[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Tue Jan 26 14:36:50 UTC 2021
The branch master has been updated
via 7b0f64b121860be91506906a2dc024e352b3d216 (commit)
via 82a46200911f2bb1af00b6921c0db9738825aa76 (commit)
via f468e2f95160defb7ab7461f8217697add762b90 (commit)
via 59b64259b8392fea1c88dc992eaed9ba8b29fa80 (commit)
via adffee9753d5237951e3a7963f948e5d3fd881ef (commit)
via 36fafb2e80dd178309ff4d271c4c8c9bafb2d87c (commit)
via 0c8e98e615d3522592a5bde6fcef43e42eb70deb (commit)
via f377e58fde1a7e6b29067c48df7d3c04fdaeba38 (commit)
via 3d34bedfd7fb9120b6eb7b05c25cd0c3de14c562 (commit)
via 5b5eea4b60b682009d2b15587c9ceeae5e9c73f8 (commit)
via 98dbf2c1c8143c0cc6dd05be7950d90bc6792064 (commit)
from 5764c3522c417fc775a78df4529e7a6f93379de8 (commit)
- Log -----------------------------------------------------------------
commit 7b0f64b121860be91506906a2dc024e352b3d216
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Jan 22 15:52:07 2021 +0100
Check that the ecparam and pkeyparam do not mangle the parameters
Just comparison of the original parameter file with the -out output.
Some test files have non-canonical encoding, so they are moved
to a different directory.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit 82a46200911f2bb1af00b6921c0db9738825aa76
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Jan 22 13:59:54 2021 +0100
Add checks for NULL return from EC_KEY_get0_group()
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit f468e2f95160defb7ab7461f8217697add762b90
Author: Tomas Mraz <tomas at openssl.org>
Date: Thu Jan 21 14:38:36 2021 +0100
ec: Document that -conv_form and -no_public are not supported with engine
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit 59b64259b8392fea1c88dc992eaed9ba8b29fa80
Author: Tomas Mraz <tomas at openssl.org>
Date: Thu Jan 21 12:37:21 2021 +0100
ssl_old_test.c: Replace use of deprecated EC functions
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit adffee9753d5237951e3a7963f948e5d3fd881ef
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Jan 20 15:37:32 2021 +0100
EVP_PKEY_get_group_name works with public keys as well
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit 36fafb2e80dd178309ff4d271c4c8c9bafb2d87c
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Jan 20 15:35:50 2021 +0100
Add manpage for EVP_PKEY_get_field_type and EVP_PKEY_get_point_conv_form
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit 0c8e98e615d3522592a5bde6fcef43e42eb70deb
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Jan 20 14:01:01 2021 +0100
Avoid using OSSL_PKEY_PARAM_GROUP_NAME when the key might be legacy
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit f377e58fde1a7e6b29067c48df7d3c04fdaeba38
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Jan 20 12:59:53 2021 +0100
Disable the test-ec completely when building with no-ec
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit 3d34bedfd7fb9120b6eb7b05c25cd0c3de14c562
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 18 16:05:43 2021 +0000
Add EVP_PKEY functions to get EC conv form and field type
libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order
to get the conv form and field type. Instead we provide EVP_PKEY level
functions to do this.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit 5b5eea4b60b682009d2b15587c9ceeae5e9c73f8
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu Oct 15 13:41:59 2020 +1000
Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte at openssl.org>
Co-author: Tomas Mraz <tmraz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
commit 98dbf2c1c8143c0cc6dd05be7950d90bc6792064
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu Oct 15 13:39:02 2020 +1000
Add functions to set values into an EVP_PKEY
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 56 +-
apps/ec.c | 189 +++---
apps/ecparam.c | 300 +++++-----
crypto/threads_lib.c => apps/include/ec_common.h | 26 +-
apps/include/opt.h | 1 +
apps/lib/opt.c | 14 +
apps/lib/s_cb.c | 16 +-
apps/pkey.c | 61 +-
apps/speed.c | 4 +
crypto/asn1/asn1_item_list.h | 2 +
crypto/ec/ec_backend.c | 219 ++++++-
crypto/ec/ec_key.c | 2 +-
crypto/ec/ec_lib.c | 86 +--
crypto/ec/ec_pmeth.c | 3 +
crypto/ec/eck_prn.c | 8 +-
crypto/evp/ec_ctrl.c | 4 +-
crypto/evp/p_legacy.c | 36 ++
crypto/evp/p_lib.c | 224 +++++--
crypto/pem/pem_all.c | 13 +-
crypto/sm2/sm2_key.c | 2 +
crypto/sm2/sm2_sign.c | 2 +
crypto/x509/x509_cmp.c | 15 +-
crypto/x509/x509_vfy.c | 2 +
doc/man1/openssl-ec.pod.in | 3 +
doc/man3/EVP_PKEY_get_field_type.pod | 55 ++
doc/man3/EVP_PKEY_get_group_name.pod | 2 +-
doc/man3/EVP_PKEY_settable_params.pod | 82 +++
doc/man3/d2i_RSAPrivateKey.pod | 18 +-
doc/man3/d2i_X509.pod | 16 -
doc/man7/EVP_PKEY-EC.pod | 20 +
fuzz/asn1.c | 4 +-
fuzz/server.c | 16 +-
include/crypto/ec.h | 9 +
include/crypto/sm2.h | 1 +
include/crypto/types.h | 3 +-
include/openssl/core_names.h | 13 +-
include/openssl/ec.h | 641 +++++++++++----------
include/openssl/evp.h | 28 +-
include/openssl/pem.h | 12 +-
include/openssl/ssl.h.in | 6 +-
include/openssl/types.h | 2 +
include/openssl/x509.h.in | 36 +-
providers/common/der/der_ec.h.in | 1 +
providers/common/der/der_sm2.h.in | 1 +
providers/implementations/asymciphers/sm2_enc.c | 2 +
providers/implementations/keymgmt/ec_kmgmt.c | 89 ++-
ssl/s3_lib.c | 46 +-
ssl/ssl_local.h | 2 +
ssl/t1_lib.c | 23 +-
ssl/tls_depr.c | 20 +-
test/build.info | 6 +-
test/ectest.c | 118 ++--
test/evp_extra_test.c | 74 +--
test/helpers/handshake.c | 15 +-
test/recipes/15-test_ec.t | 132 ++---
test/recipes/15-test_ecparam.t | 98 +++-
.../{valid => noncanon}/c2pnb163v1-explicit.pem | 0
.../{valid => noncanon}/c2pnb208w1-explicit.pem | 0
.../{valid => noncanon}/secp160k1-explicit.pem | 0
.../{valid => noncanon}/secp192k1-explicit.pem | 0
.../{valid => noncanon}/secp224k1-explicit.pem | 0
.../{valid => noncanon}/secp256k1-explicit.pem | 0
.../{valid => noncanon}/secp521r1-explicit.pem | 0
.../{valid => noncanon}/sect113r1-explicit.pem | 0
.../{valid => noncanon}/sect113r2-explicit.pem | 0
.../{valid => noncanon}/sect163k1-explicit.pem | 0
.../{valid => noncanon}/sect163r2-explicit.pem | 0
.../{valid => noncanon}/sect193r1-explicit.pem | 0
.../{valid => noncanon}/sect193r2-explicit.pem | 0
.../{valid => noncanon}/sect233k1-explicit.pem | 0
.../{valid => noncanon}/sect233r1-explicit.pem | 0
.../{valid => noncanon}/sect239k1-explicit.pem | 0
.../{valid => noncanon}/sect283k1-explicit.pem | 0
.../{valid => noncanon}/sect283r1-explicit.pem | 0
.../{valid => noncanon}/sect409k1-explicit.pem | 0
.../{valid => noncanon}/sect409r1-explicit.pem | 0
.../{valid => noncanon}/sect571k1-explicit.pem | 0
.../{valid => noncanon}/sect571r1-explicit.pem | 0
.../wap-wsg-idm-ecid-wtls1-explicit.pem | 0
.../wap-wsg-idm-ecid-wtls10-explicit.pem | 0
.../wap-wsg-idm-ecid-wtls11-explicit.pem | 0
.../wap-wsg-idm-ecid-wtls3-explicit.pem | 0
.../wap-wsg-idm-ecid-wtls4-explicit.pem | 0
.../wap-wsg-idm-ecid-wtls5-explicit.pem | 0
.../wap-wsg-idm-ecid-wtls8-explicit.pem | 0
.../wap-wsg-idm-ecid-wtls9-explicit.pem | 0
test/ssl_old_test.c | 16 +-
util/libcrypto.num | 165 +++---
88 files changed, 1913 insertions(+), 1147 deletions(-)
copy crypto/threads_lib.c => apps/include/ec_common.h (60%)
create mode 100644 doc/man3/EVP_PKEY_get_field_type.pod
create mode 100644 doc/man3/EVP_PKEY_settable_params.pod
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/c2pnb163v1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/c2pnb208w1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp160k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp192k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp224k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp256k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp521r1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect113r1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect113r2-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect163k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect163r2-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect193r1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect193r2-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect233k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect233r1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect239k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect283k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect283r1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect409k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect409r1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect571k1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect571r1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls1-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls10-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls11-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls3-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls4-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls5-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls8-explicit.pem (100%)
rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls9-explicit.pem (100%)
diff --git a/CHANGES.md b/CHANGES.md
index fbd80c33c0..e512b080c7 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -69,6 +69,49 @@ OpenSSL 3.0
*Dmitry Belyavskiy*
+ * All of the low level EC_KEY functions have been deprecated including:
+
+ EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
+ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
+ EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
+ EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
+ EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
+ EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
+ EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign,
+ EC_KEY_METHOD_get_verify,
+ EC_KEY_new_ex, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags,
+ EC_KEY_clear_flags, EC_KEY_decoded_from_explicit_params,
+ EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
+ EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine,
+ EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
+ EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
+ EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form,
+ EC_KEY_set_conv_form, EC_KEY_set_ex_data, EC_KEY_get_ex_data,
+ EC_KEY_set_asn1_flag, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_can_sign,
+ EC_KEY_set_public_key_affine_coordinates, EC_KEY_key2buf, EC_KEY_oct2key,
+ EC_KEY_oct2priv, EC_KEY_priv2oct and EC_KEY_priv2buf.
+ Applications that need to implement an EC_KEY_METHOD need to consider
+ implementation of the functionality in a special provider.
+ For replacement of the functions manipulating the EC_KEY objects
+ see the EVP_PKEY-EC(7) manual page.
+
+ Additionally functions that read and write EC_KEY objects such as
+ o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
+ d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio,
+ d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp,
+ i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio,
+ i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio and i2d_EC_PUBKEY_fp
+ have also been deprecated. Applications should instead use the
+ OSSL_DECODER and OSSL_ENCODER APIs to read and write EC files.
+
+ Finally functions that assign or obtain EC_KEY objects from an EVP_PKEY such as
+ EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get1_EC_KEY and
+ EVP_PKEY_set1_EC_KEY are also deprecated. Applications should instead either
+ read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER
+ APIs. Or load an EVP_PKEY directly from EC data using EVP_PKEY_fromdata().
+
+ *Shane Lontis, Paul Dale, Richard Levitte, and Tomas Mraz*
+
* Deprecated all the libcrypto and libssl error string loading
functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(),
ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(),
@@ -594,19 +637,6 @@ OpenSSL 3.0
*Paul Dale*
- * Deprecated the EC_KEY_METHOD functions. These include:
-
- EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
- EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
- EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
- EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
- EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign and
- EC_KEY_METHOD_get_verify.
-
- Instead applications and extension writers should use the OSSL_PROVIDER APIs.
-
- *Paul Dale*
-
* Deprecated EVP_PKEY_decrypt_old(), please use EVP_PKEY_decrypt_init()
and EVP_PKEY_decrypt() instead.
Deprecated EVP_PKEY_encrypt_old(), please use EVP_PKEY_encrypt_init()
diff --git a/apps/ec.c b/apps/ec.c
index e1d447de81..109e3eaeeb 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -8,29 +8,17 @@
*/
#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#include <openssl/encoder.h>
+#include <openssl/decoder.h>
+#include <openssl/core_names.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/params.h>
+#include <openssl/err.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
#include "apps.h"
#include "progs.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-
-static OPT_PAIR conv_forms[] = {
- {"compressed", POINT_CONVERSION_COMPRESSED},
- {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
- {"hybrid", POINT_CONVERSION_HYBRID},
- {NULL}
-};
-
-static OPT_PAIR param_enc[] = {
- {"named_curve", OPENSSL_EC_NAMED_CURVE},
- {"explicit", 0},
- {NULL}
-};
+#include "ec_common.h"
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -74,19 +62,22 @@ const OPTIONS ec_options[] = {
int ec_main(int argc, char **argv)
{
+ OSSL_ENCODER_CTX *ectx = NULL;
+ OSSL_DECODER_CTX *dctx = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
+ EVP_PKEY *eckey = NULL;
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
- EC_KEY *eckey = NULL;
- const EC_GROUP *group;
const EVP_CIPHER *enc = NULL;
- point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
- int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
- int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
- int no_public = 0, check = 0;
+ int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0;
+ int check = 0;
+ char *asn1_encoding = NULL;
+ char *point_format = NULL;
+ int no_public = 0;
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -143,16 +134,14 @@ int ec_main(int argc, char **argv)
goto opthelp;
break;
case OPT_CONV_FORM:
- if (!opt_pair(opt_arg(), conv_forms, &i))
+ point_format = opt_arg();
+ if (!opt_string(point_format, point_format_options))
goto opthelp;
- new_form = 1;
- form = i;
break;
case OPT_PARAM_ENC:
- if (!opt_pair(opt_arg(), param_enc, &i))
+ asn1_encoding = opt_arg();
+ if (!opt_string(asn1_encoding, asn1_encoding_options))
goto opthelp;
- new_asn1_flag = 1;
- asn1_flag = i;
break;
case OPT_NO_PUBLIC:
no_public = 1;
@@ -188,30 +177,14 @@ int ec_main(int argc, char **argv)
}
BIO_printf(bio_err, "read EC key\n");
- if (informat == FORMAT_ASN1) {
- if (pubin)
- eckey = d2i_EC_PUBKEY_bio(in, NULL);
- else
- eckey = d2i_ECPrivateKey_bio(in, NULL);
- } else if (informat == FORMAT_ENGINE) {
- EVP_PKEY *pkey;
- if (pubin)
- pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
- else
- pkey = load_key(infile, informat, 1, passin, e, "private key");
- if (pkey != NULL) {
- eckey = EVP_PKEY_get1_EC_KEY(pkey);
- EVP_PKEY_free(pkey);
- }
- } else {
- if (pubin)
- eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
- else
- eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
- }
+
+ if (pubin)
+ eckey = load_pubkey(infile, informat, 1, passin, e, "public key");
+ else
+ eckey = load_key(infile, informat, 1, passin, e, "private key");
+
if (eckey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
- ERR_print_errors(bio_err);
goto end;
}
@@ -219,74 +192,96 @@ int ec_main(int argc, char **argv)
if (out == NULL)
goto end;
- group = EC_KEY_get0_group(eckey);
-
- if (new_form)
- EC_KEY_set_conv_form(eckey, form);
+ if (point_format
+ && !EVP_PKEY_set_utf8_string_param(
+ eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ point_format)) {
+ BIO_printf(bio_err, "unable to set point conversion format\n");
+ goto end;
+ }
- if (new_asn1_flag)
- EC_KEY_set_asn1_flag(eckey, asn1_flag);
+ if (asn1_encoding != NULL
+ && !EVP_PKEY_set_utf8_string_param(
+ eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
+ BIO_printf(bio_err, "unable to set asn1 encoding format\n");
+ goto end;
+ }
- if (no_public)
- EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
+ if (no_public
+ && !EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0)) {
+ BIO_printf(bio_err, "unable to disable public key encoding\n");
+ goto end;
+ }
if (text) {
assert(pubin || private);
- if (!EC_KEY_print(out, eckey, 0)) {
- perror(outfile);
- ERR_print_errors(bio_err);
+ if ((pubin && EVP_PKEY_print_public(out, eckey, 0, NULL) <= 0)
+ || (!pubin && EVP_PKEY_print_private(out, eckey, 0, NULL) <= 0)) {
+ BIO_printf(bio_err, "unable to print EC key\n");
goto end;
}
}
if (check) {
- if (EC_KEY_check_key(eckey) == 1) {
- BIO_printf(bio_err, "EC Key valid.\n");
- } else {
- BIO_printf(bio_err, "EC Key Invalid!\n");
- ERR_print_errors(bio_err);
+ pctx = EVP_PKEY_CTX_new_from_pkey(NULL, eckey, NULL);
+ if (pctx == NULL) {
+ BIO_printf(bio_err, "unable to check EC key\n");
+ goto end;
}
+ if (!EVP_PKEY_check(pctx))
+ BIO_printf(bio_err, "EC Key Invalid!\n");
+ else
+ BIO_printf(bio_err, "EC Key valid.\n");
+ ERR_print_errors(bio_err);
}
- if (noout) {
- ret = 0;
- goto end;
- }
+ if (!noout) {
+ int selection;
+ const char *output_type = outformat == FORMAT_ASN1 ? "DER" : "PEM";
+ const char *output_structure = "type-specific";
- BIO_printf(bio_err, "writing EC key\n");
- if (outformat == FORMAT_ASN1) {
+ BIO_printf(bio_err, "writing EC key\n");
if (param_out) {
- i = i2d_ECPKParameters_bio(out, group);
+ selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
} else if (pubin || pubout) {
- i = i2d_EC_PUBKEY_bio(out, eckey);
+ selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
+ | OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+ output_structure = "SubjectPublicKeyInfo";
} else {
+ selection = OSSL_KEYMGMT_SELECT_ALL;
assert(private);
- i = i2d_ECPrivateKey_bio(out, eckey);
}
- } else {
- if (param_out) {
- i = PEM_write_bio_ECPKParameters(out, group);
- } else if (pubin || pubout) {
- i = PEM_write_bio_EC_PUBKEY(out, eckey);
- } else {
- assert(private);
- i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
- NULL, 0, NULL, passout);
+
+ ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(eckey, selection,
+ output_type, output_structure,
+ NULL);
+ if (enc != NULL) {
+ OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+ if (passout != NULL)
+ OSSL_ENCODER_CTX_set_passphrase(ectx,
+ (const unsigned char *)passout,
+ strlen(passout));
+ }
+ if (!OSSL_ENCODER_to_bio(ectx, out)) {
+ BIO_printf(bio_err, "unable to write EC key\n");
+ goto end;
}
}
- if (!i) {
- BIO_printf(bio_err, "unable to write private key\n");
+ ret = 0;
+end:
+ if (ret != 0)
ERR_print_errors(bio_err);
- } else {
- ret = 0;
- }
- end:
BIO_free(in);
BIO_free_all(out);
- EC_KEY_free(eckey);
+ EVP_PKEY_free(eckey);
+ OSSL_ENCODER_CTX_free(ectx);
+ OSSL_DECODER_CTX_free(dctx);
+ EVP_PKEY_CTX_free(pctx);
release_engine(e);
- OPENSSL_free(passin);
- OPENSSL_free(passout);
+ if (passin != NULL)
+ OPENSSL_clear_free(passin, strlen(passin));
+ if (passout != NULL)
+ OPENSSL_clear_free(passout, strlen(passout));
return ret;
}
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 06f017a548..505868eb18 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -9,19 +9,16 @@
*/
#include <openssl/opensslconf.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/encoder.h>
+#include <openssl/decoder.h>
+#include <openssl/core_names.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/params.h>
+#include <openssl/err.h>
#include "apps.h"
#include "progs.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
+#include "ec_common.h"
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -67,36 +64,51 @@ const OPTIONS ecparam_options[] = {
{NULL}
};
-static OPT_PAIR forms[] = {
- {"compressed", POINT_CONVERSION_COMPRESSED},
- {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
- {"hybrid", POINT_CONVERSION_HYBRID},
- {NULL}
-};
+static int list_builtin_curves(BIO *out)
+{
+ int ret = 0;
+ EC_builtin_curve *curves = NULL;
+ size_t n, crv_len = EC_get_builtin_curves(NULL, 0);
-static OPT_PAIR encodings[] = {
- {"named_curve", OPENSSL_EC_NAMED_CURVE},
- {"explicit", 0},
- {NULL}
-};
+ curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
+ if (!EC_get_builtin_curves(curves, crv_len))
+ goto end;
+
+ for (n = 0; n < crv_len; n++) {
+ const char *comment = curves[n].comment;
+ const char *sname = OBJ_nid2sn(curves[n].nid);
+
+ if (comment == NULL)
+ comment = "CURVE DESCRIPTION NOT AVAILABLE";
+ if (sname == NULL)
+ sname = "";
+
+ BIO_printf(out, " %-10s: ", sname);
+ BIO_printf(out, "%s\n", comment);
+ }
+ ret = 1;
+end:
+ OPENSSL_free(curves);
+ return ret;
+}
int ecparam_main(int argc, char **argv)
{
+ EVP_PKEY_CTX *gctx_params = NULL, *gctx_key = NULL, *pctx = NULL;
+ EVP_PKEY *params_key = NULL, *key = NULL;
+ OSSL_ENCODER_CTX *ectx_key = NULL, *ectx_params = NULL;
+ OSSL_DECODER_CTX *dctx_params = NULL;
ENGINE *e = NULL;
- BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
- BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
BIO *in = NULL, *out = NULL;
- EC_GROUP *group = NULL;
- point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *curve_name = NULL;
+ char *asn1_encoding = NULL;
+ char *point_format = NULL;
char *infile = NULL, *outfile = NULL, *prog;
- unsigned char *buffer = NULL;
OPTION_CHOICE o;
- int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0;
int ret = 1, private = 0;
- int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
- int text = 0, i, genkey = 0, check_named = 0;
+ int no_seed = 0, check = 0, check_named = 0, text = 0, genkey = 0;
+ int list_curves = 0;
prog = opt_init(argc, argv, ecparam_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -146,15 +158,14 @@ int ecparam_main(int argc, char **argv)
curve_name = opt_arg();
break;
case OPT_CONV_FORM:
- if (!opt_pair(opt_arg(), forms, &new_form))
+ point_format = opt_arg();
+ if (!opt_string(point_format, point_format_options))
goto opthelp;
- form = new_form;
- new_form = 1;
break;
case OPT_PARAM_ENC:
- if (!opt_pair(opt_arg(), encodings, &asn1_flag))
+ asn1_encoding = opt_arg();
+ if (!opt_string(asn1_encoding, asn1_encoding_options))
goto opthelp;
- new_asn1_flag = 1;
break;
case OPT_GENKEY:
genkey = 1;
@@ -188,111 +199,88 @@ int ecparam_main(int argc, char **argv)
goto end;
if (list_curves) {
- EC_builtin_curve *curves = NULL;
- size_t crv_len = EC_get_builtin_curves(NULL, 0);
- size_t n;
-
- curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
- if (!EC_get_builtin_curves(curves, crv_len)) {
- OPENSSL_free(curves);
- goto end;
- }
-
- for (n = 0; n < crv_len; n++) {
- const char *comment;
- const char *sname;
- comment = curves[n].comment;
- sname = OBJ_nid2sn(curves[n].nid);
- if (comment == NULL)
- comment = "CURVE DESCRIPTION NOT AVAILABLE";
- if (sname == NULL)
- sname = "";
-
- BIO_printf(out, " %-10s: ", sname);
- BIO_printf(out, "%s\n", comment);
- }
-
- OPENSSL_free(curves);
- ret = 0;
+ if (list_builtin_curves(out))
+ ret = 0;
goto end;
}
if (curve_name != NULL) {
- int nid;
+ OSSL_PARAM params[4];
+ OSSL_PARAM *p = params;
- /*
- * workaround for the SECG curve names secp192r1 and secp256r1 (which
- * are the same as the curves prime192v1 and prime256v1 defined in
- * X9.62)
- */
if (strcmp(curve_name, "secp192r1") == 0) {
- BIO_printf(bio_err, "using curve name prime192v1 "
- "instead of secp192r1\n");
- nid = NID_X9_62_prime192v1;
+ BIO_printf(bio_err,
+ "using curve name prime192v1 instead of secp192r1\n");
+ curve_name = SN_X9_62_prime192v1;
} else if (strcmp(curve_name, "secp256r1") == 0) {
- BIO_printf(bio_err, "using curve name prime256v1 "
- "instead of secp256r1\n");
- nid = NID_X9_62_prime256v1;
- } else {
- nid = OBJ_sn2nid(curve_name);
+ BIO_printf(bio_err,
+ "using curve name prime256v1 instead of secp256r1\n");
+ curve_name = SN_X9_62_prime256v1;
}
-
- if (nid == 0)
- nid = EC_curve_nist2nid(curve_name);
-
- if (nid == 0) {
- BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+ curve_name, 0);
+ if (asn1_encoding != NULL)
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
+ asn1_encoding, 0);
+ if (point_format != NULL)
+ *p++ = OSSL_PARAM_construct_utf8_string(
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ point_format, 0);
+ *p = OSSL_PARAM_construct_end();
+ gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL);
+ if (gctx_params == NULL
+ || EVP_PKEY_keygen_init(gctx_params) <= 0
+ || EVP_PKEY_CTX_set_params(gctx_params, params) <= 0
+ || EVP_PKEY_keygen(gctx_params, ¶ms_key) <= 0) {
+ BIO_printf(bio_err, "unable to generate key\n");
+ goto end;
+ }
+ } else {
+ params_key = load_keyparams(infile, 1, "EC", "EC parameters");
+ if (!EVP_PKEY_is_a(params_key, "EC"))
+ goto end;
+ if (point_format
+ && !EVP_PKEY_set_utf8_string_param(
+ params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ point_format)) {
+ BIO_printf(bio_err, "unable to set point conversion format\n");
goto end;
}
- group = EC_GROUP_new_by_curve_name(nid);
- if (group == NULL) {
- BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
+ if (asn1_encoding != NULL
+ && !EVP_PKEY_set_utf8_string_param(
+ params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
+ BIO_printf(bio_err, "unable to set asn1 encoding format\n");
goto end;
}
- EC_GROUP_set_asn1_flag(group, asn1_flag);
- EC_GROUP_set_point_conversion_form(group, form);
- } else if (informat == FORMAT_ASN1) {
- group = d2i_ECPKParameters_bio(in, NULL);
- } else {
- group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
}
- if (group == NULL) {
- BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
- ERR_print_errors(bio_err);
+
+ if (no_seed
+ && !EVP_PKEY_set_octet_string_param(params_key, OSSL_PKEY_PARAM_EC_SEED,
+ NULL, 0)) {
+ BIO_printf(bio_err, "unable to clear seed\n");
goto end;
}
- if (new_form)
- EC_GROUP_set_point_conversion_form(group, form);
-
- if (new_asn1_flag)
- EC_GROUP_set_asn1_flag(group, asn1_flag);
-
- if (no_seed) {
- EC_GROUP_set_seed(group, NULL, 0);
+ if (text
+ && !EVP_PKEY_print_params(out, params_key, 0, NULL)) {
+ BIO_printf(bio_err, "unable to print params\n");
+ goto end;
}
- if (text) {
- if (!ECPKParameters_print(out, group, 0))
- goto end;
- }
+ if (check || check_named) {
+ BIO_printf(bio_err, "checking elliptic curve parameters: ");
- if (check_named) {
- BIO_printf(bio_err, "validating named elliptic curve parameters: ");
- if (EC_GROUP_check_named_curve(group, 0, NULL) <= 0) {
- BIO_printf(bio_err, "failed\n");
- ERR_print_errors(bio_err);
- goto end;
+ if (check_named
+ && !EVP_PKEY_set_utf8_string_param(params_key,
+ OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
+ OSSL_PKEY_EC_GROUP_CHECK_NAMED)) {
+ BIO_printf(bio_err, "unable to set check_type\n");
+ goto end;
}
- BIO_printf(bio_err, "ok\n");
- }
-
- if (check) {
- BIO_printf(bio_err, "checking elliptic curve parameters: ");
- if (!EC_GROUP_check(group, NULL)) {
+ pctx = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL);
+ if (pctx == NULL || !EVP_PKEY_param_check(pctx)) {
BIO_printf(bio_err, "failed\n");
- ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err, "ok\n");
@@ -302,60 +290,54 @@ int ecparam_main(int argc, char **argv)
noout = 1;
if (!noout) {
- if (outformat == FORMAT_ASN1)
- i = i2d_ECPKParameters_bio(out, group);
- else
- i = PEM_write_bio_ECPKParameters(out, group);
- if (!i) {
- BIO_printf(bio_err, "unable to write elliptic "
- "curve parameters\n");
- ERR_print_errors(bio_err);
+ ectx_params = OSSL_ENCODER_CTX_new_by_EVP_PKEY(
+ params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
+ outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
+ if (!OSSL_ENCODER_to_bio(ectx_params, out)) {
+ BIO_printf(bio_err, "unable to write elliptic curve parameters\n");
goto end;
}
}
if (genkey) {
- EC_KEY *eckey = EC_KEY_new();
-
- if (eckey == NULL)
- goto end;
-
- if (EC_KEY_set_group(eckey, group) == 0) {
- BIO_printf(bio_err, "unable to set group when generating key\n");
- EC_KEY_free(eckey);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (new_form)
- EC_KEY_set_conv_form(eckey, form);
-
- if (!EC_KEY_generate_key(eckey)) {
+ /*
+ * NOTE: EC keygen does not normally need to pass in the param_key
+ * for named curves. This can be achieved using:
+ * gctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
+ * EVP_PKEY_keygen_init(gctx);
+ * EVP_PKEY_CTX_set_group_name(gctx, curvename);
+ * EVP_PKEY_keygen(gctx, &key) <= 0)
+ */
+ gctx_key = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL);
+ if (EVP_PKEY_keygen_init(gctx_key) <= 0
+ || EVP_PKEY_keygen(gctx_key, &key) <= 0) {
BIO_printf(bio_err, "unable to generate key\n");
- EC_KEY_free(eckey);
- ERR_print_errors(bio_err);
goto end;
}
assert(private);
- if (outformat == FORMAT_ASN1)
- i = i2d_ECPrivateKey_bio(out, eckey);
- else
- i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
- NULL, 0, NULL, NULL);
- EC_KEY_free(eckey);
+ ectx_key = OSSL_ENCODER_CTX_new_by_EVP_PKEY(
+ key, OSSL_KEYMGMT_SELECT_ALL,
+ outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
+ if (!OSSL_ENCODER_to_bio(ectx_key, out)) {
+ BIO_printf(bio_err, "unable to write elliptic "
+ "curve parameters\n");
+ goto end;
+ }
}
ret = 0;
- end:
- BN_free(ec_p);
- BN_free(ec_a);
- BN_free(ec_b);
- BN_free(ec_gen);
- BN_free(ec_order);
- BN_free(ec_cofactor);
- OPENSSL_free(buffer);
- EC_GROUP_free(group);
+end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
release_engine(e);
+ EVP_PKEY_free(params_key);
+ EVP_PKEY_free(key);
+ EVP_PKEY_CTX_free(pctx);
+ EVP_PKEY_CTX_free(gctx_params);
+ EVP_PKEY_CTX_free(gctx_key);
+ OSSL_DECODER_CTX_free(dctx_params);
+ OSSL_ENCODER_CTX_free(ectx_params);
+ OSSL_ENCODER_CTX_free(ectx_key);
BIO_free(in);
BIO_free_all(out);
return ret;
diff --git a/crypto/threads_lib.c b/apps/include/ec_common.h
similarity index 60%
copy from crypto/threads_lib.c
copy to apps/include/ec_common.h
index 0c7162392d..4ed12163fa 100644
--- a/crypto/threads_lib.c
+++ b/apps/include/ec_common.h
@@ -6,20 +6,18 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-#include <openssl/crypto.h>
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-
-void OPENSSL_fork_prepare(void)
-{
-}
-
-void OPENSSL_fork_parent(void)
-{
-}
-
-void OPENSSL_fork_child(void)
-{
-}
+#ifndef OPENSSL_NO_EC
+static const char *point_format_options[] = {
+ "uncompressed",
+ "compressed",
+ "hybrid",
+ NULL
+};
+static const char *asn1_encoding_options[] = {
+ "named_curve",
+ "explicit",
+ NULL
+};
#endif
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 15375e3a80..34298cf50d 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -363,6 +363,7 @@ int opt_umax(const char *arg, uintmax_t *result);
# define uintmax_t unsigned long
#endif
int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_string(const char *name, const char **options);
int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
int opt_md(const char *name, const EVP_MD **mdp);
char *opt_arg(void);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 9675bc474d..11a9a13496 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -391,6 +391,20 @@ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
return 0;
}
+/* Look through a list of valid names */
+int opt_string(const char *name, const char **options)
+{
+ const char **p;
+
+ for (p = options; *p != NULL; p++)
+ if (strcmp(*p, name) == 0)
+ return 1;
+ opt_printf_stderr("%s: Value must be one of:\n", prog);
+ for (p = options; *p != NULL; p++)
+ opt_printf_stderr("\t%s\n", *p);
+ return 0;
+}
+
/* Parse an int, put it into *result; return 0 on failure, else 1. */
int opt_int(const char *value, int *result)
{
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 67e0fbd5bd..d77647246d 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -397,15 +397,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
- int nid;
- const char *cname;
- nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
- EC_KEY_free(ec);
- cname = EC_curve_nid2nist(nid);
- if (cname == NULL)
- cname = OBJ_nid2sn(nid);
- BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
+ char name[80];
+ size_t name_len;
+
+ if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,
+ name, sizeof(name), &name_len))
+ strcpy(name, "?");
+ BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_bits(key));
}
break;
#endif
diff --git a/apps/pkey.c b/apps/pkey.c
index 5d12cc059a..33ed5ebf58 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -11,26 +11,11 @@
#include <string.h>
#include "apps.h"
#include "progs.h"
+#include "ec_common.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
-
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-
-static OPT_PAIR ec_conv_forms[] = {
- {"compressed", POINT_CONVERSION_COMPRESSED},
- {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
- {"hybrid", POINT_CONVERSION_HYBRID},
- {NULL}
-};
-
-static OPT_PAIR ec_param_enc[] = {
- {"named_curve", OPENSSL_EC_NAMED_CURVE},
- {"explicit", 0},
- {NULL}
-};
-#endif
+#include <openssl/core_names.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -94,10 +79,8 @@ int pkey_main(int argc, char **argv)
int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
int private = 0, traditional = 0, check = 0, pub_check = 0;
#ifndef OPENSSL_NO_EC
- EC_KEY *eckey;
- int ec_asn1_flag = OPENSSL_EC_NAMED_CURVE, new_ec_asn1_flag = 0;
- int i, new_ec_form = 0;
- point_conversion_form_t ec_form = POINT_CONVERSION_UNCOMPRESSED;
+ char *asn1_encoding = NULL;
+ char *point_format = NULL;
#endif
prog = opt_init(argc, argv, pkey_options);
@@ -167,20 +150,18 @@ int pkey_main(int argc, char **argv)
#ifdef OPENSSL_NO_EC
goto opthelp;
#else
- if (!opt_pair(opt_arg(), ec_conv_forms, &i))
+ point_format = opt_arg();
+ if (!opt_string(point_format, point_format_options))
goto opthelp;
- new_ec_form = 1;
- ec_form = i;
break;
#endif
case OPT_EC_PARAM_ENC:
#ifdef OPENSSL_NO_EC
goto opthelp;
#else
- if (!opt_pair(opt_arg(), ec_param_enc, &i))
+ asn1_encoding = opt_arg();
+ if (!opt_string(asn1_encoding, asn1_encoding_options))
goto opthelp;
- new_ec_asn1_flag = 1;
- ec_asn1_flag = i;
break;
#endif
case OPT_PROV_CASES:
@@ -234,20 +215,22 @@ int pkey_main(int argc, char **argv)
goto end;
#ifndef OPENSSL_NO_EC
- /*
- * TODO: remove this and use a set params call with a 'pkeyopt' command
- * line option instead.
- */
- if (new_ec_form || new_ec_asn1_flag) {
- if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
- ERR_print_errors(bio_err);
+ if (asn1_encoding != NULL || point_format != NULL) {
+ OSSL_PARAM params[3], *p = params;
+
+ if (!EVP_PKEY_is_a(pkey, "EC"))
goto end;
- }
- if (new_ec_form)
- EC_KEY_set_conv_form(eckey, ec_form);
- if (new_ec_asn1_flag)
- EC_KEY_set_asn1_flag(eckey, ec_asn1_flag);
+ if (asn1_encoding != NULL)
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
+ asn1_encoding, 0);
+ if (point_format != NULL)
+ *p++ = OSSL_PARAM_construct_utf8_string(
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ point_format, 0);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_PKEY_set_params(pkey, params) <= 0)
+ goto end;
}
#endif
diff --git a/apps/speed.c b/apps/speed.c
index c8c4f65b47..e2b98c86b5 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -583,7 +583,9 @@ typedef struct loopargs_st {
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
EC_KEY *ecdsa[ECDSA_NUM];
+# endif
EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
@@ -4082,8 +4084,10 @@ int speed_main(int argc, char **argv)
DSA_free(loopargs[i].dsa_key[k]);
#endif
#ifndef OPENSSL_NO_EC
+# if !defined(OPENSSL_NO_DEPRECATED_3_0)
for (k = 0; k < ECDSA_NUM; k++)
EC_KEY_free(loopargs[i].ecdsa[k]);
+# endif
for (k = 0; k < EC_NUM; k++)
EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
for (k = 0; k < EdDSA_NUM; k++) {
diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h
index 01d9076350..b8c5581146 100644
--- a/crypto/asn1/asn1_item_list.h
+++ b/crypto/asn1/asn1_item_list.h
@@ -63,8 +63,10 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(DIST_POINT_NAME),
ASN1_ITEM_ref(DIST_POINT),
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
ASN1_ITEM_ref(ECPARAMETERS),
ASN1_ITEM_ref(ECPKPARAMETERS),
+# endif
#endif
ASN1_ITEM_ref(EDIPARTYNAME),
ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index f950657173..06acb7d607 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * Low level APIs related to EC_KEY are deprecated for public use,
+ * but still ok for internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_names.h>
#include <openssl/objects.h>
#include <openssl/params.h>
@@ -23,6 +29,18 @@ static const OSSL_ITEM encoding_nameid_map[] = {
{ OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP },
};
+static const OSSL_ITEM check_group_type_nameid_map[] = {
+ { 0, OSSL_PKEY_EC_GROUP_CHECK_DEFAULT },
+ { EC_FLAG_CHECK_NAMED_GROUP, OSSL_PKEY_EC_GROUP_CHECK_NAMED },
+ { EC_FLAG_CHECK_NAMED_GROUP_NIST, OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST },
+};
+
+static const OSSL_ITEM format_nameid_map[] = {
+ { (int)POINT_CONVERSION_UNCOMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED },
+ { (int)POINT_CONVERSION_COMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED },
+ { (int)POINT_CONVERSION_HYBRID, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID },
+};
+
int ec_encoding_name2id(const char *name)
{
size_t i, sz;
@@ -49,13 +67,95 @@ static char *ec_param_encoding_id2name(int id)
return NULL;
}
+char *ec_check_group_type_id2name(int id)
+{
+ size_t i, sz;
+
+ for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) {
+ if (id == (int)check_group_type_nameid_map[i].id)
+ return check_group_type_nameid_map[i].ptr;
+ }
+ return NULL;
+}
+
+static int ec_check_group_type_name2id(const char *name)
+{
+ size_t i, sz;
+
+ /* Return the default value if there is no name */
+ if (name == NULL)
+ return 0;
+
+ for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) {
+ if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0)
+ return check_group_type_nameid_map[i].id;
+ }
+ return -1;
+}
+
+int ec_set_check_group_type_from_name(EC_KEY *ec, const char *name)
+{
+ int flags = ec_check_group_type_name2id(name);
+
+ if (flags == -1)
+ return 0;
+ EC_KEY_clear_flags(ec, EC_FLAG_CHECK_NAMED_GROUP_MASK);
+ EC_KEY_set_flags(ec, flags);
+ return 1;
+}
+
+static int ec_set_check_group_type_from_param(EC_KEY *ec, const OSSL_PARAM *p)
+{
+ const char *name = NULL;
+ int status = 0;
+
+ switch (p->data_type) {
+ case OSSL_PARAM_UTF8_STRING:
+ name = p->data;
+ status = (name != NULL);
+ break;
+ case OSSL_PARAM_UTF8_PTR:
+ status = OSSL_PARAM_get_utf8_ptr(p, &name);
+ break;
+ }
+ if (status)
+ return ec_set_check_group_type_from_name(ec, name);
+ return 0;
+}
+
+int ec_pt_format_name2id(const char *name)
+{
+ size_t i, sz;
+
+ /* Return the default value if there is no name */
+ if (name == NULL)
+ return (int)POINT_CONVERSION_UNCOMPRESSED;
+
+ for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) {
+ if (strcasecmp(name, format_nameid_map[i].ptr) == 0)
+ return format_nameid_map[i].id;
+ }
+ return -1;
+}
+
+char *ec_pt_format_id2name(int id)
+{
+ size_t i, sz;
+
+ for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) {
+ if (id == (int)format_nameid_map[i].id)
+ return format_nameid_map[i].ptr;
+ }
+ return NULL;
+}
+
int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
OSSL_PARAM params[], OSSL_LIB_CTX *libctx,
const char *propq,
BN_CTX *bnctx, unsigned char **genbuf)
{
int ret = 0, curve_nid, encoding_flag;
- const char *field_type, *encoding_name;
+ const char *field_type, *encoding_name, *pt_form_name;
const BIGNUM *cofactor, *order;
BIGNUM *p = NULL, *a = NULL, *b = NULL;
point_conversion_form_t genform;
@@ -68,6 +168,15 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
return 0;
}
+ genform = EC_GROUP_get_point_conversion_form(group);
+ pt_form_name = ec_pt_format_id2name(genform);
+ if (pt_form_name == NULL
+ || !ossl_param_build_set_utf8_string(
+ tmpl, params,
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) {
+ ECerr(0, EC_R_INVALID_FORM);
+ return 0;
+ }
encoding_flag = EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE;
encoding_name = ec_param_encoding_id2name(encoding_flag);
if (encoding_name == NULL
@@ -115,7 +224,6 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
goto err;
}
- genform = EC_GROUP_get_point_conversion_form(group);
genbuf_len = EC_POINT_point2buf(group, genpt, genform, genbuf, bnctx);
if (genbuf_len == 0) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
@@ -336,17 +444,50 @@ int ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
if (!EC_KEY_set_group(ec, group))
goto err;
-
- /*
- * TODO(3.0): if the group has changed, should we invalidate the private and
- * public key?
- */
ok = 1;
err:
EC_GROUP_free(group);
return ok;
}
+static int ec_key_point_format_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+ int format = -1;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT);
+ if (p != NULL) {
+ if (!ec_pt_format_param2id(p, &format)) {
+ ECerr(0, EC_R_INVALID_FORM);
+ return 0;
+ }
+ EC_KEY_set_conv_form(ec, format);
+ }
+ return 1;
+}
+
+static int ec_key_group_check_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE);
+ if (p != NULL)
+ return ec_set_check_group_type_from_param(ec, p);
+ return 1;
+}
+
+static int ec_set_include_public(EC_KEY *ec, int include)
+{
+ int flags = EC_KEY_get_enc_flags(ec);
+
+ if (!include)
+ flags |= EC_PKEY_NO_PUBKEY;
+ else
+ flags &= ~EC_PKEY_NO_PUBKEY;
+ EC_KEY_set_enc_flags(ec, flags);
+ return 1;
+}
+
int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
{
const OSSL_PARAM *p;
@@ -363,5 +504,69 @@ int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
return 0;
}
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC);
+ if (p != NULL) {
+ int include = 1;
+
+ if (!OSSL_PARAM_get_int(p, &include)
+ || !ec_set_include_public(ec, include))
+ return 0;
+ }
+ if (!ec_key_point_format_fromdata(ec, params))
+ return 0;
+ if (!ec_key_group_check_fromdata(ec, params))
+ return 0;
return 1;
}
+
+int ec_encoding_param2id(const OSSL_PARAM *p, int *id)
+{
+ const char *name = NULL;
+ int status = 0;
+
+ switch (p->data_type) {
+ case OSSL_PARAM_UTF8_STRING:
+ /* The OSSL_PARAM functions have no support for this */
+ name = p->data;
+ status = (name != NULL);
+ break;
+ case OSSL_PARAM_UTF8_PTR:
+ status = OSSL_PARAM_get_utf8_ptr(p, &name);
+ break;
+ }
+ if (status) {
+ int i = ec_encoding_name2id(name);
+
+ if (i >= 0) {
+ *id = i;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int ec_pt_format_param2id(const OSSL_PARAM *p, int *id)
+{
+ const char *name = NULL;
+ int status = 0;
+
+ switch (p->data_type) {
+ case OSSL_PARAM_UTF8_STRING:
+ /* The OSSL_PARAM functions have no support for this */
+ name = p->data;
+ status = (name != NULL);
+ break;
+ case OSSL_PARAM_UTF8_PTR:
+ status = OSSL_PARAM_get_utf8_ptr(p, &name);
+ break;
+ }
+ if (status) {
+ int i = ec_pt_format_name2id(name);
+
+ if (i >= 0) {
+ *id = i;
+ return 1;
+ }
+ }
+ return 0;
+}
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index d03c75e8aa..d354fd484e 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -9,7 +9,7 @@
*/
/*
- * ECDSA low level APIs are deprecated for public use, but still ok for
+ * EC_KEY low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 678b77047d..e1b92f7c33 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -9,7 +9,7 @@
*/
/*
- * ECDSA low level APIs are deprecated for public use, but still ok for
+ * EC_GROUP low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
@@ -1461,32 +1461,6 @@ err:
return NULL;
}
-static int ec_encoding_param2id(const OSSL_PARAM *p, int *id)
-{
- const char *name = NULL;
- int status = 0;
-
- switch (p->data_type) {
- case OSSL_PARAM_UTF8_STRING:
- /* The OSSL_PARAM functions have no support for this */
- name = p->data;
- status = (name != NULL);
- break;
- case OSSL_PARAM_UTF8_PTR:
- status = OSSL_PARAM_get_utf8_ptr(p, &name);
- break;
- }
- if (status) {
- int i = ec_encoding_name2id(name);
-
- if (i >= 0) {
- *id = i;
- return 1;
- }
- }
- return 0;
-}
-
static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
OSSL_LIB_CTX *libctx, const char *propq)
{
@@ -1516,6 +1490,42 @@ static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
return NULL;
}
+/* These parameters can be set directly into an EC_GROUP */
+int ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
+{
+ int encoding_flag = -1, format = -1;
+ const OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT);
+ if (p != NULL) {
+ if (!ec_pt_format_param2id(p, &format)) {
+ ECerr(0, EC_R_INVALID_FORM);
+ return 0;
+ }
+ EC_GROUP_set_point_conversion_form(group, format);
+ }
+
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
+ if (p != NULL) {
+ if (!ec_encoding_param2id(p, &encoding_flag)) {
+ ECerr(0, EC_R_INVALID_FORM);
+ return 0;
+ }
+ EC_GROUP_set_asn1_flag(group, encoding_flag);
+ }
+ /* Optional seed */
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED);
+ if (p != NULL) {
+ /* The seed is allowed to be NULL */
+ if (p->data_type != OSSL_PARAM_OCTET_STRING
+ || !EC_GROUP_set_seed(group, p->data, p->data_size)) {
+ ECerr(0, EC_R_INVALID_SEED);
+ return 0;
+ }
+ }
+ return 1;
+}
+
EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
OSSL_LIB_CTX *libctx, const char *propq)
{
@@ -1530,19 +1540,19 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
const unsigned char *buf = NULL;
int encoding_flag = -1;
- ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
- if (ptmp != NULL && !ec_encoding_param2id(ptmp, &encoding_flag)) {
- ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
- return 0;
- }
-
+ /* This is the simple named group case */
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
if (ptmp != NULL) {
group = group_new_from_name(ptmp, libctx, propq);
- if (group != NULL)
- EC_GROUP_set_asn1_flag(group, encoding_flag);
+ if (group != NULL) {
+ if (!ec_group_set_params(group, params)) {
+ EC_GROUP_free(group);
+ group = NULL;
+ }
+ }
return group;
}
+ /* If it gets here then we are trying explicit parameters */
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
@@ -1690,6 +1700,12 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
* If we did not find a named group then the encoding should be explicit
* if it was specified
*/
+ ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
+ if (ptmp != NULL
+ && !ec_encoding_param2id(ptmp, &encoding_flag)) {
+ ECerr(0, EC_R_INVALID_ENCODING);
+ return 0;
+ }
if (encoding_flag == OPENSSL_EC_NAMED_CURVE) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
goto err;
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index cd1632dc9a..084633dcdc 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -172,6 +172,9 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
if (!key) {
const EC_GROUP *group;
group = EC_KEY_get0_group(eckey);
+
+ if (group == NULL)
+ return 0;
*keylen = (EC_GROUP_get_degree(group) + 7) / 8;
return 1;
}
diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
index 20c6065a31..e731d7c369 100644
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
@@ -8,13 +8,16 @@
* https://www.openssl.org/source/license.html
*/
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/ec.h>
#include <openssl/bn.h>
-#ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_STDIO
int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
{
BIO *b;
@@ -59,7 +62,7 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
BIO_free(b);
return ret;
}
-#endif
+#endif /* OPENSSL_NO_STDIO */
static int print_bin(BIO *fp, const char *str, const unsigned char *num,
size_t len, int off);
@@ -256,3 +259,4 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
return 1;
}
+#endif /* OPENSSL_NO_DEPRECATED_3_0 */
diff --git a/crypto/evp/ec_ctrl.c b/crypto/evp/ec_ctrl.c
index 541d8549d4..5bb078639c 100644
--- a/crypto/evp/ec_ctrl.c
+++ b/crypto/evp/ec_ctrl.c
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
+#include "internal/deprecated.h"
+
#include <string.h>
#include <openssl/core_names.h>
@@ -466,7 +468,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
(char *)enc, 0);
- *p++ = OSSL_PARAM_construct_end();
+ *p = OSSL_PARAM_construct_end();
ret = evp_pkey_ctx_set_params_strict(ctx, params);
end:
diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c
index cad4d67d73..a4e478c223 100644
--- a/crypto/evp/p_legacy.c
+++ b/crypto/evp/p_legacy.c
@@ -17,6 +17,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
+#include <openssl/ec.h>
#include "crypto/types.h"
#include "crypto/evp.h"
#include "evp_local.h"
@@ -24,6 +25,7 @@
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
{
int ret = EVP_PKEY_assign_RSA(pkey, key);
+
if (ret)
RSA_up_ref(key);
return ret;
@@ -45,7 +47,41 @@ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
{
RSA *ret = EVP_PKEY_get0_RSA(pkey);
+
if (ret != NULL)
RSA_up_ref(ret);
return ret;
}
+
+#ifndef OPENSSL_NO_EC
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+{
+ int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
+
+ if (ret)
+ EC_KEY_up_ref(key);
+ return ret;
+}
+
+EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
+{
+ if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
+ return NULL;
+ }
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
+ EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+ return NULL;
+ }
+ return pkey->pkey.ec;
+}
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+{
+ EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
+
+ if (ret != NULL)
+ EC_KEY_up_ref(ret);
+ return ret;
+}
+#endif /* OPENSSL_NO_EC */
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index f82e42c7e3..d91cf01762 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -43,7 +43,6 @@
#include "crypto/ec.h"
-/* TODO remove this when the EVP_PKEY_is_a() #legacy support hack is removed */
#include "e_os.h" /* strcasecmp on Windows */
static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
@@ -115,8 +114,7 @@ void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx)
int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
/*
- * TODO: clean up legacy stuff from this function when legacy support
- * is gone.
