Deprecate the DHparams and DHxparams PEM routines

The functions return a DH object and therefore need to be deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)

diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 3dcf97e36ca1e888206044cba98918df555db89a..b3c2d2e1c16eecae5e4328f91ad3b677a4806b06 100644 (file)
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -391,8 +391,10 @@ DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
 DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
 # endif
 # ifndef OPENSSL_NO_DH
-DECLARE_PEM_rw(DHparams, DH)
-DECLARE_PEM_write(DHxparams, DH)
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
+DECLARE_PEM_write_attr(OSSL_DEPRECATEDIN_3_0, DHxparams, DH)
+#  endif
 # endif
 DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
 EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,

diff --git a/test/build.info b/test/build.info
index bd87bf6a9483393805b679d2724632d3fc11ba90..7f9e44b591a79aff8048588d914b1d895dbed80a 100644 (file)
--- a/test/build.info
+++ b/test/build.info
@@ -793,10 +793,12 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[endecode_test]=.. ../include ../apps/include
   DEPEND[endecode_test]=../libcrypto.a libtestutil.a
 
-  PROGRAMS{noinst}=endecoder_legacy_test
-  SOURCE[endecoder_legacy_test]=endecoder_legacy_test.c
-  INCLUDE[endecoder_legacy_test]=.. ../include ../apps/include
-  DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a
+  IF[{- !$disabled{'deprecated-3.0'} -}]
+    PROGRAMS{noinst}=endecoder_legacy_test
+    SOURCE[endecoder_legacy_test]=endecoder_legacy_test.c
+    INCLUDE[endecoder_legacy_test]=.. ../include ../apps/include
+    DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a
+  ENDIF
 
   PROGRAMS{noinst}=namemap_internal_test
   SOURCE[namemap_internal_test]=namemap_internal_test.c

diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index 6fd7b356cd84123a8305d88f2c8aa0df03cdc206..467c072b3e82d24f41f5db38c73dd74f0d473a94 100644 (file)
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -166,7 +166,6 @@ static struct test_stanza_st {
       NULL,                      /* No PEM_read_bio_ECParameters */
       (PEM_read_bio_of_void *)PEM_read_bio_EC_PUBKEY, },
 #endif
-#ifndef OPENSSL_NO_DEPRECATED_3_0
     { "RSA", { "RSA", "type-specific" }, EVP_PKEY_RSA,
       (i2d_of_void *)i2d_RSAPrivateKey,
       (i2d_of_void *)i2d_RSAPublicKey,
@@ -184,7 +183,6 @@ static struct test_stanza_st {
       (PEM_read_bio_of_void *)PEM_read_bio_RSAPublicKey,
       NULL,                      /* No PEM_read_bio_RSAparams */
       (PEM_read_bio_of_void *)PEM_read_bio_RSA_PUBKEY }
-#endif
 };
 
 /*

diff --git a/test/recipes/04-test_encoder_decoder_legacy.t b/test/recipes/04-test_encoder_decoder_legacy.t
index 988132262857a5fb6ce0dcf60218093b12df118a..ef252a3766978d3008635fc7c3b53978b035f8bd 100644 (file)
--- a/test/recipes/04-test_encoder_decoder_legacy.t
+++ b/test/recipes/04-test_encoder_decoder_legacy.t
@@ -11,12 +11,16 @@ use warnings;
 
 use OpenSSL::Test::Simple;
 use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
 use Cwd qw(abs_path);
 
-setup("test_encode_legacy");
+setup("test_encoder_decoder_legacy");
 
+plan skip_all => "Not available in a no-deprecated build"
+    if disabled("deprecated");
 plan tests => 1;
 
+
 $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
 $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf"));
 

