From d7e498ac55f12bc2f4e7f948cbb8de2e3eeafc74 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 4 Oct 2020 16:34:31 +0200 Subject: [PATCH] Deprecate RSA harder This deprecates all functions that deal with the types RSA and RSA_METHOD Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13096) --- apps/genrsa.c | 11 +- apps/req.c | 9 +- apps/rsa.c | 144 +++-- apps/rsautl.c | 62 +- apps/x509.c | 9 +- crypto/asn1/asn1_item_list.c | 3 + crypto/asn1/asn1_item_list.h | 2 + crypto/asn1/i2d_evp.c | 8 +- crypto/evp/build.info | 2 +- crypto/evp/p_dec.c | 7 +- crypto/evp/p_enc.c | 7 +- crypto/evp/p_legacy.c | 51 ++ crypto/evp/p_lib.c | 31 - crypto/pem/pem_all.c | 8 +- crypto/pem/pem_local.h | 3 + crypto/rsa/rsa_backend.c | 6 + crypto/rsa/rsa_local.h | 1 - doc/man3/d2i_RSAPrivateKey.pod | 242 ++++++++ doc/man3/d2i_X509.pod | 31 +- fuzz/asn1.c | 6 +- fuzz/server.c | 9 + include/crypto/rsa.h | 1 + include/crypto/types.h | 16 + include/openssl/evp.h | 15 +- include/openssl/pem.h | 10 +- include/openssl/rsa.h | 576 ++++++++++-------- include/openssl/ssl.h.in | 24 +- include/openssl/types.h | 3 + include/openssl/x509.h.in | 38 +- providers/common/der/der_rsa_key.c | 6 + providers/common/include/prov/securitycheck.h | 2 + ssl/build.info | 2 +- ssl/ssl_local.h | 1 - ssl/ssl_rsa.c | 171 ------ ssl/ssl_rsa_legacy.c | 180 ++++++ ssl/statem/statem_clnt.c | 3 +- ssl/statem/statem_lib.c | 1 + ssl/statem/statem_srvr.c | 1 + test/endecoder_legacy_test.c | 6 + test/evp_extra_test.c | 73 +-- test/keymgmt_internal_test.c | 6 + test/rsa_sp800_56b_test.c | 7 + util/libcrypto.num | 132 ++-- util/libssl.num | 12 +- 44 files changed, 1182 insertions(+), 756 deletions(-) create mode 100644 crypto/evp/p_legacy.c create mode 100644 doc/man3/d2i_RSAPrivateKey.pod create mode 100644 include/crypto/types.h create mode 100644 ssl/ssl_rsa_legacy.c diff --git a/apps/genrsa.c b/apps/genrsa.c index f471814e08..32f088238d 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -79,9 +79,7 @@ int genrsa_main(int argc, char **argv) BN_GENCB *cb = BN_GENCB_new(); ENGINE *eng = NULL; BIGNUM *bn = BN_new(); - RSA *rsa; BIO *out = NULL; - const BIGNUM *e; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; const EVP_CIPHER *enc = NULL; @@ -205,9 +203,11 @@ opthelp: } if (verbose) { - if ((rsa = EVP_PKEY_get0_RSA(pkey)) != NULL) { - RSA_get0_key(rsa, NULL, &e, NULL); - } else { + BIGNUM *e = NULL; + + /* Every RSA key has an 'e' */ + EVP_PKEY_get_bn_param(pkey, "e", &e); + if (e == NULL) { BIO_printf(bio_err, "Error cannot access RSA e\n"); goto end; } @@ -218,6 +218,7 @@ opthelp: } OPENSSL_free(hexe); OPENSSL_free(dece); + BN_free(e); } if (traditional) { if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0, diff --git a/apps/req.c b/apps/req.c index 9fa3429baf..41a78593b0 100644 --- a/apps/req.c +++ b/apps/req.c @@ -939,10 +939,13 @@ int req_main(int argc, char **argv) } fprintf(stdout, "Modulus="); #ifndef OPENSSL_NO_RSA - if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) { - const BIGNUM *n; - RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL); + if (EVP_PKEY_is_a(tpubkey, "RSA")) { + BIGNUM *n; + + /* Every RSA key has an 'n' */ + EVP_PKEY_get_bn_param(pkey, "n", &n); BN_print(out, n); + BN_free(n); } else #endif fprintf(stdout, "Wrong Algorithm type"); diff --git a/apps/rsa.c b/apps/rsa.c index 558b126560..da1342b4c0 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -22,6 +22,13 @@ #include #include #include +#include + +/* + * TODO: This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit + * much just for those macros... they might serve better as EVP macros. + */ +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -62,12 +69,10 @@ const OPTIONS rsa_options[] = { {"traditional", OPT_TRADITIONAL, '-', "Use traditional format for private keys"}, -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) OPT_SECTION("PVK"), {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, -#endif OPT_PROV_OPTIONS, {NULL} @@ -77,20 +82,21 @@ int rsa_main(int argc, char **argv) { ENGINE *e = NULL; BIO *out = NULL; - RSA *rsa = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pctx; const EVP_CIPHER *enc = NULL; char *infile = NULL, *outfile = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; - int i, private = 0; + int private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0; int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1; -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) int pvk_encr = 2; -#endif OPTION_CHOICE o; int traditional = 0; + const char *output_type = NULL; + const char *output_structure = NULL; + int selection = 0; + OSSL_ENCODER_CTX *ectx = NULL; prog = opt_init(argc, argv, rsa_options); while ((o = opt_next()) != OPT_EOF) { @@ -142,9 +148,7 @@ int rsa_main(int argc, char **argv) case OPT_PVK_STRONG: /* pvk_encr:= 2 */ case OPT_PVK_WEAK: /* pvk_encr:= 1 */ case OPT_PVK_NONE: /* pvk_encr:= 0 */ -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) pvk_encr = (o - OPT_PVK_NONE); -#endif break; case OPT_NOOUT: noout = 1; @@ -203,13 +207,14 @@ int rsa_main(int argc, char **argv) pkey = load_key(infile, informat, 1, passin, e, "private key"); } - if (pkey != NULL) - rsa = EVP_PKEY_get1_RSA(pkey); - - if (rsa == NULL) { + if (pkey == NULL) { ERR_print_errors(bio_err); goto end; } + if (!EVP_PKEY_is_a(pkey, "RSA")) { + BIO_printf(bio_err, "Not an RSA key\n"); + goto end; + } out = bio_open_owner(outfile, outformat, private); if (out == NULL) @@ -226,11 +231,14 @@ int rsa_main(int argc, char **argv) } if (modulus) { - const BIGNUM *n; - RSA_get0_key(rsa, &n, NULL, NULL); + BIGNUM *n = NULL; + + /* Every RSA key has an 'n' */ + EVP_PKEY_get_bn_param(pkey, "n", &n); BIO_printf(out, "Modulus="); BN_print(out, n); BIO_printf(out, "\n"); + BN_free(n); } if (check) { @@ -268,77 +276,81 @@ int rsa_main(int argc, char **argv) goto end; } BIO_printf(bio_err, "writing RSA key\n"); + + /* Choose output type for the format */ if (outformat == FORMAT_ASN1) { - if (pubout || pubin) { - if (pubout == 2) - i = i2d_RSAPublicKey_bio(out, rsa); - else - i = i2d_RSA_PUBKEY_bio(out, rsa); - } else { - assert(private); - i = i2d_RSAPrivateKey_bio(out, rsa); - } + output_type = "DER"; } else if (outformat == FORMAT_PEM) { + output_type = "PEM"; + } else if (outformat == FORMAT_MSBLOB) { + output_type = "MSBLOB"; + } else if (outformat == FORMAT_PVK) { + if (pubin) { + BIO_printf(bio_err, "PVK form impossible with public key input\n"); + goto end; + } + output_type = "PVK"; + } else { + BIO_printf(bio_err, "bad output format specified for outfile\n"); + goto end; + } + + /* Select what you want in the output */ + if (pubout || pubin) { + selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + } else { + assert(private); + selection = (OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); + } + + /* For DER based output, select the desired output structure */ + if (outformat == FORMAT_ASN1 || outformat == FORMAT_PEM) { if (pubout || pubin) { if (pubout == 2) - i = PEM_write_bio_RSAPublicKey(out, rsa); + output_structure = "SubjectPublicKeyInfo"; else - i = PEM_write_bio_RSA_PUBKEY(out, rsa); + output_structure = "pkcs1"; /* "type-specific" would work too */ } else { assert(private); - if (traditional) { - i = PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0, - NULL, passout); - } else { - i = PEM_write_bio_PrivateKey(out, pkey, - enc, NULL, 0, NULL, passout); - } + if (traditional) + output_structure = "pkcs1"; /* "type-specific" would work too */ + else + output_structure = "pkcs8"; } -#ifndef OPENSSL_NO_DSA - } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { - EVP_PKEY *pk; - pk = EVP_PKEY_new(); - if (pk == NULL) - goto end; + } - EVP_PKEY_set1_RSA(pk, rsa); - if (outformat == FORMAT_PVK) { - if (pubin) { - BIO_printf(bio_err, "PVK form impossible with public key input\n"); - EVP_PKEY_free(pk); - goto end; - } - assert(private); -# ifdef OPENSSL_NO_RC4 - BIO_printf(bio_err, "PVK format not supported\n"); - EVP_PKEY_free(pk); + /* Now, perform the encoding */ + ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection, + output_type, output_structure, + NULL, NULL); + if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { + BIO_printf(bio_err, "%s format not supported\n", output_type); + goto end; + } + + /* PVK is a bit special... */ + if (outformat == FORMAT_PVK) { + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int("encrypt-level", &pvk_encr); + if (!OSSL_ENCODER_CTX_set_params(ectx, params)) { + BIO_printf(bio_err, "invalid PVK encryption level\n"); goto end; -# else - i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); -# endif - } else if (pubin || pubout) { - i = i2b_PublicKey_bio(out, pk); - } else { - assert(private); - i = i2b_PrivateKey_bio(out, pk); } - EVP_PKEY_free(pk); -#endif - } else { - BIO_printf(bio_err, "bad output format specified for outfile\n"); - goto end; } - if (i <= 0) { + + if (!OSSL_ENCODER_to_bio(ectx, out)) { BIO_printf(bio_err, "unable to write key\n"); ERR_print_errors(bio_err); - } else { - ret = 0; + goto end; } + ret = 0; end: + OSSL_ENCODER_CTX_free(ectx); release_engine(e); BIO_free_all(out); EVP_PKEY_free(pkey); - RSA_free(rsa); OPENSSL_free(passin); OPENSSL_free(passout); return ret; diff --git a/apps/rsautl.c b/apps/rsautl.c index 9b5456cb89..8fefaee8f5 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -7,9 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* We need to use the deprecated RSA low level calls */ -#define OPENSSL_SUPPRESS_DEPRECATED - #include #include "apps.h" @@ -78,14 +75,15 @@ int rsautl_main(int argc, char **argv) BIO *in = NULL, *out = NULL; ENGINE *e = NULL; EVP_PKEY *pkey = NULL; - RSA *rsa = NULL; + EVP_PKEY_CTX *ctx = NULL; X509 *x; char *infile = NULL, *outfile = NULL, *keyfile = NULL; char *passinarg = NULL, *passin = NULL, *prog; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING; - int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1; - int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0; + size_t rsa_inlen, rsa_outlen = 0; + int keyformat = FORMAT_PEM, keysize, ret = 1, rv; + int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0; OPTION_CHOICE o; prog = opt_init(argc, argv, rsautl_options); @@ -208,15 +206,6 @@ int rsautl_main(int argc, char **argv) if (pkey == NULL) return 1; - rsa = EVP_PKEY_get1_RSA(pkey); - EVP_PKEY_free(pkey); - - if (rsa == NULL) { - BIO_printf(bio_err, "Error getting RSA key\n"); - ERR_print_errors(bio_err); - goto end; - } - in = bio_open_default(infile, 'r', FORMAT_BINARY); if (in == NULL) goto end; @@ -224,48 +213,58 @@ int rsautl_main(int argc, char **argv) if (out == NULL) goto end; - keysize = RSA_size(rsa); + keysize = EVP_PKEY_size(pkey); rsa_in = app_malloc(keysize * 2, "hold rsa key"); rsa_out = app_malloc(keysize, "output rsa key"); + rsa_outlen = keysize; /* Read the input data */ - rsa_inlen = BIO_read(in, rsa_in, keysize * 2); - if (rsa_inlen < 0) { + rv = BIO_read(in, rsa_in, keysize * 2); + if (rv < 0) { BIO_printf(bio_err, "Error reading input Data\n"); goto end; } + rsa_inlen = rv; if (rev) { - int i; + size_t i; unsigned char ctmp; + for (i = 0; i < rsa_inlen / 2; i++) { ctmp = rsa_in[i]; rsa_in[i] = rsa_in[rsa_inlen - 1 - i]; rsa_in[rsa_inlen - 1 - i] = ctmp; } } - switch (rsa_mode) { + if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL) + goto end; + + switch (rsa_mode) { case RSA_VERIFY: - rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); + rv = EVP_PKEY_verify_recover_init(ctx) + && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) + && EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen, + rsa_in, rsa_inlen); break; - case RSA_SIGN: - rsa_outlen = - RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); + rv = EVP_PKEY_sign_init(ctx) + && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) + && EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); break; - case RSA_ENCRYPT: - rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); + rv = EVP_PKEY_encrypt_init(ctx) + && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) + && EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); break; - case RSA_DECRYPT: - rsa_outlen = - RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); + rv = EVP_PKEY_decrypt_init(ctx) + && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) + && EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); break; } - if (rsa_outlen < 0) { + if (!rv) { BIO_printf(bio_err, "RSA operation error\n"); ERR_print_errors(bio_err); goto end; @@ -281,7 +280,8 @@ int rsautl_main(int argc, char **argv) BIO_write(out, rsa_out, rsa_outlen); } end: - RSA_free(rsa); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); release_engine(e); BIO_free(in); BIO_free_all(out); diff --git a/apps/x509.c b/apps/x509.c index 0d0d93edc0..ad627f4558 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -757,10 +757,13 @@ int x509_main(int argc, char **argv) } BIO_printf(out, "Modulus="); #ifndef OPENSSL_NO_RSA - if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { - const BIGNUM *n; - RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL); + if (EVP_PKEY_is_a(pkey, "RSA")) { + BIGNUM *n; + + /* Every RSA key has an 'n' */ + EVP_PKEY_get_bn_param(pkey, "n", &n); BN_print(out, n); + BN_free(n); } else #endif #ifndef OPENSSL_NO_DSA diff --git a/crypto/asn1/asn1_item_list.c b/crypto/asn1/asn1_item_list.c index 5a711546bf..c7000c20e9 100644 --- a/crypto/asn1/asn1_item_list.c +++ b/crypto/asn1/asn1_item_list.