From: Pauli Date: Wed, 12 Feb 2020 05:03:51 +0000 (+1000) Subject: Deprecate the low level RSA functions. X-Git-Tag: openssl-3.0.0-alpha1~409 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=c5f8713443c8d606ff149b12c478cd6162f2a7ac Deprecate the low level RSA functions. Use of the low level RSA functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11063) --- diff --git a/CHANGES b/CHANGES index 15ff91798a..016743a83f 100644 --- a/CHANGES +++ b/CHANGES @@ -18,6 +18,45 @@ use the pkeyparam, pkey and genpkey programs. [Paul Dale] + *) All of the low level RSA functions have been deprecated including: + + RSA_new_method, RSA_bits, RSA_size, RSA_security_bits, + RSA_get0_pss_params, RSA_get_version, RSA_get0_engine, + RSA_generate_key_ex, RSA_generate_multi_prime_key, + RSA_X931_derive_ex, RSA_X931_generate_key_ex, RSA_check_key, + RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt, + RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method, + RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method, + RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify, + RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING, + RSA_blinding_on, RSA_blinding_off, RSA_setup_blinding, + RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, + RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, + PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, + RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, + RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, + RSA_padding_add_none, RSA_padding_check_none, RSA_padding_add_X931, + RSA_padding_check_X931, RSA_X931_hash_id, RSA_verify_PKCS1_PSS, + RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1, + RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data, + RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, + RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, + RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_get_pub_enc, + RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, + RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, + RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, + RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, + RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, + RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, + RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, + RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen. + + Use of these low level functions has been informally discouraged for a long + time. Instead applications should use L, + L, L and + L. + [Paul Dale] + *) X509 certificates signed using SHA1 are no longer allowed at security level 1 and above. In TLS/SSL the default security level is 1. It can be set either diff --git a/apps/build.info b/apps/build.info index ad3ef74ad4..1b931c8ac1 100644 --- a/apps/build.info +++ b/apps/build.info @@ -14,9 +14,9 @@ $OPENSSLSRC=\ openssl.c progs.c \ asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c \ ec.c ecparam.c enc.c engine.c errstr.c \ - genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \ - pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \ - rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ + genpkey.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \ + pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \ + s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c \ list.c info.c provider.c fipsinstall.c @@ -32,7 +32,7 @@ IF[{- !$disabled{apps} -}] ENDIF IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c + SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c rsa.c rsautl.c genrsa.c ENDIF SCRIPTS{misc}=CA.pl diff --git a/apps/genrsa.c b/apps/genrsa.c index 96fb23aaf5..c45fe19b12 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/progs.c b/apps/progs.c index c4fb1790e6..3492c93e25 100644 --- a/apps/progs.c +++ b/apps/progs.c @@ -49,8 +49,8 @@ FUNCTION functions[] = { {FT_general, "gendsa", gendsa_main, gendsa_options, "genpkey"}, #endif {FT_general, "genpkey", genpkey_main, genpkey_options, NULL}, -#ifndef OPENSSL_NO_RSA - {FT_general, "genrsa", genrsa_main, genrsa_options, NULL}, +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "genrsa", genrsa_main, genrsa_options, "genpkey"}, #endif {FT_general, "help", help_main, help_options, NULL}, {FT_general, "info", info_main, info_options, NULL}, @@ -75,9 +75,11 @@ FUNCTION functions[] = { {FT_general, "rand", rand_main, rand_options, NULL}, {FT_general, "rehash", rehash_main, rehash_options, NULL}, {FT_general, "req", req_main, req_options, NULL}, - {FT_general, "rsa", rsa_main, rsa_options, NULL}, -#ifndef OPENSSL_NO_RSA - {FT_general, "rsautl", rsautl_main, rsautl_options, NULL}, +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "rsa", rsa_main, rsa_options, "pkey"}, +#endif +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "rsautl", rsautl_main, rsautl_options, "pkeyutl"}, #endif #ifndef OPENSSL_NO_SOCK {FT_general, "s_client", s_client_main, s_client_options, NULL}, diff --git a/apps/progs.pl b/apps/progs.pl index b4ff4b7d55..1d8c305713 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -92,12 +92,13 @@ EOF my %cmd_disabler = ( ciphers => "sock", - genrsa => "rsa", - rsautl => "rsa", gendh => "dh", pkcs12 => "des", ); my %cmd_deprecated = ( + rsa => [ "3_0", "pkey", "rsa" ], + genrsa => [ "3_0", "genpkey", "rsa" ], + rsautl => [ "3_0", "pkeyutl", "rsa" ], dhparam => [ "3_0", "pkeyparam", "dh" ], dsaparam => [ "3_0", "pkeyparam", "dsa" ], dsa => [ "3_0", "pkey", "dsa" ], diff --git a/apps/rsa.c b/apps/rsa.c index 82b34e7ca3..7d03a862a0 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/rsautl.c b/apps/rsautl.c index 99f1c44007..7bb9096bcd 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/speed.c b/apps/speed.c index 0e94e7cae6..13285d6355 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -94,7 +94,7 @@ #ifndef OPENSSL_NO_CAST # include #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) # include # include "./testrsa.h" #endif @@ -416,7 +416,7 @@ static const OPT_PAIR dsa_choices[DSA_NUM] = { static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) enum { R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680, R_RSA_15360, RSA_NUM @@ -542,7 +542,7 @@ typedef struct loopargs_st { unsigned char *key; unsigned int siglen; size_t sigsize; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) RSA *rsa_key[RSA_NUM]; #endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1021,7 +1021,7 @@ static int EVP_CMAC_loop(void *args) } #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ static int RSA_sign_loop(void *args) @@ -1503,7 +1503,7 @@ int speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0) CAMELLIA_KEY camellia_ks[3]; #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static const struct { const unsigned char *data; unsigned int length; @@ -1707,8 +1707,10 @@ int speed_main(int argc, char **argv) goto end; break; case OPT_PRIMES: +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (!opt_int(opt_arg(), &primes)) goto end; +#endif break; case OPT_SECONDS: seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa @@ -1746,7 +1748,7 @@ int speed_main(int argc, char **argv) doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1; continue; } -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (strcmp(algo, "openssl") == 0) /* just for compatibility */ continue; if (strncmp(algo, "rsa", 3) == 0) { @@ -1909,7 +1911,7 @@ int speed_main(int argc, char **argv) if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC] && !doit[D_EVP_CMAC]) { memset(doit, 1, sizeof(doit)); doit[D_EVP] = doit[D_EVP_HMAC] = doit[D_EVP_CMAC] = 0; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) memset(rsa_doit, 1, sizeof(rsa_doit)); #endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1933,7 +1935,7 @@ int speed_main(int argc, char **argv) "You have chosen to measure elapsed time " "instead of user CPU time.\n"); -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (i = 0; i < loopargs_len; i++) { if (primes > RSA_DEFAULT_PRIME_NUM) { /* for multi-prime RSA, skip this */ @@ -2103,7 +2105,7 @@ int speed_main(int argc, char **argv) c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1; } -# ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) rsa_c[R_RSA_512][0] = count / 2000; rsa_c[R_RSA_512][1] = count / 400; for (i = 1; i < RSA_NUM; i++) { @@ -2859,7 +2861,7 @@ int speed_main(int argc, char **argv) if (RAND_bytes(loopargs[i].buf, 36) <= 0) goto end; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (testnum = 0; testnum < RSA_NUM; testnum++) { int st = 0; if (!rsa_doit[testnum]) @@ -3564,7 +3566,7 @@ int speed_main(int argc, char **argv) } printf("\n"); } -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) testnum = 1; for (k = 0; k < RSA_NUM; k++) { if (!rsa_doit[k]) @@ -3691,7 +3693,7 @@ int speed_main(int argc, char **argv) OPENSSL_free(loopargs[i].buf_malloc); OPENSSL_free(loopargs[i].buf2_malloc); -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (k = 0; k < RSA_NUM; k++) RSA_free(loopargs[i].rsa_key[k]); #endif @@ -3887,7 +3889,9 @@ static int do_multi(int multi, int size_num) sstrsep(&p, sep); for (j = 0; j < size_num; ++j) results[alg][j] += atof(sstrsep(&p, sep)); - } else if (strncmp(buf, "+F2:", 4) == 0) { + } +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + else if (strncmp(buf, "+F2:", 4) == 0) { int k; double d; @@ -3901,6 +3905,7 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); rsa_results[k][1] += d; } +#endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) else if (strncmp(buf, "+F3:", 4) == 0) { int k; diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index d1d8b0b59e..9a6f271000 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index 4c169857c2..349eabde4c 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index a94cb54b5e..71aa435bd7 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index e6b81253fa..8798bd52d6 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 6ba0010c77..e6b700bc0d 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include "crypto/rsa.h" diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index 6abee298c6..83cae46103 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include "internal/cryptlib.h" diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index ed63262645..8ba6e8c2ee 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -12,6 +12,12 @@ * "new" versions). */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #ifdef OPENSSL_NO_DEPRECATED_0_9_8 NON_EMPTY_TRANSLATION_UNIT diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index cb2abff6a1..5778bdada5 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -13,6 +13,12 @@ * Geoff */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include "internal/cryptlib.h" diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index d6c5da752b..c43c9fdd48 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c index a2a0426ee4..6bbe21814e 100644 --- a/crypto/rsa/rsa_meth.c +++ b/crypto/rsa/rsa_meth.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "rsa_local.h" #include diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c index 833ab94028..5298ca7328 100644 --- a/crypto/rsa/rsa_none.c +++ b/crypto/rsa/rsa_none.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/cryptlib.h" #include #include diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index d1150f09a8..23fb8f9f2b 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -20,6 +20,12 @@ * one-wayness. For the RSA function, this is an equivalent notion. */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/constant_time.h" #include diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 6332a5a411..4b54aa86fe 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/cryptlib.h" #include "crypto/bn.h" #include "rsa_local.h" diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index eedc558e3f..33391c4fcb 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/constant_time.h" #include diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 34cbba658e..174271874a 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/constant_time.h" #include diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c index 5e4c098a16..1e52e9e3e6 100644 --- a/crypto/rsa/rsa_prn.c +++ b/crypto/rsa/rsa_prn.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 15014ef4b1..054fca9fd1 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c index 7041535cc0..e7041ca2ae 100644 --- a/crypto/rsa/rsa_saos.c +++ b/crypto/rsa/rsa_saos.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 6479d12684..31b8ed11fa 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 99e541881d..48731dfb90 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c index 3caafb699f..7a1503752f 100644 --- a/crypto/rsa/rsa_x931.c +++ b/crypto/rsa/rsa_x931.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 1f6042a3d2..7b65133ec8 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/engines/build.info b/engines/build.info index fca41358e9..3bfe1dc057 100644 --- a/engines/build.info +++ b/engines/build.info @@ -78,6 +78,7 @@ IF[{- !$disabled{"engine"} -}] SOURCE[dasync]=dasync.ld GENERATE[dasync.ld]=../util/engines.num ENDIF + SOURCE[ossltest]=e_ossltest.c DEPEND[ossltest]=../libcrypto INCLUDE[ossltest]=../include diff --git a/engines/e_dasync.c b/engines/e_dasync.c index c5d58ded09..446680e535 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -15,6 +15,7 @@ */ #include "internal/deprecated.h" +#include #if defined(_WIN32) # include #endif @@ -101,22 +102,29 @@ static int dasync_digest_nids(const int **nids) } /* RSA */ - -static int dasync_pub_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int dasync_pub_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int dasync_rsa_priv_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int dasync_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); - -static int dasync_rsa_init(RSA *rsa); -static int dasync_rsa_finish(RSA *rsa); - -static RSA_METHOD *dasync_rsa_method = NULL; +static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth, + const int **pnids, int nid); + +static int dasync_rsa_init(EVP_PKEY_CTX *ctx); +static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx); +static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx); +static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx); +static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx); +static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, + size_t *outlen, const unsigned char *in, + size_t inlen); +static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx); +static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, + size_t *outlen, const unsigned char *in, + size_t inlen); +static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); +static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + +static EVP_PKEY_METHOD *dasync_rsa; +static const EVP_PKEY_METHOD *dasync_rsa_orig; /* AES */ @@ -197,26 +205,30 @@ static int dasync_cipher_nids[] = { static int bind_dasync(ENGINE *e) { - /* Setup RSA_METHOD */ - if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL - || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 - || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 - || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0 - || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0 - || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0 - || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0 - || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0 - || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) { - DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); + /* Setup RSA */ + ; + if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL + || (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0)) == NULL) return 0; - } + EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init); + EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup); + EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init, + dasync_rsa_paramgen); + EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init, + dasync_rsa_keygen); + EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init, + dasync_rsa_encrypt); + EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init, + dasync_rsa_decrypt); + EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl, + dasync_rsa_ctrl_str); /* Ensure the dasync error handling is set up */ ERR_load_DASYNC_strings(); if (!ENGINE_set_id(e, engine_dasync_id) || !ENGINE_set_name(e, engine_dasync_name) - || !ENGINE_set_RSA(e, dasync_rsa_method) + || !ENGINE_set_pkey_meths(e, dasync_pkey) || !ENGINE_set_digests(e, dasync_digests) || !ENGINE_set_ciphers(e, dasync_ciphers) || !ENGINE_set_destroy_function(e, dasync_destroy) @@ -295,6 +307,13 @@ static int bind_dasync(ENGINE *e) return 1; } +static void destroy_pkey(void) +{ + EVP_PKEY_meth_free(dasync_rsa); + dasync_rsa_orig = NULL; + dasync_rsa = NULL; +} + # ifndef OPENSSL_NO_DYNAMIC_ENGINE static int bind_helper(ENGINE *e, const char *id) { @@ -347,11 +366,30 @@ static int dasync_destroy(ENGINE *e) { destroy_digests(); destroy_ciphers(); - RSA_meth_free(dasync_rsa_method); + destroy_pkey(); ERR_unload_DASYNC_strings(); return 1; } +static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth, + const int **pnids, int nid) +{ + static const int rnid = EVP_PKEY_RSA; + + if (pmeth == NULL) { + *pnids = &rnid; + return 1; + } + + if (nid == EVP_PKEY_RSA) { + *pmeth = dasync_rsa; + return 1; + } + + *pmeth = NULL; + return 0; +} + static int dasync_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) { @@ -522,60 +560,6 @@ static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) return EVP_MD_meth_get_final(EVP_sha1())(ctx, md); } -/* - * RSA implementation - */ - -static int dasync_pub_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) { - /* Ignore errors - we carry on anyway */ - dummy_pause_job(); - return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL()) - (flen, from, to, rsa, padding); -} - -static int dasync_pub_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) { - /* Ignore errors - we carry on anyway */ - dummy_pause_job(); - return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL()) - (flen, from, to, rsa, padding); -} - -static int dasync_rsa_priv_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - /* Ignore errors - we carry on anyway */ - dummy_pause_job(); - return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL()) - (flen, from, to, rsa, padding); -} - -static int dasync_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - /* Ignore errors - we carry on anyway */ - dummy_pause_job(); - return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL()) - (flen, from, to, rsa, padding); -} - -static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -{ - /* Ignore errors - we carry on anyway */ - dummy_pause_job(); - return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx); -} - -static int dasync_rsa_init(RSA *rsa) -{ - return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa); -} -static int dasync_rsa_finish(RSA *rsa) -{ - return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa); -} - /* Cipher helper functions */ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, @@ -803,3 +787,125 @@ static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx) */ return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1()); } + + +/* + * RSA implementation + */ +static int dasync_rsa_init(EVP_PKEY_CTX *ctx) +{ + static int (*pinit)(EVP_PKEY_CTX *ctx); + + if (pinit == NULL) + EVP_PKEY_meth_get_init(dasync_rsa_orig, &pinit); + return pinit(ctx); +} + +static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx) +{ + static void (*pcleanup)(EVP_PKEY_CTX *ctx); + + if (pcleanup == NULL) + EVP_PKEY_meth_get_cleanup(dasync_rsa_orig, &pcleanup); + pcleanup(ctx); +} + +static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx) +{ + static int (*pparamgen_init)(EVP_PKEY_CTX *ctx); + + if (pparamgen_init == NULL) + EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, &pparamgen_init, NULL); + return pparamgen_init(ctx); +} + +static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + static int (*pparamgen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey); + + if (pparamgen == NULL) + EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, NULL, &pparamgen); + return pparamgen(ctx, pkey); +} + +static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx) +{ + static int (*pkeygen_init)(EVP_PKEY_CTX *ctx); + + if (pkeygen_init == NULL) + EVP_PKEY_meth_get_keygen(dasync_rsa_orig, &pkeygen_init, NULL); + return pkeygen_init(ctx); +} + +static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + static int (*pkeygen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey); + + if (pkeygen == NULL) + EVP_PKEY_meth_get_keygen(dasync_rsa_orig, NULL, &pkeygen); + return