+ * Clean up legacy stuff from this function when legacy support is gone.
*/
/*
@@ -814,35 +812,6 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_EC
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
-{
- int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
- if (ret)
- EC_KEY_up_ref(key);
- return ret;
-}
-
-EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
-{
- if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
- return NULL;
- }
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
- ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY);
- return NULL;
- }
- return pkey->pkey.ec;
-}
-
-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
-{
- EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
- if (ret != NULL)
- EC_KEY_up_ref(ret);
- return ret;
-}
-
static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
{
if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
@@ -1252,9 +1221,11 @@ int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char *gname, size_t gname_sz,
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
- EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
- int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ const EC_GROUP *grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
+ int nid = NID_undef;
+ if (grp != NULL)
+ nid = EC_GROUP_get_curve_name(grp);
if (nid != NID_undef)
name = ec_curve_nid2name(nid);
}
@@ -2138,3 +2109,188 @@ int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
return 0;
return 1;
}
+
+int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in)
+{
+ OSSL_PARAM params[2];
+
+ if (pkey == NULL
+ || pkey->keymgmt == NULL
+ || pkey->keydata == NULL
+ || key_name == NULL)
+ return 0;
+
+ params[0] = OSSL_PARAM_construct_int(key_name, &in);
+ params[1] = OSSL_PARAM_construct_end();
+ return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in)
+{
+ OSSL_PARAM params[2];
+
+ if (pkey == NULL
+ || pkey->keymgmt == NULL
+ || pkey->keydata == NULL
+ || key_name == NULL)
+ return 0;
+
+ params[0] = OSSL_PARAM_construct_size_t(key_name, &in);
+ params[1] = OSSL_PARAM_construct_end();
+ return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn)
+{
+ OSSL_PARAM params[2];
+ unsigned char buffer[2048];
+ int bsize = 0;
+
+ if (pkey == NULL
+ || pkey->keymgmt == NULL
+ || pkey->keydata == NULL
+ || key_name == NULL
+ || bn == NULL)
+ return 0;
+
+ bsize = BN_num_bytes(bn);
+ if (!ossl_assert(bsize <= (int)sizeof(buffer)))
+ return 0;
+
+ if (BN_bn2nativepad(bn, buffer, bsize) < 0)
+ return 0;
+ params[0] = OSSL_PARAM_construct_BN(key_name, buffer, bsize);
+ params[1] = OSSL_PARAM_construct_end();
+ return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+ char *str)
+{
+ OSSL_PARAM params[2];
+
+ if (pkey == NULL
+ || pkey->keymgmt == NULL
+ || pkey->keydata == NULL
+ || key_name == NULL)
+ return 0;
+
+ params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, 0);
+ params[1] = OSSL_PARAM_construct_end();
+ return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+ unsigned char *buf, size_t bsize)
+{
+ OSSL_PARAM params[2];
+
+ if (pkey == NULL
+ || pkey->keymgmt == NULL
+ || pkey->keydata == NULL
+ || key_name == NULL)
+ return 0;
+
+ params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, bsize);
+ params[1] = OSSL_PARAM_construct_end();
+ return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey)
+{
+ if (pkey == NULL
+ || pkey->keymgmt == NULL
+ || pkey->keydata == NULL)
+ return 0;
+ return EVP_KEYMGMT_settable_params(pkey->keymgmt);
+}
+
+int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[])
+{
+ if (pkey == NULL
+ || pkey->keymgmt == NULL
+ || pkey->keydata == NULL)
+ return 0;
+ return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+#ifndef FIPS_MODULE
+int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey)
+{
+ char name[80];
+ size_t name_len;
+
+ if (pkey == NULL)
+ return 0;
+
+ if (pkey->keymgmt == NULL
+ || pkey->keydata == NULL) {
+#ifndef OPENSSL_NO_EC
+ /* Might work through the legacy route */
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+
+ if (ec == NULL)
+ return 0;
+
+ return EC_KEY_get_conv_form(ec);
+#else
+ return 0;
+#endif
+ }
+
+ if (!EVP_PKEY_get_utf8_string_param(pkey,
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ name, sizeof(name), &name_len))
+ return 0;
+
+ if (strcmp(name, "uncompressed") == 0)
+ return POINT_CONVERSION_UNCOMPRESSED;
+
+ if (strcmp(name, "compressed") == 0)
+ return POINT_CONVERSION_COMPRESSED;
+
+ if (strcmp(name, "hybrid") == 0)
+ return POINT_CONVERSION_HYBRID;
+
+ return 0;
+}
+
+int EVP_PKEY_get_field_type(const EVP_PKEY *pkey)
+{
+ char fstr[80];
+ size_t fstrlen;
+
+ if (pkey == NULL)
+ return 0;
+
+ if (pkey->keymgmt == NULL
+ || pkey->keydata == NULL) {
+#ifndef OPENSSL_NO_EC
+ /* Might work through the legacy route */
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+ const EC_GROUP *grp;
+
+ if (ec == NULL)
+ return 0;
+ grp = EC_KEY_get0_group(ec);
+ if (grp == NULL)
+ return 0;
+
+ return EC_GROUP_get_field_type(grp);
+#else
+ return 0;
+#endif
+ }
+
+ if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_EC_FIELD_TYPE,
+ fstr, sizeof(fstr), &fstrlen))
+ return 0;
+
+ if (strcmp(fstr, SN_X9_62_prime_field) == 0)
+ return NID_X9_62_prime_field;
+ else if (strcmp(fstr, SN_X9_62_characteristic_two_field))
+ return NID_X9_62_characteristic_two_field;
+
+ return 0;
+}
+#endif
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index 5f73f93ce8..a31b81ceec 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -128,7 +128,9 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
#endif
-#ifndef OPENSSL_NO_EC
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
{
EC_KEY *dtmp;
@@ -160,7 +162,7 @@ IMPLEMENT_PEM_rw(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
ECPrivateKey)
IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
-# ifndef OPENSSL_NO_STDIO
+# ifndef OPENSSL_NO_STDIO
EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
void *u)
{
@@ -168,10 +170,9 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
}
-
-# endif
-
-#endif
+# endif
+# endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
#ifndef OPENSSL_NO_DH
diff --git a/crypto/sm2/sm2_key.c b/crypto/sm2/sm2_key.c
index 5182d01058..c91a712b67 100644
--- a/crypto/sm2/sm2_key.c
+++ b/crypto/sm2/sm2_key.c
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
+#include "internal/deprecated.h" /* to be able to use EC_KEY and EC_GROUP */
+
#include <openssl/err.h>
#include "crypto/sm2err.h"
#include "crypto/sm2.h"
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index 94ea3aef96..1383e2e4f8 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -9,6 +9,8 @@
* https://www.openssl.org/source/license.html
*/
+#include "internal/deprecated.h"
+
#include "crypto/sm2.h"
#include "crypto/sm2err.h"
#include "crypto/ec.h" /* ec_group_do_inverse_ord() */
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index d18d1e2b67..579cac077b 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -400,13 +400,18 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
{
- const EC_GROUP *grp = NULL;
+ char curve_name[80];
+ size_t curve_name_len;
int curve_nid;
- if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC)
- grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
- if (!grp)
+
+ if (pkey == NULL || !EVP_PKEY_is_a(pkey, "EC"))
return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
- curve_nid = EC_GROUP_get_curve_name(grp);
+
+ if (!EVP_PKEY_get_group_name(pkey, curve_name, sizeof(curve_name),
+ &curve_name_len))
+ return X509_V_ERR_SUITE_B_INVALID_CURVE;
+
+ curve_nid = OBJ_txt2nid(curve_name);
/* Check curve is consistent with LOS */
if (curve_nid == NID_secp384r1) { /* P-384 */
/*
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1d79449331..2e61969791 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <time.h>
#include <errno.h>
diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in
index 5cdd3d820a..9b4b5cab0b 100644
--- a/doc/man1/openssl-ec.pod.in
+++ b/doc/man1/openssl-ec.pod.in
@@ -189,6 +189,9 @@ L<openssl-rsa(1)>
The B<-engine> option was deprecated in OpenSSL 3.0.
+The B<-conv_form> and B<-no_public> options are no longer supported
+with keys loaded from an engine in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/EVP_PKEY_get_field_type.pod b/doc/man3/EVP_PKEY_get_field_type.pod
new file mode 100644
index 0000000000..e32fa7290c
--- /dev/null
+++ b/doc/man3/EVP_PKEY_get_field_type.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_get_field_type, EVP_PKEY_get_ec_point_conv_form - get field type
+or point conversion form of a key
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);
+ int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_get_field_type() returns the field type NID of the I<pkey>, if
+I<pkey>'s key type supports it. The types currently supported
+by the built-in OpenSSL providers are either B<NID_X9_62_prime_field>
+for prime curves or B<NID_X9_62_characteristic_two_field> for binary curves;
+these values are defined in the F<< <openssl/obj_mac.h> >> header file.
+
+EVP_PKEY_get_ec_point_conv_form() returns the point conversion format
+of the I<pkey>, if I<pkey>'s key type supports it.
+
+=head1 NOTES
+
+Among the standard OpenSSL key types, this is only supported for EC and
+SM2 keys. Other providers may support this for additional key types.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_get_field_type() returns the field type NID or 0 on error.
+
+EVP_PKEY_get_ec_point_conv_form() returns the point conversion format number
+(see L<EC_GROUP_copy(3)>) or 0 on error.
+
+=head1 SEE ALSO
+
+L<EC_GROUP_copy(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/EVP_PKEY_get_group_name.pod b/doc/man3/EVP_PKEY_get_group_name.pod
index 964d6b8007..1dc6df26d7 100644
--- a/doc/man3/EVP_PKEY_get_group_name.pod
+++ b/doc/man3/EVP_PKEY_get_group_name.pod
@@ -2,7 +2,7 @@
=head1 NAME
-EVP_PKEY_get_group_name - get private key group name
+EVP_PKEY_get_group_name - get group name of a key
=head1 SYNOPSIS
diff --git a/doc/man3/EVP_PKEY_settable_params.pod b/doc/man3/EVP_PKEY_settable_params.pod
new file mode 100644
index 0000000000..7d18472465
--- /dev/null
+++ b/doc/man3/EVP_PKEY_settable_params.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_settable_params, EVP_PKEY_set_params,
+EVP_PKEY_set_int_param, EVP_PKEY_set_size_t_param, EVP_PKEY_set_bn_param,
+EVP_PKEY_set_utf8_string_param, EVP_PKEY_set_octet_string_param
+- set key parameters into a key
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
+ int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
+ int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
+ int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
+ int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+ int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+ char *str);
+ int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+ unsigned char *buf, size_t bsize);
+
+=head1 DESCRIPTION
+
+These functions can be used to set additional parameters into an existing
+B<EVP_PKEY>.
+
+EVP_PKEY_set_params() sets one or more I<params> into a I<pkey>.
+See L<OSSL_PARAM(3)> for information about parameters.
+
+EVP_PKEY_settable_params() returns a constant list of I<params> indicating
+the names and types of key parameters that can be set.
+See L<OSSL_PARAM(3)> for information about parameters.
+
+EVP_PKEY_set_int_param() sets an integer value I<in> into a key I<pkey> for the
+associated field I<key_name>.
+
+EVP_PKEY_set_size_t_param() sets an size_t value I<in> into a key I<pkey> for
+the associated field I<key_name>.
+
+EVP_PKEY_set_bn_param() sets the BIGNUM value I<bn> into a key I<pkey> for the
+associated field I<key_name>.
+
+EVP_PKEY_set_utf8_string_param() sets the UTF8 string I<str> into a key I<pkey>
+for the associated field I<key_name>.
+
+EVP_PKEY_set_octet_string_param() sets the octet string value I<buf> with a
+size I<bsize> into a key I<pkey> for the associated field I<key_name>.
+
+=head1 NOTES
+
+These functions only work for B<EVP_PKEY>s that contain a provider side key.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_settable_params() returns NULL on error or if it is not supported,
+
+All other methods return 1 if a value was successfully set, or 0 if
+there was an error.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_gettable_params(3)>,
+L<EVP_PKEY_CTX_new(3)>, L<provider-keymgmt(7)>, L<OSSL_PARAM(3)>,
+
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+
diff --git a/doc/man3/d2i_RSAPrivateKey.pod b/doc/man3/d2i_RSAPrivateKey.pod
index 7375f1bab3..8e7c010578 100644
--- a/doc/man3/d2i_RSAPrivateKey.pod
+++ b/doc/man3/d2i_RSAPrivateKey.pod
@@ -28,6 +28,14 @@ d2i_RSA_PUBKEY_fp,
d2i_DHparams,
d2i_DHparams_bio,
d2i_DHparams_fp,
+d2i_ECPKParameters,
+d2i_ECParameters,
+d2i_ECPrivateKey,
+d2i_ECPrivateKey_bio,
+d2i_ECPrivateKey_fp,
+d2i_EC_PUBKEY,
+d2i_EC_PUBKEY_bio,
+d2i_EC_PUBKEY_fp,
i2d_RSAPrivateKey,
i2d_RSAPrivateKey_bio,
i2d_RSAPrivateKey_fp,
@@ -39,7 +47,15 @@ i2d_RSA_PUBKEY_bio,
i2d_RSA_PUBKEY_fp,
i2d_DHparams,
i2d_DHparams_bio,
-i2d_DHparams_fp
+i2d_DHparams_fp,
+i2d_ECPKParameters,
+i2d_ECParameters,
+i2d_ECPrivateKey,
+i2d_ECPrivateKey_bio,
+i2d_ECPrivateKey_fp,
+i2d_EC_PUBKEY,
+i2d_EC_PUBKEY_bio,
+i2d_EC_PUBKEY_fp
- DEPRECATED
=head1 SYNOPSIS
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index d5c684e31d..02542ba32d 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -53,14 +53,6 @@ d2i_DIST_POINT,
d2i_DIST_POINT_NAME,
d2i_DSA_SIG,
d2i_ECDSA_SIG,
-d2i_ECPKParameters,
-d2i_ECParameters,
-d2i_ECPrivateKey,
-d2i_ECPrivateKey_bio,
-d2i_ECPrivateKey_fp,
-d2i_EC_PUBKEY,
-d2i_EC_PUBKEY_bio,
-d2i_EC_PUBKEY_fp,
d2i_EDIPARTYNAME,
d2i_ESS_CERT_ID,
d2i_ESS_CERT_ID_V2,
@@ -237,14 +229,6 @@ i2d_DSA_PUBKEY_fp,
i2d_DSA_SIG,
i2d_DSAparams,
i2d_ECDSA_SIG,
-i2d_ECPKParameters,
-i2d_ECParameters,
-i2d_ECPrivateKey,
-i2d_ECPrivateKey_bio,
-i2d_ECPrivateKey_fp,
-i2d_EC_PUBKEY,
-i2d_EC_PUBKEY_bio,
-i2d_EC_PUBKEY_fp,
i2d_EDIPARTYNAME,
i2d_ESS_CERT_ID,
i2d_ESS_CERT_ID_V2,
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
index be6e507169..ad188c6f46 100644
--- a/doc/man7/EVP_PKEY-EC.pod
+++ b/doc/man7/EVP_PKEY-EC.pod
@@ -79,6 +79,26 @@ EC curve's cofactor (note for some curves the cofactor is 1).
Set the format used for serializing the EC group parameters.
Valid values are "explicit" or "named_curve". The default value is "named_curve".
+=item "point-format" (B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>) <utf8 string>
+
+Sets or gets the point_conversion_form for the I<key>. For a description of
+point_conversion_forms please see L<EC_POINT_new(3)>. Valid values are
+"uncompressed" or "compressed". The default value is "uncompressed".
+
+=item "group-check" (B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>) <utf8 string>
+
+Sets or Gets the type of group check done when EVP_PKEY_param_check() is called.
+Valid values are "default", "named" and "named-nist".
+The "named" type checks that the domain parameters match the inbuilt curve parameters,
+"named-nist" is similiar but also checks that the named curve is a nist curve.
+The "default" type does domain parameter validation for the OpenSSL default provider,
+but is equivalent to "named-nist" for the OpenSSL fips provider.
+
+=item "include-public" (B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>) <integer>
+
+Setting this value to 0 indicates that the public key should not be included when
+encoding the private key. The default value of 1 will include the public key.
+
See also L<EVP_KEYEXCH-ECDH(7)> for the related
B<OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE> parameter that can be set on a
per-operation basis.
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index b0d2ecd14e..e85a9607a4 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -96,7 +96,7 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(DISPLAYTEXT),
ASN1_ITEM_ref(DIST_POINT),
ASN1_ITEM_ref(DIST_POINT_NAME),
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
ASN1_ITEM_ref(ECPARAMETERS),
ASN1_ITEM_ref(ECPKPARAMETERS),
#endif
@@ -347,10 +347,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey);
#endif
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print);
-# ifndef OPENSSL_NO_DEPRECATED_3_0
DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG);
# endif
#endif
diff --git a/fuzz/server.c b/fuzz/server.c
index ead9fc1105..9631787885 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -12,7 +12,7 @@
/* Test first part of SSL server handshake. */
-/* We need to use the deprecated RSA low level calls */
+/* We need to use the deprecated RSA/EC low level calls */
#define OPENSSL_SUPPRESS_DEPRECATED
#include <time.h>
@@ -200,8 +200,8 @@ static const uint8_t kRSAPrivateKeyDER[] = {
};
#endif
-
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* -----BEGIN EC PRIVATE KEY-----
* MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49
@@ -230,6 +230,7 @@ static const char ECDSAPrivateKeyPEM[] = {
0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54,
0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
};
+# endif
/*
* -----BEGIN CERTIFICATE-----
@@ -522,14 +523,14 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
RSA *privkey;
#endif
const uint8_t *bufp;
-#if !defined(OPENSSL_NO_DEPRECATED_3_0) \
- || !defined(OPENSSL_NO_DSA) \
- || !defined(OPENSSL_NO_EC)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
EVP_PKEY *pkey;
#endif
X509 *cert;
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
EC_KEY *ecdsakey = NULL;
+# endif
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
DSA *dsakey = NULL;
@@ -571,6 +572,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
X509_free(cert);
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/* ECDSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM));
@@ -583,7 +585,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
-
+# endif
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM));
cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);
diff --git a/include/crypto/ec.h b/include/crypto/ec.h
index 087457fa50..4127b6e9a0 100644
--- a/include/crypto/ec.h
+++ b/include/crypto/ec.h
@@ -23,6 +23,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc);
# ifndef OPENSSL_NO_EC
# include <openssl/core.h>
# include <openssl/ec.h>
+# include "crypto/types.h"
/*-
* Computes the multiplicative inverse of x in the range
@@ -69,10 +70,18 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
const char *propq,
BN_CTX *bnctx, unsigned char **genbuf);
int ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
+int ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]);
int ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], int include_private);
int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode);
int ec_encoding_name2id(const char *name);
+int ec_encoding_param2id(const OSSL_PARAM *p, int *id);
+int ec_pt_format_name2id(const char *name);
+int ec_pt_format_param2id(const OSSL_PARAM *p, int *id);
+char *ec_pt_format_id2name(int id);
+
+char *ec_check_group_type_id2name(int flags);
+int ec_set_check_group_type_from_name(EC_KEY *ec, const char *name);
# endif /* OPENSSL_NO_EC */
#endif
diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h
index e442e7aec7..a38d940a70 100644
--- a/include/crypto/sm2.h
+++ b/include/crypto/sm2.h
@@ -16,6 +16,7 @@
# ifndef OPENSSL_NO_SM2
# include <openssl/ec.h>
+# include "crypto/types.h"
int sm2_key_private_check(const EC_KEY *eckey);
diff --git a/include/crypto/types.h b/include/crypto/types.h
index ccb75e3cbf..e6e90d6177 100644
--- a/include/crypto/types.h
+++ b/include/crypto/types.h
@@ -12,5 +12,6 @@
#ifdef OPENSSL_NO_DEPRECATED_3_0
typedef struct rsa_st RSA;
typedef struct rsa_meth_st RSA_METHOD;
+typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
#endif
-
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 17b0573ac3..7b9af62962 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -400,12 +400,23 @@ extern "C" {
#define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */
+#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */
+#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
/* OSSL_PKEY_PARAM_EC_ENCODING values */
#define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit"
#define OSSL_PKEY_EC_ENCODING_GROUP "named_curve"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid"
+
+#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default"
+#define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named"
+#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist"
+
/* Key Exchange parameters */
#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */
#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 1f01c09fb2..c7797e957d 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -68,18 +68,6 @@ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
*/
# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63
-# ifndef OPENSSL_NO_EC
-# include <openssl/asn1.h>
-# include <openssl/symhacks.h>
-# ifndef OPENSSL_NO_DEPRECATED_1_1_0
-# include <openssl/bn.h>
-# endif
-# include <openssl/ecerr.h>
-
-# ifndef OPENSSL_ECC_MAX_FIELD_BITS
-# define OPENSSL_ECC_MAX_FIELD_BITS 661
-# endif
-
/** Enum for the point conversion form as defined in X9.62 (ECDSA)
* for the encoding of a elliptic curve point (x,y) */
typedef enum {
@@ -93,6 +81,18 @@ typedef enum {
POINT_CONVERSION_HYBRID = 6
} point_conversion_form_t;
+# ifndef OPENSSL_NO_EC
+# include <openssl/asn1.h>
+# include <openssl/symhacks.h>
+# ifndef OPENSSL_NO_DEPRECATED_1_1_0
+# include <openssl/bn.h>
+# endif
+# include <openssl/ecerr.h>
+
+# ifndef OPENSSL_ECC_MAX_FIELD_BITS
+# define OPENSSL_ECC_MAX_FIELD_BITS 661
+# endif
+
# include <openssl/params.h>
# ifndef OPENSSL_NO_DEPRECATED_3_0
typedef struct ec_method_st EC_METHOD;
@@ -106,40 +106,41 @@ typedef struct ec_parameters_st ECPARAMETERS;
/* EC_METHODs for curves over GF(p) */
/********************************************************************/
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/** Returns the basic GFp ec methods which provides the basis for the
* optimized methods.
* \return EC_METHOD object
*/
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_simple_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_simple_method(void);
/** Returns GFp methods using montgomery multiplication.
* \return EC_METHOD object
*/
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_mont_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_mont_method(void);
/** Returns GFp methods using optimized methods for NIST recommended curves
* \return EC_METHOD object
*/
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nist_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nist_method(void);
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
/** Returns 64-bit optimized methods for nistp224
* \return EC_METHOD object
*/
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp224_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp224_method(void);
/** Returns 64-bit optimized methods for nistp256
* \return EC_METHOD object
*/
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp256_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp256_method(void);
/** Returns 64-bit optimized methods for nistp521
* \return EC_METHOD object
*/
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp521_method(void))
-# endif
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp521_method(void);
+# endif /* OPENSSL_NO_EC_NISTP_64_GCC_128 */
-# ifndef OPENSSL_NO_EC2M
+# ifndef OPENSSL_NO_EC2M
/********************************************************************/
/* EC_METHOD for curves over GF(2^m) */
/********************************************************************/
@@ -147,9 +148,9 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp521_method(void))
/** Returns the basic GF2m ec method
* \return EC_METHOD object
*/
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GF2m_simple_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GF2m_simple_method(void);
-# endif
+# endif
/********************************************************************/
/* EC_GROUP functions */
@@ -160,18 +161,31 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_GF2m_simple_method(void))
* \param meth EC_METHOD to use
* \return newly created EC_GROUP object or NULL in case of an error.
*/
-DEPRECATEDIN_3_0(EC_GROUP *EC_GROUP_new(const EC_METHOD *meth))
+OSSL_DEPRECATEDIN_3_0 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+
+/** Clears and frees a EC_GROUP object
+ * \param group EC_GROUP object to be cleared and freed.
+ */
+OSSL_DEPRECATEDIN_3_0 void EC_GROUP_clear_free(EC_GROUP *group);
+
+/** Returns the EC_METHOD of the EC_GROUP object.
+ * \param group EC_GROUP object
+ * \return EC_METHOD used in this EC_GROUP object.
+ */
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+
+/** Returns the field type of the EC_METHOD.
+ * \param meth EC_METHOD object
+ * \return NID of the underlying field type OID.
+ */
+OSSL_DEPRECATEDIN_3_0 int EC_METHOD_get_field_type(const EC_METHOD *meth);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/** Frees a EC_GROUP object
* \param group EC_GROUP object to be freed.
*/
void EC_GROUP_free(EC_GROUP *group);
-/** Clears and frees a EC_GROUP object
- * \param group EC_GROUP object to be cleared and freed.
- */
-DEPRECATEDIN_3_0(void EC_GROUP_clear_free(EC_GROUP *group))
-
/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
* \param dst destination EC_GROUP object
* \param src source EC_GROUP object
@@ -186,18 +200,6 @@ int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
*/
EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
-/** Returns the EC_METHOD of the EC_GROUP object.
- * \param group EC_GROUP object
- * \return EC_METHOD used in this EC_GROUP object.
- */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group))
-
-/** Returns the field type of the EC_METHOD.
- * \param meth EC_METHOD object
- * \return NID of the underlying field type OID.
- */
-DEPRECATEDIN_3_0(int EC_METHOD_get_field_type(const EC_METHOD *meth))
-
/** Sets the generator and its order/cofactor of a EC_GROUP object.
* \param group EC_GROUP object
* \param generator EC_POINT object with the generator.
@@ -317,6 +319,7 @@ int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
BN_CTX *ctx);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve
* \param group EC_GROUP object
* \param p BIGNUM with the prime number (GFp) or the polynomial
@@ -326,9 +329,11 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
- const BIGNUM *a, const BIGNUM *b,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GFp(EC_GROUP *group,
+ const BIGNUM *p,
+ const BIGNUM *a,
+ const BIGNUM *b,
+ BN_CTX *ctx);
/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
* \param group EC_GROUP object
@@ -339,11 +344,12 @@ DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
- BIGNUM *a, BIGNUM *b,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GFp(const EC_GROUP *group,
+ BIGNUM *p,
+ BIGNUM *a, BIGNUM *b,
+ BN_CTX *ctx);
-# ifndef OPENSSL_NO_EC2M
+# ifndef OPENSSL_NO_EC2M
/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve
* \param group EC_GROUP object
* \param p BIGNUM with the prime number (GFp) or the polynomial
@@ -353,9 +359,11 @@ DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
- const BIGNUM *a, const BIGNUM *b,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GF2m(EC_GROUP *group,
+ const BIGNUM *p,
+ const BIGNUM *a,
+ const BIGNUM *b,
+ BN_CTX *ctx);
/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
* \param group EC_GROUP object
@@ -366,10 +374,13 @@ DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
- BIGNUM *a, BIGNUM *b,
- BN_CTX *ctx))
-# endif
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group,
+ BIGNUM *p,
+ BIGNUM *a, BIGNUM *b,
+ BN_CTX *ctx);
+# endif /* OPENSSL_NO_EC2M */
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
/** Returns the number of bits needed to represent a field element
* \param group EC_GROUP object
* \return number of bits needed to represent a field element
@@ -550,12 +561,6 @@ int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
*/
EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
-/** Returns the EC_METHOD used in EC_POINT object
- * \param point EC_POINT object
- * \return the EC_METHOD used
- */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_POINT_method_of(const EC_POINT *point))
-
/** Sets a point to infinity (neutral element)
* \param group underlying EC_GROUP object
* \param point EC_POINT to set to infinity
@@ -563,6 +568,13 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_POINT_method_of(const EC_POINT *point))
*/
int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+/** Returns the EC_METHOD used in EC_POINT object
+ * \param point EC_POINT object
+ * \return the EC_METHOD used
+ */
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+
/** Sets the jacobian projective coordinates of a EC_POINT over GFp
* \param group underlying EC_GROUP object
* \param p EC_POINT object
@@ -572,10 +584,10 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
- EC_POINT *p, const BIGNUM *x,
- const BIGNUM *y, const BIGNUM *z,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_Jprojective_coordinates_GFp
+ (const EC_GROUP *group, EC_POINT *p,
+ const BIGNUM *x, const BIGNUM *y, const BIGNUM *z,
+ BN_CTX *ctx);
/** Gets the jacobian projective coordinates of a EC_POINT over GFp
* \param group underlying EC_GROUP object
@@ -586,10 +598,10 @@ DEPRECATEDIN_3_0(int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *gr
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
- const EC_POINT *p, BIGNUM *x,
- BIGNUM *y, BIGNUM *z,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_Jprojective_coordinates_GFp
+ (const EC_GROUP *group, const EC_POINT *p,
+ BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/** Sets the affine coordinates of an EC_POINT
* \param group underlying EC_GROUP object
@@ -614,6 +626,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/** Sets the affine coordinates of an EC_POINT. A synonym of
* EC_POINT_set_affine_coordinates
* \param group underlying EC_GROUP object
@@ -623,11 +636,9 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
- EC_POINT *p,
- const BIGNUM *x,
- const BIGNUM *y,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GFp
+ (const EC_GROUP *group, EC_POINT *p,
+ const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
/** Gets the affine coordinates of an EC_POINT. A synonym of
* EC_POINT_get_affine_coordinates
@@ -638,11 +649,10 @@ DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
- const EC_POINT *p,
- BIGNUM *x,
- BIGNUM *y,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GFp
+ (const EC_GROUP *group, const EC_POINT *p,
+ BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/** Sets the x9.62 compressed coordinates of a EC_POINT
* \param group underlying EC_GROUP object
@@ -656,6 +666,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit,
BN_CTX *ctx);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
* EC_POINT_set_compressed_coordinates
* \param group underlying EC_GROUP object
@@ -665,12 +676,10 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
- EC_POINT *p,
- const BIGNUM *x,
- int y_bit,
- BN_CTX *ctx))
-# ifndef OPENSSL_NO_EC2M
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GFp
+ (const EC_GROUP *group, EC_POINT *p,
+ const BIGNUM *x, int y_bit, BN_CTX *ctx);
+# ifndef OPENSSL_NO_EC2M
/** Sets the affine coordinates of an EC_POINT. A synonym of
* EC_POINT_set_affine_coordinates
* \param group underlying EC_GROUP object
@@ -680,11 +689,9 @@ DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *gro
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
- EC_POINT *p,
- const BIGNUM *x,
- const BIGNUM *y,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GF2m
+ (const EC_GROUP *group, EC_POINT *p,
+ const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
/** Gets the affine coordinates of an EC_POINT. A synonym of
* EC_POINT_get_affine_coordinates
@@ -695,11 +702,9 @@ DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
- const EC_POINT *p,
- BIGNUM *x,
- BIGNUM *y,
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GF2m
+ (const EC_GROUP *group, const EC_POINT *p,
+ BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
* EC_POINT_set_compressed_coordinates
@@ -710,12 +715,12 @@ DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
- EC_POINT *p,
- const BIGNUM *x,
- int y_bit,
- BN_CTX *ctx))
-# endif
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GF2m
+ (const EC_GROUP *group, EC_POINT *p,
+ const BIGNUM *x, int y_bit, BN_CTX *ctx);
+# endif
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
/** Encodes a EC_POINT object to a octet string
* \param group underlying EC_GROUP object
* \param p EC_POINT object
@@ -828,10 +833,11 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
BN_CTX *ctx);
-DEPRECATEDIN_3_0(int EC_POINT_make_affine(const EC_GROUP *group,
- EC_POINT *point, BN_CTX *ctx))
-DEPRECATEDIN_3_0(int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
- EC_POINT *points[], BN_CTX *ctx))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_make_affine(const EC_GROUP *group,
+ EC_POINT *point, BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+ EC_POINT *points[], BN_CTX *ctx);
/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i]
* \param group underlying EC_GROUP object
@@ -843,10 +849,11 @@ DEPRECATEDIN_3_0(int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
- const BIGNUM *n, size_t num,
- const EC_POINT *p[], const BIGNUM *m[],
- BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
+ const BIGNUM *n, size_t num,
+ const EC_POINT *p[], const BIGNUM *m[],
+ BN_CTX *ctx);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/** Computes r = generator * n + q * m
* \param group underlying EC_GROUP object
@@ -860,18 +867,20 @@ DEPRECATEDIN_3_0(int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/** Stores multiples of generator for faster point multiplication
* \param group EC_GROUP object
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred
*/
-DEPRECATEDIN_3_0(int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
/** Reports whether a precomputation has been done
* \param group EC_GROUP object
* \return 1 if a pre-computation has been done and 0 otherwise
*/
-DEPRECATEDIN_3_0(int EC_GROUP_have_precompute_mult(const EC_GROUP *group))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/********************************************************************/
/* ASN1 stuff */
@@ -906,10 +915,14 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
# define i2d_ECPKParameters_fp(fp,x) \
ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x))
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-# ifndef OPENSSL_NO_STDIO
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x,
+ int off);
+# ifndef OPENSSL_NO_STDIO
+OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x,
+ int off);
+# endif
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/********************************************************************/
/* EC_KEY functions */
@@ -920,33 +933,40 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
# define EC_PKEY_NO_PUBKEY 0x002
/* some values for the flags field */
-# define EC_FLAG_NON_FIPS_ALLOW 0x1
-# define EC_FLAG_FIPS_CHECKED 0x2
-# define EC_FLAG_COFACTOR_ECDH 0x1000
-# define EC_FLAG_SM2_RANGE 0x4
+# define EC_FLAG_SM2_RANGE 0x0004
+# define EC_FLAG_COFACTOR_ECDH 0x1000
+# define EC_FLAG_CHECK_NAMED_GROUP 0x2000
+# define EC_FLAG_CHECK_NAMED_GROUP_NIST 0x4000
+# define EC_FLAG_CHECK_NAMED_GROUP_MASK \
+ (EC_FLAG_CHECK_NAMED_GROUP | EC_FLAG_CHECK_NAMED_GROUP_NIST)
+/* Deprecated flags - it was using 0x01..0x02 */
+# define EC_FLAG_NON_FIPS_ALLOW 0x0000
+# define EC_FLAG_FIPS_CHECKED 0x0000
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/**
* Creates a new EC_KEY object.
* \param ctx The library context for to use for this EC_KEY. May be NULL in
* which case the default library context is used.
* \return EC_KEY object or NULL if an error occurred.
*/
-EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq);
/**
* Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a
* NULL library context
* \return EC_KEY object or NULL if an error occurred.
*/
-EC_KEY *EC_KEY_new(void);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new(void);
-int EC_KEY_get_flags(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_get_flags(const EC_KEY *key);
-void EC_KEY_set_flags(EC_KEY *key, int flags);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_flags(EC_KEY *key, int flags);
-void EC_KEY_clear_flags(EC_KEY *key, int flags);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_clear_flags(EC_KEY *key, int flags);
-int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
/**
* Creates a new EC_KEY object using a named curve as underlying
@@ -957,8 +977,9 @@ int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
* \param nid NID of the named curve.
* \return EC_KEY object or NULL if an error occurred.
*/
-EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq,
- int nid);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx,
+ const char *propq,
+ int nid);
/**
* Creates a new EC_KEY object using a named curve as underlying
@@ -967,44 +988,43 @@ EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq,
* \param nid NID of the named curve.
* \return EC_KEY object or NULL if an error occurred.
*/
-EC_KEY *EC_KEY_new_by_curve_name(int nid);
-
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
/** Frees a EC_KEY object.
* \param key EC_KEY object to be freed.
*/
-void EC_KEY_free(EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
/** Copies a EC_KEY object.
* \param dst destination EC_KEY object
* \param src src EC_KEY object
* \return dst or NULL if an error occurred.
*/
-EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
/** Creates a new EC_KEY object and copies the content from src to it.
* \param src the source EC_KEY object
* \return newly created EC_KEY object or NULL if an error occurred.
*/
-EC_KEY *EC_KEY_dup(const EC_KEY *src);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_dup(const EC_KEY *src);
/** Increases the internal reference count of a EC_KEY object.
* \param key EC_KEY object
* \return 1 on success and 0 if an error occurred.
*/
-int EC_KEY_up_ref(EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_up_ref(EC_KEY *key);
/** Returns the ENGINE object of a EC_KEY object
* \param eckey EC_KEY object
* \return the ENGINE object (possibly NULL).
*/
-ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+OSSL_DEPRECATEDIN_3_0 ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
/** Returns the EC_GROUP object of a EC_KEY object
* \param key EC_KEY object
* \return the EC_GROUP object (possibly NULL).
*/
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
/** Sets the EC_GROUP of a EC_KEY object.
* \param key EC_KEY object
@@ -1012,13 +1032,13 @@ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
* object will use an own copy of the EC_GROUP).
* \return 1 on success and 0 if an error occurred.
*/
-int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
/** Returns the private key of a EC_KEY object.
* \param key EC_KEY object
* \return a BIGNUM with the private key (possibly NULL).
*/
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
/** Sets the private key of a EC_KEY object.
* \param key EC_KEY object
@@ -1026,13 +1046,13 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
* will use an own copy of the BIGNUM).
* \return 1 on success and 0 if an error occurred.
*/
-int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
/** Returns the public key of a EC_KEY object.
* \param key the EC_KEY object
* \return a EC_POINT object with the public key (possibly NULL)
*/
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
/** Sets the public key of a EC_KEY object.
* \param key EC_KEY object
@@ -1040,20 +1060,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
* will use an own copy of the EC_POINT object).
* \return 1 on success and 0 if an error occurred.
*/
-int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
-unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
-void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+OSSL_DEPRECATEDIN_3_0 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+OSSL_DEPRECATEDIN_3_0 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_conv_form(EC_KEY *eckey,
+ point_conversion_form_t cform);
+# endif /*OPENSSL_NO_DEPRECATED_3_0 */
# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
-int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
-void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
+OSSL_DEPRECATEDIN_3_0 void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
/* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
/** Creates a table of pre-computed multiples of the generator to
* accelerate further EC_KEY operations.
@@ -1061,25 +1085,25 @@ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occurred.
*/
-DEPRECATEDIN_3_0(int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
/** Creates a new ec private (and optional a new public) key.
* \param key EC_KEY object
* \return 1 on success and 0 if an error occurred.
*/
-int EC_KEY_generate_key(EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_generate_key(EC_KEY *key);
/** Verifies that a private and/or public key is valid.
* \param key the EC_KEY object
* \return 1 on success and 0 otherwise.
*/
-int EC_KEY_check_key(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
/** Indicates if an EC_KEY can be used for signing.
* \param eckey the EC_KEY object
* \return 1 if can can sign and 0 otherwise.
*/
-int EC_KEY_can_sign(const EC_KEY *eckey);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
/** Sets a public key from affine coordinates performing
* necessary NIST PKV tests.
@@ -1088,8 +1112,9 @@ int EC_KEY_can_sign(const EC_KEY *eckey);
* \param y public key y coordinate
* \return 1 on success and 0 otherwise.
*/
-int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
- BIGNUM *y);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
+ BIGNUM *x,
+ BIGNUM *y);
/** Encodes an EC_KEY public key to an allocated octet string
* \param key key to encode
@@ -1098,8 +1123,9 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
* \param ctx BN_CTX object (optional)
* \return the length of the encoded octet string or 0 if an error occurred
*/
-size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
- unsigned char **pbuf, BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_key2buf(const EC_KEY *key,
+ point_conversion_form_t form,
+ unsigned char **pbuf, BN_CTX *ctx);
/** Decodes a EC_KEY public key from a octet string
* \param key key to decode
@@ -1109,8 +1135,8 @@ size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
* \return 1 on success and 0 if an error occurred
*/
-int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
- BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf,
+ size_t len, BN_CTX *ctx);
/** Decodes an EC_KEY private key from an octet string
* \param key key to decode
@@ -1119,7 +1145,8 @@ int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
* \return 1 on success and 0 if an error occurred
*/
-int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf,
+ size_t len);
/** Encodes a EC_KEY private key to an octet string
* \param key key to encode
@@ -1129,14 +1156,16 @@ int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
* \return the length of the encoded octet string or 0 if an error occurred
*/
-size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len);
+OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2oct(const EC_KEY *key,
+ unsigned char *buf, size_t len);
/** Encodes an EC_KEY private key to an allocated octet string
* \param eckey key to encode
* \param pbuf returns pointer to allocated buffer
* \return the length of the encoded octet string or 0 if an error occurred
*/
-size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2buf(const EC_KEY *eckey,
+ unsigned char **pbuf);
/********************************************************************/
/* de- and encoding functions for SEC1 ECPrivateKey */
@@ -1148,7 +1177,9 @@ size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
* \param len length of the DER encoded private key
* \return the decoded private key or NULL if an error occurred.
*/
-EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey(EC_KEY **key,
+ const unsigned char **in,
+ long len);
/** Encodes a private key object and stores the result in a buffer.
* \param key the EC_KEY object to encode
@@ -1156,7 +1187,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
* of bytes needed).
* \return 1 on success and 0 if an error occurred.
*/
-int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out);
+OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey(const EC_KEY *key,
+ unsigned char **out);
/********************************************************************/
/* de- and encoding functions for EC parameters */
@@ -1169,7 +1201,9 @@ int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out);
* \return a EC_KEY object with the decoded parameters or NULL if an error
* occurred.
*/
-EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECParameters(EC_KEY **key,
+ const unsigned char **in,
+ long len);
/** Encodes ec parameter and stores the result in a buffer.
* \param key the EC_KEY object with ec parameters to encode
@@ -1177,7 +1211,8 @@ EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
* of bytes needed).
* \return 1 on success and 0 if an error occurred.
*/
-int i2d_ECParameters(const EC_KEY *key, unsigned char **out);
+OSSL_DEPRECATEDIN_3_0 int i2d_ECParameters(const EC_KEY *key,
+ unsigned char **out);
/********************************************************************/
/* de- and encoding functions for EC public key */
@@ -1191,7 +1226,8 @@ int i2d_ECParameters(const EC_KEY *key, unsigned char **out);
* \return EC_KEY object with decoded public key or NULL if an error
* occurred.
*/
-EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *o2i_ECPublicKey(EC_KEY **key,
+ const unsigned char **in, long len);
/** Encodes a ec public key in an octet string.
* \param key the EC_KEY object with the public key
@@ -1199,14 +1235,14 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
* of bytes needed).
* \return 1 on success and 0 if an error occurred
*/
-int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
+OSSL_DEPRECATEDIN_3_0 int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
/** Prints out the ec parameters on human readable form.
* \param bp BIO object to which the information is printed
* \param key EC_KEY object
* \return 1 on success and 0 if an error occurred
*/
-int ECParameters_print(BIO *bp, const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int ECParameters_print(BIO *bp, const EC_KEY *key);
/** Prints out the contents of a EC_KEY object
* \param bp BIO object to which the information is printed
@@ -1214,15 +1250,15 @@ int ECParameters_print(BIO *bp, const EC_KEY *key);
* \param off line offset
* \return 1 on success and 0 if an error occurred
*/
-int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
-# ifndef OPENSSL_NO_STDIO
+# ifndef OPENSSL_NO_STDIO
/** Prints out the ec parameters on human readable form.
* \param fp file descriptor to which the information is printed
* \param key EC_KEY object
* \return 1 on success and 0 if an error occurred
*/
-int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
/** Prints out the contents of a EC_KEY object
* \param fp file descriptor to which the information is printed
@@ -1230,32 +1266,33 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
* \param off line offset
* \return 1 on success and 0 if an error occurred
*/
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
+# endif /* OPENSSL_NO_STDIO */
-# endif
-
-const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
-const EC_KEY_METHOD *EC_KEY_get_default_method(void);
-void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
-const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
-int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
-EC_KEY *EC_KEY_new_method(ENGINE *engine);
+OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
+OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_default_method(void);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
/** The old name for ecdh_KDF_X9_63
* The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
* it is actually specified in ANSI X9.63.
