OSSL_LIB_CTX *libctx, const char *propq)
{
EVP_PKEY_CTX *ctx = NULL;
+#ifndef OPENSSL_NO_DEPRECATED_3_6
int pkey_id;
+#endif
if (*pctx) {
BIO_puts(bio_err, "Algorithm already set!\n");
return 0;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_6
pkey_id = get_legacy_pkey_id(libctx, algname, e);
if (pkey_id != NID_undef)
ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
else
+#endif
ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
if (ctx == NULL)
int finish_engine(ENGINE *e);
char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc);
+# ifndef OPENSSL_NO_DEPRECATED_3_6
int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
+# endif
const EVP_MD *get_digest_from_engine(const char *name);
const EVP_CIPHER *get_cipher_from_engine(const char *name);
return new_uri;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_6
int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
{
const EVP_PKEY_ASN1_METHOD *ameth;
return pkey_id;
}
+#endif
const EVP_MD *get_digest_from_engine(const char *name)
{
if (pkey == NULL) {
BIO_printf(sdb->out, "Public key missing");
} else {
- const char *algname = "";
-
- EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
- &algname, EVP_PKEY_get0_asn1(pkey));
BIO_printf(sdb->out, "%s, bits=%d",
- algname, EVP_PKEY_get_bits(pkey));
+ EVP_PKEY_get0_type_name(pkey),
+ EVP_PKEY_get_bits(pkey));
}
}
break;
*pkeylen = EVP_PKEY_get_bits(param);
EVP_PKEY_free(param);
} else {
+#ifndef OPENSSL_NO_DEPRECATED_3_6
if (keygen_engine != NULL) {
int pkey_id = get_legacy_pkey_id(app_get0_libctx(), *pkeytype,
keygen_engine);
if (pkey_id != NID_undef)
gctx = EVP_PKEY_CTX_new_id(pkey_id, keygen_engine);
} else {
+#endif
gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
*pkeytype, app_get0_propq());
+#ifndef OPENSSL_NO_DEPRECATED_3_6
}
+#endif
}
if (gctx == NULL) {
* https://www.openssl.org/source/license.html
*/
-#ifndef OPENSSL_NO_DEPRECATED_3_6
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
+/*
+ * We need to use some engine deprecated APIs
+ */
+#include "internal/deprecated.h"
#include "internal/cryptlib.h"
#include <stdio.h>
{
ameth->get_pub_key = get_pub_key;
}
-#endif
* https://www.openssl.org/source/license.html
*/
+#ifndef OPENSSL_NO_DEPRECATED_3_6
/*
* This table MUST be kept in ascending order of the NID each method
* represents (corresponding to the pkey_id field) as OBJ_bsearch
&ossl_sm2_asn1_meth,
#endif
};
+#endif
* https://www.openssl.org/source/license.html
*/
+/*
+ * For EVP_PKEY_asn1_get0_info(), EVP_PKEY_asn1_get_count() and
+ * EVP_PKEY_asn1_get0()
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include "internal/namemap.h"
#include "internal/tsan_assist.h"
#include "internal/hashtable.h"
get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
}
+# ifndef OPENSSL_NO_DEPRECATED_3_6
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
void *arg)
{
}
}
}
+# endif /* OPENSSL_NO_DEPRECATED_3_6 */
#endif
/*-
return NULL;
}
if (nms == 1) {
- int i, end;
+ int num;
/* Before pilfering, we make sure the legacy database is populated */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
get_legacy_md_names, namemap);
- /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
- for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
- get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
+ /*
+ * Some old providers (<= 3.5) may not have the rsassaPSS alias which
+ * may cause problems in some cases. We add it manually here
+ */
+ num = ossl_namemap_add_name(namemap, 0, "RSA-PSS");
+ if (num != 0) {
+ ossl_namemap_add_name(namemap, num, "rsassaPss");
+ /* Add other RSA-PSS aliases as well */
+ ossl_namemap_add_name(namemap, num, "RSASSA-PSS");
+ ossl_namemap_add_name(namemap, num, "1.2.840.113549.1.1.10");
+ }
+# ifndef OPENSSL_NO_DEPRECATED_3_6
+ {
+ int i, end;
+
+ /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
+ for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
+ get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
+ }
+# endif
}
#endif
mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c \
skeymgmt_meth.c \
pmeth_lib.c signature.c p_lib.c s_lib.c pmeth_gn.c exchange.c \
- evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c
+ evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c \
+ evp_pkey_type.c
SOURCE[../../libcrypto]=$COMMON\
encode.c evp_key.c evp_cnf.c \
* https://www.openssl.org/source/license.html
*/
+/*
+ * Needed for EVP_PKEY_get0_asn1 and EVP_PKEY_asn1_get0_info
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key)
{
+#ifndef OPENSSL_NO_DEPRECATED_3_6
const EVP_PKEY_ASN1_METHOD *ameth;
+#endif
const char *name = NULL;
if (key->keymgmt != NULL)
return EVP_KEYMGMT_get0_name(key->keymgmt);
+#ifndef OPENSSL_NO_DEPRECATED_3_6
/* Otherwise fallback to legacy */
ameth = EVP_PKEY_get0_asn1(key);
if (ameth != NULL)
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &name, ameth);
+#endif
return name;
}
--- /dev/null
+/*
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include "crypto/evp.h"
+#include <openssl/core_names.h>
+#include <openssl/macros.h>
+#ifndef OPENSSL_NO_DEPRECATED_3_6
+# include <openssl/engine.h>
+# include "crypto/asn1.h"
+#include <openssl/types.h>
+#else
+# include "internal/nelem.h"
+#endif
+
+#ifdef OPENSSL_NO_DEPRECATED_3_6
+/*
+ * This is a hardcoded conversion table for legacy ASN1_METHOD and pkey type.
+ * As the deprecated ASN1 should not enable to add any asn1 method, therefore
+ * this should work.
+ */
+struct pkid2bid {
+ int pkey_id;
+ int pkey_base_id;
+};
+
+const struct pkid2bid base_id_conversion[] = {
+ {EVP_PKEY_RSA, EVP_PKEY_RSA},
+ {EVP_PKEY_RSA2, EVP_PKEY_RSA},
+ {EVP_PKEY_RSA_PSS, EVP_PKEY_RSA_PSS},
+#ifndef OPENSSL_NO_DH
+ {EVP_PKEY_DH, EVP_PKEY_DH},
+ {EVP_PKEY_DHX, EVP_PKEY_DHX},
+#endif
+#ifndef OPENSSL_NO_DSA
+ {EVP_PKEY_DSA1, EVP_PKEY_DSA},
+ {EVP_PKEY_DSA4, EVP_PKEY_DSA2},
+ {EVP_PKEY_DSA3, EVP_PKEY_DSA2},
+ {EVP_PKEY_DSA, EVP_PKEY_DSA},
+#endif
+#ifndef OPENSSL_NO_EC
+ {EVP_PKEY_EC, EVP_PKEY_EC},
+#endif
+#ifndef OPENSSL_NO_ECX
+ {EVP_PKEY_X25519, EVP_PKEY_X25519},
+ {EVP_PKEY_X448, EVP_PKEY_X448},
+ {EVP_PKEY_ED25519, EVP_PKEY_ED25519},
+ {EVP_PKEY_ED448, EVP_PKEY_ED448},
+#endif
+#ifndef OPENSSL_NO_SM2
+ {EVP_PKEY_SM2, EVP_PKEY_EC},
+#endif
+};
+#endif
+
+int EVP_PKEY_type(int type)
+{
+#ifndef OPENSSL_NO_DEPRECATED_3_6
+ int ret;
+ const EVP_PKEY_ASN1_METHOD *ameth;
+ ENGINE *e;
+
+ ameth = EVP_PKEY_asn1_find(&e, type);
+ if (ameth)
+ ret = ameth->pkey_id;
+ else
+ ret = NID_undef;
+# ifndef OPENSSL_NO_ENGINE
+ ENGINE_finish(e);
+# endif
+ return ret;
+#else
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(base_id_conversion); i++) {
+ if (type == base_id_conversion[i].pkey_id)
+ return base_id_conversion[i].pkey_base_id;
+ }
+ return NID_undef;
+#endif
+}
}
# endif
-int EVP_PKEY_type(int type)
-{
- int ret;
- const EVP_PKEY_ASN1_METHOD *ameth;
- ENGINE *e;
- ameth = EVP_PKEY_asn1_find(&e, type);
- if (ameth)
- ret = ameth->pkey_id;
- else
- ret = NID_undef;
-# ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(e);
-# endif
- return ret;
-}
-
int EVP_PKEY_get_id(const EVP_PKEY *pkey)
{
return pkey->type;
{
#ifndef FIPS_MODULE
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
- ENGINE **eptr = (e == NULL) ? &e : NULL;
+ ENGINE **eptr = (e == NULL) ? &e : NULL;
#endif
/*
ctx->keygen_info = NULL;
-#ifndef FIPS_MODULE
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_DEPRECATED_3_6)
/* In case |*ppkey| was originally a legacy key */
if (ret)
evp_pkey_free_legacy(*ppkey);
* https://www.openssl.org/source/license.html
*/
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
+/*
+ * We need to use some engine deprecated APIs
+ */
+#include "internal/deprecated.h"
#include <stdio.h>
#include "crypto/ctype.h"
* https://www.openssl.org/source/license.html
*/
-/* We need to use some deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
+/*
+ * We need to use some deprecated APIs
+ */
+#include "internal/deprecated.h"
#include <stdio.h>
#include <openssl/buffer.h>
* https://www.openssl.org/source/license.html
*/
+/*
+ * because of EVP_PKEY_asn1_find deprecation
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
const ASN1_STRING *sig)
{
+#ifndef OPENSSL_NO_DEPRECATED_3_6
int sig_nid;
+#endif
int indent = 4;
if (BIO_printf(bp, "%*sSignature Algorithm: ", indent, "") <= 0)
return 0;
if (sig && BIO_printf(bp, "\n%*sSignature Value:", indent, "") <= 0)
return 0;
+#ifndef OPENSSL_NO_DEPRECATED_3_6
sig_nid = OBJ_obj2nid(sigalg->algorithm);
if (sig_nid != NID_undef) {
int pkey_nid, dig_nid;
return ameth->sig_print(bp, sigalg, sig, indent + 4, 0);
}
}
+#endif
if (BIO_write(bp, "\n", 1) != 1)
return 0;
if (sig)
* https://www.openssl.org/source/license.html
*/
+/*
+ * Needed for EVP_PKEY_asn1_find
