EVP_PKEY_new_raw_private_key,
EVP_PKEY_new_raw_public_key_ex,
EVP_PKEY_new_raw_public_key,
-EVP_PKEY_new_CMAC_key_ex,
EVP_PKEY_new_CMAC_key,
EVP_PKEY_new_mac_key,
EVP_PKEY_get_raw_private_key,
size_t keylen);
EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
const unsigned char *key, size_t keylen);
- EVP_PKEY *EVP_PKEY_new_CMAC_key_ex(const unsigned char *priv, size_t len,
- const char *cipher_name,
- OSSL_LIB_CTX *libctx, const char *propq);
- EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
- size_t len, const EVP_CIPHER *cipher);
EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
int keylen);
int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
size_t *len);
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+ size_t len, const EVP_CIPHER *cipher);
+
=head1 DESCRIPTION
B<EVP_PKEY> is a generic structure to hold diverse types of asymmetric keys
information. Algorithm types that support raw public keys are
B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
-EVP_PKEY_new_CMAC_key_ex() works in the same way as
-EVP_PKEY_new_raw_private_key() except it is only for the B<EVP_PKEY_CMAC>
-algorithm type. In addition to the raw private key data, it also takes a cipher
-algorithm to be used during creation of a CMAC in the I<cipher> argument. The
-cipher should be a standard encryption only cipher. For example AEAD and XTS
-ciphers should not be used. Finally it also takes a library context I<libctx>
-and property query I<propq> which are used when fetching any cryptographic
-algorithms which may be NULL to use the default values.
-
-EVP_PKEY_new_CMAC_key() is the same as EVP_PKEY_new_CMAC_key_ex()
-except that the default values are used for I<libctx> and I<propq>.
-
-Using EVP_PKEY_new_CMAC_key_ex() or EVP_PKEY_new_CMAC_key() is discouraged in
-favor of the L<EVP_MAC(3)> API.
-
EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key().
New applications should use EVP_PKEY_new_raw_private_key() instead.
Currently this is: B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or
B<EVP_PKEY_ED448>.
+EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key()
+except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the
+raw private key data, it also takes a cipher algorithm to be used during
+creation of a CMAC in the B<cipher> argument. The cipher should be a standard
+encryption-only cipher. For example AEAD and XTS ciphers should not be used.
+
+Applications should use the L<EVP_MAC(3)> API instead
+and set the B<OSSL_MAC_PARAM_CIPHER> parameter on the B<EVP_MAC_CTX> object
+with the name of the cipher being used.
+
=head1 NOTES
The B<EVP_PKEY> structure is used by various OpenSSL functions which require a
EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and
EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.
-The EVP_PKEY_new_raw_private_key_ex(),
-EVP_PKEY_new_raw_public_key_ex() and
-EVP_PKEY_new_CMAC_key_ex() functions were added in OpenSSL 3.0.
+The EVP_PKEY_new_raw_private_key_ex() and
+EVP_PKEY_new_raw_public_key_ex()
+functions were added in OpenSSL 3.0.
+
+The EVP_PKEY_new_CMAC_key() was deprecated in OpenSSL 3.0.
The documentation of B<EVP_PKEY> was amended in OpenSSL 3.0 to allow there to
be the private part of the keypair without the public part, where this was
EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
int ret = 0;
EVP_PKEY *pkey = NULL;
- unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
+ unsigned char mac[AES_BLOCK_SIZE];
+# if !defined(OPENSSL_NO_DEPRECATED_3_0)
+ unsigned char mac2[AES_BLOCK_SIZE];
+# endif
/* Test a CMAC key created using the "generated" method */
if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
|| !TEST_true(get_cmac_val(pkey, mac)))
goto done;
+# if !defined(OPENSSL_NO_DEPRECATED_3_0)
EVP_PKEY_free(pkey);
/*
|| !TEST_true(get_cmac_val(pkey, mac2))
|| !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
goto done;
+# endif
ret = 1;
* https://www.openssl.org/source/license.html
*/
+#define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_new_CMAC_key */
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
OBJ_nid2sn(expected->type), expected->alg);
if (expected->type == EVP_PKEY_CMAC) {
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+ TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
+ t->skip = 1;
+ t->err = NULL;
+ goto err;
+#else
+ OSSL_LIB_CTX *tmpctx;
+
if (expected->alg != NULL && is_cipher_disabled(expected->alg)) {
TEST_info("skipping, PKEY CMAC '%s' is disabled", expected->alg);
t->skip = 1;
t->err = "MAC_KEY_CREATE_ERROR";
goto err;
}
- key = EVP_PKEY_new_CMAC_key_ex(expected->key, expected->key_len,
- EVP_CIPHER_name(cipher), libctx, NULL);
+ tmpctx = OSSL_LIB_CTX_set0_default(libctx);
+ key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len,
+ cipher);
+ OSSL_LIB_CTX_set0_default(tmpctx);
+#endif
} else {
key = EVP_PKEY_new_raw_private_key_ex(libctx,
OBJ_nid2sn(expected->type), NULL,
OSSL_STORE_SEARCH_get0_digest 4451 3_0_0 EXIST::FUNCTION:
EVP_PKEY_new_raw_private_key 4453 3_0_0 EXIST::FUNCTION:
EVP_PKEY_new_raw_public_key 4454 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_new_CMAC_key 4455 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_new_CMAC_key 4455 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_asn1_set_set_priv_key 4456 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_pub_key 4457 3_0_0 EXIST::FUNCTION:
conf_ssl_name_find 4469 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_get_octet_string_ptr ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_mac_key ? 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_new_CMAC_key_ex ? 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_new ? 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get0_data ? 3_0_0 EXIST::FUNCTION:
asn1_d2i_read_bio ? 3_0_0 EXIST::FUNCTION:
projects / openssl.git / commitdiff