* This identifier is retained for backwards compatibility
*/
-DEPRECATEDIN_3_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- const unsigned char *sinfo, size_t sinfolen,
- const EVP_MD *md))
-
-DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen,
- const EC_POINT *pub_key,
- const EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen,
- void *out, size_t *outlen)))
+OSSL_DEPRECATEDIN_3_0 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo,
+ size_t sinfolen, const EVP_MD *md);
+
+OSSL_DEPRECATEDIN_3_0 int ECDH_compute_key(void *out, size_t outlen,
+ const EC_POINT *pub_key,
+ const EC_KEY *ecdh,
+ void *(*KDF)(const void *in,
+ size_t inlen, void *out,
+ size_t *outlen));
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
typedef struct ECDSA_SIG_st ECDSA_SIG;
@@ -1310,6 +1347,7 @@ const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
*/
int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/** Computes the ECDSA signature of the given hash value using
* the supplied private key and returns the created signature.
* \param dgst pointer to the hash value
@@ -1317,8 +1355,8 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
* \param eckey EC_KEY object containing a private EC key
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
-DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,
- int dgst_len, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,
+ int dgst_len, EC_KEY *eckey);
/** Computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
@@ -1330,9 +1368,9 @@ DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,
* \param eckey EC_KEY object containing a private EC key
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
-DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst,
- int dgstlen, const BIGNUM *kinv,
- const BIGNUM *rp, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst,
+ int dgstlen, const BIGNUM *kinv,
+ const BIGNUM *rp, EC_KEY *eckey);
/** Verifies that the supplied signature is a valid ECDSA
* signature of the supplied hash value using the supplied public key.
@@ -1343,8 +1381,8 @@ DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst,
* \return 1 if the signature is valid, 0 if the signature is invalid
* and -1 on error
*/
-DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
/** Precompute parts of the signing operation
* \param eckey EC_KEY object containing a private EC key
@@ -1353,8 +1391,8 @@ DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
* \param rp BIGNUM pointer for x coordinate of k * generator
* \return 1 on success and 0 otherwise
*/
-DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
- BIGNUM **kinv, BIGNUM **rp))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
+ BIGNUM **kinv, BIGNUM **rp);
/** Computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
@@ -1366,9 +1404,9 @@ DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
* \param eckey EC_KEY object containing a private EC key
* \return 1 on success and 0 otherwise
*/
-DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst,
- int dgstlen, unsigned char *sig,
- unsigned int *siglen, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_sign(int type, const unsigned char *dgst,
+ int dgstlen, unsigned char *sig,
+ unsigned int *siglen, EC_KEY *eckey);
/** Computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
@@ -1383,10 +1421,10 @@ DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst,
* \param eckey EC_KEY object containing a private EC key
* \return 1 on success and 0 otherwise
*/
-DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst,
- int dgstlen, unsigned char *sig,
- unsigned int *siglen, const BIGNUM *kinv,
- const BIGNUM *rp, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_ex(int type, const unsigned char *dgst,
+ int dgstlen, unsigned char *sig,
+ unsigned int *siglen, const BIGNUM *kinv,
+ const BIGNUM *rp, EC_KEY *eckey);
/** Verifies that the given signature is valid ECDSA signature
* of the supplied hash value using the specified public key.
@@ -1399,119 +1437,112 @@ DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst,
* \return 1 if the signature is valid, 0 if the signature is invalid
* and -1 on error
*/
-DEPRECATEDIN_3_0(int ECDSA_verify(int type, const unsigned char *dgst,
- int dgstlen, const unsigned char *sig,
- int siglen, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_verify(int type, const unsigned char *dgst,
+ int dgstlen, const unsigned char *sig,
+ int siglen, EC_KEY *eckey);
/** Returns the maximum length of the DER encoded signature
* \param eckey EC_KEY object
* \return numbers of bytes required for the DER encoded signature
*/
-DEPRECATEDIN_3_0(int ECDSA_size(const EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_size(const EC_KEY *eckey);
/********************************************************************/
/* EC_KEY_METHOD constructors, destructors, writers and accessors */
/********************************************************************/
-DEPRECATEDIN_3_0(EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth))
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_free(EC_KEY_METHOD *meth))
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_init
- (EC_KEY_METHOD *meth,
- int (*init)(EC_KEY *key),
- void (*finish)(EC_KEY *key),
- int (*copy)(EC_KEY *dest, const EC_KEY *src),
- int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
- int (*set_private)(EC_KEY *key,
- const BIGNUM *priv_key),
- int (*set_public)(EC_KEY *key,
- const EC_POINT *pub_key)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
- int (*keygen)(EC_KEY *key)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_compute_key
- (EC_KEY_METHOD *meth,
- int (*ckey)(unsigned char **psec,
- size_t *pseclen,
- const EC_POINT *pub_key,
- const EC_KEY *ecdh)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_sign
- (EC_KEY_METHOD *meth,
- int (*sign)(int type, const unsigned char *dgst,
- int dlen, unsigned char *sig,
- unsigned int *siglen,
- const BIGNUM *kinv, const BIGNUM *r,
- EC_KEY *eckey),
- int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
- BIGNUM **kinvp, BIGNUM **rp),
- ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
- int dgst_len,
- const BIGNUM *in_kinv,
- const BIGNUM *in_r,
- EC_KEY *eckey)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_verify
- (EC_KEY_METHOD *meth,
- int (*verify)(int type, const unsigned
- char *dgst, int dgst_len,
- const unsigned char *sigbuf,
- int sig_len, EC_KEY *eckey),
- int (*verify_sig)(const unsigned char *dgst,
- int dgst_len,
- const ECDSA_SIG *sig,
- EC_KEY *eckey)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_init
- (const EC_KEY_METHOD *meth,
- int (**pinit)(EC_KEY *key),
- void (**pfinish)(EC_KEY *key),
- int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
- int (**pset_group)(EC_KEY *key,
- const EC_GROUP *grp),
- int (**pset_private)(EC_KEY *key,
- const BIGNUM *priv_key),
- int (**pset_public)(EC_KEY *key,
- const EC_POINT *pub_key)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
- int (**pkeygen)(EC_KEY *key)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_compute_key
- (const EC_KEY_METHOD *meth,
- int (**pck)(unsigned char **psec,
- size_t *pseclen,
- const EC_POINT *pub_key,
- const EC_KEY *ecdh)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_sign
- (const EC_KEY_METHOD *meth,
- int (**psign)(int type, const unsigned char *dgst,
- int dlen, unsigned char *sig,
- unsigned int *siglen,
- const BIGNUM *kinv, const BIGNUM *r,
- EC_KEY *eckey),
- int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
- BIGNUM **kinvp, BIGNUM **rp),
- ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+OSSL_DEPRECATEDIN_3_0 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_free(EC_KEY_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_init
+ (EC_KEY_METHOD *meth,
+ int (*init)(EC_KEY *key),
+ void (*finish)(EC_KEY *key),
+ int (*copy)(EC_KEY *dest, const EC_KEY *src),
+ int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+ int (*set_private)(EC_KEY *key, const BIGNUM *priv_key),
+ int (*set_public)(EC_KEY *key, const EC_POINT *pub_key));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+ int (*keygen)(EC_KEY *key));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_compute_key
+ (EC_KEY_METHOD *meth,
+ int (*ckey)(unsigned char **psec, size_t *pseclen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_sign
+ (EC_KEY_METHOD *meth,
+ int (*sign)(int type, const unsigned char *dgst,
+ int dlen, unsigned char *sig,
+ unsigned int *siglen,
+ const BIGNUM *kinv, const BIGNUM *r,
+ EC_KEY *eckey),
+ int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+ BIGNUM **kinvp, BIGNUM **rp),
+ ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+ int dgst_len,
+ const BIGNUM *in_kinv,
+ const BIGNUM *in_r,
+ EC_KEY *eckey));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_verify
+ (EC_KEY_METHOD *meth,
+ int (*verify)(int type, const unsigned
+ char *dgst, int dgst_len,
+ const unsigned char *sigbuf,
+ int sig_len, EC_KEY *eckey),
+ int (*verify_sig)(const unsigned char *dgst,
+ int dgst_len, const ECDSA_SIG *sig,
+ EC_KEY *eckey));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_init
+ (const EC_KEY_METHOD *meth,
+ int (**pinit)(EC_KEY *key),
+ void (**pfinish)(EC_KEY *key),
+ int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+ int (**pset_group)(EC_KEY *key, const EC_GROUP *grp),
+ int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key),
+ int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_keygen
+ (const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_compute_key
+ (const EC_KEY_METHOD *meth,
+ int (**pck)(unsigned char **psec,
+ size_t *pseclen,
+ const EC_POINT *pub_key,
+ const EC_KEY *ecdh));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_sign
+ (const EC_KEY_METHOD *meth,
+ int (**psign)(int type, const unsigned char *dgst,
+ int dlen, unsigned char *sig,
+ unsigned int *siglen,
+ const BIGNUM *kinv, const BIGNUM *r,
+ EC_KEY *eckey),
+ int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+ BIGNUM **kinvp, BIGNUM **rp),
+ ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+ int dgst_len,
+ const BIGNUM *in_kinv,
+ const BIGNUM *in_r,
+ EC_KEY *eckey));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify
+ (const EC_KEY_METHOD *meth,
+ int (**pverify)(int type, const unsigned
+ char *dgst, int dgst_len,
+ const unsigned char *sigbuf,
+ int sig_len, EC_KEY *eckey),
+ int (**pverify_sig)(const unsigned char *dgst,
int dgst_len,
- const BIGNUM *in_kinv,
- const BIGNUM *in_r,
- EC_KEY *eckey)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify
- (const EC_KEY_METHOD *meth,
- int (**pverify)(int type, const unsigned
- char *dgst, int dgst_len,
- const unsigned char *sigbuf,
- int sig_len, EC_KEY *eckey),
- int (**pverify_sig)(const unsigned char *dgst,
- int dgst_len,
- const ECDSA_SIG *sig,
- EC_KEY *eckey)))
+ const ECDSA_SIG *sig,
+ EC_KEY *eckey));
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
# define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \
- d2i_ECParameters, x)
+ d2i_ECParameters, x)
# ifndef __cplusplus
# if defined(__SUNPRO_C)
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 0180170b8d..ac92887aad 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -494,9 +494,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh))
# endif
-# ifndef OPENSSL_NO_EC
-# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
- (eckey))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
+# define EVP_PKEY_assign_EC_KEY(pkey,eckey) \
+ EVP_PKEY_assign((pkey), EVP_PKEY_EC, (eckey))
+# endif
# endif
# ifndef OPENSSL_NO_SIPHASH
# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\
@@ -1261,11 +1263,16 @@ OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
# endif
# endif
-# ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
struct ec_key_st;
+OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+OSSL_DEPRECATEDIN_3_0
struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+# endif
# endif
EVP_PKEY *EVP_PKEY_new(void);
@@ -1795,6 +1802,19 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
unsigned char *buf, size_t max_buf_sz,
size_t *out_sz);
+const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
+int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
+int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
+int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+ char *str);
+int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+ unsigned char *buf, size_t bsize);
+
+int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
+int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);
+
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 97d52e729b..22d42be8e4 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -455,11 +455,15 @@ DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSA_PUBKEY, DSA)
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSAparams, DSA)
# endif
# endif
-# ifndef OPENSSL_NO_EC
-DECLARE_PEM_rw(ECPKParameters, EC_GROUP)
-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY)
+# endif
# endif
+
# ifndef OPENSSL_NO_DH
# ifndef OPENSSL_NO_DEPRECATED_3_0
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 0025a2a8cd..8c01334f49 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1227,13 +1227,13 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_ERROR_WANT_ASYNC 9
# define SSL_ERROR_WANT_ASYNC_JOB 10
# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
+
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define SSL_CTRL_SET_TMP_DH 3
-# endif
-# define SSL_CTRL_SET_TMP_ECDH 4
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define SSL_CTRL_SET_TMP_ECDH 4
# define SSL_CTRL_SET_TMP_DH_CB 6
# endif
+
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
diff --git a/include/openssl/types.h b/include/openssl/types.h
index cf11b8549d..56437f96f9 100644
--- a/include/openssl/types.h
+++ b/include/openssl/types.h
@@ -144,8 +144,10 @@ typedef struct rsa_meth_st RSA_METHOD;
# endif
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
typedef struct ec_key_st EC_KEY;
typedef struct ec_key_method_st EC_KEY_METHOD;
+# endif
typedef struct rand_meth_st RAND_METHOD;
typedef struct rand_drbg_st RAND_DRBG;
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index bf525f427f..cb4f126edf 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -430,12 +430,14 @@ OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa);
# endif
# endif
-# ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
-int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
-int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey);
-# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
+OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
+OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey);
+# endif /* OPENSSL_NO_EC */
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8);
X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk);
@@ -474,12 +476,16 @@ OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa);
# endif
# endif
-# ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
-int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
-int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey);
-# endif
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
+OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
+OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey);
+# endif /* OPENSSL_NO_EC */
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8);
X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk);
@@ -555,8 +561,10 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY)
# endif
# endif
-# ifndef OPENSSL_NO_EC
-DECLARE_ASN1_ENCODE_FUNCTIONS_only(EC_KEY, EC_PUBKEY)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY)
+# endif
# endif
DECLARE_ASN1_FUNCTIONS(X509_SIG)
diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in
index 2d56119ba1..0ec78389a4 100644
--- a/providers/common/der/der_ec.h.in
+++ b/providers/common/der/der_ec.h.in
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
+#include "crypto/ec.h"
#include "internal/der.h"
/* Well known OIDs precompiled */
diff --git a/providers/common/der/der_sm2.h.in b/providers/common/der/der_sm2.h.in
index 406ddf2b16..721c63d421 100644
--- a/providers/common/der/der_sm2.h.in
+++ b/providers/common/der/der_sm2.h.in
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
+#include "crypto/ec.h"
#include "internal/der.h"
/* Well known OIDs precompiled */
diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c
index a67e2c26e4..b1f62b03c7 100644
--- a/providers/implementations/asymciphers/sm2_enc.c
+++ b/providers/implementations/asymciphers/sm2_enc.c
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
+#include "internal/deprecated.h"
+
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/core_dispatch.h>
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 8775622a01..5d71d3ee1d 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -229,11 +229,33 @@ static ossl_inline
int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
OSSL_PARAM params[])
{
- int ecdh_cofactor_mode = 0;
+ int ecdh_cofactor_mode = 0, group_check = 0;
+ const char *name = NULL;
+ point_conversion_form_t format;
if (ec == NULL)
return 0;
+ format = EC_KEY_get_conv_form(ec);
+ name = ec_pt_format_id2name((int)format);
+ if (name != NULL
+ && !ossl_param_build_set_utf8_string(tmpl, params,
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ name))
+ return 0;
+
+ group_check = EC_KEY_get_flags(ec) & EC_FLAG_CHECK_NAMED_GROUP_MASK;
+ name = ec_check_group_type_id2name(group_check);
+ if (name != NULL
+ && !ossl_param_build_set_utf8_string(tmpl, params,
+ OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
+ name))
+ return 0;
+
+ if ((EC_KEY_get_enc_flags(ec) & EC_PKEY_NO_PUBKEY) != 0)
+ ossl_param_build_set_int(tmpl, params,
+ OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0);
+
ecdh_cofactor_mode =
(EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
return ossl_param_build_set_int(tmpl, params,
@@ -462,6 +484,7 @@ end:
# define EC_IMEXPORTABLE_DOM_PARAMETERS \
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), \
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), \
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),\
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0), \
@@ -476,7 +499,8 @@ end:
# define EC_IMEXPORTABLE_PRIVATE_KEY \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
# define EC_IMEXPORTABLE_OTHER_PARAMETERS \
- OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL)
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL)
/*
* Include all the possible combinations of OSSL_PARAM arrays for
@@ -484,11 +508,6 @@ end:
*
* They are in a separate file as it is ~100 lines of unreadable and
* uninteresting machine generated stuff.
- *
- * TODO(3.0): the generated list looks quite ugly, as to cover all possible
- * combinations of the bits in `selection`, it also includes combinations that
- * are not really useful: we might want to consider alternatives to this
- * solution.
*/
#include "ec_kmgmt_imexport.inc"
@@ -727,6 +746,11 @@ const OSSL_PARAM *ec_gettable_params(void *provctx)
static const OSSL_PARAM ec_known_settable_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, NULL, 0),
OSSL_PARAM_END
};
@@ -742,6 +766,12 @@ int ec_set_params(void *key, const OSSL_PARAM params[])
EC_KEY *eck = key;
const OSSL_PARAM *p;
+ if (key == NULL)
+ return 0;
+
+ if (!ec_group_set_params((EC_GROUP *)EC_KEY_get0_group(key), params))
+ return 0;
+
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL) {
BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
@@ -850,8 +880,15 @@ int ec_validate(const void *keydata, int selection)
if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
ok = 1;
- if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
- ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+ int flags = EC_KEY_get_flags(eck);
+
+ if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0)
+ ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
+ (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
+ else
+ ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
+ }
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && ec_key_public_check(eck, ctx);
@@ -870,6 +907,8 @@ struct ec_gen_ctx {
OSSL_LIB_CTX *libctx;
char *group_name;
char *encoding;
+ char *pt_format;
+ char *group_check;
char *field_type;
BIGNUM *p, *a, *b, *order, *cofactor;
unsigned char *gen, *seed;
@@ -972,6 +1011,8 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[])
COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_GROUP_NAME, gctx->group_name);
COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE, gctx->field_type);
COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_ENCODING, gctx->encoding);
+ COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, gctx->pt_format);
+ COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, gctx->group_check);
COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_P, gctx->p);
COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_A, gctx->a);
@@ -1005,6 +1046,12 @@ static int ec_gen_set_group_from_params(struct ec_gen_ctx *gctx)
gctx->encoding, 0))
goto err;
+ if (gctx->pt_format != NULL
+ && !OSSL_PARAM_BLD_push_utf8_string(bld,
+ OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ gctx->pt_format, 0))
+ goto err;
+
if (gctx->group_name != NULL) {
if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
gctx->group_name, 0))
@@ -1066,6 +1113,7 @@ static const OSSL_PARAM *ec_gen_settable_params(void *provctx)
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0),
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0),
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0),
@@ -1107,12 +1155,20 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (!ec_gen_set_group_from_params(gctx))
goto err;
} else {
- if (gctx->encoding) {
+ if (gctx->encoding != NULL) {
int flags = ec_encoding_name2id(gctx->encoding);
+
if (flags < 0)
goto err;
EC_GROUP_set_asn1_flag(gctx->gen_group, flags);
}
+ if (gctx->pt_format != NULL) {
+ int format = ec_pt_format_name2id(gctx->pt_format);
+
+ if (format < 0)
+ goto err;
+ EC_GROUP_set_point_conversion_form(gctx->gen_group, format);
+ }
}
/* We must always assign a group, no matter what */
@@ -1125,6 +1181,8 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (gctx->ecdh_mode != -1)
ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
+ if (gctx->group_check != NULL)
+ ret = ret && ec_set_check_group_type_from_name(ec, gctx->group_check);
if (ret)
return ec;
err:
@@ -1154,10 +1212,18 @@ static void *sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
} else {
if (gctx->encoding) {
int flags = ec_encoding_name2id(gctx->encoding);
+
if (flags < 0)
goto err;
EC_GROUP_set_asn1_flag(gctx->gen_group, flags);
}
+ if (gctx->pt_format != NULL) {
+ int format = ec_pt_format_name2id(gctx->pt_format);
+
+ if (format < 0)
+ goto err;
+ EC_GROUP_set_point_conversion_form(gctx->gen_group, format);
+ }
}
/* We must always assign a group, no matter what */
@@ -1197,7 +1263,8 @@ static void ec_gen_cleanup(void *genctx)
BN_free(gctx->order);
BN_free(gctx->cofactor);
OPENSSL_free(gctx->group_name);
- OPENSSL_free(gctx->field_type);;
+ OPENSSL_free(gctx->field_type);
+ OPENSSL_free(gctx->pt_format);
OPENSSL_free(gctx->encoding);
OPENSSL_free(gctx->seed);
OPENSSL_free(gctx->gen);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0739bc9082..966d799d6b 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -18,6 +18,7 @@
#include <openssl/rand.h>
#include <openssl/trace.h>
#include <openssl/x509v3.h>
+#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
@@ -3472,34 +3473,22 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return ret;
}
-# endif
+#endif
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
return 1;
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
- const EC_GROUP *group = NULL;
- int nid;
-
if (parg == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- group = EC_KEY_get0_group((const EC_KEY *)parg);
- if (group == NULL) {
- ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
- return 0;
- }
- nid = EC_GROUP_get_curve_name(group);
- if (nid == NID_undef)
- return 0;
- return tls1_set_groups(&s->ext.supportedgroups,
- &s->ext.supportedgroups_len,
- &nid, 1);
+ return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
+ &s->ext.supportedgroups_len,
+ parg);
}
- break;
-#endif /* !OPENSSL_NO_EC */
+#endif
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
/*
* TODO(OpenSSL1.2)
@@ -3816,29 +3805,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return 1;
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
- const EC_GROUP *group = NULL;
- int nid;
-
if (parg == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- group = EC_KEY_get0_group((const EC_KEY *)parg);
- if (group == NULL) {
- ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
- return 0;
- }
- nid = EC_GROUP_get_curve_name(group);
- if (nid == NID_undef)
- return 0;
- return tls1_set_groups(&ctx->ext.supportedgroups,
- &ctx->ext.supportedgroups_len,
- &nid, 1);
+ return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
+ &ctx->ext.supportedgroups_len,
+ parg);
}
-#endif /* !OPENSSL_NO_EC */
+#endif
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->ext.servername_arg = parg;
break;
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 22ab387422..810461bc51 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2468,6 +2468,8 @@ __owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
unsigned char **ctp, size_t *ctlenp,
int gensecret);
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+__owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+ void *key);
__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 60c17dd809..ccc71a1995 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -818,28 +818,29 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
/* Check a key is compatible with compression extension */
static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
{
- const EC_KEY *ec;
- const EC_GROUP *grp;
unsigned char comp_id;
size_t i;
+ int point_conv;
/* If not an EC key nothing to check */
if (!EVP_PKEY_is_a(pkey, "EC"))
return 1;
- ec = EVP_PKEY_get0_EC_KEY(pkey);
- grp = EC_KEY_get0_group(ec);
+
/* Get required compression id */
- if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+ point_conv = EVP_PKEY_get_ec_point_conv_form(pkey);
+ if (point_conv == 0)
+ return 0;
+ if (point_conv == POINT_CONVERSION_UNCOMPRESSED) {
comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
} else if (SSL_IS_TLS13(s)) {
- /*
- * ec_point_formats extension is not used in TLSv1.3 so we ignore
- * this check.
- */
- return 1;
+ /*
+ * ec_point_formats extension is not used in TLSv1.3 so we ignore
+ * this check.
+ */
+ return 1;
} else {
- int field_type = EC_GROUP_get_field_type(grp);
+ int field_type = EVP_PKEY_get_field_type(pkey);
if (field_type == NID_X9_62_prime_field)
comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c
index 6f2103ad91..4ac7fcb916 100644
--- a/ssl/tls_depr.c
+++ b/ssl/tls_depr.c
@@ -159,5 +159,23 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh)
return ret;
}
# endif
-#endif
+/* Some deprecated public APIs pass EC_KEY objects */
+# ifndef OPENSSL_NO_EC
+int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+ void *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
+ int nid;
+
+ if (group == NULL) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
+ return 0;
+ }
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_groups(pext, pextlen, &nid, 1);
+}
+# endif
+#endif
diff --git a/test/build.info b/test/build.info
index a8f60c385b..b9e6d4f3b1 100644
--- a/test/build.info
+++ b/test/build.info
@@ -32,7 +32,7 @@ IF[{- !$disabled{tests} -}]
versions \
aborttest test_test pkcs12_format_test \
sanitytest rsa_complex exdatatest bntest \
- ectest ecstresstest gmdifftest pbelutest \
+ ecstresstest gmdifftest pbelutest \
destest mdc2test \
exptest \
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
@@ -96,7 +96,7 @@ IF[{- !$disabled{tests} -}]
SOURCE[ectest]=ectest.c
INCLUDE[ectest]=../include ../apps/include
- DEPEND[ectest]=../libcrypto libtestutil.a
+ DEPEND[ectest]=../libcrypto.a libtestutil.a
SOURCE[ecstresstest]=ecstresstest.c
INCLUDE[ecstresstest]=../include ../apps/include
@@ -548,7 +548,7 @@ IF[{- !$disabled{tests} -}]
PROGRAMS{noinst}=sm4_internal_test
ENDIF
IF[{- !$disabled{ec} -}]
- PROGRAMS{noinst}=ec_internal_test curve448_internal_test
+ PROGRAMS{noinst}=ectest ec_internal_test curve448_internal_test
ENDIF
IF[{- !$disabled{cmac} -}]
PROGRAMS{noinst}=cmactest
diff --git a/test/ectest.c b/test/ectest.c
index 9088fd166a..e00e7c2b3a 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -9,32 +9,28 @@
*/
/*
- * We need access to the deprecated EC_POINTs_mul, EC_GROUP_precompute_mult,
- * and EC_GROUP_have_precompute_mult for testing purposes
- * when the deprecated calls are not hidden
+ * EC_KEY low level APIs are deprecated for public use, but still ok for
+ * internal use.
*/
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-# define OPENSSL_SUPPRESS_DEPRECATED
-#endif
+#include "internal/deprecated.h"
#include <string.h>
#include "internal/nelem.h"
#include "testutil.h"
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-# ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-# endif
-# include <openssl/err.h>
-# include <openssl/obj_mac.h>
-# include <openssl/objects.h>
-# include <openssl/rand.h>
-# include <openssl/bn.h>
-# include <openssl/opensslconf.h>
-# include "openssl/core_names.h"
-# include "openssl/param_build.h"
-# include "openssl/evp.h"
+#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+#include "openssl/core_names.h"
+#include "openssl/param_build.h"
+#include "openssl/evp.h"
static size_t crv_len = 0;
static EC_builtin_curve *curves = NULL;
@@ -62,9 +58,9 @@ static int group_order_tests(EC_GROUP *group)
if (!TEST_true(EC_GROUP_get_order(group, order, ctx))
|| !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, Q))
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
|| !TEST_true(EC_GROUP_precompute_mult(group, ctx))
-# endif
+#endif
|| !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, Q))
|| !TEST_true(EC_POINT_copy(P, G))
@@ -78,10 +74,10 @@ static int group_order_tests(EC_GROUP *group)
goto err;
for (i = 1; i <= 2; i++) {
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
const BIGNUM *scalars[6];
const EC_POINT *points[6];
-# endif
+#endif
if (!TEST_true(BN_set_word(n1, i))
/*
@@ -116,7 +112,7 @@ static int group_order_tests(EC_GROUP *group)
|| !TEST_false(EC_POINT_is_at_infinity(group, P)))
goto err;
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/* Exercise EC_POINTs_mul, including corner cases. */
scalars[0] = scalars[1] = BN_value_one();
points[0] = points[1] = P;
@@ -141,7 +137,7 @@ static int group_order_tests(EC_GROUP *group)
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
-# endif
+#endif
}
r = 1;
@@ -167,10 +163,10 @@ static int prime_field_tests(void)
EC_GROUP *group = NULL;
EC_POINT *P = NULL, *Q = NULL, *R = NULL;
BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL;
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
const EC_POINT *points[4];
const BIGNUM *scalars[4];
-# endif
+#endif
unsigned char buf[100];
size_t len, r = 0;
int k;
@@ -542,7 +538,7 @@ static int prime_field_tests(void)
|| !TEST_false(EC_POINT_is_at_infinity(group, Q)))
goto err;
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
TEST_note("combined multiplication ...");
points[0] = Q;
points[1] = Q;
@@ -588,7 +584,7 @@ static int prime_field_tests(void)
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
-# endif
+#endif
TEST_note(" ok\n");
r = 1;
err:
@@ -608,7 +604,7 @@ err:
return r;
}
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
static struct c2_curve_test {
const char *name;
@@ -983,20 +979,20 @@ static int char2_field_tests(void)
|| !TEST_ptr(yplusone = BN_new())
|| !TEST_true(BN_hex2bn(&x, "6"))
/* Change test based on whether binary point compression is enabled or not. */
-# ifdef OPENSSL_EC_BIN_PT_COMP
+# ifdef OPENSSL_EC_BIN_PT_COMP
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))
-# else
+# else
|| !TEST_true(BN_hex2bn(&y, "8"))
|| !TEST_true(EC_POINT_set_affine_coordinates(group, Q, x, y, ctx))
-# endif
+# endif
)
goto err;
if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) {
/* Change test based on whether binary point compression is enabled or not. */
-# ifdef OPENSSL_EC_BIN_PT_COMP
+# ifdef OPENSSL_EC_BIN_PT_COMP
if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx)))
goto err;
-# endif
+# endif
TEST_info("Point is not on curve");
test_output_bignum("x", x);
test_output_bignum("y", y);
@@ -1031,7 +1027,7 @@ static int char2_field_tests(void)
goto err;
/* Change test based on whether binary point compression is enabled or not. */
-# ifdef OPENSSL_EC_BIN_PT_COMP
+# ifdef OPENSSL_EC_BIN_PT_COMP
len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED,
buf, sizeof(buf), ctx);
if (!TEST_size_t_ne(len, 0)
@@ -1040,7 +1036,7 @@ static int char2_field_tests(void)
goto err;
test_output_memory("Generator as octet string, compressed form:",
buf, len);
-# endif
+# endif
len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED,
buf, sizeof(buf), ctx);
@@ -1052,7 +1048,7 @@ static int char2_field_tests(void)
buf, len);
/* Change test based on whether binary point compression is enabled or not. */
-# ifdef OPENSSL_EC_BIN_PT_COMP
+# ifdef OPENSSL_EC_BIN_PT_COMP
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
ctx);
@@ -1062,7 +1058,7 @@ static int char2_field_tests(void)
goto err;
test_output_memory("Generator as octet string, hybrid form:",
buf, len);
-# endif
+# endif
if (!TEST_true(EC_POINT_invert(group, P, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)))
@@ -1087,7 +1083,7 @@ err:
BN_free(yplusone);
return r;
}
-# endif
+#endif
static int internal_curve_test(int n)
{
@@ -1342,12 +1338,12 @@ static int nistp_single_test(int idx)
/* random point multiplication */
EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/* We have not performed precomp so this should be false */
|| !TEST_false(EC_GROUP_have_precompute_mult(NISTP))
/* now repeat all tests with precomputation */
|| !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx))
-# endif
+#endif
)
goto err;
@@ -1712,7 +1708,7 @@ int are_ec_nids_compatible(int n1d, int n2d)
{
int ret = 0;
switch (n1d) {
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
case NID_sect113r1:
case NID_wap_wsg_idm_ecid_wtls4:
ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4);
@@ -1734,7 +1730,7 @@ int are_ec_nids_compatible(int n1d, int n2d)
ret = (n2d == NID_X9_62_c2pnb163v1
|| n2d == NID_wap_wsg_idm_ecid_wtls5);
break;
-# endif /* OPENSSL_NO_EC2M */
+#endif /* OPENSSL_NO_EC2M */
case NID_secp112r1:
case NID_wap_wsg_idm_ecid_wtls6:
ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6);
@@ -1743,12 +1739,12 @@ int are_ec_nids_compatible(int n1d, int n2d)
case NID_wap_wsg_idm_ecid_wtls7:
ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7);
break;
-# ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
case NID_secp224r1:
case NID_wap_wsg_idm_ecid_wtls12:
ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12);
break;
-# else
+#else
/*
* For SEC P-224 we want to ensure that the SECP nid is returned, as
* that is associated with a specialized method.
@@ -1756,7 +1752,7 @@ int are_ec_nids_compatible(int n1d, int n2d)
case NID_wap_wsg_idm_ecid_wtls12:
ret = (n2d == NID_secp224r1);
break;
-# endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
+#endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
default:
ret = (n1d == n2d);
@@ -2142,14 +2138,14 @@ static int cardinality_test(int n)
|| !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1)))
|| !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx))
/* construct g2 manually with g1 parameters */
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
|| !TEST_ptr(g2 = (is_binary) ?
EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) :
EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx))
-# else
+#else
|| !TEST_int_eq(0, is_binary)
|| !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx))
-# endif
+#endif
|| !TEST_ptr(g2_gen = EC_POINT_new(g2))
|| !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx))
/* pass NULL cofactor: lib should compute it */
@@ -2682,12 +2678,12 @@ static int custom_params_test(int id)
goto err;
is_prime = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field;
-# ifdef OPENSSL_NO_EC2M
+#ifdef OPENSSL_NO_EC2M
if (!is_prime) {
ret = TEST_skip("binary curves not supported in this build");
goto err;
}
-# endif
+#endif
BN_CTX_start(ctx);
if (!TEST_ptr(p = BN_CTX_get(ctx))
@@ -2724,12 +2720,12 @@ static int custom_params_test(int id)
if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GFp(p, a, b, ctx)))
goto err;
}
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
else {
if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
goto err;
}
-# endif
+#endif
/* set 2*G as the generator of altgroup */
EC_POINT_free(G2); /* discard G2 as it refers to the original group */
@@ -2918,11 +2914,8 @@ static int custom_params_test(int id)
return ret;
}
-#endif /* OPENSSL_NO_EC */
-
int setup_tests(void)
{
-#ifndef OPENSSL_NO_EC
crv_len = EC_get_builtin_curves(NULL, 0);
if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len))
|| !TEST_true(EC_get_builtin_curves(curves, crv_len)))
@@ -2932,10 +2925,10 @@ int setup_tests(void)
ADD_TEST(cofactor_range_test);
ADD_ALL_TESTS(cardinality_test, crv_len);
ADD_TEST(prime_field_tests);
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
ADD_TEST(char2_field_tests);
ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
-# endif
+#endif
ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
ADD_ALL_TESTS(internal_curve_test, crv_len);
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
@@ -2947,13 +2940,10 @@ int setup_tests(void)
ADD_ALL_TESTS(ec_point_hex2point_test, crv_len);
ADD_ALL_TESTS(custom_generator_test, crv_len);
ADD_ALL_TESTS(custom_params_test, crv_len);
-#endif /* OPENSSL_NO_EC */
return 1;
}
void cleanup_tests(void)
{
-#ifndef OPENSSL_NO_EC
OPENSSL_free(curves);
-#endif
}
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 4358fbe5c5..440b4759dd 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -384,6 +384,7 @@ static const unsigned char pExampleECParamDER[] = {
typedef struct APK_DATA_st {
const unsigned char *kder;
size_t size;
+ const char *keytype;
int evptype;
int check;
int pub_check;
@@ -392,22 +393,22 @@ typedef struct APK_DATA_st {
} APK_DATA;
static APK_DATA keydata[] = {
- {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
- {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
+ {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
+ {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
#ifndef OPENSSL_NO_EC
- {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
+ {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
#endif
};
static APK_DATA keycheckdata[] = {
- {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
- {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
+ {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0},
+ {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
0, 1, 1, 0},
#ifndef OPENSSL_NO_EC
- {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
+ {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
/* group is also associated in our pub key */
- {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
- {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
+ {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1},
+ {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}
#endif
};
@@ -911,18 +912,14 @@ static struct ec_der_pub_keys_st {
static int test_invalide_ec_char2_pub_range_decode(int id)
{
int ret = 0;
- BIO *bio = NULL;
- EC_KEY *eckey = NULL;
+ EVP_PKEY *pkey;
- if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
- ec_der_pub_keys[id].len)))
- goto err;
- eckey = d2i_EC_PUBKEY_bio(bio, NULL);
- ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
- || TEST_ptr_null(eckey);
-err:
- EC_KEY_free(eckey);
- BIO_free(bio);
+ pkey = load_example_key("EC", ec_der_pub_keys[id].der,
+ ec_der_pub_keys[id].len);
+
+ ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
+ || TEST_ptr_null(pkey);
+ EVP_PKEY_free(pkey);
return ret;
}
@@ -1417,11 +1414,7 @@ static EVP_PKEY_METHOD *custom_pmeth;
static int test_EVP_PKEY_check(int i)
{
int ret = 0;
- const unsigned char *p;
EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_EC
- EC_KEY *eckey = NULL;
-#endif
EVP_PKEY_CTX *ctx = NULL;
#ifndef OPENSSL_NO_DEPRECATED_3_0
EVP_PKEY_CTX *ctx2 = NULL;
@@ -1434,36 +1427,12 @@ static int test_EVP_PKEY_check(int i)
int expected_pub_check = ak->pub_check;
int expected_param_check = ak->param_check;
int type = ak->type;
- BIO *pubkey = NULL;
-
- p = input;
- switch (type) {
- case 0:
- if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
- || !TEST_ptr_eq(p, input + input_len)
- || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
- goto done;
- break;
-#ifndef OPENSSL_NO_EC
- case 1:
- if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
- || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
- || !TEST_ptr(pkey = EVP_PKEY_new())
- || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
- goto done;
- break;
- case 2:
- if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
- || !TEST_ptr_eq(p, input + input_len)
- || !TEST_ptr(pkey = EVP_PKEY_new())
- || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
- goto done;
- break;
-#endif
- default:
- return 0;
- }
+ if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
+ goto done;
+ if (type == 0
+ && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
+ goto done;
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
goto done;
@@ -1501,7 +1470,6 @@ static int test_EVP_PKEY_check(int i)
EVP_PKEY_CTX_free(ctx2);
#endif
EVP_PKEY_free(pkey);
- BIO_free(pubkey);
return ret;
}
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
index 08fcd39bea..e286df6cf0 100644
--- a/test/helpers/handshake.c
+++ b/test/helpers/handshake.c
@@ -12,6 +12,7 @@
#include <openssl/bio.h>
#include <openssl/x509_vfy.h>
#include <openssl/ssl.h>
+#include <openssl/core_names.h>
#ifndef OPENSSL_NO_SRP
#include <openssl/srp.h>
#endif
@@ -1270,15 +1271,15 @@ static char *dup_str(const unsigned char *in, size_t len)
static int pkey_type(EVP_PKEY *pkey)
{
- int nid = EVP_PKEY_id(pkey);
+ if (EVP_PKEY_is_a(pkey, "EC")) {
+ char name[80];
+ size_t name_len;
-#ifndef OPENSSL_NO_EC
- if (nid == EVP_PKEY_EC) {
- const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
- return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ if (!EVP_PKEY_get_group_name(pkey, name, sizeof(name), &name_len))
+ return NID_undef;
+ return OBJ_txt2nid(name);
}
-#endif
- return nid;
+ return EVP_PKEY_id(pkey);
}
static int peer_pkey_type(SSL *s)
diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
index 5a042d1d4d..acd1b3960d 100644
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -16,6 +16,8 @@ use OpenSSL::Test::Utils;
setup("test_ec");
+plan skip_all => 'EC is not supported in this build' if disabled('ec');
+
plan tests => 14;
require_ok(srctop_file('test','recipes','tconversion.pl'));
@@ -25,77 +27,61 @@ ok(run(test(["ectest"])), "running ectest");
# TODO: remove these when the 'ec' app is removed.
# Also consider moving this to the 20-25 test section because it is testing
# the command line tool in addition to the algorithm.
-SKIP: {
- skip "Skipping EC conversion test", 3
- if disabled("ec");
-
- subtest 'EC conversions -- private key' => sub {
- tconversion( -type => 'ec', -prefix => 'ec-priv',
- -in => srctop_file("test","testec-p256.pem") );
- };
- subtest 'EC conversions -- private key PKCS#8' => sub {
- tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
- -in => srctop_file("test","testec-p256.pem"),
- -args => "pkey" );
- };
- subtest 'EC conversions -- public key' => sub {
- tconversion( -type => 'ec', -prefix => 'ec-pub',
- -in => srctop_file("test","testecpub-p256.pem"),
- -args => [ "ec", "-pubin", "-pubout" ] );
- };
-}
-
-SKIP: {
- skip "Skipping PKEY conversion test", 3
- if disabled("ec");
-
- subtest 'PKEY conversions -- private key' => sub {
- tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv',
- -in => srctop_file("test","testec-p256.pem") );
- };
- subtest 'PKEY conversions -- private key PKCS#8' => sub {
- tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8',
- -in => srctop_file("test","testec-p256.pem"),
- -args => "pkey" );
- };
- subtest 'PKEY conversions -- public key' => sub {
- tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub',
- -in => srctop_file("test","testecpub-p256.pem"),
- -args => [ "pkey", "-pubin", "-pubout" ] );
- };
-}
-
-SKIP: {
- skip "Skipping EdDSA conversion test", 6
- if disabled("ec");
+subtest 'EC conversions -- private key' => sub {
+ tconversion( -type => 'ec', -prefix => 'ec-priv',
+ -in => srctop_file("test","testec-p256.pem") );
+};
+subtest 'EC conversions -- private key PKCS#8' => sub {
+ tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
+ -in => srctop_file("test","testec-p256.pem"),
+ -args => "pkey" );
+};
+subtest 'EC conversions -- public key' => sub {
+ tconversion( -type => 'ec', -prefix => 'ec-pub',
+ -in => srctop_file("test","testecpub-p256.pem"),
+ -args => [ "ec", "-pubin", "-pubout" ] );
+};
- subtest 'Ed25519 conversions -- private key' => sub {
- tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv",
- -in => srctop_file("test", "tested25519.pem") );
- };
- subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
- tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8",
- -in => srctop_file("test", "tested25519.pem"),
- -args => ["pkey"] );
- };
- subtest 'Ed25519 conversions -- public key' => sub {
- tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub",
- -in => srctop_file("test", "tested25519pub.pem"),
- -args => ["pkey", "-pubin", "-pubout"] );
- };
+subtest 'PKEY conversions -- private key' => sub {
+ tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv',
+ -in => srctop_file("test","testec-p256.pem") );
+};
+subtest 'PKEY conversions -- private key PKCS#8' => sub {
+ tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8',
+ -in => srctop_file("test","testec-p256.pem"),
+ -args => "pkey" );
+};
+subtest 'PKEY conversions -- public key' => sub {
+ tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub',
+ -in => srctop_file("test","testecpub-p256.pem"),
+ -args => [ "pkey", "-pubin", "-pubout" ] );
+};
- subtest 'Ed448 conversions -- private key' => sub {
- tconversion( -type => "pkey", -prefix => "ed448-pkey-priv",
- -in => srctop_file("test", "tested448.pem") );
- };
- subtest 'Ed448 conversions -- private key PKCS#8' => sub {
- tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8",
- -in => srctop_file("test", "tested448.pem"),
- -args => ["pkey"] );
- };
- subtest 'Ed448 conversions -- public key' => sub {
- tconversion( -type => "pkey", -prefix => "ed448-pkey-pub",
- -in => srctop_file("test", "tested448pub.pem"),
- -args => ["pkey", "-pubin", "-pubout"] );
- };
-}
+subtest 'Ed25519 conversions -- private key' => sub {
+ tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv",
+ -in => srctop_file("test", "tested25519.pem") );
+};
+subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
+ tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8",
+ -in => srctop_file("test", "tested25519.pem"),
+ -args => ["pkey"] );
+};
+subtest 'Ed25519 conversions -- public key' => sub {
+ tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub",
+ -in => srctop_file("test", "tested25519pub.pem"),
+ -args => ["pkey", "-pubin", "-pubout"] );
+};
+subtest 'Ed448 conversions -- private key' => sub {
+ tconversion( -type => "pkey", -prefix => "ed448-pkey-priv",
+ -in => srctop_file("test", "tested448.pem") );
+};
+subtest 'Ed448 conversions -- private key PKCS#8' => sub {
+ tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8",
+ -in => srctop_file("test", "tested448.pem"),
+ -args => ["pkey"] );
+};
+subtest 'Ed448 conversions -- public key' => sub {
+ tconversion( -type => "pkey", -prefix => "ed448-pkey-pub",
+ -in => srctop_file("test", "tested448pub.pem"),
+ -args => ["pkey", "-pubin", "-pubout"] );
+};
diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
index 4294a00ef2..93b2aa4a21 100644
--- a/test/recipes/15-test_ecparam.t
+++ b/test/recipes/15-test_ecparam.t
@@ -11,46 +11,100 @@ use strict;
use warnings;
use File::Spec;
+use File::Compare qw/compare_text/;
use OpenSSL::Glob;
use OpenSSL::Test qw/:DEFAULT data_file/;
use OpenSSL::Test::Utils;
setup("test_ecparam");
-plan skip_all => "EC isn't supported in this build"
+plan skip_all => "EC or EC2M isn't supported in this build"
if disabled("ec") || disabled("ec2m");
my @valid = glob(data_file("valid", "*.pem"));
+my @noncanon = glob(data_file("noncanon", "*.pem"));
my @invalid = glob(data_file("invalid", "*.pem"));
-my $num_tests = scalar @valid + scalar @invalid;
-plan tests => 3 * $num_tests;
+plan tests => 11;
- SKIP: {
- skip "Skipping EC tests", 2 * $num_tests
- if disabled('deprecated-3.0');
+sub checkload {
+ my $files = shift; # List of files
+ my $valid = shift; # Check should pass or fail?