pkeygen(ctx, pkey); +} + +static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx) +{ + static int (*pencrypt_init)(EVP_PKEY_CTX *ctx); + + if (pencrypt_init == NULL) + EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, &pencrypt_init, NULL); + return pencrypt_init(ctx); +} + +static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, + size_t *outlen, const unsigned char *in, + size_t inlen) +{ + static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, + size_t *outlen, const unsigned char *in, + size_t inlen); + + if (pencryptfn == NULL) + EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn); + return pencryptfn(ctx, out, outlen, in, inlen); +} + +static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx) +{ + static int (*pdecrypt_init)(EVP_PKEY_CTX *ctx); + + if (pdecrypt_init == NULL) + EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, &pdecrypt_init, NULL); + return pdecrypt_init(ctx); +} + +static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, + size_t *outlen, const unsigned char *in, + size_t inlen) +{ + static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, + size_t *outlen, const unsigned char *in, + size_t inlen); + + if (pdecrypt == NULL) + EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt); + return pdecrypt(ctx, out, outlen, in, inlen); +} + +static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + static int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + + if (pctrl == NULL) + EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, &pctrl, NULL); + return pctrl(ctx, type, p1, p2); +} + +static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value) +{ + static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + + if (pctrl_str == NULL) + EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str); + return pctrl_str(ctx, type, value); +} diff --git a/fuzz/asn1.c b/fuzz/asn1.c index 846bb8fa3d..6ef6712e4d 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -338,7 +338,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey); DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams); #endif - DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print); + DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey); #ifndef OPENSSL_NO_EC DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print); DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print); diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index efc194c6d4..12ee01192e 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -33,46 +33,50 @@ extern "C" { # endif -/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ - # ifndef OPENSSL_RSA_MAX_MODULUS_BITS # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif -# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ -# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS -# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 -# endif -# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif /* exponent limit enforced for "large" modulus only */ -# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 -# endif +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif -# define RSA_3 0x3L -# define RSA_F4 0x10001L +# define RSA_3 0x3L +# define RSA_F4 0x10001L /* based on RFC 8017 appendix A.1.2 */ -# define RSA_ASN1_VERSION_DEFAULT 0 -# define RSA_ASN1_VERSION_MULTI 1 +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 -# define RSA_DEFAULT_PRIME_NUM 2 +# define RSA_DEFAULT_PRIME_NUM 2 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ /* Don't check pub/private match */ +/* TODO(3.0): deprecate this? It is exposed for sls/t1_lib.c's use */ # define RSA_METHOD_FLAG_NO_CHECK 0x0001 -# define RSA_FLAG_CACHE_PUBLIC 0x0002 -# define RSA_FLAG_CACHE_PRIVATE 0x0004 -# define RSA_FLAG_BLINDING 0x0008 -# define RSA_FLAG_THREAD_SAFE 0x0010 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 /* * This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: * for example a key stored in external hardware. Without this flag * bn_mod_exp gets called when private key components are absent. */ -# define RSA_FLAG_EXT_PKEY 0x0020 +# define RSA_FLAG_EXT_PKEY 0x0020 /* * new with 0.9.6j and 0.9.7b; the built-in @@ -80,14 +84,14 @@ extern "C" { * default (ignoring RSA_FLAG_BLINDING), * but other engines might not need it */ -# define RSA_FLAG_NO_BLINDING 0x0080 -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define RSA_FLAG_NO_BLINDING 0x0080 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ /* * Does nothing. Previously this switched off constant time behaviour. */ +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define RSA_FLAG_NO_CONSTTIME 0x0000 # endif -# ifndef OPENSSL_NO_DEPRECATED_0_9_8 /* deprecated name for the flag*/ /* * new with 0.9.7h; the built-in RSA @@ -97,6 +101,7 @@ extern "C" { * faster variable sliding window method to * be used for all exponents. */ +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 # define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME # endif @@ -142,7 +147,6 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen); - # define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) @@ -153,8 +157,7 @@ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen); -int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, - int llen); +int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen); int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ @@ -198,10 +201,10 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # define RSA_get_app_data(s) RSA_get_ex_data(s,0) RSA *RSA_new(void); -RSA *RSA_new_method(ENGINE *engine); -int RSA_bits(const RSA *rsa); -int RSA_size(const RSA *rsa); -int RSA_security_bits(const RSA *rsa); +DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine)) +DEPRECATEDIN_3_0(int RSA_bits(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa)) int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); @@ -226,12 +229,12 @@ const BIGNUM *RSA_get0_q(const RSA *d); const BIGNUM *RSA_get0_dmp1(const RSA *r); const BIGNUM *RSA_get0_dmq1(const RSA *r); const BIGNUM *RSA_get0_iqmp(const RSA *r); -const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +DEPRECATEDIN_3_0(const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)) void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); -int RSA_get_version(RSA *r); -ENGINE *RSA_get0_engine(const RSA *r); +DEPRECATEDIN_3_0(int RSA_get_version(RSA *r)) +DEPRECATEDIN_3_0(ENGINE *RSA_get0_engine(const RSA *r)) /* Deprecated version */ DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void @@ -239,43 +242,52 @@ DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void void *cb_arg)) /* New version */ -int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +DEPRECATEDIN_3_0(int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)) /* Multi-prime version */ -int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, - BIGNUM *e, BN_GENCB *cb); - -int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, - BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, - const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, - const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); -int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, - BN_GENCB *cb); - -int RSA_check_key(const RSA *); -int RSA_check_key_ex(const RSA *, BN_GENCB *cb); +DEPRECATEDIN_3_0(int RSA_generate_multi_prime_key(RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, + BIGNUM *q1, BIGNUM *q2, + const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, + const BIGNUM *Xq2, const BIGNUM *Xq, + const BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_X931_generate_key_ex(RSA *rsa, int bits, + const BIGNUM *e, BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int RSA_check_key(const RSA *)) +DEPRECATEDIN_3_0(int RSA_check_key_ex(const RSA *, BN_GENCB *cb)) /* next 4 return -1 on error */ -int RSA_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -int RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -int RSA_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -int RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); +DEPRECATEDIN_3_0(int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) void RSA_free(RSA *r); /* "up" the RSA object's reference count */ int RSA_up_ref(RSA *r); +/* TODO(3.0): deprecate this one ssl/ssl_rsa.c can be changed to avoid it */ int RSA_flags(const RSA *r); -void RSA_set_default_method(const RSA_METHOD *meth); -const RSA_METHOD *RSA_get_default_method(void); -const RSA_METHOD *RSA_null_method(void); -const RSA_METHOD *RSA_get_method(const RSA *rsa); -int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +DEPRECATEDIN_3_0(void RSA_set_default_method(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_null_method(void)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_method(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)) /* these are the actual RSA functions */ -const RSA_METHOD *RSA_PKCS1_OpenSSL(void); +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_PKCS1_OpenSSL(void)) int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); @@ -304,101 +316,129 @@ typedef struct rsa_oaep_params_st { DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) # ifndef OPENSSL_NO_STDIO -int RSA_print_fp(FILE *fp, const RSA *r, int offset); +DEPRECATEDIN_3_0(int RSA_print_fp(FILE *fp, const RSA *r, int offset)) # endif -int RSA_print(BIO *bp, const RSA *r, int offset); +DEPRECATEDIN_3_0(int RSA_print(BIO *bp, const RSA *r, int offset)) /* * The following 2 functions sign and verify a X509_SIG ASN1 object inside * PKCS#1 padded RSA encryption */ -int RSA_sign(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); -int RSA_verify(int type, const unsigned char *m, unsigned int m_length, - const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +DEPRECATEDIN_3_0(int RSA_sign(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_verify(int type, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, RSA *rsa)) /* * The following 2 function sign and verify a ASN1_OCTET_STRING object inside * PKCS#1 padded RSA encryption */ -int RSA_sign_ASN1_OCTET_STRING(int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - RSA *rsa); -int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigbuf, - unsigned int siglen, RSA *rsa); - +DEPRECATEDIN_3_0(int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, + unsigned int *siglen, RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_verify_ASN1_OCTET_STRING(int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigbuf, + unsigned int siglen, + RSA *rsa)) + +/* TODO(3.0): figure out how to deprecate these two */ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); void RSA_blinding_off(RSA *rsa); -BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); - -int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *f, int fl); -int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len); -int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *f, int fl); -int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *f, int fl, - int rsa_len); -int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, - long seedlen, const EVP_MD *dgst); -int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *f, int fl, - const unsigned char *p, int pl); -int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *f, int fl, int rsa_len, - const unsigned char *p, int pl); -int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen, - const EVP_MD *md, const EVP_MD *mgf1md); -int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - int num, const unsigned char *param, - int plen, const EVP_MD *md, - const EVP_MD *mgf1md); -int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl); -int RSA_padding_check_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl, int rsa_len); -int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, - int fl); -int RSA_padding_check_none(unsigned char *to, int tlen, - const unsigned char *f, int fl, int rsa_len); -int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, - int fl); -int RSA_padding_check_X931(unsigned char *to, int tlen, - const unsigned char *f, int fl, int rsa_len); -int RSA_X931_hash_id(int nid); - -int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, const unsigned char *EM, - int sLen); -int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, const EVP_MD *Hash, - int sLen); - -int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - const unsigned char *EM, int sLen); - -int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - int sLen); +DEPRECATEDIN_3_0(BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx)) + +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, + int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, + int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len)) +DEPRECATEDIN_3_0(int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, + const EVP_MD *dgst)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len, + const unsigned char *p, + int pl)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, + int tlen, + const unsigned char *from, + int flen, + const unsigned char *param, + int plen, + const EVP_MD *md, + const EVP_MD *mgf1md)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, + int tlen, + const unsigned char *from, + int flen, int num, + const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md)) +DEPRECATEDIN_3_0(int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_X931_hash_id(int nid)) + +DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, + const unsigned char *EM, int sLen)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, int sLen)) + +DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, + const unsigned char *mHash, + const EVP_MD *Hash, + const EVP_MD *mgf1Hash, + const unsigned char *EM, + int sLen)) + +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, + unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, + const EVP_MD *mgf1Hash, + int sLen)) # define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) -int RSA_set_ex_data(RSA *r, int idx, void *arg); -void *RSA_get_ex_data(const RSA *r, int idx); +DEPRECATEDIN_3_0(int RSA_set_ex_data(RSA *r, int idx, void *arg)) +DEPRECATEDIN_3_0(void *RSA_get_ex_data(const RSA *r, int idx)) DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPublicKey) DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey) +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * If this flag is set the RSA method is FIPS compliant and can be used in * FIPS mode. This is set in the validated module method. If an application @@ -406,7 +446,7 @@ DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey) * result is compliant. */ -# define RSA_FLAG_FIPS_METHOD 0x0400 +# define RSA_FLAG_FIPS_METHOD 0x0400 /* * If this flag is set the operations normally disabled in FIPS mode are @@ -414,99 +454,101 @@ DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey) * usage is compliant. */ -# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 /* * Application has decided PRNG is good enough to generate a key: don't * check. */ -# define RSA_FLAG_CHECKED 0x0800 - -RSA_METHOD *RSA_meth_new(const char *name, int flags); -void RSA_meth_free(RSA_METHOD *meth); -RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); -const char *RSA_meth_get0_name(const RSA_METHOD *meth); -int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -int RSA_meth_get_flags(const RSA_METHOD *meth); -int RSA_meth_set_flags(RSA_METHOD *meth, int flags); -void *RSA_meth_get0_app_data(const RSA_METHOD *meth); -int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); -int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) +# define RSA_FLAG_CHECKED 0x0800 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_new(const char *name, int flags)) +DEPRECATEDIN_3_0(void RSA_meth_free(RSA_METHOD *meth)) +DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(const char *RSA_meth_get0_name(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)) +DEPRECATEDIN_3_0(int RSA_meth_get_flags(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set_flags(RSA_METHOD *meth, int flags)) +DEPRECATEDIN_3_0(void *RSA_meth_get0_app_data(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)) +DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_pub_enc(RSA_METHOD *rsa, int (*pub_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding)); -int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_pub_dec(RSA_METHOD *rsa, int (*pub_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding)); -int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding)); -int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, - int padding)); -int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); -int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)) +DEPRECATEDIN_3_0(int RSA_meth_set_mod_exp(RSA_METHOD *rsa, int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, - BN_CTX *ctx)); -int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) + BN_CTX *ctx))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)) +DEPRECATEDIN_3_0(int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx)); -int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); -int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); -int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); -int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); -int (*RSA_meth_get_sign(const RSA_METHOD *meth)) + BN_MONT_CTX *m_ctx))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_finish(RSA_METHOD *rsa, + int (*finish) (RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_sign(const RSA_METHOD *meth)) (int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, - const RSA *rsa); -int RSA_meth_set_sign(RSA_METHOD *rsa, + const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_sign(RSA_METHOD *rsa, int (*sign) (int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, - const RSA *rsa)); -int (*RSA_meth_get_verify(const RSA_METHOD *meth)) + const RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_verify(const RSA_METHOD *meth)) (int dtype, const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa); -int RSA_meth_set_verify(RSA_METHOD *rsa, + unsigned int siglen, const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_verify(RSA_METHOD *rsa, int (*verify) (int dtype, const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa)); -int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -int RSA_meth_set_keygen(RSA_METHOD *rsa, + unsigned int siglen, const RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_meth_set_keygen(RSA_METHOD *rsa, int (*keygen) (RSA *rsa, int bits, BIGNUM *e, - BN_GENCB *cb)); -int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); -int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + BN_GENCB *cb))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, int (*keygen) (RSA *rsa, int bits, int primes, BIGNUM *e, - BN_GENCB *cb)); + BN_GENCB *cb))) # ifdef __cplusplus } diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 87349ed64b..5f071a56ca 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index f43520f857..8f3f25eb60 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c index 9aaefb56bc..ddc7074927 100644 --- a/providers/implementations/serializers/serializer_rsa.c +++ b/providers/implementations/serializers/serializer_rsa.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "crypto/rsa.h" /* rsa_get0_all_params() */ #include "prov/bio.h" /* ossl_prov_bio_printf() */ #include "prov/implementations.h" /* rsa_keymgmt_functions */ diff --git a/providers/implementations/serializers/serializer_rsa_priv.c b/providers/implementations/serializers/serializer_rsa_priv.c index c236739e0e..8ac9f30ad5 100644 --- a/providers/implementations/serializers/serializer_rsa_priv.c +++ b/providers/implementations/serializers/serializer_rsa_priv.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/providers/implementations/serializers/serializer_rsa_pub.c b/providers/implementations/serializers/serializer_rsa_pub.c index f7eccf7624..3ee0501ee1 100644 --- a/providers/implementations/serializers/serializer_rsa_pub.c +++ b/providers/implementations/serializers/serializer_rsa_pub.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index aedb521015..923cf5b5cd 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -919,16 +919,16 @@ int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd) * with a 128 byte (1024 bit) key. */ #define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2) -static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const RSA *rsa, +static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey, const SIGALG_LOOKUP *lu) { const EVP_MD *md; - if (rsa == NULL) + if (pkey == NULL) return 0; if (!tls1_lookup_md(ctx, lu, &md) || md == NULL) return 0; - if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md)) + if (EVP_PKEY_size(pkey) < RSA_PSS_MINIMUM_KEY_SIZE(md)) return 0; return 1; } @@ -2823,7 +2823,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) #endif } else if (lu->sig == EVP_PKEY_RSA_PSS) { /* validate that key is large enough for the signature algorithm */ - if (!rsa_pss_check_min_key_size(s->ctx, EVP_PKEY_get0(tmppkey), lu)) + if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu)) continue; } break; @@ -2909,9 +2909,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) /* validate that key is large enough for the signature algorithm */ EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey; - if (!rsa_pss_check_min_key_size(s->ctx, - EVP_PKEY_get0(pkey), - lu)) + if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu)) continue; } #ifndef OPENSSL_NO_EC diff --git a/test/build.info b/test/build.info index f964dec4ba..84229bdd2d 100644 --- a/test/build.info +++ b/test/build.info @@ -35,7 +35,7 @@ IF[{- !$disabled{tests} -}] ectest ecstresstest gmdifftest pbelutest \ destest mdc2test \ dhtest enginetest \ - ssltest_old exptest rsa_test \ + ssltest_old exptest \ evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \ v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ @@ -53,7 +53,7 @@ IF[{- !$disabled{tests} -}] recordlentest drbgtest sslbuffertest \ recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ - servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ + servername_test ocspapitest fatalerrtest tls13ccstest \ sysdefaulttest errtest ssl_ctx_test gosttest \ context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ keymgmt_internal_test @@ -125,14 +125,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[exptest]=../include ../apps/include DEPEND[exptest]=../libcrypto libtestutil.a - SOURCE[rsa_test]=rsa_test.c - INCLUDE[rsa_test]=../include ../apps/include - DEPEND[rsa_test]=../libcrypto libtestutil.a - - SOURCE[rsa_mp_test]=rsa_mp_test.c - INCLUDE[rsa_mp_test]=../include ../apps/include - DEPEND[rsa_mp_test]=../libcrypto.a libtestutil.a - SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c INCLUDE[fatalerrtest]=../include ../apps/include DEPEND[fatalerrtest]=../libcrypto ../libssl libtestutil.a @@ -495,12 +487,11 @@ IF[{- !$disabled{tests} -}] IF[1] PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \ tls13encryptiontest wpackettest ctype_internal_test \ - rdrand_sanitytest property_test ideatest \ - rsa_sp800_56b_test bn_internal_test ecdsatest \ + rdrand_sanitytest property_test ideatest rsa_mp_test \ + rsa_sp800_56b_test bn_internal_test ecdsatest rsa_test \ rc2test rc4test rc5test hmactest ffc_internal_test \ asn1_dsa_internal_test dsatest dsa_no_digest_size_test - IF[{- !$disabled{poly1305} -}] PROGRAMS{noinst}=poly1305_internal_test ENDIF @@ -540,6 +531,13 @@ IF[{- !$disabled{tests} -}] INCLUDE[x509_internal_test]=.. ../include ../apps/include DEPEND[x509_internal_test]=../libcrypto.a libtestutil.a + SOURCE[rsa_test]=rsa_test.c + INCLUDE[rsa_test]=../include ../apps/include + DEPEND[rsa_test]=../libcrypto.a libtestutil.a + + SOURCE[rsa_mp_test]=rsa_mp_test.c + INCLUDE[rsa_mp_test]=../include ../apps/include + DEPEND[rsa_mp_test]=../libcrypto.a libtestutil.a SOURCE[ecdsatest]=ecdsatest.c INCLUDE[ecdsatest]=../include ../apps/include diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index d7d146a1d9..0ec0e65f18 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -16,10 +16,18 @@ use OpenSSL::Test::Utils; setup("test_genrsa"); -plan tests => 5; +plan tests => 9; # We want to know that an absurdly small number of bits isn't support -is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); +if (disabled("deprecated-3.0")) { + is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', + '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8', + '-pkeyopt', 'rsa_keygen_pubexp:3'])), + 0, "genrsa -3 8"); +} else { + is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), + 0, "genrsa -3 8"); +} # Depending on the shared library, we might have different lower limits. # Let's find it! This is a simple binary search @@ -29,10 +37,21 @@ is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "ge note "Looking for lowest amount of bits"; my $bad = 3; # Log2 of number of bits (2 << 3 == 8) my $good = 11; # Log2 of number of bits (2 << 11 == 2048) +my $fin; while ($good > $bad + 1) { my $checked = int(($good + $bad + 1) / 2); - if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', - 2 ** $checked ], stderr => undef))) { + my $bits = 2 ** $checked; + if (disabled("deprecated-3.0")) { + $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', + '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:3', + '-pkeyopt', "rsa_keygen_bits:$bits", + ], stderr => undef)); + } else { + $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', + $bits + ], stderr => undef)); + } + if ($fin) { note 2 ** $checked, " bits is good"; $good = $checked; } else { @@ -44,11 +63,30 @@ $good++ if $good == $bad; $good = 2 ** $good; note "Found lowest allowed amount of bits to be $good"; -ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])), - "genrsa -3 $good"); -ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), - "rsa -check"); -ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), - "genrsa -f4 $good"); -ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), - "rsa -check"); +ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', + '-pkeyopt', 'rsa_keygen_pubexp:3', + '-pkeyopt', "rsa_keygen_bits:$good", + '-out', 'genrsatest.pem' ])), + "genpkey -3 $good"); +ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])), + "pkey -check"); +ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', + '-pkeyopt', 'rsa_keygen_pubexp:65537', + '-pkeyopt', "rsa_keygen_bits:$good", + '-out', 'genrsatest.pem' ])), + "genpkey -f4 $good"); +ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])), + "pkey -check"); + + SKIP: { + skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0"); + + ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])), + "genrsa -3 $good"); + ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), + "rsa -check"); + ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), + "genrsa -f4 $good"); + ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), + "rsa -check"); +} diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t index 4a4ac3569d..6ecf80c4e2 100644 --- a/test/recipes/15-test_mp_rsa.t +++ b/test/recipes/15-test_mp_rsa.t @@ -17,12 +17,6 @@ use OpenSSL::Test::Utils; setup("test_mp_rsa"); -plan tests => 31; - -ok(run(test(["rsa_mp_test"])), "running rsa multi prime test"); - -my $cleartext = data_file("plain_text"); - my @test_param = ( # 3 primes, 2048-bit { @@ -41,8 +35,14 @@ my @test_param = ( }, ); +plan tests => 1 + scalar(@test_param) * 5 * (disabled('deprecated-3.0') ? 1 : 2); + +ok(run(test(["rsa_mp_test"])), "running rsa multi prime test"); + +my $cleartext = data_file("plain_text"); + # genrsa -run_mp_tests(0); +run_mp_tests(0) if !disabled('deprecated-3.0'); # evp run_mp_tests(1); @@ -60,17 +60,9 @@ sub run_mp_tests { '-pkeyopt', "rsa_keygen_primes:$primes", '-pkeyopt', "rsa_keygen_bits:$bits"])), "genrsa $name"); - } else { - ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem", - '-primes', $primes, $bits])), - "genrsa $name"); - } - - ok(run(app([ 'openssl', 'rsa', '-check', '-in', "rsamptest-$name.pem", - '-noout'])), - "rsa -check $name"); - - if ($evp) { + ok(run(app([ 'openssl', 'pkey', '-check', + '-in', "rsamptest-$name.pem", '-noout'])), + "rsa -check $name"); ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem", '-encrypt', '-in', $cleartext, '-out', "rsamptest-$name.enc" ])), @@ -80,6 +72,11 @@ sub run_mp_tests { '-out', "rsamptest-$name.dec" ])), "rsa $name decrypt"); } else { + ok(run(app([ 'openssl', 'genrsa', '-out', "rsamptest-$name.pem", + '-primes', $primes, $bits])), "genrsa $name"); + ok(run(app([ 'openssl', 'rsa', '-check', + '-in', "rsamptest-$name.pem", '-noout'])), + "rsa -check $name"); ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem", '-encrypt', '-in', $cleartext, '-out', "rsamptest-$name.enc" ])), @@ -89,7 +86,6 @@ sub run_mp_tests { '-out', "rsamptest-$name.dec" ])), "rsa $name decrypt"); } - ok(check_msg("rsamptest-$name.dec"), "rsa $name check result"); } } diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t index 3b1a0fcd5d..2e8afa8213 100644 --- a/test/recipes/15-test_rsa.t +++ b/test/recipes/15-test_rsa.t @@ -16,32 +16,48 @@ use OpenSSL::Test::Utils; setup("test_rsa"); -plan tests => 6; +#plan skip_all => "RSA command line tool not built" +# if disabled("deprecated-3.0"); -require_ok(srctop_file('test','recipes','tconversion.pl')); +plan tests => 10; + +require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); ok(run(test(["rsa_test"])), "running rsatest"); -ok(run(app([ 'openssl', 'rsa', '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])), "rsa -check"); +run_rsa_tests("pkey"); SKIP: { - skip "Skipping rsa conversion test", 3 - if disabled("rsa"); - - subtest 'rsa conversions -- private key' => sub { - tconversion("rsa", srctop_file("test","testrsa.pem")); - }; - subtest 'rsa conversions -- private key PKCS#8' => sub { - tconversion("rsa", srctop_file("test","testrsa.pem"), "pkey"); - }; -} + skip "Skipping rsa command line tests", 4 if disabled('deprecated-3.0'); - SKIP: { - skip "Skipping msblob conversion test", 1 - if disabled("rsa") || disabled("dsa"); + run_rsa_tests("rsa"); +} - subtest 'rsa conversions -- public key' => sub { - tconversion("msb", srctop_file("test","testrsapub.pem"), "rsa", - "-pubin", "-pubout"); - }; +sub run_rsa_tests { + my $cmd = shift; + + ok(run(app([ 'openssl', $cmd, '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])), + "$cmd -check" ); + + SKIP: { + skip "Skipping $cmd conversion test", 3 + if disabled("rsa"); + + subtest "$cmd conversions -- private key" => sub { + tconversion($cmd, srctop_file("test", "testrsa.pem")); + }; + subtest "$cmd conversions -- private key PKCS#8" => sub { + tconversion($cmd, srctop_file("test", "testrsa.pem"), "pkey"); + }; + } + + SKIP: { + skip "Skipping msblob conversion test", 1 + if disabled($cmd) || disabled("dsa") || $cmd == 'pkey'; + + subtest "$cmd conversions -- public key" => sub { + tconversion("msb", srctop_file("test", "testrsapub.pem"), "rsa", + "-pubin", "-pubout"); + }; + } } diff --git a/test/rsa_mp_test.c b/test/rsa_mp_test.c index baa9dd2272..53e2966997 100644 --- a/test/rsa_mp_test.c +++ b/test/rsa_mp_test.c @@ -10,6 +10,12 @@ /* This aims to test the setting functions, including internal ones */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include diff --git a/test/rsa_test.c b/test/rsa_test.c index 084f533ac1..1fbfe821cb 100644 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -9,6 +9,12 @@ /* test vectors from p1ovect1.txt */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include diff --git a/util/libcrypto.num b/util/libcrypto.num index 50f1f1f745..cf98794b5a 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -205,7 +205,7 @@ d2i_CRL_DIST_POINTS 208 3_0_0 EXIST::FUNCTION: X509_CRL_INFO_free 209 3_0_0 EXIST::FUNCTION: ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION: ERR_load_strings 211 3_0_0 EXIST::FUNCTION: -RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:RSA +RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC PEM_write_PKCS8_PRIV_KEY_INFO 214 3_0_0 EXIST::FUNCTION:STDIO X509at_get0_data_by_OBJ 215 3_0_0 EXIST::FUNCTION: @@ -241,7 +241,7 @@ MDC2 245 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 BN_clear_free 246 3_0_0 EXIST::FUNCTION: ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:ENGINE DSO_merge 248 3_0_0 EXIST::FUNCTION: -RSA_get_ex_data 249 3_0_0 EXIST::FUNCTION:RSA +RSA_get_ex_data 249 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_PKEY_meth_get_decrypt 250 3_0_0 EXIST::FUNCTION: DES_cfb_encrypt 251 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES CMS_SignerInfo_set1_signer_cert 252 3_0_0 EXIST::FUNCTION:CMS @@ -275,7 +275,7 @@ d2i_PKCS7_ENC_CONTENT 280 3_0_0 EXIST::FUNCTION: BUF_MEM_grow 281 3_0_0 EXIST::FUNCTION: TS_REQ_free 282 3_0_0 EXIST::FUNCTION:TS PEM_read_DHparams 283 3_0_0 EXIST::FUNCTION:DH,STDIO -RSA_private_decrypt 284 3_0_0 EXIST::FUNCTION:RSA +RSA_private_decrypt 284 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509V3_EXT_get_nid 285 3_0_0 EXIST::FUNCTION: BIO_s_log 286 3_0_0 EXIST::FUNCTION: EC_POINT_set_to_infinity 287 3_0_0 EXIST::FUNCTION:EC @@ -345,7 +345,7 @@ RC4 350 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 PKCS7_stream 352 3_0_0 EXIST::FUNCTION: i2t_ASN1_OBJECT 353 3_0_0 EXIST::FUNCTION: EC_GROUP_get0_generator 354 3_0_0 EXIST::FUNCTION:EC -RSA_padding_add_PKCS1_PSS_mgf1 355 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_PKCS1_PSS_mgf1 355 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_MD_meth_set_init 356 3_0_0 EXIST::FUNCTION: X509_get_issuer_name 357 3_0_0 EXIST::FUNCTION: EVP_SignFinal 358 3_0_0 EXIST::FUNCTION: @@ -367,7 +367,7 @@ BIO_new_mem_buf 373 3_0_0 EXIST::FUNCTION: UI_get_input_flags 374 3_0_0 EXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 375 3_0_0 EXIST::FUNCTION: X509v3_asid_subset 376 3_0_0 EXIST::FUNCTION:RFC3779 -RSA_check_key_ex 377 3_0_0 EXIST::FUNCTION:RSA +RSA_check_key_ex 377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA d2i_TS_MSG_IMPRINT_bio 378 3_0_0 EXIST::FUNCTION:TS i2d_ASN1_TYPE 379 3_0_0 EXIST::FUNCTION: EVP_aes_256_wrap_pad 380 3_0_0 EXIST::FUNCTION: @@ -440,7 +440,7 @@ X509_get_default_private_dir 447 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_set0_dane 448 3_0_0 EXIST::FUNCTION: EVP_des_ecb 449 3_0_0 EXIST::FUNCTION:DES OCSP_resp_get0 450 3_0_0 EXIST::FUNCTION:OCSP -RSA_X931_generate_key_ex 452 3_0_0 EXIST::FUNCTION:RSA +RSA_X931_generate_key_ex 452 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_get_serialNumber 453 3_0_0 EXIST::FUNCTION: BIO_sock_should_retry 454 3_0_0 EXIST::FUNCTION:SOCK ENGINE_get_digests 455 3_0_0 EXIST::FUNCTION:ENGINE @@ -533,7 +533,7 @@ CONF_get_number 544 3_0_0 EXIST::FUNCTION: X509_EXTENSION_get_object 545 3_0_0 EXIST::FUNCTION: X509_EXTENSIONS_it 546 3_0_0 EXIST::FUNCTION: EC_POINT_set_compressed_coordinates_GF2m 547 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M -RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:RSA +RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA d2i_X509_CRL_fp 549 3_0_0 EXIST::FUNCTION:STDIO i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:RSA EVP_aes_128_ccm 551 3_0_0 EXIST::FUNCTION: @@ -553,7 +553,7 @@ X509_EXTENSION_free 564 3_0_0 EXIST::FUNCTION: EVP_DigestSignInit 565 3_0_0 EXIST::FUNCTION: CT_POLICY_EVAL_CTX_get0_issuer 566 3_0_0 EXIST::FUNCTION:CT TLS_FEATURE_new 567 3_0_0 EXIST::FUNCTION: -RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:RSA +RSA_get_default_method 568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CRYPTO_cts128_encrypt_block 569 3_0_0 EXIST::FUNCTION: ASN1_digest 570 3_0_0 EXIST::FUNCTION: ERR_load_X509V3_strings 571 3_0_0 EXIST::FUNCTION: @@ -726,7 +726,7 @@ BN_set_params 744 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0 BN_add 745 3_0_0 EXIST::FUNCTION: OPENSSL_sk_free 746 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_ext_d2i 747 3_0_0 EXIST::FUNCTION:TS -RSA_check_key 748 3_0_0 EXIST::FUNCTION:RSA +RSA_check_key 748 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA TS_MSG_IMPRINT_set_algo 749 3_0_0 EXIST::FUNCTION:TS BN_nist_mod_521 750 3_0_0 EXIST::FUNCTION: CRYPTO_THREAD_get_local 751 3_0_0 EXIST::FUNCTION: @@ -838,18 +838,18 @@ X509_STORE_free 858 3_0_0 EXIST::FUNCTION: ECDSA_sign_ex 859 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC TXT_DB_insert 860 3_0_0 EXIST::FUNCTION: EC_POINTs_make_affine 861 3_0_0 EXIST::FUNCTION:EC -RSA_padding_add_PKCS1_PSS 862 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_PKCS1_PSS 862 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA BF_options 863 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0 OCSP_BASICRESP_it 864 3_0_0 EXIST::FUNCTION:OCSP X509_VERIFY_PARAM_get0_name 865 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_signer_digest 866 3_0_0 EXIST::FUNCTION:TS X509_VERIFY_PARAM_set1_email 867 3_0_0 EXIST::FUNCTION: BIO_sock_error 868 3_0_0 EXIST::FUNCTION:SOCK -RSA_set_default_method 869 3_0_0 EXIST::FUNCTION:RSA +RSA_set_default_method 869 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA BN_GF2m_mod_sqrt_arr 870 3_0_0 EXIST::FUNCTION:EC2M X509_get0_extensions 871 3_0_0 EXIST::FUNCTION: TS_STATUS_INFO_set_status 872 3_0_0 EXIST::FUNCTION:TS -RSA_verify 873 3_0_0 EXIST::FUNCTION:RSA +RSA_verify 873 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ASN1_FBOOLEAN_it 874 3_0_0 EXIST::FUNCTION: d2i_ASN1_TIME 875 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_signctx 876 3_0_0 EXIST::FUNCTION: @@ -899,7 +899,7 @@ CONF_set_default_method 920 3_0_0 EXIST::FUNCTION: ASN1_PCTX_get_nm_flags 921 3_0_0 EXIST::FUNCTION: X509_add1_ext_i2d 922 3_0_0 EXIST::FUNCTION: i2d_PKCS7_RECIP_INFO 924 3_0_0 EXIST::FUNCTION: -PKCS1_MGF1 925 3_0_0 EXIST::FUNCTION:RSA +PKCS1_MGF1 925 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA BIO_vsnprintf 926 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get0_current_issuer 927 3_0_0 EXIST::FUNCTION: CRYPTO_secure_malloc_initialized 928 3_0_0 EXIST::FUNCTION: @@ -936,7 +936,7 @@ PKEY_USAGE_PERIOD_new 959 3_0_0 EXIST::FUNCTION: OBJ_NAME_init 960 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_keygen 961 3_0_0 EXIST::FUNCTION: RSA_PSS_PARAMS_new 962 3_0_0 EXIST::FUNCTION:RSA -RSA_sign 963 3_0_0 EXIST::FUNCTION:RSA +RSA_sign 963 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_DigestVerifyFinal 964 3_0_0 EXIST::FUNCTION: d2i_RSA_PUBKEY_bio 965 3_0_0 EXIST::FUNCTION:RSA TS_RESP_dup 966 3_0_0 EXIST::FUNCTION:TS @@ -1078,7 +1078,7 @@ PEM_read_bio_EC_PUBKEY 1104 3_0_0 EXIST::FUNCTION:EC BN_MONT_CTX_set 1105 3_0_0 EXIST::FUNCTION: TS_CONF_set_serial 1106 3_0_0 EXIST::FUNCTION:TS X509_NAME_ENTRY_new 1107 3_0_0 EXIST::FUNCTION: -RSA_security_bits 1108 3_0_0 EXIST::FUNCTION:RSA +RSA_security_bits 1108 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509v3_addr_add_prefix 1109 3_0_0 EXIST::FUNCTION:RFC3779 X509_REQ_print_fp 1110 3_0_0 EXIST::FUNCTION:STDIO ASN1_item_ex_new 1111 3_0_0 EXIST::FUNCTION: @@ -1089,7 +1089,7 @@ ASN1_TYPE_get 1115 3_0_0 EXIST::FUNCTION: i2d_X509_EXTENSIONS 1116 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get0_store 1117 3_0_0 EXIST::FUNCTION: PKCS12_pack_p7data 1118 3_0_0 EXIST::FUNCTION: -RSA_print_fp 1119 3_0_0 EXIST::FUNCTION:RSA,STDIO +RSA_print_fp 1119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA,STDIO OPENSSL_INIT_set_config_appname 1120 3_0_0 EXIST::FUNCTION:STDIO EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:EC,STDIO BIO_dup_chain 1122 3_0_0 EXIST::FUNCTION: @@ -1192,7 +1192,7 @@ OCSP_CERTSTATUS_it 1218 3_0_0 EXIST::FUNCTION:OCSP BIO_f_reliable 1219 3_0_0 EXIST::FUNCTION: OCSP_resp_count 1220 3_0_0 EXIST::FUNCTION:OCSP i2d_X509_AUX 1221 3_0_0 EXIST::FUNCTION: -RSA_verify_PKCS1_PSS_mgf1 1222 3_0_0 EXIST::FUNCTION:RSA +RSA_verify_PKCS1_PSS_mgf1 1222 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_time_adj 1223 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_find_str 1224 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get_flags 1225 3_0_0 EXIST::FUNCTION: @@ -1209,7 +1209,7 @@ X509_NAME_hash_old 1235 3_0_0 EXIST::FUNCTION: PBKDF2PARAM_free 1236 3_0_0 EXIST::FUNCTION: i2d_CMS_ContentInfo 1237 3_0_0 EXIST::FUNCTION:CMS EVP_CIPHER_meth_set_ctrl 1238 3_0_0 EXIST::FUNCTION: -RSA_public_decrypt 1239 3_0_0 EXIST::FUNCTION:RSA +RSA_public_decrypt 1239 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ENGINE_get_id 1240 3_0_0 EXIST::FUNCTION:ENGINE PKCS12_item_decrypt_d2i 1241 3_0_0 EXIST::FUNCTION: PEM_read_bio_DSAparams 1242 3_0_0 EXIST::FUNCTION:DSA @@ -1299,7 +1299,7 @@ EVP_CIPHER_do_all 1327 3_0_0 EXIST::FUNCTION: POLICY_MAPPINGS_it 1328 3_0_0 EXIST::FUNCTION: SCT_set0_log_id 1329 3_0_0 EXIST::FUNCTION:CT CRYPTO_cfb128_encrypt 1330 3_0_0 EXIST::FUNCTION: -RSA_padding_add_PKCS1_type_2 1331 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_PKCS1_type_2 1331 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA TS_CONF_set_signer_cert 1332 3_0_0 EXIST::FUNCTION:TS i2d_ASN1_OBJECT 1333 3_0_0 EXIST::FUNCTION: d2i_PKCS8_PRIV_KEY_INFO_bio 1334 3_0_0 EXIST::FUNCTION: @@ -1392,7 +1392,7 @@ EVP_PBE_get 1424 3_0_0 EXIST::FUNCTION: CRYPTO_nistcts128_encrypt 1425 3_0_0 EXIST::FUNCTION: CONF_modules_finish 1426 3_0_0 EXIST::FUNCTION: BN_value_one 1427 3_0_0 EXIST::FUNCTION: -RSA_padding_add_SSLv23 1428 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_SSLv23 1428 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA OCSP_RESPBYTES_it 1429 3_0_0 EXIST::FUNCTION:OCSP EVP_aes_192_wrap 1430 3_0_0 EXIST::FUNCTION: OCSP_CERTID_it 1431 3_0_0 EXIST::FUNCTION:OCSP @@ -1559,7 +1559,7 @@ CTLOG_get0_name 1593 3_0_0 EXIST::FUNCTION:CT