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 8ef0f2a02b2292f604f5542903b77f186d2866e5..d81534ad06350bfe36b1285d2c898808c482b3ec 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -274,7 +274,7 @@ X509_get_ext_d2i                        279 3_0_0   EXIST::FUNCTION:
 d2i_PKCS7_ENC_CONTENT                   280    3_0_0   EXIST::FUNCTION:
 BUF_MEM_grow                            281    3_0_0   EXIST::FUNCTION:
 TS_REQ_free                             282    3_0_0   EXIST::FUNCTION:TS
-PEM_read_DHparams                       283    3_0_0   EXIST::FUNCTION:DH,STDIO
+PEM_read_DHparams                       283    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
 RSA_private_decrypt                     284    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
 X509V3_EXT_get_nid                      285    3_0_0   EXIST::FUNCTION:
 BIO_s_log                               286    3_0_0   EXIST::FUNCTION:
@@ -447,7 +447,7 @@ ENGINE_get_digests                      455 3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3
 TS_MSG_IMPRINT_get_algo                 456    3_0_0   EXIST::FUNCTION:TS
 DH_new_method                           457    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 BF_ecb_encrypt                          458    3_0_0   EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
-PEM_write_bio_DHparams                  459    3_0_0   EXIST::FUNCTION:DH
+PEM_write_bio_DHparams                  459    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 EVP_DigestFinal                         460    3_0_0   EXIST::FUNCTION:
 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE 461  3_0_0   EXIST::FUNCTION:CT
 X509v3_asid_add_id_or_range             462    3_0_0   EXIST::FUNCTION:RFC3779
@@ -2017,7 +2017,7 @@ BN_GENCB_get_arg                        2063      3_0_0   EXIST::FUNCTION:
 EVP_MD_CTX_clear_flags                  2064   3_0_0   EXIST::FUNCTION:
 EVP_PKEY_meth_get_verifyctx             2065   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
 CT_POLICY_EVAL_CTX_get0_cert            2066   3_0_0   EXIST::FUNCTION:CT
-PEM_write_DHparams                      2067   3_0_0   EXIST::FUNCTION:DH,STDIO
+PEM_write_DHparams                      2067   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
 DH_set_ex_data                          2068   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 OCSP_SIGNATURE_free                     2069   3_0_0   EXIST::FUNCTION:OCSP
 CRYPTO_128_unwrap_pad                   2070   3_0_0   EXIST::FUNCTION:
@@ -2405,7 +2405,7 @@ BIGNUM_it                               2455      3_0_0   EXIST::FUNCTION:
 BN_BLINDING_get_flags                   2456   3_0_0   EXIST::FUNCTION:
 X509_EXTENSION_get_critical             2457   3_0_0   EXIST::FUNCTION:
 DSA_set_default_method                  2458   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
-PEM_write_bio_DHxparams                 2459   3_0_0   EXIST::FUNCTION:DH
+PEM_write_bio_DHxparams                 2459   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DSA_set_ex_data                         2460   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
 BIO_s_datagram_sctp                     2461   3_0_0   EXIST::FUNCTION:DGRAM,SCTP
 SXNET_add_id_asc                        2462   3_0_0   EXIST::FUNCTION:
@@ -3190,7 +3190,7 @@ X509_set1_notBefore                     3255      3_0_0   EXIST::FUNCTION:
 MD4                                     3256   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4
 EVP_PKEY_CTX_dup                        3257   3_0_0   EXIST::FUNCTION:
 ENGINE_setup_bsd_cryptodev              3258   3_0_0   EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE
-PEM_read_bio_DHparams                   3259   3_0_0   EXIST::FUNCTION:DH
+PEM_read_bio_DHparams                   3259   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 CMS_SharedInfo_encode                   3260   3_0_0   EXIST::FUNCTION:CMS
 ASN1_OBJECT_create                      3261   3_0_0   EXIST::FUNCTION:
 i2d_ECParameters                        3262   3_0_0   EXIST::FUNCTION:EC
@@ -3684,7 +3684,7 @@ ASN1_TIME_print                         3763      3_0_0   EXIST::FUNCTION:
 EVP_PKEY_CTX_get0_peerkey               3764   3_0_0   EXIST::FUNCTION:
 BN_mod_lshift1                          3765   3_0_0   EXIST::FUNCTION:
 BIO_ADDRINFO_family                     3766   3_0_0   EXIST::FUNCTION:SOCK
-PEM_write_DHxparams                     3767   3_0_0   EXIST::FUNCTION:DH,STDIO
+PEM_write_DHxparams                     3767   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
 BN_mod_exp2_mont                        3768   3_0_0   EXIST::FUNCTION:
 ASN1_PRINTABLE_free                     3769   3_0_0   EXIST::FUNCTION:
 PKCS7_ATTR_SIGN_it                      3771   3_0_0   EXIST::FUNCTION: