[openssl] master update
Matt Caswell
matt at openssl.org
Fri Nov 27 11:20:21 UTC 2020
The branch master has been updated
via 90c046be9c61c012f8760d429f6254ef3c796a0a (commit)
via 59d7ad074ad2b136f5097f198e67596ce57cdf0d (commit)
via c9f71df31b2daa5e5e58a4980a70836be104e4f5 (commit)
via 25e49af92a70b98e59d2f2ce834829477d465612 (commit)
via d4c2f498a34208f2468d9532455c2de76030c987 (commit)
via bb64795f962e756b9ac5f033bd512b609c3b1468 (commit)
via 4d8e8a2d3781b6ca7c453492ee8e06885c812e73 (commit)
via 5a2674163d99c755ea0eb09501b9eee99e145188 (commit)
via 0a68a445ae1a4f87414c08e699895b1a992b8533 (commit)
via 752419d8f7154995c355a38801d89230a80fa8a3 (commit)
from abcca5078fc2b5059462bf6a9c659f235c11d5d8 (commit)
- Log -----------------------------------------------------------------
commit 90c046be9c61c012f8760d429f6254ef3c796a0a
Author: Matt Caswell <matt at openssl.org>
Date: Wed Nov 25 10:37:22 2020 +0000
Remove d2i_DHparams.pod and move documentation to d2i_RSAPrivateKey.pod
d2i_RSAPrivateKey.pod is the more generic page for these deprecated
functions and provides advice and guidance on how to translate the old
style functions into new ones.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit 59d7ad074ad2b136f5097f198e67596ce57cdf0d
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 21 15:24:13 2020 +0100
Updates the CHANGES.md entry regarding DH deprecation
Extend the existing CHANGES.md entry with information about the
additional functions that have also been deprecated.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit c9f71df31b2daa5e5e58a4980a70836be104e4f5
Author: Matt Caswell <matt at openssl.org>
Date: Tue Oct 20 17:28:57 2020 +0100
Convert DH deprecations to the new way of deprecating functions
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit 25e49af92a70b98e59d2f2ce834829477d465612
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 16 09:36:19 2020 +0100
Deprecate more DH functions
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit d4c2f498a34208f2468d9532455c2de76030c987
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 14 17:34:04 2020 +0100
Don't test a deprecated function in a no-deprecated build
EVP_PKEY_set1_DH is deprecated so there is no need to test it in a
no-deprecated build.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit bb64795f962e756b9ac5f033bd512b609c3b1468
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 14 17:31:59 2020 +0100
Remove fuzzing of deprecated functions in a no-deprecated build
d2i_DHparams and i2d_DHparam as well as the equivalent DHX functions are
deprecated.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit 4d8e8a2d3781b6ca7c453492ee8e06885c812e73
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 14 17:12:38 2020 +0100
Deprecate the DHparams and DHxparams PEM routines
The functions return a DH object and therefore need to be deprecated.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit 5a2674163d99c755ea0eb09501b9eee99e145188
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 14 14:19:38 2020 +0100
Deprecate EVP_PKEY_assign_DH and other similar macros
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit 0a68a445ae1a4f87414c08e699895b1a992b8533
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 14 13:50:21 2020 +0100
Deprecate functions for getting and setting DH values in an EVP_PKEY
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
commit 752419d8f7154995c355a38801d89230a80fa8a3
Author: Matt Caswell <matt at openssl.org>
Date: Tue Oct 13 17:13:01 2020 +0100
Deprecate DH_new as well as i2d_DHparams and d2i_DHparams
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 19 +-
apps/lib/s_cb.c | 21 ---
crypto/dh/dh_backend.c | 6 +
crypto/dh/dh_lib.c | 3 +-
crypto/evp/p_lib.c | 2 +-
doc/man3/d2i_DHparams.pod | 42 -----
doc/man3/d2i_RSAPrivateKey.pod | 10 +-
fuzz/asn1.c | 2 +-
include/openssl/dh.h | 244 +++++++++++++-------------
include/openssl/evp.h | 12 +-
include/openssl/pem.h | 6 +-
test/build.info | 10 +-
test/endecoder_legacy_test.c | 2 -
test/evp_extra_test.c | 4 +-
test/ffc_internal_test.c | 6 +
test/recipes/04-test_encoder_decoder_legacy.t | 6 +-
util/libcrypto.num | 74 ++++----
17 files changed, 222 insertions(+), 247 deletions(-)
delete mode 100644 doc/man3/d2i_DHparams.pod
diff --git a/CHANGES.md b/CHANGES.md
index 48957676f6..aad59a862b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -466,9 +466,9 @@ OpenSSL 3.0
* All of the low level DH functions have been deprecated including:
DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method,
- DH_new_method, DH_size, DH_security_bits, DH_get_ex_new_index,
- DH_set_ex_data, DH_get_ex_data, DH_generate_parameters_ex,
- DH_check_params_ex, DH_check_ex, DH_check_pub_key_ex,
+ DH_new_method, DH_new, DH_free, DH_up_ref, DH_bits, DH_set0_pqg, DH_size,
+ DH_security_bits, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data,
+ DH_generate_parameters_ex, DH_check_params_ex, DH_check_ex, DH_check_pub_key_ex,
DH_check, DH_check_pub_key, DH_generate_key, DH_compute_key,
DH_compute_key_padded, DHparams_print_fp, DHparams_print, DH_get_nid,
DH_KDF_X9_42, DH_get0_engine, DH_meth_new, DH_meth_free, DH_meth_dup,
@@ -483,7 +483,18 @@ OpenSSL 3.0
time. Instead applications should use L<EVP_PKEY_derive_init(3)>
and L<EVP_PKEY_derive(3)>.