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <stdio.h>
#include <openssl/x509_acert.h>
#include <crypto/x509_acert.h>
BIO *out, int indent)
{
int64_t dot = 0;
+#ifndef OPENSSL_NO_DEPRECATED_3_6
int sig_nid;
X509_ALGOR *digalg;
+#endif
ASN1_STRING *sig;
if (odi == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- digalg = &odi->digestAlgorithm;
sig = &odi->objectDigest;
if (!ASN1_ENUMERATED_get_int64(&dot, &odi->digestedObjectType)) {
return 0;
BIO_puts(out, "\n");
if (BIO_printf(out, "\n%*sSignature Value: ", indent, "") <= 0)
return 0;
+#ifndef OPENSSL_NO_DEPRECATED_3_6
+ digalg = &odi->digestAlgorithm;
sig_nid = OBJ_obj2nid(odi->digestAlgorithm.algorithm);
if (sig_nid != NID_undef) {
int pkey_nid, dig_nid;
return ameth->sig_print(out, digalg, sig, indent + 4, 0);
}
}
+#endif
if (BIO_write(out, "\n", 1) != 1)
return 0;
if (sig)
* https://www.openssl.org/source/license.html
*/
+/*
+ * because of EVP_PKEY_asn1_find deprecation
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
/* This file has quite some overlap with providers/implementations/storemgmt/file_store.c */
-/* We need to use some engine deprecated APIs */
+/*
+ * We need to use some asn1_meth deprecated APIs
+ */
#define OPENSSL_SUPPRESS_DEPRECATED
#include "internal/e_os.h" /* for stat */
(rsa))
# endif
-# ifndef OPENSSL_NO_DSA
-# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
- (dsa))
+# ifndef OPENSSL_NO_DEPRECATED_3_6
+# ifndef OPENSSL_NO_DSA
+# define EVP_PKEY_assign_DSA(pkey, dsa) EVP_PKEY_assign((pkey), EVP_PKEY_DSA, \
+ (dsa))
+# endif
# endif
# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
(eckey))
# endif
# endif
-# ifndef OPENSSL_NO_SIPHASH
-# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\
- EVP_PKEY_SIPHASH,(shkey))
-# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_6
+# ifndef OPENSSL_NO_SIPHASH
+# define EVP_PKEY_assign_SIPHASH(pkey, shkey) EVP_PKEY_assign((pkey), \
+ EVP_PKEY_SIPHASH, \
+ (shkey))
+# endif
# ifndef OPENSSL_NO_POLY1305
# define EVP_PKEY_assign_POLY1305(pkey, polykey) EVP_PKEY_assign((pkey), \
#define PROV_NAMES_RSA_SHA3_384 "RSA-SHA3-384:id-rsassa-pkcs1-v1_5-with-sha3-384:2.16.840.1.101.3.4.3.15"
#define PROV_NAMES_RSA_SHA3_512 "RSA-SHA3-512:id-rsassa-pkcs1-v1_5-with-sha3-512:2.16.840.1.101.3.4.3.16"
#define PROV_DESCS_RSA "OpenSSL RSA implementation"
-#define PROV_NAMES_RSA_PSS "RSA-PSS:RSASSA-PSS:1.2.840.113549.1.1.10"
+#define PROV_NAMES_RSA_PSS "RSA-PSS:RSASSA-PSS:rsassaPss:1.2.840.113549.1.1.10"
#define PROV_DESCS_RSA_PSS "OpenSSL RSA-PSS implementation"
#define PROV_NAMES_SM2 "SM2:1.2.156.10197.1.301"
#define PROV_DESCS_SM2 "OpenSSL SM2 implementation"
* https://www.openssl.org/source/license.html
*/
+/*
+ * Because of *asn1_*
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <stdio.h>
#include <ctype.h>
#include <openssl/objects.h>
};
+#ifndef OPENSSL_NO_DEPRECATED_3_6
/*
* Search for public key algorithm with given name and return its pkey_id if
* it is available. Otherwise return 0
*/
-#ifdef OPENSSL_NO_ENGINE
+# ifdef OPENSSL_NO_ENGINE
static int get_optional_pkey_id(const char *pkey_name)
{
return 0;
}
-#else
+# else
static int get_optional_pkey_id(const char *pkey_name)
{
tls_engine_finish(tmpeng);
return pkey_id;
}
-
+# endif
+#else
+static int get_optional_pkey_id(const char *pkey_name)
+{
+ (void)pkey_name;
+ return 0;
+}
#endif
int ssl_load_ciphers(SSL_CTX *ctx)
projects / thirdparty / openssl.git / commitdiff