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the low level ASN1 items until they are removed */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include "internal/cryptlib.h" #include diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h index 4cdf1d221a..b5a8661bd4 100644 --- a/crypto/asn1/asn1_item_list.h +++ b/crypto/asn1/asn1_item_list.h @@ -135,10 +135,12 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), ASN1_ITEM_ref(PROXY_POLICY), #ifndef OPENSSL_NO_RSA +# ifndef OPENSSL_NO_DEPRECATED_3_0 ASN1_ITEM_ref(RSAPrivateKey), ASN1_ITEM_ref(RSAPublicKey), ASN1_ITEM_ref(RSA_OAEP_PARAMS), ASN1_ITEM_ref(RSA_PSS_PARAMS), +# endif #endif #ifndef OPENSSL_NO_SCRYPT ASN1_ITEM_ref(SCRYPT_PARAMS), diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c index a81ae415fa..d0468bf5c2 100644 --- a/crypto/asn1/i2d_evp.c +++ b/crypto/asn1/i2d_evp.c @@ -16,7 +16,9 @@ #include #include #include -#include /* For i2d_RSAPublicKey */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# include /* For i2d_RSAPublicKey */ +#endif #include /* For i2d_DSAPublicKey */ #include /* For i2o_ECPublicKey */ #include "crypto/asn1.h" @@ -105,9 +107,11 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp) return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp); } switch (EVP_PKEY_id(a)) { -#ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); +# endif #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 7f1459a15c..358709a6a4 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -9,7 +9,7 @@ SOURCE[../../libcrypto]=$COMMON\ e_des.c e_bf.c e_idea.c e_des3.c \ e_rc4.c e_aes.c names.c e_aria.c e_sm4.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c m_null.c \ - p_seal.c p_sign.c p_verify.c \ + p_seal.c p_sign.c p_verify.c p_legacy.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_allc.c c_alld.c bio_ok.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index ef0e715d65..c71e88d9b0 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -7,11 +7,8 @@ * https://www.openssl.org/source/license.html */ -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED #include #include "internal/cryptlib.h" diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index b149c7bbcf..4847c752ed 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -7,11 +7,8 @@ * https://www.openssl.org/source/license.html */ -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED #include #include "internal/cryptlib.h" diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c new file mode 100644 index 0000000000..cad4d67d73 --- /dev/null +++ b/crypto/evp/p_legacy.c @@ -0,0 +1,51 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Legacy EVP_PKEY assign/set/get APIs are deprecated for public use, but + * still ok for internal use, particularly in providers. + */ +#include "internal/deprecated.h" + +#include +#include +#include +#include +#include "crypto/types.h" +#include "crypto/evp.h" +#include "evp_local.h" + +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) +{ + int ret = EVP_PKEY_assign_RSA(pkey, key); + if (ret) + RSA_up_ref(key); + return ret; +} + +RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) +{ + if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); + return NULL; + } + if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { + ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY); + return NULL; + } + return pkey->pkey.rsa; +} + +RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) +{ + RSA *ret = EVP_PKEY_get0_RSA(pkey); + if (ret != NULL) + RSA_up_ref(ret); + return ret; +} diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 7a258fa31b..a0c131d0c0 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -784,37 +784,6 @@ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) } # endif -# ifndef OPENSSL_NO_RSA -int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) -{ - int ret = EVP_PKEY_assign_RSA(pkey, key); - if (ret) - RSA_up_ref(key); - return ret; -} - -RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) -{ - if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); - return NULL; - } - if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY); - return NULL; - } - return pkey->pkey.rsa; -} - -RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) -{ - RSA *ret = EVP_PKEY_get0_RSA(pkey); - if (ret != NULL) - RSA_up_ref(ret); - return ret; -} -# endif - # ifndef OPENSSL_NO_DSA DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) { diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 8d5b25156c..ea758f04be 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -45,7 +45,8 @@ IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) -#ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_RSA /* * We treat RSA or DSA private keys as a special case. For private keys we * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract @@ -76,7 +77,7 @@ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, return pkey_get_rsa(pktmp, rsa); } -# ifndef OPENSSL_NO_STDIO +# ifndef OPENSSL_NO_STDIO RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) { @@ -85,11 +86,12 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) return pkey_get_rsa(pktmp, rsa); } -# endif +# endif IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) +# endif #endif #ifndef OPENSSL_NO_DSA static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h index 10761b03d3..7de2a71045 100644 --- a/crypto/pem/pem_local.h +++ b/crypto/pem/pem_local.h @@ -39,6 +39,9 @@ # define PEM_STRUCTURE_PrivateKey "pkcs8" # define PEM_STRUCTURE_Parameters "type-specific" +# define PEM_STRUCTURE_RSAPrivateKey "type-specific" +# define PEM_STRUCTURE_RSAPublicKey "type-specific" + /* Alternative IMPLEMENT macros for provided encoders */ # define IMPLEMENT_PEM_provided_write_body_vars(type, asn1) \ diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index f64fb34d52..2f430b34d4 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 60e590998b..49a0071031 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -10,7 +10,6 @@ #ifndef OSSL_CRYPTO_RSA_LOCAL_H #define OSSL_CRYPTO_RSA_LOCAL_H -#include "crypto/rsa.h" #include "internal/refcount.h" #include "crypto/rsa.h" diff --git a/doc/man3/d2i_RSAPrivateKey.pod b/doc/man3/d2i_RSAPrivateKey.pod new file mode 100644 index 0000000000..e7cf3989ab --- /dev/null +++ b/doc/man3/d2i_RSAPrivateKey.pod @@ -0,0 +1,242 @@ +=pod + +=begin comment + +Any deprecated keypair function from d2i_X509.pod are collected in this file. + +=end comment + +=head1 NAME + +d2i_RSAPrivateKey, +d2i_RSAPrivateKey_bio, +d2i_RSAPrivateKey_fp, +d2i_RSAPublicKey, +d2i_RSAPublicKey_bio, +d2i_RSAPublicKey_fp, +d2i_RSA_PUBKEY, +d2i_RSA_PUBKEY_bio, +d2i_RSA_PUBKEY_fp, +i2d_RSAPrivateKey, +i2d_RSAPrivateKey_bio, +i2d_RSAPrivateKey_fp, +i2d_RSAPublicKey, +i2d_RSAPublicKey_bio, +i2d_RSAPublicKey_fp, +i2d_RSA_PUBKEY, +i2d_RSA_PUBKEY_bio, +i2d_RSA_PUBKEY_fp +- DEPRECATED + +=head1 SYNOPSIS + +=for openssl generic + +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + TYPE *d2i_TYPEPrivateKey(TYPE **a, const unsigned char **ppin, long length); + TYPE *d2i_TYPEPrivateKey_bio(BIO *bp, TYPE **a); + TYPE *d2i_TYPEPrivateKey_fp(FILE *fp, TYPE **a); + TYPE *d2i_TYPEPublicKey(TYPE **a, const unsigned char **ppin, long length); + TYPE *d2i_TYPEPublicKey_bio(BIO *bp, TYPE **a); + TYPE *d2i_TYPEPublicKey_fp(FILE *fp, TYPE **a); + TYPE *d2i_TYPEparams(TYPE **a, const unsigned char **ppin, long length); + TYPE *d2i_TYPEparams_bio(BIO *bp, TYPE **a); + TYPE *d2i_TYPEparams_fp(FILE *fp, TYPE **a); + TYPE *d2i_TYPE_PUBKEY(TYPE **a, const unsigned char **ppin, long length); + TYPE *d2i_TYPE_PUBKEY_bio(BIO *bp, TYPE **a); + TYPE *d2i_TYPE_PUBKEY_fp(FILE *fp, TYPE **a); + + int i2d_TYPEPrivateKey(const TYPE *a, unsigned char **ppout); + int i2d_TYPEPrivateKey(TYPE *a, unsigned char **ppout); + int i2d_TYPEPrivateKey_fp(FILE *fp, const TYPE *a); + int i2d_TYPEPrivateKey_fp(FILE *fp, TYPE *a); + int i2d_TYPEPrivateKey_bio(BIO *bp, const TYPE *a); + int i2d_TYPEPrivateKey_bio(BIO *bp, TYPE *a); + int i2d_TYPEPublicKey(const TYPE *a, unsigned char **ppout); + int i2d_TYPEPublicKey(TYPE *a, unsigned char **ppout); + int i2d_TYPEPublicKey_fp(FILE *fp, const TYPE *a); + int i2d_TYPEPublicKey_fp(FILE *fp, TYPE *a); + int i2d_TYPEPublicKey_bio(BIO *bp, const TYPE *a); + int i2d_TYPEPublicKey_bio(BIO *bp, TYPE *a); + int i2d_TYPEparams(const TYPE *a, unsigned char **ppout); + int i2d_TYPEparams(TYPE *a, unsigned char **ppout); + int i2d_TYPEparams_fp(FILE *fp, const TYPE *a); + int i2d_TYPEparams_fp(FILE *fp, TYPE *a); + int i2d_TYPEparams_bio(BIO *bp, const TYPE *a); + int i2d_TYPEparams_bio(BIO *bp, TYPE *a); + int i2d_TYPE_PUBKEY(const TYPE *a, unsigned char **ppout); + int i2d_TYPE_PUBKEY(TYPE *a, unsigned char **ppout); + int i2d_TYPE_PUBKEY_fp(FILE *fp, const TYPE *a); + int i2d_TYPE_PUBKEY_fp(FILE *fp, TYPE *a); + int i2d_TYPE_PUBKEY_bio(BIO *bp, const TYPE *a); + int i2d_TYPE_PUBKEY_bio(BIO *bp, TYPE *a); + +=head1 DESCRIPTION + +All functions described here are deprecated. Please use L +instead of the B functions and L instead of the B +functions. See L below. + +In the description here, B> is used a placeholder for any of the +OpenSSL datatypes, such as B. +The function parameters I and I are generally either both named +I in the headers, or I and I. + +All the functions here behave the way that's described in L. + +Please note that not all functions in the synopsis are available for all key +types. For example, there are no d2i_RSAparams() or i2d_RSAparams(), +because the PKCS#1 B structure doesn't include any key parameters. + +BPrivateKey>() and derivates thereof decode DER encoded +B> private key data organized in a type specific structure. + +BPublicKey>() and derivates thereof decode DER encoded +B> public key data organized in a type specific structure. + +Bparams>() and derivates thereof decode DER encoded B> +key parameters organized in a type specific structure. + +B_PUBKEY>() and derivates thereof decode DER encoded B> +public key data organized in a B structure. + +BPrivateKey>() and derivates thereof encode the private key +B> data into a type specific DER encoded structure. + +BPublicKey>() and derivates thereof encode the public key +B> data into a type specific DER encoded structure. + +Bparams>() and derivates thereof encode the B> key +parameters data into a type specific DER encoded structure. + +B_PUBKEY>() and derivates thereof encode the public key +B> data into a DER encoded B structure. + +For example, d2i_RSAPrivateKey() and d2i_RSAPublicKey() expects the +structure defined by PKCS#1. +Similarly, i2d_RSAPrivateKey() and i2d_RSAPublicKey() produce DER encoded +string organized according to PKCS#1. + +=head2 Migration + +Migration from the diverse B>s requires using corresponding new +OpenSSL types. For all B>s described here, the corresponding new +type is B. The rest of this section assumes that this has been +done, exactly how to do that is described elsewhere. + +There are two migration paths: + +=over 4 + +=item * + +Replace +bPrivateKey()> with L, +bPublicKey()> with L, +bparams()> with L, +b_PUBKEY()> with L, +bPrivateKey()> with L, +bPublicKey()> with L, +bparams()> with L, +b_PUBKEY()> with L. +A caveat is that L may output a DER encoded PKCS#8 +outermost structure instead of the type specific structure, and that +L recognises and unpacks a PKCS#8 structures. + +=item * + +Use L and L. How to migrate is described +below. All those descriptions assume that the key to be encoded is in the +variable I. + +=back + +=head3 Migrating B functions to B + +The exact L output is driven by arguments rather than by +function names. The sample code to get DER encoded output in a type +specific structure is uniform, the only things that vary are the selection +of what part of the B should be output, and the structure. The +B functions names can therefore be translated into two variables, +I and I as follows: + +=over 4 + +=item BPrivateKey>() translates into: + + int selection = EVP_PKEY_PRIVATE_KEY; + const char *structure = "type-specific"; + +=item BPublicKey>() translates into: + + int selection = EVP_PKEY_PUBLIC_KEY; + const char *structure = "type-specific"; + +=item Bparams>() translates into: + + int selection = EVP_PKEY_PARAMETERS; + const char *structure = "type-specific"; + +=item B_PUBKEY>() translates into: + + int selection = EVP_PKEY_PUBLIC_KEY; + const char *structure = "SubjectPublicKeyInfo"; + +=back + +The following sample code does the rest of the work: + + unsigned char *p = buffer; /* |buffer| is supplied by the caller */ + size_t len = buffer_size; /* assumed be the size of |buffer| */ + OSSL_ENCODER_CTX *ctx = + OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection, "DER", structure, + NULL, NULL); + if (ctx == NULL) { + /* fatal error handling */ + } + if (OSSL_ENCODER_CTX_get_num_encoders(ctx) == 0) { + OSSL_ENCODER_CTX_free(ctx); + /* non-fatal error handling */ + } + if (!OSSL_ENCODER_to_data(ctx, &p, &len)) { + OSSL_ENCODER_CTX_free(ctx); + /* error handling */ + } + OSSL_ENCODER_CTX_free(ctx); + +=for comment TODO: a similar section on OSSL_DECODER is to be added + +=head1 RETURN VALUES + +B>(), B_bio>() and B_fp>() return a valid +B> structure or NULL if an error occurs. If the "reuse" capability has +been used with a valid structure being passed in via I, then the object is +freed in the event of error and I<*a> is set to NULL. + +B>() returns the number of bytes successfully encoded or a negative +value if an error occurs. + +B_bio>() and B_fp>() return 1 for success and 0 if an +error occurs. + +=head1 SEE ALSO + +L, L, +L, L, L, +L, +L, L, L, +L + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index a46977bc93..0b3414ba8f 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -1,5 +1,12 @@ =pod +=begin comment + +Any keypair function here that gets deprecated should be moved to +d2i_RSAPrivateKey.pod. + +=end comment + =head1 NAME d2i_ACCESS_DESCRIPTION, @@ -141,17 +148,8 @@ d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, -d2i_RSAPrivateKey, -d2i_RSAPrivateKey_bio, -d2i_RSAPrivateKey_fp, -d2i_RSAPublicKey, -d2i_RSAPublicKey_bio, -d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, -d2i_RSA_PUBKEY, -d2i_RSA_PUBKEY_bio, -d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, @@ -337,17 +335,8 @@ i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, -i2d_RSAPrivateKey, -i2d_RSAPrivateKey_bio, -i2d_RSAPrivateKey_fp, -i2d_RSAPublicKey, -i2d_RSAPublicKey_bio, -i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, -i2d_RSA_PUBKEY, -i2d_RSA_PUBKEY_bio, -i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, @@ -411,7 +400,7 @@ i2d_X509_VAL, =head1 DESCRIPTION In the description here, B> is used a placeholder -for any of the OpenSSL datatypes, such as I. +for any of the OpenSSL datatypes, such as B. The function parameters I and I are generally either both named I in the headers, or I and I. @@ -512,10 +501,6 @@ L, or similar instead. Represents an ECDSA signature. -=item B - -Represents a PKCS#1 RSA public key structure. - =item B Represents an B structure as used in IETF RFC 6960 and diff --git a/fuzz/asn1.c b/fuzz/asn1.c index 8fe8583815..9a4e454b2f 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -169,9 +169,11 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), ASN1_ITEM_ref(PROXY_POLICY), ASN1_ITEM_ref(RSA_OAEP_PARAMS), - ASN1_ITEM_ref(RSAPrivateKey), ASN1_ITEM_ref(RSA_PSS_PARAMS), +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ASN1_ITEM_ref(RSAPrivateKey), ASN1_ITEM_ref(RSAPublicKey), +#endif ASN1_ITEM_ref(SXNET), ASN1_ITEM_ref(SXNETID), ASN1_ITEM_ref(USERNOTICE), @@ -339,7 +341,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey); DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams); #endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey); +#endif #ifndef OPENSSL_NO_EC DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print); DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print); diff --git a/fuzz/server.c b/fuzz/server.c index 8123c90994..4055b58222 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -12,6 +12,9 @@ /* Test first part of SSL server handshake. */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include @@ -92,6 +95,7 @@ static const uint8_t kCertificateDER[] = { 0x76, 0x8a, 0xbb, }; +#ifndef OPENSSL_NO_DEPRECATED_3_0 static const uint8_t kRSAPrivateKeyDER[] = { 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, @@ -194,6 +198,7 @@ static const uint8_t kRSAPrivateKeyDER[] = { 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50, 0x98, 0x46, 0x89, 0x82, 0x40, }; +#endif #ifndef OPENSSL_NO_EC @@ -512,7 +517,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) #endif SSL_CTX *ctx; int ret; +#ifndef OPENSSL_NO_DEPRECATED_3_0 RSA *privkey; +#endif const uint8_t *bufp; EVP_PKEY *pkey; X509 *cert; @@ -539,6 +546,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0"); OPENSSL_assert(ret == 1); +#ifndef OPENSSL_NO_DEPRECATED_3_0 /* RSA */ bufp = kRSAPrivateKeyDER; privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); @@ -548,6 +556,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); +#endif bufp = kCertificateDER; cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER)); diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 1ee1991f57..ede11cfd41 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -12,6 +12,7 @@ # include # include +# include "crypto/types.h" typedef struct rsa_pss_params_30_st { int hash_algorithm_nid; diff --git a/include/crypto/types.h b/include/crypto/types.h new file mode 100644 index 0000000000..ccb75e3cbf --- /dev/null +++ b/include/crypto/types.h @@ -0,0 +1,16 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* When removal is simulated, we still need the type internally */ + +#ifdef OPENSSL_NO_DEPRECATED_3_0 +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +#endif + diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 0dcb56e078..3f39e9ef4a 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -457,9 +457,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); -# ifndef OPENSSL_NO_RSA -# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ - (rsa)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (rsa)) +# endif # endif # ifndef OPENSSL_NO_DSA @@ -1211,11 +1213,16 @@ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); # endif -# ifndef OPENSSL_NO_RSA +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_RSA struct rsa_st; +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +OSSL_DEPRECATEDIN_3_0 struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif # endif # ifndef OPENSSL_NO_DSA struct dsa_st; diff --git a/include/openssl/pem.h b/include/openssl/pem.h index 3066918b27..3dcf97e36c 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -373,10 +373,12 @@ DECLARE_PEM_rw(PKCS7, PKCS7) DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) -# ifndef OPENSSL_NO_RSA -DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw(RSAPublicKey, RSA) -DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA) +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA) +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA) +# endif # endif # ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 24b2a7eb55..2681d1a543 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -37,6 +37,9 @@ extern "C" { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif +# define RSA_3 0x3L +# define RSA_F4 0x10001L + # ifndef OPENSSL_NO_DEPRECATED_3_0 /* The types RSA and RSA_METHOD are defined in ossl_typ.h */ @@ -50,24 +53,13 @@ extern "C" { # ifndef OPENSSL_RSA_MAX_PUBEXP_BITS # define OPENSSL_RSA_MAX_PUBEXP_BITS 64 # endif -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ - -# define RSA_3 0x3L -# define RSA_F4 0x10001L - -# ifndef OPENSSL_NO_DEPRECATED_3_0 /* based on RFC 8017 appendix A.1.2 */ # define RSA_ASN1_VERSION_DEFAULT 0 # define RSA_ASN1_VERSION_MULTI 1 # define RSA_DEFAULT_PRIME_NUM 2 -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ -/* Don't check pub/private match */ -/* TODO(3.0): deprecate this? It is exposed for sls/t1_lib.c's use */ -# define RSA_METHOD_FLAG_NO_CHECK 0x0001 - -# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RSA_METHOD_FLAG_NO_CHECK 0x0001 # define RSA_FLAG_CACHE_PUBLIC 0x0002 # define RSA_FLAG_CACHE_PRIVATE 0x0004 # define RSA_FLAG_BLINDING 0x0008 @@ -132,11 +124,13 @@ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits); -DEPRECATEDIN_3_0(int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, - BIGNUM *pubexp)) int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +# endif /* Salt length matches digest */ # define RSA_PSS_SALTLEN_DIGEST -1 @@ -206,99 +200,113 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) # define RSA_get_app_data(s) RSA_get_ex_data(s,0) -RSA *RSA_new(void); -DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine)) -int RSA_bits(const RSA *rsa); -DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) -DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa)) - -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); -int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); -int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); -int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], - BIGNUM *coeffs[], int pnum); -void RSA_get0_key(const RSA *r, - const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); -void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); -int RSA_get_multi_prime_extra_count(const RSA *r); -int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); -void RSA_get0_crt_params(const RSA *r, - const BIGNUM **dmp1, const BIGNUM **dmq1, - const BIGNUM **iqmp); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void); +OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine); +OSSL_DEPRECATEDIN_3_0 int RSA_bits(const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 int RSA_security_bits(const RSA *rsa); + +OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +OSSL_DEPRECATEDIN_3_0 int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +OSSL_DEPRECATEDIN_3_0 int RSA_set0_crt_params(RSA *r, + BIGNUM *dmp1, BIGNUM *dmq1, + BIGNUM *iqmp); +OSSL_DEPRECATEDIN_3_0 int RSA_set0_multi_prime_params(RSA *r, + BIGNUM *primes[], + BIGNUM *exps[], + BIGNUM *coeffs[], + int pnum); +OSSL_DEPRECATEDIN_3_0 void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, + const BIGNUM **d); +OSSL_DEPRECATEDIN_3_0 void RSA_get0_factors(const RSA *r, + const BIGNUM **p, const BIGNUM **q); +OSSL_DEPRECATEDIN_3_0 int RSA_get_multi_prime_extra_count(const RSA *r); +OSSL_DEPRECATEDIN_3_0 int RSA_get0_multi_prime_factors(const RSA *r, + const BIGNUM *primes[]); +OSSL_DEPRECATEDIN_3_0 void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, + const BIGNUM **dmq1, + const BIGNUM **iqmp); +OSSL_DEPRECATEDIN_3_0 int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], const BIGNUM *coeffs[]); -const BIGNUM *RSA_get0_n(const RSA *d); -const BIGNUM *RSA_get0_e(const RSA *d); -const BIGNUM *RSA_get0_d(const RSA *d); -const BIGNUM *RSA_get0_p(const RSA *d); -const BIGNUM *RSA_get0_q(const RSA *d); -const BIGNUM *RSA_get0_dmp1(const RSA *r); -const BIGNUM *RSA_get0_dmq1(const RSA *r); -const BIGNUM *RSA_get0_iqmp(const RSA *r); -DEPRECATEDIN_3_0(const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)) -void RSA_clear_flags(RSA *r, int flags); -int RSA_test_flags(const RSA *r, int flags); -void RSA_set_flags(RSA *r, int flags); -DEPRECATEDIN_3_0(int RSA_get_version(RSA *r)) -DEPRECATEDIN_3_0(ENGINE *RSA_get0_engine(const RSA *r)) +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_n(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_e(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_d(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_p(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_q(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_dmp1(const RSA *r); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_dmq1(const RSA *r); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_iqmp(const RSA *r); +OSSL_DEPRECATEDIN_3_0 const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +OSSL_DEPRECATEDIN_3_0 void RSA_clear_flags(RSA *r, int flags); +OSSL_DEPRECATEDIN_3_0 int RSA_test_flags(const RSA *r, int flags); +OSSL_DEPRECATEDIN_3_0 void RSA_set_flags(RSA *r, int flags); +OSSL_DEPRECATEDIN_3_0 int RSA_get_version(RSA *r); +OSSL_DEPRECATEDIN_3_0 ENGINE *RSA_get0_engine(const RSA *r); /* Deprecated version */ -DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void - (*callback) (int, int, void *), - void *cb_arg)) +OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg); /* New version */ -DEPRECATEDIN_3_0(int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, - BN_GENCB *cb)) +OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); /* Multi-prime version */ -DEPRECATEDIN_3_0(int RSA_generate_multi_prime_key(RSA *rsa, int bits, - int primes, BIGNUM *e, - BN_GENCB *cb)) - -DEPRECATEDIN_3_0(int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, - BIGNUM *q1, BIGNUM *q2, - const BIGNUM *Xp1, const BIGNUM *Xp2, - const BIGNUM *Xp, const BIGNUM *Xq1, - const BIGNUM *Xq2, const BIGNUM *Xq, - const BIGNUM *e, BN_GENCB *cb)) -DEPRECATEDIN_3_0(int RSA_X931_generate_key_ex(RSA *rsa, int bits, - const BIGNUM *e, BN_GENCB *cb)) - -DEPRECATEDIN_3_0(int RSA_check_key(const RSA *)) -DEPRECATEDIN_3_0(int RSA_check_key_ex(const RSA *, BN_GENCB *cb)) +OSSL_DEPRECATEDIN_3_0 int RSA_generate_multi_prime_key(RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb); + +OSSL_DEPRECATEDIN_3_0 +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, + BIGNUM *q1, BIGNUM *q2, + const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, + const BIGNUM *Xq2, const BIGNUM *Xq, + const BIGNUM *e, BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 int RSA_X931_generate_key_ex(RSA *rsa, int bits, + const BIGNUM *e, + BN_GENCB *cb); + +OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *); +OSSL_DEPRECATEDIN_3_0 int RSA_check_key_ex(const RSA *, BN_GENCB *cb); /* next 4 return -1 on error */ -DEPRECATEDIN_3_0(int RSA_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) -DEPRECATEDIN_3_0(int RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) -DEPRECATEDIN_3_0(int RSA_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) -DEPRECATEDIN_3_0(int RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) -void RSA_free(RSA *r); +OSSL_DEPRECATEDIN_3_0 +int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r); /* "up" the RSA object's reference count */ -int RSA_up_ref(RSA *r); - -/* TODO(3.0): deprecate this one ssl/ssl_rsa.c can be changed to avoid it */ -int RSA_flags(const RSA *r); +OSSL_DEPRECATEDIN_3_0 int RSA_up_ref(RSA *r); +OSSL_DEPRECATEDIN_3_0 int RSA_flags(const RSA *r); -DEPRECATEDIN_3_0(void RSA_set_default_method(const RSA_METHOD *meth)) -DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void)) -DEPRECATEDIN_3_0(const RSA_METHOD *RSA_null_method(void)) -DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_method(const RSA *rsa)) -DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)) +OSSL_DEPRECATEDIN_3_0 void RSA_set_default_method(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_get_default_method(void); +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_null_method(void); +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_get_method(const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); /* these are the actual RSA functions */ -DEPRECATEDIN_3_0(const RSA_METHOD *RSA_PKCS1_OpenSSL(void)) +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_PKCS1_OpenSSL(void); -int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); +DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0, + RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0, + RSA, RSAPrivateKey) +# endif /* !OPENSSL_NO_DEPRECATED_3_0 */ -DECLARE_ASN1_ENCODE_FUNCTIONS_name(RSA, RSAPublicKey) -DECLARE_ASN1_ENCODE_FUNCTIONS_name(RSA, RSAPrivateKey) +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); struct rsa_pss_params_st { X509_ALGOR *hashAlgorithm; @@ -321,130 +329,127 @@ typedef struct rsa_oaep_params_st { DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) -# ifndef OPENSSL_NO_STDIO -DEPRECATEDIN_3_0(int RSA_print_fp(FILE *fp, const RSA *r, int offset)) -# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_STDIO +OSSL_DEPRECATEDIN_3_0 int RSA_print_fp(FILE *fp, const RSA *r, int offset); +# endif -DEPRECATEDIN_3_0(int RSA_print(BIO *bp, const RSA *r, int offset)) +OSSL_DEPRECATEDIN_3_0 int RSA_print(BIO *bp, const RSA *r, int offset); /* * The following 2 functions sign and verify a X509_SIG ASN1 object inside * PKCS#1 padded RSA encryption */ -DEPRECATEDIN_3_0(int RSA_sign(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigret, - unsigned int *siglen, RSA *rsa)) -DEPRECATEDIN_3_0(int RSA_verify(int type, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, RSA *rsa)) +OSSL_DEPRECATEDIN_3_0 int RSA_sign(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, RSA *rsa); +OSSL_DEPRECATEDIN_3_0 int RSA_verify(int type, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); /* * The following 2 function sign and verify a ASN1_OCTET_STRING object inside * PKCS#1 padded RSA encryption */ -DEPRECATEDIN_3_0(int RSA_sign_ASN1_OCTET_STRING(int type, - const unsigned char *m, - unsigned int m_length, - unsigned char *sigret, - unsigned int *siglen, RSA *rsa)) -DEPRECATEDIN_3_0(int RSA_verify_ASN1_OCTET_STRING(int type, - const unsigned char *m, - unsigned int m_length, - unsigned char *sigbuf, - unsigned int siglen, - RSA *rsa)) - -/* TODO(3.0): figure out how to deprecate these two */ -int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); -void RSA_blinding_off(RSA *rsa); -DEPRECATEDIN_3_0(BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx)) - -DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *f, - int fl)) -DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *f, - int fl, int rsa_len)) -DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *f, - int fl)) -DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *f, - int fl, int rsa_len)) -DEPRECATEDIN_3_0(int PKCS1_MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen, - const EVP_MD *dgst)) -DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *f, int fl, - const unsigned char *p, int pl)) -DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *f, - int fl, int rsa_len, - const unsigned char *p, - int pl)) -DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, - int tlen, - const unsigned char *from, - int flen, - const unsigned char *param, - int plen, - const EVP_MD *md, - const EVP_MD *mgf1md)) -DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, - int tlen, - const unsigned char *from, - int flen, int num, - const unsigned char *param, - int plen, const EVP_MD *md, - const EVP_MD *mgf1md)) -DEPRECATEDIN_3_0(int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl)) -DEPRECATEDIN_3_0(int RSA_padding_check_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len)) -DEPRECATEDIN_3_0(int RSA_padding_add_none(unsigned char *to, int tlen, - const unsigned char *f, int fl)) -DEPRECATEDIN_3_0(int RSA_padding_check_none(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len)) -DEPRECATEDIN_3_0(int RSA_padding_add_X931(unsigned char *to, int tlen, - const unsigned char *f, int fl)) -DEPRECATEDIN_3_0(int RSA_padding_check_X931(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len)) -DEPRECATEDIN_3_0(int RSA_X931_hash_id(int nid)) - -DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, - const unsigned char *EM, int sLen)) -DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, - const EVP_MD *Hash, int sLen)) - -DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, - const unsigned char *mHash, - const EVP_MD *Hash, - const EVP_MD *mgf1Hash, - const unsigned char *EM, - int sLen)) - -DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, - unsigned char *EM, - const unsigned char *mHash, - const EVP_MD *Hash, - const EVP_MD *mgf1Hash, - int sLen)) +OSSL_DEPRECATEDIN_3_0 +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_verify_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigbuf, unsigned int siglen, + RSA *rsa); + +OSSL_DEPRECATEDIN_3_0 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 void RSA_blinding_off(RSA *rsa); +OSSL_DEPRECATEDIN_3_0 BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, + const EVP_MD *dgst); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 int RSA_X931_hash_id(int nid); + +OSSL_DEPRECATEDIN_3_0 +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + +OSSL_DEPRECATEDIN_3_0 +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); # define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) -DEPRECATEDIN_3_0(int RSA_set_ex_data(RSA *r, int idx, void *arg)) -DEPRECATEDIN_3_0(void *RSA_get_ex_data(const RSA *r, int idx)) +OSSL_DEPRECATEDIN_3_0 int RSA_set_ex_data(RSA *r, int idx, void *arg); +OSSL_DEPRECATEDIN_3_0 void *RSA_get_ex_data(const RSA *r, int idx); -DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPublicKey) -DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey) +DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSAPublicKey) +DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSAPrivateKey) -# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * If this flag is set the RSA method is FIPS compliant and can be used in * FIPS mode. This is set in the validated module method. If an application @@ -466,95 +471,134 @@ DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey) * check. */ # define RSA_FLAG_CHECKED 0x0800 -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ -DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_new(const char *name, int flags)) -DEPRECATEDIN_3_0(void RSA_meth_free(RSA_METHOD *meth)) -DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)) -DEPRECATEDIN_3_0(const char *RSA_meth_get0_name(const RSA_METHOD *meth)) -DEPRECATEDIN_3_0(int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)) -DEPRECATEDIN_3_0(int RSA_meth_get_flags(const RSA_METHOD *meth)) -DEPRECATEDIN_3_0(int RSA_meth_set_flags(RSA_METHOD *meth, int flags)) -DEPRECATEDIN_3_0(void *RSA_meth_get0_app_data(const RSA_METHOD *meth)) -DEPRECATEDIN_3_0(int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)) -DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding)) -DEPRECATEDIN_3_0(int RSA_meth_set_pub_enc(RSA_METHOD *rsa, +OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_new(const char *name, int flags); +OSSL_DEPRECATEDIN_3_0 void RSA_meth_free(RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const char *RSA_meth_get0_name(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 int RSA_meth_set1_name(RSA_METHOD *meth, + const char *name); +OSSL_DEPRECATEDIN_3_0 int RSA_meth_get_flags(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +OSSL_DEPRECATEDIN_3_0 void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 int RSA_meth_set0_app_data(RSA_METHOD *meth, + void *app_data); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_pub_enc(RSA_METHOD *rsa, int (*pub_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding)) -DEPRECATEDIN_3_0(int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int padding)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_pub_dec(RSA_METHOD *rsa, int (*pub_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding)) -DEPRECATEDIN_3_0(int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int padding)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding)) -DEPRECATEDIN_3_0(int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int padding)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)) -DEPRECATEDIN_3_0(int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int padding)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r0, + const BIGNUM *i, + RSA *rsa, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_mod_exp(RSA_METHOD *rsa, int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, - BN_CTX *ctx))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)) -DEPRECATEDIN_3_0(int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + BN_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)) -DEPRECATEDIN_3_0(int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)) -DEPRECATEDIN_3_0(int RSA_meth_set_finish(RSA_METHOD *rsa, - int (*finish) (RSA *rsa))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_sign(const RSA_METHOD *meth)) - (int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa)) -DEPRECATEDIN_3_0(int RSA_meth_set_sign(RSA_METHOD *rsa, + BN_MONT_CTX *m_ctx)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_sign(const RSA_METHOD *meth)) (int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, + unsigned int *siglen, + const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_sign(RSA_METHOD *rsa, int (*sign) (int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, - const RSA *rsa))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_verify(const RSA_METHOD *meth)) - (int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa)) -DEPRECATEDIN_3_0(int RSA_meth_set_verify(RSA_METHOD *rsa, + const RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_verify(const RSA_METHOD *meth)) (int dtype, + const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, + const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_verify(RSA_METHOD *rsa, int (*verify) (int dtype, const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)) -DEPRECATEDIN_3_0(int RSA_meth_set_keygen(RSA_METHOD *rsa, + unsigned int siglen, const RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) (RSA *rsa, int bits, + BIGNUM *e, BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_keygen(RSA_METHOD *rsa, int (*keygen) (RSA *rsa, int bits, BIGNUM *e, - BN_GENCB *cb))) -DEPRECATEDIN_3_0(int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb)) -DEPRECATEDIN_3_0(int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + BN_GENCB *cb)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) (RSA *rsa, + int bits, + int primes, + BIGNUM *e, + BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, int (*keygen) (RSA *rsa, int bits, int primes, BIGNUM *e, - BN_GENCB *cb))) + BN_GENCB *cb)); +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ # ifdef __cplusplus } diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index a02227be0c..f9a61609e4 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1606,9 +1606,12 @@ void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); void SSL_set_verify_depth(SSL *s, int depth); void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); # ifndef OPENSSL_NO_RSA -__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, - long len); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, + const unsigned char *d, long len); +# endif # endif __owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, @@ -1632,15 +1635,22 @@ __owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); #ifndef OPENSSL_NO_RSA -__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey_file(SSL *ssl, + const char *file, + int type); +# endif #endif __owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); __owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); #ifndef OPENSSL_NO_RSA +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +# endif #endif __owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); @@ -1751,9 +1761,13 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg); # ifndef OPENSSL_NO_RSA -__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, + RSA *rsa); +OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); +# endif # endif __owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); __owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, diff --git a/include/openssl/types.h b/include/openssl/types.h index 8ca2d144c7..6cb5a663cc 100644 --- a/include/openssl/types.h +++ b/include/openssl/types.h @@ -18,6 +18,7 @@ extern "C" { # include # include +# include typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */ @@ -135,8 +136,10 @@ typedef struct dh_method DH_METHOD; typedef struct dsa_st DSA; typedef struct dsa_method DSA_METHOD; +# ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; +# endif typedef struct rsa_pss_params_st RSA_PSS_PARAMS; typedef struct ec_key_st EC_KEY; diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index eda5ee986f..14a4a02da7 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -414,13 +414,15 @@ X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl); X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req); -# ifndef OPENSSL_NO_RSA -RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); -int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); -RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); -int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); -RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); -int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_RSA +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); +# endif # endif # ifndef OPENSSL_NO_DSA DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); @@ -456,13 +458,15 @@ X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl); X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req); -# ifndef OPENSSL_NO_RSA -RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); -int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); -RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); -int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); -RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); -int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_RSA +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); +# endif # endif # ifndef OPENSSL_NO_DSA DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); @@ -543,8 +547,10 @@ long X509_get_pathlen(X509 *x); DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, OSSL_LIB_CTX *libctx, const char *propq); -# ifndef OPENSSL_NO_RSA -DECLARE_ASN1_ENCODE_FUNCTIONS_only(RSA, RSA_PUBKEY) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_RSA +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY) +# endif # endif # ifndef OPENSSL_NO_DSA DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSA_PUBKEY) diff --git a/providers/common/der/der_rsa_key.c b/providers/common/der/der_rsa_key.c index a20c334b23..1cc5874290 100644 --- a/providers/common/der/der_rsa_key.c +++ b/providers/common/der/der_rsa_key.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include "prov/der_rsa.h" diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h index 8ab3370263..a9e69c8a29 100644 --- a/providers/common/include/prov/securitycheck.h +++ b/providers/common/include/prov/securitycheck.h @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "crypto/types.h" + /* Functions that are common */ int ossl_rsa_check_key(const RSA *rsa, int protect); int ec_check_key(const EC_KEY *ec, int protect); diff --git a/ssl/build.info b/ssl/build.info index 36755819dd..4efd9d02cc 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -35,7 +35,7 @@ SOURCE[../libssl]=\ statem/statem.c record/ssl3_record_tls13.c record/tls_pad.c \ tls_depr.c $KTLSSRC IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../libssl]=s3_cbc.c + SOURCE[../libssl]=s3_cbc.c ssl_rsa_legacy.c ENDIF DEFINE[../libssl]=$AESDEF diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index a14d97b8e9..3b76084831 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -21,7 +21,6 @@ # include # include # include -# include # include # include # include diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 17e10eef6a..bfdd5ff43d 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -115,34 +115,6 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) return ret; } -#ifndef OPENSSL_NO_RSA -int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) -{ - EVP_PKEY *pkey; - int ret; - - if (rsa == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((pkey = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; - } - - RSA_up_ref(rsa); - if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { - RSA_free(rsa); - EVP_PKEY_free(pkey); - return 0; - } - - ret = ssl_set_pkey(ssl->cert, pkey); - EVP_PKEY_free(pkey); - return ret; -} -#endif - static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { size_t i; @@ -180,64 +152,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return 1; } -#ifndef OPENSSL_NO_RSA -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) -{ - int j, ret = 0; - BIO *in; - RSA *rsa = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) { - j = ERR_R_ASN1_LIB; - rsa = d2i_RSAPrivateKey_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - j = ERR_R_PEM_LIB; - rsa = PEM_read_bio_RSAPrivateKey(in, NULL, - ssl->default_passwd_callback, - ssl->default_passwd_callback_userdata); - } else { - ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (rsa == NULL) { - ERR_raise(ERR_LIB_SSL, j); - goto end; - } - ret = SSL_use_RSAPrivateKey(ssl, rsa); - RSA_free(rsa); - end: - BIO_free(in); - return ret; -} - -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) -{ - int ret; - const unsigned char *p; - RSA *rsa; - - p = d; - if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); - return 0; - } - - ret = SSL_use_RSAPrivateKey(ssl, rsa); - RSA_free(rsa); - return ret; -} -#endif /* !OPENSSL_NO_RSA */ - int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) { int ret; @@ -445,91 +359,6 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) return ret; } -#ifndef OPENSSL_NO_RSA -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) -{ - int ret; - EVP_PKEY *pkey; - - if (rsa == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((pkey = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; - } - - RSA_up_ref(rsa); - if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { - RSA_free(rsa); - EVP_PKEY_free(pkey); - return 0; - } - - ret = ssl_set_pkey(ctx->cert, pkey); - EVP_PKEY_free(pkey); - return ret; -} - -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) -{ - int j, ret = 0; - BIO *in; - RSA *rsa = NULL; - - in = BIO_new(BIO_s_file()); - if (in == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); - goto end; - } - - if (BIO_read_filename(in, file) <= 0) { - ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); - goto end; - } - if (type == SSL_FILETYPE_ASN1) { - j = ERR_R_ASN1_LIB; - rsa = d2i_RSAPrivateKey_bio(in, NULL); - } else if (type == SSL_FILETYPE_PEM) { - j = ERR_R_PEM_LIB; - rsa = PEM_read_bio_RSAPrivateKey(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - } else { - ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); - goto end; - } - if (rsa == NULL) { - ERR_raise(ERR_LIB_SSL, j); - goto end; - } - ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); - RSA_free(rsa); - end: - BIO_free(in); - return ret; -} - -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, - long len) -{ - int ret; - const unsigned char *p; - RSA *rsa; - - p = d; - if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); - return 0; - } - - ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); - RSA_free(rsa); - return ret; -} -#endif /* !OPENSSL_NO_RSA */ - int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { if (pkey == NULL) { diff --git a/ssl/ssl_rsa_legacy.c b/ssl/ssl_rsa_legacy.c new file mode 100644 index 0000000000..49cd7a3bba --- /dev/null +++ b/ssl/ssl_rsa_legacy.c @@ -0,0 +1,180 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + +#include +#include +#include + +int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) +{ + EVP_PKEY *pkey; + int ret; + + if (rsa == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if ((pkey = EVP_PKEY_new()) == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); + return 0; + } + + RSA_up_ref(rsa); + if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { + RSA_free(rsa); + EVP_PKEY_free(pkey); + return 0; + } + + ret = SSL_use_PrivateKey(ssl, pkey); + EVP_PKEY_free(pkey); + return ret; +} + +int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) +{ + int j, ret = 0; + BIO *in; + RSA *rsa = NULL; + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in, file) <= 0) { + ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); + goto end; + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + rsa = d2i_RSAPrivateKey_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + rsa = PEM_read_bio_RSAPrivateKey(in, NULL, + SSL_get_default_passwd_cb(ssl), + SSL_get_default_passwd_cb_userdata(ssl)); + } else { + ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); + goto end; + } + if (rsa == NULL) { + ERR_raise(ERR_LIB_SSL, j); + goto end; + } + ret = SSL_use_RSAPrivateKey(ssl, rsa); + RSA_free(rsa); + end: + BIO_free(in); + return ret; +} + +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) +{ + int ret; + const unsigned char *p; + RSA *rsa; + + p = d; + if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); + return 0; + } + + ret = SSL_use_RSAPrivateKey(ssl, rsa); + RSA_free(rsa); + return ret; +} + +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) +{ + int ret; + EVP_PKEY *pkey; + + if (rsa == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if ((pkey = EVP_PKEY_new()) == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); + return 0; + } + + RSA_up_ref(rsa); + if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) { + RSA_free(rsa); + EVP_PKEY_free(pkey); + return 0; + } + + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + EVP_PKEY_free(pkey); + return ret; +} + +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) +{ + int j, ret = 0; + BIO *in; + RSA *rsa = NULL; + + in = BIO_new(BIO_s_file()); + if (in == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); + goto end; + } + + if (BIO_read_filename(in, file) <= 0) { + ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB); + goto end; + } + if (type == SSL_FILETYPE_ASN1) { + j = ERR_R_ASN1_LIB; + rsa = d2i_RSAPrivateKey_bio(in, NULL); + } else if (type == SSL_FILETYPE_PEM) { + j = ERR_R_PEM_LIB; + rsa = PEM_read_bio_RSAPrivateKey(in, NULL, + SSL_CTX_get_default_passwd_cb(ctx), + SSL_CTX_get_default_passwd_cb_userdata(ctx)); + } else { + ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); + goto end; + } + if (rsa == NULL) { + ERR_raise(ERR_LIB_SSL, j); + goto end; + } + ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); + RSA_free(rsa); + end: + BIO_free(in); + return ret; +} + +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len) +{ + int ret; + const unsigned char *p; + RSA *rsa; + + p = d; + if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB); + return 0; + } + + ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); + RSA_free(rsa); + return ret; +} diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 5b7b7cd5f5..277998f954 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -2824,7 +2825,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) } pkey = X509_get0_pubkey(s->session->peer); - if (EVP_PKEY_get0_RSA(pkey) == NULL) { + if (!EVP_PKEY_is_a(pkey, "RSA")) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 2dd3bf1fbc..0773b42e0e 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c478c5a7e8..16bd24d103 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c index 1bdbda79fa..6fd7b356cd 100644 --- a/test/endecoder_legacy_test.c +++ b/test/endecoder_legacy_test.c @@ -35,6 +35,12 @@ #include #include + +/* + * We test deprecated functions, so we need to suppress deprecation warnings. + */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index e0f6af1f06..e2f78f1496 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -18,16 +18,17 @@ #include #include #include -#include #include #include #include #include #include #include +#include #include #include #include +#include #include "testutil.h" #include "internal/nelem.h" #include "internal/sizes.h" @@ -410,28 +411,25 @@ static APK_DATA keycheckdata[] = { #endif }; -static EVP_PKEY *load_example_rsa_key(void) +static EVP_PKEY *load_example_key(const char *keytype, + const unsigned char *data, size_t data_len) { - EVP_PKEY *ret = NULL; - const unsigned char *derp = kExampleRSAKeyDER; + const unsigned char **pdata = &data; EVP_PKEY *pkey = NULL; - RSA *rsa = NULL; - - if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER)))) - return NULL; - - if (!TEST_ptr(pkey = EVP_PKEY_new()) - || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa))) - goto end; + OSSL_DECODER_CTX *dctx = + OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0, + testctx, NULL); - ret = pkey; - pkey = NULL; - -end: - EVP_PKEY_free(pkey); - RSA_free(rsa); + /* |pkey| will be NULL on error */ + (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); + OSSL_DECODER_CTX_free(dctx); + return pkey; +} - return ret; +static EVP_PKEY *load_example_rsa_key(void) +{ + return load_example_key("RSA", kExampleRSAKeyDER, + sizeof(kExampleRSAKeyDER)); } #ifndef OPENSSL_NO_DSA @@ -1690,8 +1688,10 @@ static int test_DSA_get_set_params(void) static int test_RSA_get_set_params(void) { - RSA *rsa = NULL; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; BIGNUM *n = NULL, *e = NULL, *d = NULL; + EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; int ret = 0; @@ -1699,30 +1699,33 @@ static int test_RSA_get_set_params(void) * Setup the parameters for our RSA object. For our purposes they don't * have to actually be *valid* parameters. We just need to set something. */ - rsa = RSA_new(); - n = BN_new(); - e = BN_new(); - d = BN_new(); - if (!TEST_ptr(rsa) - || !TEST_ptr(n) - || !TEST_ptr(e) - || !TEST_ptr(d) - || !RSA_set0_key(rsa, n, e, d)) + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) + || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(d = BN_new())) + goto err; + if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) + goto err; + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) goto err; - n = e = d = NULL; - pkey = EVP_PKEY_new(); - if (!TEST_ptr(pkey) - || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))) + if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0)) goto err; - rsa = NULL; + if (!TEST_ptr(pkey)) + goto err; ret = test_EVP_PKEY_CTX_get_set_params(pkey); err: EVP_PKEY_free(pkey); - RSA_free(rsa); + EVP_PKEY_CTX_free(pctx); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); BN_free(n); BN_free(e); BN_free(d); diff --git a/test/keymgmt_internal_test.c b/test/keymgmt_internal_test.c index 596019d294..77414dbc27 100644 --- a/test/keymgmt_internal_test.c +++ b/test/keymgmt_internal_test.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c index 72451b37ca..94369ce701 100644 --- a/test/rsa_sp800_56b_test.c +++ b/test/rsa_sp800_56b_test.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include @@ -215,6 +221,7 @@ static int test_check_prime_factor(void) return ret; } +/* This test uses legacy functions because they can take invalid numbers */ static int test_check_private_exponent(void) { int ret = 0; diff --git a/util/libcrypto.num b/util/libcrypto.num index a5baf503e1..4b4c675207 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -41,7 +41,7 @@ EVP_PKEY_meth_set_verify_recover 41 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_ UI_set_method 42 3_0_0 EXIST::FUNCTION: PKCS7_ISSUER_AND_SERIAL_it 43 3_0_0 EXIST::FUNCTION: EC_GROUP_method_of 44 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -RSA_blinding_on 45 3_0_0 EXIST::FUNCTION:RSA +RSA_blinding_on 45 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_get0_signature 47 3_0_0 EXIST::FUNCTION: X509_REVOKED_get0_extensions 48 3_0_0 EXIST::FUNCTION: NETSCAPE_SPKI_verify 49 3_0_0 EXIST::FUNCTION: @@ -62,7 +62,7 @@ BIO_free_all 63 3_0_0 EXIST::FUNCTION: EVP_idea_ofb 64 3_0_0 EXIST::FUNCTION:IDEA DSO_bind_func 65 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_copy 66 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -RSA_up_ref 67 3_0_0 EXIST::FUNCTION:RSA +RSA_up_ref 67 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_PKEY_meth_set_ctrl 68 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OCSP_basic_sign 69 3_0_0 EXIST::FUNCTION:OCSP BN_GENCB_set 70 3_0_0 EXIST::FUNCTION: @@ -324,7 +324,7 @@ RAND_load_file 329 3_0_0 EXIST::FUNCTION: BIO_ctrl_reset_read_request 330 3_0_0 EXIST::FUNCTION: CRYPTO_ccm128_tag 331 3_0_0 EXIST::FUNCTION: BIO_new_dgram_sctp 332 3_0_0 EXIST::FUNCTION:DGRAM,SCTP -d2i_RSAPrivateKey_fp 333 3_0_0 EXIST::FUNCTION:RSA,STDIO +d2i_RSAPrivateKey_fp 333 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO s2i_ASN1_IA5STRING 334 3_0_0 EXIST::FUNCTION: UI_get_ex_data 335 3_0_0 EXIST::FUNCTION: EVP_EncryptUpdate 336 3_0_0 EXIST::FUNCTION: @@ -461,20 +461,20 @@ DH_new 469 3_0_0 EXIST::FUNCTION:DH OCSP_RESPID_free 470 3_0_0 EXIST::FUNCTION:OCSP PKCS5_pbe2_set 471 3_0_0 EXIST::FUNCTION: SCT_set_signature_nid 473 3_0_0 EXIST::FUNCTION:CT -i2d_RSA_PUBKEY_fp 474 3_0_0 EXIST::FUNCTION:RSA,STDIO +i2d_RSA_PUBKEY_fp 474 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO PKCS12_BAGS_it 475 3_0_0 EXIST::FUNCTION: X509_pubkey_digest 476 3_0_0 EXIST::FUNCTION: ENGINE_register_all_RSA 477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CRYPTO_THREAD_set_local 478 3_0_0 EXIST::FUNCTION: X509_get_default_cert_dir_env 479 3_0_0 EXIST::FUNCTION: X509_CRL_sort 480 3_0_0 EXIST::FUNCTION: -i2d_RSA_PUBKEY_bio 481 3_0_0 EXIST::FUNCTION:RSA +i2d_RSA_PUBKEY_bio 481 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ASN1_T61STRING_free 482 3_0_0 EXIST::FUNCTION: PEM_write_CMS 483 3_0_0 EXIST::FUNCTION:CMS,STDIO OPENSSL_sk_find 484 3_0_0 EXIST::FUNCTION: ENGINE_get_ciphers 485 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_rc2_ofb 486 3_0_0 EXIST::FUNCTION:RC2 -EVP_PKEY_set1_RSA 487 3_0_0 EXIST::FUNCTION:RSA +EVP_PKEY_set1_RSA 487 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CMS_SignerInfo_get0_md_ctx 488 3_0_0 EXIST::FUNCTION:CMS X509_STORE_set_trust 489 3_0_0 EXIST::FUNCTION: d2i_POLICYINFO 490 3_0_0 EXIST::FUNCTION: @@ -523,19 +523,19 @@ OBJ_sigid_free 534 3_0_0 EXIST::FUNCTION: TS_STATUS_INFO_get0_status 535 3_0_0 EXIST::FUNCTION:TS EC_KEY_get_flags 536 3_0_0 EXIST::FUNCTION:EC ASN1_TYPE_cmp 537 3_0_0 EXIST::FUNCTION: -i2d_RSAPublicKey 538 3_0_0 EXIST::FUNCTION:RSA +i2d_RSAPublicKey 538 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EC_GROUP_get_trinomial_basis 539 3_0_0 EXIST::FUNCTION:EC,EC2M BIO_ADDRINFO_protocol 540 3_0_0 EXIST::FUNCTION:SOCK i2d_PBKDF2PARAM 541 3_0_0 EXIST::FUNCTION: ENGINE_unregister_RAND 542 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -PEM_write_bio_RSAPrivateKey 543 3_0_0 EXIST::FUNCTION:RSA +PEM_write_bio_RSAPrivateKey 543 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CONF_get_number 544 3_0_0 EXIST::FUNCTION: X509_EXTENSION_get_object 545 3_0_0 EXIST::FUNCTION: X509_EXTENSIONS_it 546 3_0_0 EXIST::FUNCTION: EC_POINT_set_compressed_coordinates_GF2m 547 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA d2i_X509_CRL_fp 549 3_0_0 EXIST::FUNCTION:STDIO -i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:RSA +i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_aes_128_ccm 551 3_0_0 EXIST::FUNCTION: ECParameters_print 552 3_0_0 EXIST::FUNCTION:EC OCSP_SINGLERESP_get1_ext_d2i 553 3_0_0 EXIST::FUNCTION:OCSP @@ -544,7 +544,7 @@ EVP_ripemd160 555 3_0_0 EXIST::FUNCTION:RMD160 EVP_MD_meth_set_final 556 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_get_cmd_defns 557 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_PKEY_USAGE_PERIOD 558 3_0_0 EXIST::FUNCTION: -RSAPublicKey_dup 559 3_0_0 EXIST::FUNCTION:RSA +RSAPublicKey_dup 559 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RAND_write_file 560 3_0_0 EXIST::FUNCTION: BN_GF2m_mod 561 3_0_0 EXIST::FUNCTION:EC2M EC_GROUP_get_pentanomial_basis 562 3_0_0 EXIST::FUNCTION:EC,EC2M @@ -583,7 +583,7 @@ RAND_query_egd_bytes 596 3_0_0 EXIST::FUNCTION:EGD i2d_ASN1_PRINTABLE 597 3_0_0 EXIST::FUNCTION: ENGINE_cmd_is_executable 598 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BIO_puts 599 3_0_0 EXIST::FUNCTION: -RSAPublicKey_it 601 3_0_0 EXIST::FUNCTION:RSA +RSAPublicKey_it 601 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ISSUING_DIST_POINT_new 602 3_0_0 EXIST::FUNCTION: X509_VAL_it 603 3_0_0 EXIST::FUNCTION: EVP_DigestVerifyInit 604 3_0_0 EXIST::FUNCTION: @@ -795,10 +795,10 @@ X509_cmp 814 3_0_0 EXIST::FUNCTION: EVP_PKEY_set1_EC_KEY 815 3_0_0 EXIST::FUNCTION:EC ECPKParameters_print_fp 816 3_0_0 EXIST::FUNCTION:EC,STDIO GENERAL_SUBTREE_free 817 3_0_0 EXIST::FUNCTION: -RSA_blinding_off 818 3_0_0 EXIST::FUNCTION:RSA +RSA_blinding_off 818 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA i2d_OCSP_REVOKEDINFO 819 3_0_0 EXIST::FUNCTION:OCSP X509V3_add_standard_extensions 820 3_0_0 EXIST::FUNCTION: -PEM_write_bio_RSA_PUBKEY 821 3_0_0 EXIST::FUNCTION:RSA +PEM_write_bio_RSA_PUBKEY 821 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA i2d_ASN1_UTF8STRING 822 3_0_0 EXIST::FUNCTION: TS_REQ_delete_ext 823 3_0_0 EXIST::FUNCTION:TS PKCS7_DIGEST_free 824 3_0_0 EXIST::FUNCTION: @@ -825,7 +825,7 @@ X509_REQ_get_attr_by_NID 844 3_0_0 EXIST::FUNCTION: PBE2PARAM_new 845 3_0_0 EXIST::FUNCTION: DES_ecb_encrypt 846 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES EVP_camellia_256_ecb 847 3_0_0 EXIST::FUNCTION:CAMELLIA -PEM_read_RSA_PUBKEY 848 3_0_0 EXIST::FUNCTION:RSA,STDIO +PEM_read_RSA_PUBKEY 848 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO d2i_NETSCAPE_SPKAC 849 3_0_0 EXIST::FUNCTION: ASN1_TIME_check 851 3_0_0 EXIST::FUNCTION: PKCS7_DIGEST_new 852 3_0_0 EXIST::FUNCTION: @@ -938,7 +938,7 @@ EVP_PKEY_meth_set_keygen 961 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 RSA_PSS_PARAMS_new 962 3_0_0 EXIST::FUNCTION:RSA RSA_sign 963 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_DigestVerifyFinal 964 3_0_0 EXIST::FUNCTION: -d2i_RSA_PUBKEY_bio 965 3_0_0 EXIST::FUNCTION:RSA +d2i_RSA_PUBKEY_bio 965 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA TS_RESP_dup 966 3_0_0 EXIST::FUNCTION:TS ERR_set_error_data 967 3_0_0 EXIST::FUNCTION: BN_RECP_CTX_new 968 3_0_0 EXIST::FUNCTION: @@ -977,7 +977,7 @@ PKCS12_decrypt_skey 1001 3_0_0 EXIST::FUNCTION: ENGINE_register_EC 1002 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_RESPONSE_new 1003 3_0_0 EXIST::FUNCTION:OCSP CRYPTO_cbc128_encrypt 1004 3_0_0 EXIST::FUNCTION: -i2d_RSAPublicKey_bio 1005 3_0_0 EXIST::FUNCTION:RSA +i2d_RSAPublicKey_bio 1005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_chain_check_suiteb 1006 3_0_0 EXIST::FUNCTION: i2d_OCSP_REQUEST 1007 3_0_0 EXIST::FUNCTION:OCSP BN_X931_generate_Xpq 1008 3_0_0 EXIST::FUNCTION: @@ -1050,7 +1050,7 @@ DES_is_weak_key 1076 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ EVP_PKEY_verify 1077 3_0_0 EXIST::FUNCTION: ERR_load_BIO_strings 1078 3_0_0 EXIST::FUNCTION: BIO_nread 1079 3_0_0 EXIST::FUNCTION: -PEM_read_bio_RSAPrivateKey 1080 3_0_0 EXIST::FUNCTION:RSA +PEM_read_bio_RSAPrivateKey 1080 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA OBJ_nid2obj 1081 3_0_0 EXIST::FUNCTION: CRYPTO_ofb128_encrypt 1082 3_0_0 EXIST::FUNCTION: ENGINE_set_init_function 1083 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -1109,7 +1109,7 @@ ENGINE_get_digest 1135 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ EC_GROUP_have_precompute_mult 1136 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OPENSSL_gmtime 1137 3_0_0 EXIST::FUNCTION: X509_set_issuer_name 1138 3_0_0 EXIST::FUNCTION: -RSA_new 1139 3_0_0 EXIST::FUNCTION:RSA +RSA_new 1139 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ASN1_STRING_set_by_NID 1140 3_0_0 EXIST::FUNCTION: PEM_write_bio_PKCS7 1141 3_0_0 EXIST::FUNCTION: MDC2_Final 1142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 @@ -1127,7 +1127,7 @@ DES_check_key_parity 1153 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ EVP_aes_256_ocb 1154 3_0_0 EXIST::FUNCTION:OCB X509_VAL_free 1155 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get1_certs 1156 3_0_0 EXIST::FUNCTION: -PEM_write_RSA_PUBKEY 1157 3_0_0 EXIST::FUNCTION:RSA,STDIO +PEM_write_RSA_PUBKEY 1157 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO PKCS12_SAFEBAG_get0_p8inf 1158 3_0_0 EXIST::FUNCTION: X509_CRL_set_issuer_name 1159 3_0_0 EXIST::FUNCTION: CMS_EncryptedData_encrypt 1160 3_0_0 EXIST::FUNCTION:CMS @@ -1257,7 +1257,7 @@ UI_add_error_string 1285 3_0_0 EXIST::FUNCTION: X509_TRUST_cleanup 1286 3_0_0 EXIST::FUNCTION: PEM_read_X509 1287 3_0_0 EXIST::FUNCTION:STDIO EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:EC -i2d_RSAPublicKey_fp 1289 3_0_0 EXIST::FUNCTION:RSA,STDIO +i2d_RSAPublicKey_fp 1289 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO CRYPTO_ctr128_encrypt_ctr32 1290 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_move_peername 1291 3_0_0 EXIST::FUNCTION: OCSP_SINGLERESP_it 1292 3_0_0 EXIST::FUNCTION:OCSP @@ -1387,7 +1387,7 @@ ASN1_BIT_STRING_set_asc 1419 3_0_0 EXIST::FUNCTION: d2i_GENERAL_NAME 1420 3_0_0 EXIST::FUNCTION: i2d_ESS_CERT_ID 1421 3_0_0 EXIST::FUNCTION: X509_TRUST_get_by_id 1422 3_0_0 EXIST::FUNCTION: -d2i_RSA_PUBKEY_fp 1423 3_0_0 EXIST::FUNCTION:RSA,STDIO +d2i_RSA_PUBKEY_fp 1423 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO EVP_PBE_get 1424 3_0_0 EXIST::FUNCTION: CRYPTO_nistcts128_encrypt 1425 3_0_0 EXIST::FUNCTION: CONF_modules_finish 1426 3_0_0 EXIST::FUNCTION: @@ -1829,7 +1829,7 @@ EVP_aes_128_cbc 1871 3_0_0 EXIST::FUNCTION: CRYPTO_dup_ex_data 1872 3_0_0 EXIST::FUNCTION: OCSP_single_get0_status 1873 3_0_0 EXIST::FUNCTION:OCSP d2i_AUTHORITY_INFO_ACCESS 1874 3_0_0 EXIST::FUNCTION: -PEM_read_RSAPrivateKey 1875 3_0_0 EXIST::FUNCTION:RSA,STDIO +PEM_read_RSAPrivateKey 1875 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO BIO_closesocket 1876 3_0_0 EXIST::FUNCTION:SOCK RSA_verify_ASN1_OCTET_STRING 1877 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA SCT_set_log_entry_type 1878 3_0_0 EXIST::FUNCTION:CT @@ -1885,10 +1885,10 @@ X509_LOOKUP_by_subject 1930 3_0_0 EXIST::FUNCTION: X509_REQ_add_extensions 1931 3_0_0 EXIST::FUNCTION: Camellia_cbc_encrypt 1932 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0 EC_KEY_METHOD_new 1933 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -RSA_flags 1934 3_0_0 EXIST::FUNCTION:RSA +RSA_flags 1934 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_NAME_add_entry 1935 3_0_0 EXIST::FUNCTION: EVP_CIPHER_get_asn1_iv 1936 3_0_0 EXIST::FUNCTION: -i2d_RSAPrivateKey_bio 1937 3_0_0 EXIST::FUNCTION:RSA +i2d_RSAPrivateKey_bio 1937 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA PKCS5_PBE_keyivgen 1938 3_0_0 EXIST::FUNCTION: i2d_OCSP_SERVICELOC 1939 3_0_0 EXIST::FUNCTION:OCSP EC_POINT_copy 1940 3_0_0 EXIST::FUNCTION:EC @@ -2000,7 +2000,7 @@ EVP_DecryptFinal 2046 3_0_0 EXIST::FUNCTION: ASN1_ENUMERATED_it 2047 3_0_0 EXIST::FUNCTION: o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:EC ERR_load_BUF_strings 2049 3_0_0 EXIST::FUNCTION: -PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:RSA +PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA OCSP_SINGLERESP_new 2051 3_0_0 EXIST::FUNCTION:OCSP ASN1_SCTX_free 2052 3_0_0 EXIST::FUNCTION: i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:EC,STDIO @@ -2034,7 +2034,7 @@ BN_mul 2080 3_0_0 EXIST::FUNCTION: BN_get0_nist_prime_384 2081 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set1_ip_asc 2082 3_0_0 EXIST::FUNCTION: CONF_modules_load 2083 3_0_0 EXIST::FUNCTION: -d2i_RSAPublicKey 2084 3_0_0 EXIST::FUNCTION:RSA +d2i_RSAPublicKey 2084 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA i2d_ASN1_GENERALSTRING 2085 3_0_0 EXIST::FUNCTION: POLICYQUALINFO_new 2086 3_0_0 EXIST::FUNCTION: PKCS7_RECIP_INFO_get0_alg 2087 3_0_0 EXIST::FUNCTION: @@ -2120,7 +2120,7 @@ EC_POINT_method_of 2165 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ PKCS7_ENCRYPT_it 2166 3_0_0 EXIST::FUNCTION: AUTHORITY_INFO_ACCESS_it 2167 3_0_0 EXIST::FUNCTION: X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION: -i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA +i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION: CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0 X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION: @@ -2239,7 +2239,7 @@ SCT_set1_extensions 2286 3_0_0 EXIST::FUNCTION:CT PKCS12_SAFEBAG_new 2287 3_0_0 EXIST::FUNCTION: TS_TST_INFO_set_nonce 2288 3_0_0 EXIST::FUNCTION:TS PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:EC,STDIO -RSA_free 2290 3_0_0 EXIST::FUNCTION:RSA +RSA_free 2290 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_CRL_INFO_new 2291 3_0_0 EXIST::FUNCTION: AES_cfb8_encrypt 2292 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_ASN1_SEQUENCE_ANY 2293 3_0_0 EXIST::FUNCTION: @@ -2267,7 +2267,7 @@ EC_POINT_new 2314 3_0_0 EXIST::FUNCTION:EC PKCS7_ISSUER_AND_SERIAL_digest 2315 3_0_0 EXIST::FUNCTION: EVP_des_ofb 2316 3_0_0 EXIST::FUNCTION:DES DSA_set_method 2317 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA -EVP_PKEY_get1_RSA 2318 3_0_0 EXIST::FUNCTION:RSA +EVP_PKEY_get1_RSA 2318 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:EC EVP_camellia_192_ofb 2320 3_0_0 EXIST::FUNCTION:CAMELLIA ASN1_STRING_length 2321 3_0_0 EXIST::FUNCTION: @@ -2363,7 +2363,7 @@ EVP_MD_CTX_md_data 2412 3_0_0 EXIST::FUNCTION: ASN1_PCTX_set_nm_flags 2413 3_0_0 EXIST::FUNCTION: BIO_ctrl 2414 3_0_0 EXIST::FUNCTION: X509_CRL_set_default_method 2415 3_0_0 EXIST::FUNCTION: -d2i_RSAPublicKey_fp 2417 3_0_0 EXIST::FUNCTION:RSA,STDIO +d2i_RSAPublicKey_fp 2417 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO UI_method_get_flusher 2418 3_0_0 EXIST::FUNCTION: EC_POINT_dbl 2419 3_0_0 EXIST::FUNCTION:EC i2d_X509_CRL_INFO 2420 3_0_0 EXIST::FUNCTION: @@ -2586,7 +2586,7 @@ d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION: ERR_load_COMP_strings 2641 3_0_0 EXIST::FUNCTION:COMP EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_rc4_40 2643 3_0_0 EXIST::FUNCTION:RC4 -RSA_bits 2645 3_0_0 EXIST::FUNCTION:RSA +RSA_bits 2645 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION: GENERAL_NAMES_it 2647 3_0_0 EXIST::FUNCTION: X509_issuer_name_hash 2648 3_0_0 EXIST::FUNCTION: @@ -2680,7 +2680,7 @@ CRYPTO_THREAD_lock_new 2736 3_0_0 EXIST::FUNCTION: BIO_get_ex_data 2737 3_0_0 EXIST::FUNCTION: CMS_digest_create 2738 3_0_0 EXIST::FUNCTION:CMS EC_KEY_METHOD_set_verify 2739 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -PEM_read_RSAPublicKey 2740 3_0_0 EXIST::FUNCTION:RSA,STDIO +PEM_read_RSAPublicKey 2740 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO ENGINE_pkey_asn1_find_str 2741 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ENGINE_get_load_privkey_function 2742 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_IPAddressRange 2743 3_0_0 EXIST::FUNCTION:RFC3779 @@ -2716,7 +2716,7 @@ ENGINE_unregister_DSA 2773 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ ASN1_bn_print 2774 3_0_0 EXIST::FUNCTION: CMS_is_detached 2775 3_0_0 EXIST::FUNCTION:CMS X509_REQ_INFO_it 2776 3_0_0 EXIST::FUNCTION: -RSAPrivateKey_it 2777 3_0_0 EXIST::FUNCTION:RSA +RSAPrivateKey_it 2777 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_NAME_ENTRY_free 2778 3_0_0 EXIST::FUNCTION: BIO_new_fd 2779 3_0_0 EXIST::FUNCTION: OPENSSL_sk_value 2781 3_0_0 EXIST::FUNCTION: @@ -2837,7 +2837,7 @@ ASIdentifiers_it 2898 3_0_0 EXIST::FUNCTION:RFC3779 BN_mod_lshift 2899 3_0_0 EXIST::FUNCTION: ENGINE_get_last 2900 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_PKEY_encrypt_init 2901 3_0_0 EXIST::FUNCTION: -i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO +i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO X509_REQ_print 2903 3_0_0 EXIST::FUNCTION: RSA_size 2904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -2938,14 +2938,14 @@ COMP_CTX_get_type 3000 3_0_0 EXIST::FUNCTION:COMP TS_RESP_CTX_set_status_info 3001 3_0_0 EXIST::FUNCTION:TS BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION: SEED_ofb128_encrypt 3003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED -d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:RSA +d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH EVP_PKEY_meth_set_signctx 3006 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_CRL_get_version 3007 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get0_info 3008 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -PEM_read_bio_RSAPublicKey 3009 3_0_0 EXIST::FUNCTION:RSA +PEM_read_bio_RSAPublicKey 3009 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_PKEY_asn1_set_private 3010 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get0_RSA 3011 3_0_0 EXIST::FUNCTION:RSA +EVP_PKEY_get0_RSA 3011 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA DES_ede3_cfb64_encrypt 3012 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES POLICY_MAPPING_free 3014 3_0_0 EXIST::FUNCTION: EVP_aes_128_gcm 3015 3_0_0 EXIST::FUNCTION: @@ -2959,7 +2959,7 @@ BN_rand 3023 3_0_0 EXIST::FUNCTION: ASN1_TYPE_unpack_sequence 3024 3_0_0 EXIST::FUNCTION: X509_CRL_sign_ctx 3025 3_0_0 EXIST::FUNCTION: X509_STORE_add_crl 3026 3_0_0 EXIST::FUNCTION: -PEM_write_RSAPrivateKey 3027 3_0_0 EXIST::FUNCTION:RSA,STDIO +PEM_write_RSAPrivateKey 3027 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO RC4_set_key 3028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4 EVP_CIPHER_CTX_cipher 3029 3_0_0 EXIST::FUNCTION: PEM_write_bio_PKCS8PrivateKey_nid 3030 3_0_0 EXIST::FUNCTION: @@ -3000,7 +3000,7 @@ ASN1_PCTX_set_str_flags 3064 3_0_0 EXIST::FUNCTION: i2a_ASN1_INTEGER 3065 3_0_0 EXIST::FUNCTION: d2i_TS_RESP 3066 3_0_0 EXIST::FUNCTION:TS EVP_des_ede_cfb64 3067 3_0_0 EXIST::FUNCTION:DES -d2i_RSAPrivateKey 3068 3_0_0 EXIST::FUNCTION:RSA +d2i_RSAPrivateKey 3068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ERR_load_BN_strings 3069 3_0_0 EXIST::FUNCTION: BF_encrypt 3070 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0 MD5 3071 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 @@ -3008,7 +3008,7 @@ BN_GF2m_arr2poly 3072 3_0_0 EXIST::FUNCTION:EC2M EVP_PKEY_meth_get_ctrl 3073 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_X509_REQ_bio 3074 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set1_name 