- *Paul Dale*
+ Additionally functions that read and write DH objects such as d2i_DHparams,
+ i2d_DHparams, PEM_read_DHparam, PEM_write_DHparams and other similar
+ functions have also been deprecated. Applications should instead use the
+ OSSL_DECODER and OSSL_ENCODER APIs to read and write DH files.
+
+ Finaly functions that assign or obtain DH objects from an EVP_PKEY such as
+ EVP_PKEY_assign_DH(), EVP_PKEY_get0_DH, EVP_PKEY_get1_DH, EVP_PKEY_set1_DH
+ are also deprecated. Applications should instead either read or write an
+ EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs. Or load an
+ EVP_PKEY directly from DH data using EVP_PKEY_fromdata().
+
+ *Paul Dale and Matt Caswell*
* All of the low level DSA functions have been deprecated including:
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index a15e4e9d35..c7994417aa 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1449,27 +1449,6 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
BIO_puts(sdb->out, cname);
}
break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_SECOP_OTHER_DH:
- {
- DH *dh = other;
- EVP_PKEY *pkey = EVP_PKEY_new();
- int fail = 1;
-
- if (pkey != NULL) {
- if (EVP_PKEY_set1_DH(pkey, dh)) {
- BIO_printf(sdb->out, "%d", EVP_PKEY_bits(pkey));
- fail = 0;
- }
-
- EVP_PKEY_free(pkey);
- }
- if (fail)
- BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x",
- op);
- break;
- }
#endif
case SSL_SECOP_OTHER_CERT:
{
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index cc8d064c4e..660bb4845a 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_names.h>
#include "internal/param_build_set.h"
#include "crypto/dh.h"
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index e3bbe95ff4..e687b04259 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -51,11 +51,12 @@ const DH_METHOD *dh_get_method(const DH *dh)
{
return dh->meth;
}
-
+# ifndef OPENSSL_NO_DEPRECATED_3_0
DH *DH_new(void)
{
return dh_new_intern(NULL, NULL);
}
+# endif
DH *DH_new_method(ENGINE *engine)
{
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index ad7a0ebee7..cf29071318 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -879,7 +879,7 @@ IMPLEMENT_ECX_VARIANT(ED448)
# endif
-# ifndef OPENSSL_NO_DH
+# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
{
diff --git a/doc/man3/d2i_DHparams.pod b/doc/man3/d2i_DHparams.pod
deleted file mode 100644
index 1f3ecded50..0000000000
--- a/doc/man3/d2i_DHparams.pod
+++ /dev/null
@@ -1,42 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
- int i2d_DHparams(DH *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode PKCS#3 DH parameters using the
-DHparameter structure described in PKCS#3.
-
-Otherwise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)> manual page.
-
-=head1 RETURN VALUES
-
-d2i_DHparams() returns a valid B<DH> structure or NULL if an error occurred.
-
-i2d_DHparams() returns the length of encoded data on success or a value which
-is less than or equal to 0 on error.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/doc/man3/d2i_RSAPrivateKey.pod b/doc/man3/d2i_RSAPrivateKey.pod
index e7cf3989ab..7827b3cef4 100644
--- a/doc/man3/d2i_RSAPrivateKey.pod
+++ b/doc/man3/d2i_RSAPrivateKey.pod
@@ -2,7 +2,7 @@
=begin comment
-Any deprecated keypair function from d2i_X509.pod are collected in this file.
+Any deprecated keypair/params d2i or i2d functions are collected on this page.
=end comment
@@ -17,6 +17,9 @@ d2i_RSAPublicKey_fp,
d2i_RSA_PUBKEY,
d2i_RSA_PUBKEY_bio,
d2i_RSA_PUBKEY_fp,
+d2i_DHparams,
+d2i_DHparams_bio,
+d2i_DHparams_fp,
i2d_RSAPrivateKey,
i2d_RSAPrivateKey_bio,
i2d_RSAPrivateKey_fp,
@@ -25,7 +28,10 @@ i2d_RSAPublicKey_bio,
i2d_RSAPublicKey_fp,
i2d_RSA_PUBKEY,
i2d_RSA_PUBKEY_bio,
-i2d_RSA_PUBKEY_fp
+i2d_RSA_PUBKEY_fp,
+i2d_DHparams,
+i2d_DHparams_bio,
+i2d_DHparams_fp
- DEPRECATED
=head1 SYNOPSIS
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 9a4e454b2f..a6f1405881 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -331,7 +331,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT);
DO_TEST_NO_PRINT(ESS_CERT_ID_V2, d2i_ESS_CERT_ID_V2, i2d_ESS_CERT_ID_V2);
DO_TEST_NO_PRINT(ESS_SIGNING_CERT_V2, d2i_ESS_SIGNING_CERT_V2, i2d_ESS_SIGNING_CERT_V2);
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
DO_TEST_NO_PRINT(DH, d2i_DHparams, i2d_DHparams);
DO_TEST_NO_PRINT(DH, d2i_DHxparams, i2d_DHxparams);
#endif
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 69a5b79c18..d06fea6a23 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -105,7 +105,7 @@ DECLARE_ASN1_ITEM(DHparams)
* primes p where (p-1)/2 is prime too are called "safe"; we define this for
* backward compatibility:
*/
-# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a safe prime generator */
@@ -136,140 +136,140 @@ DECLARE_ASN1_ITEM(DHparams)
ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
# define i2d_DHxparams_bio(bp, x) \
ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
-# endif
