From: Matt Caswell Date: Mon, 15 Dec 2025 16:18:13 +0000 (+0000) Subject: Remove the ability to query the internal EVP_PKEY_ASN1_METHODs X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9f6d5666ab1d24caca0972de38f97ce7175bfde;p=thirdparty%2Fopenssl.git Remove the ability to query the internal EVP_PKEY_ASN1_METHODs Previously there were a few functions where you could obtain a handle on registered EVP_PKEY_ASN1_METHODs and query information about them. We remove the capability. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/29405) --- diff --git a/apps/list.c b/apps/list.c index 5a9673180d7..2edd0100461 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1239,34 +1239,6 @@ static void list_type(FUNC_TYPE ft, int one) static void list_pkey(void) { -#ifndef OPENSSL_NO_DEPRECATED_3_0 - int i; - - if (select_name == NULL && include_legacy()) { - BIO_printf(bio_out, "Legacy:\n"); - for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { - const EVP_PKEY_ASN1_METHOD *ameth; - int pkey_id, pkey_base_id, pkey_flags; - const char *pinfo, *pem_str; - ameth = EVP_PKEY_asn1_get0(i); - EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, - &pinfo, &pem_str, ameth); - if (pkey_flags & ASN1_PKEY_ALIAS) { - BIO_printf(bio_out, " Name: %s\n", OBJ_nid2ln(pkey_id)); - BIO_printf(bio_out, "\tAlias for: %s\n", - OBJ_nid2ln(pkey_base_id)); - } else { - BIO_printf(bio_out, " Name: %s\n", pinfo); - BIO_printf(bio_out, "\tType: %s Algorithm\n", - pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); - BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); - if (pem_str == NULL) - pem_str = "(none)"; - BIO_printf(bio_out, "\tPEM string: %s\n", pem_str); - } - } - } -#endif BIO_printf(bio_out, "Provided:\n"); BIO_printf(bio_out, " Key Managers:\n"); list_keymanagers(); diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 08d1ccbbca2..bdba0329315 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -35,13 +35,13 @@ static int ameth_cmp(const EVP_PKEY_ASN1_METHOD *const *a, IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, const EVP_PKEY_ASN1_METHOD *, ameth); -int EVP_PKEY_asn1_get_count(void) +int evp_pkey_asn1_get_count(void) { int num = OSSL_NELEM(standard_methods); return num; } -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx) +const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_get0(int idx) { int num = OSSL_NELEM(standard_methods); @@ -68,7 +68,7 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) * `type`. If pe is not NULL, the function will set *pe to NULL to indicate no * engine is used. */ -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) +const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int type) { const EVP_PKEY_ASN1_METHOD *t; @@ -78,25 +78,18 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) break; type = t->pkey_base_id; } - if (pe) { - *pe = NULL; - } return t; } -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - const char *str, int len) +const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find_str(const char *str, int len) { int i; const EVP_PKEY_ASN1_METHOD *ameth = NULL; if (len == -1) len = (int)strlen(str); - if (pe) { - *pe = NULL; - } - for (i = EVP_PKEY_asn1_get_count(); i-- > 0;) { - ameth = EVP_PKEY_asn1_get0(i); + for (i = evp_pkey_asn1_get_count(); i-- > 0;) { + ameth = evp_pkey_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; if ((int)strlen(ameth->pem_str) == len @@ -106,7 +99,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, return NULL; } -int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, +int evp_pkey_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags, const char **pinfo, const char **ppem_str, const EVP_PKEY_ASN1_METHOD *ameth) @@ -126,7 +119,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, return 1; } -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) +const EVP_PKEY_ASN1_METHOD *evp_pkey_get0_asn1(const EVP_PKEY *pkey) { return pkey->ameth; } diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index 