[openssl] master update
Richard Levitte
levitte at openssl.org
Wed Nov 18 22:39:34 UTC 2020
The branch master has been updated
via d7e498ac55f12bc2f4e7f948cbb8de2e3eeafc74 (commit)
from b24d6c335d3beb431f8f9847623d4db39ae1f96b (commit)
- Log -----------------------------------------------------------------
commit d7e498ac55f12bc2f4e7f948cbb8de2e3eeafc74
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Oct 4 16:34:31 2020 +0200
Deprecate RSA harder
This deprecates all functions that deal with the types RSA and RSA_METHOD
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13096)
-----------------------------------------------------------------------
Summary of changes:
apps/genrsa.c | 11 +-
apps/req.c | 9 +-
apps/rsa.c | 144 ++++---
apps/rsautl.c | 62 +--
apps/x509.c | 9 +-
crypto/asn1/asn1_item_list.c | 3 +
crypto/asn1/asn1_item_list.h | 2 +
crypto/asn1/i2d_evp.c | 8 +-
crypto/evp/build.info | 2 +-
crypto/evp/p_dec.c | 7 +-
crypto/evp/p_enc.c | 7 +-
crypto/evp/p_legacy.c | 51 +++
crypto/evp/p_lib.c | 31 --
crypto/pem/pem_all.c | 8 +-
crypto/pem/pem_local.h | 3 +
crypto/rsa/rsa_backend.c | 6 +
crypto/rsa/rsa_local.h | 1 -
doc/man3/d2i_RSAPrivateKey.pod | 242 +++++++++++
doc/man3/d2i_X509.pod | 31 +-
fuzz/asn1.c | 6 +-
fuzz/server.c | 9 +
include/crypto/rsa.h | 1 +
include/{internal/asn1.h => crypto/types.h} | 9 +-
include/openssl/evp.h | 15 +-
include/openssl/pem.h | 10 +-
include/openssl/rsa.h | 576 ++++++++++++++------------
include/openssl/ssl.h.in | 24 +-
include/openssl/types.h | 3 +
include/openssl/x509.h.in | 38 +-
providers/common/der/der_rsa_key.c | 6 +
providers/common/include/prov/securitycheck.h | 2 +
ssl/build.info | 2 +-
ssl/ssl_local.h | 1 -
ssl/ssl_rsa.c | 171 --------
ssl/ssl_rsa_legacy.c | 180 ++++++++
ssl/statem/statem_clnt.c | 3 +-
ssl/statem/statem_lib.c | 1 +
ssl/statem/statem_srvr.c | 1 +
test/endecoder_legacy_test.c | 6 +
test/evp_extra_test.c | 73 ++--
test/keymgmt_internal_test.c | 6 +
test/rsa_sp800_56b_test.c | 7 +
util/libcrypto.num | 132 +++---
util/libssl.num | 12 +-
44 files changed, 1171 insertions(+), 760 deletions(-)
create mode 100644 crypto/evp/p_legacy.c
create mode 100644 doc/man3/d2i_RSAPrivateKey.pod
copy include/{internal/asn1.h => crypto/types.h} (67%)
create mode 100644 ssl/ssl_rsa_legacy.c
diff --git a/apps/genrsa.c b/apps/genrsa.c
index f471814e08..32f088238d 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -79,9 +79,7 @@ int genrsa_main(int argc, char **argv)
BN_GENCB *cb = BN_GENCB_new();
ENGINE *eng = NULL;
BIGNUM *bn = BN_new();
- RSA *rsa;
BIO *out = NULL;
- const BIGNUM *e;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
const EVP_CIPHER *enc = NULL;
@@ -205,9 +203,11 @@ opthelp:
}
if (verbose) {
- if ((rsa = EVP_PKEY_get0_RSA(pkey)) != NULL) {
- RSA_get0_key(rsa, NULL, &e, NULL);
- } else {
+ BIGNUM *e = NULL;
+
+ /* Every RSA key has an 'e' */
+ EVP_PKEY_get_bn_param(pkey, "e", &e);
+ if (e == NULL) {
BIO_printf(bio_err, "Error cannot access RSA e\n");
goto end;
}
@@ -218,6 +218,7 @@ opthelp:
}
OPENSSL_free(hexe);
OPENSSL_free(dece);
+ BN_free(e);
}
if (traditional) {
if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0,
diff --git a/apps/req.c b/apps/req.c
index 9fa3429baf..41a78593b0 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -939,10 +939,13 @@ int req_main(int argc, char **argv)
}
fprintf(stdout, "Modulus=");
#ifndef OPENSSL_NO_RSA
- if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) {
- const BIGNUM *n;
- RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL);
+ if (EVP_PKEY_is_a(tpubkey, "RSA")) {
+ BIGNUM *n;
+
+ /* Every RSA key has an 'n' */
+ EVP_PKEY_get_bn_param(pkey, "n", &n);
BN_print(out, n);
+ BN_free(n);
} else
#endif
fprintf(stdout, "Wrong Algorithm type");
diff --git a/apps/rsa.c b/apps/rsa.c
index 558b126560..da1342b4c0 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -22,6 +22,13 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
+#include <openssl/encoder.h>
+
+/*
+ * TODO: This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit
+ * much just for those macros... they might serve better as EVP macros.
+ */
+#include <openssl/core_dispatch.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -62,12 +69,10 @@ const OPTIONS rsa_options[] = {
{"traditional", OPT_TRADITIONAL, '-',
"Use traditional format for private keys"},
-#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
OPT_SECTION("PVK"),
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
-#endif
OPT_PROV_OPTIONS,
{NULL}
@@ -77,20 +82,21 @@ int rsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL;
- RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx;
const EVP_CIPHER *enc = NULL;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
- int i, private = 0;
+ int private = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
-#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
int pvk_encr = 2;
-#endif
OPTION_CHOICE o;
int traditional = 0;
+ const char *output_type = NULL;
+ const char *output_structure = NULL;
+ int selection = 0;
+ OSSL_ENCODER_CTX *ectx = NULL;
prog = opt_init(argc, argv, rsa_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -142,9 +148,7 @@ int rsa_main(int argc, char **argv)
case OPT_PVK_STRONG: /* pvk_encr:= 2 */
case OPT_PVK_WEAK: /* pvk_encr:= 1 */
case OPT_PVK_NONE: /* pvk_encr:= 0 */
-#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
pvk_encr = (o - OPT_PVK_NONE);
-#endif
break;
case OPT_NOOUT:
noout = 1;
@@ -203,13 +207,14 @@ int rsa_main(int argc, char **argv)
pkey = load_key(infile, informat, 1, passin, e, "private key");
}
- if (pkey != NULL)
- rsa = EVP_PKEY_get1_RSA(pkey);
-
- if (rsa == NULL) {
+ if (pkey == NULL) {
ERR_print_errors(bio_err);
goto end;
}
+ if (!EVP_PKEY_is_a(pkey, "RSA")) {
+ BIO_printf(bio_err, "Not an RSA key\n");
+ goto end;
+ }
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
@@ -226,11 +231,14 @@ int rsa_main(int argc, char **argv)
}
if (modulus) {
- const BIGNUM *n;
- RSA_get0_key(rsa, &n, NULL, NULL);
+ BIGNUM *n = NULL;
+
+ /* Every RSA key has an 'n' */
+ EVP_PKEY_get_bn_param(pkey, "n", &n);
BIO_printf(out, "Modulus=");
BN_print(out, n);
BIO_printf(out, "\n");
+ BN_free(n);
}
if (check) {
@@ -268,77 +276,81 @@ int rsa_main(int argc, char **argv)
goto end;
}
BIO_printf(bio_err, "writing RSA key\n");
+
+ /* Choose output type for the format */
if (outformat == FORMAT_ASN1) {
- if (pubout || pubin) {
- if (pubout == 2)
- i = i2d_RSAPublicKey_bio(out, rsa);
- else
- i = i2d_RSA_PUBKEY_bio(out, rsa);
- } else {
- assert(private);
- i = i2d_RSAPrivateKey_bio(out, rsa);
- }
+ output_type = "DER";
} else if (outformat == FORMAT_PEM) {
+ output_type = "PEM";
+ } else if (outformat == FORMAT_MSBLOB) {
+ output_type = "MSBLOB";
+ } else if (outformat == FORMAT_PVK) {
+ if (pubin) {
+ BIO_printf(bio_err, "PVK form impossible with public key input\n");
+ goto end;
+ }
+ output_type = "PVK";
+ } else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+
+ /* Select what you want in the output */
+ if (pubout || pubin) {
+ selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+ } else {
+ assert(private);
+ selection = (OSSL_KEYMGMT_SELECT_KEYPAIR
+ | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
+ }
+
+ /* For DER based output, select the desired output structure */
+ if (outformat == FORMAT_ASN1 || outformat == FORMAT_PEM) {
if (pubout || pubin) {
if (pubout == 2)
- i = PEM_write_bio_RSAPublicKey(out, rsa);
+ output_structure = "SubjectPublicKeyInfo";
else
- i = PEM_write_bio_RSA_PUBKEY(out, rsa);
+ output_structure = "pkcs1"; /* "type-specific" would work too */
} else {
assert(private);
- if (traditional) {
- i = PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0,
- NULL, passout);
- } else {
- i = PEM_write_bio_PrivateKey(out, pkey,
- enc, NULL, 0, NULL, passout);
- }
+ if (traditional)
+ output_structure = "pkcs1"; /* "type-specific" would work too */
+ else
+ output_structure = "pkcs8";
}
-#ifndef OPENSSL_NO_DSA
- } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
- EVP_PKEY *pk;
- pk = EVP_PKEY_new();
- if (pk == NULL)
- goto end;
+ }
- EVP_PKEY_set1_RSA(pk, rsa);
- if (outformat == FORMAT_PVK) {
- if (pubin) {
- BIO_printf(bio_err, "PVK form impossible with public key input\n");
- EVP_PKEY_free(pk);
- goto end;
- }
- assert(private);
-# ifdef OPENSSL_NO_RC4
- BIO_printf(bio_err, "PVK format not supported\n");
- EVP_PKEY_free(pk);
+ /* Now, perform the encoding */
+ ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection,
+ output_type, output_structure,
+ NULL, NULL);
+ if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) {
+ BIO_printf(bio_err, "%s format not supported\n", output_type);
+ goto end;
+ }
+
+ /* PVK is a bit special... */
+ if (outformat == FORMAT_PVK) {
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+ params[0] = OSSL_PARAM_construct_int("encrypt-level", &pvk_encr);
+ if (!OSSL_ENCODER_CTX_set_params(ectx, params)) {
+ BIO_printf(bio_err, "invalid PVK encryption level\n");
goto end;
-# else
- i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
-# endif
- } else if (pubin || pubout) {
- i = i2b_PublicKey_bio(out, pk);
- } else {
- assert(private);
- i = i2b_PrivateKey_bio(out, pk);
}
- EVP_PKEY_free(pk);
-#endif
- } else {
- BIO_printf(bio_err, "bad output format specified for outfile\n");
- goto end;
}
- if (i <= 0) {
+
+ if (!OSSL_ENCODER_to_bio(ectx, out)) {
BIO_printf(bio_err, "unable to write key\n");
ERR_print_errors(bio_err);
- } else {
- ret = 0;
+ goto end;
}
+ ret = 0;
end:
+ OSSL_ENCODER_CTX_free(ectx);
release_engine(e);
BIO_free_all(out);
EVP_PKEY_free(pkey);
- RSA_free(rsa);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 9b5456cb89..8fefaee8f5 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -7,9 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-/* We need to use the deprecated RSA low level calls */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include <openssl/opensslconf.h>
#include "apps.h"
@@ -78,14 +75,15 @@ int rsautl_main(int argc, char **argv)
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
- RSA *rsa = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
X509 *x;
char *infile = NULL, *outfile = NULL, *keyfile = NULL;
char *passinarg = NULL, *passin = NULL, *prog;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
- int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1;
- int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
+ size_t rsa_inlen, rsa_outlen = 0;
+ int keyformat = FORMAT_PEM, keysize, ret = 1, rv;
+ int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, rsautl_options);
@@ -208,15 +206,6 @@ int rsautl_main(int argc, char **argv)
if (pkey == NULL)
return 1;
- rsa = EVP_PKEY_get1_RSA(pkey);
- EVP_PKEY_free(pkey);
-
- if (rsa == NULL) {
- BIO_printf(bio_err, "Error getting RSA key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
in = bio_open_default(infile, 'r', FORMAT_BINARY);
if (in == NULL)
goto end;
@@ -224,48 +213,58 @@ int rsautl_main(int argc, char **argv)
if (out == NULL)
goto end;
- keysize = RSA_size(rsa);
+ keysize = EVP_PKEY_size(pkey);
rsa_in = app_malloc(keysize * 2, "hold rsa key");
rsa_out = app_malloc(keysize, "output rsa key");
+ rsa_outlen = keysize;
/* Read the input data */
- rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
- if (rsa_inlen < 0) {
+ rv = BIO_read(in, rsa_in, keysize * 2);
+ if (rv < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
goto end;
}
+ rsa_inlen = rv;
if (rev) {
- int i;
+ size_t i;
unsigned char ctmp;
+
for (i = 0; i < rsa_inlen / 2; i++) {
ctmp = rsa_in[i];
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
rsa_in[rsa_inlen - 1 - i] = ctmp;
}
}
- switch (rsa_mode) {
+ if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL)
+ goto end;
+
+ switch (rsa_mode) {
case RSA_VERIFY:
- rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ rv = EVP_PKEY_verify_recover_init(ctx)
+ && EVP_PKEY_CTX_set_rsa_padding(ctx, pad)
+ && EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen,
+ rsa_in, rsa_inlen);
break;
-
case RSA_SIGN:
- rsa_outlen =
- RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ rv = EVP_PKEY_sign_init(ctx)
+ && EVP_PKEY_CTX_set_rsa_padding(ctx, pad)
+ && EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen);
break;
-
case RSA_ENCRYPT:
- rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ rv = EVP_PKEY_encrypt_init(ctx)
+ && EVP_PKEY_CTX_set_rsa_padding(ctx, pad)
+ && EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen);
break;
-
case RSA_DECRYPT:
- rsa_outlen =
- RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ rv = EVP_PKEY_decrypt_init(ctx)
+ && EVP_PKEY_CTX_set_rsa_padding(ctx, pad)
+ && EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen);
break;
}
- if (rsa_outlen < 0) {
+ if (!rv) {
BIO_printf(bio_err, "RSA operation error\n");
ERR_print_errors(bio_err);
goto end;
@@ -281,7 +280,8 @@ int rsautl_main(int argc, char **argv)
BIO_write(out, rsa_out, rsa_outlen);
}
end:
- RSA_free(rsa);
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_free(pkey);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
diff --git a/apps/x509.c b/apps/x509.c
index 0d0d93edc0..ad627f4558 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -757,10 +757,13 @@ int x509_main(int argc, char **argv)
}
BIO_printf(out, "Modulus=");
#ifndef OPENSSL_NO_RSA
- if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
- const BIGNUM *n;
- RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL);
+ if (EVP_PKEY_is_a(pkey, "RSA")) {
+ BIGNUM *n;
+
+ /* Every RSA key has an 'n' */
+ EVP_PKEY_get_bn_param(pkey, "n", &n);
BN_print(out, n);
+ BN_free(n);
} else
#endif
#ifndef OPENSSL_NO_DSA
diff --git a/crypto/asn1/asn1_item_list.c b/crypto/asn1/asn1_item_list.c
index 5a711546bf..c7000c20e9 100644
--- a/crypto/asn1/asn1_item_list.c
+++ b/crypto/asn1/asn1_item_list.c
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use the low level ASN1 items until they are removed */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h
index 4cdf1d221a..b5a8661bd4 100644
--- a/crypto/asn1/asn1_item_list.h
+++ b/crypto/asn1/asn1_item_list.h
@@ -135,10 +135,12 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
ASN1_ITEM_ref(PROXY_POLICY),
#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_DEPRECATED_3_0
ASN1_ITEM_ref(RSAPrivateKey),
ASN1_ITEM_ref(RSAPublicKey),
ASN1_ITEM_ref(RSA_OAEP_PARAMS),
ASN1_ITEM_ref(RSA_PSS_PARAMS),
+# endif
#endif
#ifndef OPENSSL_NO_SCRYPT
ASN1_ITEM_ref(SCRYPT_PARAMS),
diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c
index a81ae415fa..d0468bf5c2 100644
--- a/crypto/asn1/i2d_evp.c
+++ b/crypto/asn1/i2d_evp.c
@@ -16,7 +16,9 @@
#include <openssl/encoder.h>
#include <openssl/buffer.h>
#include <openssl/x509.h>
-#include <openssl/rsa.h> /* For i2d_RSAPublicKey */
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# include <openssl/rsa.h> /* For i2d_RSAPublicKey */
+#endif
#include <openssl/dsa.h> /* For i2d_DSAPublicKey */
#include <openssl/ec.h> /* For i2o_ECPublicKey */
#include "crypto/asn1.h"
@@ -105,9 +107,11 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp)
return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp);
}
switch (EVP_PKEY_id(a)) {
-#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
+# endif
#endif
#ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 7f1459a15c..358709a6a4 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -9,7 +9,7 @@ SOURCE[../../libcrypto]=$COMMON\
e_des.c e_bf.c e_idea.c e_des3.c \
e_rc4.c e_aes.c names.c e_aria.c e_sm4.c \
e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c m_null.c \
- p_seal.c p_sign.c p_verify.c \
+ p_seal.c p_sign.c p_verify.c p_legacy.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_allc.c c_alld.c bio_ok.c \
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
index ef0e715d65..c71e88d9b0 100644
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
@@ -7,11 +7,8 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * RSA low level APIs are deprecated for public use, but still ok for
- * internal use.
