Deprecate more DH functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)

diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index cc8d064c4e590d0c1718e16aa7d9570b5bf1a474..660bb4845ad25680faf82c9d990c34e57c9ccf63 100644 (file)
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/core_names.h>
 #include "internal/param_build_set.h"
 #include "crypto/dh.h"

diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 86f0e73464a65eb6abbb1e4da0be20d314ca6ab3..d8666f45b8665b0da0a89d2fc622ad22ae2ae1e5 100644 (file)
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -136,9 +136,9 @@ DECLARE_ASN1_ITEM(DHparams)
         ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
 #   define i2d_DHxparams_bio(bp, x) \
         ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
-#  endif
 
-DECLARE_ASN1_DUP_FUNCTION_name(DH, DHparams)
+DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams)
+#  endif
 
 DEPRECATEDIN_3_0(const DH_METHOD *DH_OpenSSL(void))
 
@@ -148,9 +148,9 @@ DEPRECATEDIN_3_0(int DH_set_method(DH *dh, const DH_METHOD *meth))
 DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine))
 
 DEPRECATEDIN_3_0(DH *DH_new(void))
-void DH_free(DH *dh);
-int DH_up_ref(DH *dh);
-int DH_bits(const DH *dh);
+DEPRECATEDIN_3_0(void DH_free(DH *dh))
+DEPRECATEDIN_3_0(int DH_up_ref(DH *dh))
+DEPRECATEDIN_3_0(int DH_bits(const DH *dh))
 DEPRECATEDIN_3_0(int DH_size(const DH *dh))
 DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh))
 #  ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -176,7 +176,7 @@ DEPRECATEDIN_3_0(int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key))
 /*
  * TODO(3.0): deprecate DH_check_params once ssl/statem/statem_clnt.c is fixed.
  */
-int DH_check_params(const DH *dh, int *ret);
+DEPRECATEDIN_3_0(int DH_check_params(const DH *dh, int *ret))
 DEPRECATEDIN_3_0(int DH_check(const DH *dh, int *codes))
 DEPRECATEDIN_3_0(int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
                                       int *codes))
@@ -197,13 +197,12 @@ DEPRECATEDIN_3_0(int DHparams_print_fp(FILE *fp, const DH *x))
 DEPRECATEDIN_3_0(int DHparams_print(BIO *bp, const DH *x))
 
 /* RFC 5114 parameters */
-DH *DH_get_1024_160(void);
-DH *DH_get_2048_224(void);
-DH *DH_get_2048_256(void);
+DEPRECATEDIN_3_0(DH *DH_get_1024_160(void))
+DEPRECATEDIN_3_0(DH *DH_get_2048_224(void))
+DEPRECATEDIN_3_0(DH *DH_get_2048_256(void))
 
 /* Named parameters, currently RFC7919 and RFC3526 */
-/* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */
-DH *DH_new_by_nid(int nid);
+DEPRECATEDIN_3_0(DH *DH_new_by_nid(int nid))
 DEPRECATEDIN_3_0(int DH_get_nid(const DH *dh))
 
 /* RFC2631 KDF */
@@ -213,23 +212,23 @@ DEPRECATEDIN_3_0(int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                                   const unsigned char *ukm,
                                   size_t ukmlen, const EVP_MD *md))
 
-void DH_get0_pqg(const DH *dh,
-                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-void DH_get0_key(const DH *dh,
-                 const BIGNUM **pub_key, const BIGNUM **priv_key);
-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
-const BIGNUM *DH_get0_p(const DH *dh);
-const BIGNUM *DH_get0_q(const DH *dh);
-const BIGNUM *DH_get0_g(const DH *dh);
-const BIGNUM *DH_get0_priv_key(const DH *dh);
-const BIGNUM *DH_get0_pub_key(const DH *dh);
-void DH_clear_flags(DH *dh, int flags);
-int DH_test_flags(const DH *dh, int flags);
-void DH_set_flags(DH *dh, int flags);
+DEPRECATEDIN_3_0(void DH_get0_pqg(const DH *dh, const BIGNUM **p,
+                                  const BIGNUM **q, const BIGNUM **g))
+DEPRECATEDIN_3_0(int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g))
+DEPRECATEDIN_3_0(void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
+                                  const BIGNUM **priv_key))
+DEPRECATEDIN_3_0(int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key))
+DEPRECATEDIN_3_0(const BIGNUM *DH_get0_p(const DH *dh))
+DEPRECATEDIN_3_0(const BIGNUM *DH_get0_q(const DH *dh))
+DEPRECATEDIN_3_0(const BIGNUM *DH_get0_g(const DH *dh))
+DEPRECATEDIN_3_0(const BIGNUM *DH_get0_priv_key(const DH *dh))
+DEPRECATEDIN_3_0(const BIGNUM *DH_get0_pub_key(const DH *dh))
+DEPRECATEDIN_3_0(void DH_clear_flags(DH *dh, int flags))
+DEPRECATEDIN_3_0(int DH_test_flags(const DH *dh, int flags))
+DEPRECATEDIN_3_0(void DH_set_flags(DH *dh, int flags))
 DEPRECATEDIN_3_0(ENGINE *DH_get0_engine(DH *d))
-long DH_get_length(const DH *dh);
-int DH_set_length(DH *dh, long length);
+DEPRECATEDIN_3_0(long DH_get_length(const DH *dh))
+DEPRECATEDIN_3_0(int DH_set_length(DH *dh, long length))
 
 DEPRECATEDIN_3_0(DH_METHOD *DH_meth_new(const char *name, int flags))
 DEPRECATEDIN_3_0(void DH_meth_free(DH_METHOD *dhm))

diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c
index 25b3c58b126621ab8d8dc4c9e992e221ccd3d045..1cbaec891bb728ff66248373cdeaeb4616208ea1 100644 (file)
--- a/test/ffc_internal_test.c
+++ b/test/ffc_internal_test.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * This is an internal test that is intentionally using internal APIs. Some of
+ * those APIs are deprecated for public use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

diff --git a/util/libcrypto.num b/util/libcrypto.num
index d81534ad06350bfe36b1285d2c898808c482b3ec..1e27d467115fae714366b38cf61bf250736b5c38 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -311,7 +311,7 @@ PEM_write_bio_PKCS7_stream              316 3_0_0   EXIST::FUNCTION:
 d2i_X509_CERT_AUX                       317    3_0_0   EXIST::FUNCTION:
 UI_process                              318    3_0_0   EXIST::FUNCTION:
 X509_get_subject_name                   319    3_0_0   EXIST::FUNCTION:
-DH_get_1024_160                         320    3_0_0   EXIST::FUNCTION:DH
+DH_get_1024_160                         320    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 i2d_ASN1_UNIVERSALSTRING                321    3_0_0   EXIST::FUNCTION:
 d2i_OCSP_RESPID                         322    3_0_0   EXIST::FUNCTION:OCSP
 BIO_s_accept                            323    3_0_0   EXIST::FUNCTION:SOCK
@@ -906,7 +906,7 @@ CRYPTO_secure_malloc_initialized        928 3_0_0   EXIST::FUNCTION:
 o2i_SCT_LIST                            929    3_0_0   EXIST::FUNCTION:CT
 ASN1_PCTX_get_cert_flags                930    3_0_0   EXIST::FUNCTION:
 X509at_add1_attr_by_NID                 931    3_0_0   EXIST::FUNCTION:
-DHparams_dup                            932    3_0_0   EXIST::FUNCTION:DH
+DHparams_dup                            932    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 X509_get_ext                            933    3_0_0   EXIST::FUNCTION:
 X509_issuer_and_serial_hash             934    3_0_0   EXIST::FUNCTION:
 ASN1_BMPSTRING_it                       935    3_0_0   EXIST::FUNCTION:
@@ -1006,7 +1006,7 @@ X509_policy_check                       1031      3_0_0   EXIST::FUNCTION:
 X509_CRL_METHOD_new                     1032   3_0_0   EXIST::FUNCTION:
 ASN1_ANY_it                             1033   3_0_0   EXIST::FUNCTION:
 d2i_DSA_SIG                             1034   3_0_0   EXIST::FUNCTION:DSA
-DH_free                                 1035   3_0_0   EXIST::FUNCTION:DH
+DH_free                                 1035   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 ENGINE_register_all_DSA                 1036   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 TS_REQ_set_msg_imprint                  1037   3_0_0   EXIST::FUNCTION:TS
 BN_mod_sub_quick                        1038   3_0_0   EXIST::FUNCTION:
@@ -1028,7 +1028,7 @@ CRYPTO_free                             1054      3_0_0   EXIST::FUNCTION:
 BN_GF2m_mod_exp                         1055   3_0_0   EXIST::FUNCTION:EC2M
 OPENSSL_buf2hexstr                      1056   3_0_0   EXIST::FUNCTION:
 DES_encrypt2                            1057   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
-DH_up_ref                               1058   3_0_0   EXIST::FUNCTION:DH
+DH_up_ref                               1058   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 RC2_ofb64_encrypt                       1059   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 PKCS12_pbe_crypt                        1060   3_0_0   EXIST::FUNCTION:
 ASIdentifiers_free                      1061   3_0_0   EXIST::FUNCTION:RFC3779
@@ -1242,7 +1242,7 @@ RC5_32_cfb64_encrypt                    1270      3_0_0   EXIST::FUNCTION:DEPRECATEDIN_
 TS_REQ_set_cert_req                     1271   3_0_0   EXIST::FUNCTION:TS
 TXT_DB_get_by_index                     1272   3_0_0   EXIST::FUNCTION:
 X509_check_ca                           1273   3_0_0   EXIST::FUNCTION:
-DH_get_2048_224                         1274   3_0_0   EXIST::FUNCTION:DH
+DH_get_2048_224                         1274   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 X509_load_http                          1275   3_0_0   EXIST::FUNCTION:
 i2d_AUTHORITY_INFO_ACCESS               1276   3_0_0   EXIST::FUNCTION:
 EVP_get_cipherbyname                    1277   3_0_0   EXIST::FUNCTION:
@@ -2274,7 +2274,7 @@ ASN1_STRING_length                      2321      3_0_0   EXIST::FUNCTION:
 PKCS7_set_digest                        2322   3_0_0   EXIST::FUNCTION:
 PEM_write_bio_PUBKEY                    2323   3_0_0   EXIST::FUNCTION:
 PEM_read_PKCS7                          2324   3_0_0   EXIST::FUNCTION:STDIO
-DH_get_2048_256                         2325   3_0_0   EXIST::FUNCTION:DH
+DH_get_2048_256                         2325   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 X509at_delete_attr                      2326   3_0_0   EXIST::FUNCTION:
 PEM_write_bio                           2327   3_0_0   EXIST::FUNCTION:
 CMS_signed_get_attr_by_OBJ              2329   3_0_0   EXIST::FUNCTION:CMS
@@ -3163,7 +3163,7 @@ ACCESS_DESCRIPTION_free                 3228      3_0_0   EXIST::FUNCTION:
 BN_nist_mod_384                         3229   3_0_0   EXIST::FUNCTION:
 i2d_EC_PUBKEY_fp                        3230   3_0_0   EXIST::FUNCTION:EC,STDIO
 ENGINE_set_default_pkey_meths           3231   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-DH_bits                                 3232   3_0_0   EXIST::FUNCTION:DH
+DH_bits                                 3232   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 i2d_X509_ALGORS                         3233   3_0_0   EXIST::FUNCTION:
 EVP_camellia_192_cfb1                   3234   3_0_0   EXIST::FUNCTION:CAMELLIA
 TS_RESP_CTX_add_failure_info            3235   3_0_0   EXIST::FUNCTION:TS
@@ -3948,15 +3948,15 @@ RSA_meth_set_init                       4031    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_
 RSA_meth_get_priv_enc                   4032   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
 RSA_set0_crt_params                     4037   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
 RSA_get0_crt_params                     4038   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-DH_set0_pqg                             4039   3_0_0   EXIST::FUNCTION:DH
-DH_clear_flags                          4041   3_0_0   EXIST::FUNCTION:DH
-DH_get0_key                             4042   3_0_0   EXIST::FUNCTION:DH
+DH_set0_pqg                             4039   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_clear_flags                          4041   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_key                             4042   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DH_get0_engine                          4043   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
-DH_set0_key                             4044   3_0_0   EXIST::FUNCTION:DH
-DH_set_length                           4045   3_0_0   EXIST::FUNCTION:DH
-DH_test_flags                           4046   3_0_0   EXIST::FUNCTION:DH
-DH_get_length                           4047   3_0_0   EXIST::FUNCTION:DH
-DH_get0_pqg                             4048   3_0_0   EXIST::FUNCTION:DH
+DH_set0_key                             4044   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_set_length                           4045   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_test_flags                           4046   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get_length                           4047   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_pqg                             4048   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DH_meth_get_compute_key                 4049   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DH_meth_set1_name                       4050   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DH_meth_set_init                        4051   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
@@ -3978,7 +3978,7 @@ DH_meth_set_bn_mod_exp                  4066      3_0_0   EXIST::FUNCTION:DEPRECATEDIN_
 DH_meth_set_generate_key                4067   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DH_meth_free                            4068   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DH_meth_get_generate_key                4069   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
-DH_set_flags                            4070   3_0_0   EXIST::FUNCTION:DH
+DH_set_flags                            4070   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 X509_STORE_CTX_get_obj_by_subject       4071   3_0_0   EXIST::FUNCTION:
 X509_OBJECT_free                        4072   3_0_0   EXIST::FUNCTION:
 X509_OBJECT_get0_X509                   4073   3_0_0   EXIST::FUNCTION:
@@ -4091,7 +4091,7 @@ UI_method_get_ex_data                   4179      3_0_0   EXIST::FUNCTION:
 UI_UTIL_wrap_read_pem_callback          4180   3_0_0   EXIST::FUNCTION:
 X509_VERIFY_PARAM_get_time              4181   3_0_0   EXIST::FUNCTION:
 EVP_PKEY_get0_poly1305                  4182   3_0_0   EXIST::FUNCTION:POLY1305
-DH_check_params                         4183   3_0_0   EXIST::FUNCTION:DH
+DH_check_params                         4183   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 EVP_PKEY_get0_siphash                   4184   3_0_0   EXIST::FUNCTION:SIPHASH
 EVP_aria_256_ofb                        4185   3_0_0   EXIST::FUNCTION:ARIA
 EVP_aria_256_cfb128                     4186   3_0_0   EXIST::FUNCTION:ARIA
@@ -4236,7 +4236,7 @@ EVP_PKEY_meth_get_check                 4342      3_0_0   EXIST::FUNCTION:DEPRECATEDIN_
 EVP_PKEY_meth_remove                    4343   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
 OPENSSL_sk_reserve                      4344   3_0_0   EXIST::FUNCTION:
 EVP_PKEY_set1_engine                    4347   3_0_0   EXIST::FUNCTION:ENGINE
-DH_new_by_nid                           4348   3_0_0   EXIST::FUNCTION:DH
+DH_new_by_nid                           4348   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DH_get_nid                              4349   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 CRYPTO_get_alloc_counts                 4350   3_0_0   EXIST::FUNCTION:CRYPTO_MDEBUG
 OPENSSL_sk_new_reserve                  4351   3_0_0   EXIST::FUNCTION:
@@ -4345,11 +4345,11 @@ conf_ssl_name_find                      4469    3_0_0   EXIST::FUNCTION:
 conf_ssl_get_cmd                        4470   3_0_0   EXIST::FUNCTION:
 conf_ssl_get                            4471   3_0_0   EXIST::FUNCTION:
 X509_VERIFY_PARAM_get_hostflags         4472   3_0_0   EXIST::FUNCTION:
-DH_get0_p                               4473   3_0_0   EXIST::FUNCTION:DH
-DH_get0_q                               4474   3_0_0   EXIST::FUNCTION:DH
-DH_get0_g                               4475   3_0_0   EXIST::FUNCTION:DH
-DH_get0_priv_key                        4476   3_0_0   EXIST::FUNCTION:DH
-DH_get0_pub_key                         4477   3_0_0   EXIST::FUNCTION:DH
+DH_get0_p                               4473   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_q                               4474   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_g                               4475   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_priv_key                        4476   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
+DH_get0_pub_key                         4477   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DSA_get0_priv_key                       4478   3_0_0   EXIST::FUNCTION:DSA
 DSA_get0_pub_key                        4479   3_0_0   EXIST::FUNCTION:DSA
 DSA_get0_q                              4480   3_0_0   EXIST::FUNCTION:DSA