3075 3_0_0 EXIST::FUNCTION: -d2i_RSAPublicKey_bio 3076 3_0_0 EXIST::FUNCTION:RSA +d2i_RSAPublicKey_bio 3076 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_REQ_get_X509_PUBKEY 3077 3_0_0 EXIST::FUNCTION: ENGINE_load_private_key 3078 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE GENERAL_NAMES_new 3079 3_0_0 EXIST::FUNCTION: @@ -3119,7 +3119,7 @@ CTLOG_get0_public_key 3184 3_0_0 EXIST::FUNCTION:CT OCSP_REQUEST_get_ext_by_OBJ 3185 3_0_0 EXIST::FUNCTION:OCSP X509_NAME_oneline 3186 3_0_0 EXIST::FUNCTION: X509V3_set_nconf 3187 3_0_0 EXIST::FUNCTION: -RSAPrivateKey_dup 3188 3_0_0 EXIST::FUNCTION:RSA +RSAPrivateKey_dup 3188 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA BN_mod_add 3189 3_0_0 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GFp 3190 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_get_default_cert_file 3191 3_0_0 EXIST::FUNCTION: @@ -3200,7 +3200,7 @@ d2i_ASN1_OCTET_STRING 3265 3_0_0 EXIST::FUNCTION: ENGINE_set_load_pubkey_function 3266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE BIO_vprintf 3267 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_decrypt 3268 3_0_0 EXIST::FUNCTION:CMS -RSA_generate_key 3269 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8,RSA +RSA_generate_key 3269 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA PKCS7_set0_type_other 3270 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_new 3271 3_0_0 EXIST::FUNCTION:OCSP BIO_lookup 3272 3_0_0 EXIST::FUNCTION:SOCK @@ -3508,7 +3508,7 @@ ASN1_TIME_to_generalizedtime 3583 3_0_0 EXIST::FUNCTION: X509_CRL_get_ext_by_critical 3584 3_0_0 EXIST::FUNCTION: ASN1_STRING_type 3585 3_0_0 EXIST::FUNCTION: X509_REQ_add1_attr_by_txt 3586 3_0_0 EXIST::FUNCTION: -PEM_write_RSAPublicKey 3587 3_0_0 EXIST::FUNCTION:RSA,STDIO +PEM_write_RSAPublicKey 3587 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION: @@ -3613,7 +3613,7 @@ OTHERNAME_free 3692 3_0_0 EXIST::FUNCTION: OCSP_REVOKEDINFO_free 3693 3_0_0 EXIST::FUNCTION:OCSP EVP_CIPHER_CTX_encrypting 3694 3_0_0 EXIST::FUNCTION: EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:EC -PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:RSA +PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION: OCSP_sendreq_nbio 3698 3_0_0 EXIST::FUNCTION:OCSP PKCS8_encrypt 3699 3_0_0 EXIST::FUNCTION: @@ -3730,7 +3730,7 @@ PKEY_USAGE_PERIOD_it 3810 3_0_0 EXIST::FUNCTION: BN_mul_word 3811 3_0_0 EXIST::FUNCTION: i2d_IPAddressRange 3813 3_0_0 EXIST::FUNCTION:RFC3779 CMS_unsigned_add1_attr_by_txt 3814 3_0_0 EXIST::FUNCTION:CMS -d2i_RSA_PUBKEY 3815 3_0_0 EXIST::FUNCTION:RSA +d2i_RSA_PUBKEY 3815 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA PKCS12_gen_mac 3816 3_0_0 EXIST::FUNCTION: ERR_load_ENGINE_strings 3817 3_0_0 EXIST::FUNCTION:ENGINE ERR_load_CT_strings 3818 3_0_0 EXIST::FUNCTION:CT @@ -3907,30 +3907,30 @@ DSA_get0_engine 3990 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ X509_VERIFY_PARAM_set_auth_level 3991 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get_auth_level 3992 3_0_0 EXIST::FUNCTION: X509_REQ_get0_pubkey 3993 3_0_0 EXIST::FUNCTION: -RSA_set0_key 3994 3_0_0 EXIST::FUNCTION:RSA +RSA_set0_key 3994 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_flags 3995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_finish 3996 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_priv_dec 3997 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_sign 3998 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_bn_mod_exp 3999 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -RSA_test_flags 4000 3_0_0 EXIST::FUNCTION:RSA +RSA_test_flags 4000 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_new 4001 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get0_app_data 4002 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_dup 4003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set1_name 4004 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set0_app_data 4005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -RSA_set_flags 4006 3_0_0 EXIST::FUNCTION:RSA +RSA_set_flags 4006 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_sign 4007 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -RSA_clear_flags 4008 3_0_0 EXIST::FUNCTION:RSA +RSA_clear_flags 4008 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_keygen 4009 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_keygen 4010 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_pub_dec 4011 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_finish 4012 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -RSA_get0_key 4013 3_0_0 EXIST::FUNCTION:RSA +RSA_get0_key 4013 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_get0_engine 4014 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_priv_enc 4015 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_verify 4016 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -RSA_get0_factors 4017 3_0_0 EXIST::FUNCTION:RSA +RSA_get0_factors 4017 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get0_name 4018 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_mod_exp 4019 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_flags 4020 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA @@ -3940,14 +3940,14 @@ RSA_meth_get_init 4023 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ RSA_meth_free 4024 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_pub_enc 4025 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_mod_exp 4026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -RSA_set0_factors 4027 3_0_0 EXIST::FUNCTION:RSA +RSA_set0_factors 4027 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_pub_enc 4028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_priv_dec 4029 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_verify 4030 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_init 4031 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_priv_enc 4032 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -RSA_set0_crt_params 4037 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:RSA +RSA_set0_crt_params 4037 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA DH_set0_pqg 4039 3_0_0 EXIST::FUNCTION:DH DH_clear_flags 4041 3_0_0 EXIST::FUNCTION:DH DH_get0_key 4042 3_0_0 EXIST::FUNCTION:DH @@ -4248,7 +4248,7 @@ EVP_sm4_ofb 4356 3_0_0 EXIST::FUNCTION:SM4 EVP_sm4_ecb 4357 3_0_0 EXIST::FUNCTION:SM4 EVP_sm4_cfb128 4358 3_0_0 EXIST::FUNCTION:SM4 EVP_sm3 4359 3_0_0 EXIST::FUNCTION:SM3 -RSA_get0_multi_prime_factors 4360 3_0_0 EXIST::FUNCTION:RSA +RSA_get0_multi_prime_factors 4360 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_PKEY_public_check 4361 3_0_0 EXIST::FUNCTION: EVP_PKEY_param_check 4362 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_public_check 4363 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -4261,10 +4261,10 @@ DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ DH_check_pub_key_ex 4370 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH DH_check_params_ex 4371 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH RSA_generate_multi_prime_key 4372 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA -RSA_get_multi_prime_extra_count 4373 3_0_0 EXIST::FUNCTION:RSA +RSA_get_multi_prime_extra_count 4373 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA OCSP_resp_get0_signer 4374 3_0_0 EXIST::FUNCTION:OCSP -RSA_get0_multi_prime_crt_params 4375 3_0_0 EXIST::FUNCTION:RSA -RSA_set0_multi_prime_params 4376 3_0_0 EXIST::FUNCTION:RSA +RSA_get0_multi_prime_crt_params 4375 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_set0_multi_prime_params 4376 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_get_version 4377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_get_multi_prime_keygen 4378 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_meth_set_multi_prime_keygen 4379 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA @@ -4355,14 +4355,14 @@ DSA_get0_pub_key 4479 3_0_0 EXIST::FUNCTION:DSA DSA_get0_q 4480 3_0_0 EXIST::FUNCTION:DSA DSA_get0_p 4481 3_0_0 EXIST::FUNCTION:DSA DSA_get0_g 4482 3_0_0 EXIST::FUNCTION:DSA -RSA_get0_dmp1 4483 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_d 4484 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_n 4485 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_dmq1 4486 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_e 4487 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_q 4488 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_p 4489 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_iqmp 4490 3_0_0 EXIST::FUNCTION:RSA +RSA_get0_dmp1 4483 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_get0_d 4484 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_get0_n 4485 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_get0_dmq1 4486 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_get0_e 4487 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_get0_q 4488 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_get0_p 4489 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_get0_iqmp 4490 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ECDSA_SIG_get0_r 4491 3_0_0 EXIST::FUNCTION:EC ECDSA_SIG_get0_s 4492 3_0_0 EXIST::FUNCTION:EC X509_LOOKUP_meth_get_get_by_fingerprint 4493 3_0_0 EXIST::FUNCTION: diff --git a/util/libssl.num b/util/libssl.num index 75e45bb17f..a505e5300b 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -18,14 +18,14 @@ SSL_CTX_sess_get_get_cb 18 3_0_0 EXIST::FUNCTION: SSL_CTX_get_default_passwd_cb_userdata 19 3_0_0 EXIST::FUNCTION: SSL_set_tmp_dh_callback 20 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH SSL_CTX_get_verify_depth 21 3_0_0 EXIST::FUNCTION: -SSL_CTX_use_RSAPrivateKey_file 22 3_0_0 EXIST::FUNCTION:RSA +SSL_CTX_use_RSAPrivateKey_file 22 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA SSL_use_PrivateKey_file 23 3_0_0 EXIST::FUNCTION: SSL_set_generate_session_id 24 3_0_0 EXIST::FUNCTION: SSL_get_ex_data_X509_STORE_CTX_idx 25 3_0_0 EXIST::FUNCTION: SSL_get_quiet_shutdown 26 3_0_0 EXIST::FUNCTION: SSL_dane_enable 27 3_0_0 EXIST::FUNCTION: SSL_COMP_add_compression_method 28 3_0_0 EXIST::FUNCTION: -SSL_CTX_use_RSAPrivateKey 29 3_0_0 EXIST::FUNCTION:RSA +SSL_CTX_use_RSAPrivateKey 29 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA SSL_CTX_sess_get_new_cb 30 3_0_0 EXIST::FUNCTION: d2i_SSL_SESSION 31 3_0_0 EXIST::FUNCTION: SSL_use_PrivateKey_ASN1 32 3_0_0 EXIST::FUNCTION: @@ -65,7 +65,7 @@ SSL_set_security_level 65 3_0_0 EXIST::FUNCTION: DTLSv1_2_method 66 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD SSL_get_fd 67 3_0_0 EXIST::FUNCTION: SSL_get1_session 68 3_0_0 EXIST::FUNCTION: -SSL_use_RSAPrivateKey 69 3_0_0 EXIST::FUNCTION:RSA +SSL_use_RSAPrivateKey 69 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA SSL_CTX_set_srp_cb_arg 70 3_0_0 EXIST::FUNCTION:SRP SSL_CTX_add_session 71 3_0_0 EXIST::FUNCTION: SSL_get_srp_N 72 3_0_0 EXIST::FUNCTION:SRP @@ -168,7 +168,7 @@ TLSv1_1_server_method 168 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1 PEM_write_bio_SSL_SESSION 169 3_0_0 EXIST::FUNCTION: SSL_write 170 3_0_0 EXIST::FUNCTION: SSL_set1_host 171 3_0_0 EXIST::FUNCTION: -SSL_use_RSAPrivateKey_file 172 3_0_0 EXIST::FUNCTION:RSA +SSL_use_RSAPrivateKey_file 172 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA SSL_CTX_get_info_callback 173 3_0_0 EXIST::FUNCTION: SSL_get0_peername 174 3_0_0 EXIST::FUNCTION: SSL_set_srp_server_param 175 3_0_0 EXIST::FUNCTION:SRP @@ -193,7 +193,7 @@ SSL_CTX_dane_mtype_set 193 3_0_0 EXIST::FUNCTION: SSL_get_wfd 194 3_0_0 EXIST::FUNCTION: SSL_get_ssl_method 195 3_0_0 EXIST::FUNCTION: SSL_set_verify_result 196 3_0_0 EXIST::FUNCTION: -SSL_use_RSAPrivateKey_ASN1 197 3_0_0 EXIST::FUNCTION:RSA +SSL_use_RSAPrivateKey_ASN1 197 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA SSL_CIPHER_get_name 198 3_0_0 EXIST::FUNCTION: OPENSSL_init_ssl 199 3_0_0 EXIST::FUNCTION: SSL_dup 200 3_0_0 EXIST::FUNCTION: @@ -320,7 +320,7 @@ SSL_clear_options 320 3_0_0 EXIST::FUNCTION: SSL_CTX_use_PrivateKey 321 3_0_0 EXIST::FUNCTION: SSL_get_info_callback 322 3_0_0 EXIST::FUNCTION: SSL_CTX_use_psk_identity_hint 323 3_0_0 EXIST::FUNCTION:PSK -SSL_CTX_use_RSAPrivateKey_ASN1 324 3_0_0 EXIST::FUNCTION:RSA +SSL_CTX_use_RSAPrivateKey_ASN1 324 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA SSL_CTX_use_PrivateKey_ASN1 325 3_0_0 EXIST::FUNCTION: SSL_CTX_get0_privatekey 326 3_0_0 EXIST::FUNCTION: BIO_f_ssl 327 3_0_0 EXIST::FUNCTION: -- 2.39.2