- */
-#include "internal/deprecated.h"
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include "internal/cryptlib.h"
diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
index b149c7bbcf..4847c752ed 100644
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -7,11 +7,8 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * RSA low level APIs are deprecated for public use, but still ok for
- * internal use.
- */
-#include "internal/deprecated.h"
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include "internal/cryptlib.h"
diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c
new file mode 100644
index 0000000000..cad4d67d73
--- /dev/null
+++ b/crypto/evp/p_legacy.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Legacy EVP_PKEY assign/set/get APIs are deprecated for public use, but
+ * still ok for internal use, particularly in providers.
+ */
+#include "internal/deprecated.h"
+
+#include <openssl/types.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include "crypto/types.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
+
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+{
+ int ret = EVP_PKEY_assign_RSA(pkey, key);
+ if (ret)
+ RSA_up_ref(key);
+ return ret;
+}
+
+RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
+{
+ if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
+ return NULL;
+ }
+ if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY);
+ return NULL;
+ }
+ return pkey->pkey.rsa;
+}
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+{
+ RSA *ret = EVP_PKEY_get0_RSA(pkey);
+ if (ret != NULL)
+ RSA_up_ref(ret);
+ return ret;
+}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 7a258fa31b..a0c131d0c0 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -784,37 +784,6 @@ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
}
# endif
-# ifndef OPENSSL_NO_RSA
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
-{
- int ret = EVP_PKEY_assign_RSA(pkey, key);
- if (ret)
- RSA_up_ref(key);
- return ret;
-}
-
-RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
-{
- if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
- return NULL;
- }
- if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
- ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY);
- return NULL;
- }
- return pkey->pkey.rsa;
-}
-
-RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
-{
- RSA *ret = EVP_PKEY_get0_RSA(pkey);
- if (ret != NULL)
- RSA_up_ref(ret);
- return ret;
-}
-# endif
-
# ifndef OPENSSL_NO_DSA
DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey)
{
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index 8d5b25156c..ea758f04be 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -45,7 +45,8 @@ IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
-#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_RSA
/*
* We treat RSA or DSA private keys as a special case. For private keys we
* read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract
@@ -76,7 +77,7 @@ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
return pkey_get_rsa(pktmp, rsa);
}
-# ifndef OPENSSL_NO_STDIO
+# ifndef OPENSSL_NO_STDIO
RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
{
@@ -85,11 +86,12 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
return pkey_get_rsa(pktmp, rsa);
}
-# endif
+# endif
IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
+# endif
#endif
#ifndef OPENSSL_NO_DSA
static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h
index 10761b03d3..7de2a71045 100644
--- a/crypto/pem/pem_local.h
+++ b/crypto/pem/pem_local.h
@@ -39,6 +39,9 @@
# define PEM_STRUCTURE_PrivateKey "pkcs8"
# define PEM_STRUCTURE_Parameters "type-specific"
+# define PEM_STRUCTURE_RSAPrivateKey "type-specific"
+# define PEM_STRUCTURE_RSAPublicKey "type-specific"
+
/* Alternative IMPLEMENT macros for provided encoders */
# define IMPLEMENT_PEM_provided_write_body_vars(type, asn1) \
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index f64fb34d52..2f430b34d4 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <string.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index 60e590998b..49a0071031 100644
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@@ -10,7 +10,6 @@
#ifndef OSSL_CRYPTO_RSA_LOCAL_H
#define OSSL_CRYPTO_RSA_LOCAL_H
-#include "crypto/rsa.h"
#include "internal/refcount.h"
#include "crypto/rsa.h"
diff --git a/doc/man3/d2i_RSAPrivateKey.pod b/doc/man3/d2i_RSAPrivateKey.pod
new file mode 100644
index 0000000000..e7cf3989ab
--- /dev/null
+++ b/doc/man3/d2i_RSAPrivateKey.pod
@@ -0,0 +1,242 @@
+=pod
+
+=begin comment
+
+Any deprecated keypair function from d2i_X509.pod are collected in this file.
+
+=end comment
+
+=head1 NAME
+
+d2i_RSAPrivateKey,
+d2i_RSAPrivateKey_bio,
+d2i_RSAPrivateKey_fp,
+d2i_RSAPublicKey,
+d2i_RSAPublicKey_bio,
+d2i_RSAPublicKey_fp,
+d2i_RSA_PUBKEY,
+d2i_RSA_PUBKEY_bio,
+d2i_RSA_PUBKEY_fp,
+i2d_RSAPrivateKey,
+i2d_RSAPrivateKey_bio,
+i2d_RSAPrivateKey_fp,
+i2d_RSAPublicKey,
+i2d_RSAPublicKey_bio,
+i2d_RSAPublicKey_fp,
+i2d_RSA_PUBKEY,
+i2d_RSA_PUBKEY_bio,
+i2d_RSA_PUBKEY_fp
+- DEPRECATED
+
+=head1 SYNOPSIS
+
+=for openssl generic
+
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ TYPE *d2i_TYPEPrivateKey(TYPE **a, const unsigned char **ppin, long length);
+ TYPE *d2i_TYPEPrivateKey_bio(BIO *bp, TYPE **a);
+ TYPE *d2i_TYPEPrivateKey_fp(FILE *fp, TYPE **a);
+ TYPE *d2i_TYPEPublicKey(TYPE **a, const unsigned char **ppin, long length);
+ TYPE *d2i_TYPEPublicKey_bio(BIO *bp, TYPE **a);
+ TYPE *d2i_TYPEPublicKey_fp(FILE *fp, TYPE **a);
+ TYPE *d2i_TYPEparams(TYPE **a, const unsigned char **ppin, long length);
+ TYPE *d2i_TYPEparams_bio(BIO *bp, TYPE **a);
+ TYPE *d2i_TYPEparams_fp(FILE *fp, TYPE **a);
+ TYPE *d2i_TYPE_PUBKEY(TYPE **a, const unsigned char **ppin, long length);
+ TYPE *d2i_TYPE_PUBKEY_bio(BIO *bp, TYPE **a);
+ TYPE *d2i_TYPE_PUBKEY_fp(FILE *fp, TYPE **a);
+
+ int i2d_TYPEPrivateKey(const TYPE *a, unsigned char **ppout);
+ int i2d_TYPEPrivateKey(TYPE *a, unsigned char **ppout);
+ int i2d_TYPEPrivateKey_fp(FILE *fp, const TYPE *a);
+ int i2d_TYPEPrivateKey_fp(FILE *fp, TYPE *a);
+ int i2d_TYPEPrivateKey_bio(BIO *bp, const TYPE *a);
+ int i2d_TYPEPrivateKey_bio(BIO *bp, TYPE *a);
+ int i2d_TYPEPublicKey(const TYPE *a, unsigned char **ppout);
+ int i2d_TYPEPublicKey(TYPE *a, unsigned char **ppout);
+ int i2d_TYPEPublicKey_fp(FILE *fp, const TYPE *a);
+ int i2d_TYPEPublicKey_fp(FILE *fp, TYPE *a);
+ int i2d_TYPEPublicKey_bio(BIO *bp, const TYPE *a);
+ int i2d_TYPEPublicKey_bio(BIO *bp, TYPE *a);
+ int i2d_TYPEparams(const TYPE *a, unsigned char **ppout);
+ int i2d_TYPEparams(TYPE *a, unsigned char **ppout);
+ int i2d_TYPEparams_fp(FILE *fp, const TYPE *a);
+ int i2d_TYPEparams_fp(FILE *fp, TYPE *a);
+ int i2d_TYPEparams_bio(BIO *bp, const TYPE *a);
+ int i2d_TYPEparams_bio(BIO *bp, TYPE *a);
+ int i2d_TYPE_PUBKEY(const TYPE *a, unsigned char **ppout);
+ int i2d_TYPE_PUBKEY(TYPE *a, unsigned char **ppout);
+ int i2d_TYPE_PUBKEY_fp(FILE *fp, const TYPE *a);
+ int i2d_TYPE_PUBKEY_fp(FILE *fp, TYPE *a);
+ int i2d_TYPE_PUBKEY_bio(BIO *bp, const TYPE *a);
+ int i2d_TYPE_PUBKEY_bio(BIO *bp, TYPE *a);
+
+=head1 DESCRIPTION
+
+All functions described here are deprecated. Please use L<OSSL_DECODER(3)>
+instead of the B<d2i> functions and L<OSSL_ENCODER(3)> instead of the B<i2d>
+functions. See L</Migration> below.
+
+In the description here, B<I<TYPE>> is used a placeholder for any of the
+OpenSSL datatypes, such as B<RSA>.
+The function parameters I<ppin> and I<ppout> are generally either both named
+I<pp> in the headers, or I<in> and I<out>.
+
+All the functions here behave the way that's described in L<d2i_X509(3)>.
+
+Please note that not all functions in the synopsis are available for all key
+types. For example, there are no d2i_RSAparams() or i2d_RSAparams(),
+because the PKCS#1 B<RSA> structure doesn't include any key parameters.
+
+B<d2i_I<TYPE>PrivateKey>() and derivates thereof decode DER encoded
+B<I<TYPE>> private key data organized in a type specific structure.
+
+B<d2i_I<TYPE>PublicKey>() and derivates thereof decode DER encoded
+B<I<TYPE>> public key data organized in a type specific structure.
+
+B<d2i_I<TYPE>params>() and derivates thereof decode DER encoded B<I<TYPE>>
+key parameters organized in a type specific structure.
+
+B<d2i_I<TYPE>_PUBKEY>() and derivates thereof decode DER encoded B<I<TYPE>>
+public key data organized in a B<SubjectPublicKeyInfo> structure.
+
+B<i2d_I<TYPE>PrivateKey>() and derivates thereof encode the private key
+B<I<TYPE>> data into a type specific DER encoded structure.
+
+B<i2d_I<TYPE>PublicKey>() and derivates thereof encode the public key
+B<I<TYPE>> data into a type specific DER encoded structure.
+
+B<i2d_I<TYPE>params>() and derivates thereof encode the B<I<TYPE>> key
+parameters data into a type specific DER encoded structure.
+
+B<i2d_I<TYPE>_PUBKEY>() and derivates thereof encode the public key
+B<I<TYPE>> data into a DER encoded B<SubjectPublicKeyInfo> structure.
+
+For example, d2i_RSAPrivateKey() and d2i_RSAPublicKey() expects the
+structure defined by PKCS#1.
+Similarly, i2d_RSAPrivateKey() and i2d_RSAPublicKey() produce DER encoded
+string organized according to PKCS#1.
+
+=head2 Migration
+
+Migration from the diverse B<I<TYPE>>s requires using corresponding new
+OpenSSL types. For all B<I<TYPE>>s described here, the corresponding new
+type is B<EVP_PKEY>. The rest of this section assumes that this has been
+done, exactly how to do that is described elsewhere.
