr 1651 3_0_0 EXIST::FUNCTION:
X509_get_ex_data 1653 3_0_0 EXIST::FUNCTION:
-RSA_set_method 1654 3_0_0 EXIST::FUNCTION:RSA
+RSA_set_method 1654 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_REVOKED_dup 1655 3_0_0 EXIST::FUNCTION:
ASN1_TIME_new 1656 3_0_0 EXIST::FUNCTION:
PEM_write_NETSCAPE_CERT_SEQUENCE 1657 3_0_0 EXIST::FUNCTION:STDIO
@@ -1664,7 +1664,7 @@ ESS_SIGNING_CERT_dup 1701 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_DSA 1702 3_0_0 EXIST::FUNCTION:ENGINE
X509_REVOKED_new 1703 3_0_0 EXIST::FUNCTION:
NCONF_WIN32 1704 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-RSA_padding_check_PKCS1_OAEP_mgf1 1705 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP_mgf1 1705 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_policy_tree_get0_level 1706 3_0_0 EXIST::FUNCTION:
ASN1_parse_dump 1708 3_0_0 EXIST::FUNCTION:
BIO_vfree 1709 3_0_0 EXIST::FUNCTION:
@@ -1831,7 +1831,7 @@ OCSP_single_get0_status 1873 3_0_0 EXIST::FUNCTION:OCSP
d2i_AUTHORITY_INFO_ACCESS 1874 3_0_0 EXIST::FUNCTION:
PEM_read_RSAPrivateKey 1875 3_0_0 EXIST::FUNCTION:RSA,STDIO
BIO_closesocket 1876 3_0_0 EXIST::FUNCTION:SOCK
-RSA_verify_ASN1_OCTET_STRING 1877 3_0_0 EXIST::FUNCTION:RSA
+RSA_verify_ASN1_OCTET_STRING 1877 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
SCT_set_log_entry_type 1878 3_0_0 EXIST::FUNCTION:CT
BN_new 1879 3_0_0 EXIST::FUNCTION:
X509_OBJECT_retrieve_by_subject 1880 3_0_0 EXIST::FUNCTION:
@@ -2070,7 +2070,7 @@ i2d_ASIdentifiers 2115 3_0_0 EXIST::FUNCTION:RFC3779
X509V3_EXT_cleanup 2116 3_0_0 EXIST::FUNCTION:
CAST_ecb_encrypt 2117 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
BIO_s_file 2118 3_0_0 EXIST::FUNCTION:
-RSA_X931_derive_ex 2119 3_0_0 EXIST::FUNCTION:RSA
+RSA_X931_derive_ex 2119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_PKEY_decrypt_init 2120 3_0_0 EXIST::FUNCTION:
ENGINE_get_destroy_function 2121 3_0_0 EXIST::FUNCTION:ENGINE
SHA224_Init 2122 3_0_0 EXIST::FUNCTION:
@@ -2252,7 +2252,7 @@ ESS_ISSUER_SERIAL_free 2299 3_0_0 EXIST::FUNCTION:
BN_mod_exp_mont_word 2300 3_0_0 EXIST::FUNCTION:
X509V3_EXT_nconf_nid 2301 3_0_0 EXIST::FUNCTION:
UTF8_putc 2302 3_0_0 EXIST::FUNCTION:
-RSA_private_encrypt 2303 3_0_0 EXIST::FUNCTION:RSA
+RSA_private_encrypt 2303 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_LOOKUP_shutdown 2304 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_set_accuracy 2305 3_0_0 EXIST::FUNCTION:TS
OCSP_basic_verify 2306 3_0_0 EXIST::FUNCTION:OCSP
@@ -2348,7 +2348,7 @@ X509_LOOKUP_by_alias 2396 3_0_0 EXIST::FUNCTION:
EC_KEY_set_conv_form 2397 3_0_0 EXIST::FUNCTION:EC
X509_TRUST_get_count 2399 3_0_0 EXIST::FUNCTION:
IPAddressOrRange_free 2400 3_0_0 EXIST::FUNCTION:RFC3779
-RSA_padding_add_PKCS1_OAEP 2401 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_OAEP 2401 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:EC
SRP_VBASE_new 2403 3_0_0 EXIST::FUNCTION:SRP
i2d_ECDSA_SIG 2404 3_0_0 EXIST::FUNCTION:EC
@@ -2375,7 +2375,7 @@ ASN1_GENERALIZEDTIME_it 2425 3_0_0 EXIST::FUNCTION:
PKCS8_pkey_get0 2426 3_0_0 EXIST::FUNCTION:
OCSP_sendreq_new 2427 3_0_0 EXIST::FUNCTION:OCSP
EVP_aes_256_cfb128 2428 3_0_0 EXIST::FUNCTION:
-RSA_set_ex_data 2429 3_0_0 EXIST::FUNCTION:RSA
+RSA_set_ex_data 2429 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
BN_GENCB_call 2430 3_0_0 EXIST::FUNCTION:
X509V3_EXT_add_nconf_sk 2431 3_0_0 EXIST::FUNCTION:
i2d_TS_MSG_IMPRINT_fp 2432 3_0_0 EXIST::FUNCTION:STDIO,TS
@@ -2521,7 +2521,7 @@ EVP_CIPHER_meth_get_cleanup 2574 3_0_0 EXIST::FUNCTION:
ASN1_item_ex_d2i 2575 3_0_0 EXIST::FUNCTION:
EVP_MD_meth_free 2576 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_new 2577 3_0_0 EXIST::FUNCTION:
-RSA_padding_check_PKCS1_OAEP 2578 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP 2578 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
OCSP_SERVICELOC_it 2579 3_0_0 EXIST::FUNCTION:OCSP
PKCS12_SAFEBAG_get_nid 2580 3_0_0 EXIST::FUNCTION:
EVP_MD_CTX_set_update_fn 2581 3_0_0 EXIST::FUNCTION:
@@ -2586,7 +2586,7 @@ d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION:
ERR_load_COMP_strings 2641 3_0_0 EXIST::FUNCTION:COMP
EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION:
EVP_rc4_40 2643 3_0_0 EXIST::FUNCTION:RC4
-RSA_bits 2645 3_0_0 EXIST::FUNCTION:RSA
+RSA_bits 2645 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION:
GENERAL_NAMES_it 2647 3_0_0 EXIST::FUNCTION:
X509_issuer_name_hash 2648 3_0_0 EXIST::FUNCTION:
@@ -2610,7 +2610,7 @@ X509_load_cert_file 2665 3_0_0 EXIST::FUNCTION:
EC_GFp_nistp521_method 2667 3_0_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
ECDSA_SIG_free 2668 3_0_0 EXIST::FUNCTION:EC
d2i_PKCS12_BAGS 2669 3_0_0 EXIST::FUNCTION:
-RSA_public_encrypt 2670 3_0_0 EXIST::FUNCTION:RSA
+RSA_public_encrypt 2670 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_CRL_get0_extensions 2671 3_0_0 EXIST::FUNCTION:
CMS_digest_verify 2672 3_0_0 EXIST::FUNCTION:CMS
ASN1_GENERALIZEDTIME_set 2673 3_0_0 EXIST::FUNCTION:
@@ -2839,7 +2839,7 @@ ENGINE_get_last 2900 3_0_0 EXIST::FUNCTION:ENGINE
EVP_PKEY_encrypt_init 2901 3_0_0 EXIST::FUNCTION:
i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO
X509_REQ_print 2903 3_0_0 EXIST::FUNCTION:
-RSA_size 2904 3_0_0 EXIST::FUNCTION:RSA
+RSA_size 2904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION:
DH_set_default_method 2906 3_0_0 EXIST::FUNCTION:DH
X509_ALGOR_new 2907 3_0_0 EXIST::FUNCTION:
@@ -2933,7 +2933,7 @@ SHA384 2995 3_0_0 EXIST::FUNCTION:
NCONF_get_string 2996 3_0_0 EXIST::FUNCTION:
d2i_PROXY_CERT_INFO_EXTENSION 2997 3_0_0 EXIST::FUNCTION:
EC_POINT_point2buf 2998 3_0_0 EXIST::FUNCTION:EC
-RSA_padding_add_PKCS1_OAEP_mgf1 2999 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_OAEP_mgf1 2999 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
COMP_CTX_get_type 3000 3_0_0 EXIST::FUNCTION:COMP
TS_RESP_CTX_set_status_info 3001 3_0_0 EXIST::FUNCTION:TS
BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION:
@@ -3014,7 +3014,7 @@ ENGINE_load_private_key 3078 3_0_0 EXIST::FUNCTION:ENGINE
GENERAL_NAMES_new 3079 3_0_0 EXIST::FUNCTION:
i2d_POLICYQUALINFO 3080 3_0_0 EXIST::FUNCTION:
EC_GF2m_simple_method 3081 3_0_0 EXIST::FUNCTION:EC,EC2M
-RSA_get_method 3082 3_0_0 EXIST::FUNCTION:RSA
+RSA_get_method 3082 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
d2i_ASRange 3083 3_0_0 EXIST::FUNCTION:RFC3779
CMS_ContentInfo_new 3084 3_0_0 EXIST::FUNCTION:CMS
OPENSSL_init_crypto 3085 3_0_0 EXIST::FUNCTION:
@@ -3053,7 +3053,7 @@ i2d_RSA_PSS_PARAMS 3117 3_0_0 EXIST::FUNCTION:RSA
EVP_aes_128_wrap_pad 3118 3_0_0 EXIST::FUNCTION:
ASN1_BIT_STRING_set 3119 3_0_0 EXIST::FUNCTION:
PKCS5_PBKDF2_HMAC_SHA1 3120 3_0_0 EXIST::FUNCTION:
-RSA_padding_check_PKCS1_type_2 3121 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_2 3121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_des_ede3_ecb 3122 3_0_0 EXIST::FUNCTION:DES
CBIGNUM_it 3123 3_0_0 EXIST::FUNCTION:
BIO_new_NDEF 3124 3_0_0 EXIST::FUNCTION:
@@ -3124,7 +3124,7 @@ BN_mod_add 3189 3_0_0 EXIST::FUNCTION:
EC_POINT_set_affine_coordinates_GFp 3190 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_get_default_cert_file 3191 3_0_0 EXIST::FUNCTION:
UI_method_set_flusher 3192 3_0_0 EXIST::FUNCTION:
-RSA_new_method 3193 3_0_0 EXIST::FUNCTION:RSA
+RSA_new_method 3193 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
OCSP_request_verify 3194 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_THREAD_run_once 3195 3_0_0 EXIST::FUNCTION:
TS_REQ_print_bio 3196 3_0_0 EXIST::FUNCTION:TS
@@ -3211,7 +3211,7 @@ POLICY_CONSTRAINTS_free 3277 3_0_0 EXIST::FUNCTION:
EVP_aes_256_cfb8 3278 3_0_0 EXIST::FUNCTION:
d2i_DSA_PUBKEY_bio 3279 3_0_0 EXIST::FUNCTION:DSA
X509_NAME_get_text_by_OBJ 3280 3_0_0 EXIST::FUNCTION:
-RSA_padding_check_none 3281 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_check_none 3281 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
CRYPTO_set_mem_debug 3282 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
TS_VERIFY_CTX_init 3283 3_0_0 EXIST::FUNCTION:TS
OCSP_cert_id_new 3284 3_0_0 EXIST::FUNCTION:OCSP
@@ -3265,7 +3265,7 @@ X509_PKEY_free 3332 3_0_0 EXIST::FUNCTION:
OCSP_CRLID_new 3333 3_0_0 EXIST::FUNCTION:OCSP
CONF_dump_bio 3334 3_0_0 EXIST::FUNCTION:
d2i_PKCS8PrivateKey_fp 3335 3_0_0 EXIST::FUNCTION:STDIO
-RSA_setup_blinding 3336 3_0_0 EXIST::FUNCTION:RSA
+RSA_setup_blinding 3336 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ERR_peek_error_line 3337 3_0_0 EXIST::FUNCTION:
d2i_PKCS7 3338 3_0_0 EXIST::FUNCTION:
ERR_reason_error_string 3339 3_0_0 EXIST::FUNCTION:
@@ -3286,7 +3286,7 @@ OPENSSL_sk_is_sorted 3353 3_0_0 EXIST::FUNCTION:
OCSP_SIGNATURE_new 3354 3_0_0 EXIST::FUNCTION:OCSP
EVP_PKEY_meth_get_paramgen 3355 3_0_0 EXIST::FUNCTION:
X509_ATTRIBUTE_create_by_OBJ 3356 3_0_0 EXIST::FUNCTION:
-RSA_generate_key_ex 3357 3_0_0 EXIST::FUNCTION:RSA
+RSA_generate_key_ex 3357 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
CMS_SignerInfo_get0_algs 3358 3_0_0 EXIST::FUNCTION:CMS
DIST_POINT_free 3359 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_free 3360 3_0_0 EXIST::FUNCTION:
@@ -3302,7 +3302,7 @@ PKCS7_ENVELOPE_new 3369 3_0_0 EXIST::FUNCTION:
EDIPARTYNAME_new 3370 3_0_0 EXIST::FUNCTION:
CMS_add1_cert 3371 3_0_0 EXIST::FUNCTION:CMS
DSO_convert_filename 3372 3_0_0 EXIST::FUNCTION:
-RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
CRYPTO_gcm128_finish 3374 3_0_0 EXIST::FUNCTION:
PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST::FUNCTION:
PKCS12_PBE_add 3376 3_0_0 EXIST::FUNCTION:
@@ -3340,14 +3340,14 @@ CRYPTO_new_ex_data 3409 3_0_0 EXIST::FUNCTION:
PEM_read_PKCS8_PRIV_KEY_INFO 3410 3_0_0 EXIST::FUNCTION:STDIO
TS_VERIFY_CTX_new 3411 3_0_0 EXIST::FUNCTION:TS
BUF_MEM_new_ex 3412 3_0_0 EXIST::FUNCTION:
-RSA_padding_add_X931 3413 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_X931 3413 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
BN_get0_nist_prime_256 3414 3_0_0 EXIST::FUNCTION:
CRYPTO_memcmp 3415 3_0_0 EXIST::FUNCTION:
DH_check_pub_key 3416 3_0_0 EXIST::FUNCTION:DH
ASN1_mbstring_copy 3417 3_0_0 EXIST::FUNCTION:
PKCS7_set_type 3418 3_0_0 EXIST::FUNCTION:
BIO_gets 3419 3_0_0 EXIST::FUNCTION:
-RSA_padding_check_PKCS1_type_1 3420 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_1 3420 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
UI_ctrl 3421 3_0_0 EXIST::FUNCTION:
i2d_X509_REQ_fp 3422 3_0_0 EXIST::FUNCTION:STDIO
BN_BLINDING_convert_ex 3423 3_0_0 EXIST::FUNCTION:
@@ -3393,7 +3393,7 @@ BIO_number_written 3463 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_set_msg_imprint 3464 3_0_0 EXIST::FUNCTION:TS
CRYPTO_get_ex_data 3465 3_0_0 EXIST::FUNCTION:
X509_PURPOSE_get0_sname 3466 3_0_0 EXIST::FUNCTION:
-RSA_verify_PKCS1_PSS 3467 3_0_0 EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS 3467 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
HMAC_CTX_reset 3468 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_meth_set_init 3469 3_0_0 EXIST::FUNCTION:
X509_REQ_extension_nid 3470 3_0_0 EXIST::FUNCTION:
@@ -3558,7 +3558,7 @@ SHA384_Update 3635 3_0_0 EXIST::FUNCTION:
CRYPTO_cfb128_1_encrypt 3636 3_0_0 EXIST::FUNCTION:
BIO_set_cipher 3637 3_0_0 EXIST::FUNCTION:
PEM_read_PUBKEY 3638 3_0_0 EXIST::FUNCTION:STDIO
-RSA_PKCS1_OpenSSL 3639 3_0_0 EXIST::FUNCTION:RSA
+RSA_PKCS1_OpenSSL 3639 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
AUTHORITY_INFO_ACCESS_free 3640 3_0_0 EXIST::FUNCTION:
SCT_get0_signature 3641 3_0_0 EXIST::FUNCTION:CT
DISPLAYTEXT_it 3643 3_0_0 EXIST::FUNCTION:
@@ -3569,7 +3569,7 @@ X509_REQ_set_extension_nids 3647 3_0_0 EXIST::FUNCTION:
X509_free 3648 3_0_0 EXIST::FUNCTION:
ERR_load_ERR_strings 3649 3_0_0 EXIST::FUNCTION:
ASN1_const_check_infinite_end 3650 3_0_0 EXIST::FUNCTION:
-RSA_null_method 3651 3_0_0 EXIST::FUNCTION:RSA
+RSA_null_method 3651 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
TS_REQ_ext_free 3652 3_0_0 EXIST::FUNCTION:TS
EVP_PKEY_meth_get_encrypt 3653 3_0_0 EXIST::FUNCTION:
Camellia_ecb_encrypt 3654 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
@@ -3604,7 +3604,7 @@ BIO_ADDR_free 3683 3_0_0 EXIST::FUNCTION:SOCK
ASN1_STRING_free 3684 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_inherit 3685 3_0_0 EXIST::FUNCTION:
EC_GROUP_get_curve_name 3686 3_0_0 EXIST::FUNCTION:EC
-RSA_print 3687 3_0_0 EXIST::FUNCTION:RSA
+RSA_print 3687 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
i2d_ASN1_BMPSTRING 3688 3_0_0 EXIST::FUNCTION:
EVP_PKEY_decrypt_old 3689 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ASN1_UTCTIME_cmp_time_t 3690 3_0_0 EXIST::FUNCTION:
@@ -3678,7 +3678,7 @@ BIO_set_callback 3757 3_0_0 EXIST::FUNCTION:
BN_GF2m_poly2arr 3758 3_0_0 EXIST::FUNCTION:EC2M
CMS_unsigned_get_attr_count 3759 3_0_0 EXIST::FUNCTION:CMS
EVP_aes_256_gcm 3760 3_0_0 EXIST::FUNCTION:
-RSA_padding_check_X931 3761 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_check_X931 3761 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ECDH_compute_key 3762 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ASN1_TIME_print 3763 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_peerkey 3764 3_0_0 EXIST::FUNCTION:
@@ -3759,7 +3759,7 @@ i2d_ASN1_INTEGER 3840 3_0_0 EXIST::FUNCTION:
OCSP_SINGLERESP_add1_ext_i2d 3841 3_0_0 EXIST::FUNCTION:OCSP
PKCS7_add_signed_attribute 3842 3_0_0 EXIST::FUNCTION:
i2d_PrivateKey_bio 3843 3_0_0 EXIST::FUNCTION:
-RSA_padding_add_PKCS1_type_1 3844 3_0_0 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_1 3844 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
i2d_re_X509_tbs 3845 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_iv_length 3846 3_0_0 EXIST::FUNCTION:
OCSP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION:
@@ -3908,44 +3908,44 @@ X509_VERIFY_PARAM_set_auth_level 3991 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_get_auth_level 3992 3_0_0 EXIST::FUNCTION:
X509_REQ_get0_pubkey 3993 3_0_0 EXIST::FUNCTION:
RSA_set0_key 3994 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_flags 3995 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_finish 3996 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_priv_dec 3997 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_sign 3998 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_bn_mod_exp 3999 3_0_0 EXIST::FUNCTION:RSA
+RSA_meth_get_flags 3995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_finish 3996 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_priv_dec 3997 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_sign 3998 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_bn_mod_exp 3999 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_test_flags 4000 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_new 4001 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get0_app_data 4002 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_dup 4003 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set1_name 4004 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set0_app_data 4005 3_0_0 EXIST::FUNCTION:RSA
+RSA_meth_new 4001 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get0_app_data 4002 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_dup 4003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set1_name 4004 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set0_app_data 4005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_set_flags 4006 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_sign 4007 3_0_0 EXIST::FUNCTION:RSA
+RSA_meth_set_sign 4007 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_clear_flags 4008 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_keygen 4009 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_keygen 4010 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_pub_dec 4011 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_finish 4012 3_0_0 EXIST::FUNCTION:RSA
+RSA_meth_get_keygen 4009 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_keygen 4010 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_pub_dec 4011 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_finish 4012 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_get0_key 4013 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_engine 4014 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_priv_enc 4015 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_verify 4016 3_0_0 EXIST::FUNCTION:RSA
+RSA_get0_engine 4014 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_priv_enc 4015 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_verify 4016 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_get0_factors 4017 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get0_name 4018 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_mod_exp 4019 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_flags 4020 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_pub_dec 4021 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_bn_mod_exp 4022 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_init 4023 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_free 4024 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_pub_enc 4025 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_mod_exp 4026 3_0_0 EXIST::FUNCTION:RSA
+RSA_meth_get0_name 4018 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_mod_exp 4019 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_flags 4020 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_pub_dec 4021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_bn_mod_exp 4022 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_init 4023 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_free 4024 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_pub_enc 4025 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_mod_exp 4026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_set0_factors 4027 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_pub_enc 4028 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_priv_dec 4029 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_verify 4030 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_init 4031 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_priv_enc 4032 3_0_0 EXIST::FUNCTION:RSA
+RSA_meth_set_pub_enc 4028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_priv_dec 4029 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_verify 4030 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_init 4031 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_priv_enc 4032 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_set0_crt_params 4037 3_0_0 EXIST::FUNCTION:RSA
RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:RSA
DH_set0_pqg 4039 3_0_0 EXIST::FUNCTION:DH
@@ -4273,14 +4273,14 @@ EVP_PKEY_asn1_set_param_check 4368 3_0_0 EXIST::FUNCTION:
DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DH
DH_check_pub_key_ex 4370 3_0_0 EXIST::FUNCTION:DH
DH_check_params_ex 4371 3_0_0 EXIST::FUNCTION:DH
-RSA_generate_multi_prime_key 4372 3_0_0 EXIST::FUNCTION:RSA
+RSA_generate_multi_prime_key 4372 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_get_multi_prime_extra_count 4373 3_0_0 EXIST::FUNCTION:RSA
OCSP_resp_get0_signer 4374 3_0_0 EXIST::FUNCTION:OCSP
RSA_get0_multi_prime_crt_params 4375 3_0_0 EXIST::FUNCTION:RSA
RSA_set0_multi_prime_params 4376 3_0_0 EXIST::FUNCTION:RSA
-RSA_get_version 4377 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_get_multi_prime_keygen 4378 3_0_0 EXIST::FUNCTION:RSA
-RSA_meth_set_multi_prime_keygen 4379 3_0_0 EXIST::FUNCTION:RSA
+RSA_get_version 4377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_get_multi_prime_keygen 4378 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_meth_set_multi_prime_keygen 4379 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RAND_DRBG_get0_master 4380 3_0_0 EXIST::FUNCTION:
RAND_DRBG_set_reseed_time_interval 4381 3_0_0 EXIST::FUNCTION:
PROFESSION_INFO_get0_addProfessionInfo 4382 3_0_0 EXIST::FUNCTION:
@@ -4898,7 +4898,7 @@ d2i_X509_PUBKEY_fp ? 3_0_0 EXIST::FUNCTION:STDIO
i2d_X509_PUBKEY_fp ? 3_0_0 EXIST::FUNCTION:STDIO
d2i_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION:
i2d_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION:
-RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:RSA
+RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION:
OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP
BIO_f_prefix ? 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list