ASN1_TBOOLEAN_it 1594 3_0_0 EXIST::FUNCTION: RC2_set_key 1595 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 X509_REVOKED_get_ext_by_NID 1596 3_0_0 EXIST::FUNCTION: -RSA_padding_add_none 1597 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_none 1597 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_rc5_32_12_16_cbc 1599 3_0_0 EXIST::FUNCTION:RC5 PEM_dek_info 1600 3_0_0 EXIST::FUNCTION: ASN1_SCTX_get_template 1601 3_0_0 EXIST::FUNCTION: @@ -1613,7 +1613,7 @@ i2d_EDIPARTYNAME 1649 3_0_0 EXIST::FUNCTION: X509_policy_tree_get0_policies 1650 3_0_0 EXIST::FUNCTION: X509at_add1_attr 1651 3_0_0 EXIST::FUNCTION: X509_get_ex_data 1653 3_0_0 EXIST::FUNCTION: -RSA_set_method 1654 3_0_0 EXIST::FUNCTION:RSA +RSA_set_method 1654 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_REVOKED_dup 1655 3_0_0 EXIST::FUNCTION: ASN1_TIME_new 1656 3_0_0 EXIST::FUNCTION: PEM_write_NETSCAPE_CERT_SEQUENCE 1657 3_0_0 EXIST::FUNCTION:STDIO @@ -1664,7 +1664,7 @@ ESS_SIGNING_CERT_dup 1701 3_0_0 EXIST::FUNCTION: ENGINE_set_default_DSA 1702 3_0_0 EXIST::FUNCTION:ENGINE X509_REVOKED_new 1703 3_0_0 EXIST::FUNCTION: NCONF_WIN32 1704 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -RSA_padding_check_PKCS1_OAEP_mgf1 1705 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_check_PKCS1_OAEP_mgf1 1705 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_policy_tree_get0_level 1706 3_0_0 EXIST::FUNCTION: ASN1_parse_dump 1708 3_0_0 EXIST::FUNCTION: BIO_vfree 1709 3_0_0 EXIST::FUNCTION: @@ -1831,7 +1831,7 @@ OCSP_single_get0_status 1873 3_0_0 EXIST::FUNCTION:OCSP d2i_AUTHORITY_INFO_ACCESS 1874 3_0_0 EXIST::FUNCTION: PEM_read_RSAPrivateKey 1875 3_0_0 EXIST::FUNCTION:RSA,STDIO BIO_closesocket 1876 3_0_0 EXIST::FUNCTION:SOCK -RSA_verify_ASN1_OCTET_STRING 1877 3_0_0 EXIST::FUNCTION:RSA +RSA_verify_ASN1_OCTET_STRING 1877 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA SCT_set_log_entry_type 1878 3_0_0 EXIST::FUNCTION:CT BN_new 1879 3_0_0 EXIST::FUNCTION: X509_OBJECT_retrieve_by_subject 1880 3_0_0 EXIST::FUNCTION: @@ -2070,7 +2070,7 @@ i2d_ASIdentifiers 2115 3_0_0 EXIST::FUNCTION:RFC3779 X509V3_EXT_cleanup 2116 3_0_0 EXIST::FUNCTION: CAST_ecb_encrypt 2117 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0 BIO_s_file 2118 3_0_0 EXIST::FUNCTION: -RSA_X931_derive_ex 2119 3_0_0 EXIST::FUNCTION:RSA +RSA_X931_derive_ex 2119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_PKEY_decrypt_init 2120 3_0_0 EXIST::FUNCTION: ENGINE_get_destroy_function 2121 3_0_0 EXIST::FUNCTION:ENGINE SHA224_Init 2122 3_0_0 EXIST::FUNCTION: @@ -2252,7 +2252,7 @@ ESS_ISSUER_SERIAL_free 2299 3_0_0 EXIST::FUNCTION: BN_mod_exp_mont_word 2300 3_0_0 EXIST::FUNCTION: X509V3_EXT_nconf_nid 2301 3_0_0 EXIST::FUNCTION: UTF8_putc 2302 3_0_0 EXIST::FUNCTION: -RSA_private_encrypt 2303 3_0_0 EXIST::FUNCTION:RSA +RSA_private_encrypt 2303 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_LOOKUP_shutdown 2304 3_0_0 EXIST::FUNCTION: TS_TST_INFO_set_accuracy 2305 3_0_0 EXIST::FUNCTION:TS OCSP_basic_verify 2306 3_0_0 EXIST::FUNCTION:OCSP @@ -2348,7 +2348,7 @@ X509_LOOKUP_by_alias 2396 3_0_0 EXIST::FUNCTION: EC_KEY_set_conv_form 2397 3_0_0 EXIST::FUNCTION:EC X509_TRUST_get_count 2399 3_0_0 EXIST::FUNCTION: IPAddressOrRange_free 2400 3_0_0 EXIST::FUNCTION:RFC3779 -RSA_padding_add_PKCS1_OAEP 2401 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_PKCS1_OAEP 2401 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:EC SRP_VBASE_new 2403 3_0_0 EXIST::FUNCTION:SRP i2d_ECDSA_SIG 2404 3_0_0 EXIST::FUNCTION:EC @@ -2375,7 +2375,7 @@ ASN1_GENERALIZEDTIME_it 2425 3_0_0 EXIST::FUNCTION: PKCS8_pkey_get0 2426 3_0_0 EXIST::FUNCTION: OCSP_sendreq_new 2427 3_0_0 EXIST::FUNCTION:OCSP EVP_aes_256_cfb128 2428 3_0_0 EXIST::FUNCTION: -RSA_set_ex_data 2429 3_0_0 EXIST::FUNCTION:RSA +RSA_set_ex_data 2429 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA BN_GENCB_call 2430 3_0_0 EXIST::FUNCTION: X509V3_EXT_add_nconf_sk 2431 3_0_0 EXIST::FUNCTION: i2d_TS_MSG_IMPRINT_fp 2432 3_0_0 EXIST::FUNCTION:STDIO,TS @@ -2521,7 +2521,7 @@ EVP_CIPHER_meth_get_cleanup 2574 3_0_0 EXIST::FUNCTION: ASN1_item_ex_d2i 2575 3_0_0 EXIST::FUNCTION: EVP_MD_meth_free 2576 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_new 2577 3_0_0 EXIST::FUNCTION: -RSA_padding_check_PKCS1_OAEP 2578 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_check_PKCS1_OAEP 2578 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA OCSP_SERVICELOC_it 2579 3_0_0 EXIST::FUNCTION:OCSP PKCS12_SAFEBAG_get_nid 2580 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_set_update_fn 2581 3_0_0 EXIST::FUNCTION: @@ -2586,7 +2586,7 @@ d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION: ERR_load_COMP_strings 2641 3_0_0 EXIST::FUNCTION:COMP EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION: EVP_rc4_40 2643 3_0_0 EXIST::FUNCTION:RC4 -RSA_bits 2645 3_0_0 EXIST::FUNCTION:RSA +RSA_bits 2645 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION: GENERAL_NAMES_it 2647 3_0_0 EXIST::FUNCTION: X509_issuer_name_hash 2648 3_0_0 EXIST::FUNCTION: @@ -2610,7 +2610,7 @@ X509_load_cert_file 2665 3_0_0 EXIST::FUNCTION: EC_GFp_nistp521_method 2667 3_0_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128 ECDSA_SIG_free 2668 3_0_0 EXIST::FUNCTION:EC d2i_PKCS12_BAGS 2669 3_0_0 EXIST::FUNCTION: -RSA_public_encrypt 2670 3_0_0 EXIST::FUNCTION:RSA +RSA_public_encrypt 2670 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_CRL_get0_extensions 2671 3_0_0 EXIST::FUNCTION: CMS_digest_verify 2672 3_0_0 EXIST::FUNCTION:CMS ASN1_GENERALIZEDTIME_set 2673 3_0_0 EXIST::FUNCTION: @@ -2839,7 +2839,7 @@ ENGINE_get_last 2900 3_0_0 EXIST::FUNCTION:ENGINE EVP_PKEY_encrypt_init 2901 3_0_0 EXIST::FUNCTION: i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO X509_REQ_print 2903 3_0_0 EXIST::FUNCTION: -RSA_size 2904 3_0_0 EXIST::FUNCTION:RSA +RSA_size 2904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION: DH_set_default_method 2906 3_0_0 EXIST::FUNCTION:DH X509_ALGOR_new 2907 3_0_0 EXIST::FUNCTION: @@ -2933,7 +2933,7 @@ SHA384 2995 3_0_0 EXIST::FUNCTION: NCONF_get_string 2996 3_0_0 EXIST::FUNCTION: d2i_PROXY_CERT_INFO_EXTENSION 2997 3_0_0 EXIST::FUNCTION: EC_POINT_point2buf 2998 3_0_0 EXIST::FUNCTION:EC -RSA_padding_add_PKCS1_OAEP_mgf1 2999 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_PKCS1_OAEP_mgf1 2999 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA COMP_CTX_get_type 3000 3_0_0 EXIST::FUNCTION:COMP TS_RESP_CTX_set_status_info 3001 3_0_0 EXIST::FUNCTION:TS BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION: @@ -3014,7 +3014,7 @@ ENGINE_load_private_key 3078 3_0_0 EXIST::FUNCTION:ENGINE GENERAL_NAMES_new 3079 3_0_0 EXIST::FUNCTION: i2d_POLICYQUALINFO 3080 3_0_0 EXIST::FUNCTION: EC_GF2m_simple_method 3081 3_0_0 EXIST::FUNCTION:EC,EC2M -RSA_get_method 3082 3_0_0 EXIST::FUNCTION:RSA +RSA_get_method 3082 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA d2i_ASRange 3083 3_0_0 EXIST::FUNCTION:RFC3779 CMS_ContentInfo_new 3084 3_0_0 EXIST::FUNCTION:CMS OPENSSL_init_crypto 3085 3_0_0 EXIST::FUNCTION: @@ -3053,7 +3053,7 @@ i2d_RSA_PSS_PARAMS 3117 3_0_0 EXIST::FUNCTION:RSA EVP_aes_128_wrap_pad 3118 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_set 3119 3_0_0 EXIST::FUNCTION: PKCS5_PBKDF2_HMAC_SHA1 3120 3_0_0 EXIST::FUNCTION: -RSA_padding_check_PKCS1_type_2 3121 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_check_PKCS1_type_2 3121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA EVP_des_ede3_ecb 3122 3_0_0 EXIST::FUNCTION:DES CBIGNUM_it 3123 3_0_0 EXIST::FUNCTION: BIO_new_NDEF 3124 3_0_0 EXIST::FUNCTION: @@ -3124,7 +3124,7 @@ BN_mod_add 3189 3_0_0 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GFp 3190 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_get_default_cert_file 3191 3_0_0 EXIST::FUNCTION: UI_method_set_flusher 3192 3_0_0 EXIST::FUNCTION: -RSA_new_method 3193 3_0_0 EXIST::FUNCTION:RSA +RSA_new_method 3193 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA OCSP_request_verify 3194 3_0_0 EXIST::FUNCTION:OCSP CRYPTO_THREAD_run_once 3195 3_0_0 EXIST::FUNCTION: TS_REQ_print_bio 3196 3_0_0 EXIST::FUNCTION:TS @@ -3211,7 +3211,7 @@ POLICY_CONSTRAINTS_free 3277 3_0_0 EXIST::FUNCTION: EVP_aes_256_cfb8 3278 3_0_0 EXIST::FUNCTION: d2i_DSA_PUBKEY_bio 3279 3_0_0 EXIST::FUNCTION:DSA X509_NAME_get_text_by_OBJ 3280 3_0_0 EXIST::FUNCTION: -RSA_padding_check_none 3281 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_check_none 3281 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CRYPTO_set_mem_debug 3282 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 TS_VERIFY_CTX_init 3283 3_0_0 EXIST::FUNCTION:TS OCSP_cert_id_new 3284 3_0_0 EXIST::FUNCTION:OCSP @@ -3265,7 +3265,7 @@ X509_PKEY_free 3332 3_0_0 EXIST::FUNCTION: OCSP_CRLID_new 3333 3_0_0 EXIST::FUNCTION:OCSP CONF_dump_bio 3334 3_0_0 EXIST::FUNCTION: d2i_PKCS8PrivateKey_fp 3335 3_0_0 EXIST::FUNCTION:STDIO -RSA_setup_blinding 3336 3_0_0 EXIST::FUNCTION:RSA +RSA_setup_blinding 3336 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ERR_peek_error_line 3337 3_0_0 EXIST::FUNCTION: d2i_PKCS7 3338 3_0_0 EXIST::FUNCTION: ERR_reason_error_string 3339 3_0_0 EXIST::FUNCTION: @@ -3286,7 +3286,7 @@ OPENSSL_sk_is_sorted 3353 3_0_0 EXIST::FUNCTION: OCSP_SIGNATURE_new 3354 3_0_0 EXIST::FUNCTION:OCSP EVP_PKEY_meth_get_paramgen 3355 3_0_0 EXIST::FUNCTION: X509_ATTRIBUTE_create_by_OBJ 3356 3_0_0 EXIST::FUNCTION: -RSA_generate_key_ex 3357 3_0_0 EXIST::FUNCTION:RSA +RSA_generate_key_ex 3357 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CMS_SignerInfo_get0_algs 3358 3_0_0 EXIST::FUNCTION:CMS DIST_POINT_free 3359 3_0_0 EXIST::FUNCTION: ESS_SIGNING_CERT_free 3360 3_0_0 EXIST::FUNCTION: @@ -3302,7 +3302,7 @@ PKCS7_ENVELOPE_new 3369 3_0_0 EXIST::FUNCTION: EDIPARTYNAME_new 3370 3_0_0 EXIST::FUNCTION: CMS_add1_cert 3371 3_0_0 EXIST::FUNCTION:CMS DSO_convert_filename 3372 3_0_0 EXIST::FUNCTION: -RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA CRYPTO_gcm128_finish 3374 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST::FUNCTION: PKCS12_PBE_add 3376 3_0_0 EXIST::FUNCTION: @@ -3340,14 +3340,14 @@ CRYPTO_new_ex_data 3409 3_0_0 EXIST::FUNCTION: PEM_read_PKCS8_PRIV_KEY_INFO 3410 3_0_0 EXIST::FUNCTION:STDIO TS_VERIFY_CTX_new 3411 3_0_0 EXIST::FUNCTION:TS BUF_MEM_new_ex 3412 3_0_0 EXIST::FUNCTION: -RSA_padding_add_X931 3413 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_X931 3413 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA BN_get0_nist_prime_256 3414 3_0_0 EXIST::FUNCTION: CRYPTO_memcmp 3415 3_0_0 EXIST::FUNCTION: DH_check_pub_key 3416 3_0_0 EXIST::FUNCTION:DH ASN1_mbstring_copy 3417 3_0_0 EXIST::FUNCTION: PKCS7_set_type 3418 3_0_0 EXIST::FUNCTION: BIO_gets 3419 3_0_0 EXIST::FUNCTION: -RSA_padding_check_PKCS1_type_1 3420 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_check_PKCS1_type_1 3420 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA UI_ctrl 3421 3_0_0 EXIST::FUNCTION: i2d_X509_REQ_fp 3422 3_0_0 EXIST::FUNCTION:STDIO BN_BLINDING_convert_ex 3423 3_0_0 EXIST::FUNCTION: @@ -3393,7 +3393,7 @@ BIO_number_written 3463 3_0_0 EXIST::FUNCTION: TS_TST_INFO_set_msg_imprint 3464 3_0_0 EXIST::FUNCTION:TS CRYPTO_get_ex_data 3465 3_0_0 EXIST::FUNCTION: X509_PURPOSE_get0_sname 3466 3_0_0 EXIST::FUNCTION: -RSA_verify_PKCS1_PSS 3467 3_0_0 EXIST::FUNCTION:RSA +RSA_verify_PKCS1_PSS 3467 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA HMAC_CTX_reset 3468 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_meth_set_init 3469 3_0_0 EXIST::FUNCTION: X509_REQ_extension_nid 3470 3_0_0 EXIST::FUNCTION: @@ -3558,7 +3558,7 @@ SHA384_Update 3635 3_0_0 EXIST::FUNCTION: CRYPTO_cfb128_1_encrypt 3636 3_0_0 EXIST::FUNCTION: BIO_set_cipher 3637 3_0_0 EXIST::FUNCTION: PEM_read_PUBKEY 3638 3_0_0 EXIST::FUNCTION:STDIO -RSA_PKCS1_OpenSSL 3639 3_0_0 EXIST::FUNCTION:RSA +RSA_PKCS1_OpenSSL 3639 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA AUTHORITY_INFO_ACCESS_free 3640 3_0_0 EXIST::FUNCTION: SCT_get0_signature 3641 3_0_0 EXIST::FUNCTION:CT DISPLAYTEXT_it 3643 3_0_0 EXIST::FUNCTION: @@ -3569,7 +3569,7 @@ X509_REQ_set_extension_nids 3647 3_0_0 EXIST::FUNCTION: X509_free 3648 3_0_0 EXIST::FUNCTION: ERR_load_ERR_strings 3649 3_0_0 EXIST::FUNCTION: ASN1_const_check_infinite_end 3650 3_0_0 EXIST::FUNCTION: -RSA_null_method 3651 3_0_0 EXIST::FUNCTION:RSA +RSA_null_method 3651 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA TS_REQ_ext_free 3652 3_0_0 EXIST::FUNCTION:TS EVP_PKEY_meth_get_encrypt 3653 3_0_0 EXIST::FUNCTION: Camellia_ecb_encrypt 3654 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0 @@ -3604,7 +3604,7 @@ BIO_ADDR_free 3683 3_0_0 EXIST::FUNCTION:SOCK ASN1_STRING_free 3684 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_inherit 3685 3_0_0 EXIST::FUNCTION: EC_GROUP_get_curve_name 3686 3_0_0 EXIST::FUNCTION:EC -RSA_print 3687 3_0_0 EXIST::FUNCTION:RSA +RSA_print 3687 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA i2d_ASN1_BMPSTRING 3688 3_0_0 EXIST::FUNCTION: EVP_PKEY_decrypt_old 3689 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_UTCTIME_cmp_time_t 3690 3_0_0 EXIST::FUNCTION: @@ -3678,7 +3678,7 @@ BIO_set_callback 3757 3_0_0 EXIST::FUNCTION: BN_GF2m_poly2arr 3758 3_0_0 EXIST::FUNCTION:EC2M CMS_unsigned_get_attr_count 3759 3_0_0 EXIST::FUNCTION:CMS EVP_aes_256_gcm 3760 3_0_0 EXIST::FUNCTION: -RSA_padding_check_X931 3761 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_check_X931 3761 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA ECDH_compute_key 3762 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC ASN1_TIME_print 3763 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_peerkey 3764 3_0_0 EXIST::FUNCTION: @@ -3759,7 +3759,7 @@ i2d_ASN1_INTEGER 3840 3_0_0 EXIST::FUNCTION: OCSP_SINGLERESP_add1_ext_i2d 3841 3_0_0 EXIST::FUNCTION:OCSP PKCS7_add_signed_attribute 3842 3_0_0 EXIST::FUNCTION: i2d_PrivateKey_bio 3843 3_0_0 EXIST::FUNCTION: -RSA_padding_add_PKCS1_type_1 3844 3_0_0 EXIST::FUNCTION:RSA +RSA_padding_add_PKCS1_type_1 3844 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA i2d_re_X509_tbs 3845 3_0_0 EXIST::FUNCTION: EVP_CIPHER_iv_length 3846 3_0_0 EXIST::FUNCTION: OCSP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION: @@ -3908,44 +3908,44 @@ X509_VERIFY_PARAM_set_auth_level 3991 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get_auth_level 3992 3_0_0 EXIST::FUNCTION: X509_REQ_get0_pubkey 3993 3_0_0 EXIST::FUNCTION: RSA_set0_key 3994 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_flags 3995 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_finish 3996 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_priv_dec 3997 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_sign 3998 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_bn_mod_exp 3999 3_0_0 EXIST::FUNCTION:RSA +RSA_meth_get_flags 3995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_finish 3996 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_priv_dec 3997 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_sign 3998 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_bn_mod_exp 3999 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_test_flags 4000 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_new 4001 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get0_app_data 4002 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_dup 4003 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set1_name 4004 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set0_app_data 4005 3_0_0 EXIST::FUNCTION:RSA +RSA_meth_new 4001 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get0_app_data 4002 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_dup 4003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set1_name 4004 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set0_app_data 4005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_set_flags 4006 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_sign 4007 3_0_0 EXIST::FUNCTION:RSA +RSA_meth_set_sign 4007 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_clear_flags 4008 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_keygen 4009 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_keygen 4010 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_pub_dec 4011 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_finish 4012 3_0_0 EXIST::FUNCTION:RSA +RSA_meth_get_keygen 4009 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_keygen 4010 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_pub_dec 4011 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_finish 4012 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_get0_key 4013 3_0_0 EXIST::FUNCTION:RSA -RSA_get0_engine 4014 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_priv_enc 4015 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_verify 4016 3_0_0 EXIST::FUNCTION:RSA +RSA_get0_engine 4014 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_priv_enc 4015 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_verify 4016 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_get0_factors 4017 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get0_name 4018 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_mod_exp 4019 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_flags 4020 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_pub_dec 4021 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_bn_mod_exp 4022 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_init 4023 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_free 4024 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_pub_enc 4025 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_mod_exp 4026 3_0_0 EXIST::FUNCTION:RSA +RSA_meth_get0_name 4018 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_mod_exp 4019 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_flags 4020 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_pub_dec 4021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_bn_mod_exp 4022 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_init 4023 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_free 4024 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_pub_enc 4025 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_mod_exp 4026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_set0_factors 4027 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_pub_enc 4028 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_priv_dec 4029 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_verify 4030 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_init 4031 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_priv_enc 4032 3_0_0 EXIST::FUNCTION:RSA +RSA_meth_set_pub_enc 4028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_priv_dec 4029 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_verify 4030 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_init 4031 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_priv_enc 4032 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_set0_crt_params 4037 3_0_0 EXIST::FUNCTION:RSA RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:RSA DH_set0_pqg 4039 3_0_0 EXIST::FUNCTION:DH @@ -4273,14 +4273,14 @@ EVP_PKEY_asn1_set_param_check 4368 3_0_0 EXIST::FUNCTION: DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DH DH_check_pub_key_ex 4370 3_0_0 EXIST::FUNCTION:DH DH_check_params_ex 4371 3_0_0 EXIST::FUNCTION:DH -RSA_generate_multi_prime_key 4372 3_0_0 EXIST::FUNCTION:RSA +RSA_generate_multi_prime_key 4372 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RSA_get_multi_prime_extra_count 4373 3_0_0 EXIST::FUNCTION:RSA OCSP_resp_get0_signer 4374 3_0_0 EXIST::FUNCTION:OCSP RSA_get0_multi_prime_crt_params 4375 3_0_0 EXIST::FUNCTION:RSA RSA_set0_multi_prime_params 4376 3_0_0 EXIST::FUNCTION:RSA -RSA_get_version 4377 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_get_multi_prime_keygen 4378 3_0_0 EXIST::FUNCTION:RSA -RSA_meth_set_multi_prime_keygen 4379 3_0_0 EXIST::FUNCTION:RSA +RSA_get_version 4377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_get_multi_prime_keygen 4378 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_meth_set_multi_prime_keygen 4379 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA RAND_DRBG_get0_master 4380 3_0_0 EXIST::FUNCTION: RAND_DRBG_set_reseed_time_interval 4381 3_0_0 EXIST::FUNCTION: PROFESSION_INFO_get0_addProfessionInfo 4382 3_0_0 EXIST::FUNCTION: @@ -4898,7 +4898,7 @@ d2i_X509_PUBKEY_fp ? 3_0_0 EXIST::FUNCTION:STDIO i2d_X509_PUBKEY_fp ? 3_0_0 EXIST::FUNCTION:STDIO d2i_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION: i2d_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION: -RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:RSA +RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION: OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP BIO_f_prefix ? 3_0_0 EXIST::FUNCTION: