From: Norbert Pocs Date: Tue, 17 Jun 2025 10:47:54 +0000 (+0200) Subject: Deprecate ASN1_METH internal usage X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af2aaf3271c0b0a193f33d5c0be07754b846759e;p=thirdparty%2Fopenssl.git Deprecate ASN1_METH internal usage Some of them are needed and were kept by adding `#include "internal/deprecated"` and some had to be turned off. Signed-off-by: Norbert Pocs Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/27727) --- diff --git a/apps/genpkey.c b/apps/genpkey.c index b37a1526b44..bd44c5871fd 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -374,17 +374,21 @@ int init_gen_str(EVP_PKEY_CTX **pctx, OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY_CTX *ctx = NULL; +#ifndef OPENSSL_NO_DEPRECATED_3_6 int pkey_id; +#endif if (*pctx) { BIO_puts(bio_err, "Algorithm already set!\n"); return 0; } +#ifndef OPENSSL_NO_DEPRECATED_3_6 pkey_id = get_legacy_pkey_id(libctx, algname, e); if (pkey_id != NID_undef) ctx = EVP_PKEY_CTX_new_id(pkey_id, e); else +#endif ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq); if (ctx == NULL) diff --git a/apps/include/apps.h b/apps/include/apps.h index ceebfde7278..1ea1c13fdee 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -184,7 +184,9 @@ int init_engine(ENGINE *e); int finish_engine(ENGINE *e); char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc); +# ifndef OPENSSL_NO_DEPRECATED_3_6 int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e); +# endif const EVP_MD *get_digest_from_engine(const char *name); const EVP_CIPHER *get_cipher_from_engine(const char *name); diff --git a/apps/lib/engine.c b/apps/lib/engine.c index 209c4b6b03c..5a3c4bc1a08 100644 --- a/apps/lib/engine.c +++ b/apps/lib/engine.c @@ -135,6 +135,7 @@ char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc) return new_uri; } +#ifndef OPENSSL_NO_DEPRECATED_3_6 int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e) { const EVP_PKEY_ASN1_METHOD *ameth; @@ -163,6 +164,7 @@ int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e) return pkey_id; } +#endif const EVP_MD *get_digest_from_engine(const char *name) { diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 053f1e862da..fce944e4492 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -1547,12 +1547,9 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, if (pkey == NULL) { BIO_printf(sdb->out, "Public key missing"); } else { - const char *algname = ""; - - EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, - &algname, EVP_PKEY_get0_asn1(pkey)); BIO_printf(sdb->out, "%s, bits=%d", - algname, EVP_PKEY_get_bits(pkey)); + EVP_PKEY_get0_type_name(pkey), + EVP_PKEY_get_bits(pkey)); } } break; diff --git a/apps/req.c b/apps/req.c index d0368a76925..7398b862ab1 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1608,6 +1608,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, *pkeylen = EVP_PKEY_get_bits(param); EVP_PKEY_free(param); } else { +#ifndef OPENSSL_NO_DEPRECATED_3_6 if (keygen_engine != NULL) { int pkey_id = get_legacy_pkey_id(app_get0_libctx(), *pkeytype, keygen_engine); @@ -1615,9 +1616,12 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, if (pkey_id != NID_undef) gctx = EVP_PKEY_CTX_new_id(pkey_id, keygen_engine); } else { +#endif gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), *pkeytype, app_get0_propq()); +#ifndef OPENSSL_NO_DEPRECATED_3_6 } +#endif } if (gctx == NULL) { diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 5d0a71bbd85..790375c9244 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -7,9 +7,10 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_NO_DEPRECATED_3_6 -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED +/* + * We need to use some engine deprecated APIs + */ +#include "internal/deprecated.h" #include "internal/cryptlib.h" #include @@ -433,4 +434,3 @@ void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, { ameth->get_pub_key = get_pub_key; } -#endif diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h index 0d81a2d4634..639cb75b7d8 100644 --- a/crypto/asn1/standard_methods.h +++ b/crypto/asn1/standard_methods.h @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#ifndef OPENSSL_NO_DEPRECATED_3_6 /* * This table MUST be kept in ascending order of the NID each method * represents (corresponding to the pkey_id field) as OBJ_bsearch @@ -41,3 +42,4 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { &ossl_sm2_asn1_meth, #endif }; +#endif diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index c8ac441231c..51fc4e90e3d 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * For EVP_PKEY_asn1_get0_info(), EVP_PKEY_asn1_get_count() and + * EVP_PKEY_asn1_get0() + */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "internal/namemap.h" #include "internal/tsan_assist.h" #include "internal/hashtable.h" @@ -432,6 +438,7 @@ static void get_legacy_md_names(const OBJ_NAME *on, void *arg) get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); } +# ifndef OPENSSL_NO_DEPRECATED_3_6 static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, void *arg) { @@ -470,6 +477,7 @@ static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, } } } +# endif /* OPENSSL_NO_DEPRECATED_3_6 */ #endif /*- @@ -498,7 +506,7 @@ OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx) return NULL; } if (nms == 1) { - int i, end; + int num; /* Before pilfering, we make sure the legacy database is populated */ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS @@ -509,9 +517,26 @@ OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx) OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, get_legacy_md_names, namemap); - /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */ - for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++) - get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap); + /* + * Some old providers (<= 3.5) may not have the rsassaPSS alias which + * may cause problems in some cases. We add it manually here + */ + num = ossl_namemap_add_name(namemap, 0, "RSA-PSS"); + if (num != 0) { + ossl_namemap_add_name(namemap, num, "rsassaPss"); + /* Add other RSA-PSS aliases as well */ + ossl_namemap_add_name(namemap, num, "RSASSA-PSS"); + ossl_namemap_add_name(namemap, num, "1.2.840.113549.1.1.10"); + } +# ifndef OPENSSL_NO_DEPRECATED_3_6 + { + int i, end; + + /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */ + for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++) + get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap); + } +# endif } #endif diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 80570bdcce4..f46bbe88437 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -3,7 +3,8 @@ $COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c evp_utils.c \ mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c \ skeymgmt_meth.c \ pmeth_lib.c signature.c p_lib.c s_lib.c pmeth_gn.c exchange.c \ - evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c + evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c \ + evp_pkey_type.c SOURCE[../../libcrypto]=$COMMON\ encode.c evp_key.c evp_cnf.c \ diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index a4505a9d036..c596e3afb34 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -7,6 +7,11 @@ * https://www.openssl.org/source/license.html */ +/* + * Needed for EVP_PKEY_get0_asn1 and EVP_PKEY_asn1_get0_info + */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include "internal/cryptlib.h" @@ -244,17 +249,21 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key) { +#ifndef OPENSSL_NO_DEPRECATED_3_6 const EVP_PKEY_ASN1_METHOD *ameth; +#endif const char *name = NULL; if (key->keymgmt != NULL) return EVP_KEYMGMT_get0_name(key->keymgmt); +#ifndef OPENSSL_NO_DEPRECATED_3_6 /* Otherwise fallback to legacy */ ameth = EVP_PKEY_get0_asn1(key); if (ameth != NULL) EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &name, ameth); +#endif return name; } diff --git a/crypto/evp/evp_pkey_type.c b/crypto/evp/evp_pkey_type.c new file mode 100644 index 00000000000..5361999086f --- /dev/null +++ b/crypto/evp/evp_pkey_type.c @@ -0,0 +1,88 @@ +/* + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define OPENSSL_SUPPRESS_DEPRECATED + +#include "crypto/evp.h" +#include +#include +#ifndef OPENSSL_NO_DEPRECATED_3_6 +# include +# include "crypto/asn1.h" +#include +#else +# include "internal/nelem.h" +#endif + +#ifdef OPENSSL_NO_DEPRECATED_3_6 +/* + * This is a hardcoded conversion table for legacy ASN1_METHOD and pkey type. + * As the deprecated ASN1 should not enable to add any asn1 method, therefore + * this should work. + */ +struct pkid2bid { + int pkey_id; + int pkey_base_id; +}; + +const struct pkid2bid base_id_conversion[] = { + {EVP_PKEY_RSA, EVP_PKEY_RSA}, + {EVP_PKEY_RSA2, EVP_PKEY_RSA}, + {EVP_PKEY_RSA_PSS, EVP_PKEY_RSA_PSS}, +#ifndef OPENSSL_NO_DH + {EVP_PKEY_DH, EVP_PKEY_DH}, + {EVP_PKEY_DHX, EVP_PKEY_DHX}, +#endif +#ifndef OPENSSL_NO_DSA + {EVP_PKEY_DSA1, EVP_PKEY_DSA}, + {EVP_PKEY_DSA4, EVP_PKEY_DSA2}, + {EVP_PKEY_DSA3, EVP_PKEY_DSA2}, + {EVP_PKEY_DSA, EVP_PKEY_DSA}, +#endif +#ifndef OPENSSL_NO_EC + {EVP_PKEY_EC, EVP_PKEY_EC}, +#endif +#ifndef OPENSSL_NO_ECX + {EVP_PKEY_X25519, EVP_PKEY_X25519}, + {EVP_PKEY_X448, EVP_PKEY_X448}, + {EVP_PKEY_ED25519, EVP_PKEY_ED25519}, + {EVP_PKEY_ED448, EVP_PKEY_ED448}, +#endif +#ifndef OPENSSL_NO_SM2 + {EVP_PKEY_SM2, EVP_PKEY_EC}, +#endif +}; +#endif + +int EVP_PKEY_type(int type) +{ +#ifndef OPENSSL_NO_DEPRECATED_3_6 + int ret; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *e; + + ameth = EVP_PKEY_asn1_find(&e, type); + if (ameth) + ret = ameth->pkey_id; + else + ret = NID_undef; +# ifndef OPENSSL_NO_ENGINE + ENGINE_finish(e); +# endif + return ret; +#else + size_t i; + + for (i = 0; i < OSSL_NELEM(base_id_conversion); i++) { + if (type == base_id_conversion[i].pkey_id) + return base_id_conversion[i].pkey_base_id; + } + return NID_undef; +#endif +} diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 2d741b2378e..213e2162f67 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1022,22 +1022,6 @@ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) } # endif -int EVP_PKEY_type(int type) -{ - int ret; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *e; - ameth = EVP_PKEY_asn1_find(&e, type); - if (ameth) - ret = ameth->pkey_id; - else - ret = NID_undef; -# ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -# endif - return ret; -} - int EVP_PKEY_get_id(const EVP_PKEY *pkey) { return pkey->type; @@ -1558,7 +1542,7 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, { #ifndef FIPS_MODULE const EVP_PKEY_ASN1_METHOD *ameth = NULL; - ENGINE **eptr = (e == NULL) ? &e : NULL; + ENGINE **eptr = (e == NULL) ? &e : NULL; #endif /* diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 74cca96f4d7..943111889e1 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -192,7 +192,7 @@ int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ctx->keygen_info = NULL; -#ifndef FIPS_MODULE +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_DEPRECATED_3_6) /* In case |*ppkey| was originally a legacy key */ if (ret) evp_pkey_free_legacy(*ppkey); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 52da6991de3..0c0c43a0b28 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -7,8 +7,10 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED +/* + * We need to use some engine deprecated APIs + */ +#include "internal/deprecated.h" #include #include "crypto/ctype.h" diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index b640d3a7ae2..17a9da0a39a 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -7,8 +7,10 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED +/* + * We need to use some deprecated APIs + */ +#include "internal/deprecated.h" #include #include diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 7d693669cd3..fadf8cbbec1 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -7,6 +7,11 @@ * https://www.openssl.org/source/license.html */ +/* + * because of EVP_PKEY_asn1_find deprecation + */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include "internal/cryptlib.h" #include @@ -287,7 +292,9 @@ int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig) { +#ifndef OPENSSL_NO_DEPRECATED_3_6 int sig_nid; +#endif int indent = 4; if (BIO_printf(bp, "%*sSignature Algorithm: ", indent, "") <= 0) return 0; @@ -296,6 +303,7 @@ int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, if (sig && BIO_printf(bp, "\n%*sSignature Value:", indent, "") <= 0) return 0; +#ifndef OPENSSL_NO_DEPRECATED_3_6 sig_nid = OBJ_obj2nid(sigalg->algorithm); if (sig_nid != NID_undef) { int pkey_nid, dig_nid; @@ -306,6 +314,7 @@ int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, return ameth->sig_print(bp, sigalg, sig, indent + 4, 0); } } +#endif if (BIO_write(bp, "\n", 1) != 1) return 0; if (sig) diff --git a/crypto/x509/v3_ac_tgt.c b/crypto/x509/v3_ac_tgt.c index 1752569e302..0916cc5807f 100644 --- a/crypto/x509/v3_ac_tgt.c +++ b/crypto/x509/v3_ac_tgt.c @@ -7,6 +7,11 @@ * https://www.openssl.org/source/license.html */ +/* + * Needed for EVP_PKEY_asn1_find + */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include @@ -103,15 +108,16 @@ static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method, BIO *out, int indent) { int64_t dot = 0; +#ifndef OPENSSL_NO_DEPRECATED_3_6 int sig_nid; X509_ALGOR *digalg; +#endif ASN1_STRING *sig; if (odi == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); return 0; } - digalg = &odi->digestAlgorithm; sig = &odi->objectDigest; if (!ASN1_ENUMERATED_get_int64(&dot, &odi->digestedObjectType)) { return 0; @@ -139,6 +145,8 @@ static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method, BIO_puts(out, "\n"); if (BIO_printf(out, "\n%*sSignature Value: ", indent, "") <= 0) return 0; +#ifndef OPENSSL_NO_DEPRECATED_3_6 + digalg = &odi->digestAlgorithm; sig_nid = OBJ_obj2nid(odi->digestAlgorithm.algorithm); if (sig_nid != NID_undef) { int pkey_nid, dig_nid; @@ -149,6 +157,7 @@ static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method, return ameth->sig_print(out, digalg, sig, indent + 4, 0); } } +#endif if (BIO_write(out, "\n", 1) != 1) return 0; if (sig) diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 0c9df51b3c7..580c5c11bd2 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -7,6 +7,11 @@ * https://www.openssl.org/source/license.html */ +/* + * because of EVP_PKEY_asn1_find deprecation + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include "internal/refcount.h" diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c index a3fdf14c1d9..223929463a5 100644 --- a/engines/e_loader_attic.c +++ b/engines/e_loader_attic.c @@ -11,7 +11,9 @@ /* This file has quite some overlap with providers/implementations/storemgmt/file_store.c */ -/* We need to use some engine deprecated APIs */ +/* + * We need to use some asn1_meth deprecated APIs + */ #define OPENSSL_SUPPRESS_DEPRECATED #include "internal/e_os.h" /* for stat */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d47732484ef..1603b450ff5 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -523,9 +523,11 @@ typedef int (EVP_PBE_KEYGEN_EX) (EVP_CIPHER_CTX *ctx, const char *pass, (rsa)) # endif -# ifndef OPENSSL_NO_DSA -# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ - (dsa)) +# ifndef OPENSSL_NO_DEPRECATED_3_6 +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey, dsa) EVP_PKEY_assign((pkey), EVP_PKEY_DSA, \ + (dsa)) +# endif # endif # if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -539,10 +541,12 @@ typedef int (EVP_PBE_KEYGEN_EX) (EVP_CIPHER_CTX *ctx, const char *pass, (eckey)) # endif # endif -# ifndef OPENSSL_NO_SIPHASH -# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\ - EVP_PKEY_SIPHASH,(shkey)) -# endif +# ifndef OPENSSL_NO_DEPRECATED_3_6 +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey, shkey) EVP_PKEY_assign((pkey), \ + EVP_PKEY_SIPHASH, \ + (shkey)) +# endif # ifndef OPENSSL_NO_POLY1305 # define EVP_PKEY_assign_POLY1305(pkey, polykey) EVP_PKEY_assign((pkey), \ diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h index a3107c96d97..e5cab7f1bbf 100644 --- a/providers/implementations/include/prov/names.h +++ b/providers/implementations/include/prov/names.h @@ -400,7 +400,7 @@ #define PROV_NAMES_RSA_SHA3_384 "RSA-SHA3-384:id-rsassa-pkcs1-v1_5-with-sha3-384:2.16.840.1.101.3.4.3.15" #define PROV_NAMES_RSA_SHA3_512 "RSA-SHA3-512:id-rsassa-pkcs1-v1_5-with-sha3-512:2.16.840.1.101.3.4.3.16" #define PROV_DESCS_RSA "OpenSSL RSA implementation" -#define PROV_NAMES_RSA_PSS "RSA-PSS:RSASSA-PSS:1.2.840.113549.1.1.10" +#define PROV_NAMES_RSA_PSS "RSA-PSS:RSASSA-PSS:rsassaPss:1.2.840.113549.1.1.10" #define PROV_DESCS_RSA_PSS "OpenSSL RSA-PSS implementation" #define PROV_NAMES_SM2 "SM2:1.2.156.10197.1.301" #define PROV_DESCS_SM2 "OpenSSL SM2 implementation" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 6127cb7a4b4..ca57cf67af8 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -9,6 +9,11 @@ * https://www.openssl.org/source/license.html */ +/* + * Because of *asn1_* + */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #include #include @@ -275,11 +280,12 @@ static const SSL_CIPHER cipher_aliases[] = { }; +#ifndef OPENSSL_NO_DEPRECATED_3_6 /* * Search for public key algorithm with given name and return its pkey_id if * it is available. Otherwise return 0 */ -#ifdef OPENSSL_NO_ENGINE +# ifdef OPENSSL_NO_ENGINE static int get_optional_pkey_id(const char *pkey_name) { @@ -292,7 +298,7 @@ static int get_optional_pkey_id(const char *pkey_name) return 0; } -#else +# else static int get_optional_pkey_id(const char *pkey_name) { @@ -308,7 +314,13 @@ static int get_optional_pkey_id(const char *pkey_name) tls_engine_finish(tmpeng); return pkey_id; } - +# endif +#else +static int get_optional_pkey_id(const char *pkey_name) +{ + (void)pkey_name; + return 0; +} #endif int ssl_load_ciphers(SSL_CTX *ctx)