[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Feb 20 09:58:18 UTC 2020
The branch master has been updated
via ada66e78ef535fe80e422bbbadffe8e7863d457c (commit)
via 0ad05b190ebb3a62f8519c8c4c721304c2405849 (commit)
via 2c64df660fd3efe30db0c48e8218ab87f5189c85 (commit)
from c5f8713443c8d606ff149b12c478cd6162f2a7ac (commit)
- Log -----------------------------------------------------------------
commit ada66e78ef535fe80e422bbbadffe8e7863d457c
Author: Pauli <paul.dale at oracle.com>
Date: Mon Feb 3 19:05:31 2020 +1000
Deprecate the low level Diffie-Hellman functions.
Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
commit 0ad05b190ebb3a62f8519c8c4c721304c2405849
Author: Pauli <paul.dale at oracle.com>
Date: Sun Feb 16 17:31:04 2020 +1000
DH: add CHANGES entry listing the deprecated DH functions.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
commit 2c64df660fd3efe30db0c48e8218ab87f5189c85
Author: Pauli <paul.dale at oracle.com>
Date: Mon Feb 3 16:03:12 2020 +1000
DH: fix header file indentation
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 23 ++
apps/lib/s_cb.c | 15 +-
apps/progs.pl | 1 -
crypto/dh/dh_ameth.c | 6 +
crypto/dh/dh_asn1.c | 6 +
crypto/dh/dh_check.c | 6 +
crypto/dh/dh_depr.c | 6 +
crypto/dh/dh_gen.c | 6 +
crypto/dh/dh_group_params.c | 6 +
crypto/dh/dh_kdf.c | 6 +
crypto/dh/dh_key.c | 6 +
crypto/dh/dh_lib.c | 6 +
crypto/dh/dh_meth.c | 6 +
crypto/dh/dh_pmeth.c | 2 +-
crypto/dh/dh_prn.c | 6 +
crypto/dh/dh_rfc5114.c | 6 +
crypto/evp/pmeth_lib.c | 6 +
doc/man3/DH_generate_key.pod | 13 +
doc/man3/DH_generate_parameters.pod | 11 +
doc/man3/DH_get0_pqg.pod | 13 +-
doc/man3/DH_meth_new.pod | 9 +
doc/man3/DH_new_by_nid.pod | 12 +-
doc/man3/DH_set_method.pod | 11 +
doc/man3/DH_size.pod | 11 +
doc/man3/DSA_dup_DH.pod | 12 +
fuzz/asn1.c | 4 +-
include/openssl/dh.h | 448 +++++++++++----------
include/openssl/dsa.h | 4 +-
providers/implementations/exchange/dh_exch.c | 6 +
providers/implementations/keymgmt/dh_kmgmt.c | 6 +
.../implementations/serializers/serializer_dh.c | 6 +
.../serializers/serializer_dh_param.c | 6 +
.../serializers/serializer_dh_priv.c | 6 +
.../serializers/serializer_dh_pub.c | 6 +
ssl/s3_lib.c | 6 +-
ssl/ssl_local.h | 2 +-
ssl/statem/extensions_srvr.c | 2 +-
ssl/statem/statem_clnt.c | 15 +-
test/build.info | 22 +-
test/dhtest.c | 6 +
test/ssltest_old.c | 6 +
util/libcrypto.num | 96 ++---
42 files changed, 560 insertions(+), 298 deletions(-)
diff --git a/CHANGES b/CHANGES
index 016743a83f..ee4d953f71 100644
--- a/CHANGES
+++ b/CHANGES
@@ -74,6 +74,29 @@
programs respectively.
[Paul Dale]
+ *) All of the low level DH functions have been deprecated including:
+
+ DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method,
+ DH_new_method, DH_bits, DH_size, DH_security_bits, DH_get_ex_new_index,
+ DH_set_ex_data, DH_get_ex_data, DH_generate_parameters_ex,
+ DH_check_params_ex, DH_check_ex, DH_check_pub_key_ex,
+ DH_check, DH_check_pub_key, DH_generate_key, DH_compute_key,
+ DH_compute_key_padded, DHparams_print_fp, DHparams_print, DH_get_nid,
+ DH_KDF_X9_42, DH_get0_engine, DH_get_length, DH_set_length, DH_meth_new,
+ DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name,
+ DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data,
+ DH_meth_set0_app_data, DH_meth_get_generate_key,
+ DH_meth_set_generate_key, DH_meth_get_compute_key,
+ DH_meth_set_compute_key, DH_meth_get_bn_mod_exp,
+ DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init,
+ DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params
+ and DH_meth_set_generate_params.
+
+ Use of these low level functions has been informally discouraged for a long
+ time. Instead applications should use L<EVP_PKEY_derive_init(3)>
+ and L<EVP_PKEY_derive(3)>.
+ [Paul Dale]
+
*) All of the low level DSA functions have been deprecated including:
DSA_do_sign, DSA_do_verify, DSA_OpenSSL, DSA_set_default_method,
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 48fd7f4af5..2e0e9b2407 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1434,7 +1434,20 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
case SSL_SECOP_OTHER_DH:
{
DH *dh = other;
- BIO_printf(sdb->out, "%d", DH_bits(dh));
+ EVP_PKEY *pkey = EVP_PKEY_new();
+ int fail = 1;
+
+ if (pkey != NULL) {
+ if (EVP_PKEY_set1_DH(pkey, dh)) {
+ BIO_printf(sdb->out, "%d", EVP_PKEY_bits(pkey));
+ fail = 0;
+ }
+
+ EVP_PKEY_free(pkey);
+ }
+ if (fail)
+ BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x",
+ op);
break;
}
#endif
diff --git a/apps/progs.pl b/apps/progs.pl
index 1d8c305713..03553efb23 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -92,7 +92,6 @@ EOF
my %cmd_disabler = (
ciphers => "sock",
- gendh => "dh",
pkcs12 => "des",
);
my %cmd_deprecated = (
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index bee414abf7..14c0842455 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/x509.h>
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index 829cc87464..940d119d3c 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 4832230f6c..85ef17b36f 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c
index 09403f6ad5..33689d8e1c 100644
--- a/crypto/dh/dh_depr.c
+++ b/crypto/dh/dh_depr.c
@@ -9,6 +9,12 @@
/* This file contains deprecated functions as wrappers to the new ones */
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DEPRECATED_0_9_8
NON_EMPTY_TRANSLATION_UNIT
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 89264e9fa8..8e2b773703 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -12,6 +12,12 @@
* dh_depr.c as wrappers to these ones. - Geoff
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index 6c057d1f1f..d2dd258248 100644
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -9,6 +9,12 @@
/* DH parameters from RFC7919 and RFC3526 */
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index 23bc8acb73..e054aaeff9 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "e_os.h"
#ifndef OPENSSL_NO_CMS
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 14d35466f1..5748be810f 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index e6fc3ef2c5..d7fe850f58 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <openssl/bn.h>
#include <openssl/engine.h>
diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c
index be04b76a44..74f1891c83 100644
--- a/crypto/dh/dh_meth.c
+++ b/crypto/dh/dh_meth.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "dh_local.h"
#include <string.h>
#include <openssl/err.h>
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 3b163bbe4e..5a83b483dd 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -8,7 +8,7 @@
*/
/*
- * DSA low level APIs are deprecated for public use, but still ok for
+ * DH & DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c
index d0e1ab3d06..28027a4a4f 100644
--- a/crypto/dh/dh_prn.c
+++ b/crypto/dh/dh_prn.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c
index 3bbfea12d3..c542afc1e9 100644
--- a/crypto/dh/dh_rfc5114.c
+++ b/crypto/dh/dh_rfc5114.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index f4bc49fe0f..49af63845e 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -8,6 +8,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <stdlib.h>
#include <openssl/engine.h>
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index babc91fef1..35fcc020b0 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -8,12 +8,20 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
#include <openssl/dh.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_derive_init(3)>
+and L<EVP_PKEY_derive(3)>.
+
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
DH_compute_key(), these are combined with the other party's public
@@ -40,8 +48,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
=head1 SEE ALSO
+L<EVP_PKEY_derive(3)>,
L<DH_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<DH_size(3)>
+=head1 HISTORY
+
+Both of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod
index 4908dcf515..a01b940795 100644
--- a/doc/man3/DH_generate_parameters.pod
+++ b/doc/man3/DH_generate_parameters.pod
@@ -12,6 +12,10 @@ parameters
#include <openssl/dh.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
int DH_check(DH *dh, int *codes);
@@ -30,6 +34,11 @@ L<openssl_user_macros(7)>:
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_check(3)>,
+L<EVP_PKEY_public_check(3)>, L<EVP_PKEY_private_check(3)> and
+L<EVP_PKEY_param_check(3)>.
+
DH_generate_parameters_ex() generates Diffie-Hellman parameters that can
be shared among a group of users, and stores them in the provided B<DH>
structure. The pseudo-random number generator must be
@@ -144,6 +153,8 @@ L<DH_free(3)>
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
DH_generate_parameters() was deprecated in OpenSSL 0.9.8; use
DH_generate_parameters_ex() instead.
diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod
index 4883b670a0..ab49a325f8 100644
--- a/doc/man3/DH_get0_pqg.pod
+++ b/doc/man3/DH_get0_pqg.pod
@@ -26,6 +26,11 @@ DH_get_length, DH_set_length - Routines for getting and setting data in a DH obj
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
void DH_set_flags(DH *dh, int flags);
+
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
ENGINE *DH_get0_engine(DH *d);
long DH_get_length(const DH *dh);
int DH_set_length(DH *dh, long length);
@@ -78,12 +83,13 @@ zero if none of the flags are set. DH_clear_flags() clears the specified flags
within the DH object.
DH_get0_engine() returns a handle to the ENGINE that has been set for this DH
-object, or NULL if no such ENGINE has been set.
+object, or NULL if no such ENGINE has been set. This function is deprecated.
The DH_get_length() and DH_set_length() functions get and set the optional
length parameter associated with this DH object. If the length is nonzero then
it is used, otherwise it is ignored. The B<length> parameter indicates the
-length of the secret exponent (private key) in bits.
+length of the secret exponent (private key) in bits. These functions are
+deprecated.
=head1 NOTES
@@ -114,6 +120,9 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_meth_new(3)>
=head1 HISTORY
+The DH_get0_engine(), DH_get_length() and DH_set_length() functions were
+deprecated in OpenSSL 3.0.
+
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/doc/man3/DH_meth_new.pod b/doc/man3/DH_meth_new.pod
index 652abaa61a..38c3bd3114 100644
--- a/doc/man3/DH_meth_new.pod
+++ b/doc/man3/DH_meth_new.pod
@@ -14,6 +14,10 @@ DH_meth_set_generate_params - Routines to build up DH methods
#include <openssl/dh.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
DH_METHOD *DH_meth_new(const char *name, int flags);
void DH_meth_free(DH_METHOD *dhm);
@@ -58,6 +62,9 @@ DH_meth_set_generate_params - Routines to build up DH methods
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use the provider APIs.
+
The B<DH_METHOD> type is a structure used for the provision of custom DH
implementations. It provides a set of functions used by OpenSSL for the
implementation of the various DH capabilities.
@@ -153,6 +160,8 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_get0_pqg(3)>
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/doc/man3/DH_new_by_nid.pod b/doc/man3/DH_new_by_nid.pod
index 5fd71ffb5a..3456b9d57e 100644
--- a/doc/man3/DH_new_by_nid.pod
+++ b/doc/man3/DH_new_by_nid.pod
@@ -8,6 +8,11 @@ DH_new_by_nid, DH_get_nid - get or find DH named parameters
#include <openssl/dh.h>
DH *DH_new_by_nid(int nid);
+
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int *DH_get_nid(DH *dh);
=head1 DESCRIPTION
@@ -18,10 +23,9 @@ B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>,
B<NID_modp_1536>, B<NID_modp_2048>, B<NID_modp_3072>,
B<NID_modp_4096>, B<NID_modp_6144> or B<NID_modp_8192>.
-
DH_get_nid() determines if the parameters contained in B<dh> match
any named set. It returns the NID corresponding to the matching parameters or
-B<NID_undef> if there is no match.
+B<NID_undef> if there is no match. This function is deprecated.
=head1 RETURN VALUES
@@ -30,6 +34,10 @@ DH_new_by_nid() returns a set of DH parameters or B<NULL> if an error occurred.
DH_get_nid() returns the NID of the matching set of parameters or
B<NID_undef> if there is no match.
+=head1 HISTORY
+
+The DH_get_nid() function was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/DH_set_method.pod b/doc/man3/DH_set_method.pod
index 8c7713de68..ae3d8fa8cd 100644
--- a/doc/man3/DH_set_method.pod
+++ b/doc/man3/DH_set_method.pod
@@ -9,6 +9,10 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
#include <openssl/dh.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
@@ -21,6 +25,9 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use the provider APIs.
+
A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
@@ -76,6 +83,10 @@ returns a pointer to the newly allocated structure.
L<DH_new(3)>, L<DH_new(3)>, L<DH_meth_new(3)>
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod
index 3161ef3ee3..8a206f0ac4 100644
--- a/doc/man3/DH_size.pod
+++ b/doc/man3/DH_size.pod
@@ -9,6 +9,10 @@ security bits
#include <openssl/dh.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int DH_size(const DH *dh);
int DH_bits(const DH *dh);
@@ -17,6 +21,10 @@ security bits
=head1 DESCRIPTION
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_bits(3)>,
+L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+
DH_size() returns the Diffie-Hellman prime size in bytes. It can be used
to determine how much memory must be allocated for the shared secret
computed by L<DH_compute_key(3)>.
@@ -38,11 +46,14 @@ DH_security_bits() returns the number of security bits.
=head1 SEE ALSO
+L<EVP_PKEY_bits(3)>,
L<DH_new(3)>, L<DH_generate_key(3)>,
L<BN_num_bits(3)>
=head1 HISTORY
+All of these functions were deprecated in OpenSSL 3.0.
+
The DH_bits() function was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/doc/man3/DSA_dup_DH.pod b/doc/man3/DSA_dup_DH.pod
index baaca6de2e..897d9a1e41 100644
--- a/doc/man3/DSA_dup_DH.pod
+++ b/doc/man3/DSA_dup_DH.pod
@@ -8,10 +8,18 @@ DSA_dup_DH - create a DH structure out of DSA structure
#include <openssl/dsa.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
DH *DSA_dup_DH(const DSA *r);
=head1 DESCRIPTION
+The function described on this page is deprecated. There is no direct
+replacement, applications should use the EVP_PKEY APIs for Diffie-Hellman
+operations.
+
DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
is lost during that conversion, but the resulting DH parameters
contain its length.
@@ -29,6 +37,10 @@ Be careful to avoid small subgroup attacks when using this.
L<DH_new(3)>, L<DSA_new(3)>, L<ERR_get_error(3)>
+=head1 HISTORY
+
+This function was deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 6ef6712e4d..0858bee91d 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -329,8 +329,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(ESS_CERT_ID_V2, d2i_ESS_CERT_ID_V2, i2d_ESS_CERT_ID_V2);
DO_TEST_NO_PRINT(ESS_SIGNING_CERT_V2, d2i_ESS_SIGNING_CERT_V2, i2d_ESS_SIGNING_CERT_V2);
#ifndef OPENSSL_NO_DH
- DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print);
- DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print);
+ DO_TEST_NO_PRINT(DH, d2i_DHparams, i2d_DHparams);
+ DO_TEST_NO_PRINT(DH, d2i_DHxparams, i2d_DHxparams);
#endif
#ifndef OPENSSL_NO_DSA
DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 67783bae7b..b26e94e8e9 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -19,34 +19,35 @@
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_DH
-# include <openssl/e_os2.h>
-# include <openssl/bio.h>
-# include <openssl/asn1.h>
-# include <openssl/types.h>
-# ifndef OPENSSL_NO_DEPRECATED_1_1_0
-# include <openssl/bn.h>
-# endif
-# include <openssl/dherr.h>
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/types.h>
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# include <openssl/bn.h>
+# endif
+# include <openssl/dherr.h>
-# ifdef __cplusplus
+# ifdef __cplusplus
extern "C" {
-# endif
+# endif
-# ifndef OPENSSL_DH_MAX_MODULUS_BITS
-# define OPENSSL_DH_MAX_MODULUS_BITS 10000
-# endif
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+# endif
-# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-# define DH_FLAG_CACHE_MONT_P 0x01
+# define DH_FLAG_CACHE_MONT_P 0x01
-# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
-# define DH_FLAG_NO_EXP_CONSTTIME 0x00
-# endif
+# define DH_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* If this flag is set the DH method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
@@ -54,7 +55,7 @@ extern "C" {
* result is compliant.
*/
-# define DH_FLAG_FIPS_METHOD 0x0400
+# define DH_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
@@ -62,7 +63,8 @@ extern "C" {
* usage is compliant.
*/
-# define DH_FLAG_NON_FIPS_ALLOW 0x0400
+# define DH_FLAG_NON_FIPS_ALLOW 0x0400
+# endif
/* Already defined in ossl_typ.h */
/* typedef struct dh_st DH; */
@@ -70,84 +72,90 @@ extern "C" {
DECLARE_ASN1_ITEM(DHparams)
-# define DH_GENERATOR_2 2
-# define DH_GENERATOR_3 3
-# define DH_GENERATOR_5 5
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define DH_GENERATOR_2 2
+# define DH_GENERATOR_3 3
+# define DH_GENERATOR_5 5
/* DH_check error codes */
/*
* NB: These values must align with the equivalently named macros in
* internal/ffc.h.
*/
-# define DH_CHECK_P_NOT_PRIME 0x01
-# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
-# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
-# define DH_NOT_SUITABLE_GENERATOR 0x08
-# define DH_CHECK_Q_NOT_PRIME 0x10
-# define DH_CHECK_INVALID_Q_VALUE 0x20
-# define DH_CHECK_INVALID_J_VALUE 0x40
-# define DH_MODULUS_TOO_SMALL 0x80
-# define DH_MODULUS_TOO_LARGE 0x100
+# define DH_CHECK_P_NOT_PRIME 0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
+# define DH_NOT_SUITABLE_GENERATOR 0x08
+# define DH_CHECK_Q_NOT_PRIME 0x10
+# define DH_CHECK_INVALID_Q_VALUE 0x20
+# define DH_CHECK_INVALID_J_VALUE 0x40
+# define DH_MODULUS_TOO_SMALL 0x80
+# define DH_MODULUS_TOO_LARGE 0x100
/* DH_check_pub_key error codes */
-# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
-# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
-# define DH_CHECK_PUBKEY_INVALID 0x04
+# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
+# define DH_CHECK_PUBKEY_INVALID 0x04
/*
* primes p where (p-1)/2 is prime too are called "safe"; we define this for
* backward compatibility:
*/
-# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
-# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */
-# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
-# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
-
-# define d2i_DHparams_fp(fp,x) \
- (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
- (char *(*)())d2i_DHparams, \
- (fp), \
- (unsigned char **)(x))
-# define i2d_DHparams_fp(fp,x) \
- ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
-# define d2i_DHparams_bio(bp,x) \
- ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
-# define i2d_DHparams_bio(bp,x) \
- ASN1_i2d_bio_of(DH,i2d_DHparams,bp,x)
-
-# define d2i_DHxparams_fp(fp,x) \
- (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
- (char *(*)())d2i_DHxparams, \
- (fp), \
- (unsigned char **)(x))
-# define i2d_DHxparams_fp(fp,x) \
- ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
-# define d2i_DHxparams_bio(bp,x) \
- ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
-# define i2d_DHxparams_bio(bp,x) \
- ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
+# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */
+# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
+# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
+
+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+
+# define d2i_DHparams_fp(fp, x) \
+ (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHparams, \
+ (fp), \
+ (unsigned char **)(x))
+# define i2d_DHparams_fp(fp, x) \
+ ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
+# define d2i_DHparams_bio(bp, x) \
+ ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
+# define i2d_DHparams_bio(bp, x) \
+ ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x)
+
+# define d2i_DHxparams_fp(fp,x) \
+ (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHxparams, \
+ (fp), \
+ (unsigned char **)(x))
+# define i2d_DHxparams_fp(fp, x) \
+ ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
+# define d2i_DHxparams_bio(bp, x) \
+ ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
+# define i2d_DHxparams_bio(bp, x) \
+ ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
+# endif
DECLARE_ASN1_DUP_FUNCTION_name(DH, DHparams)
-const DH_METHOD *DH_OpenSSL(void);
+DEPRECATEDIN_3_0(const DH_METHOD *DH_OpenSSL(void))
-void DH_set_default_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_method(void);
-int DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(ENGINE *engine);
+DEPRECATEDIN_3_0(void DH_set_default_method(const DH_METHOD *meth))
+DEPRECATEDIN_3_0(const DH_METHOD *DH_get_default_method(void))
+DEPRECATEDIN_3_0(int DH_set_method(DH *dh, const DH_METHOD *meth))
+DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine))
DH *DH_new(void);
void DH_free(DH *dh);
int DH_up_ref(DH *dh);
-int DH_bits(const DH *dh);
-int DH_size(const DH *dh);
-int DH_security_bits(const DH *dh);
-#define DH_get_ex_new_index(l, p, newf, dupf, freef) \
- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
-int DH_set_ex_data(DH *d, int idx, void *arg);
-void *DH_get_ex_data(DH *d, int idx);
+DEPRECATEDIN_3_0(int DH_bits(const DH *dh))
+DEPRECATEDIN_3_0(int DH_size(const DH *dh))
+DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define DH_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
+# endif
+DEPRECATEDIN_3_0(int DH_set_ex_data(DH *d, int idx, void *arg))
+DEPRECATEDIN_3_0(void *DH_get_ex_data(DH *d, int idx))
/* Deprecated version */
DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
@@ -156,24 +164,30 @@ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
void *cb_arg))
/* New version */
-int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
- BN_GENCB *cb);
+DEPRECATEDIN_3_0(int DH_generate_parameters_ex(DH *dh, int prime_len,
+ int generator, BN_GENCB *cb))
-int DH_check_params_ex(const DH *dh);
-int DH_check_ex(const DH *dh);
-int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+DEPRECATEDIN_3_0(int DH_check_params_ex(const DH *dh))
+DEPRECATEDIN_3_0(int DH_check_ex(const DH *dh))
+DEPRECATEDIN_3_0(int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key))
+/*
+ * TODO(3.0): deprecate DH_check_params once ssl/statem/statem_clnt.c is fixed.
+ */
int DH_check_params(const DH *dh, int *ret);
-int DH_check(const DH *dh, int *codes);
-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
-int DH_generate_key(DH *dh);
-int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DEPRECATEDIN_3_0(int DH_check(const DH *dh, int *codes))
+DEPRECATEDIN_3_0(int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
+ int *codes))
+DEPRECATEDIN_3_0(int DH_generate_key(DH *dh))
+DEPRECATEDIN_3_0(int DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh))
+DEPRECATEDIN_3_0(int DH_compute_key_padded(unsigned char *key,
+ const BIGNUM *pub_key, DH *dh))
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHparams)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHxparams)
-# ifndef OPENSSL_NO_STDIO
-int DHparams_print_fp(FILE *fp, const DH *x);
-# endif
-int DHparams_print(BIO *bp, const DH *x);
+# ifndef OPENSSL_NO_STDIO
+DEPRECATEDIN_3_0(int DHparams_print_fp(FILE *fp, const DH *x))
+# endif
+DEPRECATEDIN_3_0(int DHparams_print(BIO *bp, const DH *x))
/* RFC 5114 parameters */
DH *DH_get_1024_160(void);
@@ -181,16 +195,18 @@ DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void);
/* Named parameters, currently RFC7919 and RFC3526 */
+/* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */
DH *DH_new_by_nid(int nid);
-int DH_get_nid(DH *dh);
+DEPRECATEDIN_3_0(int DH_get_nid(DH *dh))
-# ifndef OPENSSL_NO_CMS
+# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */
-int DH_KDF_X9_42(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- ASN1_OBJECT *key_oid,
- const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
-# endif
+DEPRECATEDIN_3_0(int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ ASN1_OBJECT *key_oid,
+ const unsigned char *ukm,
+ size_t ukmlen, const EVP_MD *md))
+# endif
void DH_get0_pqg(const DH *dh,
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
@@ -206,145 +222,147 @@ const BIGNUM *DH_get0_pub_key(const DH *dh);
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
void DH_set_flags(DH *dh, int flags);
-ENGINE *DH_get0_engine(DH *d);
-long DH_get_length(const DH *dh);
-int DH_set_length(DH *dh, long length);
-
-DH_METHOD *DH_meth_new(const char *name, int flags);
-void DH_meth_free(DH_METHOD *dhm);
-DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
-const char *DH_meth_get0_name(const DH_METHOD *dhm);
-int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
-int DH_meth_get_flags(const DH_METHOD *dhm);
-int DH_meth_set_flags(DH_METHOD *dhm, int flags);
-void *DH_meth_get0_app_data(const DH_METHOD *dhm);
-int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
-int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
-int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
-int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
- (unsigned char *key, const BIGNUM *pub_key, DH *dh);
-int DH_meth_set_compute_key(DH_METHOD *dhm,
- int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
-int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
- (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
- BN_CTX *, BN_MONT_CTX *);
-int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
- int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
- const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
-int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
-int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
-int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
-int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
-int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
- (DH *, int, int, BN_GENCB *);
-int DH_meth_set_generate_params(DH_METHOD *dhm,
- int (*generate_params) (DH *, int, int, BN_GENCB *));
-
-
-# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+DEPRECATEDIN_3_0(ENGINE *DH_get0_engine(DH *d))
+DEPRECATEDIN_3_0(long DH_get_length(const DH *dh))
+DEPRECATEDIN_3_0(int DH_set_length(DH *dh, long length))
+
+DEPRECATEDIN_3_0(DH_METHOD *DH_meth_new(const char *name, int flags))
+DEPRECATEDIN_3_0(void DH_meth_free(DH_METHOD *dhm))
+DEPRECATEDIN_3_0(DH_METHOD *DH_meth_dup(const DH_METHOD *dhm))
+DEPRECATEDIN_3_0(const char *DH_meth_get0_name(const DH_METHOD *dhm))
+DEPRECATEDIN_3_0(int DH_meth_set1_name(DH_METHOD *dhm, const char *name))
+DEPRECATEDIN_3_0(int DH_meth_get_flags(const DH_METHOD *dhm))
+DEPRECATEDIN_3_0(int DH_meth_set_flags(DH_METHOD *dhm, int flags))
+DEPRECATEDIN_3_0(void *DH_meth_get0_app_data(const DH_METHOD *dhm))
+DEPRECATEDIN_3_0(int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data))
+DEPRECATEDIN_3_0(int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *))
+DEPRECATEDIN_3_0(int DH_meth_set_generate_key(DH_METHOD *dhm,
+ int (*generate_key) (DH *)))
+DEPRECATEDIN_3_0(int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+ (unsigned char *key,
+ const BIGNUM *pub_key, DH *dh))
+DEPRECATEDIN_3_0(int DH_meth_set_compute_key(DH_METHOD *dhm,
+ int (*compute_key)
+ (unsigned char *key,
+ const BIGNUM *pub_key,
+ DH *dh)))
+DEPRECATEDIN_3_0(int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+ (const DH *, BIGNUM *,
+ const BIGNUM *,
+ const BIGNUM *,
+ const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *))
+DEPRECATEDIN_3_0(int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+ int (*bn_mod_exp)
+ (const DH *, BIGNUM *,
+ const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *)))
+DEPRECATEDIN_3_0(int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *))
+DEPRECATEDIN_3_0(int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)))
+DEPRECATEDIN_3_0(int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *))
+DEPRECATEDIN_3_0(int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)))
+DEPRECATEDIN_3_0(int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+ (DH *, int, int,
+ BN_GENCB *))
+DEPRECATEDIN_3_0(int DH_meth_set_generate_params(DH_METHOD *dhm,
+ int (*generate_params)
+ (DH *, int, int,
+ BN_GENCB *)))
+
+# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
-# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+ EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
-# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+ EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
-# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
-# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
+# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_DH_NID, nid, NULL)
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
-# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
-
-# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
-
-# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid))
-
-# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid))
-
-# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md))
-
-# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd))
-
-# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
-
-# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen))
-
-# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p))
-
-# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p))
-
-# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
-# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
-# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
-# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
-# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
-# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
-# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
-# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
-# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
-# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
-# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
-# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
-# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
-# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
-# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15)
-# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16)
+# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid))
+
+# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd))
+
+# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen))
+
+# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p))
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16)
/* KDF types */
-# define EVP_PKEY_DH_KDF_NONE 1
-# ifndef OPENSSL_NO_CMS
-# define EVP_PKEY_DH_KDF_X9_42 2
-# endif
-
+# define EVP_PKEY_DH_KDF_NONE 1
+# ifndef OPENSSL_NO_CMS
+# define EVP_PKEY_DH_KDF_X9_42 2
+# endif
# ifdef __cplusplus
}
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 5fe87bee1a..ac4d221b2d 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -178,10 +178,8 @@ DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off))
/*
* Convert DSA structure (key or just parameters) into DH structure (be
* careful to avoid small subgroup attacks when using this!)
- *
- * TODO(3.0): figure out how to remove this monstrosity
*/
-DH *DSA_dup_DH(const DSA *r);
+DEPRECATEDIN_3_0(DH *DSA_dup_DH(const DSA *r))
# endif
# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c
index 418896e46d..5e71ef4ff0 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/crypto.h>
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 0063324f48..f4f04eeab8 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/bn.h>
diff --git a/providers/implementations/serializers/serializer_dh.c b/providers/implementations/serializers/serializer_dh.c
index da74e221ef..31ba175dd7 100644
--- a/providers/implementations/serializers/serializer_dh.c
+++ b/providers/implementations/serializers/serializer_dh.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/dh.h>
#include <openssl/err.h>
#include "prov/bio.h" /* ossl_prov_bio_printf() */
diff --git a/providers/implementations/serializers/serializer_dh_param.c b/providers/implementations/serializers/serializer_dh_param.c
index b445a25220..5eb8ffa16c 100644
--- a/providers/implementations/serializers/serializer_dh_param.c
+++ b/providers/implementations/serializers/serializer_dh_param.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/pem.h>
#include <openssl/dh.h>
diff --git a/providers/implementations/serializers/serializer_dh_priv.c b/providers/implementations/serializers/serializer_dh_priv.c
index c22f5341b7..6facbeefa7 100644
--- a/providers/implementations/serializers/serializer_dh_priv.c
+++ b/providers/implementations/serializers/serializer_dh_priv.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
diff --git a/providers/implementations/serializers/serializer_dh_pub.c b/providers/implementations/serializers/serializer_dh_pub.c
index 9e8d46f252..57da48c705 100644
--- a/providers/implementations/serializers/serializer_dh_pub.c
+++ b/providers/implementations/serializers/serializer_dh_pub.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/err.h>
#include <openssl/pem.h>
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 706290be9b..51f8a0f63d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4752,7 +4752,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
|| (dh = DH_new_by_nid(ginf->nid)) == NULL
|| !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
+ ERR_R_EVP_LIB);
DH_free(dh);
EVP_PKEY_free(pkey);
pkey = NULL;
@@ -4760,7 +4760,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
}
if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
+ ERR_R_EVP_LIB);
EVP_PKEY_free(pkey);
pkey = NULL;
goto err;
@@ -4796,7 +4796,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
/*
* Generate parameters from a group ID
*/
-EVP_PKEY *ssl_generate_param_group(uint16_t id)
+EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 31c01328ce..d9092161ff 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2605,7 +2605,7 @@ __owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
const char *str);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int version);
-__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
+__owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id);
# ifndef OPENSSL_NO_EC
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
size_t *num_formats);
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 36201c68e4..9649420012 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -705,7 +705,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
continue;
}
- if ((s->s3.peer_tmp = ssl_generate_param_group(group_id)) == NULL) {
+ if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ba2fe0802d..99459a8c6a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2147,18 +2147,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
}
bnpub_key = NULL;
- if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
- SSL_R_DH_KEY_TOO_SMALL);
- goto err;
- }
-
if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
ERR_R_EVP_LIB);
goto err;
}
+ if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
+ 0, dh)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
+ SSL_R_DH_KEY_TOO_SMALL);
+ goto err;
+ }
+
s->s3.peer_tmp = peer_tmp;
/*
@@ -2213,7 +2214,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
return 0;
}
- if ((s->s3.peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
+ if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;
diff --git a/test/build.info b/test/build.info
index 84229bdd2d..5965616d80 100644
--- a/test/build.info
+++ b/test/build.info
@@ -34,8 +34,7 @@ IF[{- !$disabled{tests} -}]
sanitytest rsa_complex exdatatest bntest \
ectest ecstresstest gmdifftest pbelutest \
destest mdc2test \
- dhtest enginetest \
- ssltest_old exptest \
+ enginetest exptest \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@@ -109,18 +108,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[mdc2test]=../include ../apps/include
DEPEND[mdc2test]=../libcrypto libtestutil.a
- SOURCE[dhtest]=dhtest.c
- INCLUDE[dhtest]=../include ../apps/include
- DEPEND[dhtest]=../libcrypto libtestutil.a
-
SOURCE[enginetest]=enginetest.c
INCLUDE[enginetest]=../include ../apps/include
DEPEND[enginetest]=../libcrypto libtestutil.a
- SOURCE[ssltest_old]=ssltest_old.c
- INCLUDE[ssltest_old]=.. ../include ../apps/include
- DEPEND[ssltest_old]=../libcrypto ../libssl
-
SOURCE[exptest]=exptest.c
INCLUDE[exptest]=../include ../apps/include
DEPEND[exptest]=../libcrypto libtestutil.a
@@ -490,7 +481,8 @@ IF[{- !$disabled{tests} -}]
rdrand_sanitytest property_test ideatest rsa_mp_test \
rsa_sp800_56b_test bn_internal_test ecdsatest rsa_test \
rc2test rc4test rc5test hmactest ffc_internal_test \
- asn1_dsa_internal_test dsatest dsa_no_digest_size_test
+ asn1_dsa_internal_test dsatest dsa_no_digest_size_test \
+ dhtest ssltest_old
IF[{- !$disabled{poly1305} -}]
PROGRAMS{noinst}=poly1305_internal_test
@@ -575,6 +567,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[sparse_array_test]=../crypto/include ../include ../apps/include
DEPEND[sparse_array_test]=../libcrypto.a libtestutil.a
+ SOURCE[dhtest]=dhtest.c
+ INCLUDE[dhtest]=../include ../apps/include
+ DEPEND[dhtest]=../libcrypto.a libtestutil.a
+
SOURCE[hmactest]=hmactest.c
INCLUDE[hmactest]=../include ../apps/include
DEPEND[hmactest]=../libcrypto.a libtestutil.a
@@ -650,6 +646,10 @@ IF[{- !$disabled{tests} -}]
SOURCE[mdc2_internal_test]=mdc2_internal_test.c
INCLUDE[mdc2_internal_test]=.. ../include ../apps/include
DEPEND[mdc2_internal_test]=../libcrypto.a libtestutil.a
+
+ SOURCE[ssltest_old]=ssltest_old.c
+ INCLUDE[ssltest_old]=.. ../include ../apps/include
+ DEPEND[ssltest_old]=../libcrypto.a ../libssl.a
ENDIF
PROGRAMS{noinst}=asn1_time_test
diff --git a/test/dhtest.c b/test/dhtest.c
index a357d0262f..b3e2e2fdcb 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 0c0aa6046a..d2c764c1ae 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -9,6 +9,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "e_os.h"
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
diff --git a/util/libcrypto.num b/util/libcrypto.num
index cf98794b5a..48a356dfaf 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -100,7 +100,7 @@ DSAparams_print 101 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
BF_set_key 102 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
d2i_DHparams 103 3_0_0 EXIST::FUNCTION:DH
i2d_PKCS7_ENC_CONTENT 104 3_0_0 EXIST::FUNCTION:
-DH_generate_key 105 3_0_0 EXIST::FUNCTION:DH
+DH_generate_key 105 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ENGINE_add_conf_module 106 3_0_0 EXIST::FUNCTION:ENGINE
BIO_new_socket 107 3_0_0 EXIST::FUNCTION:SOCK
ASN1_OBJECT_free 108 3_0_0 EXIST::FUNCTION:
@@ -445,7 +445,7 @@ X509_get_serialNumber 453 3_0_0 EXIST::FUNCTION:
BIO_sock_should_retry 454 3_0_0 EXIST::FUNCTION:SOCK
ENGINE_get_digests 455 3_0_0 EXIST::FUNCTION:ENGINE
TS_MSG_IMPRINT_get_algo 456 3_0_0 EXIST::FUNCTION:TS
-DH_new_method 457 3_0_0 EXIST::FUNCTION:DH
+DH_new_method 457 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BF_ecb_encrypt 458 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
PEM_write_bio_DHparams 459 3_0_0 EXIST::FUNCTION:DH
EVP_DigestFinal 460 3_0_0 EXIST::FUNCTION:
@@ -563,7 +563,7 @@ a2i_ASN1_STRING 575 3_0_0 EXIST::FUNCTION:
EC_GROUP_get_mont_data 576 3_0_0 EXIST::FUNCTION:EC
CMAC_CTX_copy 577 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
EVP_camellia_128_cfb128 579 3_0_0 EXIST::FUNCTION:CAMELLIA
-DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DH
+DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:
ESS_ISSUER_SERIAL_dup 582 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_exp_arr 583 3_0_0 EXIST::FUNCTION:EC2M
@@ -617,7 +617,7 @@ X509_REQ_dup 631 3_0_0 EXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DSA,STDIO
OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION:SOCK
d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO
-DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DH
+DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:DH
X509_REVOKED_it 638 3_0_0 EXIST::FUNCTION:
CRYPTO_THREAD_write_lock 639 3_0_0 EXIST::FUNCTION:
@@ -672,13 +672,13 @@ CTLOG_get0_log_id 688 3_0_0 EXIST::FUNCTION:CT
CMS_RecipientInfo_ktri_get0_signer_id 689 3_0_0 EXIST::FUNCTION:CMS
OCSP_REQUEST_add1_ext_i2d 690 3_0_0 EXIST::FUNCTION:OCSP
EVP_PBE_CipherInit 691 3_0_0 EXIST::FUNCTION:
-DSA_dup_DH 692 3_0_0 EXIST::FUNCTION:DH,DSA
+DSA_dup_DH 692 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,DSA
CONF_imodule_get_value 693 3_0_0 EXIST::FUNCTION:
OCSP_id_issuer_cmp 694 3_0_0 EXIST::FUNCTION:OCSP
ASN1_INTEGER_free 695 3_0_0 EXIST::FUNCTION:
BN_get0_nist_prime_224 696 3_0_0 EXIST::FUNCTION:
OPENSSL_isservice 697 3_0_0 EXIST::FUNCTION:
-DH_compute_key 698 3_0_0 EXIST::FUNCTION:DH
+DH_compute_key 698 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
TS_RESP_CTX_set_signer_key 699 3_0_0 EXIST::FUNCTION:TS
i2d_DSAPrivateKey_bio 700 3_0_0 EXIST::FUNCTION:DSA
ASN1_item_d2i 702 3_0_0 EXIST::FUNCTION:
@@ -718,7 +718,7 @@ OCSP_REQUEST_get1_ext_d2i 736 3_0_0 EXIST::FUNCTION:OCSP
CMS_unsigned_add1_attr_by_NID 737 3_0_0 EXIST::FUNCTION:CMS
BN_mod_exp_mont 738 3_0_0 EXIST::FUNCTION:
d2i_DHxparams 739 3_0_0 EXIST::FUNCTION:DH
-DH_size 740 3_0_0 EXIST::FUNCTION:DH
+DH_size 740 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CONF_imodule_get_name 741 3_0_0 EXIST::FUNCTION:
ENGINE_get_pkey_meth_engine 742 3_0_0 EXIST::FUNCTION:ENGINE
OCSP_BASICRESP_free 743 3_0_0 EXIST::FUNCTION:OCSP
@@ -965,7 +965,7 @@ ERR_load_TS_strings 989 3_0_0 EXIST::FUNCTION:TS
BN_nist_mod_func 990 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_new 991 3_0_0 EXIST::FUNCTION:OCSP
DSA_SIG_new 992 3_0_0 EXIST::FUNCTION:DSA
-DH_get_default_method 993 3_0_0 EXIST::FUNCTION:DH
+DH_get_default_method 993 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
PEM_proc_type 994 3_0_0 EXIST::FUNCTION:
BIO_printf 995 3_0_0 EXIST::FUNCTION:
a2i_IPADDRESS 996 3_0_0 EXIST::FUNCTION:
@@ -1337,7 +1337,7 @@ X509_get_default_cert_file_env 1366 3_0_0 EXIST::FUNCTION:
X509v3_addr_validate_resource_set 1367 3_0_0 EXIST::FUNCTION:RFC3779
d2i_X509_VAL 1368 3_0_0 EXIST::FUNCTION:
CRYPTO_gcm128_decrypt_ctr32 1370 3_0_0 EXIST::FUNCTION:
-DHparams_print 1371 3_0_0 EXIST::FUNCTION:DH
+DHparams_print 1371 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
OPENSSL_sk_unshift 1372 3_0_0 EXIST::FUNCTION:
BN_GENCB_set_old 1373 3_0_0 EXIST::FUNCTION:
PEM_write_bio_X509 1374 3_0_0 EXIST::FUNCTION:
@@ -1716,7 +1716,7 @@ i2d_NETSCAPE_SPKI 1754 3_0_0 EXIST::FUNCTION:
ASYNC_init_thread 1755 3_0_0 EXIST::FUNCTION:
OCSP_BASICRESP_get_ext_by_OBJ 1756 3_0_0 EXIST::FUNCTION:OCSP
X509_reject_clear 1757 3_0_0 EXIST::FUNCTION:
-DH_security_bits 1758 3_0_0 EXIST::FUNCTION:DH
+DH_security_bits 1758 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
LONG_it 1759 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ASN1_dup 1760 3_0_0 EXIST::FUNCTION:
TS_RESP_new 1761 3_0_0 EXIST::FUNCTION:TS
@@ -2018,7 +2018,7 @@ EVP_MD_CTX_clear_flags 2064 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_verifyctx 2065 3_0_0 EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_get0_cert 2066 3_0_0 EXIST::FUNCTION:CT
PEM_write_DHparams 2067 3_0_0 EXIST::FUNCTION:DH,STDIO
-DH_set_ex_data 2068 3_0_0 EXIST::FUNCTION:DH
+DH_set_ex_data 2068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
OCSP_SIGNATURE_free 2069 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_128_unwrap_pad 2070 3_0_0 EXIST::FUNCTION:
BIO_new_CMS 2071 3_0_0 EXIST::FUNCTION:CMS
@@ -2061,7 +2061,7 @@ OCSP_ONEREQ_add1_ext_i2d 2107 3_0_0 EXIST::FUNCTION:OCSP
ENGINE_register_pkey_meths 2108 3_0_0 EXIST::FUNCTION:ENGINE
ENGINE_load_public_key 2109 3_0_0 EXIST::FUNCTION:ENGINE
ASIdOrRange_it 2110 3_0_0 EXIST::FUNCTION:RFC3779
-DHparams_print_fp 2111 3_0_0 EXIST::FUNCTION:DH,STDIO
+DHparams_print_fp 2111 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
ERR_load_CRYPTO_strings 2112 3_0_0 EXIST:!VMS:FUNCTION:
ERR_load_CRYPTOlib_strings 2112 3_0_0 EXIST:VMS:FUNCTION:
X509_REQ_set_version 2113 3_0_0 EXIST::FUNCTION:
@@ -2289,7 +2289,7 @@ OPENSSL_sk_zero 2337 3_0_0 EXIST::FUNCTION:
ASN1_PRINTABLE_type 2338 3_0_0 EXIST::FUNCTION:
TS_CONF_set_ess_cert_id_chain 2339 3_0_0 EXIST::FUNCTION:TS
PEM_read_DSAPrivateKey 2340 3_0_0 EXIST::FUNCTION:DSA,STDIO
-DH_generate_parameters_ex 2341 3_0_0 EXIST::FUNCTION:DH
+DH_generate_parameters_ex 2341 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
UI_dup_input_string 2342 3_0_0 EXIST::FUNCTION:
X509_keyid_set1 2343 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1 2344 3_0_0 EXIST::FUNCTION:
@@ -2315,7 +2315,7 @@ OTHERNAME_it 2363 3_0_0 EXIST::FUNCTION:
X509at_add1_attr_by_txt 2364 3_0_0 EXIST::FUNCTION:
PKCS7_SIGN_ENVELOPE_free 2365 3_0_0 EXIST::FUNCTION:
BIO_dgram_is_sctp 2366 3_0_0 EXIST::FUNCTION:DGRAM,SCTP
-DH_check 2367 3_0_0 EXIST::FUNCTION:DH
+DH_check 2367 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
Camellia_set_key 2368 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
X509_LOOKUP_by_issuer_serial 2369 3_0_0 EXIST::FUNCTION:
ASN1_BMPSTRING_free 2370 3_0_0 EXIST::FUNCTION:
@@ -2545,7 +2545,7 @@ MD4_Update 2598 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
X509_STORE_CTX_set_time 2599 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_DH 2600 3_0_0 EXIST::FUNCTION:ENGINE
X509_ocspid_print 2601 3_0_0 EXIST::FUNCTION:
-DH_set_method 2602 3_0_0 EXIST::FUNCTION:DH
+DH_set_method 2602 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
EVP_rc2_64_cbc 2603 3_0_0 EXIST::FUNCTION:RC2
CRYPTO_THREAD_get_current_id 2604 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_cb 2605 3_0_0 EXIST::FUNCTION:
@@ -2841,7 +2841,7 @@ i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO
X509_REQ_print 2903 3_0_0 EXIST::FUNCTION:
RSA_size 2904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION:
-DH_set_default_method 2906 3_0_0 EXIST::FUNCTION:DH
+DH_set_default_method 2906 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
X509_ALGOR_new 2907 3_0_0 EXIST::FUNCTION:
EVP_aes_192_ofb 2908 3_0_0 EXIST::FUNCTION:
EVP_des_ede3_cfb1 2909 3_0_0 EXIST::FUNCTION:DES
@@ -2911,7 +2911,7 @@ TS_REQ_get_cert_req 2973 3_0_0 EXIST::FUNCTION:TS
BIO_pop 2974 3_0_0 EXIST::FUNCTION:
SHA256_Final 2975 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_DH 2976 3_0_0 EXIST::FUNCTION:DH
-DH_get_ex_data 2977 3_0_0 EXIST::FUNCTION:DH
+DH_get_ex_data 2977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CRYPTO_secure_malloc 2978 3_0_0 EXIST::FUNCTION:
TS_RESP_get_status_info 2979 3_0_0 EXIST::FUNCTION:TS
HMAC_CTX_new 2980 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -2939,7 +2939,7 @@ TS_RESP_CTX_set_status_info 3001 3_0_0 EXIST::FUNCTION:TS
BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION:
SEED_ofb128_encrypt 3003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:RSA
-DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:CMS,DH
+DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:CMS,DEPRECATEDIN_3_0,DH
EVP_PKEY_meth_set_signctx 3006 3_0_0 EXIST::FUNCTION:
X509_CRL_get_version 3007 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get0_info 3008 3_0_0 EXIST::FUNCTION:
@@ -3163,7 +3163,7 @@ ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION:
BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION:
i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO
ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:ENGINE
-DH_bits 3232 3_0_0 EXIST::FUNCTION:DH
+DH_bits 3232 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION:
EVP_camellia_192_cfb1 3234 3_0_0 EXIST::FUNCTION:CAMELLIA
TS_RESP_CTX_add_failure_info 3235 3_0_0 EXIST::FUNCTION:TS
@@ -3343,7 +3343,7 @@ BUF_MEM_new_ex 3412 3_0_0 EXIST::FUNCTION:
RSA_padding_add_X931 3413 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
BN_get0_nist_prime_256 3414 3_0_0 EXIST::FUNCTION:
CRYPTO_memcmp 3415 3_0_0 EXIST::FUNCTION:
-DH_check_pub_key 3416 3_0_0 EXIST::FUNCTION:DH
+DH_check_pub_key 3416 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ASN1_mbstring_copy 3417 3_0_0 EXIST::FUNCTION:
PKCS7_set_type 3418 3_0_0 EXIST::FUNCTION:
BIO_gets 3419 3_0_0 EXIST::FUNCTION:
@@ -3951,33 +3951,33 @@ RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:RSA
DH_set0_pqg 4039 3_0_0 EXIST::FUNCTION:DH
DH_clear_flags 4041 3_0_0 EXIST::FUNCTION:DH
DH_get0_key 4042 3_0_0 EXIST::FUNCTION:DH
-DH_get0_engine 4043 3_0_0 EXIST::FUNCTION:DH
+DH_get0_engine 4043 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_set0_key 4044 3_0_0 EXIST::FUNCTION:DH
-DH_set_length 4045 3_0_0 EXIST::FUNCTION:DH
+DH_set_length 4045 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_test_flags 4046 3_0_0 EXIST::FUNCTION:DH
-DH_get_length 4047 3_0_0 EXIST::FUNCTION:DH
+DH_get_length 4047 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_get0_pqg 4048 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get_compute_key 4049 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set1_name 4050 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set_init 4051 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get_finish 4052 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get0_name 4053 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set_generate_params 4054 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set_compute_key 4055 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set_flags 4056 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get_generate_params 4057 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get_flags 4058 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set_finish 4059 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get0_app_data 4060 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set0_app_data 4061 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get_init 4062 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get_bn_mod_exp 4063 3_0_0 EXIST::FUNCTION:DH
-DH_meth_new 4064 3_0_0 EXIST::FUNCTION:DH
-DH_meth_dup 4065 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set_bn_mod_exp 4066 3_0_0 EXIST::FUNCTION:DH
-DH_meth_set_generate_key 4067 3_0_0 EXIST::FUNCTION:DH
-DH_meth_free 4068 3_0_0 EXIST::FUNCTION:DH
-DH_meth_get_generate_key 4069 3_0_0 EXIST::FUNCTION:DH
+DH_meth_get_compute_key 4049 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set1_name 4050 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set_init 4051 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_get_finish 4052 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_get0_name 4053 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set_generate_params 4054 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set_compute_key 4055 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set_flags 4056 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_get_generate_params 4057 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_get_flags 4058 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set_finish 4059 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_get0_app_data 4060 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set0_app_data 4061 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_get_init 4062 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_get_bn_mod_exp 4063 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_new 4064 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_dup 4065 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set_bn_mod_exp 4066 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_set_generate_key 4067 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_free 4068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_meth_get_generate_key 4069 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_set_flags 4070 3_0_0 EXIST::FUNCTION:DH
X509_STORE_CTX_get_obj_by_subject 4071 3_0_0 EXIST::FUNCTION:
X509_OBJECT_free 4072 3_0_0 EXIST::FUNCTION:
@@ -4250,7 +4250,7 @@ EVP_PKEY_meth_remove 4343 3_0_0 EXIST::FUNCTION:
OPENSSL_sk_reserve 4344 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_engine 4347 3_0_0 EXIST::FUNCTION:ENGINE
DH_new_by_nid 4348 3_0_0 EXIST::FUNCTION:DH
-DH_get_nid 4349 3_0_0 EXIST::FUNCTION:DH
+DH_get_nid 4349 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CRYPTO_get_alloc_counts 4350 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG
OPENSSL_sk_new_reserve 4351 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_check 4352 3_0_0 EXIST::FUNCTION:
@@ -4270,9 +4270,9 @@ EVP_PKEY_meth_get_public_check 4365 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_param_check 4366 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_public_check 4367 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_param_check 4368 3_0_0 EXIST::FUNCTION:
-DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DH
-DH_check_pub_key_ex 4370 3_0_0 EXIST::FUNCTION:DH
-DH_check_params_ex 4371 3_0_0 EXIST::FUNCTION:DH
+DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_check_pub_key_ex 4370 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_check_params_ex 4371 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
RSA_generate_multi_prime_key 4372 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_get_multi_prime_extra_count 4373 3_0_0 EXIST::FUNCTION:RSA
OCSP_resp_get0_signer 4374 3_0_0 EXIST::FUNCTION:OCSP
More information about the openssl-commits
mailing list