+
+There are two migration paths:
+
+=over 4
+
+=item *
+
+Replace
+b<d2i_I<TYPE>PrivateKey()> with L<d2i_PrivateKey(3)>,
+b<d2i_I<TYPE>PublicKey()> with L<d2i_PublicKey(3)>,
+b<d2i_I<TYPE>params()> with L<d2i_KeyParams(3)>,
+b<d2i_I<TYPE>_PUBKEY()> with L<d2i_PUBKEY(3)>,
+b<i2d_I<TYPE>PrivateKey()> with L<i2d_PrivateKey(3)>,
+b<i2d_I<TYPE>PublicKey()> with L<i2d_PublicKey(3)>,
+b<i2d_I<TYPE>params()> with L<i2d_KeyParams(3)>,
+b<i2d_I<TYPE>_PUBKEY()> with L<i2d_PUBKEY(3)>.
+A caveat is that L<i2d_PrivateKey(3)> may output a DER encoded PKCS#8
+outermost structure instead of the type specific structure, and that
+L<d2i_PrivateKey(3)> recognises and unpacks a PKCS#8 structures.
+
+=item *
+
+Use L<OSSL_DECODER(3)> and L<OSSL_ENCODER(3)>. How to migrate is described
+below. All those descriptions assume that the key to be encoded is in the
+variable I<pkey>.
+
+=back
+
+=head3 Migrating B<i2d> functions to B<OSSL_ENCODER>
+
+The exact L<OSSL_ENCODER(3)> output is driven by arguments rather than by
+function names. The sample code to get DER encoded output in a type
+specific structure is uniform, the only things that vary are the selection
+of what part of the B<EVP_PKEY> should be output, and the structure. The
+B<i2d> functions names can therefore be translated into two variables,
+I<selection> and I<structure> as follows:
+
+=over 4
+
+=item B<i2d_I<TYPE>PrivateKey>() translates into:
+
+ int selection = EVP_PKEY_PRIVATE_KEY;
+ const char *structure = "type-specific";
+
+=item B<i2d_I<TYPE>PublicKey>() translates into:
+
+ int selection = EVP_PKEY_PUBLIC_KEY;
+ const char *structure = "type-specific";
+
+=item B<i2d_I<TYPE>params>() translates into:
+
+ int selection = EVP_PKEY_PARAMETERS;
+ const char *structure = "type-specific";
+
+=item B<i2d_I<TYPE>_PUBKEY>() translates into:
+
+ int selection = EVP_PKEY_PUBLIC_KEY;
+ const char *structure = "SubjectPublicKeyInfo";
+
+=back
+
+The following sample code does the rest of the work:
+
+ unsigned char *p = buffer; /* |buffer| is supplied by the caller */
+ size_t len = buffer_size; /* assumed be the size of |buffer| */
+ OSSL_ENCODER_CTX *ctx =
+ OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection, "DER", structure,
+ NULL, NULL);
+ if (ctx == NULL) {
+ /* fatal error handling */
+ }
+ if (OSSL_ENCODER_CTX_get_num_encoders(ctx) == 0) {
+ OSSL_ENCODER_CTX_free(ctx);
+ /* non-fatal error handling */
+ }
+ if (!OSSL_ENCODER_to_data(ctx, &p, &len)) {
+ OSSL_ENCODER_CTX_free(ctx);
+ /* error handling */
+ }
+ OSSL_ENCODER_CTX_free(ctx);
+
+=for comment TODO: a similar section on OSSL_DECODER is to be added
+
+=head1 RETURN VALUES
+
+B<d2i_I<TYPE>>(), B<d2i_I<TYPE>_bio>() and B<d2i_I<TYPE>_fp>() return a valid
+B<I<TYPE>> structure or NULL if an error occurs. If the "reuse" capability has
+been used with a valid structure being passed in via I<a>, then the object is
+freed in the event of error and I<*a> is set to NULL.
+
+B<i2d_I<TYPE>>() returns the number of bytes successfully encoded or a negative
+value if an error occurs.
+
+B<i2d_I<TYPE>_bio>() and B<i2d_I<TYPE>_fp>() return 1 for success and 0 if an
+error occurs.
+
+=head1 SEE ALSO
+
+L<OSSL_ENCODER(3)>, L<OSSL_DECODER(3)>,
+L<d2i_PrivateKey(3)>, L<d2i_PublicKey(3)>, L<d2i_KeyParams(3)>,
+L<d2i_PUBKEY(3)>,
+L<i2d_PrivateKey(3)>, L<i2d_PublicKey(3)>, L<i2d_KeyParams(3)>,
+L<i2d_PUBKEY(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index a46977bc93..0b3414ba8f 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -1,5 +1,12 @@
=pod
+=begin comment
+
+Any keypair function here that gets deprecated should be moved to
+d2i_RSAPrivateKey.pod.
+
+=end comment
+
=head1 NAME
d2i_ACCESS_DESCRIPTION,
@@ -141,17 +148,8 @@ d2i_POLICYQUALINFO,
d2i_PROFESSION_INFO,
d2i_PROXY_CERT_INFO_EXTENSION,
d2i_PROXY_POLICY,
-d2i_RSAPrivateKey,
-d2i_RSAPrivateKey_bio,
-d2i_RSAPrivateKey_fp,
-d2i_RSAPublicKey,
-d2i_RSAPublicKey_bio,
-d2i_RSAPublicKey_fp,
d2i_RSA_OAEP_PARAMS,
d2i_RSA_PSS_PARAMS,
-d2i_RSA_PUBKEY,
-d2i_RSA_PUBKEY_bio,
-d2i_RSA_PUBKEY_fp,
d2i_SCRYPT_PARAMS,
d2i_SCT_LIST,
d2i_SXNET,
@@ -337,17 +335,8 @@ i2d_POLICYQUALINFO,
i2d_PROFESSION_INFO,
i2d_PROXY_CERT_INFO_EXTENSION,
i2d_PROXY_POLICY,
-i2d_RSAPrivateKey,
-i2d_RSAPrivateKey_bio,
-i2d_RSAPrivateKey_fp,
-i2d_RSAPublicKey,
-i2d_RSAPublicKey_bio,
-i2d_RSAPublicKey_fp,
i2d_RSA_OAEP_PARAMS,
i2d_RSA_PSS_PARAMS,
-i2d_RSA_PUBKEY,
-i2d_RSA_PUBKEY_bio,
-i2d_RSA_PUBKEY_fp,
i2d_SCRYPT_PARAMS,
i2d_SCT_LIST,
i2d_SXNET,
@@ -411,7 +400,7 @@ i2d_X509_VAL,
=head1 DESCRIPTION
In the description here, B<I<TYPE>> is used a placeholder
-for any of the OpenSSL datatypes, such as I<X509_CRL>.
+for any of the OpenSSL datatypes, such as B<X509_CRL>.
The function parameters I<ppin> and I<ppout> are generally
either both named I<pp> in the headers, or I<in> and I<out>.
@@ -512,10 +501,6 @@ L<PEM_write_PrivateKey(3)>, or similar instead.
Represents an ECDSA signature.
-=item B<RSAPublicKey>
-
-Represents a PKCS#1 RSA public key structure.
-
=item B<X509_ALGOR>
Represents an B<AlgorithmIdentifier> structure as used in IETF RFC 6960 and
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 8fe8583815..9a4e454b2f 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -169,9 +169,11 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
ASN1_ITEM_ref(PROXY_POLICY),
ASN1_ITEM_ref(RSA_OAEP_PARAMS),
- ASN1_ITEM_ref(RSAPrivateKey),
ASN1_ITEM_ref(RSA_PSS_PARAMS),
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ ASN1_ITEM_ref(RSAPrivateKey),
ASN1_ITEM_ref(RSAPublicKey),
+#endif
ASN1_ITEM_ref(SXNET),
ASN1_ITEM_ref(SXNETID),
ASN1_ITEM_ref(USERNOTICE),
@@ -339,7 +341,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey);
DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams);
#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey);
+#endif
#ifndef OPENSSL_NO_EC
DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
diff --git a/fuzz/server.c b/fuzz/server.c
index 8123c90994..4055b58222 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -12,6 +12,9 @@
/* Test first part of SSL server handshake. */
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <time.h>
#include <openssl/rand.h>
#include <openssl/ssl.h>
@@ -92,6 +95,7 @@ static const uint8_t kCertificateDER[] = {
0x76, 0x8a, 0xbb,
};
+#ifndef OPENSSL_NO_DEPRECATED_3_0
static const uint8_t kRSAPrivateKeyDER[] = {
0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
@@ -194,6 +198,7 @@ static const uint8_t kRSAPrivateKeyDER[] = {
0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
0x98, 0x46, 0x89, 0x82, 0x40,
};
+#endif
#ifndef OPENSSL_NO_EC
@@ -512,7 +517,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
#endif
SSL_CTX *ctx;
int ret;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
RSA *privkey;
+#endif
const uint8_t *bufp;
EVP_PKEY *pkey;
X509 *cert;
@@ -539,6 +546,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0");
OPENSSL_assert(ret == 1);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/* RSA */
bufp = kRSAPrivateKeyDER;
privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
@@ -548,6 +556,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
+#endif
bufp = kCertificateDER;
cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 1ee1991f57..ede11cfd41 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -12,6 +12,7 @@
# include <openssl/core.h>
# include <openssl/rsa.h>
+# include "crypto/types.h"
typedef struct rsa_pss_params_30_st {
int hash_algorithm_nid;
diff --git a/include/internal/asn1.h b/include/crypto/types.h
similarity index 67%
copy from include/internal/asn1.h
copy to include/crypto/types.h
index 8448786919..ccb75e3cbf 100644
--- a/include/internal/asn1.h
+++ b/include/crypto/types.h
@@ -7,9 +7,10 @@
* https://www.openssl.org/source/license.html
*/
-#ifndef OSSL_INTERNAL_ASN1_H
-# define OSSL_INTERNAL_ASN1_H
-
-int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+/* When removal is simulated, we still need the type internally */
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+typedef struct rsa_st RSA;
+typedef struct rsa_meth_st RSA_METHOD;
#endif
+
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 0dcb56e078..3f39e9ef4a 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -457,9 +457,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
const EVP_CIPHER *cipher, const EVP_MD *md,
int en_de);
-# ifndef OPENSSL_NO_RSA
-# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
- (rsa))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_RSA
+# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+ (rsa))
+# endif
# endif
# ifndef OPENSSL_NO_DSA
@@ -1211,11 +1213,16 @@ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
# endif
-# ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_RSA
struct rsa_st;
+OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
+OSSL_DEPRECATEDIN_3_0
struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0
struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+# endif
# endif
# ifndef OPENSSL_NO_DSA
struct dsa_st;
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 3066918b27..3dcf97e36c 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -373,10 +373,12 @@ DECLARE_PEM_rw(PKCS7, PKCS7)
DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
DECLARE_PEM_rw(PKCS8, X509_SIG)
DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-# ifndef OPENSSL_NO_RSA
-DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
-DECLARE_PEM_rw(RSAPublicKey, RSA)
-DECLARE_PEM_rw(RSA_PUBKEY, RSA)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_RSA
+DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA)
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA)
+# endif
# endif
# ifndef OPENSSL_NO_DSA
DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 24b2a7eb55..2681d1a543 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -37,6 +37,9 @@ extern "C" {
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
# endif
+# define RSA_3 0x3L
+# define RSA_F4 0x10001L
+
# ifndef OPENSSL_NO_DEPRECATED_3_0
/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
@@ -50,24 +53,13 @@ extern "C" {
# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
# endif
-# endif /* OPENSSL_NO_DEPRECATED_3_0 */
-
-# define RSA_3 0x3L
-# define RSA_F4 0x10001L
-
-# ifndef OPENSSL_NO_DEPRECATED_3_0
/* based on RFC 8017 appendix A.1.2 */
# define RSA_ASN1_VERSION_DEFAULT 0
# define RSA_ASN1_VERSION_MULTI 1
# define RSA_DEFAULT_PRIME_NUM 2
-# endif /* OPENSSL_NO_DEPRECATED_3_0 */
-/* Don't check pub/private match */
-/* TODO(3.0): deprecate this? It is exposed for sls/t1_lib.c's use */
-# define RSA_METHOD_FLAG_NO_CHECK 0x0001
-
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define RSA_METHOD_FLAG_NO_CHECK 0x0001
# define RSA_FLAG_CACHE_PUBLIC 0x0002
# define RSA_FLAG_CACHE_PRIVATE 0x0004
# define RSA_FLAG_BLINDING 0x0008
@@ -132,11 +124,13 @@ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen);
int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits);
-DEPRECATEDIN_3_0(int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx,
- BIGNUM *pubexp))
int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
+int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+# endif
/* Salt length matches digest */
# define RSA_PSS_SALTLEN_DIGEST -1
@@ -206,99 +200,113 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
# define RSA_get_app_data(s) RSA_get_ex_data(s,0)
-RSA *RSA_new(void);
-DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine))
-int RSA_bits(const RSA *rsa);
-DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa))
-DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa))
-
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
-int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
-int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
- BIGNUM *coeffs[], int pnum);
-void RSA_get0_key(const RSA *r,
- const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
-int RSA_get_multi_prime_extra_count(const RSA *r);
-int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]);
-void RSA_get0_crt_params(const RSA *r,
- const BIGNUM **dmp1, const BIGNUM **dmq1,
- const BIGNUM **iqmp);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
+OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine);
+OSSL_DEPRECATEDIN_3_0 int RSA_bits(const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 int RSA_security_bits(const RSA *rsa);
+
+OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+OSSL_DEPRECATEDIN_3_0 int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+OSSL_DEPRECATEDIN_3_0 int RSA_set0_crt_params(RSA *r,
+ BIGNUM *dmp1, BIGNUM *dmq1,
+ BIGNUM *iqmp);
+OSSL_DEPRECATEDIN_3_0 int RSA_set0_multi_prime_params(RSA *r,
+ BIGNUM *primes[],
+ BIGNUM *exps[],
+ BIGNUM *coeffs[],
+ int pnum);
+OSSL_DEPRECATEDIN_3_0 void RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e,
+ const BIGNUM **d);
+OSSL_DEPRECATEDIN_3_0 void RSA_get0_factors(const RSA *r,
+ const BIGNUM **p, const BIGNUM **q);
+OSSL_DEPRECATEDIN_3_0 int RSA_get_multi_prime_extra_count(const RSA *r);
+OSSL_DEPRECATEDIN_3_0 int RSA_get0_multi_prime_factors(const RSA *r,
+ const BIGNUM *primes[]);
+OSSL_DEPRECATEDIN_3_0 void RSA_get0_crt_params(const RSA *r,
+ const BIGNUM **dmp1,
+ const BIGNUM **dmq1,
+ const BIGNUM **iqmp);
+OSSL_DEPRECATEDIN_3_0
int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
const BIGNUM *coeffs[]);
-const BIGNUM *RSA_get0_n(const RSA *d);
-const BIGNUM *RSA_get0_e(const RSA *d);
-const BIGNUM *RSA_get0_d(const RSA *d);
-const BIGNUM *RSA_get0_p(const RSA *d);
-const BIGNUM *RSA_get0_q(const RSA *d);
-const BIGNUM *RSA_get0_dmp1(const RSA *r);
-const BIGNUM *RSA_get0_dmq1(const RSA *r);
-const BIGNUM *RSA_get0_iqmp(const RSA *r);
-DEPRECATEDIN_3_0(const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r))
-void RSA_clear_flags(RSA *r, int flags);
-int RSA_test_flags(const RSA *r, int flags);
-void RSA_set_flags(RSA *r, int flags);
-DEPRECATEDIN_3_0(int RSA_get_version(RSA *r))
-DEPRECATEDIN_3_0(ENGINE *RSA_get0_engine(const RSA *r))
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_n(const RSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_e(const RSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_d(const RSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_p(const RSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_q(const RSA *d);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_dmp1(const RSA *r);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_dmq1(const RSA *r);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_iqmp(const RSA *r);
+OSSL_DEPRECATEDIN_3_0 const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
+OSSL_DEPRECATEDIN_3_0 void RSA_clear_flags(RSA *r, int flags);
+OSSL_DEPRECATEDIN_3_0 int RSA_test_flags(const RSA *r, int flags);
+OSSL_DEPRECATEDIN_3_0 void RSA_set_flags(RSA *r, int flags);
+OSSL_DEPRECATEDIN_3_0 int RSA_get_version(RSA *r);
+OSSL_DEPRECATEDIN_3_0 ENGINE *RSA_get0_engine(const RSA *r);
/* Deprecated version */
-DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
- (*callback) (int, int, void *),
- void *cb_arg))
+OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void
+ (*callback) (int, int, void *),
+ void *cb_arg);
/* New version */
-DEPRECATEDIN_3_0(int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
- BN_GENCB *cb))
+OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb);
/* Multi-prime version */
-DEPRECATEDIN_3_0(int RSA_generate_multi_prime_key(RSA *rsa, int bits,
- int primes, BIGNUM *e,
- BN_GENCB *cb))
-
-DEPRECATEDIN_3_0(int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2,
- BIGNUM *q1, BIGNUM *q2,
- const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *Xp, const BIGNUM *Xq1,
- const BIGNUM *Xq2, const BIGNUM *Xq,
- const BIGNUM *e, BN_GENCB *cb))
-DEPRECATEDIN_3_0(int RSA_X931_generate_key_ex(RSA *rsa, int bits,
- const BIGNUM *e, BN_GENCB *cb))
-
-DEPRECATEDIN_3_0(int RSA_check_key(const RSA *))
-DEPRECATEDIN_3_0(int RSA_check_key_ex(const RSA *, BN_GENCB *cb))
+OSSL_DEPRECATEDIN_3_0 int RSA_generate_multi_prime_key(RSA *rsa, int bits,
+ int primes, BIGNUM *e,
+ BN_GENCB *cb);
+
+OSSL_DEPRECATEDIN_3_0
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *q1, BIGNUM *q2,
+ const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *Xp, const BIGNUM *Xq1,
+ const BIGNUM *Xq2, const BIGNUM *Xq,
+ const BIGNUM *e, BN_GENCB *cb);
+OSSL_DEPRECATEDIN_3_0 int RSA_X931_generate_key_ex(RSA *rsa, int bits,
+ const BIGNUM *e,
+ BN_GENCB *cb);
+
+OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *);
+OSSL_DEPRECATEDIN_3_0 int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
/* next 4 return -1 on error */
-DEPRECATEDIN_3_0(int RSA_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-DEPRECATEDIN_3_0(int RSA_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-DEPRECATEDIN_3_0(int RSA_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-DEPRECATEDIN_3_0(int RSA_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-void RSA_free(RSA *r);
+OSSL_DEPRECATEDIN_3_0
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
+ RSA *rsa, int padding);
+OSSL_DEPRECATEDIN_3_0
+int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
+ RSA *rsa, int padding);
+OSSL_DEPRECATEDIN_3_0
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
+ RSA *rsa, int padding);
+OSSL_DEPRECATEDIN_3_0
+int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
+ RSA *rsa, int padding);
+OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
/* "up" the RSA object's reference count */
-int RSA_up_ref(RSA *r);
-
-/* TODO(3.0): deprecate this one ssl/ssl_rsa.c can be changed to avoid it */
-int RSA_flags(const RSA *r);
+OSSL_DEPRECATEDIN_3_0 int RSA_up_ref(RSA *r);
+OSSL_DEPRECATEDIN_3_0 int RSA_flags(const RSA *r);
-DEPRECATEDIN_3_0(void RSA_set_default_method(const RSA_METHOD *meth))
-DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void))
-DEPRECATEDIN_3_0(const RSA_METHOD *RSA_null_method(void))
-DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_method(const RSA *rsa))
-DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth))
+OSSL_DEPRECATEDIN_3_0 void RSA_set_default_method(const RSA_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_get_default_method(void);
+OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_null_method(void);
+OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_get_method(const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
/* these are the actual RSA functions */
-DEPRECATEDIN_3_0(const RSA_METHOD *RSA_PKCS1_OpenSSL(void))
+OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
-int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
+DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0,
+ RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0,
+ RSA, RSAPrivateKey)
+# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
-DECLARE_ASN1_ENCODE_FUNCTIONS_name(RSA, RSAPublicKey)
-DECLARE_ASN1_ENCODE_FUNCTIONS_name(RSA, RSAPrivateKey)
+int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
struct rsa_pss_params_st {
X509_ALGOR *hashAlgorithm;
@@ -321,130 +329,127 @@ typedef struct rsa_oaep_params_st {
DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
-# ifndef OPENSSL_NO_STDIO
-DEPRECATEDIN_3_0(int RSA_print_fp(FILE *fp, const RSA *r, int offset))
-# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_STDIO
+OSSL_DEPRECATEDIN_3_0 int RSA_print_fp(FILE *fp, const RSA *r, int offset);
+# endif
-DEPRECATEDIN_3_0(int RSA_print(BIO *bp, const RSA *r, int offset))
+OSSL_DEPRECATEDIN_3_0 int RSA_print(BIO *bp, const RSA *r, int offset);
/*
* The following 2 functions sign and verify a X509_SIG ASN1 object inside
* PKCS#1 padded RSA encryption
*/
-DEPRECATEDIN_3_0(int RSA_sign(int type, const unsigned char *m,
- unsigned int m_length, unsigned char *sigret,
- unsigned int *siglen, RSA *rsa))
-DEPRECATEDIN_3_0(int RSA_verify(int type, const unsigned char *m,
- unsigned int m_length,
- const unsigned char *sigbuf,
- unsigned int siglen, RSA *rsa))
+OSSL_DEPRECATEDIN_3_0 int RSA_sign(int type, const unsigned char *m,
+ unsigned int m_length, unsigned char *sigret,
+ unsigned int *siglen, RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 int RSA_verify(int type, const unsigned char *m,
+ unsigned int m_length,
+ const unsigned char *sigbuf,
+ unsigned int siglen, RSA *rsa);
/*
* The following 2 function sign and verify a ASN1_OCTET_STRING object inside
* PKCS#1 padded RSA encryption
*/
-DEPRECATEDIN_3_0(int RSA_sign_ASN1_OCTET_STRING(int type,
- const unsigned char *m,
- unsigned int m_length,
- unsigned char *sigret,
- unsigned int *siglen, RSA *rsa))
-DEPRECATEDIN_3_0(int RSA_verify_ASN1_OCTET_STRING(int type,
- const unsigned char *m,
- unsigned int m_length,
- unsigned char *sigbuf,
- unsigned int siglen,
- RSA *rsa))
-
-/* TODO(3.0): figure out how to deprecate these two */
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-void RSA_blinding_off(RSA *rsa);
-DEPRECATEDIN_3_0(BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx))
-
-DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
- const unsigned char *f,
- int fl))
-DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
- const unsigned char *f,
- int fl, int rsa_len))
-DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
- const unsigned char *f,
- int fl))
-DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
- const unsigned char *f,
- int fl, int rsa_len))
-DEPRECATEDIN_3_0(int PKCS1_MGF1(unsigned char *mask, long len,
- const unsigned char *seed, long seedlen,
- const EVP_MD *dgst))
-DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
- const unsigned char *f, int fl,
- const unsigned char *p, int pl))
-DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
- const unsigned char *f,
- int fl, int rsa_len,
- const unsigned char *p,
- int pl))
-DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to,
- int tlen,
- const unsigned char *from,
- int flen,
- const unsigned char *param,
- int plen,
- const EVP_MD *md,
- const EVP_MD *mgf1md))
-DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to,
- int tlen,
- const unsigned char *from,
- int flen, int num,
- const unsigned char *param,
- int plen, const EVP_MD *md,
- const EVP_MD *mgf1md))
-DEPRECATEDIN_3_0(int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
- const unsigned char *f, int fl))
-DEPRECATEDIN_3_0(int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
- const unsigned char *f, int fl,
- int rsa_len))
-DEPRECATEDIN_3_0(int RSA_padding_add_none(unsigned char *to, int tlen,
- const unsigned char *f, int fl))
-DEPRECATEDIN_3_0(int RSA_padding_check_none(unsigned char *to, int tlen,
- const unsigned char *f, int fl,
- int rsa_len))
-DEPRECATEDIN_3_0(int RSA_padding_add_X931(unsigned char *to, int tlen,
- const unsigned char *f, int fl))
-DEPRECATEDIN_3_0(int RSA_padding_check_X931(unsigned char *to, int tlen,
- const unsigned char *f, int fl,
- int rsa_len))
-DEPRECATEDIN_3_0(int RSA_X931_hash_id(int nid))
-
-DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
- const EVP_MD *Hash,
- const unsigned char *EM, int sLen))
-DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
- const unsigned char *mHash,
- const EVP_MD *Hash, int sLen))
-
-DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa,
- const unsigned char *mHash,
- const EVP_MD *Hash,
- const EVP_MD *mgf1Hash,
- const unsigned char *EM,
- int sLen))
-
-DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa,
- unsigned char *EM,
- const unsigned char *mHash,
- const EVP_MD *Hash,
- const EVP_MD *mgf1Hash,
- int sLen))
+OSSL_DEPRECATEDIN_3_0
+int RSA_sign_ASN1_OCTET_STRING(int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen,
+ RSA *rsa);
+OSSL_DEPRECATEDIN_3_0
+int RSA_verify_ASN1_OCTET_STRING(int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigbuf, unsigned int siglen,
+ RSA *rsa);
+
+OSSL_DEPRECATEDIN_3_0 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 void RSA_blinding_off(RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
+
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *f, int fl);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *f, int fl);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len);
+OSSL_DEPRECATEDIN_3_0 int PKCS1_MGF1(unsigned char *mask, long len,
+ const unsigned char *seed, long seedlen,
+ const EVP_MD *dgst);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ const unsigned char *p, int pl);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+ const unsigned char *f, int fl, int rsa_len,
+ const unsigned char *p, int pl);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ const unsigned char *param, int plen,
+ const EVP_MD *md, const EVP_MD *mgf1md);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ int num,
+ const unsigned char *param, int plen,
+ const EVP_MD *md, const EVP_MD *mgf1md);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *f, int fl);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len);
+OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_none(unsigned char *to, int tlen,
+ const unsigned char *f, int fl);
+OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_none(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len);
+OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_X931(unsigned char *to, int tlen,
+ const unsigned char *f, int fl);
+OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_X931(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len);
+OSSL_DEPRECATEDIN_3_0 int RSA_X931_hash_id(int nid);
+
+OSSL_DEPRECATEDIN_3_0
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+ const EVP_MD *Hash, const unsigned char *EM,
+ int sLen);
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+ const unsigned char *mHash, const EVP_MD *Hash,
+ int sLen);
+
+OSSL_DEPRECATEDIN_3_0
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+ const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+ const unsigned char *EM, int sLen);
+
+OSSL_DEPRECATEDIN_3_0
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+ const unsigned char *mHash,
+ const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+ int sLen);
# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef)
-DEPRECATEDIN_3_0(int RSA_set_ex_data(RSA *r, int idx, void *arg))
-DEPRECATEDIN_3_0(void *RSA_get_ex_data(const RSA *r, int idx))
+OSSL_DEPRECATEDIN_3_0 int RSA_set_ex_data(RSA *r, int idx, void *arg);
+OSSL_DEPRECATEDIN_3_0 void *RSA_get_ex_data(const RSA *r, int idx);
-DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPublicKey)
-DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey)
+DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSAPublicKey)
+DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSAPrivateKey)
-# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* If this flag is set the RSA method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
@@ -466,95 +471,134 @@ DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey)
* check.
*/
# define RSA_FLAG_CHECKED 0x0800
-# endif /* OPENSSL_NO_DEPRECATED_3_0 */
-DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_new(const char *name, int flags))
-DEPRECATEDIN_3_0(void RSA_meth_free(RSA_METHOD *meth))
-DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth))
-DEPRECATEDIN_3_0(const char *RSA_meth_get0_name(const RSA_METHOD *meth))
-DEPRECATEDIN_3_0(int RSA_meth_set1_name(RSA_METHOD *meth, const char *name))
-DEPRECATEDIN_3_0(int RSA_meth_get_flags(const RSA_METHOD *meth))
-DEPRECATEDIN_3_0(int RSA_meth_set_flags(RSA_METHOD *meth, int flags))
-DEPRECATEDIN_3_0(void *RSA_meth_get0_app_data(const RSA_METHOD *meth))
-DEPRECATEDIN_3_0(int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding))
-DEPRECATEDIN_3_0(int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_new(const char *name, int flags);
+OSSL_DEPRECATEDIN_3_0 void RSA_meth_free(RSA_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 int RSA_meth_set1_name(RSA_METHOD *meth,
+ const char *name);
+OSSL_DEPRECATEDIN_3_0 int RSA_meth_get_flags(const RSA_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+OSSL_DEPRECATEDIN_3_0 void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 int RSA_meth_set0_app_data(RSA_METHOD *meth,
+ void *app_data);
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) (int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa, int padding);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
int (*pub_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
- int padding)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding))
-DEPRECATEDIN_3_0(int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+ int padding));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) (int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa, int padding);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
int (*pub_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
- int padding)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding))
-DEPRECATEDIN_3_0(int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+ int padding));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) (int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa, int padding);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
int (*priv_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
- int padding)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding))
-DEPRECATEDIN_3_0(int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+ int padding));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) (int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa, int padding);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
int (*priv_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
- int padding)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx))
-DEPRECATEDIN_3_0(int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+ int padding));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r0,
+ const BIGNUM *i,
+ RSA *rsa, BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
- BN_CTX *ctx)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx))
-DEPRECATEDIN_3_0(int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+ BN_CTX *ctx));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r,
+ const BIGNUM *a,
+ const BIGNUM *p,
+ const BIGNUM *m,
+ BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
int (*bn_mod_exp) (BIGNUM *r,
const BIGNUM *a,
const BIGNUM *p,
const BIGNUM *m,
BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa))
-DEPRECATEDIN_3_0(int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa))
-DEPRECATEDIN_3_0(int RSA_meth_set_finish(RSA_METHOD *rsa,
- int (*finish) (RSA *rsa)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_sign(const RSA_METHOD *meth))
- (int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa))
-DEPRECATEDIN_3_0(int RSA_meth_set_sign(RSA_METHOD *rsa,
+ BN_MONT_CTX *m_ctx));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_sign(const RSA_METHOD *meth)) (int type,
+ const unsigned char *m,
+ unsigned int m_length,
+ unsigned char *sigret,
+ unsigned int *siglen,
+ const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_sign(RSA_METHOD *rsa,
int (*sign) (int type, const unsigned char *m,
unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_verify(const RSA_METHOD *meth))
- (int dtype, const unsigned char *m,
- unsigned int m_length, const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa))
-DEPRECATEDIN_3_0(int RSA_meth_set_verify(RSA_METHOD *rsa,
+ const RSA *rsa));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_verify(const RSA_METHOD *meth)) (int dtype,
+ const unsigned char *m,
+ unsigned int m_length,
+ const unsigned char *sigbuf,
+ unsigned int siglen,
+ const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_verify(RSA_METHOD *rsa,
int (*verify) (int dtype, const unsigned char *m,
unsigned int m_length,
const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
- (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb))
-DEPRECATEDIN_3_0(int RSA_meth_set_keygen(RSA_METHOD *rsa,
+ unsigned int siglen, const RSA *rsa));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) (RSA *rsa, int bits,
+ BIGNUM *e, BN_GENCB *cb);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_keygen(RSA_METHOD *rsa,
int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
- BN_GENCB *cb)))
-DEPRECATEDIN_3_0(int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
- (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb))
-DEPRECATEDIN_3_0(int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+ BN_GENCB *cb));
+OSSL_DEPRECATEDIN_3_0
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) (RSA *rsa,
+ int bits,
+ int primes,
+ BIGNUM *e,
+ BN_GENCB *cb);
+OSSL_DEPRECATEDIN_3_0
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
int (*keygen) (RSA *rsa, int bits,
int primes, BIGNUM *e,
- BN_GENCB *cb)))
+ BN_GENCB *cb));
+#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
# ifdef __cplusplus
}
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index a02227be0c..f9a61609e4 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1606,9 +1606,12 @@ void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
void SSL_set_verify_depth(SSL *s, int depth);
void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
# ifndef OPENSSL_NO_RSA
-__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d,
- long len);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+OSSL_DEPRECATEDIN_3_0
+__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl,
+ const unsigned char *d, long len);
+# endif
# endif
__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
@@ -1632,15 +1635,22 @@ __owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
#ifndef OPENSSL_NO_RSA
-__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey_file(SSL *ssl,
+ const char *file,
+ int type);
+# endif
#endif
__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file,
int type);
+# endif
#endif
__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file,
int type);
@@ -1751,9 +1761,13 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
void *arg);
# ifndef OPENSSL_NO_RSA
-__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx,
+ RSA *rsa);
+OSSL_DEPRECATEDIN_3_0
__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
long len);
+# endif
# endif
__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
diff --git a/include/openssl/types.h b/include/openssl/types.h
index 8ca2d144c7..6cb5a663cc 100644
--- a/include/openssl/types.h
+++ b/include/openssl/types.h
@@ -18,6 +18,7 @@ extern "C" {
# include <openssl/e_os2.h>
# include <openssl/safestack.h>
+# include <openssl/macros.h>
typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */
@@ -135,8 +136,10 @@ typedef struct dh_method DH_METHOD;
typedef struct dsa_st DSA;
typedef struct dsa_method DSA_METHOD;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
typedef struct rsa_st RSA;
typedef struct rsa_meth_st RSA_METHOD;
+# endif
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
typedef struct ec_key_st EC_KEY;
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index eda5ee986f..14a4a02da7 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -414,13 +414,15 @@ X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl);
X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req);
-# ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
-int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
-int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa);
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
-int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_RSA
+OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
+OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
+OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
+OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa);
+# endif
# endif
# ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
@@ -456,13 +458,15 @@ X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl);
X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req);
-# ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
-int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
-int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa);
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
-int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_RSA
+OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
+OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
+OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa);
+OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
+OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa);
+# endif
# endif
# ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
@@ -543,8 +547,10 @@ long X509_get_pathlen(X509 *x);
DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY)
EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length,
OSSL_LIB_CTX *libctx, const char *propq);
-# ifndef OPENSSL_NO_RSA
-DECLARE_ASN1_ENCODE_FUNCTIONS_only(RSA, RSA_PUBKEY)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_RSA
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY)
+# endif
# endif
# ifndef OPENSSL_NO_DSA
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSA_PUBKEY)
diff --git a/providers/common/der/der_rsa_key.c b/providers/common/der/der_rsa_key.c
index a20c334b23..1cc5874290 100644
--- a/providers/common/der/der_rsa_key.c
+++ b/providers/common/der/der_rsa_key.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/obj_mac.h>
#include "internal/cryptlib.h"
#include "prov/der_rsa.h"
diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h
index 8ab3370263..a9e69c8a29 100644
--- a/providers/common/include/prov/securitycheck.h
+++ b/providers/common/include/prov/securitycheck.h
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
+#include "crypto/types.h"
+
/* Functions that are common */
int ossl_rsa_check_key(const RSA *rsa, int protect);
int ec_check_key(const EC_KEY *ec, int protect);
diff --git a/ssl/build.info b/ssl/build.info
index 36755819dd..4efd9d02cc 100644
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -35,7 +35,7 @@ SOURCE[../libssl]=\
statem/statem.c record/ssl3_record_tls13.c record/tls_pad.c \
tls_depr.c $KTLSSRC
IF[{- !$disabled{'deprecated-3.0'} -}]
- SOURCE[../libssl]=s3_cbc.c
+ SOURCE[../libssl]=s3_cbc.c ssl_rsa_legacy.c
ENDIF
DEFINE[../libssl]=$AESDEF
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index a14d97b8e9..3b76084831 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -21,7 +21,6 @@
# include <openssl/buffer.h>
# include <openssl/comp.h>
# include <openssl/bio.h>
-# include <openssl/rsa.h>
# include <openssl/dsa.h>
# include <openssl/err.h>
# include <openssl/ssl.h>
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 17e10eef6a..bfdd5ff43d 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -115,34 +115,6 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
return ret;
}
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-{
- EVP_PKEY *pkey;
- int ret;
-
- if (rsa == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if ((pkey = EVP_PKEY_new()) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
- return 0;
- }
-
- RSA_up_ref(rsa);
- if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
- RSA_free(rsa);
- EVP_PKEY_free(pkey);
- return 0;
- }
-
- ret = ssl_set_pkey(ssl->cert, pkey);
- EVP_PKEY_free(pkey);
- return ret;
-}
-#endif
-
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
size_t i;
@@ -180,64 +152,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
return 1;
}
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-{
- int j, ret = 0;
- BIO *in;
- RSA *rsa = NULL;
-
- in = BIO_new(BIO_s_file());
- if (in == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in, file) <= 0) {
- ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1) {
- j = ERR_R_ASN1_LIB;
- rsa = d2i_RSAPrivateKey_bio(in, NULL);
- } else if (type == SSL_FILETYPE_PEM) {
- j = ERR_R_PEM_LIB;
- rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
- ssl->default_passwd_callback,
- ssl->default_passwd_callback_userdata);
- } else {
- ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL) {
- ERR_raise(ERR_LIB_SSL, j);
- goto end;
- }
- ret = SSL_use_RSAPrivateKey(ssl, rsa);
- RSA_free(rsa);
- end:
- BIO_free(in);
- return ret;
-}
-
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
-{
- int ret;
- const unsigned char *p;
- RSA *rsa;
-
- p = d;
- if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
- return 0;
- }
-
- ret = SSL_use_RSAPrivateKey(ssl, rsa);
- RSA_free(rsa);
- return ret;
-}
-#endif /* !OPENSSL_NO_RSA */
-
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
int ret;
@@ -445,91 +359,6 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
return ret;
}
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-{
- int ret;
- EVP_PKEY *pkey;
-
- if (rsa == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if ((pkey = EVP_PKEY_new()) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
- return 0;
- }
-
- RSA_up_ref(rsa);
- if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
- RSA_free(rsa);
- EVP_PKEY_free(pkey);
- return 0;
- }
-
- ret = ssl_set_pkey(ctx->cert, pkey);
- EVP_PKEY_free(pkey);
- return ret;
-}
-
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
- int j, ret = 0;
- BIO *in;
- RSA *rsa = NULL;
-
- in = BIO_new(BIO_s_file());
- if (in == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in, file) <= 0) {
- ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1) {
- j = ERR_R_ASN1_LIB;
- rsa = d2i_RSAPrivateKey_bio(in, NULL);
- } else if (type == SSL_FILETYPE_PEM) {
- j = ERR_R_PEM_LIB;
- rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
- ctx->default_passwd_callback,
- ctx->default_passwd_callback_userdata);
- } else {
- ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL) {
- ERR_raise(ERR_LIB_SSL, j);
- goto end;
- }
- ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
- RSA_free(rsa);
- end:
- BIO_free(in);
- return ret;
-}
-
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
- long len)
-{
- int ret;
- const unsigned char *p;
- RSA *rsa;
-
- p = d;
- if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
- return 0;
- }
-
- ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
- RSA_free(rsa);
- return ret;
-}
-#endif /* !OPENSSL_NO_RSA */
-
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
if (pkey == NULL) {
diff --git a/ssl/ssl_rsa_legacy.c b/ssl/ssl_rsa_legacy.c
new file mode 100644
index 0000000000..49cd7a3bba
--- /dev/null
+++ b/ssl/ssl_rsa_legacy.c
@@ -0,0 +1,180 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/ssl.h>
+
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
+{
+ EVP_PKEY *pkey;
+ int ret;
+
+ if (rsa == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if ((pkey = EVP_PKEY_new()) == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
+ return 0;
+ }
+
+ RSA_up_ref(rsa);
+ if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+ RSA_free(rsa);
+ EVP_PKEY_free(pkey);
+ return 0;
+ }
+
+ ret = SSL_use_PrivateKey(ssl, pkey);
+ EVP_PKEY_free(pkey);
+ return ret;
+}
+
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
+{
+ int j, ret = 0;
+ BIO *in;
+ RSA *rsa = NULL;
+
+ in = BIO_new(BIO_s_file());
+ if (in == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
+ goto end;
+ }
+ if (type == SSL_FILETYPE_ASN1) {
+ j = ERR_R_ASN1_LIB;
+ rsa = d2i_RSAPrivateKey_bio(in, NULL);
+ } else if (type == SSL_FILETYPE_PEM) {
+ j = ERR_R_PEM_LIB;
+ rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+ SSL_get_default_passwd_cb(ssl),
+ SSL_get_default_passwd_cb_userdata(ssl));
+ } else {
+ ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+ if (rsa == NULL) {
+ ERR_raise(ERR_LIB_SSL, j);
+ goto end;
+ }
+ ret = SSL_use_RSAPrivateKey(ssl, rsa);
+ RSA_free(rsa);
+ end:
+ BIO_free(in);
+ return ret;
+}
+
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
+{
+ int ret;
+ const unsigned char *p;
+ RSA *rsa;
+
+ p = d;
+ if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
+ return 0;
+ }
+
+ ret = SSL_use_RSAPrivateKey(ssl, rsa);
+ RSA_free(rsa);
+ return ret;
+}
+
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
+{
+ int ret;
+ EVP_PKEY *pkey;
+
+ if (rsa == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if ((pkey = EVP_PKEY_new()) == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
+ return 0;
+ }
+
+ RSA_up_ref(rsa);
+ if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+ RSA_free(rsa);
+ EVP_PKEY_free(pkey);
+ return 0;
+ }
+
+ ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+ EVP_PKEY_free(pkey);
+ return ret;
+}
+
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+ int j, ret = 0;
+ BIO *in;
+ RSA *rsa = NULL;
+
+ in = BIO_new(BIO_s_file());
+ if (in == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
+ goto end;
+ }
+ if (type == SSL_FILETYPE_ASN1) {
+ j = ERR_R_ASN1_LIB;
+ rsa = d2i_RSAPrivateKey_bio(in, NULL);
+ } else if (type == SSL_FILETYPE_PEM) {
+ j = ERR_R_PEM_LIB;
+ rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+ SSL_CTX_get_default_passwd_cb(ctx),
+ SSL_CTX_get_default_passwd_cb_userdata(ctx));
+ } else {
+ ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+ if (rsa == NULL) {
+ ERR_raise(ERR_LIB_SSL, j);
+ goto end;
+ }
+ ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+ RSA_free(rsa);
+ end:
+ BIO_free(in);
+ return ret;
+}
+
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+ long len)
+{
+ int ret;
+ const unsigned char *p;
+ RSA *rsa;
+
+ p = d;
+ if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
+ return 0;
+ }
+
+ ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+ RSA_free(rsa);
+ return ret;
+}
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5b7b7cd5f5..277998f954 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -20,6 +20,7 @@
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/dh.h>
+#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/engine.h>
#include <openssl/trace.h>
@@ -2824,7 +2825,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
}
pkey = X509_get0_pubkey(s->session->peer);
- if (EVP_PKEY_get0_RSA(pkey) == NULL) {
+ if (!EVP_PKEY_is_a(pkey, "RSA")) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 2dd3bf1fbc..0773b42e0e 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -18,6 +18,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/trace.h>
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index c478c5a7e8..16bd24d103 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -20,6 +20,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/dh.h>
+#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/md5.h>
#include <openssl/trace.h>
diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index 1bdbda79fa..6fd7b356cd 100644
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -35,6 +35,12 @@
#include <stdlib.h>
#include <string.h>
+
+/*
+ * We test deprecated functions, so we need to suppress deprecation warnings.
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index e0f6af1f06..e2f78f1496 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -18,16 +18,17 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/evp.h>
-#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/kdf.h>
#include <openssl/provider.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
+#include <openssl/param_build.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/aes.h>
+#include <openssl/decoder.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
@@ -410,28 +411,25 @@ static APK_DATA keycheckdata[] = {
#endif
};
-static EVP_PKEY *load_example_rsa_key(void)
+static EVP_PKEY *load_example_key(const char *keytype,
+ const unsigned char *data, size_t data_len)
{
- EVP_PKEY *ret = NULL;
- const unsigned char *derp = kExampleRSAKeyDER;
+ const unsigned char **pdata = &data;
EVP_PKEY *pkey = NULL;
- RSA *rsa = NULL;
-
- if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
- return NULL;
-
- if (!TEST_ptr(pkey = EVP_PKEY_new())
- || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
- goto end;
+ OSSL_DECODER_CTX *dctx =
+ OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0,
+ testctx, NULL);
- ret = pkey;
- pkey = NULL;
-
-end:
- EVP_PKEY_free(pkey);
- RSA_free(rsa);
+ /* |pkey| will be NULL on error */
+ (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
+ OSSL_DECODER_CTX_free(dctx);
+ return pkey;
+}
- return ret;
+static EVP_PKEY *load_example_rsa_key(void)
+{
+ return load_example_key("RSA", kExampleRSAKeyDER,
+ sizeof(kExampleRSAKeyDER));
}
#ifndef OPENSSL_NO_DSA
@@ -1690,8 +1688,10 @@ static int test_DSA_get_set_params(void)
static int test_RSA_get_set_params(void)
{
- RSA *rsa = NULL;
+ OSSL_PARAM_BLD *bld = NULL;
+ OSSL_PARAM *params = NULL;
BIGNUM *n = NULL, *e = NULL, *d = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
int ret = 0;
@@ -1699,30 +1699,33 @@ static int test_RSA_get_set_params(void)
* Setup the parameters for our RSA object. For our purposes they don't
* have to actually be *valid* parameters. We just need to set something.
*/
- rsa = RSA_new();
- n = BN_new();
- e = BN_new();
- d = BN_new();
- if (!TEST_ptr(rsa)
- || !TEST_ptr(n)
- || !TEST_ptr(e)
- || !TEST_ptr(d)
- || !RSA_set0_key(rsa, n, e, d))
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
+ || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
+ || !TEST_ptr(n = BN_new())
+ || !TEST_ptr(e = BN_new())
+ || !TEST_ptr(d = BN_new()))
+ goto err;
+ if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
+ goto err;
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
goto err;
- n = e = d = NULL;
- pkey = EVP_PKEY_new();
- if (!TEST_ptr(pkey)
- || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
+ if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
goto err;
- rsa = NULL;
+ if (!TEST_ptr(pkey))
+ goto err;
ret = test_EVP_PKEY_CTX_get_set_params(pkey);
err:
EVP_PKEY_free(pkey);
- RSA_free(rsa);
+ EVP_PKEY_CTX_free(pctx);
+ OSSL_PARAM_BLD_free_params(params);
+ OSSL_PARAM_BLD_free(bld);
BN_free(n);
BN_free(e);
BN_free(d);
diff --git a/test/keymgmt_internal_test.c b/test/keymgmt_internal_test.c
index 596019d294..77414dbc27 100644
--- a/test/keymgmt_internal_test.c
+++ b/test/keymgmt_internal_test.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <string.h>
#include <openssl/bio.h>
diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c
index 72451b37ca..94369ce701 100644
--- a/test/rsa_sp800_56b_test.c
+++ b/test/rsa_sp800_56b_test.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
@@ -215,6 +221,7 @@ static int test_check_prime_factor(void)
return ret;
}
+/* This test uses legacy functions because they can take invalid numbers */
static int test_check_private_exponent(void)
{
int ret = 0;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index a5baf503e1..4b4c675207 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -41,7 +41,7 @@ EVP_PKEY_meth_set_verify_recover 41 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_
UI_set_method 42 3_0_0 EXIST::FUNCTION:
PKCS7_ISSUER_AND_SERIAL_it 43 3_0_0 EXIST::FUNCTION:
EC_GROUP_method_of 44 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-RSA_blinding_on 45 3_0_0 EXIST::FUNCTION:RSA
+RSA_blinding_on 45 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_get0_signature 47 3_0_0 EXIST::FUNCTION:
X509_REVOKED_get0_extensions 48 3_0_0 EXIST::FUNCTION:
NETSCAPE_SPKI_verify 49 3_0_0 EXIST::FUNCTION:
@@ -62,7 +62,7 @@ BIO_free_all 63 3_0_0 EXIST::FUNCTION:
EVP_idea_ofb 64 3_0_0 EXIST::FUNCTION:IDEA
DSO_bind_func 65 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_copy 66 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-RSA_up_ref 67 3_0_0 EXIST::FUNCTION:RSA
+RSA_up_ref 67 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_PKEY_meth_set_ctrl 68 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OCSP_basic_sign 69 3_0_0 EXIST::FUNCTION:OCSP
BN_GENCB_set 70 3_0_0 EXIST::FUNCTION:
@@ -324,7 +324,7 @@ RAND_load_file 329 3_0_0 EXIST::FUNCTION:
BIO_ctrl_reset_read_request 330 3_0_0 EXIST::FUNCTION:
CRYPTO_ccm128_tag 331 3_0_0 EXIST::FUNCTION:
BIO_new_dgram_sctp 332 3_0_0 EXIST::FUNCTION:DGRAM,SCTP
-d2i_RSAPrivateKey_fp 333 3_0_0 EXIST::FUNCTION:RSA,STDIO
+d2i_RSAPrivateKey_fp 333 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
s2i_ASN1_IA5STRING 334 3_0_0 EXIST::FUNCTION:
UI_get_ex_data 335 3_0_0 EXIST::FUNCTION:
EVP_EncryptUpdate 336 3_0_0 EXIST::FUNCTION:
@@ -461,20 +461,20 @@ DH_new 469 3_0_0 EXIST::FUNCTION:DH
OCSP_RESPID_free 470 3_0_0 EXIST::FUNCTION:OCSP
PKCS5_pbe2_set 471 3_0_0 EXIST::FUNCTION:
SCT_set_signature_nid 473 3_0_0 EXIST::FUNCTION:CT
-i2d_RSA_PUBKEY_fp 474 3_0_0 EXIST::FUNCTION:RSA,STDIO
+i2d_RSA_PUBKEY_fp 474 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
PKCS12_BAGS_it 475 3_0_0 EXIST::FUNCTION:
X509_pubkey_digest 476 3_0_0 EXIST::FUNCTION:
ENGINE_register_all_RSA 477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
CRYPTO_THREAD_set_local 478 3_0_0 EXIST::FUNCTION:
X509_get_default_cert_dir_env 479 3_0_0 EXIST::FUNCTION:
X509_CRL_sort 480 3_0_0 EXIST::FUNCTION:
-i2d_RSA_PUBKEY_bio 481 3_0_0 EXIST::FUNCTION:RSA
+i2d_RSA_PUBKEY_bio 481 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ASN1_T61STRING_free 482 3_0_0 EXIST::FUNCTION:
PEM_write_CMS 483 3_0_0 EXIST::FUNCTION:CMS,STDIO
OPENSSL_sk_find 484 3_0_0 EXIST::FUNCTION:
ENGINE_get_ciphers 485 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
EVP_rc2_ofb 486 3_0_0 EXIST::FUNCTION:RC2
-EVP_PKEY_set1_RSA 487 3_0_0 EXIST::FUNCTION:RSA
+EVP_PKEY_set1_RSA 487 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
CMS_SignerInfo_get0_md_ctx 488 3_0_0 EXIST::FUNCTION:CMS
X509_STORE_set_trust 489 3_0_0 EXIST::FUNCTION:
d2i_POLICYINFO 490 3_0_0 EXIST::FUNCTION:
@@ -523,19 +523,19 @@ OBJ_sigid_free 534 3_0_0 EXIST::FUNCTION:
TS_STATUS_INFO_get0_status 535 3_0_0 EXIST::FUNCTION:TS
EC_KEY_get_flags 536 3_0_0 EXIST::FUNCTION:EC
ASN1_TYPE_cmp 537 3_0_0 EXIST::FUNCTION:
-i2d_RSAPublicKey 538 3_0_0 EXIST::FUNCTION:RSA
+i2d_RSAPublicKey 538 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EC_GROUP_get_trinomial_basis 539 3_0_0 EXIST::FUNCTION:EC,EC2M
BIO_ADDRINFO_protocol 540 3_0_0 EXIST::FUNCTION:SOCK
i2d_PBKDF2PARAM 541 3_0_0 EXIST::FUNCTION:
ENGINE_unregister_RAND 542 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-PEM_write_bio_RSAPrivateKey 543 3_0_0 EXIST::FUNCTION:RSA
+PEM_write_bio_RSAPrivateKey 543 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
CONF_get_number 544 3_0_0 EXIST::FUNCTION:
X509_EXTENSION_get_object 545 3_0_0 EXIST::FUNCTION:
X509_EXTENSIONS_it 546 3_0_0 EXIST::FUNCTION:
EC_POINT_set_compressed_coordinates_GF2m 547 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M
RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
d2i_X509_CRL_fp 549 3_0_0 EXIST::FUNCTION:STDIO
-i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:RSA
+i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_aes_128_ccm 551 3_0_0 EXIST::FUNCTION:
ECParameters_print 552 3_0_0 EXIST::FUNCTION:EC
OCSP_SINGLERESP_get1_ext_d2i 553 3_0_0 EXIST::FUNCTION:OCSP
@@ -544,7 +544,7 @@ EVP_ripemd160 555 3_0_0 EXIST::FUNCTION:RMD160
EVP_MD_meth_set_final 556 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ENGINE_get_cmd_defns 557 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
d2i_PKEY_USAGE_PERIOD 558 3_0_0 EXIST::FUNCTION:
-RSAPublicKey_dup 559 3_0_0 EXIST::FUNCTION:RSA
+RSAPublicKey_dup 559 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RAND_write_file 560 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod 561 3_0_0 EXIST::FUNCTION:EC2M
EC_GROUP_get_pentanomial_basis 562 3_0_0 EXIST::FUNCTION:EC,EC2M
@@ -583,7 +583,7 @@ RAND_query_egd_bytes 596 3_0_0 EXIST::FUNCTION:EGD
i2d_ASN1_PRINTABLE 597 3_0_0 EXIST::FUNCTION:
ENGINE_cmd_is_executable 598 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
BIO_puts 599 3_0_0 EXIST::FUNCTION:
-RSAPublicKey_it 601 3_0_0 EXIST::FUNCTION:RSA
+RSAPublicKey_it 601 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ISSUING_DIST_POINT_new 602 3_0_0 EXIST::FUNCTION:
X509_VAL_it 603 3_0_0 EXIST::FUNCTION:
EVP_DigestVerifyInit 604 3_0_0 EXIST::FUNCTION:
@@ -795,10 +795,10 @@ X509_cmp 814 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_EC_KEY 815 3_0_0 EXIST::FUNCTION:EC
ECPKParameters_print_fp 816 3_0_0 EXIST::FUNCTION:EC,STDIO
GENERAL_SUBTREE_free 817 3_0_0 EXIST::FUNCTION:
-RSA_blinding_off 818 3_0_0 EXIST::FUNCTION:RSA
+RSA_blinding_off 818 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
i2d_OCSP_REVOKEDINFO 819 3_0_0 EXIST::FUNCTION:OCSP
X509V3_add_standard_extensions 820 3_0_0 EXIST::FUNCTION:
-PEM_write_bio_RSA_PUBKEY 821 3_0_0 EXIST::FUNCTION:RSA
+PEM_write_bio_RSA_PUBKEY 821 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
i2d_ASN1_UTF8STRING 822 3_0_0 EXIST::FUNCTION:
TS_REQ_delete_ext 823 3_0_0 EXIST::FUNCTION:TS
PKCS7_DIGEST_free 824 3_0_0 EXIST::FUNCTION:
@@ -825,7 +825,7 @@ X509_REQ_get_attr_by_NID 844 3_0_0 EXIST::FUNCTION:
PBE2PARAM_new 845 3_0_0 EXIST::FUNCTION:
DES_ecb_encrypt 846 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
EVP_camellia_256_ecb 847 3_0_0 EXIST::FUNCTION:CAMELLIA
-PEM_read_RSA_PUBKEY 848 3_0_0 EXIST::FUNCTION:RSA,STDIO
+PEM_read_RSA_PUBKEY 848 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
d2i_NETSCAPE_SPKAC 849 3_0_0 EXIST::FUNCTION:
ASN1_TIME_check 851 3_0_0 EXIST::FUNCTION:
PKCS7_DIGEST_new 852 3_0_0 EXIST::FUNCTION:
@@ -938,7 +938,7 @@ EVP_PKEY_meth_set_keygen 961 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
RSA_PSS_PARAMS_new 962 3_0_0 EXIST::FUNCTION:RSA
RSA_sign 963 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_DigestVerifyFinal 964 3_0_0 EXIST::FUNCTION:
-d2i_RSA_PUBKEY_bio 965 3_0_0 EXIST::FUNCTION:RSA
+d2i_RSA_PUBKEY_bio 965 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
TS_RESP_dup 966 3_0_0 EXIST::FUNCTION:TS
ERR_set_error_data 967 3_0_0 EXIST::FUNCTION:
BN_RECP_CTX_new 968 3_0_0 EXIST::FUNCTION:
@@ -977,7 +977,7 @@ PKCS12_decrypt_skey 1001 3_0_0 EXIST::FUNCTION:
ENGINE_register_EC 1002 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
OCSP_RESPONSE_new 1003 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_cbc128_encrypt 1004 3_0_0 EXIST::FUNCTION:
-i2d_RSAPublicKey_bio 1005 3_0_0 EXIST::FUNCTION:RSA
+i2d_RSAPublicKey_bio 1005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_chain_check_suiteb 1006 3_0_0 EXIST::FUNCTION:
i2d_OCSP_REQUEST 1007 3_0_0 EXIST::FUNCTION:OCSP
BN_X931_generate_Xpq 1008 3_0_0 EXIST::FUNCTION:
@@ -1050,7 +1050,7 @@ DES_is_weak_key 1076 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EVP_PKEY_verify 1077 3_0_0 EXIST::FUNCTION:
ERR_load_BIO_strings 1078 3_0_0 EXIST::FUNCTION:
BIO_nread 1079 3_0_0 EXIST::FUNCTION:
-PEM_read_bio_RSAPrivateKey 1080 3_0_0 EXIST::FUNCTION:RSA
+PEM_read_bio_RSAPrivateKey 1080 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
OBJ_nid2obj 1081 3_0_0 EXIST::FUNCTION:
CRYPTO_ofb128_encrypt 1082 3_0_0 EXIST::FUNCTION:
ENGINE_set_init_function 1083 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -1109,7 +1109,7 @@ ENGINE_get_digest 1135 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EC_GROUP_have_precompute_mult 1136 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OPENSSL_gmtime 1137 3_0_0 EXIST::FUNCTION:
X509_set_issuer_name 1138 3_0_0 EXIST::FUNCTION:
-RSA_new 1139 3_0_0 EXIST::FUNCTION:RSA
+RSA_new 1139 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ASN1_STRING_set_by_NID 1140 3_0_0 EXIST::FUNCTION:
PEM_write_bio_PKCS7 1141 3_0_0 EXIST::FUNCTION:
MDC2_Final 1142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
@@ -1127,7 +1127,7 @@ DES_check_key_parity 1153 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EVP_aes_256_ocb 1154 3_0_0 EXIST::FUNCTION:OCB
X509_VAL_free 1155 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get1_certs 1156 3_0_0 EXIST::FUNCTION:
-PEM_write_RSA_PUBKEY 1157 3_0_0 EXIST::FUNCTION:RSA,STDIO
+PEM_write_RSA_PUBKEY 1157 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
PKCS12_SAFEBAG_get0_p8inf 1158 3_0_0 EXIST::FUNCTION:
X509_CRL_set_issuer_name 1159 3_0_0 EXIST::FUNCTION:
CMS_EncryptedData_encrypt 1160 3_0_0 EXIST::FUNCTION:CMS
@@ -1257,7 +1257,7 @@ UI_add_error_string 1285 3_0_0 EXIST::FUNCTION:
X509_TRUST_cleanup 1286 3_0_0 EXIST::FUNCTION:
PEM_read_X509 1287 3_0_0 EXIST::FUNCTION:STDIO
EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:EC
-i2d_RSAPublicKey_fp 1289 3_0_0 EXIST::FUNCTION:RSA,STDIO
+i2d_RSAPublicKey_fp 1289 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
CRYPTO_ctr128_encrypt_ctr32 1290 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_move_peername 1291 3_0_0 EXIST::FUNCTION:
OCSP_SINGLERESP_it 1292 3_0_0 EXIST::FUNCTION:OCSP
@@ -1387,7 +1387,7 @@ ASN1_BIT_STRING_set_asc 1419 3_0_0 EXIST::FUNCTION:
d2i_GENERAL_NAME 1420 3_0_0 EXIST::FUNCTION:
i2d_ESS_CERT_ID 1421 3_0_0 EXIST::FUNCTION:
X509_TRUST_get_by_id 1422 3_0_0 EXIST::FUNCTION:
-d2i_RSA_PUBKEY_fp 1423 3_0_0 EXIST::FUNCTION:RSA,STDIO
+d2i_RSA_PUBKEY_fp 1423 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
EVP_PBE_get 1424 3_0_0 EXIST::FUNCTION:
CRYPTO_nistcts128_encrypt 1425 3_0_0 EXIST::FUNCTION:
CONF_modules_finish 1426 3_0_0 EXIST::FUNCTION:
@@ -1829,7 +1829,7 @@ EVP_aes_128_cbc 1871 3_0_0 EXIST::FUNCTION:
CRYPTO_dup_ex_data 1872 3_0_0 EXIST::FUNCTION:
OCSP_single_get0_status 1873 3_0_0 EXIST::FUNCTION:OCSP
d2i_AUTHORITY_INFO_ACCESS 1874 3_0_0 EXIST::FUNCTION:
-PEM_read_RSAPrivateKey 1875 3_0_0 EXIST::FUNCTION:RSA,STDIO
+PEM_read_RSAPrivateKey 1875 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
BIO_closesocket 1876 3_0_0 EXIST::FUNCTION:SOCK
RSA_verify_ASN1_OCTET_STRING 1877 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
SCT_set_log_entry_type 1878 3_0_0 EXIST::FUNCTION:CT
@@ -1885,10 +1885,10 @@ X509_LOOKUP_by_subject 1930 3_0_0 EXIST::FUNCTION:
X509_REQ_add_extensions 1931 3_0_0 EXIST::FUNCTION:
Camellia_cbc_encrypt 1932 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
EC_KEY_METHOD_new 1933 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-RSA_flags 1934 3_0_0 EXIST::FUNCTION:RSA
+RSA_flags 1934 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_NAME_add_entry 1935 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_get_asn1_iv 1936 3_0_0 EXIST::FUNCTION:
-i2d_RSAPrivateKey_bio 1937 3_0_0 EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_bio 1937 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
PKCS5_PBE_keyivgen 1938 3_0_0 EXIST::FUNCTION:
i2d_OCSP_SERVICELOC 1939 3_0_0 EXIST::FUNCTION:OCSP
EC_POINT_copy 1940 3_0_0 EXIST::FUNCTION:EC
@@ -2000,7 +2000,7 @@ EVP_DecryptFinal 2046 3_0_0 EXIST::FUNCTION:
ASN1_ENUMERATED_it 2047 3_0_0 EXIST::FUNCTION:
o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:EC
ERR_load_BUF_strings 2049 3_0_0 EXIST::FUNCTION:
-PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:RSA
+PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
OCSP_SINGLERESP_new 2051 3_0_0 EXIST::FUNCTION:OCSP
ASN1_SCTX_free 2052 3_0_0 EXIST::FUNCTION:
i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:EC,STDIO
@@ -2034,7 +2034,7 @@ BN_mul 2080 3_0_0 EXIST::FUNCTION:
BN_get0_nist_prime_384 2081 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1_ip_asc 2082 3_0_0 EXIST::FUNCTION:
CONF_modules_load 2083 3_0_0 EXIST::FUNCTION:
-d2i_RSAPublicKey 2084 3_0_0 EXIST::FUNCTION:RSA
+d2i_RSAPublicKey 2084 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
i2d_ASN1_GENERALSTRING 2085 3_0_0 EXIST::FUNCTION:
POLICYQUALINFO_new 2086 3_0_0 EXIST::FUNCTION:
PKCS7_RECIP_INFO_get0_alg 2087 3_0_0 EXIST::FUNCTION:
@@ -2120,7 +2120,7 @@ EC_POINT_method_of 2165 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
PKCS7_ENCRYPT_it 2166 3_0_0 EXIST::FUNCTION:
AUTHORITY_INFO_ACCESS_it 2167 3_0_0 EXIST::FUNCTION:
X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION:
-i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION:
CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:
@@ -2239,7 +2239,7 @@ SCT_set1_extensions 2286 3_0_0 EXIST::FUNCTION:CT
PKCS12_SAFEBAG_new 2287 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_set_nonce 2288 3_0_0 EXIST::FUNCTION:TS
PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:EC,STDIO
-RSA_free 2290 3_0_0 EXIST::FUNCTION:RSA
+RSA_free 2290 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_CRL_INFO_new 2291 3_0_0 EXIST::FUNCTION:
AES_cfb8_encrypt 2292 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
d2i_ASN1_SEQUENCE_ANY 2293 3_0_0 EXIST::FUNCTION:
@@ -2267,7 +2267,7 @@ EC_POINT_new 2314 3_0_0 EXIST::FUNCTION:EC
PKCS7_ISSUER_AND_SERIAL_digest 2315 3_0_0 EXIST::FUNCTION:
EVP_des_ofb 2316 3_0_0 EXIST::FUNCTION:DES
DSA_set_method 2317 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
-EVP_PKEY_get1_RSA 2318 3_0_0 EXIST::FUNCTION:RSA
+EVP_PKEY_get1_RSA 2318 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:EC
EVP_camellia_192_ofb 2320 3_0_0 EXIST::FUNCTION:CAMELLIA
ASN1_STRING_length 2321 3_0_0 EXIST::FUNCTION:
@@ -2363,7 +2363,7 @@ EVP_MD_CTX_md_data 2412 3_0_0 EXIST::FUNCTION:
ASN1_PCTX_set_nm_flags 2413 3_0_0 EXIST::FUNCTION:
BIO_ctrl 2414 3_0_0 EXIST::FUNCTION:
X509_CRL_set_default_method 2415 3_0_0 EXIST::FUNCTION:
-d2i_RSAPublicKey_fp 2417 3_0_0 EXIST::FUNCTION:RSA,STDIO
+d2i_RSAPublicKey_fp 2417 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
UI_method_get_flusher 2418 3_0_0 EXIST::FUNCTION:
EC_POINT_dbl 2419 3_0_0 EXIST::FUNCTION:EC
i2d_X509_CRL_INFO 2420 3_0_0 EXIST::FUNCTION:
@@ -2586,7 +2586,7 @@ d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION:
ERR_load_COMP_strings 2641 3_0_0 EXIST::FUNCTION:COMP
EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_rc4_40 2643 3_0_0 EXIST::FUNCTION:RC4
-RSA_bits 2645 3_0_0 EXIST::FUNCTION:RSA
+RSA_bits 2645 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION:
GENERAL_NAMES_it 2647 3_0_0 EXIST::FUNCTION:
X509_issuer_name_hash 2648 3_0_0 EXIST::FUNCTION:
@@ -2680,7 +2680,7 @@ CRYPTO_THREAD_lock_new 2736 3_0_0 EXIST::FUNCTION:
BIO_get_ex_data 2737 3_0_0 EXIST::FUNCTION:
CMS_digest_create 2738 3_0_0 EXIST::FUNCTION:CMS
EC_KEY_METHOD_set_verify 2739 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-PEM_read_RSAPublicKey 2740 3_0_0 EXIST::FUNCTION:RSA,STDIO
+PEM_read_RSAPublicKey 2740 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
ENGINE_pkey_asn1_find_str 2741 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
ENGINE_get_load_privkey_function 2742 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
d2i_IPAddressRange 2743 3_0_0 EXIST::FUNCTION:RFC3779
@@ -2716,7 +2716,7 @@ ENGINE_unregister_DSA 2773 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
ASN1_bn_print 2774 3_0_0 EXIST::FUNCTION:
CMS_is_detached 2775 3_0_0 EXIST::FUNCTION:CMS
X509_REQ_INFO_it 2776 3_0_0 EXIST::FUNCTION:
-RSAPrivateKey_it 2777 3_0_0 EXIST::FUNCTION:RSA
+RSAPrivateKey_it 2777 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_NAME_ENTRY_free 2778 3_0_0 EXIST::FUNCTION:
BIO_new_fd 2779 3_0_0 EXIST::FUNCTION:
OPENSSL_sk_value 2781 3_0_0 EXIST::FUNCTION:
@@ -2837,7 +2837,7 @@ ASIdentifiers_it 2898 3_0_0 EXIST::FUNCTION:RFC3779
BN_mod_lshift 2899 3_0_0 EXIST::FUNCTION:
ENGINE_get_last 2900 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
EVP_PKEY_encrypt_init 2901 3_0_0 EXIST::FUNCTION:
-i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO
+i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
X509_REQ_print 2903 3_0_0 EXIST::FUNCTION:
RSA_size 2904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -2938,14 +2938,14 @@ COMP_CTX_get_type 3000 3_0_0 EXIST::FUNCTION:COMP
TS_RESP_CTX_set_status_info 3001 3_0_0 EXIST::FUNCTION:TS
BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION:
SEED_ofb128_encrypt 3003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
-d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
EVP_PKEY_meth_set_signctx 3006 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_CRL_get_version 3007 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get0_info 3008 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-PEM_read_bio_RSAPublicKey 3009 3_0_0 EXIST::FUNCTION:RSA
+PEM_read_bio_RSAPublicKey 3009 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_PKEY_asn1_set_private 3010 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_get0_RSA 3011 3_0_0 EXIST::FUNCTION:RSA
+EVP_PKEY_get0_RSA 3011 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
DES_ede3_cfb64_encrypt 3012 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
POLICY_MAPPING_free 3014 3_0_0 EXIST::FUNCTION:
EVP_aes_128_gcm 3015 3_0_0 EXIST::FUNCTION:
@@ -2959,7 +2959,7 @@ BN_rand 3023 3_0_0 EXIST::FUNCTION:
ASN1_TYPE_unpack_sequence 3024 3_0_0 EXIST::FUNCTION:
X509_CRL_sign_ctx 3025 3_0_0 EXIST::FUNCTION:
X509_STORE_add_crl 3026 3_0_0 EXIST::FUNCTION:
-PEM_write_RSAPrivateKey 3027 3_0_0 EXIST::FUNCTION:RSA,STDIO
+PEM_write_RSAPrivateKey 3027 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
RC4_set_key 3028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4
EVP_CIPHER_CTX_cipher 3029 3_0_0 EXIST::FUNCTION:
PEM_write_bio_PKCS8PrivateKey_nid 3030 3_0_0 EXIST::FUNCTION:
@@ -3000,7 +3000,7 @@ ASN1_PCTX_set_str_flags 3064 3_0_0 EXIST::FUNCTION:
i2a_ASN1_INTEGER 3065 3_0_0 EXIST::FUNCTION:
d2i_TS_RESP 3066 3_0_0 EXIST::FUNCTION:TS
EVP_des_ede_cfb64 3067 3_0_0 EXIST::FUNCTION:DES
-d2i_RSAPrivateKey 3068 3_0_0 EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey 3068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ERR_load_BN_strings 3069 3_0_0 EXIST::FUNCTION:
BF_encrypt 3070 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
MD5 3071 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5
@@ -3008,7 +3008,7 @@ BN_GF2m_arr2poly 3072 3_0_0 EXIST::FUNCTION:EC2M
EVP_PKEY_meth_get_ctrl 3073 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
i2d_X509_REQ_bio 3074 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1_name 3075 3_0_0 EXIST::FUNCTION:
-d2i_RSAPublicKey_bio 3076 3_0_0 EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_bio 3076 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_REQ_get_X509_PUBKEY 3077 3_0_0 EXIST::FUNCTION:
ENGINE_load_private_key 3078 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
GENERAL_NAMES_new 3079 3_0_0 EXIST::FUNCTION:
@@ -3119,7 +3119,7 @@ CTLOG_get0_public_key 3184 3_0_0 EXIST::FUNCTION:CT
OCSP_REQUEST_get_ext_by_OBJ 3185 3_0_0 EXIST::FUNCTION:OCSP
X509_NAME_oneline 3186 3_0_0 EXIST::FUNCTION:
X509V3_set_nconf 3187 3_0_0 EXIST::FUNCTION:
-RSAPrivateKey_dup 3188 3_0_0 EXIST::FUNCTION:RSA
+RSAPrivateKey_dup 3188 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
BN_mod_add 3189 3_0_0 EXIST::FUNCTION:
EC_POINT_set_affine_coordinates_GFp 3190 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_get_default_cert_file 3191 3_0_0 EXIST::FUNCTION:
@@ -3200,7 +3200,7 @@ d2i_ASN1_OCTET_STRING 3265 3_0_0 EXIST::FUNCTION:
ENGINE_set_load_pubkey_function 3266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
BIO_vprintf 3267 3_0_0 EXIST::FUNCTION:
CMS_RecipientInfo_decrypt 3268 3_0_0 EXIST::FUNCTION:CMS
-RSA_generate_key 3269 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,RSA
+RSA_generate_key 3269 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
PKCS7_set0_type_other 3270 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_new 3271 3_0_0 EXIST::FUNCTION:OCSP
BIO_lookup 3272 3_0_0 EXIST::FUNCTION:SOCK
@@ -3508,7 +3508,7 @@ ASN1_TIME_to_generalizedtime 3583 3_0_0 EXIST::FUNCTION:
X509_CRL_get_ext_by_critical 3584 3_0_0 EXIST::FUNCTION:
ASN1_STRING_type 3585 3_0_0 EXIST::FUNCTION:
X509_REQ_add1_attr_by_txt 3586 3_0_0 EXIST::FUNCTION:
-PEM_write_RSAPublicKey 3587 3_0_0 EXIST::FUNCTION:RSA,STDIO
+PEM_write_RSAPublicKey 3587 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO
EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION:
@@ -3613,7 +3613,7 @@ OTHERNAME_free 3692 3_0_0 EXIST::FUNCTION:
OCSP_REVOKEDINFO_free 3693 3_0_0 EXIST::FUNCTION:OCSP
EVP_CIPHER_CTX_encrypting 3694 3_0_0 EXIST::FUNCTION:
EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:EC
-PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:RSA
+PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION:
OCSP_sendreq_nbio 3698 3_0_0 EXIST::FUNCTION:OCSP
PKCS8_encrypt 3699 3_0_0 EXIST::FUNCTION:
@@ -3730,7 +3730,7 @@ PKEY_USAGE_PERIOD_it 3810 3_0_0 EXIST::FUNCTION:
BN_mul_word 3811 3_0_0 EXIST::FUNCTION:
i2d_IPAddressRange 3813 3_0_0 EXIST::FUNCTION:RFC3779
CMS_unsigned_add1_attr_by_txt 3814 3_0_0 EXIST::FUNCTION:CMS
-d2i_RSA_PUBKEY 3815 3_0_0 EXIST::FUNCTION:RSA
+d2i_RSA_PUBKEY 3815 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
PKCS12_gen_mac 3816 3_0_0 EXIST::FUNCTION:
ERR_load_ENGINE_strings 3817 3_0_0 EXIST::FUNCTION:ENGINE
ERR_load_CT_strings 3818 3_0_0 EXIST::FUNCTION:CT
@@ -3907,30 +3907,30 @@ DSA_get0_engine 3990 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
X509_VERIFY_PARAM_set_auth_level 3991 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_get_auth_level 3992 3_0_0 EXIST::FUNCTION:
X509_REQ_get0_pubkey 3993 3_0_0 EXIST::FUNCTION:
-RSA_set0_key 3994 3_0_0 EXIST::FUNCTION:RSA
+RSA_set0_key 3994 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_flags 3995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_finish 3996 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_priv_dec 3997 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_sign 3998 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_bn_mod_exp 3999 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-RSA_test_flags 4000 3_0_0 EXIST::FUNCTION:RSA
+RSA_test_flags 4000 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_new 4001 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get0_app_data 4002 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_dup 4003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set1_name 4004 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set0_app_data 4005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-RSA_set_flags 4006 3_0_0 EXIST::FUNCTION:RSA
+RSA_set_flags 4006 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_sign 4007 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-RSA_clear_flags 4008 3_0_0 EXIST::FUNCTION:RSA
+RSA_clear_flags 4008 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_keygen 4009 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_keygen 4010 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_pub_dec 4011 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_finish 4012 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-RSA_get0_key 4013 3_0_0 EXIST::FUNCTION:RSA
+RSA_get0_key 4013 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_get0_engine 4014 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_priv_enc 4015 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_verify 4016 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-RSA_get0_factors 4017 3_0_0 EXIST::FUNCTION:RSA
+RSA_get0_factors 4017 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get0_name 4018 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_mod_exp 4019 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_flags 4020 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
@@ -3940,14 +3940,14 @@ RSA_meth_get_init 4023 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
RSA_meth_free 4024 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_pub_enc 4025 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_mod_exp 4026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-RSA_set0_factors 4027 3_0_0 EXIST::FUNCTION:RSA
+RSA_set0_factors 4027 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_pub_enc 4028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_priv_dec 4029 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_verify 4030 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_init 4031 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_priv_enc 4032 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-RSA_set0_crt_params 4037 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:RSA
+RSA_set0_crt_params 4037 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
DH_set0_pqg 4039 3_0_0 EXIST::FUNCTION:DH
DH_clear_flags 4041 3_0_0 EXIST::FUNCTION:DH
DH_get0_key 4042 3_0_0 EXIST::FUNCTION:DH
@@ -4248,7 +4248,7 @@ EVP_sm4_ofb 4356 3_0_0 EXIST::FUNCTION:SM4
EVP_sm4_ecb 4357 3_0_0 EXIST::FUNCTION:SM4
EVP_sm4_cfb128 4358 3_0_0 EXIST::FUNCTION:SM4
EVP_sm3 4359 3_0_0 EXIST::FUNCTION:SM3
-RSA_get0_multi_prime_factors 4360 3_0_0 EXIST::FUNCTION:RSA
+RSA_get0_multi_prime_factors 4360 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_PKEY_public_check 4361 3_0_0 EXIST::FUNCTION:
EVP_PKEY_param_check 4362 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_public_check 4363 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -4261,10 +4261,10 @@ DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
DH_check_pub_key_ex 4370 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_check_params_ex 4371 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
RSA_generate_multi_prime_key 4372 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-RSA_get_multi_prime_extra_count 4373 3_0_0 EXIST::FUNCTION:RSA
+RSA_get_multi_prime_extra_count 4373 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
OCSP_resp_get0_signer 4374 3_0_0 EXIST::FUNCTION:OCSP
-RSA_get0_multi_prime_crt_params 4375 3_0_0 EXIST::FUNCTION:RSA
-RSA_set0_multi_prime_params 4376 3_0_0 EXIST::FUNCTION:RSA
+RSA_get0_multi_prime_crt_params 4375 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_set0_multi_prime_params 4376 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_get_version 4377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_get_multi_prime_keygen 4378 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_meth_set_multi_prime_keygen 4379 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
@@ -4355,14 +4355,14 @@ DSA_get0_pub_key 4479 3_0_0 EXIST::FUNCTION:DSA
DSA_get0_q 4480 3_0_0 EXIST::FUNCTION:DSA
DSA_get0_p 4481 3_0_0 EXIST::FUNCTION:DSA
DSA_get0_g 4482 3_0_0 EXIST::FUNCTION:DSA
-RSA_get0_dmp1 4483 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_d 4484 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_n 4485 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_dmq1 4486 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_e 4487 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_q 4488 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_p 4489 3_0_0 EXIST::FUNCTION:RSA
-RSA_get0_iqmp 4490 3_0_0 EXIST::FUNCTION:RSA
+RSA_get0_dmp1 4483 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_get0_d 4484 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_get0_n 4485 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_get0_dmq1 4486 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_get0_e 4487 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_get0_q 4488 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_get0_p 4489 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
+RSA_get0_iqmp 4490 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
ECDSA_SIG_get0_r 4491 3_0_0 EXIST::FUNCTION:EC
ECDSA_SIG_get0_s 4492 3_0_0 EXIST::FUNCTION:EC
X509_LOOKUP_meth_get_get_by_fingerprint 4493 3_0_0 EXIST::FUNCTION:
diff --git a/util/libssl.num b/util/libssl.num
index 75e45bb17f..a505e5300b 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -18,14 +18,14 @@ SSL_CTX_sess_get_get_cb 18 3_0_0 EXIST::FUNCTION:
SSL_CTX_get_default_passwd_cb_userdata 19 3_0_0 EXIST::FUNCTION:
SSL_set_tmp_dh_callback 20 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
SSL_CTX_get_verify_depth 21 3_0_0 EXIST::FUNCTION:
-SSL_CTX_use_RSAPrivateKey_file 22 3_0_0 EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_file 22 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
SSL_use_PrivateKey_file 23 3_0_0 EXIST::FUNCTION:
SSL_set_generate_session_id 24 3_0_0 EXIST::FUNCTION:
SSL_get_ex_data_X509_STORE_CTX_idx 25 3_0_0 EXIST::FUNCTION:
SSL_get_quiet_shutdown 26 3_0_0 EXIST::FUNCTION:
SSL_dane_enable 27 3_0_0 EXIST::FUNCTION:
SSL_COMP_add_compression_method 28 3_0_0 EXIST::FUNCTION:
-SSL_CTX_use_RSAPrivateKey 29 3_0_0 EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey 29 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
SSL_CTX_sess_get_new_cb 30 3_0_0 EXIST::FUNCTION:
d2i_SSL_SESSION 31 3_0_0 EXIST::FUNCTION:
SSL_use_PrivateKey_ASN1 32 3_0_0 EXIST::FUNCTION:
@@ -65,7 +65,7 @@ SSL_set_security_level 65 3_0_0 EXIST::FUNCTION:
DTLSv1_2_method 66 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
SSL_get_fd 67 3_0_0 EXIST::FUNCTION:
SSL_get1_session 68 3_0_0 EXIST::FUNCTION:
-SSL_use_RSAPrivateKey 69 3_0_0 EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey 69 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
SSL_CTX_set_srp_cb_arg 70 3_0_0 EXIST::FUNCTION:SRP
SSL_CTX_add_session 71 3_0_0 EXIST::FUNCTION:
SSL_get_srp_N 72 3_0_0 EXIST::FUNCTION:SRP
@@ -168,7 +168,7 @@ TLSv1_1_server_method 168 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1
PEM_write_bio_SSL_SESSION 169 3_0_0 EXIST::FUNCTION:
SSL_write 170 3_0_0 EXIST::FUNCTION:
SSL_set1_host 171 3_0_0 EXIST::FUNCTION:
-SSL_use_RSAPrivateKey_file 172 3_0_0 EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_file 172 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
SSL_CTX_get_info_callback 173 3_0_0 EXIST::FUNCTION:
SSL_get0_peername 174 3_0_0 EXIST::FUNCTION:
SSL_set_srp_server_param 175 3_0_0 EXIST::FUNCTION:SRP
@@ -193,7 +193,7 @@ SSL_CTX_dane_mtype_set 193 3_0_0 EXIST::FUNCTION:
SSL_get_wfd 194 3_0_0 EXIST::FUNCTION:
SSL_get_ssl_method 195 3_0_0 EXIST::FUNCTION:
SSL_set_verify_result 196 3_0_0 EXIST::FUNCTION:
-SSL_use_RSAPrivateKey_ASN1 197 3_0_0 EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_ASN1 197 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
SSL_CIPHER_get_name 198 3_0_0 EXIST::FUNCTION:
OPENSSL_init_ssl 199 3_0_0 EXIST::FUNCTION:
SSL_dup 200 3_0_0 EXIST::FUNCTION:
@@ -320,7 +320,7 @@ SSL_clear_options 320 3_0_0 EXIST::FUNCTION:
SSL_CTX_use_PrivateKey 321 3_0_0 EXIST::FUNCTION:
SSL_get_info_callback 322 3_0_0 EXIST::FUNCTION:
SSL_CTX_use_psk_identity_hint 323 3_0_0 EXIST::FUNCTION:PSK
-SSL_CTX_use_RSAPrivateKey_ASN1 324 3_0_0 EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_ASN1 324 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
SSL_CTX_use_PrivateKey_ASN1 325 3_0_0 EXIST::FUNCTION:
SSL_CTX_get0_privatekey 326 3_0_0 EXIST::FUNCTION:
BIO_f_ssl 327 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list