From 5a2674163d99c755ea0eb09501b9eee99e145188 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 14 Oct 2020 14:19:38 +0100
Subject: [PATCH] Deprecate EVP_PKEY_assign_DH and other similar macros

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
---
 apps/lib/s_cb.c       | 21 ---------------------
 crypto/evp/p_lib.c    |  2 +-
 include/openssl/evp.h | 10 ++++++----
 util/libcrypto.num    |  6 +++---
 4 files changed, 10 insertions(+), 29 deletions(-)

diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index a15e4e9d35..c7994417aa 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1449,27 +1449,6 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
             BIO_puts(sdb->out, cname);
         }
         break;
-#endif
-#ifndef OPENSSL_NO_DH
-    case SSL_SECOP_OTHER_DH:
-        {
-            DH *dh = other;
-            EVP_PKEY *pkey = EVP_PKEY_new();
-            int fail = 1;
-
-            if (pkey != NULL) {
-                if (EVP_PKEY_set1_DH(pkey, dh)) {
-                    BIO_printf(sdb->out, "%d", EVP_PKEY_bits(pkey));
-                    fail = 0;
-                }
-
-                EVP_PKEY_free(pkey);
-            }
-            if (fail)
-                BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x",
-                           op);
-            break;
-        }
 #endif
     case SSL_SECOP_OTHER_CERT:
         {
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index ad7a0ebee7..cf29071318 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -879,7 +879,7 @@ IMPLEMENT_ECX_VARIANT(ED448)
 
 # endif
 
-# ifndef OPENSSL_NO_DH
+# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 {
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9b635f13df..afbb43c6f9 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1230,11 +1230,13 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
 struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
 struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
 # endif
-# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  ifndef OPENSSL_NO_DH
 struct dh_st;
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
-struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+#  endif
 # endif
 # ifndef OPENSSL_NO_EC
 struct ec_key_st;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 841a97f7fb..8ef0f2a02b 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1406,7 +1406,7 @@ X509_ATTRIBUTE_set1_object              1438	3_0_0	EXIST::FUNCTION:
 i2d_ECPrivateKey_bio                    1439	3_0_0	EXIST::FUNCTION:EC
 BN_GENCB_free                           1440	3_0_0	EXIST::FUNCTION:
 HMAC_size                               1441	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_get0_DH                        1442	3_0_0	EXIST::FUNCTION:DH
+EVP_PKEY_get0_DH                        1442	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 d2i_OCSP_CRLID                          1443	3_0_0	EXIST::FUNCTION:OCSP
 EVP_CIPHER_CTX_set_padding              1444	3_0_0	EXIST::FUNCTION:
 CTLOG_new_from_base64                   1445	3_0_0	EXIST::FUNCTION:CT
@@ -1585,7 +1585,7 @@ X509V3_EXT_get                          1621	3_0_0	EXIST::FUNCTION:
 OCSP_id_cmp                             1622	3_0_0	EXIST::FUNCTION:OCSP
 NCONF_dump_bio                          1623	3_0_0	EXIST::FUNCTION:
 X509_NAME_get_entry                     1624	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get1_DH                        1625	3_0_0	EXIST::FUNCTION:DH
+EVP_PKEY_get1_DH                        1625	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 CRYPTO_gcm128_aad                       1626	3_0_0	EXIST::FUNCTION:
 EVP_des_cfb8                            1627	3_0_0	EXIST::FUNCTION:DES
 BN_BLINDING_convert                     1628	3_0_0	EXIST::FUNCTION:
@@ -2910,7 +2910,7 @@ NAME_CONSTRAINTS_it                     2972	3_0_0	EXIST::FUNCTION:
 TS_REQ_get_cert_req                     2973	3_0_0	EXIST::FUNCTION:TS
 BIO_pop                                 2974	3_0_0	EXIST::FUNCTION:
 SHA256_Final                            2975	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_set1_DH                        2976	3_0_0	EXIST::FUNCTION:DH
+EVP_PKEY_set1_DH                        2976	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DH_get_ex_data                          2977	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 CRYPTO_secure_malloc                    2978	3_0_0	EXIST::FUNCTION:
 TS_RESP_get_status_info                 2979	3_0_0	EXIST::FUNCTION:TS
-- 
2.34.1