822656eaef3..ab3d7205986 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -7,17 +7,12 @@ * https://www.openssl.org/source/license.html */ -/* - * For EVP_PKEY_asn1_get0_info(), EVP_PKEY_asn1_get_count() and - * EVP_PKEY_asn1_get0() - */ -#define OPENSSL_SUPPRESS_DEPRECATED - #include "internal/namemap.h" #include "internal/tsan_assist.h" #include "internal/hashtable.h" #include "internal/sizes.h" #include "crypto/context.h" +#include "crypto/evp.h" #define NAMEMAP_HT_BUCKETS 512 @@ -446,7 +441,7 @@ static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, int nid = 0, base_nid = 0, flags = 0; const char *pem_name = NULL; - EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth); + evp_pkey_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth); if (nid != NID_undef) { if ((flags & ASN1_PKEY_ALIAS) == 0) { switch (nid) { @@ -534,8 +529,8 @@ OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx) int i, end; /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */ - for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++) - get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap); + for (i = 0, end = evp_pkey_asn1_get_count(); i < end; i++) + get_legacy_pkey_meth_names(evp_pkey_asn1_get0(i), namemap); } #endif } diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 690839cffba..bafd44972ba 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * Needed for EVP_PKEY_get0_asn1 and EVP_PKEY_asn1_get0_info - */ -#define OPENSSL_SUPPRESS_DEPRECATED - #include #include #include "internal/cryptlib.h" @@ -259,9 +254,9 @@ const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key) #ifndef OPENSSL_NO_DEPRECATED_3_6 /* Otherwise fallback to legacy */ - ameth = EVP_PKEY_get0_asn1(key); + ameth = evp_pkey_get0_asn1(key); if (ameth != NULL) - EVP_PKEY_asn1_get0_info(NULL, NULL, + evp_pkey_asn1_get0_info(NULL, NULL, NULL, NULL, &name, ameth); #endif diff --git a/crypto/evp/evp_pkey_type.c b/crypto/evp/evp_pkey_type.c index 7d9f82d72a2..cc4b824c765 100644 --- a/crypto/evp/evp_pkey_type.c +++ b/crypto/evp/evp_pkey_type.c @@ -65,7 +65,7 @@ int EVP_PKEY_type(int type) int ret; const EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_asn1_find(NULL, type); + ameth = evp_pkey_asn1_find(type); if (ameth) ret = ameth->pkey_id; else diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index df4ca9bce17..ab5ad82d08b 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1517,9 +1517,9 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, } #ifndef FIPS_MODULE if (str != NULL) - ameth = EVP_PKEY_asn1_find_str(NULL, str, len); + ameth = evp_pkey_asn1_find_str(str, len); else if (type != EVP_PKEY_NONE) - ameth = EVP_PKEY_asn1_find(NULL, type); + ameth = evp_pkey_asn1_find(type); #endif { @@ -1704,7 +1704,7 @@ void evp_pkey_free_legacy(EVP_PKEY *x) const EVP_PKEY_ASN1_METHOD *ameth = x->ameth; if (ameth == NULL && x->legacy_cache_pkey.ptr != NULL) - ameth = EVP_PKEY_asn1_find(NULL, x->type); + ameth = evp_pkey_asn1_find(x->type); if (ameth != NULL) { if (x->legacy_cache_pkey.ptr != NULL) { diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 2f7e51b16b9..e842bb97b31 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -25,6 +25,7 @@ #include #include "crypto/asn1.h" #include +#include "crypto/evp.h" #define MIN_LENGTH 4 @@ -145,7 +146,7 @@ static int check_pem(const char *nm, const char *name) * NB: ENGINE implementations won't contain a deprecated old * private key decode function so don't look for them. */ - ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); + ameth = evp_pkey_asn1_find_str(nm, slen); if (ameth && ameth->old_priv_decode) return 1; } @@ -157,7 +158,7 @@ static int check_pem(const char *nm, const char *name) const EVP_PKEY_ASN1_METHOD *ameth; slen = ossl_pem_check_suffix(nm, "PARAMETERS"); if (slen > 0) { - ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); + ameth = evp_pkey_asn1_find_str(nm, slen); if (ameth) { int r; if (ameth->param_decode) diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 6542aa2a7c8..8f99e45bb08 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -174,7 +174,7 @@ static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x, PKCS8_PRIV_KEY_INFO_free(p8inf); } else if ((slen = ossl_pem_check_suffix(nm, "PRIVATE KEY")) > 0) { const EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); + ameth = evp_pkey_asn1_find_str(nm, slen); if (ameth == NULL || ameth->old_priv_decode == NULL) goto p8err; ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx, diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 91351d5d780..8ccebbb4b5b 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * because of EVP_PKEY_asn1_find deprecation - */ -#define OPENSSL_SUPPRESS_DEPRECATED - #include #include "internal/cryptlib.h" #include @@ -21,6 +16,7 @@ #include #include "crypto/asn1.h" #include "crypto/x509.h" +#include "crypto/evp.h" void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs) { @@ -307,7 +303,7 @@ int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, int pkey_nid, dig_nid; const EVP_PKEY_ASN1_METHOD *ameth; if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { - ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); + ameth = evp_pkey_asn1_find(pkey_nid); if (ameth && ameth->sig_print) return ameth->sig_print(bp, sigalg, sig, indent + 4, 0); } diff --git a/crypto/x509/v3_ac_tgt.c b/crypto/x509/v3_ac_tgt.c index f0c2821e0fe..05f05553b4a 100644 --- a/crypto/x509/v3_ac_tgt.c +++ b/crypto/x509/v3_ac_tgt.c @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * Needed for EVP_PKEY_asn1_find - */ -#define OPENSSL_SUPPRESS_DEPRECATED - #include #include #include @@ -23,6 +18,7 @@ #include "ext_dat.h" #include "x509_local.h" #include "crypto/asn1.h" +#include "crypto/evp.h" static int i2r_ISSUER_SERIAL(X509V3_EXT_METHOD *method, OSSL_ISSUER_SERIAL *iss, @@ -153,7 +149,7 @@ static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method, int pkey_nid, dig_nid; const EVP_PKEY_ASN1_METHOD *ameth; if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { - ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); + ameth = evp_pkey_asn1_find(pkey_nid); if (ameth && ameth->sig_print) return ameth->sig_print(out, digalg, sig, indent + 4, 0); } diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 10178522a0b..ec795faa578 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * because of EVP_PKEY_asn1_find deprecation - */ -#include "internal/deprecated.h" - #include #include "internal/cryptlib.h" #include "internal/refcount.h" @@ -22,6 +17,7 @@ #include #include "crypto/asn1.h" #include "crypto/x509.h" +#include "crypto/evp.h" #include "x509_local.h" int X509_set_version(X509 *x, long version) @@ -236,7 +232,7 @@ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, switch (mdnid) { case NID_undef: /* If we have one, use a custom handler for this algorithm */ - ameth = EVP_PKEY_asn1_find(NULL, pknid); + ameth = evp_pkey_asn1_find(pknid); if (ameth != NULL && ameth->siginf_set != NULL && ameth->siginf_set(siginf, alg, sig)) break; diff --git a/include/crypto/evp.h b/include/crypto/evp.h index b719118bee0..a787b9cc6ae 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -919,4 +919,14 @@ int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp, int ossl_md2hmacnid(int mdnid); int ossl_hmac2mdnid(int hmac_nid); +const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int type); +const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find_str(const char *str, int len); +int evp_pkey_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_get0(int idx); +int evp_pkey_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); +const EVP_PKEY_ASN1_METHOD *evp_pkey_get0_asn1(const EVP_PKEY *pkey); + #endif /* OSSL_CRYPTO_EVP_H */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index ea8c4b0fd15..91664256428 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1513,20 +1513,6 @@ int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); #define ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED 0xb #ifndef OPENSSL_NO_DEPRECATED_3_6 -OSSL_DEPRECATEDIN_3_6 int EVP_PKEY_asn1_get_count(void); -OSSL_DEPRECATEDIN_3_6 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); -OSSL_DEPRECATEDIN_3_6 -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); -OSSL_DEPRECATEDIN_3_6 -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - const char *str, int len); -OSSL_DEPRECATEDIN_3_6 -int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, - int *ppkey_flags, const char **pinfo, - const char **ppem_str, - const EVP_PKEY_ASN1_METHOD *ameth); - -OSSL_DEPRECATEDIN_3_6 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_6 EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 5c694ca6b8a..95e787300a3 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -273,29 +273,6 @@ static const SSL_CIPHER cipher_aliases[] = { }; -#ifndef OPENSSL_NO_DEPRECATED_3_6 -/* - * Search for public key algorithm with given name and return its pkey_id if - * it is available. Otherwise return 0 - */ -static int get_optional_pkey_id(const char *pkey_name) -{ - const EVP_PKEY_ASN1_METHOD *ameth; - int pkey_id = 0; - ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); - if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth) > 0) - return pkey_id; - return 0; -} - -#else -static int get_optional_pkey_id(const char *pkey_name) -{ - (void)pkey_name; - return 0; -} -#endif - int ssl_load_ciphers(SSL_CTX *ctx) { size_t i; @@ -384,36 +361,33 @@ int ssl_load_ciphers(SSL_CTX *ctx) memcpy(ctx->ssl_mac_pkey_id, default_mac_pkey_id, sizeof(ctx->ssl_mac_pkey_id)); - ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id(SN_id_Gost28147_89_MAC); + ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = 0; if (ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; else ctx->disabled_mac_mask |= SSL_GOST89MAC; - ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id(SN_gost_mac_12); + ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = 0; if (ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32; else ctx->disabled_mac_mask |= SSL_GOST89MAC12; - ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = get_optional_pkey_id(SN_magma_mac); + ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = 0; if (ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_MAGMAOMAC_IDX] = 32; else ctx->disabled_mac_mask |= SSL_MAGMAOMAC; - ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = get_optional_pkey_id(SN_kuznyechik_mac); + ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = 0; if (ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX]) ctx->ssl_mac_secret_size[SSL_MD_KUZNYECHIKOMAC_IDX] = 32; else ctx->disabled_mac_mask |= SSL_KUZNYECHIKOMAC; - if (!get_optional_pkey_id(SN_id_GostR3410_2001)) - ctx->disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12; - if (!get_optional_pkey_id(SN_id_GostR3410_2012_256)) - ctx->disabled_auth_mask |= SSL_aGOST12; - if (!get_optional_pkey_id(SN_id_GostR3410_2012_512)) - ctx->disabled_auth_mask |= SSL_aGOST12; + ctx->disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12; + ctx->disabled_auth_mask |= SSL_aGOST12; + ctx->disabled_auth_mask |= SSL_aGOST12; /* * Disable GOST key exchange if no GOST signature algs are available * */ diff --git a/test/build.info b/test/build.info index c400ad0ef35..d12aa672696 100644 --- a/test/build.info +++ b/test/build.info @@ -55,7 +55,7 @@ IF[{- !$disabled{tests} -}] ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bio_callback_test bio_memleak_test bio_core_test bio_dgram_test param_build_test \ bioprinttest sslapitest ssl_handshake_rtt_test dtlstest sslcorrupttest \ - bio_base64_test test_base64_simdutf bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ + bio_base64_test test_base64_simdutf bio_enc_test pkey_meth_kdf_test evp_kdf_test uitest \ cipherbytes_test threadstest_fips threadpool_test \ asn1_encode_test asn1_decode_test asn1_string_table_test asn1_stable_parse_test \ x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ @@ -648,10 +648,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[bio_enc_test]=../include ../apps/include DEPEND[bio_enc_test]=../libcrypto libtestutil.a - SOURCE[pkey_meth_test]=pkey_meth_test.c - INCLUDE[pkey_meth_test]=../include ../apps/include - DEPEND[pkey_meth_test]=../libcrypto libtestutil.a - SOURCE[pkey_meth_kdf_test]=pkey_meth_kdf_test.c INCLUDE[pkey_meth_kdf_test]=../include ../apps/include DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c index 342308c617c..075e24551eb 100644 --- a/test/helpers/ssl_test_ctx.c +++ b/test/helpers/ssl_test_ctx.c @@ -520,19 +520,10 @@ const char *ssl_max_fragment_len_name(int MFL_mode) __owur static int parse_expected_key_type(int *ptype, const char *value) { int nid; -#ifndef OPENSSL_NO_DEPRECATED_3_6 - const EVP_PKEY_ASN1_METHOD *ameth; -#endif if (value == NULL) return 0; -#ifndef OPENSSL_NO_DEPRECATED_3_6 - ameth = EVP_PKEY_asn1_find_str(NULL, value, -1); - if (ameth != NULL) - EVP_PKEY_asn1_get0_info(&nid, NULL, NULL, NULL, NULL, ameth); - else - nid = OBJ_sn2nid(value); -#else + /* * These functions map the values differently than * EVP_PKEY_asn1_find_str (which was used before) so use this hack @@ -551,7 +542,7 @@ __owur static int parse_expected_key_type(int *ptype, const char *value) } else { nid = OBJ_ln2nid(value); } -#endif + if (nid == NID_undef) nid = OBJ_sn2nid(value); #ifndef OPENSSL_NO_EC diff --git a/test/pkey_meth_test.c b/test/pkey_meth_test.c deleted file mode 100644 index 15d62e0a939..00000000000 --- a/test/pkey_meth_test.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Internal tests for EVP_PKEY method ordering */ - -/* - * Because of *asn1_* - */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include - -#include -#include "testutil.h" - -#ifndef OPENSSL_NO_DEPRECATED_3_6 -/* Test of EVP_PKEY_ASN1_METHOD ordering */ -static int test_asn1_meths(void) -{ - int i; - int prev = -1; - int good = 1; - int pkey_id; - const EVP_PKEY_ASN1_METHOD *ameth; - - for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { - ameth = EVP_PKEY_asn1_get0(i); - EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); - if (pkey_id < prev) - good = 0; - prev = pkey_id; - } - if (!good) { - TEST_error("EVP_PKEY_ASN1_METHOD table out of order"); - for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { - const char *info; - - ameth = EVP_PKEY_asn1_get0(i); - EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, &info, NULL, ameth); - if (info == NULL) - info = ""; - TEST_note("%d : %s : %s", pkey_id, OBJ_nid2ln(pkey_id), info); - } - } - return good; -} -#endif - -int setup_tests(void) -{ -#ifndef OPENSSL_NO_DEPRECATED_3_6 - ADD_TEST(test_asn1_meths); -#endif - return 1; -} diff --git a/test/recipes/30-test_pkey_meth.t b/test/recipes/30-test_pkey_meth.t deleted file mode 100644 index b34dcc77c93..00000000000 --- a/test/recipes/30-test_pkey_meth.t +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Simple; - -simple_test("test_pkey_meth", "pkey_meth_test"); diff --git a/util/libcrypto.num b/util/libcrypto.num index da161aad73f..9d508f96cac 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1331,12 +1331,6 @@ EVP_PBE_find ? 4_0_0 EXIST::FUNCTION: EVP_PBE_find_ex ? 4_0_0 EXIST::FUNCTION: EVP_PBE_cleanup ? 4_0_0 EXIST::FUNCTION: EVP_PBE_get ? 4_0_0 EXIST::FUNCTION: -EVP_PKEY_asn1_get_count ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6 -EVP_PKEY_asn1_get0 ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6 -EVP_PKEY_asn1_find ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6 -EVP_PKEY_asn1_find_str ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6 -EVP_PKEY_asn1_get0_info ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6 -EVP_PKEY_get0_asn1 ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6 EVP_PKEY_asn1_new ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6 EVP_PKEY_asn1_copy ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6 EVP_PKEY_asn1_free ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6