-----------
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+
+ * A number of functions handling low level keys or engines were deprecated
+ including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(),
+ EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and
+ EVP_PKEY_get0_siphash(). Applications using engines should instead use
+ providers. Applications getting or setting low level keys in an EVP_PKEY
+ should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively
+ use EVP_PKEY_fromdata() or EVP_PKEY_get_params().
+
+ *Matt Caswell*
+
* Deprecated obsolete EVP_PKEY_CTX_get0_dh_kdf_ukm() and
EVP_PKEY_CTX_get0_ecdh_kdf_ukm() functions. They are not needed
and require returning octet ptr parameters from providers that
be used instead via EVP_RAND(3).
*Paul Dale*
+
* The SRP APIs have been deprecated. The old APIs do not work via providers,
and there is no EVP interface to them. Unfortunately there is no replacement
for these APIs at this time.
*Kurt Roeckx*
- * EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(), and
- EVP_PKEY_get0_EC_KEY() can now handle EVP_PKEYs with provider side
- internal keys, if they correspond to one of those built in types.
-
- *Richard Levitte*
-
* Added EVP_PKEY_set_type_by_keymgmt(), to initialise an EVP_PKEY to
contain a provider side internal key.
`EVP_PKEY_set1_DH()` are also deprecated.
Applications should instead either read or write an
EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs.
- Or load an EVP_PKEY directly from DH data using `EVP_PKEY_fromdata()`.
+ Or load an EVP_PKEY directly from DH data using `EVP_PKEY_fromdata()`.
*Paul Dale and Matt Caswell*
time. Instead applications should use L<EVP_DigestSignInit_ex(3)>,
L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
+ Finaly functions that assign or obtain DH objects from an EVP_PKEY such as
+ `EVP_PKEY_assign_DSA()`, `EVP_PKEY_get0_DSA()`, `EVP_PKEY_get1_DSA()`, and
+ `EVP_PKEY_set1_DSA()` are also deprecated.
+ Applications should instead either read or write an
+ EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs.
+ Or load an EVP_PKEY directly from DSA data using `EVP_PKEY_fromdata()`.
+
*Paul Dale*
* Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len, NULL);
}
-#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_DEPRECATED_3_0
int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type)
{
if (!evp_pkey_is_legacy(pkey)) {
pkey->type = type;
return 1;
}
-#endif
+# endif
# ifndef OPENSSL_NO_ENGINE
int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
return pkey->engine;
}
# endif
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
{
int alias = type;
-#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_EC
if ((key != NULL) && (EVP_PKEY_type(type) == EVP_PKEY_EC)) {
const EC_GROUP *group = EC_KEY_get0_group(key);
if (group != NULL && EC_GROUP_get_curve_name(group) == NID_sm2)
alias = EVP_PKEY_SM2;
}
-#endif
+# endif
if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
return 0;
pkey->pkey.ptr = key;
return (key != NULL);
}
+# endif
void *EVP_PKEY_get0(const EVP_PKEY *pkey)
{
#include <openssl/evp.h>
+ int EVP_PKEY_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_type(int type);
+
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
+
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
- int EVP_PKEY_id(const EVP_PKEY *pkey);
- int EVP_PKEY_base_id(const EVP_PKEY *pkey);
- int EVP_PKEY_type(int type);
-
ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
-Deprecated since OpenSSL 3.0, can be hidden entirely by defining
-B<OPENSSL_API_COMPAT> with a suitable version value, see
-L<openssl_user_macros(7)>:
-
- int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
-
=head1 DESCRIPTION
-EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
-EVP_PKEY_set1_EC_KEY() set the key referenced by I<pkey> to I<key>.
-
-EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
-EVP_PKEY_get1_EC_KEY() return the referenced key in I<pkey> or NULL if the
-key is not of the correct type. The returned key must be freed after use.
-
-EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
-EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
-EVP_PKEY_get0_EC_KEY() return the referenced key in I<pkey> or NULL if the
-key is not of the correct type but the reference count of the returned key
-is B<not> incremented and so must not be freed after use.
-
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
-EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
-EVP_PKEY_assign_SIPHASH() set the referenced key to I<key> however these use
-the supplied I<key> internally and so I<key> will be freed when the parent
-I<pkey> is freed.
-
EVP_PKEY_base_id() returns the type of I<pkey>. For example
an RSA key will return B<EVP_PKEY_RSA>.
EVP_PKEY_type() returns the underlying type of the NID I<type>. For example
EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
-EVP_PKEY_get0_engine() returns a reference to the ENGINE handling I<pkey>.
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() set the key referenced by I<pkey> to I<key>. These
+functions are deprecated. Applications should instead use
+L<EVP_PKEY_fromdata(3)>.
+
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
+EVP_PKEY_assign_SIPHASH() set the referenced key to I<key> however these use
+the supplied I<key> internally and so I<key> will be freed when the parent
+I<pkey> is freed. These macros are deprecated. Applications should instead read
+an EVP_PKEY directly using the OSSL_DECODER APIs (see
+L<OSSL_DECODER_CTX_new_for_pkey(3)>), or construct an EVP_PKEY from data using
+L<EVP_PKEY_fromdata(3)>.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key in I<pkey> or NULL if the
+key is not of the correct type. The returned key must be freed after use.
+These functions are deprecated. Applications should instead use the EVP_PKEY
+directly where possible. If access to the low level key parameters is required
+then applications should use L<EVP_PKEY_get_params(3)> and other similar
+functions. To write an EVP_PKEY out use the OSSL_ENCODER APIs (see
+L<OSSL_ENCODER_CTX_new_for_pkey(3)>).
+
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
+EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() and
+EVP_PKEY_get0_EC_KEY() return the referenced key in I<pkey> or NULL if the
+key is not of the correct type but the reference count of the returned key
+is B<not> incremented and so must not be freed after use. These functions are
+deprecated. Applications should instead use the EVP_PKEY directly where
+possible. If access to the low level key parameters is required then
+applications should use L<EVP_PKEY_get_params(3)> and other similar functions.
+To write an EVP_PKEY out use the OSSL_ENCODER APIs (see
+L<OSSL_ENCODER_CTX_new_for_pkey(3)>).
+
+EVP_PKEY_get0_engine() returns a reference to the ENGINE handling I<pkey>. This
+function is deprecated. Applications should use providers instead of engines
+(see L<provider(7)> for details).
EVP_PKEY_set1_engine() sets the ENGINE handling I<pkey> to I<engine>. It
must be called after the key algorithm and components are set up.
If I<engine> does not include an B<EVP_PKEY_METHOD> for I<pkey> an
-error occurs.
+error occurs. This function is deprecated. Applications should use providers
+instead of engines (see L<provider(7)> for details).
-EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a
-different set of algorithms than the default.
+EVP_PKEY_set_alias_type() allows modifying an EVP_PKEY to use a
+different set of algorithms than the default. This function is deprecated and
+was previously needed as a workaround to recognise SM2 keys. From OpenSSL 3.0,
+this key type is internally recognised so the workaround is no longer needed.
+Functionality is still retained as it is, but will only work with EVP_PKEYs
+with a legacy internal key.
=head1 WARNINGS
=head1 HISTORY
-EVP_PKEY_set_alias_type() was deprecated in OpenSSL 3.0.
+EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
+EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
+EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
+EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
+EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
+EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine and EVP_PKEY_get0_engine were
+deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt);
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
-# endif
-# ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
+OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e);
+OSSL_DEPRECATEDIN_3_0
ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
-# endif
+# endif
+OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
+OSSL_DEPRECATEDIN_3_0
void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
-# ifndef OPENSSL_NO_POLY1305
+# ifndef OPENSSL_NO_POLY1305
+OSSL_DEPRECATEDIN_3_0
const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
-# endif
-# ifndef OPENSSL_NO_SIPHASH
+# endif
+# ifndef OPENSSL_NO_SIPHASH
+OSSL_DEPRECATEDIN_3_0
const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
-# endif
+# endif
-# ifndef OPENSSL_NO_DEPRECATED_3_0
struct rsa_st;
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
-# endif
-# ifndef OPENSSL_NO_DSA
+
+# ifndef OPENSSL_NO_DSA
struct dsa_st;
+OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
+OSSL_DEPRECATEDIN_3_0
struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0
struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
-# endif
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+# endif
+
# ifndef OPENSSL_NO_DH
struct dh_st;
OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
# endif
-# endif
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
# ifndef OPENSSL_NO_EC
struct ec_key_st;
OSSL_DEPRECATEDIN_3_0
OSSL_DEPRECATEDIN_3_0
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
# endif
-# endif
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
EVP_PKEY *EVP_PKEY_new(void);
int EVP_PKEY_up_ref(EVP_PKEY *pkey);
* https://www.openssl.org/source/license.html
*/
+/* test_multi below tests the thread safety of a deprecated function */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#if defined(_WIN32)
# include <windows.h>
#endif
PKCS7_digest_from_attributes 1861 3_0_0 EXIST::FUNCTION:
EC_GROUP_set_curve_GFp 1862 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_PURPOSE_get0 1863 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_set1_DSA 1864 3_0_0 EXIST::FUNCTION:DSA
+EVP_PKEY_set1_DSA 1864 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
X509_NAME_it 1865 3_0_0 EXIST::FUNCTION:
OBJ_add_object 1866 3_0_0 EXIST::FUNCTION:
DSA_generate_key 1867 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
d2i_TS_MSG_IMPRINT_fp 1984 3_0_0 EXIST::FUNCTION:STDIO,TS
X509_CRL_verify 1985 3_0_0 EXIST::FUNCTION:
X509_get0_uids 1986 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_get0_DSA 1987 3_0_0 EXIST::FUNCTION:DSA
+EVP_PKEY_get0_DSA 1987 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
d2i_CMS_ContentInfo 1988 3_0_0 EXIST::FUNCTION:CMS
EVP_CIPHER_meth_get_do_cipher 1989 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
i2d_DSA_PUBKEY 1990 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
ASN1_PRINTABLE_new 2139 3_0_0 EXIST::FUNCTION:
OBJ_NAME_new_index 2140 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_add_alias 2141 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_get1_DSA 2142 3_0_0 EXIST::FUNCTION:DSA
+EVP_PKEY_get1_DSA 2142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
SEED_cbc_encrypt 2143 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
EVP_rc2_40_cbc 2144 3_0_0 EXIST::FUNCTION:RC2
ECDSA_SIG_new 2145 3_0_0 EXIST::FUNCTION:EC
CONF_module_set_usr_data 2659 3_0_0 EXIST::FUNCTION:
EC_KEY_generate_key 2660 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BIO_ctrl_get_write_guarantee 2661 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_assign 2662 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_assign 2662 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_aes_128_ofb 2663 3_0_0 EXIST::FUNCTION:
CMS_data 2664 3_0_0 EXIST::FUNCTION:CMS
X509_load_cert_file 2665 3_0_0 EXIST::FUNCTION:
BN_CTX_start 2871 3_0_0 EXIST::FUNCTION:
BN_print 2872 3_0_0 EXIST::FUNCTION:
EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-EVP_PKEY_get0 2874 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_get0 2874 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ENGINE_set_default 2875 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
NCONF_get_number_e 2876 3_0_0 EXIST::FUNCTION:
OPENSSL_cleanse 2877 3_0_0 EXIST::FUNCTION:
X509_get_pathlen 4092 3_0_0 EXIST::FUNCTION:
ECDSA_SIG_set0 4093 3_0_0 EXIST::FUNCTION:EC
DSA_SIG_set0 4094 3_0_0 EXIST::FUNCTION:DSA
-EVP_PKEY_get0_hmac 4095 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_get0_hmac 4095 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
HMAC_CTX_get_md 4096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
NAME_CONSTRAINTS_check_CN 4097 3_0_0 EXIST::FUNCTION:
OCSP_resp_get0_id 4098 3_0_0 EXIST::FUNCTION:OCSP
UI_method_get_ex_data 4179 3_0_0 EXIST::FUNCTION:
UI_UTIL_wrap_read_pem_callback 4180 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_get_time 4181 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_get0_poly1305 4182 3_0_0 EXIST::FUNCTION:POLY1305
+EVP_PKEY_get0_poly1305 4182 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,POLY1305
DH_check_params 4183 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
-EVP_PKEY_get0_siphash 4184 3_0_0 EXIST::FUNCTION:SIPHASH
+EVP_PKEY_get0_siphash 4184 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SIPHASH
EVP_aria_256_ofb 4185 3_0_0 EXIST::FUNCTION:ARIA
EVP_aria_256_cfb128 4186 3_0_0 EXIST::FUNCTION:ARIA
EVP_aria_128_cfb1 4187 3_0_0 EXIST::FUNCTION:ARIA
EVP_PKEY_meth_get_check 4342 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_meth_remove 4343 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OPENSSL_sk_reserve 4344 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_set1_engine 4347 3_0_0 EXIST::FUNCTION:ENGINE
+EVP_PKEY_set1_engine 4347 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
DH_new_by_nid 4348 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_get_nid 4349 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CRYPTO_get_alloc_counts 4350 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG
OSSL_PARAM_set_octet_ptr ? 3_0_0 EXIST::FUNCTION:
X509_set0_distinguishing_id ? 3_0_0 EXIST::FUNCTION:
X509_get0_distinguishing_id ? 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_get0_engine ? 3_0_0 EXIST::FUNCTION:ENGINE
+EVP_PKEY_get0_engine ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
EVP_MD_up_ref ? 3_0_0 EXIST::FUNCTION:
EVP_MD_fetch ? 3_0_0 EXIST::FUNCTION:
EVP_set_default_properties ? 3_0_0 EXIST::FUNCTION:
projects / openssl.git / commitdiff