-DECLARE_ASN1_DUP_FUNCTION_name(DH, DHparams)
+DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams)
-DEPRECATEDIN_3_0(const DH_METHOD *DH_OpenSSL(void))
+OSSL_DEPRECATEDIN_3_0 const DH_METHOD *DH_OpenSSL(void);
-DEPRECATEDIN_3_0(void DH_set_default_method(const DH_METHOD *meth))
-DEPRECATEDIN_3_0(const DH_METHOD *DH_get_default_method(void))
-DEPRECATEDIN_3_0(int DH_set_method(DH *dh, const DH_METHOD *meth))
-DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine))
+OSSL_DEPRECATEDIN_3_0 void DH_set_default_method(const DH_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 const DH_METHOD *DH_get_default_method(void);
+OSSL_DEPRECATEDIN_3_0 int DH_set_method(DH *dh, const DH_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 DH *DH_new_method(ENGINE *engine);
+
+OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
+OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_up_ref(DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_bits(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_size(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_security_bits(const DH *dh);
-DH *DH_new(void);
-void DH_free(DH *dh);
-int DH_up_ref(DH *dh);
-int DH_bits(const DH *dh);
-DEPRECATEDIN_3_0(int DH_size(const DH *dh))
-DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh))
-# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DH_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
-# endif
-DEPRECATEDIN_3_0(int DH_set_ex_data(DH *d, int idx, void *arg))
-DEPRECATEDIN_3_0(void *DH_get_ex_data(const DH *d, int idx))
-
-/* Deprecated version */
-DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
- void (*callback) (int, int,
- void *),
- void *cb_arg))
-/* New version */
-DEPRECATEDIN_3_0(int DH_generate_parameters_ex(DH *dh, int prime_len,
- int generator, BN_GENCB *cb))
-
-DEPRECATEDIN_3_0(int DH_check_params_ex(const DH *dh))
-DEPRECATEDIN_3_0(int DH_check_ex(const DH *dh))
-DEPRECATEDIN_3_0(int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key))
-/*
- * TODO(3.0): deprecate DH_check_params once ssl/statem/statem_clnt.c is fixed.
- */
-int DH_check_params(const DH *dh, int *ret);
-DEPRECATEDIN_3_0(int DH_check(const DH *dh, int *codes))
-DEPRECATEDIN_3_0(int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
- int *codes))
-DEPRECATEDIN_3_0(int DH_generate_key(DH *dh))
-DEPRECATEDIN_3_0(int DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
- DH *dh))
-DEPRECATEDIN_3_0(int DH_compute_key_padded(unsigned char *key,
- const BIGNUM *pub_key, DH *dh))
-DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHparams)
-DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHxparams)
-# ifndef OPENSSL_NO_STDIO
-DEPRECATEDIN_3_0(int DHparams_print_fp(FILE *fp, const DH *x))
-# endif
-DEPRECATEDIN_3_0(int DHparams_print(BIO *bp, const DH *x))
+OSSL_DEPRECATEDIN_3_0 int DH_set_ex_data(DH *d, int idx, void *arg);
+OSSL_DEPRECATEDIN_3_0 void *DH_get_ex_data(const DH *d, int idx);
+
+OSSL_DEPRECATEDIN_3_0 int DH_generate_parameters_ex(DH *dh, int prime_len,
+ int generator,
+ BN_GENCB *cb);
+
+OSSL_DEPRECATEDIN_3_0 int DH_check_params_ex(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_check_ex(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+OSSL_DEPRECATEDIN_3_0 int DH_check_params(const DH *dh, int *ret);
+OSSL_DEPRECATEDIN_3_0 int DH_check(const DH *dh, int *codes);
+OSSL_DEPRECATEDIN_3_0 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
+ int *codes);
+OSSL_DEPRECATEDIN_3_0 int DH_generate_key(DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_compute_key(unsigned char *key,
+ const BIGNUM *pub_key, DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_compute_key_padded(unsigned char *key,
+ const BIGNUM *pub_key, DH *dh);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams)
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DH, DHxparams)
+
+# ifndef OPENSSL_NO_STDIO
+OSSL_DEPRECATEDIN_3_0 int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+OSSL_DEPRECATEDIN_3_0 int DHparams_print(BIO *bp, const DH *x);
/* RFC 5114 parameters */
-DH *DH_get_1024_160(void);
-DH *DH_get_2048_224(void);
-DH *DH_get_2048_256(void);
+OSSL_DEPRECATEDIN_3_0 DH *DH_get_1024_160(void);
+OSSL_DEPRECATEDIN_3_0 DH *DH_get_2048_224(void);
+OSSL_DEPRECATEDIN_3_0 DH *DH_get_2048_256(void);
/* Named parameters, currently RFC7919 and RFC3526 */
-/* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */
-DH *DH_new_by_nid(int nid);
-DEPRECATEDIN_3_0(int DH_get_nid(const DH *dh))
+OSSL_DEPRECATEDIN_3_0 DH *DH_new_by_nid(int nid);
+OSSL_DEPRECATEDIN_3_0 int DH_get_nid(const DH *dh);
/* RFC2631 KDF */
-DEPRECATEDIN_3_0(int DH_KDF_X9_42(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- ASN1_OBJECT *key_oid,
- const unsigned char *ukm,
- size_t ukmlen, const EVP_MD *md))
-
-void DH_get0_pqg(const DH *dh,
- const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-void DH_get0_key(const DH *dh,
- const BIGNUM **pub_key, const BIGNUM **priv_key);
-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
-const BIGNUM *DH_get0_p(const DH *dh);
-const BIGNUM *DH_get0_q(const DH *dh);
-const BIGNUM *DH_get0_g(const DH *dh);
-const BIGNUM *DH_get0_priv_key(const DH *dh);
-const BIGNUM *DH_get0_pub_key(const DH *dh);
-void DH_clear_flags(DH *dh, int flags);
-int DH_test_flags(const DH *dh, int flags);
-void DH_set_flags(DH *dh, int flags);
-DEPRECATEDIN_3_0(ENGINE *DH_get0_engine(DH *d))
-long DH_get_length(const DH *dh);
-int DH_set_length(DH *dh, long length);
-
-DEPRECATEDIN_3_0(DH_METHOD *DH_meth_new(const char *name, int flags))
-DEPRECATEDIN_3_0(void DH_meth_free(DH_METHOD *dhm))
-DEPRECATEDIN_3_0(DH_METHOD *DH_meth_dup(const DH_METHOD *dhm))
-DEPRECATEDIN_3_0(const char *DH_meth_get0_name(const DH_METHOD *dhm))
-DEPRECATEDIN_3_0(int DH_meth_set1_name(DH_METHOD *dhm, const char *name))
-DEPRECATEDIN_3_0(int DH_meth_get_flags(const DH_METHOD *dhm))
-DEPRECATEDIN_3_0(int DH_meth_set_flags(DH_METHOD *dhm, int flags))
-DEPRECATEDIN_3_0(void *DH_meth_get0_app_data(const DH_METHOD *dhm))
-DEPRECATEDIN_3_0(int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data))
-DEPRECATEDIN_3_0(int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *))
-DEPRECATEDIN_3_0(int DH_meth_set_generate_key(DH_METHOD *dhm,
- int (*generate_key) (DH *)))
-DEPRECATEDIN_3_0(int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
- (unsigned char *key,
- const BIGNUM *pub_key, DH *dh))
-DEPRECATEDIN_3_0(int DH_meth_set_compute_key(DH_METHOD *dhm,
- int (*compute_key)
- (unsigned char *key,
- const BIGNUM *pub_key,
- DH *dh)))
-DEPRECATEDIN_3_0(int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
- (const DH *, BIGNUM *,
- const BIGNUM *,
- const BIGNUM *,
- const BIGNUM *, BN_CTX *,
- BN_MONT_CTX *))
-DEPRECATEDIN_3_0(int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
- int (*bn_mod_exp)
- (const DH *, BIGNUM *,
- const BIGNUM *, const BIGNUM *,
- const BIGNUM *, BN_CTX *,
- BN_MONT_CTX *)))
-DEPRECATEDIN_3_0(int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *))
-DEPRECATEDIN_3_0(int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)))
-DEPRECATEDIN_3_0(int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *))
-DEPRECATEDIN_3_0(int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)))
-DEPRECATEDIN_3_0(int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
- (DH *, int, int,
- BN_GENCB *))
-DEPRECATEDIN_3_0(int DH_meth_set_generate_params(DH_METHOD *dhm,
- int (*generate_params)
- (DH *, int, int,
- BN_GENCB *)))
+OSSL_DEPRECATEDIN_3_0 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ ASN1_OBJECT *key_oid,
+ const unsigned char *ukm,
+ size_t ukmlen, const EVP_MD *md);
+
+OSSL_DEPRECATEDIN_3_0 void DH_get0_pqg(const DH *dh, const BIGNUM **p,
+ const BIGNUM **q, const BIGNUM **g);
+OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+OSSL_DEPRECATEDIN_3_0 void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
+ const BIGNUM **priv_key);
+OSSL_DEPRECATEDIN_3_0 int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_p(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_q(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_g(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_priv_key(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_pub_key(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 void DH_clear_flags(DH *dh, int flags);
+OSSL_DEPRECATEDIN_3_0 int DH_test_flags(const DH *dh, int flags);
+OSSL_DEPRECATEDIN_3_0 void DH_set_flags(DH *dh, int flags);
+OSSL_DEPRECATEDIN_3_0 ENGINE *DH_get0_engine(DH *d);
+OSSL_DEPRECATEDIN_3_0 long DH_get_length(const DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_set_length(DH *dh, long length);
+
+OSSL_DEPRECATEDIN_3_0 DH_METHOD *DH_meth_new(const char *name, int flags);
+OSSL_DEPRECATEDIN_3_0 void DH_meth_free(DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 const char *DH_meth_get0_name(const DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_get_flags(const DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+OSSL_DEPRECATEDIN_3_0 void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_generate_key(DH_METHOD *dhm,
+ int (*generate_key) (DH *));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+ (unsigned char *key,
+ const BIGNUM *pub_key,
+ DH *dh);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_compute_key(DH_METHOD *dhm,
+ int (*compute_key)
+ (unsigned char *key,
+ const BIGNUM *pub_key,
+ DH *dh));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+ (const DH *, BIGNUM *,
+ const BIGNUM *,
+ const BIGNUM *,
+ const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+ int (*bn_mod_exp)
+ (const DH *, BIGNUM *,
+ const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+ (DH *, int, int,
+ BN_GENCB *);
+OSSL_DEPRECATEDIN_3_0 int DH_meth_set_generate_params(DH_METHOD *dhm,
+ int (*generate_params)
+ (DH *, int, int,
+ BN_GENCB *));
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
+# ifndef OPENSSL_NO_DEPRECATED_0_9_8
+OSSL_DEPRECATEDIN_0_9_8 DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int,
+ void *),
+ void *cb_arg);
+# endif
int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ);
int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 3f39e9ef4a..afbb43c6f9 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -469,7 +469,7 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
(dsa))
# endif
-# ifndef OPENSSL_NO_DH
+# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh))
# endif
@@ -1230,11 +1230,13 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
# endif
-# ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_DH
struct dh_st;
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
-struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+# endif
# endif
# ifndef OPENSSL_NO_EC
struct ec_key_st;
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 3dcf97e36c..b3c2d2e1c1 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -391,8 +391,10 @@ DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
# endif
# ifndef OPENSSL_NO_DH
-DECLARE_PEM_rw(DHparams, DH)
-DECLARE_PEM_write(DHxparams, DH)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
+DECLARE_PEM_write_attr(OSSL_DEPRECATEDIN_3_0, DHxparams, DH)
+# endif
# endif
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
diff --git a/test/build.info b/test/build.info
index bd87bf6a94..7f9e44b591 100644
--- a/test/build.info
+++ b/test/build.info
@@ -793,10 +793,12 @@ IF[{- !$disabled{tests} -}]
INCLUDE[endecode_test]=.. ../include ../apps/include
DEPEND[endecode_test]=../libcrypto.a libtestutil.a
- PROGRAMS{noinst}=endecoder_legacy_test
- SOURCE[endecoder_legacy_test]=endecoder_legacy_test.c
- INCLUDE[endecoder_legacy_test]=.. ../include ../apps/include
- DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a
+ IF[{- !$disabled{'deprecated-3.0'} -}]
+ PROGRAMS{noinst}=endecoder_legacy_test
+ SOURCE[endecoder_legacy_test]=endecoder_legacy_test.c
+ INCLUDE[endecoder_legacy_test]=.. ../include ../apps/include
+ DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a
+ ENDIF
PROGRAMS{noinst}=namemap_internal_test
SOURCE[namemap_internal_test]=namemap_internal_test.c
diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index 6fd7b356cd..467c072b3e 100644
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -166,7 +166,6 @@ static struct test_stanza_st {
NULL, /* No PEM_read_bio_ECParameters */
(PEM_read_bio_of_void *)PEM_read_bio_EC_PUBKEY, },
#endif
-#ifndef OPENSSL_NO_DEPRECATED_3_0
{ "RSA", { "RSA", "type-specific" }, EVP_PKEY_RSA,
(i2d_of_void *)i2d_RSAPrivateKey,
(i2d_of_void *)i2d_RSAPublicKey,
@@ -184,7 +183,6 @@ static struct test_stanza_st {
(PEM_read_bio_of_void *)PEM_read_bio_RSAPublicKey,
NULL, /* No PEM_read_bio_RSAparams */
(PEM_read_bio_of_void *)PEM_read_bio_RSA_PUBKEY }
-#endif
};
/*
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index fa6d173e30..c1aaf67c85 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1844,7 +1844,7 @@ static int test_decrypt_null_chunks(void)
}
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static int test_EVP_PKEY_set1_DH(void)
{
DH *x942dh = NULL, *noqdh = NULL;
@@ -2197,7 +2197,7 @@ int setup_tests(void)
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ADD_TEST(test_decrypt_null_chunks);
#endif
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
ADD_TEST(test_EVP_PKEY_set1_DH);
#endif
ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c
index 25b3c58b12..1cbaec891b 100644
--- a/test/ffc_internal_test.c
+++ b/test/ffc_internal_test.c
@@ -8,6 +8,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * This is an internal test that is intentionally using internal APIs. Some of
+ * those APIs are deprecated for public use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/test/recipes/04-test_encoder_decoder_legacy.t b/test/recipes/04-test_encoder_decoder_legacy.t
index 9881322628..ef252a3766 100644
--- a/test/recipes/04-test_encoder_decoder_legacy.t
+++ b/test/recipes/04-test_encoder_decoder_legacy.t
@@ -11,12 +11,16 @@ use warnings;
use OpenSSL::Test::Simple;
use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
use Cwd qw(abs_path);
-setup("test_encode_legacy");
+setup("test_encoder_decoder_legacy");
+plan skip_all => "Not available in a no-deprecated build"
+ if disabled("deprecated");
plan tests => 1;
+
$ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
$ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf"));
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 404a706fab..1e27d46711 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -98,7 +98,7 @@ PKCS5_pbe2_set_scrypt 99 3_0_0 EXIST::FUNCTION:SCRYPT
X509_find_by_subject 100 3_0_0 EXIST::FUNCTION:
DSAparams_print 101 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
BF_set_key 102 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
-d2i_DHparams 103 3_0_0 EXIST::FUNCTION:DH
+d2i_DHparams 103 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
i2d_PKCS7_ENC_CONTENT 104 3_0_0 EXIST::FUNCTION:
DH_generate_key 105 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ENGINE_add_conf_module 106 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -152,7 +152,7 @@ X509_REVOKED_get_ext_count 154 3_0_0 EXIST::FUNCTION:
BN_is_prime_fasttest_ex 155 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ERR_load_PKCS12_strings 156 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_sha384 157 3_0_0 EXIST::FUNCTION:
-i2d_DHparams 158 3_0_0 EXIST::FUNCTION:DH
+i2d_DHparams 158 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
TS_VERIFY_CTX_set_store 159 3_0_0 EXIST::FUNCTION:TS
PKCS12_verify_mac 160 3_0_0 EXIST::FUNCTION:
X509v3_addr_canonize 161 3_0_0 EXIST::FUNCTION:RFC3779
@@ -274,7 +274,7 @@ X509_get_ext_d2i 279 3_0_0 EXIST::FUNCTION:
d2i_PKCS7_ENC_CONTENT 280 3_0_0 EXIST::FUNCTION:
BUF_MEM_grow 281 3_0_0 EXIST::FUNCTION:
TS_REQ_free 282 3_0_0 EXIST::FUNCTION:TS
-PEM_read_DHparams 283 3_0_0 EXIST::FUNCTION:DH,STDIO
+PEM_read_DHparams 283 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
RSA_private_decrypt 284 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
X509V3_EXT_get_nid 285 3_0_0 EXIST::FUNCTION:
BIO_s_log 286 3_0_0 EXIST::FUNCTION:
@@ -311,7 +311,7 @@ PEM_write_bio_PKCS7_stream 316 3_0_0 EXIST::FUNCTION:
d2i_X509_CERT_AUX 317 3_0_0 EXIST::FUNCTION:
UI_process 318 3_0_0 EXIST::FUNCTION:
X509_get_subject_name 319 3_0_0 EXIST::FUNCTION:
-DH_get_1024_160 320 3_0_0 EXIST::FUNCTION:DH
+DH_get_1024_160 320 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
i2d_ASN1_UNIVERSALSTRING 321 3_0_0 EXIST::FUNCTION:
d2i_OCSP_RESPID 322 3_0_0 EXIST::FUNCTION:OCSP
BIO_s_accept 323 3_0_0 EXIST::FUNCTION:SOCK
@@ -447,7 +447,7 @@ ENGINE_get_digests 455 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
TS_MSG_IMPRINT_get_algo 456 3_0_0 EXIST::FUNCTION:TS
DH_new_method 457 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BF_ecb_encrypt 458 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
-PEM_write_bio_DHparams 459 3_0_0 EXIST::FUNCTION:DH
+PEM_write_bio_DHparams 459 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
EVP_DigestFinal 460 3_0_0 EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE 461 3_0_0 EXIST::FUNCTION:CT
X509v3_asid_add_id_or_range 462 3_0_0 EXIST::FUNCTION:RFC3779
@@ -457,7 +457,7 @@ ASN1_INTEGER_to_BN 465 3_0_0 EXIST::FUNCTION:
OPENSSL_memcmp 466 3_0_0 NOEXIST::FUNCTION:
BUF_MEM_new 467 3_0_0 EXIST::FUNCTION:
DSO_set_filename 468 3_0_0 EXIST::FUNCTION:
-DH_new 469 3_0_0 EXIST::FUNCTION:DH
+DH_new 469 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
OCSP_RESPID_free 470 3_0_0 EXIST::FUNCTION:OCSP
PKCS5_pbe2_set 471 3_0_0 EXIST::FUNCTION:
SCT_set_signature_nid 473 3_0_0 EXIST::FUNCTION:CT
@@ -717,7 +717,7 @@ TXT_DB_write 735 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_get1_ext_d2i 736 3_0_0 EXIST::FUNCTION:OCSP
CMS_unsigned_add1_attr_by_NID 737 3_0_0 EXIST::FUNCTION:CMS
BN_mod_exp_mont 738 3_0_0 EXIST::FUNCTION:
-d2i_DHxparams 739 3_0_0 EXIST::FUNCTION:DH
+d2i_DHxparams 739 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_size 740 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CONF_imodule_get_name 741 3_0_0 EXIST::FUNCTION:
ENGINE_get_pkey_meth_engine 742 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -906,7 +906,7 @@ CRYPTO_secure_malloc_initialized 928 3_0_0 EXIST::FUNCTION:
o2i_SCT_LIST 929 3_0_0 EXIST::FUNCTION:CT
ASN1_PCTX_get_cert_flags 930 3_0_0 EXIST::FUNCTION:
X509at_add1_attr_by_NID 931 3_0_0 EXIST::FUNCTION:
-DHparams_dup 932 3_0_0 EXIST::FUNCTION:DH
+DHparams_dup 932 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
X509_get_ext 933 3_0_0 EXIST::FUNCTION:
X509_issuer_and_serial_hash 934 3_0_0 EXIST::FUNCTION:
ASN1_BMPSTRING_it 935 3_0_0 EXIST::FUNCTION:
@@ -1006,7 +1006,7 @@ X509_policy_check 1031 3_0_0 EXIST::FUNCTION:
X509_CRL_METHOD_new 1032 3_0_0 EXIST::FUNCTION:
ASN1_ANY_it 1033 3_0_0 EXIST::FUNCTION:
d2i_DSA_SIG 1034 3_0_0 EXIST::FUNCTION:DSA
-DH_free 1035 3_0_0 EXIST::FUNCTION:DH
+DH_free 1035 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ENGINE_register_all_DSA 1036 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
TS_REQ_set_msg_imprint 1037 3_0_0 EXIST::FUNCTION:TS
BN_mod_sub_quick 1038 3_0_0 EXIST::FUNCTION:
@@ -1028,7 +1028,7 @@ CRYPTO_free 1054 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_exp 1055 3_0_0 EXIST::FUNCTION:EC2M
OPENSSL_buf2hexstr 1056 3_0_0 EXIST::FUNCTION:
DES_encrypt2 1057 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
-DH_up_ref 1058 3_0_0 EXIST::FUNCTION:DH
+DH_up_ref 1058 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
RC2_ofb64_encrypt 1059 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
PKCS12_pbe_crypt 1060 3_0_0 EXIST::FUNCTION:
ASIdentifiers_free 1061 3_0_0 EXIST::FUNCTION:RFC3779
@@ -1242,7 +1242,7 @@ RC5_32_cfb64_encrypt 1270 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
TS_REQ_set_cert_req 1271 3_0_0 EXIST::FUNCTION:TS
TXT_DB_get_by_index 1272 3_0_0 EXIST::FUNCTION:
X509_check_ca 1273 3_0_0 EXIST::FUNCTION:
-DH_get_2048_224 1274 3_0_0 EXIST::FUNCTION:DH
+DH_get_2048_224 1274 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
X509_load_http 1275 3_0_0 EXIST::FUNCTION:
i2d_AUTHORITY_INFO_ACCESS 1276 3_0_0 EXIST::FUNCTION:
EVP_get_cipherbyname 1277 3_0_0 EXIST::FUNCTION:
@@ -1406,7 +1406,7 @@ X509_ATTRIBUTE_set1_object 1438 3_0_0 EXIST::FUNCTION:
i2d_ECPrivateKey_bio 1439 3_0_0 EXIST::FUNCTION:EC
BN_GENCB_free 1440 3_0_0 EXIST::FUNCTION:
HMAC_size 1441 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_get0_DH 1442 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_get0_DH 1442 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
d2i_OCSP_CRLID 1443 3_0_0 EXIST::FUNCTION:OCSP
EVP_CIPHER_CTX_set_padding 1444 3_0_0 EXIST::FUNCTION:
CTLOG_new_from_base64 1445 3_0_0 EXIST::FUNCTION:CT
@@ -1585,7 +1585,7 @@ X509V3_EXT_get 1621 3_0_0 EXIST::FUNCTION:
OCSP_id_cmp 1622 3_0_0 EXIST::FUNCTION:OCSP
NCONF_dump_bio 1623 3_0_0 EXIST::FUNCTION:
X509_NAME_get_entry 1624 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_get1_DH 1625 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_get1_DH 1625 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CRYPTO_gcm128_aad 1626 3_0_0 EXIST::FUNCTION:
EVP_des_cfb8 1627 3_0_0 EXIST::FUNCTION:DES
BN_BLINDING_convert 1628 3_0_0 EXIST::FUNCTION:
@@ -2017,7 +2017,7 @@ BN_GENCB_get_arg 2063 3_0_0 EXIST::FUNCTION:
EVP_MD_CTX_clear_flags 2064 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_verifyctx 2065 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
CT_POLICY_EVAL_CTX_get0_cert 2066 3_0_0 EXIST::FUNCTION:CT
-PEM_write_DHparams 2067 3_0_0 EXIST::FUNCTION:DH,STDIO
+PEM_write_DHparams 2067 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
DH_set_ex_data 2068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
OCSP_SIGNATURE_free 2069 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_128_unwrap_pad 2070 3_0_0 EXIST::FUNCTION:
@@ -2155,7 +2155,7 @@ BN_GF2m_add 2202 3_0_0 EXIST::FUNCTION:EC2M
CMAC_resume 2203 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
TS_ACCURACY_set_millis 2204 3_0_0 EXIST::FUNCTION:TS
X509V3_EXT_conf 2205 3_0_0 EXIST::FUNCTION:
-i2d_DHxparams 2206 3_0_0 EXIST::FUNCTION:DH
+i2d_DHxparams 2206 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
EVP_CIPHER_CTX_free 2207 3_0_0 EXIST::FUNCTION:
WHIRLPOOL_BitUpdate 2208 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL
EVP_idea_ecb 2209 3_0_0 EXIST::FUNCTION:IDEA
@@ -2274,7 +2274,7 @@ ASN1_STRING_length 2321 3_0_0 EXIST::FUNCTION:
PKCS7_set_digest 2322 3_0_0 EXIST::FUNCTION:
PEM_write_bio_PUBKEY 2323 3_0_0 EXIST::FUNCTION:
PEM_read_PKCS7 2324 3_0_0 EXIST::FUNCTION:STDIO
-DH_get_2048_256 2325 3_0_0 EXIST::FUNCTION:DH
+DH_get_2048_256 2325 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
X509at_delete_attr 2326 3_0_0 EXIST::FUNCTION:
PEM_write_bio 2327 3_0_0 EXIST::FUNCTION:
CMS_signed_get_attr_by_OBJ 2329 3_0_0 EXIST::FUNCTION:CMS
@@ -2405,7 +2405,7 @@ BIGNUM_it 2455 3_0_0 EXIST::FUNCTION:
BN_BLINDING_get_flags 2456 3_0_0 EXIST::FUNCTION:
X509_EXTENSION_get_critical 2457 3_0_0 EXIST::FUNCTION:
DSA_set_default_method 2458 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
-PEM_write_bio_DHxparams 2459 3_0_0 EXIST::FUNCTION:DH
+PEM_write_bio_DHxparams 2459 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DSA_set_ex_data 2460 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
BIO_s_datagram_sctp 2461 3_0_0 EXIST::FUNCTION:DGRAM,SCTP
SXNET_add_id_asc 2462 3_0_0 EXIST::FUNCTION:
@@ -2910,7 +2910,7 @@ NAME_CONSTRAINTS_it 2972 3_0_0 EXIST::FUNCTION:
TS_REQ_get_cert_req 2973 3_0_0 EXIST::FUNCTION:TS
BIO_pop 2974 3_0_0 EXIST::FUNCTION:
SHA256_Final 2975 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_set1_DH 2976 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_set1_DH 2976 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_get_ex_data 2977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CRYPTO_secure_malloc 2978 3_0_0 EXIST::FUNCTION:
TS_RESP_get_status_info 2979 3_0_0 EXIST::FUNCTION:TS
@@ -3163,7 +3163,7 @@ ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION:
BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION:
i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO
ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-DH_bits 3232 3_0_0 EXIST::FUNCTION:DH
+DH_bits 3232 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION:
EVP_camellia_192_cfb1 3234 3_0_0 EXIST::FUNCTION:CAMELLIA
TS_RESP_CTX_add_failure_info 3235 3_0_0 EXIST::FUNCTION:TS
@@ -3190,7 +3190,7 @@ X509_set1_notBefore 3255 3_0_0 EXIST::FUNCTION:
MD4 3256 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4
EVP_PKEY_CTX_dup 3257 3_0_0 EXIST::FUNCTION:
ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE
-PEM_read_bio_DHparams 3259 3_0_0 EXIST::FUNCTION:DH
