From: Tomas Mraz Date: Thu, 21 Jan 2021 15:37:26 +0000 (+0100) Subject: bn: Deprecate the X9.31 RSA key generation related functions X-Git-Tag: openssl-3.0.0-alpha11~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c27e7922211ac4f7aee5573f605c3b3cbef0d0bc;p=thirdparty%2Fopenssl.git bn: Deprecate the X9.31 RSA key generation related functions This key generation method is obsolete. Fixes #10111 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/13921) --- diff --git a/CHANGES.md b/CHANGES.md index 63d41c3911c..fbd80c33c08 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,12 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Deprecated the obsolete X9.31 RSA key generation related functions + BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and + BN_X931_generate_prime_ex(). + + *Tomas Mraz* + * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(), OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(), diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index bca7c9788e4..c7ecdd23c80 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include "bn_local.h" diff --git a/crypto/bn/build.info b/crypto/bn/build.info index 6164bba8c75..f732be24f8d 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -105,11 +105,10 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \ bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_x931p.c bn_intern.c bn_dh.c \ - bn_rsa_fips186_4.c bn_const.c + bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../../libcrypto]=bn_depr.c + SOURCE[../../libcrypto]=bn_depr.c bn_x931p.c ENDIF SOURCE[../../providers/libfips.a]=$COMMON $BNASM SOURCE[../../providers/liblegacy.a]=$BNASM diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info index 16149960496..d97e07fa4c3 100644 --- a/crypto/rsa/build.info +++ b/crypto/rsa/build.info @@ -2,7 +2,7 @@ LIBS=../../libcrypto $COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \ rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c rsa_x931.c rsa_crpt.c \ - rsa_x931g.c rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \ + rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \ rsa_mp_names.c rsa_schemes.c SOURCE[../../libcrypto]=$COMMON\ @@ -11,6 +11,9 @@ SOURCE[../../libcrypto]=$COMMON\ IF[{- !$disabled{'deprecated-0.9.8'} -}] SOURCE[../../libcrypto]=rsa_depr.c ENDIF +IF[{- !$disabled{'deprecated-3.0'} -}] + SOURCE[../../libcrypto]=rsa_x931g.c +ENDIF SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 211e717871e..6c50bd9593b 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -11,7 +11,7 @@ * RSA low level APIs are deprecated for public use, but still ok for * internal use. */ -#include "internal/deprecated.h" +#define OPENSSL_SUPPRESS_DEPRECATED #include #include diff --git a/include/openssl/bn.h b/include/openssl/bn.h index c15fa3054f7..2a9ba8cd7f7 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -370,15 +370,20 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb); int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +# endif BN_MONT_CTX *BN_MONT_CTX_new(void); int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, diff --git a/util/libcrypto.num b/util/libcrypto.num index ffc423953a0..bc39e25b6d1 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -568,7 +568,7 @@ ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 ESS_ISSUER_SERIAL_dup 582 3_0_0 EXIST::FUNCTION: BN_GF2m_mod_exp_arr 583 3_0_0 EXIST::FUNCTION:EC2M ASN1_UTF8STRING_free 584 3_0_0 EXIST::FUNCTION: -BN_X931_generate_prime_ex 585 3_0_0 EXIST::FUNCTION: +BN_X931_generate_prime_ex 585 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_get_RAND 586 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_DecryptInit 587 3_0_0 EXIST::FUNCTION: BN_bin2bn 588 3_0_0 EXIST::FUNCTION: @@ -980,7 +980,7 @@ CRYPTO_cbc128_encrypt 1004 3_0_0 EXIST::FUNCTION: i2d_RSAPublicKey_bio 1005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_chain_check_suiteb 1006 3_0_0 EXIST::FUNCTION: i2d_OCSP_REQUEST 1007 3_0_0 EXIST::FUNCTION:OCSP -BN_X931_generate_Xpq 1008 3_0_0 EXIST::FUNCTION: +BN_X931_generate_Xpq 1008 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_item_digest 1009 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set_trust 1010 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get_error 1011 3_0_0 EXIST::FUNCTION: @@ -1976,7 +1976,7 @@ EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:EC SCT_get0_extensions 2022 3_0_0 EXIST::FUNCTION:CT OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION: i2d_DIRECTORYSTRING 2024 3_0_0 EXIST::FUNCTION: -BN_X931_derive_prime_ex 2025 3_0_0 EXIST::FUNCTION: +BN_X931_derive_prime_ex 2025 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_get_pkey_asn1_meth_str 2026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PKCS7_signatureVerify 2027 3_0_0 EXIST::FUNCTION: CRYPTO_ocb128_new 2028 3_0_0 EXIST::FUNCTION:OCB