+ my $app = shift; # Which application
+ my $opt = shift; # Additional option
- foreach (@valid) {
- ok(run(app([qw{openssl ecparam -noout -check -in}, $_])));
+ foreach (@$files) {
+ if ($valid) {
+ ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
+ } else {
+ ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
+ }
}
+}
- foreach (@valid) {
- ok(run(app([qw{openssl ecparam -noout -check_named -in}, $_])));
- }
+sub checkcompare {
+ my $files = shift; # List of files
+ my $app = shift; # Which application
- foreach (@invalid) {
- ok(!run(app([qw{openssl ecparam -noout -check -in}, $_])));
- }
+ foreach (@$files) {
+ my $testout = "$app.tst";
- foreach (@invalid) {
- ok(!run(app([qw{openssl ecparam -noout -check_named -in}, $_])));
+ ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
+ ok(!compare_text($_, $testout), "Original file $_ is the same as new one");
}
}
-foreach (@valid) {
- ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
-}
+subtest "Check loading valid parameters by ecparam with -check" => sub {
+ plan tests => scalar(@valid);
+ checkload(\@valid, 1, "ecparam", "-check");
+};
-foreach (@invalid) {
- ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
-}
+subtest "Check loading valid parameters by ecparam with -check_named" => sub {
+ plan tests => scalar(@valid);
+ checkload(\@valid, 1, "ecparam", "-check_named");
+};
+
+subtest "Check loading valid parameters by pkeyparam with -check" => sub {
+ plan tests => scalar(@valid);
+ checkload(\@valid, 1, "pkeyparam", "-check");
+};
+
+subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
+ plan tests => scalar(@noncanon);
+ checkload(\@noncanon, 1, "ecparam", "-check");
+};
+
+subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
+ plan tests => scalar(@noncanon);
+ checkload(\@noncanon, 1, "ecparam", "-check_named");
+};
+
+subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
+ plan tests => scalar(@noncanon);
+ checkload(\@noncanon, 1, "pkeyparam", "-check");
+};
+
+subtest "Check loading invalid parameters by ecparam with -check" => sub {
+ plan tests => scalar(@invalid);
+ checkload(\@invalid, 0, "ecparam", "-check");
+};
+
+subtest "Check loading invalid parameters by ecparam with -check_named" => sub {
+ plan tests => scalar(@invalid);
+ checkload(\@invalid, 0, "ecparam", "-check_named");
+};
+
+subtest "Check loading invalid parameters by pkeyparam with -check" => sub {
+ plan tests => scalar(@invalid);
+ checkload(\@invalid, 0, "pkeyparam", "-check");
+};
+
+subtest "Check ecparam does not change the parameter file on output" => sub {
+ plan tests => 2 * scalar(@valid);
+ checkcompare(\@valid, "ecparam");
+};
+
+subtest "Check pkeyparam does not change the parameter file on output" => sub {
+ plan tests => 2 * scalar(@valid);
+ checkcompare(\@valid, "pkeyparam");
+};
diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/c2pnb163v1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/c2pnb163v1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/c2pnb208w1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/c2pnb208w1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp160k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp160k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp192k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp192k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp224k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp224k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp256k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp256k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp521r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp521r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect113r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect113r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect113r2-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect113r2-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect163k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect163k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect163r2-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect163r2-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect193r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect193r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect193r2-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect193r2-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect233k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect233k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect233r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect233r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect239k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect239k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect283k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect283k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect283r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect283r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect409k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect409k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect409r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect409r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect571k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect571k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect571r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect571r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls10-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls10-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls11-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls11-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls3-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls3-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls4-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls4-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls5-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls5-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls8-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls8-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls9-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls9-explicit.pem
diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
index 4114d94917..69b01b7e0a 100644
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@@ -718,17 +718,15 @@ static void sv_usage(void)
static void print_key_details(BIO *out, EVP_PKEY *key)
{
int keyid = EVP_PKEY_id(key);
+
#ifndef OPENSSL_NO_EC
if (keyid == EVP_PKEY_EC) {
- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
- int nid;
- const char *cname;
- nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
- EC_KEY_free(ec);
- cname = EC_curve_nid2nist(nid);
- if (!cname)
- cname = OBJ_nid2sn(nid);
- BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
+ char group[80];
+ size_t size;
+
+ if (!EVP_PKEY_get_group_name(key, group, sizeof(group), &size))
+ strcpy(group, "unknown group");
+ BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), group);
} else
#endif
{
diff --git a/util/libcrypto.num b/util/libcrypto.num
index bc39e25b6d..509c694d69 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1,4 +1,4 @@
-d2i_EC_PUBKEY 1 3_0_0 EXIST::FUNCTION:EC
+d2i_EC_PUBKEY 1 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
b2i_PVK_bio 2 3_0_0 EXIST::FUNCTION:
PEM_read_bio_NETSCAPE_CERT_SEQUENCE 3 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_chain 4 3_0_0 EXIST::FUNCTION:
@@ -15,7 +15,7 @@ X509at_get_attr_by_NID 14 3_0_0 EXIST::FUNCTION:
X509_PUBKEY_set0_param 15 3_0_0 EXIST::FUNCTION:
PKCS12_it 16 3_0_0 EXIST::FUNCTION:
i2d_ASN1_OCTET_STRING 17 3_0_0 EXIST::FUNCTION:
-EC_KEY_set_private_key 18 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_private_key 18 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SRP_VBASE_get_by_user 19 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
Camellia_cfb128_encrypt 21 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
DES_ncbc_encrypt 22 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
@@ -180,7 +180,7 @@ i2d_ASN1_PRINTABLESTRING 183 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set_hostflags 184 3_0_0 EXIST::FUNCTION:
SCT_get0_log_id 185 3_0_0 EXIST::FUNCTION:CT
ASN1_IA5STRING_it 186 3_0_0 EXIST::FUNCTION:
-PEM_write_bio_ECPrivateKey 187 3_0_0 EXIST::FUNCTION:EC
+PEM_write_bio_ECPrivateKey 187 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_consttime_swap 188 3_0_0 EXIST::FUNCTION:
BIO_f_buffer 189 3_0_0 EXIST::FUNCTION:
CMS_SignerInfo_get0_signer_id 190 3_0_0 EXIST::FUNCTION:CMS
@@ -198,7 +198,7 @@ OCSP_request_add0_id 201 3_0_0 EXIST::FUNCTION:OCSP
EVP_seed_cfb128 202 3_0_0 EXIST::FUNCTION:SEED
BASIC_CONSTRAINTS_free 203 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_flags 204 3_0_0 EXIST::FUNCTION:
-PEM_write_bio_ECPKParameters 205 3_0_0 EXIST::FUNCTION:EC
+PEM_write_bio_ECPKParameters 205 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SCT_set_version 206 3_0_0 EXIST::FUNCTION:CT
CMS_add1_ReceiptRequest 207 3_0_0 EXIST::FUNCTION:CMS
d2i_CRL_DIST_POINTS 208 3_0_0 EXIST::FUNCTION:
@@ -206,7 +206,7 @@ X509_CRL_INFO_free 209 3_0_0 EXIST::FUNCTION:
ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ERR_load_strings 211 3_0_0 EXIST::FUNCTION:
RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PEM_write_PKCS8_PRIV_KEY_INFO 214 3_0_0 EXIST::FUNCTION:STDIO
X509at_get0_data_by_OBJ 215 3_0_0 EXIST::FUNCTION:
b2i_PublicKey_bio 216 3_0_0 EXIST::FUNCTION:
@@ -234,9 +234,9 @@ ASN1_item_i2d 238 3_0_0 EXIST::FUNCTION:
OCSP_copy_nonce 239 3_0_0 EXIST::FUNCTION:OCSP
OBJ_txt2nid 240 3_0_0 EXIST::FUNCTION:
SEED_set_key 241 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
-EC_KEY_clear_flags 242 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_clear_flags 242 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CMS_RecipientInfo_ktri_get0_algs 243 3_0_0 EXIST::FUNCTION:CMS
-i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:EC
+i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
MDC2 245 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
BN_clear_free 246 3_0_0 EXIST::FUNCTION:
ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -254,7 +254,7 @@ EVP_md2 259 3_0_0 EXIST::FUNCTION:MD2
RC2_ecb_encrypt 260 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
ENGINE_register_DH 261 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
ASN1_NULL_free 262 3_0_0 EXIST::FUNCTION:
-EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_des_ede3 264 3_0_0 EXIST::FUNCTION:DES
PKCS7_add1_attrib_digest 265 3_0_0 EXIST::FUNCTION:
EC_POINT_get_affine_coordinates_GFp 266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
@@ -318,7 +318,7 @@ BIO_s_accept 323 3_0_0 EXIST::FUNCTION:SOCK
EVP_whirlpool 324 3_0_0 EXIST::FUNCTION:WHIRLPOOL
OCSP_ONEREQ_get1_ext_d2i 325 3_0_0 EXIST::FUNCTION:OCSP
d2i_ESS_SIGNING_CERT 326 3_0_0 EXIST::FUNCTION:
-EC_KEY_set_default_method 327 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_default_method 327 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_OBJECT_up_ref_count 328 3_0_0 EXIST::FUNCTION:
RAND_load_file 329 3_0_0 EXIST::FUNCTION:
BIO_ctrl_reset_read_request 330 3_0_0 EXIST::FUNCTION:
@@ -521,7 +521,7 @@ X509_CRL_add1_ext_i2d 532 3_0_0 EXIST::FUNCTION:
i2d_TS_TST_INFO 533 3_0_0 EXIST::FUNCTION:TS
OBJ_sigid_free 534 3_0_0 EXIST::FUNCTION:
TS_STATUS_INFO_get0_status 535 3_0_0 EXIST::FUNCTION:TS
-EC_KEY_get_flags 536 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get_flags 536 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ASN1_TYPE_cmp 537 3_0_0 EXIST::FUNCTION:
i2d_RSAPublicKey 538 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EC_GROUP_get_trinomial_basis 539 3_0_0 EXIST::FUNCTION:EC,EC2M
@@ -537,7 +537,7 @@ RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
d2i_X509_CRL_fp 549 3_0_0 EXIST::FUNCTION:STDIO
i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_aes_128_ccm 551 3_0_0 EXIST::FUNCTION:
-ECParameters_print 552 3_0_0 EXIST::FUNCTION:EC
+ECParameters_print 552 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OCSP_SINGLERESP_get1_ext_d2i 553 3_0_0 EXIST::FUNCTION:OCSP
RAND_status 554 3_0_0 EXIST::FUNCTION:
EVP_ripemd160 555 3_0_0 EXIST::FUNCTION:RMD160
@@ -645,7 +645,7 @@ OCSP_resp_get0_produced_at 661 3_0_0 EXIST::FUNCTION:OCSP
IDEA_encrypt 662 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
CRYPTO_nistcts128_encrypt_block 663 3_0_0 EXIST::FUNCTION:
EVP_MD_do_all 664 3_0_0 EXIST::FUNCTION:
-EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CONF_parse_list 666 3_0_0 EXIST::FUNCTION:
ENGINE_set_table_flags 667 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
EVP_MD_meth_get_ctrl 668 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -772,7 +772,7 @@ CONF_get1_default_config_file 790 3_0_0 EXIST::FUNCTION:
CRYPTO_ocb128_encrypt 791 3_0_0 EXIST::FUNCTION:OCB
EXTENDED_KEY_USAGE_new 792 3_0_0 EXIST::FUNCTION:
EVP_EncryptFinal 793 3_0_0 EXIST::FUNCTION:
-PEM_write_ECPrivateKey 794 3_0_0 EXIST::FUNCTION:EC,STDIO
+PEM_write_ECPrivateKey 794 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
EVP_CIPHER_meth_set_get_asn1_params 796 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PKCS7_dataInit 797 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_app_data 798 3_0_0 EXIST::FUNCTION:
@@ -792,8 +792,8 @@ i2a_ASN1_ENUMERATED 811 3_0_0 EXIST::FUNCTION:
PKCS7_ISSUER_AND_SERIAL_new 812 3_0_0 EXIST::FUNCTION:
d2i_USERNOTICE 813 3_0_0 EXIST::FUNCTION:
X509_cmp 814 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_set1_EC_KEY 815 3_0_0 EXIST::FUNCTION:EC
-ECPKParameters_print_fp 816 3_0_0 EXIST::FUNCTION:EC,STDIO
+EVP_PKEY_set1_EC_KEY 815 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
+ECPKParameters_print_fp 816 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
GENERAL_SUBTREE_free 817 3_0_0 EXIST::FUNCTION:
RSA_blinding_off 818 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
i2d_OCSP_REVOKEDINFO 819 3_0_0 EXIST::FUNCTION:OCSP
@@ -910,7 +910,7 @@ DHparams_dup 932 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
X509_get_ext 933 3_0_0 EXIST::FUNCTION:
X509_issuer_and_serial_hash 934 3_0_0 EXIST::FUNCTION:
ASN1_BMPSTRING_it 935 3_0_0 EXIST::FUNCTION:
-PEM_read_EC_PUBKEY 936 3_0_0 EXIST::FUNCTION:EC,STDIO
+PEM_read_EC_PUBKEY 936 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
d2i_ASN1_IA5STRING 937 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_ext_free 938 3_0_0 EXIST::FUNCTION:TS
i2d_X509_CRL_fp 939 3_0_0 EXIST::FUNCTION:STDIO
@@ -920,7 +920,7 @@ TS_VERIFY_CTX_set_certs 942 3_0_0 EXIST::FUNCTION:TS
BN_MONT_CTX_copy 943 3_0_0 EXIST::FUNCTION:
OPENSSL_INIT_new 945 3_0_0 EXIST::FUNCTION:
TS_ACCURACY_dup 946 3_0_0 EXIST::FUNCTION:TS
-i2d_ECPrivateKey 947 3_0_0 EXIST::FUNCTION:EC
+i2d_ECPrivateKey 947 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_NAME_ENTRY_create_by_OBJ 948 3_0_0 EXIST::FUNCTION:
TS_VERIFY_CTX_cleanup 949 3_0_0 EXIST::FUNCTION:TS
ASN1_INTEGER_get 950 3_0_0 EXIST::FUNCTION:
@@ -1021,7 +1021,7 @@ X509_EXTENSION_new 1047 3_0_0 EXIST::FUNCTION:
X509_getm_notAfter 1048 3_0_0 EXIST::FUNCTION:
X509_ALGOR_dup 1049 3_0_0 EXIST::FUNCTION:
d2i_X509_REQ_INFO 1050 3_0_0 EXIST::FUNCTION:
-d2i_EC_PUBKEY_bio 1051 3_0_0 EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_bio 1051 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_STORE_CTX_set_error 1052 3_0_0 EXIST::FUNCTION:
EC_KEY_METHOD_set_keygen 1053 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CRYPTO_free 1054 3_0_0 EXIST::FUNCTION:
@@ -1074,7 +1074,7 @@ X509_CRL_set1_nextUpdate 1100 3_0_0 EXIST::FUNCTION:
EVP_des_ede3_cfb64 1101 3_0_0 EXIST::FUNCTION:DES
BN_to_ASN1_INTEGER 1102 3_0_0 EXIST::FUNCTION:
EXTENDED_KEY_USAGE_free 1103 3_0_0 EXIST::FUNCTION:
-PEM_read_bio_EC_PUBKEY 1104 3_0_0 EXIST::FUNCTION:EC
+PEM_read_bio_EC_PUBKEY 1104 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_MONT_CTX_set 1105 3_0_0 EXIST::FUNCTION:
TS_CONF_set_serial 1106 3_0_0 EXIST::FUNCTION:TS
X509_NAME_ENTRY_new 1107 3_0_0 EXIST::FUNCTION:
@@ -1091,7 +1091,7 @@ X509_STORE_CTX_get0_store 1117 3_0_0 EXIST::FUNCTION:
PKCS12_pack_p7data 1118 3_0_0 EXIST::FUNCTION:
RSA_print_fp 1119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO
OPENSSL_INIT_set_config_appname 1120 3_0_0 EXIST::FUNCTION:STDIO
-EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:EC,STDIO
+EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
BIO_dup_chain 1122 3_0_0 EXIST::FUNCTION:
PKCS8_PRIV_KEY_INFO_it 1123 3_0_0 EXIST::FUNCTION:
RSA_OAEP_PARAMS_free 1124 3_0_0 EXIST::FUNCTION:
@@ -1185,7 +1185,7 @@ EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
X509_it 1212 3_0_0 EXIST::FUNCTION:
d2i_PROXY_POLICY 1213 3_0_0 EXIST::FUNCTION:
MDC2_Update 1214 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
-EC_KEY_new_by_curve_name 1215 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_new_by_curve_name 1215 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_CRL_free 1216 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_SIGN_ENVELOPE 1217 3_0_0 EXIST::FUNCTION:
OCSP_CERTSTATUS_it 1218 3_0_0 EXIST::FUNCTION:OCSP
@@ -1256,7 +1256,7 @@ MD5_Init 1284 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
UI_add_error_string 1285 3_0_0 EXIST::FUNCTION:
X509_TRUST_cleanup 1286 3_0_0 EXIST::FUNCTION:
PEM_read_X509 1287 3_0_0 EXIST::FUNCTION:STDIO
-EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
i2d_RSAPublicKey_fp 1289 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO
CRYPTO_ctr128_encrypt_ctr32 1290 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_move_peername 1291 3_0_0 EXIST::FUNCTION:
@@ -1266,7 +1266,7 @@ X509_CRL_METHOD_free 1294 3_0_0 EXIST::FUNCTION:
PEM_read_NETSCAPE_CERT_SEQUENCE 1295 3_0_0 EXIST::FUNCTION:STDIO
OPENSSL_load_builtin_modules 1296 3_0_0 EXIST::FUNCTION:
X509_set_version 1297 3_0_0 EXIST::FUNCTION:
-i2d_EC_PUBKEY_bio 1298 3_0_0 EXIST::FUNCTION:EC
+i2d_EC_PUBKEY_bio 1298 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_REQ_get_attr_count 1299 3_0_0 EXIST::FUNCTION:
CMS_set1_signers_certs 1300 3_0_0 EXIST::FUNCTION:CMS
TS_ACCURACY_free 1301 3_0_0 EXIST::FUNCTION:TS
@@ -1312,7 +1312,7 @@ CRYPTO_mem_leaks_fp 1340 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG
DES_set_key_unchecked 1341 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
BN_free 1342 3_0_0 EXIST::FUNCTION:
EVP_aes_128_cfb1 1343 3_0_0 EXIST::FUNCTION:
-EC_KEY_get0_group 1344 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get0_group 1344 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PEM_write_bio_CMS_stream 1345 3_0_0 EXIST::FUNCTION:CMS
BIO_f_linebuffer 1346 3_0_0 EXIST::FUNCTION:
ASN1_item_d2i_bio 1347 3_0_0 EXIST::FUNCTION:
@@ -1403,7 +1403,7 @@ ASN1_check_infinite_end 1435 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_DIGEST 1436 3_0_0 EXIST::FUNCTION:
ERR_lib_error_string 1437 3_0_0 EXIST::FUNCTION:
X509_ATTRIBUTE_set1_object 1438 3_0_0 EXIST::FUNCTION:
-i2d_ECPrivateKey_bio 1439 3_0_0 EXIST::FUNCTION:EC
+i2d_ECPrivateKey_bio 1439 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_GENCB_free 1440 3_0_0 EXIST::FUNCTION:
HMAC_size 1441 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_get0_DH 1442 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
@@ -1513,7 +1513,7 @@ EVP_CIPHER_asn1_to_param 1546 3_0_0 EXIST::FUNCTION:
OCSP_request_onereq_get0 1547 3_0_0 EXIST::FUNCTION:OCSP
ERR_load_PKCS7_strings 1548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_PUBKEY_get 1549 3_0_0 EXIST::FUNCTION:
-EC_KEY_free 1550 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_free 1550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BIO_read 1551 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get_attr_by_NID 1552 3_0_0 EXIST::FUNCTION:
BIO_get_accept_socket 1553 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
@@ -1629,7 +1629,7 @@ i2d_CMS_bio_stream 1667 3_0_0 EXIST::FUNCTION:CMS
DES_quad_cksum 1668 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
X509_ATTRIBUTE_create_by_NID 1669 3_0_0 EXIST::FUNCTION:
TS_VERIFY_CTX_free 1670 3_0_0 EXIST::FUNCTION:TS
-EC_KEY_up_ref 1671 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_up_ref 1671 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EC_GROUP_get_basis_type 1672 3_0_0 EXIST::FUNCTION:EC
OCSP_crlID_new 1673 3_0_0 EXIST:!VMS:FUNCTION:OCSP
OCSP_crlID2_new 1673 3_0_0 EXIST:VMS:FUNCTION:OCSP
@@ -1650,9 +1650,9 @@ OBJ_find_sigid_by_algs 1687 3_0_0 EXIST::FUNCTION:
ASN1_generate_nconf 1688 3_0_0 EXIST::FUNCTION:
CMS_add0_recipient_password 1689 3_0_0 EXIST::FUNCTION:CMS
UI_get_string_type 1690 3_0_0 EXIST::FUNCTION:
-PEM_read_bio_ECPrivateKey 1691 3_0_0 EXIST::FUNCTION:EC
+PEM_read_bio_ECPrivateKey 1691 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_PKEY_get_attr 1692 3_0_0 EXIST::FUNCTION:
-PEM_read_bio_ECPKParameters 1693 3_0_0 EXIST::FUNCTION:EC
+PEM_read_bio_ECPKParameters 1693 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
d2i_PKCS12_MAC_DATA 1694 3_0_0 EXIST::FUNCTION:
ENGINE_ctrl_cmd 1695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
PKCS12_SAFEBAG_get_bag_nid 1696 3_0_0 EXIST::FUNCTION:
@@ -1793,7 +1793,7 @@ EVP_MD_meth_set_update 1835 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EVP_camellia_192_cbc 1836 3_0_0 EXIST::FUNCTION:CAMELLIA
OPENSSL_LH_stats_bio 1837 3_0_0 EXIST::FUNCTION:
PKCS7_set_signed_attributes 1838 3_0_0 EXIST::FUNCTION:
-EC_KEY_priv2buf 1839 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_priv2buf 1839 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_BLINDING_free 1840 3_0_0 EXIST::FUNCTION:
IPAddressChoice_new 1841 3_0_0 EXIST::FUNCTION:RFC3779
X509_CRL_get_ext_count 1842 3_0_0 EXIST::FUNCTION:
@@ -1928,7 +1928,7 @@ NCONF_load_fp 1973 3_0_0 EXIST::FUNCTION:STDIO
i2d_OCSP_REQINFO 1974 3_0_0 EXIST::FUNCTION:OCSP
EVP_PKEY_sign 1975 3_0_0 EXIST::FUNCTION:
TS_REQ_get_ext_by_critical 1976 3_0_0 EXIST::FUNCTION:TS
-EC_KEY_key2buf 1977 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_key2buf 1977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_EXTENSION_it 1978 3_0_0 EXIST::FUNCTION:
i2d_PKCS8_fp 1979 3_0_0 EXIST::FUNCTION:STDIO
UTF8_getc 1980 3_0_0 EXIST::FUNCTION:
@@ -1972,7 +1972,7 @@ UI_dup_input_boolean 2017 3_0_0 EXIST::FUNCTION:
PKCS7_dup 2018 3_0_0 EXIST::FUNCTION:
i2d_TS_REQ_fp 2019 3_0_0 EXIST::FUNCTION:STDIO,TS
i2d_OTHERNAME 2020 3_0_0 EXIST::FUNCTION:
-EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SCT_get0_extensions 2022 3_0_0 EXIST::FUNCTION:CT
OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION:
i2d_DIRECTORYSTRING 2024 3_0_0 EXIST::FUNCTION:
@@ -1998,12 +1998,12 @@ PKCS7_SIGN_ENVELOPE_it 2044 3_0_0 EXIST::FUNCTION:
ASN1_d2i_fp 2045 3_0_0 EXIST::FUNCTION:STDIO