+PEM_read_bio_DHparams 3259 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CMS_SharedInfo_encode 3260 3_0_0 EXIST::FUNCTION:CMS
ASN1_OBJECT_create 3261 3_0_0 EXIST::FUNCTION:
i2d_ECParameters 3262 3_0_0 EXIST::FUNCTION:EC
@@ -3684,7 +3684,7 @@ ASN1_TIME_print 3763 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_peerkey 3764 3_0_0 EXIST::FUNCTION:
BN_mod_lshift1 3765 3_0_0 EXIST::FUNCTION:
BIO_ADDRINFO_family 3766 3_0_0 EXIST::FUNCTION:SOCK
-PEM_write_DHxparams 3767 3_0_0 EXIST::FUNCTION:DH,STDIO
+PEM_write_DHxparams 3767 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
BN_mod_exp2_mont 3768 3_0_0 EXIST::FUNCTION:
ASN1_PRINTABLE_free 3769 3_0_0 EXIST::FUNCTION:
PKCS7_ATTR_SIGN_it 3771 3_0_0 EXIST::FUNCTION:
@@ -3948,15 +3948,15 @@ RSA_meth_set_init 4031 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
RSA_meth_get_priv_enc 4032 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_set0_crt_params 4037 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-DH_set0_pqg 4039 3_0_0 EXIST::FUNCTION:DH
-DH_clear_flags 4041 3_0_0 EXIST::FUNCTION:DH
-DH_get0_key 4042 3_0_0 EXIST::FUNCTION:DH
+DH_set0_pqg 4039 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_clear_flags 4041 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_key 4042 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_get0_engine 4043 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
-DH_set0_key 4044 3_0_0 EXIST::FUNCTION:DH
-DH_set_length 4045 3_0_0 EXIST::FUNCTION:DH
-DH_test_flags 4046 3_0_0 EXIST::FUNCTION:DH
-DH_get_length 4047 3_0_0 EXIST::FUNCTION:DH
-DH_get0_pqg 4048 3_0_0 EXIST::FUNCTION:DH
+DH_set0_key 4044 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_set_length 4045 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_test_flags 4046 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get_length 4047 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_pqg 4048 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get_compute_key 4049 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set1_name 4050 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set_init 4051 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
@@ -3978,7 +3978,7 @@ DH_meth_set_bn_mod_exp 4066 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
DH_meth_set_generate_key 4067 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_free 4068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get_generate_key 4069 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
-DH_set_flags 4070 3_0_0 EXIST::FUNCTION:DH
+DH_set_flags 4070 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
X509_STORE_CTX_get_obj_by_subject 4071 3_0_0 EXIST::FUNCTION:
X509_OBJECT_free 4072 3_0_0 EXIST::FUNCTION:
X509_OBJECT_get0_X509 4073 3_0_0 EXIST::FUNCTION:
@@ -4091,7 +4091,7 @@ UI_method_get_ex_data 4179 3_0_0 EXIST::FUNCTION:
UI_UTIL_wrap_read_pem_callback 4180 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_get_time 4181 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_poly1305 4182 3_0_0 EXIST::FUNCTION:POLY1305
-DH_check_params 4183 3_0_0 EXIST::FUNCTION:DH
+DH_check_params 4183 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
EVP_PKEY_get0_siphash 4184 3_0_0 EXIST::FUNCTION:SIPHASH
EVP_aria_256_ofb 4185 3_0_0 EXIST::FUNCTION:ARIA
EVP_aria_256_cfb128 4186 3_0_0 EXIST::FUNCTION:ARIA
@@ -4236,7 +4236,7 @@ EVP_PKEY_meth_get_check 4342 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EVP_PKEY_meth_remove 4343 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OPENSSL_sk_reserve 4344 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_engine 4347 3_0_0 EXIST::FUNCTION:ENGINE
-DH_new_by_nid 4348 3_0_0 EXIST::FUNCTION:DH
+DH_new_by_nid 4348 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_get_nid 4349 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CRYPTO_get_alloc_counts 4350 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG
OPENSSL_sk_new_reserve 4351 3_0_0 EXIST::FUNCTION:
@@ -4345,11 +4345,11 @@ conf_ssl_name_find 4469 3_0_0 EXIST::FUNCTION:
conf_ssl_get_cmd 4470 3_0_0 EXIST::FUNCTION:
conf_ssl_get 4471 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_get_hostflags 4472 3_0_0 EXIST::FUNCTION:
-DH_get0_p 4473 3_0_0 EXIST::FUNCTION:DH
-DH_get0_q 4474 3_0_0 EXIST::FUNCTION:DH
-DH_get0_g 4475 3_0_0 EXIST::FUNCTION:DH
-DH_get0_priv_key 4476 3_0_0 EXIST::FUNCTION:DH
-DH_get0_pub_key 4477 3_0_0 EXIST::FUNCTION:DH
+DH_get0_p 4473 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_q 4474 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_g 4475 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_priv_key 4476 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_pub_key 4477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DSA_get0_priv_key 4478 3_0_0 EXIST::FUNCTION:DSA
DSA_get0_pub_key 4479 3_0_0 EXIST::FUNCTION:DSA
DSA_get0_q 4480 3_0_0 EXIST::FUNCTION:DSA
More information about the openssl-commits
mailing list