EVP_DecryptFinal 2046 3_0_0 EXIST::FUNCTION:
ASN1_ENUMERATED_it 2047 3_0_0 EXIST::FUNCTION:
-o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:EC
+o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ERR_load_BUF_strings 2049 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OCSP_SINGLERESP_new 2051 3_0_0 EXIST::FUNCTION:OCSP
ASN1_SCTX_free 2052 3_0_0 EXIST::FUNCTION:
-i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:EC,STDIO
+i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
EVP_CIPHER_CTX_original_iv 2054 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PKCS7_SIGNED_free 2055 3_0_0 EXIST::FUNCTION:
X509_TRUST_get0_name 2056 3_0_0 EXIST::FUNCTION:
@@ -2168,7 +2168,7 @@ CRYPTO_ccm128_decrypt_ccm64 2215 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_clock_precision_digits 2216 3_0_0 EXIST::FUNCTION:TS
SCT_LIST_validate 2217 3_0_0 EXIST::FUNCTION:CT
X509_PURPOSE_get_id 2218 3_0_0 EXIST::FUNCTION:
-EC_KEY_get_ex_data 2219 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get_ex_data 2219 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_MD_size 2220 3_0_0 EXIST::FUNCTION:
CRYPTO_malloc 2221 3_0_0 EXIST::FUNCTION:
ERR_load_ASN1_strings 2222 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -2238,7 +2238,7 @@ SXNET_get_id_asc 2285 3_0_0 EXIST::FUNCTION:
SCT_set1_extensions 2286 3_0_0 EXIST::FUNCTION:CT
PKCS12_SAFEBAG_new 2287 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_set_nonce 2288 3_0_0 EXIST::FUNCTION:TS
-PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:EC,STDIO
+PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
RSA_free 2290 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_CRL_INFO_new 2291 3_0_0 EXIST::FUNCTION:
AES_cfb8_encrypt 2292 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -2268,7 +2268,7 @@ PKCS7_ISSUER_AND_SERIAL_digest 2315 3_0_0 EXIST::FUNCTION:
EVP_des_ofb 2316 3_0_0 EXIST::FUNCTION:DES
DSA_set_method 2317 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
EVP_PKEY_get1_RSA 2318 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_camellia_192_ofb 2320 3_0_0 EXIST::FUNCTION:CAMELLIA
ASN1_STRING_length 2321 3_0_0 EXIST::FUNCTION:
PKCS7_set_digest 2322 3_0_0 EXIST::FUNCTION:
@@ -2345,11 +2345,11 @@ BN_sqr 2393 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_set_time 2394 3_0_0 EXIST::FUNCTION:TS
OPENSSL_die 2395 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_by_alias 2396 3_0_0 EXIST::FUNCTION:
-EC_KEY_set_conv_form 2397 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_conv_form 2397 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_TRUST_get_count 2399 3_0_0 EXIST::FUNCTION:
IPAddressOrRange_free 2400 3_0_0 EXIST::FUNCTION:RFC3779
RSA_padding_add_PKCS1_OAEP 2401 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SRP_VBASE_new 2403 3_0_0 EXIST::FUNCTION:SRP
i2d_ECDSA_SIG 2404 3_0_0 EXIST::FUNCTION:EC
BIO_dump_indent 2405 3_0_0 EXIST::FUNCTION:
@@ -2393,7 +2393,7 @@ ASIdentifiers_new 2443 3_0_0 EXIST::FUNCTION:RFC3779
CONF_imodule_get_flags 2444 3_0_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_it 2445 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_meth_set_set_asn1_params 2446 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-EC_KEY_get_enc_flags 2447 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get_enc_flags 2447 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_OBJECT_idx_by_subject 2448 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_copy 2449 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
NETSCAPE_CERT_SEQUENCE_new 2450 3_0_0 EXIST::FUNCTION:
@@ -2488,7 +2488,7 @@ WHIRLPOOL 2540 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
UI_set_default_method 2542 3_0_0 EXIST::FUNCTION:
EC_POINT_is_at_infinity 2543 3_0_0 EXIST::FUNCTION:EC
i2d_NOTICEREF 2544 3_0_0 EXIST::FUNCTION:
-EC_KEY_new 2545 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_new 2545 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_chacha20 2546 3_0_0 EXIST::FUNCTION:CHACHA
BN_bn2dec 2547 3_0_0 EXIST::FUNCTION:
X509_REQ_print_ex 2548 3_0_0 EXIST::FUNCTION:
@@ -2504,7 +2504,7 @@ X509_CRL_get0_signature 2557 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get_keygen_info 2558 3_0_0 EXIST::FUNCTION:
d2i_ASN1_UINTEGER 2559 3_0_0 EXIST::FUNCTION:
i2s_ASN1_INTEGER 2560 3_0_0 EXIST::FUNCTION:
-d2i_EC_PUBKEY_fp 2561 3_0_0 EXIST::FUNCTION:EC,STDIO
+d2i_EC_PUBKEY_fp 2561 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
i2d_OCSP_SIGNATURE 2562 3_0_0 EXIST::FUNCTION:OCSP
i2d_X509_EXTENSION 2563 3_0_0 EXIST::FUNCTION:
PEM_read_bio_X509 2564 3_0_0 EXIST::FUNCTION:
@@ -2566,7 +2566,7 @@ CMS_get0_type 2620 3_0_0 EXIST::FUNCTION:CMS
ASN1_PCTX_free 2621 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_new 2622 3_0_0 EXIST::FUNCTION:
X509V3_EXT_conf_nid 2623 3_0_0 EXIST::FUNCTION:
-EC_KEY_check_key 2624 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_check_key 2624 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PKCS5_PBKDF2_HMAC 2625 3_0_0 EXIST::FUNCTION:
CONF_get_section 2626 3_0_0 EXIST::FUNCTION:
CMS_RecipientInfo_kari_decrypt 2627 3_0_0 EXIST::FUNCTION:CMS
@@ -2601,7 +2601,7 @@ OPENSSL_sk_new 2656 3_0_0 EXIST::FUNCTION:
BN_dup 2657 3_0_0 EXIST::FUNCTION:
TS_MSG_IMPRINT_print_bio 2658 3_0_0 EXIST::FUNCTION:TS
CONF_module_set_usr_data 2659 3_0_0 EXIST::FUNCTION:
-EC_KEY_generate_key 2660 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_generate_key 2660 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BIO_ctrl_get_write_guarantee 2661 3_0_0 EXIST::FUNCTION:
EVP_PKEY_assign 2662 3_0_0 EXIST::FUNCTION:
EVP_aes_128_ofb 2663 3_0_0 EXIST::FUNCTION:
@@ -2629,14 +2629,14 @@ TS_RESP_CTX_set_signer_cert 2685 3_0_0 EXIST::FUNCTION:TS
X509V3_EXT_d2i 2686 3_0_0 EXIST::FUNCTION:
ASN1_GENERALSTRING_it 2687 3_0_0 EXIST::FUNCTION:
POLICYQUALINFO_free 2688 3_0_0 EXIST::FUNCTION:
-EC_KEY_set_group 2689 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_group 2689 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OCSP_check_validity 2690 3_0_0 EXIST::FUNCTION:OCSP
-PEM_write_ECPKParameters 2691 3_0_0 EXIST::FUNCTION:EC,STDIO
+PEM_write_ECPKParameters 2691 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509_VERIFY_PARAM_lookup 2692 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_by_fingerprint 2693 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_meth_free 2694 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PKCS7_RECIP_INFO_new 2695 3_0_0 EXIST::FUNCTION:
-d2i_ECPrivateKey_fp 2696 3_0_0 EXIST::FUNCTION:EC,STDIO
+d2i_ECPrivateKey_fp 2696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
TS_CONF_set_ordering 2697 3_0_0 EXIST::FUNCTION:TS
X509_CRL_get_ext 2698 3_0_0 EXIST::FUNCTION:
X509_CRL_get_ext_by_OBJ 2699 3_0_0 EXIST::FUNCTION:
@@ -2742,13 +2742,13 @@ EC_GROUP_set_point_conversion_form 2801 3_0_0 EXIST::FUNCTION:EC
CMS_dataFinal 2802 3_0_0 EXIST::FUNCTION:CMS
ASN1_TIME_it 2803 3_0_0 EXIST::FUNCTION:
ENGINE_get_static_state 2804 3_0_0 EXIST::FUNCTION:ENGINE
-EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EC_GFp_mont_method 2806 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OPENSSL_asc2uni 2807 3_0_0 EXIST::FUNCTION:
TS_REQ_new 2808 3_0_0 EXIST::FUNCTION:TS
ENGINE_register_all_DH 2809 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
ERR_clear_error 2810 3_0_0 EXIST::FUNCTION:
-EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_LOOKUP_init 2812 3_0_0 EXIST::FUNCTION:
i2b_PVK_bio 2813 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_free 2814 3_0_0 EXIST::FUNCTION:OCSP
@@ -2770,7 +2770,7 @@ X509_REQ_get_signature_nid 2830 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_get_ext 2831 3_0_0 EXIST::FUNCTION:TS
i2d_OCSP_RESPID 2832 3_0_0 EXIST::FUNCTION:OCSP
EVP_camellia_256_cfb8 2833 3_0_0 EXIST::FUNCTION:CAMELLIA
-EC_KEY_get0_public_key 2834 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get0_public_key 2834 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SRP_Calc_x 2835 3_0_0 EXIST::FUNCTION:SRP
a2i_ASN1_ENUMERATED 2836 3_0_0 EXIST::FUNCTION:
CONF_module_get_usr_data 2837 3_0_0 EXIST::FUNCTION:
@@ -2802,13 +2802,13 @@ BIO_socket_nbio 2863 3_0_0 EXIST::FUNCTION:SOCK
EVP_CIPHER_set_asn1_iv 2864 3_0_0 EXIST::FUNCTION:
EC_GFp_nistp224_method 2865 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128
BN_swap 2866 3_0_0 EXIST::FUNCTION:
-d2i_ECParameters 2867 3_0_0 EXIST::FUNCTION:EC
+d2i_ECParameters 2867 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_NAME_add_entry_by_OBJ 2868 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_get_ext_count 2869 3_0_0 EXIST::FUNCTION:TS
i2d_OCSP_CERTID 2870 3_0_0 EXIST::FUNCTION:OCSP
BN_CTX_start 2871 3_0_0 EXIST::FUNCTION:
BN_print 2872 3_0_0 EXIST::FUNCTION:
-EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_PKEY_get0 2874 3_0_0 EXIST::FUNCTION:
ENGINE_set_default 2875 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
NCONF_get_number_e 2876 3_0_0 EXIST::FUNCTION:
@@ -2827,7 +2827,7 @@ POLICY_CONSTRAINTS_it 2888 3_0_0 EXIST::FUNCTION:
NCONF_free_data 2889 3_0_0 EXIST::FUNCTION:
BIO_asn1_set_prefix 2890 3_0_0 EXIST::FUNCTION:
PEM_SignUpdate 2891 3_0_0 EXIST::FUNCTION:
-PEM_write_bio_EC_PUBKEY 2892 3_0_0 EXIST::FUNCTION:EC
+PEM_write_bio_EC_PUBKEY 2892 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CMS_add_simple_smimecap 2893 3_0_0 EXIST::FUNCTION:CMS
IPAddressChoice_free 2894 3_0_0 EXIST::FUNCTION:RFC3779
d2i_X509_AUX 2895 3_0_0 EXIST::FUNCTION:
@@ -2901,7 +2901,7 @@ BN_CTX_new 2963 3_0_0 EXIST::FUNCTION:
EC_curve_nid2nist 2964 3_0_0 EXIST::FUNCTION:EC
ENGINE_get_finish_function 2965 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
EC_POINT_add 2966 3_0_0 EXIST::FUNCTION:EC
-EC_KEY_oct2key 2967 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_oct2key 2967 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SHA384_Init 2968 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ASN1_UNIVERSALSTRING_new 2969 3_0_0 EXIST::FUNCTION:
EVP_PKEY_print_private 2970 3_0_0 EXIST::FUNCTION:
@@ -2952,7 +2952,7 @@ EVP_aes_128_gcm 3015 3_0_0 EXIST::FUNCTION:
BIO_dgram_non_fatal_error 3016 3_0_0 EXIST::FUNCTION:DGRAM
OCSP_request_is_signed 3017 3_0_0 EXIST::FUNCTION:OCSP
i2d_BASIC_CONSTRAINTS 3018 3_0_0 EXIST::FUNCTION:
-EC_KEY_get_method 3019 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get_method 3019 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EC_POINT_bn2point 3021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PBE2PARAM_it 3022 3_0_0 EXIST::FUNCTION:
BN_rand 3023 3_0_0 EXIST::FUNCTION:
@@ -3026,7 +3026,7 @@ TS_TST_INFO_set_version 3090 3_0_0 EXIST::FUNCTION:TS
PKCS12_get0_mac 3091 3_0_0 EXIST::FUNCTION:
EVP_EncodeInit 3092 3_0_0 EXIST::FUNCTION:
X509_get0_trust_objects 3093 3_0_0 EXIST::FUNCTION:
-d2i_ECPrivateKey_bio 3094 3_0_0 EXIST::FUNCTION:EC
+d2i_ECPrivateKey_bio 3094 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BIO_s_secmem 3095 3_0_0 EXIST::FUNCTION:
ENGINE_get_default_EC 3096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
TS_RESP_create_response 3097 3_0_0 EXIST::FUNCTION:TS
@@ -3110,7 +3110,7 @@ EVP_MD_CTX_update_fn 3174 3_0_0 EXIST::FUNCTION:
EVP_aes_128_ecb 3175 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_bio_stream 3176 3_0_0 EXIST::FUNCTION:
i2a_ACCESS_DESCRIPTION 3178 3_0_0 EXIST::FUNCTION:
-EC_KEY_set_enc_flags 3179 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_enc_flags 3179 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
i2d_PUBKEY_fp 3180 3_0_0 EXIST::FUNCTION:STDIO
b2i_PrivateKey_bio 3181 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_add_ext 3182 3_0_0 EXIST::FUNCTION:OCSP
@@ -3155,13 +3155,13 @@ OCSP_CERTID_free 3220 3_0_0 EXIST::FUNCTION:OCSP
BIO_hex_string 3221 3_0_0 EXIST::FUNCTION:
X509_REQ_sign_ctx 3222 3_0_0 EXIST::FUNCTION:
CRYPTO_ocb128_init 3223 3_0_0 EXIST::FUNCTION:OCB
-EVP_PKEY_get1_EC_KEY 3224 3_0_0 EXIST::FUNCTION:EC
+EVP_PKEY_get1_EC_KEY 3224 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ASN1_PRINTABLESTRING_free 3225 3_0_0 EXIST::FUNCTION:
BIO_get_retry_reason 3226 3_0_0 EXIST::FUNCTION:
X509_NAME_print 3227 3_0_0 EXIST::FUNCTION:
ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION:
BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION:
-i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO
+i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
DH_bits 3232 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION:
@@ -3193,7 +3193,7 @@ ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DE
PEM_read_bio_DHparams 3259 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CMS_SharedInfo_encode 3260 3_0_0 EXIST::FUNCTION:CMS
ASN1_OBJECT_create 3261 3_0_0 EXIST::FUNCTION:
-i2d_ECParameters 3262 3_0_0 EXIST::FUNCTION:EC
+i2d_ECParameters 3262 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_GF2m_mod_arr 3263 3_0_0 EXIST::FUNCTION:EC2M
ENGINE_set_finish_function 3264 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
d2i_ASN1_OCTET_STRING 3265 3_0_0 EXIST::FUNCTION:
@@ -3226,7 +3226,7 @@ NETSCAPE_SPKI_set_pubkey 3292 3_0_0 EXIST::FUNCTION:
EVP_sha512 3293 3_0_0 EXIST::FUNCTION:
X509_CRL_match 3294 3_0_0 EXIST::FUNCTION:
i2s_ASN1_IA5STRING 3295 3_0_0 EXIST::FUNCTION:
-EC_KEY_get_default_method 3296 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get_default_method 3296 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PKCS8_decrypt 3297 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get_data 3298 3_0_0 EXIST::FUNCTION:
POLICYQUALINFO_it 3299 3_0_0 EXIST::FUNCTION:
@@ -3248,7 +3248,7 @@ ASN1_STRING_dup 3314 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_free 3315 3_0_0 EXIST::FUNCTION:
EC_GROUP_cmp 3316 3_0_0 EXIST::FUNCTION:EC
TS_TST_INFO_get_ext_by_critical 3317 3_0_0 EXIST::FUNCTION:TS
-ECParameters_print_fp 3318 3_0_0 EXIST::FUNCTION:EC,STDIO
+ECParameters_print_fp 3318 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509_REQ_sign 3319 3_0_0 EXIST::FUNCTION:
CRYPTO_xts128_encrypt 3320 3_0_0 EXIST::FUNCTION:
PEM_def_callback 3321 3_0_0 EXIST::FUNCTION:
@@ -3306,7 +3306,7 @@ RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
CRYPTO_gcm128_finish 3374 3_0_0 EXIST::FUNCTION:
PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST::FUNCTION:
PKCS12_PBE_add 3376 3_0_0 EXIST::FUNCTION:
-EC_KEY_set_public_key_affine_coordinates 3377 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_public_key_affine_coordinates 3377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_EncryptInit_ex 3378 3_0_0 EXIST::FUNCTION:
ENGINE_add 3379 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
OPENSSL_LH_error 3380 3_0_0 EXIST::FUNCTION:
@@ -3377,7 +3377,7 @@ BN_get_rfc3526_prime_2048 3448 3_0_0 EXIST::FUNCTION:
BIO_new_bio_pair 3449 3_0_0 EXIST::FUNCTION:
EC_GFp_nistp256_method 3450 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128
BIO_method_type 3451 3_0_0 EXIST::FUNCTION:
-ECPKParameters_print 3452 3_0_0 EXIST::FUNCTION:EC
+ECPKParameters_print 3452 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_rc4 3453 3_0_0 EXIST::FUNCTION:RC4
CMS_data_create 3454 3_0_0 EXIST::FUNCTION:CMS
EC_POINT_point2bn 3455 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
@@ -3385,7 +3385,7 @@ CMS_unsigned_get0_data_by_OBJ 3456 3_0_0 EXIST::FUNCTION:CMS
ASN1_OCTET_STRING_cmp 3457 3_0_0 EXIST::FUNCTION:
X509_NAME_print_ex 3458 3_0_0 EXIST::FUNCTION:
ASN1_parse 3459 3_0_0 EXIST::FUNCTION:
-EC_KEY_priv2oct 3460 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_priv2oct 3460 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PKCS7_simple_smimecap 3461 3_0_0 EXIST::FUNCTION:
ASN1_TYPE_set_int_octetstring 3462 3_0_0 EXIST::FUNCTION:
BIO_number_written 3463 3_0_0 EXIST::FUNCTION:
@@ -3432,7 +3432,7 @@ BIO_ADDR_rawport 3503 3_0_0 EXIST::FUNCTION:SOCK
BUF_MEM_grow_clean 3504 3_0_0 EXIST::FUNCTION:
X509_NAME_print_ex_fp 3505 3_0_0 EXIST::FUNCTION:STDIO
X509_check_host 3506 3_0_0 EXIST::FUNCTION:
-PEM_read_ECPKParameters 3507 3_0_0 EXIST::FUNCTION:EC,STDIO
+PEM_read_ECPKParameters 3507 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509_ATTRIBUTE_get0_data 3508 3_0_0 EXIST::FUNCTION:
CMS_add1_signer 3509 3_0_0 EXIST::FUNCTION:CMS
BN_pseudo_rand 3510 3_0_0 EXIST::FUNCTION:
@@ -3525,7 +3525,7 @@ CMS_get0_signers 3602 3_0_0 EXIST::FUNCTION:CMS
i2d_PrivateKey_fp 3603 3_0_0 EXIST::FUNCTION:STDIO
OTHERNAME_cmp 3604 3_0_0 EXIST::FUNCTION:
SMIME_write_PKCS7 3605 3_0_0 EXIST::FUNCTION:
-EC_KEY_set_public_key 3606 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_set_public_key 3606 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
d2i_X509_EXTENSION 3607 3_0_0 EXIST::FUNCTION:
CMS_add1_recipient_cert 3608 3_0_0 EXIST::FUNCTION:CMS
CMS_RecipientInfo_kekri_get0_id 3609 3_0_0 EXIST::FUNCTION:CMS
@@ -3535,7 +3535,7 @@ BN_is_prime_ex 3612 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
PKCS5_v2_PBE_keyivgen 3613 3_0_0 EXIST::FUNCTION:
CRYPTO_ctr128_encrypt 3614 3_0_0 EXIST::FUNCTION:
CMS_unsigned_add1_attr_by_OBJ 3615 3_0_0 EXIST::FUNCTION:CMS
-PEM_write_EC_PUBKEY 3616 3_0_0 EXIST::FUNCTION:EC,STDIO
+PEM_write_EC_PUBKEY 3616 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509v3_asid_add_inherit 3617 3_0_0 EXIST::FUNCTION:RFC3779
ERR_get_error 3618 3_0_0 EXIST::FUNCTION:
TS_CONF_set_signer_digest 3619 3_0_0 EXIST::FUNCTION:TS
@@ -3611,7 +3611,7 @@ X509_VERIFY_PARAM_set1_ip 3691 3_0_0 EXIST::FUNCTION:
OTHERNAME_free 3692 3_0_0 EXIST::FUNCTION:
OCSP_REVOKEDINFO_free 3693 3_0_0 EXIST::FUNCTION:OCSP
EVP_CIPHER_CTX_encrypting 3694 3_0_0 EXIST::FUNCTION:
-EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION:
OCSP_sendreq_nbio 3698 3_0_0 EXIST::FUNCTION:OCSP
@@ -3647,7 +3647,7 @@ DES_set_key_checked 3727 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EVP_PKEY_meth_free 3728 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_sha224 3729 3_0_0 EXIST::FUNCTION:
ENGINE_set_id 3730 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-d2i_ECPrivateKey 3731 3_0_0 EXIST::FUNCTION:EC
+d2i_ECPrivateKey 3731 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CMS_signed_add1_attr_by_NID 3732 3_0_0 EXIST::FUNCTION:CMS
i2d_DSAPrivateKey_fp 3733 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
EVP_CIPHER_meth_get_set_asn1_params 3734 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -3701,7 +3701,7 @@ EC_GROUP_new_curve_GFp 3782 3_0_0 EXIST::FUNCTION:EC
UI_new_method 3783 3_0_0 EXIST::FUNCTION:
Camellia_ofb128_encrypt 3784 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
X509_new 3785 3_0_0 EXIST::FUNCTION:
-EC_KEY_get_conv_form 3786 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get_conv_form 3786 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CTLOG_STORE_get0_log_by_id 3787 3_0_0 EXIST::FUNCTION:CT
CMS_signed_add1_attr 3788 3_0_0 EXIST::FUNCTION:CMS
EVP_CIPHER_meth_set_iv_length 3789 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -3746,14 +3746,14 @@ d2i_AUTHORITY_KEYID 3828 3_0_0 EXIST::FUNCTION:
RIPEMD160_Transform 3829 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160
DES_random_key 3830 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
i2d_PKCS12_MAC_DATA 3831 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_get0_EC_KEY 3832 3_0_0 EXIST::FUNCTION:EC
+EVP_PKEY_get0_EC_KEY 3832 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ASN1_SCTX_get_item 3833 3_0_0 EXIST::FUNCTION:
NOTICEREF_new 3834 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_inv 3835 3_0_0 EXIST::FUNCTION:EC2M
X509_CERT_AUX_free 3836 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_inv_arr 3837 3_0_0 EXIST::FUNCTION:EC2M
X509_REQ_get1_email 3838 3_0_0 EXIST::FUNCTION:
-EC_KEY_print 3839 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_print 3839 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
i2d_ASN1_INTEGER 3840 3_0_0 EXIST::FUNCTION:
OCSP_SINGLERESP_add1_ext_i2d 3841 3_0_0 EXIST::FUNCTION:OCSP
PKCS7_add_signed_attribute 3842 3_0_0 EXIST::FUNCTION:
@@ -3772,7 +3772,7 @@ d2i_OCSP_ONEREQ 3854 3_0_0 EXIST::FUNCTION:OCSP
EVP_PKEY_asn1_set_security_bits 3855 3_0_0 EXIST::FUNCTION:
i2d_CERTIFICATEPOLICIES 3856 3_0_0 EXIST::FUNCTION:
i2d_X509_CERT_AUX 3857 3_0_0 EXIST::FUNCTION:
-i2o_ECPublicKey 3858 3_0_0 EXIST::FUNCTION:EC
+i2o_ECPublicKey 3858 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PKCS12_SAFEBAG_create0_pkcs8 3859 3_0_0 EXIST::FUNCTION:
OBJ_get0_data 3860 3_0_0 EXIST::FUNCTION:
EC_GROUP_get0_seed 3861 3_0_0 EXIST::FUNCTION:EC
@@ -4114,7 +4114,7 @@ EVP_aria_256_ctr 4203 3_0_0 EXIST::FUNCTION:ARIA
EVP_aria_128_ctr 4204 3_0_0 EXIST::FUNCTION:ARIA
EVP_aria_192_ctr 4205 3_0_0 EXIST::FUNCTION:ARIA
UI_null 4206 3_0_0 EXIST::FUNCTION:
-EC_KEY_get0_engine 4207 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_get0_engine 4207 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
INT32_it 4208 3_0_0 EXIST::FUNCTION:
UINT64_it 4209 3_0_0 EXIST::FUNCTION:
ZINT32_it 4210 3_0_0 EXIST::FUNCTION:
@@ -5084,8 +5084,8 @@ OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_get_capabilities ? 3_0_0 EXIST::FUNCTION:
EC_GROUP_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC
-EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:EC
-EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
+EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OSSL_LIB_CTX_set0_default ? 3_0_0 EXIST::FUNCTION:
PEM_X509_INFO_read_bio_ex ? 3_0_0 EXIST::FUNCTION:
PEM_X509_INFO_read_ex ? 3_0_0 EXIST::FUNCTION:STDIO
@@ -5232,7 +5232,7 @@ CMS_AuthEnvelopedData_create_ex ? 3_0_0 EXIST::FUNCTION:CMS
EVP_PKEY_CTX_set_ec_param_enc ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_first_alg_name ? 3_0_0 EXIST::FUNCTION:
EVP_KEYMGMT_get0_first_name ? 3_0_0 EXIST::FUNCTION:
-EC_KEY_decoded_from_explicit_params ? 3_0_0 EXIST::FUNCTION:EC
+EC_KEY_decoded_from_explicit_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_KEM_free ? 3_0_0 EXIST::FUNCTION:
EVP_KEM_up_ref ? 3_0_0 EXIST::FUNCTION:
EVP_KEM_provider ? 3_0_0 EXIST::FUNCTION:
@@ -5287,3 +5287,12 @@ PEM_write_bio_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get_group_name ? 3_0_0 EXIST::FUNCTION:
CRYPTO_atomic_or ? 3_0_0 EXIST::FUNCTION:
CRYPTO_atomic_load ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_settable_params ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_set_params ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_set_int_param ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_set_size_t_param ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_set_bn_param ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_set_utf8_string_param ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_set_octet_string_param ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_get_ec_point_conv_form ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_get_field_type ? 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list