diff options
51 files changed, 1406 insertions, 950 deletions
diff --git a/CHANGES.md b/CHANGES.md index fbd80c33c0..e512b080c7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -69,6 +69,49 @@ OpenSSL 3.0 *Dmitry Belyavskiy* + * All of the low level EC_KEY functions have been deprecated including: + + EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method, + EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method + EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init, + EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key, + EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify, + EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen, + EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign, + EC_KEY_METHOD_get_verify, + EC_KEY_new_ex, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, + EC_KEY_clear_flags, EC_KEY_decoded_from_explicit_params, + EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free, + EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, + EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, + EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, + EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form, + EC_KEY_set_conv_form, EC_KEY_set_ex_data, EC_KEY_get_ex_data, + EC_KEY_set_asn1_flag, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_can_sign, + EC_KEY_set_public_key_affine_coordinates, EC_KEY_key2buf, EC_KEY_oct2key, + EC_KEY_oct2priv, EC_KEY_priv2oct and EC_KEY_priv2buf. + Applications that need to implement an EC_KEY_METHOD need to consider + implementation of the functionality in a special provider. + For replacement of the functions manipulating the EC_KEY objects + see the EVP_PKEY-EC(7) manual page. + + Additionally functions that read and write EC_KEY objects such as + o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp, + d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, + d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, + i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, + i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio and i2d_EC_PUBKEY_fp + have also been deprecated. Applications should instead use the + OSSL_DECODER and OSSL_ENCODER APIs to read and write EC files. + + Finally functions that assign or obtain EC_KEY objects from an EVP_PKEY such as + EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get1_EC_KEY and + EVP_PKEY_set1_EC_KEY are also deprecated. Applications should instead either + read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER + APIs. Or load an EVP_PKEY directly from EC data using EVP_PKEY_fromdata(). + + *Shane Lontis, Paul Dale, Richard Levitte, and Tomas Mraz* + * Deprecated all the libcrypto and libssl error string loading functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(), ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(), @@ -594,19 +637,6 @@ OpenSSL 3.0 *Paul Dale* - * Deprecated the EC_KEY_METHOD functions. These include: - - EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init, - EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key, - EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify, - EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen, - EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign and - EC_KEY_METHOD_get_verify. - - Instead applications and extension writers should use the OSSL_PROVIDER APIs. - - *Paul Dale* - * Deprecated EVP_PKEY_decrypt_old(), please use EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() instead. Deprecated EVP_PKEY_encrypt_old(), please use EVP_PKEY_encrypt_init() @@ -8,29 +8,17 @@ */ #include <openssl/opensslconf.h> +#include <openssl/evp.h> +#include <openssl/encoder.h> +#include <openssl/decoder.h> +#include <openssl/core_names.h> +#include <openssl/core_dispatch.h> +#include <openssl/params.h> +#include <openssl/err.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> #include "apps.h" #include "progs.h" -#include <openssl/bio.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include <openssl/pem.h> - -static OPT_PAIR conv_forms[] = { - {"compressed", POINT_CONVERSION_COMPRESSED}, - {"uncompressed", POINT_CONVERSION_UNCOMPRESSED}, - {"hybrid", POINT_CONVERSION_HYBRID}, - {NULL} -}; - -static OPT_PAIR param_enc[] = { - {"named_curve", OPENSSL_EC_NAMED_CURVE}, - {"explicit", 0}, - {NULL} -}; +#include "ec_common.h" typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -74,19 +62,22 @@ const OPTIONS ec_options[] = { int ec_main(int argc, char **argv) { + OSSL_ENCODER_CTX *ectx = NULL; + OSSL_DECODER_CTX *dctx = NULL; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *eckey = NULL; BIO *in = NULL, *out = NULL; ENGINE *e = NULL; - EC_KEY *eckey = NULL; - const EC_GROUP *group; const EVP_CIPHER *enc = NULL; - point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; char *infile = NULL, *outfile = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; OPTION_CHOICE o; - int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; - int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0; - int no_public = 0, check = 0; + int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0; + int check = 0; + char *asn1_encoding = NULL; + char *point_format = NULL; + int no_public = 0; prog = opt_init(argc, argv, ec_options); while ((o = opt_next()) != OPT_EOF) { @@ -143,16 +134,14 @@ int ec_main(int argc, char **argv) goto opthelp; break; case OPT_CONV_FORM: - if (!opt_pair(opt_arg(), conv_forms, &i)) + point_format = opt_arg(); + if (!opt_string(point_format, point_format_options)) goto opthelp; - new_form = 1; - form = i; break; case OPT_PARAM_ENC: - if (!opt_pair(opt_arg(), param_enc, &i)) + asn1_encoding = opt_arg(); + if (!opt_string(asn1_encoding, asn1_encoding_options)) goto opthelp; - new_asn1_flag = 1; - asn1_flag = i; break; case OPT_NO_PUBLIC: no_public = 1; @@ -188,30 +177,14 @@ int ec_main(int argc, char **argv) } BIO_printf(bio_err, "read EC key\n"); - if (informat == FORMAT_ASN1) { - if (pubin) - eckey = d2i_EC_PUBKEY_bio(in, NULL); - else - eckey = d2i_ECPrivateKey_bio(in, NULL); - } else if (informat == FORMAT_ENGINE) { - EVP_PKEY *pkey; - if (pubin) - pkey = load_pubkey(infile, informat, 1, passin, e, "public key"); - else - pkey = load_key(infile, informat, 1, passin, e, "private key"); - if (pkey != NULL) { - eckey = EVP_PKEY_get1_EC_KEY(pkey); - EVP_PKEY_free(pkey); - } - } else { - if (pubin) - eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL); - else - eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin); - } + + if (pubin) + eckey = load_pubkey(infile, informat, 1, passin, e, "public key"); + else + eckey = load_key(infile, informat, 1, passin, e, "private key"); + if (eckey == NULL) { BIO_printf(bio_err, "unable to load Key\n"); - ERR_print_errors(bio_err); goto end; } @@ -219,74 +192,96 @@ int ec_main(int argc, char **argv) if (out == NULL) goto end; - group = EC_KEY_get0_group(eckey); - - if (new_form) - EC_KEY_set_conv_form(eckey, form); + if (point_format + && !EVP_PKEY_set_utf8_string_param( + eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + point_format)) { + BIO_printf(bio_err, "unable to set point conversion format\n"); + goto end; + } - if (new_asn1_flag) - EC_KEY_set_asn1_flag(eckey, asn1_flag); + if (asn1_encoding != NULL + && !EVP_PKEY_set_utf8_string_param( + eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) { + BIO_printf(bio_err, "unable to set asn1 encoding format\n"); + goto end; + } - if (no_public) - EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY); + if (no_public + && !EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0)) { + BIO_printf(bio_err, "unable to disable public key encoding\n"); + goto end; + } if (text) { assert(pubin || private); - if (!EC_KEY_print(out, eckey, 0)) { - perror(outfile); - ERR_print_errors(bio_err); + if ((pubin && EVP_PKEY_print_public(out, eckey, 0, NULL) <= 0) + || (!pubin && EVP_PKEY_print_private(out, eckey, 0, NULL) <= 0)) { + BIO_printf(bio_err, "unable to print EC key\n"); goto end; } } if (check) { - if (EC_KEY_check_key(eckey) == 1) { - BIO_printf(bio_err, "EC Key valid.\n"); - } else { - BIO_printf(bio_err, "EC Key Invalid!\n"); - ERR_print_errors(bio_err); + pctx = EVP_PKEY_CTX_new_from_pkey(NULL, eckey, NULL); + if (pctx == NULL) { + BIO_printf(bio_err, "unable to check EC key\n"); + goto end; } + if (!EVP_PKEY_check(pctx)) + BIO_printf(bio_err, "EC Key Invalid!\n"); + else + BIO_printf(bio_err, "EC Key valid.\n"); + ERR_print_errors(bio_err); } - if (noout) { - ret = 0; - goto end; - } + if (!noout) { + int selection; + const char *output_type = outformat == FORMAT_ASN1 ? "DER" : "PEM"; + const char *output_structure = "type-specific"; - BIO_printf(bio_err, "writing EC key\n"); - if (outformat == FORMAT_ASN1) { + BIO_printf(bio_err, "writing EC key\n"); if (param_out) { - i = i2d_ECPKParameters_bio(out, group); + selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; } else if (pubin || pubout) { - i = i2d_EC_PUBKEY_bio(out, eckey); + selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS + | OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + output_structure = "SubjectPublicKeyInfo"; } else { + selection = OSSL_KEYMGMT_SELECT_ALL; assert(private); - i = i2d_ECPrivateKey_bio(out, eckey); } - } else { - if (param_out) { - i = PEM_write_bio_ECPKParameters(out, group); - } else if (pubin || pubout) { - i = PEM_write_bio_EC_PUBKEY(out, eckey); - } else { - assert(private); - i = PEM_write_bio_ECPrivateKey(out, eckey, enc, - NULL, 0, NULL, passout); + + ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(eckey, selection, + output_type, output_structure, + NULL); + if (enc != NULL) { + OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL); + if (passout != NULL) + OSSL_ENCODER_CTX_set_passphrase(ectx, + (const unsigned char *)passout, + strlen(passout)); + } + if (!OSSL_ENCODER_to_bio(ectx, out)) { + BIO_printf(bio_err, "unable to write EC key\n"); + goto end; } } - if (!i) { - BIO_printf(bio_err, "unable to write private key\n"); + ret = 0; +end: + if (ret != 0) ERR_print_errors(bio_err); - } else { - ret = 0; - } - end: BIO_free(in); BIO_free_all(out); - EC_KEY_free(eckey); + EVP_PKEY_free(eckey); + OSSL_ENCODER_CTX_free(ectx); + OSSL_DECODER_CTX_free(dctx); + EVP_PKEY_CTX_free(pctx); release_engine(e); - OPENSSL_free(passin); - OPENSSL_free(passout); + if (passin != NULL) + OPENSSL_clear_free(passin, strlen(passin)); + if (passout != NULL) + OPENSSL_clear_free(passout, strlen(passout)); return ret; } diff --git a/apps/ecparam.c b/apps/ecparam.c index 06f017a548..505868eb18 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -9,19 +9,16 @@ */ #include <openssl/opensslconf.h> - -#include <stdio.h> -#include <stdlib.h> -#include <time.h> -#include <string.h> +#include <openssl/evp.h> +#include <openssl/encoder.h> +#include <openssl/decoder.h> +#include <openssl/core_names.h> +#include <openssl/core_dispatch.h> +#include <openssl/params.h> +#include <openssl/err.h> #include "apps.h" #include "progs.h" -#include <openssl/bio.h> -#include <openssl/err.h> -#include <openssl/bn.h> -#include <openssl/ec.h> -#include <openssl/x509.h> -#include <openssl/pem.h> +#include "ec_common.h" typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -67,36 +64,51 @@ const OPTIONS ecparam_options[] = { {NULL} }; -static OPT_PAIR forms[] = { - {"compressed", POINT_CONVERSION_COMPRESSED}, - {"uncompressed", POINT_CONVERSION_UNCOMPRESSED}, - {"hybrid", POINT_CONVERSION_HYBRID}, - {NULL} -}; +static int list_builtin_curves(BIO *out) +{ + int ret = 0; + EC_builtin_curve *curves = NULL; + size_t n, crv_len = EC_get_builtin_curves(NULL, 0); -static OPT_PAIR encodings[] = { - {"named_curve", OPENSSL_EC_NAMED_CURVE}, - {"explicit", 0}, - {NULL} -}; + curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves"); + if (!EC_get_builtin_curves(curves, crv_len)) + goto end; + + for (n = 0; n < crv_len; n++) { + const char *comment = curves[n].comment; + const char *sname = OBJ_nid2sn(curves[n].nid); + + if (comment == NULL) + comment = "CURVE DESCRIPTION NOT AVAILABLE"; + if (sname == NULL) + sname = ""; + + BIO_printf(out, " %-10s: ", sname); + BIO_printf(out, "%s\n", comment); + } + ret = 1; +end: + OPENSSL_free(curves); + return ret; +} int ecparam_main(int argc, char **argv) { + EVP_PKEY_CTX *gctx_params = NULL, *gctx_key = NULL, *pctx = NULL; + EVP_PKEY *params_key = NULL, *key = NULL; + OSSL_ENCODER_CTX *ectx_key = NULL, *ectx_params = NULL; + OSSL_DECODER_CTX *dctx_params = NULL; ENGINE *e = NULL; - BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL; - BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL; BIO *in = NULL, *out = NULL; - EC_GROUP *group = NULL; - point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; char *curve_name = NULL; + char *asn1_encoding = NULL; + char *point_format = NULL; char *infile = NULL, *outfile = NULL, *prog; - unsigned char *buffer = NULL; OPTION_CHOICE o; - int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0; int ret = 1, private = 0; - int list_curves = 0, no_seed = 0, check = 0, new_form = 0; - int text = 0, i, genkey = 0, check_named = 0; + int no_seed = 0, check = 0, check_named = 0, text = 0, genkey = 0; + int list_curves = 0; prog = opt_init(argc, argv, ecparam_options); while ((o = opt_next()) != OPT_EOF) { @@ -146,15 +158,14 @@ int ecparam_main(int argc, char **argv) curve_name = opt_arg(); break; case OPT_CONV_FORM: - if (!opt_pair(opt_arg(), forms, &new_form)) + point_format = opt_arg(); + if (!opt_string(point_format, point_format_options)) goto opthelp; - form = new_form; - new_form = 1; break; case OPT_PARAM_ENC: - if (!opt_pair(opt_arg(), encodings, &asn1_flag)) + asn1_encoding = opt_arg(); + if (!opt_string(asn1_encoding, asn1_encoding_options)) goto opthelp; - new_asn1_flag = 1; break; case OPT_GENKEY: genkey = 1; @@ -188,111 +199,88 @@ int ecparam_main(int argc, char **argv) goto end; if (list_curves) { - EC_builtin_curve *curves = NULL; - size_t crv_len = EC_get_builtin_curves(NULL, 0); - size_t n; - - curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves"); - if (!EC_get_builtin_curves(curves, crv_len)) { - OPENSSL_free(curves); - goto end; - } - - for (n = 0; n < crv_len; n++) { - const char *comment; - const char *sname; - comment = curves[n].comment; - sname = OBJ_nid2sn(curves[n].nid); - if (comment == NULL) - comment = "CURVE DESCRIPTION NOT AVAILABLE"; - if (sname == NULL) - sname = ""; - - BIO_printf(out, " %-10s: ", sname); - BIO_printf(out, "%s\n", comment); - } - - OPENSSL_free(curves); - ret = 0; + if (list_builtin_curves(out)) + ret = 0; goto end; } if (curve_name != NULL) { - int nid; + OSSL_PARAM params[4]; + OSSL_PARAM *p = params; - /* - * workaround for the SECG curve names secp192r1 and secp256r1 (which - * are the same as the curves prime192v1 and prime256v1 defined in - * X9.62) - */ if (strcmp(curve_name, "secp192r1") == 0) { - BIO_printf(bio_err, "using curve name prime192v1 " - "instead of secp192r1\n"); - nid = NID_X9_62_prime192v1; + BIO_printf(bio_err, + "using curve name prime192v1 instead of secp192r1\n"); + curve_name = SN_X9_62_prime192v1; } else if (strcmp(curve_name, "secp256r1") == 0) { - BIO_printf(bio_err, "using curve name prime256v1 " - "instead of secp256r1\n"); - nid = NID_X9_62_prime256v1; - } else { - nid = OBJ_sn2nid(curve_name); + BIO_printf(bio_err, + "using curve name prime256v1 instead of secp256r1\n"); + curve_name = SN_X9_62_prime256v1; } - - if (nid == 0) - nid = EC_curve_nist2nid(curve_name); - - if (nid == 0) { - BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0); + if (asn1_encoding != NULL) + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, + asn1_encoding, 0); + if (point_format != NULL) + *p++ = OSSL_PARAM_construct_utf8_string( + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + point_format, 0); + *p = OSSL_PARAM_construct_end(); + gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL); + if (gctx_params == NULL + || EVP_PKEY_keygen_init(gctx_params) <= 0 + || EVP_PKEY_CTX_set_params(gctx_params, params) <= 0 + || EVP_PKEY_keygen(gctx_params, ¶ms_key) <= 0) { + BIO_printf(bio_err, "unable to generate key\n"); + goto end; + } + } else { + params_key = load_keyparams(infile, 1, "EC", "EC parameters"); + if (!EVP_PKEY_is_a(params_key, "EC")) + goto end; + if (point_format + && !EVP_PKEY_set_utf8_string_param( + params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + point_format)) { + BIO_printf(bio_err, "unable to set point conversion format\n"); goto end; } - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) { - BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name); + if (asn1_encoding != NULL + && !EVP_PKEY_set_utf8_string_param( + params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) { + BIO_printf(bio_err, "unable to set asn1 encoding format\n"); goto end; } - EC_GROUP_set_asn1_flag(group, asn1_flag); - EC_GROUP_set_point_conversion_form(group, form); - } else if (informat == FORMAT_ASN1) { - group = d2i_ECPKParameters_bio(in, NULL); - } else { - group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); } - if (group == NULL) { - BIO_printf(bio_err, "unable to load elliptic curve parameters\n"); - ERR_print_errors(bio_err); + + if (no_seed + && !EVP_PKEY_set_octet_string_param(params_key, OSSL_PKEY_PARAM_EC_SEED, + NULL, 0)) { + BIO_printf(bio_err, "unable to clear seed\n"); goto end; } - if (new_form) - EC_GROUP_set_point_conversion_form(group, form); - - if (new_asn1_flag) - EC_GROUP_set_asn1_flag(group, asn1_flag); - - if (no_seed) { - EC_GROUP_set_seed(group, NULL, 0); + if (text + && !EVP_PKEY_print_params(out, params_key, 0, NULL)) { + BIO_printf(bio_err, "unable to print params\n"); + goto end; } - if (text) { - if (!ECPKParameters_print(out, group, 0)) - goto end; - } + if (check || check_named) { + BIO_printf(bio_err, "checking elliptic curve parameters: "); - if (check_named) { - BIO_printf(bio_err, "validating named elliptic curve parameters: "); - if (EC_GROUP_check_named_curve(group, 0, NULL) <= 0) { - BIO_printf(bio_err, "failed\n"); - ERR_print_errors(bio_err); - goto end; + if (check_named + && !EVP_PKEY_set_utf8_string_param(params_key, + OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, + OSSL_PKEY_EC_GROUP_CHECK_NAMED)) { + BIO_printf(bio_err, "unable to set check_type\n"); + goto end; } - BIO_printf(bio_err, "ok\n"); - } - - if (check) { - BIO_printf(bio_err, "checking elliptic curve parameters: "); - if (!EC_GROUP_check(group, NULL)) { + pctx = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL); + if (pctx == NULL || !EVP_PKEY_param_check(pctx)) { BIO_printf(bio_err, "failed\n"); - ERR_print_errors(bio_err); goto end; } BIO_printf(bio_err, "ok\n"); @@ -302,60 +290,54 @@ int ecparam_main(int argc, char **argv) noout = 1; if (!noout) { - if (outformat == FORMAT_ASN1) - i = i2d_ECPKParameters_bio(out, group); - else - i = PEM_write_bio_ECPKParameters(out, group); - if (!i) { - BIO_printf(bio_err, "unable to write elliptic " - "curve parameters\n"); - ERR_print_errors(bio_err); + ectx_params = OSSL_ENCODER_CTX_new_by_EVP_PKEY( + params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL); + if (!OSSL_ENCODER_to_bio(ectx_params, out)) { + BIO_printf(bio_err, "unable to write elliptic curve parameters\n"); goto end; } } if (genkey) { - EC_KEY *eckey = EC_KEY_new(); - - if (eckey == NULL) - goto end; - - if (EC_KEY_set_group(eckey, group) == 0) { - BIO_printf(bio_err, "unable to set group when generating key\n"); - EC_KEY_free(eckey); - ERR_print_errors(bio_err); - goto end; - } - - if (new_form) - EC_KEY_set_conv_form(eckey, form); - - if (!EC_KEY_generate_key(eckey)) { + /* + * NOTE: EC keygen does not normally need to pass in the param_key + * for named curves. This can be achieved using: + * gctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + * EVP_PKEY_keygen_init(gctx); + * EVP_PKEY_CTX_set_group_name(gctx, curvename); + * EVP_PKEY_keygen(gctx, &key) <= 0) + */ + gctx_key = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL); + if (EVP_PKEY_keygen_init(gctx_key) <= 0 + || EVP_PKEY_keygen(gctx_key, &key) <= 0) { BIO_printf(bio_err, "unable to generate key\n"); - EC_KEY_free(eckey); - ERR_print_errors(bio_err); goto end; } assert(private); - if (outformat == FORMAT_ASN1) - i = i2d_ECPrivateKey_bio(out, eckey); - else - i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, - NULL, 0, NULL, NULL); - EC_KEY_free(eckey); + ectx_key = OSSL_ENCODER_CTX_new_by_EVP_PKEY( + key, OSSL_KEYMGMT_SELECT_ALL, + outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL); + if (!OSSL_ENCODER_to_bio(ectx_key, out)) { + BIO_printf(bio_err, "unable to write elliptic " + "curve parameters\n"); + goto end; + } } ret = 0; - end: - BN_free(ec_p); - BN_free(ec_a); - BN_free(ec_b); - BN_free(ec_gen); - BN_free(ec_order); - BN_free(ec_cofactor); - OPENSSL_free(buffer); - EC_GROUP_free(group); +end: + if (ret != 0) + ERR_print_errors(bio_err); release_engine(e); + EVP_PKEY_free(params_key); + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_CTX_free(gctx_params); + EVP_PKEY_CTX_free(gctx_key); + OSSL_DECODER_CTX_free(dctx_params); + OSSL_ENCODER_CTX_free(ectx_params); + OSSL_ENCODER_CTX_free(ectx_key); BIO_free(in); BIO_free_all(out); return ret; diff --git a/apps/include/ec_common.h b/apps/include/ec_common.h new file mode 100644 index 0000000000..4ed12163fa --- /dev/null +++ b/apps/include/ec_common.h @@ -0,0 +1,23 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_NO_EC +static const char *point_format_options[] = { + "uncompressed", + "compressed", + "hybrid", + NULL +}; + +static const char *asn1_encoding_options[] = { + "named_curve", + "explicit", + NULL +}; +#endif diff --git a/apps/include/opt.h b/apps/include/opt.h index 15375e3a80..34298cf50d 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -363,6 +363,7 @@ int opt_umax(const char *arg, uintmax_t *result); # define uintmax_t unsigned long #endif int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result); +int opt_string(const char *name, const char **options); int opt_cipher(const char *name, const EVP_CIPHER **cipherp); int opt_md(const char *name, const EVP_MD **mdp); char *opt_arg(void); diff --git a/apps/lib/opt.c b/apps/lib/opt.c index 9675bc474d..11a9a13496 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -391,6 +391,20 @@ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result) return 0; } +/* Look through a list of valid names */ +int opt_string(const char *name, const char **options) +{ + const char **p; + + for (p = options; *p != NULL; p++) + if (strcmp(*p, name) == 0) + return 1; + opt_printf_stderr("%s: Value must be one of:\n", prog); + for (p = options; *p != NULL; p++) + opt_printf_stderr("\t%s\n", *p); + return 0; +} + /* Parse an int, put it into *result; return 0 on failure, else 1. */ int opt_int(const char *value, int *result) { diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 67e0fbd5bd..d77647246d 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -397,15 +397,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s) #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: { - EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); - int nid; - const char *cname; - nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - EC_KEY_free(ec); - cname = EC_curve_nid2nist(nid); - if (cname == NULL) - cname = OBJ_nid2sn(nid); - BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key)); + char name[80]; + size_t name_len; + + if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME, + name, sizeof(name), &name_len)) + strcpy(name, "?"); + BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_bits(key)); } break; #endif diff --git a/apps/pkey.c b/apps/pkey.c index 5d12cc059a..33ed5ebf58 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -11,26 +11,11 @@ #include <string.h> #include "apps.h" #include "progs.h" +#include "ec_common.h" #include <openssl/pem.h> #include <openssl/err.h> #include <openssl/evp.h> - -#ifndef OPENSSL_NO_EC -# include <openssl/ec.h> - -static OPT_PAIR ec_conv_forms[] = { - {"compressed", POINT_CONVERSION_COMPRESSED}, - {"uncompressed", POINT_CONVERSION_UNCOMPRESSED}, - {"hybrid", POINT_CONVERSION_HYBRID}, - {NULL} -}; - -static OPT_PAIR ec_param_enc[] = { - {"named_curve", OPENSSL_EC_NAMED_CURVE}, - {"explicit", 0}, - {NULL} -}; -#endif +#include <openssl/core_names.h> typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -94,10 +79,8 @@ int pkey_main(int argc, char **argv) int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1; int private = 0, traditional = 0, check = 0, pub_check = 0; #ifndef OPENSSL_NO_EC - EC_KEY *eckey; - int ec_asn1_flag = OPENSSL_EC_NAMED_CURVE, new_ec_asn1_flag = 0; - int i, new_ec_form = 0; - point_conversion_form_t ec_form = POINT_CONVERSION_UNCOMPRESSED; + char *asn1_encoding = NULL; + char *point_format = NULL; #endif prog = opt_init(argc, argv, pkey_options); @@ -167,20 +150,18 @@ int pkey_main(int argc, char **argv) #ifdef OPENSSL_NO_EC goto opthelp; #else - if (!opt_pair(opt_arg(), ec_conv_forms, &i)) + point_format = opt_arg(); + if (!opt_string(point_format, point_format_options)) goto opthelp; - new_ec_form = 1; - ec_form = i; break; #endif case OPT_EC_PARAM_ENC: #ifdef OPENSSL_NO_EC goto opthelp; #else - if (!opt_pair(opt_arg(), ec_param_enc, &i)) + asn1_encoding = opt_arg(); + if (!opt_string(asn1_encoding, asn1_encoding_options)) goto opthelp; - new_ec_asn1_flag = 1; - ec_asn1_flag = i; break; #endif case OPT_PROV_CASES: @@ -234,20 +215,22 @@ int pkey_main(int argc, char **argv) goto end; #ifndef OPENSSL_NO_EC - /* - * TODO: remove this and use a set params call with a 'pkeyopt' command - * line option instead. - */ - if (new_ec_form || new_ec_asn1_flag) { - if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { - ERR_print_errors(bio_err); + if (asn1_encoding != NULL || point_format != NULL) { + OSSL_PARAM params[3], *p = params; + + if (!EVP_PKEY_is_a(pkey, "EC")) goto end; - } - if (new_ec_form) - EC_KEY_set_conv_form(eckey, ec_form); - if (new_ec_asn1_flag) - EC_KEY_set_asn1_flag(eckey, ec_asn1_flag); + if (asn1_encoding != NULL) + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, + asn1_encoding, 0); + if (point_format != NULL) + *p++ = OSSL_PARAM_construct_utf8_string( + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + point_format, 0); + *p = OSSL_PARAM_construct_end(); + if (EVP_PKEY_set_params(pkey, params) <= 0) + goto end; } #endif diff --git a/apps/speed.c b/apps/speed.c index c8c4f65b47..e2b98c86b5 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -583,7 +583,9 @@ typedef struct loopargs_st { DSA *dsa_key[DSA_NUM]; #endif #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 EC_KEY *ecdsa[ECDSA_NUM]; +# endif EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; EVP_MD_CTX *eddsa_ctx[EdDSA_NUM]; EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM]; @@ -4082,8 +4084,10 @@ int speed_main(int argc, char **argv) DSA_free(loopargs[i].dsa_key[k]); #endif #ifndef OPENSSL_NO_EC +# if !defined(OPENSSL_NO_DEPRECATED_3_0) for (k = 0; k < ECDSA_NUM; k++) EC_KEY_free(loopargs[i].ecdsa[k]); +# endif for (k = 0; k < EC_NUM; k++) EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); for (k = 0; k < EdDSA_NUM; k++) { diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h index 01d9076350..b8c5581146 100644 --- a/crypto/asn1/asn1_item_list.h +++ b/crypto/asn1/asn1_item_list.h @@ -63,8 +63,10 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(DIST_POINT_NAME), ASN1_ITEM_ref(DIST_POINT), #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 ASN1_ITEM_ref(ECPARAMETERS), ASN1_ITEM_ref(ECPKPARAMETERS), +# endif #endif ASN1_ITEM_ref(EDIPARTYNAME), ASN1_ITEM_ref(EXTENDED_KEY_USAGE), diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index f950657173..06acb7d607 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * Low level APIs related to EC_KEY are deprecated for public use, + * but still ok for internal use. + */ +#include "internal/deprecated.h" + #include <openssl/core_names.h> #include <openssl/objects.h> #include <openssl/params.h> @@ -23,6 +29,18 @@ static const OSSL_ITEM encoding_nameid_map[] = { { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }, }; +static const OSSL_ITEM check_group_type_nameid_map[] = { + { 0, OSSL_PKEY_EC_GROUP_CHECK_DEFAULT }, + { EC_FLAG_CHECK_NAMED_GROUP, OSSL_PKEY_EC_GROUP_CHECK_NAMED }, + { EC_FLAG_CHECK_NAMED_GROUP_NIST, OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST }, +}; + +static const OSSL_ITEM format_nameid_map[] = { + { (int)POINT_CONVERSION_UNCOMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED }, + { (int)POINT_CONVERSION_COMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED }, + { (int)POINT_CONVERSION_HYBRID, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID }, +}; + int ec_encoding_name2id(const char *name) { size_t i, sz; @@ -49,13 +67,95 @@ static char *ec_param_encoding_id2name(int id) return NULL; } +char *ec_check_group_type_id2name(int id) +{ + size_t i, sz; + + for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) { + if (id == (int)check_group_type_nameid_map[i].id) + return check_group_type_nameid_map[i].ptr; + } + return NULL; +} + +static int ec_check_group_type_name2id(const char *name) +{ + size_t i, sz; + + /* Return the default value if there is no name */ + if (name == NULL) + return 0; + + for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) { + if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) + return check_group_type_nameid_map[i].id; + } + return -1; +} + +int ec_set_check_group_type_from_name(EC_KEY *ec, const char *name) +{ + int flags = ec_check_group_type_name2id(name); + + if (flags == -1) + return 0; + EC_KEY_clear_flags(ec, EC_FLAG_CHECK_NAMED_GROUP_MASK); + EC_KEY_set_flags(ec, flags); + return 1; +} + +static int ec_set_check_group_type_from_param(EC_KEY *ec, const OSSL_PARAM *p) +{ + const char *name = NULL; + int status = 0; + + switch (p->data_type) { + case OSSL_PARAM_UTF8_STRING: + name = p->data; + status = (name != NULL); + break; + case OSSL_PARAM_UTF8_PTR: + status = OSSL_PARAM_get_utf8_ptr(p, &name); + break; + } + if (status) + return ec_set_check_group_type_from_name(ec, name); + return 0; +} + +int ec_pt_format_name2id(const char *name) +{ + size_t i, sz; + + /* Return the default value if there is no name */ + if (name == NULL) + return (int)POINT_CONVERSION_UNCOMPRESSED; + + for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) { + if (strcasecmp(name, format_nameid_map[i].ptr) == 0) + return format_nameid_map[i].id; + } + return -1; +} + +char *ec_pt_format_id2name(int id) +{ + size_t i, sz; + + for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) { + if (id == (int)format_nameid_map[i].id) + return format_nameid_map[i].ptr; + } + return NULL; +} + int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, OSSL_PARAM params[], OSSL_LIB_CTX *libctx, const char *propq, BN_CTX *bnctx, unsigned char **genbuf) { int ret = 0, curve_nid, encoding_flag; - const char *field_type, *encoding_name; + const char *field_type, *encoding_name, *pt_form_name; const BIGNUM *cofactor, *order; BIGNUM *p = NULL, *a = NULL, *b = NULL; point_conversion_form_t genform; @@ -68,6 +168,15 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, return 0; } + genform = EC_GROUP_get_point_conversion_form(group); + pt_form_name = ec_pt_format_id2name(genform); + if (pt_form_name == NULL + || !ossl_param_build_set_utf8_string( + tmpl, params, + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) { + ECerr(0, EC_R_INVALID_FORM); + return 0; + } encoding_flag = EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE; encoding_name = ec_param_encoding_id2name(encoding_flag); if (encoding_name == NULL @@ -115,7 +224,6 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); goto err; } - genform = EC_GROUP_get_point_conversion_form(group); genbuf_len = EC_POINT_point2buf(group, genpt, genform, genbuf, bnctx); if (genbuf_len == 0) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); @@ -336,17 +444,50 @@ int ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) if (!EC_KEY_set_group(ec, group)) goto err; - - /* - * TODO(3.0): if the group has changed, should we invalidate the private and - * public key? - */ ok = 1; err: EC_GROUP_free(group); return ok; } +static int ec_key_point_format_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + int format = -1; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT); + if (p != NULL) { + if (!ec_pt_format_param2id(p, &format)) { + ECerr(0, EC_R_INVALID_FORM); + return 0; + } + EC_KEY_set_conv_form(ec, format); + } + return 1; +} + +static int ec_key_group_check_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE); + if (p != NULL) + return ec_set_check_group_type_from_param(ec, p); + return 1; +} + +static int ec_set_include_public(EC_KEY *ec, int include) +{ + int flags = EC_KEY_get_enc_flags(ec); + + if (!include) + flags |= EC_PKEY_NO_PUBKEY; + else + flags &= ~EC_PKEY_NO_PUBKEY; + EC_KEY_set_enc_flags(ec, flags); + return 1; +} + int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) { const OSSL_PARAM *p; @@ -363,5 +504,69 @@ int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) return 0; } + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC); + if (p != NULL) { + int include = 1; + + if (!OSSL_PARAM_get_int(p, &include) + || !ec_set_include_public(ec, include)) + return 0; + } + if (!ec_key_point_format_fromdata(ec, params)) + return 0; + if (!ec_key_group_check_fromdata(ec, params)) + return 0; return 1; } + +int ec_encoding_param2id(const OSSL_PARAM *p, int *id) +{ + const char *name = NULL; + int status = 0; + + switch (p->data_type) { + case OSSL_PARAM_UTF8_STRING: + /* The OSSL_PARAM functions have no support for this */ + name = p->data; + status = (name != NULL); + break; + case OSSL_PARAM_UTF8_PTR: + status = OSSL_PARAM_get_utf8_ptr(p, &name); + break; + } + if (status) { + int i = ec_encoding_name2id(name); + + if (i >= 0) { + *id = i; + return 1; + } + } + return 0; +} + +int ec_pt_format_param2id(const OSSL_PARAM *p, int *id) +{ + const char *name = NULL; + int status = 0; + + switch (p->data_type) { + case OSSL_PARAM_UTF8_STRING: + /* The OSSL_PARAM functions have no support for this */ + name = p->data; + status = (name != NULL); + break; + case OSSL_PARAM_UTF8_PTR: + status = OSSL_PARAM_get_utf8_ptr(p, &name); + break; + } + if (status) { + int i = ec_pt_format_name2id(name); + + if (i >= 0) { + *id = i; + return 1; + } + } + return 0; +} diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index d03c75e8aa..d354fd484e 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -9,7 +9,7 @@ */ /* - * ECDSA low level APIs are deprecated for public use, but still ok for + * EC_KEY low level APIs are deprecated for public use, but still ok for * internal use. */ #include "internal/deprecated.h" diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 678b77047d..e1b92f7c33 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -9,7 +9,7 @@ */ /* - * ECDSA low level APIs are deprecated for public use, but still ok for + * EC_GROUP low level APIs are deprecated for public use, but still ok for * internal use. */ #include "internal/deprecated.h" @@ -1461,32 +1461,6 @@ err: return NULL; } -static int ec_encoding_param2id(const OSSL_PARAM *p, int *id) -{ - const char *name = NULL; - int status = 0; - - switch (p->data_type) { - case OSSL_PARAM_UTF8_STRING: - /* The OSSL_PARAM functions have no support for this */ - name = p->data; - status = (name != NULL); - break; - case OSSL_PARAM_UTF8_PTR: - status = OSSL_PARAM_get_utf8_ptr(p, &name); - break; - } - if (status) { - int i = ec_encoding_name2id(name); - - if (i >= 0) { - *id = i; - return 1; - } - } - return 0; -} - static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, OSSL_LIB_CTX *libctx, const char *propq) { @@ -1516,6 +1490,42 @@ static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, return NULL; } +/* These parameters can be set directly into an EC_GROUP */ +int ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]) +{ + int encoding_flag = -1, format = -1; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT); + if (p != NULL) { + if (!ec_pt_format_param2id(p, &format)) { + ECerr(0, EC_R_INVALID_FORM); + return 0; + } + EC_GROUP_set_point_conversion_form(group, format); + } + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING); + if (p != NULL) { + if (!ec_encoding_param2id(p, &encoding_flag)) { + ECerr(0, EC_R_INVALID_FORM); + return 0; + } + EC_GROUP_set_asn1_flag(group, encoding_flag); + } + /* Optional seed */ + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED); + if (p != NULL) { + /* The seed is allowed to be NULL */ + if (p->data_type != OSSL_PARAM_OCTET_STRING + || !EC_GROUP_set_seed(group, p->data, p->data_size)) { + ECerr(0, EC_R_INVALID_SEED); + return 0; + } + } + return 1; +} + EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], OSSL_LIB_CTX *libctx, const char *propq) { @@ -1530,19 +1540,19 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], const unsigned char *buf = NULL; int encoding_flag = -1; - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING); - if (ptmp != NULL && !ec_encoding_param2id(ptmp, &encoding_flag)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - + /* This is the simple named group case */ ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); if (ptmp != NULL) { group = group_new_from_name(ptmp, libctx, propq); - if (group != NULL) - EC_GROUP_set_asn1_flag(group, encoding_flag); + if (group != NULL) { + if (!ec_group_set_params(group, params)) { + EC_GROUP_free(group); + group = NULL; + } + } return group; } + /* If it gets here then we are trying explicit parameters */ bnctx = BN_CTX_new_ex(libctx); if (bnctx == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); @@ -1690,6 +1700,12 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], * If we did not find a named group then the encoding should be explicit * if it was specified */ + ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING); + if (ptmp != NULL + && !ec_encoding_param2id(ptmp, &encoding_flag)) { + ECerr(0, EC_R_INVALID_ENCODING); + return 0; + } if (encoding_flag == OPENSSL_EC_NAMED_CURVE) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); goto err; diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 20c6065a31..e731d7c369 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -8,13 +8,16 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/ec.h> #include <openssl/bn.h> -#ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_STDIO int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) { BIO *b; @@ -59,7 +62,7 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *x) BIO_free(b); return ret; } -#endif +#endif /* OPENSSL_NO_STDIO */ static int print_bin(BIO *fp, const char *str, const unsigned char *num, size_t len, int off); @@ -256,3 +259,4 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf, return 1; } +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ diff --git a/crypto/evp/ec_ctrl.c b/crypto/evp/ec_ctrl.c index 541d8549d4..5bb078639c 100644 --- a/crypto/evp/ec_ctrl.c +++ b/crypto/evp/ec_ctrl.c @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" + #include <string.h> #include <openssl/core_names.h> @@ -466,7 +468,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, (char *)enc, 0); - *p++ = OSSL_PARAM_construct_end(); + *p = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, params); end: diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c index cad4d67d73..a4e478c223 100644 --- a/crypto/evp/p_legacy.c +++ b/crypto/evp/p_legacy.c @@ -17,6 +17,7 @@ #include <openssl/evp.h> #include <openssl/err.h> #include <openssl/rsa.h> +#include <openssl/ec.h> #include "crypto/types.h" #include "crypto/evp.h" #include "evp_local.h" @@ -24,6 +25,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) { int ret = EVP_PKEY_assign_RSA(pkey, key); + if (ret) RSA_up_ref(key); return ret; @@ -45,7 +47,41 @@ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) { RSA *ret = EVP_PKEY_get0_RSA(pkey); + if (ret != NULL) RSA_up_ref(ret); return ret; } + +#ifndef OPENSSL_NO_EC +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) +{ + int ret = EVP_PKEY_assign_EC_KEY(pkey, key); + + if (ret) + EC_KEY_up_ref(key); + return ret; +} + +EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) +{ + if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); + return NULL; + } + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { + EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); + return NULL; + } + return pkey->pkey.ec; +} + +EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) +{ + EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); + + if (ret != NULL) + EC_KEY_up_ref(ret); + return ret; +} +#endif /* OPENSSL_NO_EC */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index f43f5488d0..6fdc186507 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -43,7 +43,6 @@ #include "crypto/ec.h" -/* TODO remove this when the EVP_PKEY_is_a() #legacy support hack is removed */ #include "e_os.h" /* strcasecmp on Windows */ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, @@ -115,8 +114,7 @@ void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx) int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { /* - * TODO: clean up legacy stuff from this function when legacy support - * is gone. + * Clean up legacy stuff from this function when legacy support is gone. */ /* @@ -814,35 +812,6 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) #ifndef FIPS_MODULE # ifndef OPENSSL_NO_EC -int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) -{ - int ret = EVP_PKEY_assign_EC_KEY(pkey, key); - if (ret) - EC_KEY_up_ref(key); - return ret; -} - -EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) -{ - if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY); - return NULL; - } - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY); - return NULL; - } - return pkey->pkey.ec; -} - -EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) -{ - EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); - if (ret != NULL) - EC_KEY_up_ref(ret); - return ret; -} - static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) { if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) { diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 5f73f93ce8..a31b81ceec 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -128,7 +128,9 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) #endif -#ifndef OPENSSL_NO_EC + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) { EC_KEY *dtmp; @@ -160,7 +162,7 @@ IMPLEMENT_PEM_rw(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) -# ifndef OPENSSL_NO_STDIO +# ifndef OPENSSL_NO_STDIO EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, void *u) { @@ -168,10 +170,9 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ } - -# endif - -#endif +# endif +# endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ #ifndef OPENSSL_NO_DH diff --git a/crypto/sm2/sm2_key.c b/crypto/sm2/sm2_key.c index 5182d01058..c91a712b67 100644 --- a/crypto/sm2/sm2_key.c +++ b/crypto/sm2/sm2_key.c @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" /* to be able to use EC_KEY and EC_GROUP */ + #include <openssl/err.h> #include "crypto/sm2err.h" #include "crypto/sm2.h" diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 94ea3aef96..1383e2e4f8 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -9,6 +9,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" + #include "crypto/sm2.h" #include "crypto/sm2err.h" #include "crypto/ec.h" /* ec_group_do_inverse_ord() */ diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index d18d1e2b67..fb34d5cefc 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -400,13 +400,19 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k) static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) { - const EC_GROUP *grp = NULL; + char curve_name[80]; + size_t curve_name_len; int curve_nid; - if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC) - grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)); - if (!grp) + + if (pkey == NULL || !EVP_PKEY_is_a(pkey, "EC")) return X509_V_ERR_SUITE_B_INVALID_ALGORITHM; - curve_nid = EC_GROUP_get_curve_name(grp); + + if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, sizeof(curve_name), + &curve_name_len)) + return X509_V_ERR_SUITE_B_INVALID_CURVE; + + curve_nid = OBJ_txt2nid(curve_name); /* Check curve is consistent with LOS */ if (curve_nid == NID_secp384r1) { /* P-384 */ /* diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1d79449331..2e61969791 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" + #include <stdio.h> #include <time.h> #include <errno.h> diff --git a/doc/man3/d2i_RSAPrivateKey.pod b/doc/man3/d2i_RSAPrivateKey.pod index 7375f1bab3..8e7c010578 100644 --- a/doc/man3/d2i_RSAPrivateKey.pod +++ b/doc/man3/d2i_RSAPrivateKey.pod @@ -28,6 +28,14 @@ d2i_RSA_PUBKEY_fp, d2i_DHparams, d2i_DHparams_bio, d2i_DHparams_fp, +d2i_ECPKParameters, +d2i_ECParameters, +d2i_ECPrivateKey, +d2i_ECPrivateKey_bio, +d2i_ECPrivateKey_fp, +d2i_EC_PUBKEY, +d2i_EC_PUBKEY_bio, +d2i_EC_PUBKEY_fp, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, @@ -39,7 +47,15 @@ i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_DHparams, i2d_DHparams_bio, -i2d_DHparams_fp +i2d_DHparams_fp, +i2d_ECPKParameters, +i2d_ECParameters, +i2d_ECPrivateKey, +i2d_ECPrivateKey_bio, +i2d_ECPrivateKey_fp, +i2d_EC_PUBKEY, +i2d_EC_PUBKEY_bio, +i2d_EC_PUBKEY_fp - DEPRECATED =head1 SYNOPSIS diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index d5c684e31d..02542ba32d 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -53,14 +53,6 @@ d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSA_SIG, d2i_ECDSA_SIG, -d2i_ECPKParameters, -d2i_ECParameters, -d2i_ECPrivateKey, -d2i_ECPrivateKey_bio, -d2i_ECPrivateKey_fp, -d2i_EC_PUBKEY, -d2i_EC_PUBKEY_bio, -d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_CERT_ID_V2, @@ -237,14 +229,6 @@ i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, -i2d_ECPKParameters, -i2d_ECParameters, -i2d_ECPrivateKey, -i2d_ECPrivateKey_bio, -i2d_ECPrivateKey_fp, -i2d_EC_PUBKEY, -i2d_EC_PUBKEY_bio, -i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_CERT_ID_V2, diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod index be6e507169..ad188c6f46 100644 --- a/doc/man7/EVP_PKEY-EC.pod +++ b/doc/man7/EVP_PKEY-EC.pod @@ -79,6 +79,26 @@ EC curve's cofactor (note for some curves the cofactor is 1). Set the format used for serializing the EC group parameters. Valid values are "explicit" or "named_curve". The default value is "named_curve". +=item "point-format" (B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>) <utf8 string> + +Sets or gets the point_conversion_form for the I<key>. For a description of +point_conversion_forms please see L<EC_POINT_new(3)>. Valid values are +"uncompressed" or "compressed". The default value is "uncompressed". + +=item "group-check" (B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>) <utf8 string> + +Sets or Gets the type of group check done when EVP_PKEY_param_check() is called. +Valid values are "default", "named" and "named-nist". +The "named" type checks that the domain parameters match the inbuilt curve parameters, +"named-nist" is similiar but also checks that the named curve is a nist curve. +The "default" type does domain parameter validation for the OpenSSL default provider, +but is equivalent to "named-nist" for the OpenSSL fips provider. + +=item "include-public" (B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>) <integer> + +Setting this value to 0 indicates that the public key should not be included when +encoding the private key. The default value of 1 will include the public key. + See also L<EVP_KEYEXCH-ECDH(7)> for the related B<OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE> parameter that can be set on a per-operation basis. diff --git a/fuzz/asn1.c b/fuzz/asn1.c index b0d2ecd14e..e85a9607a4 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -96,7 +96,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(DISPLAYTEXT), ASN1_ITEM_ref(DIST_POINT), ASN1_ITEM_ref(DIST_POINT_NAME), -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) ASN1_ITEM_ref(ECPARAMETERS), ASN1_ITEM_ref(ECPKPARAMETERS), #endif @@ -347,10 +347,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey); #endif #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print); DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print); DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print); -# ifndef OPENSSL_NO_DEPRECATED_3_0 DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG); # endif #endif diff --git a/fuzz/server.c b/fuzz/server.c index ead9fc1105..9631787885 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -12,7 +12,7 @@ /* Test first part of SSL server handshake. */ -/* We need to use the deprecated RSA low level calls */ +/* We need to use the deprecated RSA/EC low level calls */ #define OPENSSL_SUPPRESS_DEPRECATED #include <time.h> @@ -200,8 +200,8 @@ static const uint8_t kRSAPrivateKeyDER[] = { }; #endif - #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* * -----BEGIN EC PRIVATE KEY----- * MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49 @@ -230,6 +230,7 @@ static const char ECDSAPrivateKeyPEM[] = { 0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a }; +# endif /* * -----BEGIN CERTIFICATE----- @@ -522,14 +523,14 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) RSA *privkey; #endif const uint8_t *bufp; -#if !defined(OPENSSL_NO_DEPRECATED_3_0) \ - || !defined(OPENSSL_NO_DSA) \ - || !defined(OPENSSL_NO_EC) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) EVP_PKEY *pkey; #endif X509 *cert; -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC EC_KEY *ecdsakey = NULL; +# endif #endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) DSA *dsakey = NULL; @@ -571,6 +572,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) X509_free(cert); #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 /* ECDSA */ bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM)); @@ -583,7 +585,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); - +# endif bio_buf = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM)); cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); diff --git a/include/crypto/ec.h b/include/crypto/ec.h index 087457fa50..4127b6e9a0 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -23,6 +23,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc); # ifndef OPENSSL_NO_EC # include <openssl/core.h> # include <openssl/ec.h> +# include "crypto/types.h" /*- * Computes the multiplicative inverse of x in the range @@ -69,10 +70,18 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, const char *propq, BN_CTX *bnctx, unsigned char **genbuf); int ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]); +int ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]); int ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], int include_private); int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]); int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode); int ec_encoding_name2id(const char *name); +int ec_encoding_param2id(const OSSL_PARAM *p, int *id); +int ec_pt_format_name2id(const char *name); +int ec_pt_format_param2id(const OSSL_PARAM *p, int *id); +char *ec_pt_format_id2name(int id); + +char *ec_check_group_type_id2name(int flags); +int ec_set_check_group_type_from_name(EC_KEY *ec, const char *name); # endif /* OPENSSL_NO_EC */ #endif diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h index e442e7aec7..a38d940a70 100644 --- a/include/crypto/sm2.h +++ b/include/crypto/sm2.h @@ -16,6 +16,7 @@ # ifndef OPENSSL_NO_SM2 # include <openssl/ec.h> +# include "crypto/types.h" int sm2_key_private_check(const EC_KEY *eckey); diff --git a/include/crypto/types.h b/include/crypto/types.h index ccb75e3cbf..e6e90d6177 100644 --- a/include/crypto/types.h +++ b/include/crypto/types.h @@ -12,5 +12,6 @@ #ifdef OPENSSL_NO_DEPRECATED_3_0 typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; #endif - diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 17b0573ac3..7b9af62962 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -400,12 +400,23 @@ extern "C" { #define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST #define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */ +#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */ +#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format" +#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check" +#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public" /* OSSL_PKEY_PARAM_EC_ENCODING values */ #define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" #define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" +#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" +#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" +#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" + +#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" +#define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" +#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" + /* Key Exchange parameters */ #define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ #define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */ diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 1f01c09fb2..2d9b7714e3 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -106,40 +106,41 @@ typedef struct ec_parameters_st ECPARAMETERS; /* EC_METHODs for curves over GF(p) */ /********************************************************************/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 /** Returns the basic GFp ec methods which provides the basis for the * optimized methods. * \return EC_METHOD object */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_simple_method(void)) +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_simple_method(void); /** Returns GFp methods using montgomery multiplication. * \return EC_METHOD object */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_mont_method(void)) +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_mont_method(void); /** Returns GFp methods using optimized methods for NIST recommended curves * \return EC_METHOD object */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nist_method(void)) +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nist_method(void); -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /** Returns 64-bit optimized methods for nistp224 * \return EC_METHOD object */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp224_method(void)) +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp224_method(void); /** Returns 64-bit optimized methods for nistp256 * \return EC_METHOD object */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp256_method(void)) +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp256_method(void); /** Returns 64-bit optimized methods for nistp521 * \return EC_METHOD object */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp521_method(void)) -# endif +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp521_method(void); +# endif /* OPENSSL_NO_EC_NISTP_64_GCC_128 */ -# ifndef OPENSSL_NO_EC2M +# ifndef OPENSSL_NO_EC2M /********************************************************************/ /* EC_METHOD for curves over GF(2^m) */ /********************************************************************/ @@ -147,9 +148,9 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp521_method(void)) /** Returns the basic GF2m ec method * \return EC_METHOD object */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_GF2m_simple_method(void)) +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GF2m_simple_method(void); -# endif +# endif /********************************************************************/ /* EC_GROUP functions */ @@ -160,18 +161,31 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_GF2m_simple_method(void)) * \param meth EC_METHOD to use * \return newly created EC_GROUP object or NULL in case of an error. */ -DEPRECATEDIN_3_0(EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)) +OSSL_DEPRECATEDIN_3_0 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +OSSL_DEPRECATEDIN_3_0 void EC_GROUP_clear_free(EC_GROUP *group); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +OSSL_DEPRECATEDIN_3_0 int EC_METHOD_get_field_type(const EC_METHOD *meth); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Frees a EC_GROUP object * \param group EC_GROUP object to be freed. */ void EC_GROUP_free(EC_GROUP *group); -/** Clears and frees a EC_GROUP object - * \param group EC_GROUP object to be cleared and freed. - */ -DEPRECATEDIN_3_0(void EC_GROUP_clear_free(EC_GROUP *group)) - /** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. * \param dst destination EC_GROUP object * \param src source EC_GROUP object @@ -186,18 +200,6 @@ int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); */ EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); -/** Returns the EC_METHOD of the EC_GROUP object. - * \param group EC_GROUP object - * \return EC_METHOD used in this EC_GROUP object. - */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)) - -/** Returns the field type of the EC_METHOD. - * \param meth EC_METHOD object - * \return NID of the underlying field type OID. - */ -DEPRECATEDIN_3_0(int EC_METHOD_get_field_type(const EC_METHOD *meth)) - /** Sets the generator and its order/cofactor of a EC_GROUP object. * \param group EC_GROUP object * \param generator EC_POINT object with the generator. @@ -317,6 +319,7 @@ int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve * \param group EC_GROUP object * \param p BIGNUM with the prime number (GFp) or the polynomial @@ -326,9 +329,11 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GFp(EC_GROUP *group, + const BIGNUM *p, + const BIGNUM *a, + const BIGNUM *b, + BN_CTX *ctx); /** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve * \param group EC_GROUP object @@ -339,11 +344,12 @@ DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, - BIGNUM *a, BIGNUM *b, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, + BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); -# ifndef OPENSSL_NO_EC2M +# ifndef OPENSSL_NO_EC2M /** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve * \param group EC_GROUP object * \param p BIGNUM with the prime number (GFp) or the polynomial @@ -353,9 +359,11 @@ DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, + const BIGNUM *p, + const BIGNUM *a, + const BIGNUM *b, + BN_CTX *ctx); /** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve * \param group EC_GROUP object @@ -366,10 +374,13 @@ DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, - BIGNUM *a, BIGNUM *b, - BN_CTX *ctx)) -# endif +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, + BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); +# endif /* OPENSSL_NO_EC2M */ +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + /** Returns the number of bits needed to represent a field element * \param group EC_GROUP object * \return number of bits needed to represent a field element @@ -550,12 +561,6 @@ int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); */ EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); -/** Returns the EC_METHOD used in EC_POINT object - * \param point EC_POINT object - * \return the EC_METHOD used - */ -DEPRECATEDIN_3_0(const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)) - /** Sets a point to infinity (neutral element) * \param group underlying EC_GROUP object * \param point EC_POINT to set to infinity @@ -563,6 +568,13 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)) */ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + /** Sets the jacobian projective coordinates of a EC_POINT over GFp * \param group underlying EC_GROUP object * \param p EC_POINT object @@ -572,10 +584,10 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, - EC_POINT *p, const BIGNUM *x, - const BIGNUM *y, const BIGNUM *z, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_Jprojective_coordinates_GFp + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); /** Gets the jacobian projective coordinates of a EC_POINT over GFp * \param group underlying EC_GROUP object @@ -586,10 +598,10 @@ DEPRECATEDIN_3_0(int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *gr * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *p, BIGNUM *x, - BIGNUM *y, BIGNUM *z, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_Jprojective_coordinates_GFp + (const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Sets the affine coordinates of an EC_POINT * \param group underlying EC_GROUP object @@ -614,6 +626,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /** Sets the affine coordinates of an EC_POINT. A synonym of * EC_POINT_set_affine_coordinates * \param group underlying EC_GROUP object @@ -623,11 +636,9 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, - EC_POINT *p, - const BIGNUM *x, - const BIGNUM *y, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GFp + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); /** Gets the affine coordinates of an EC_POINT. A synonym of * EC_POINT_get_affine_coordinates @@ -638,11 +649,10 @@ DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *p, - BIGNUM *x, - BIGNUM *y, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GFp + (const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Sets the x9.62 compressed coordinates of a EC_POINT * \param group underlying EC_GROUP object @@ -656,6 +666,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, int y_bit, BN_CTX *ctx); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of * EC_POINT_set_compressed_coordinates * \param group underlying EC_GROUP object @@ -665,12 +676,10 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - EC_POINT *p, - const BIGNUM *x, - int y_bit, - BN_CTX *ctx)) -# ifndef OPENSSL_NO_EC2M +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GFp + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M /** Sets the affine coordinates of an EC_POINT. A synonym of * EC_POINT_set_affine_coordinates * \param group underlying EC_GROUP object @@ -680,11 +689,9 @@ DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *gro * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *p, - const BIGNUM *x, - const BIGNUM *y, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GF2m + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); /** Gets the affine coordinates of an EC_POINT. A synonym of * EC_POINT_get_affine_coordinates @@ -695,11 +702,9 @@ DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, - const EC_POINT *p, - BIGNUM *x, - BIGNUM *y, - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GF2m + (const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); /** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of * EC_POINT_set_compressed_coordinates @@ -710,12 +715,12 @@ DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *p, - const BIGNUM *x, - int y_bit, - BN_CTX *ctx)) -# endif +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GF2m + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +# endif +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + /** Encodes a EC_POINT object to a octet string * \param group underlying EC_GROUP object * \param p EC_POINT object @@ -828,10 +833,11 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); -DEPRECATEDIN_3_0(int EC_POINT_make_affine(const EC_GROUP *group, - EC_POINT *point, BN_CTX *ctx)) -DEPRECATEDIN_3_0(int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int EC_POINT_make_affine(const EC_GROUP *group, + EC_POINT *point, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); /** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] * \param group underlying EC_GROUP object @@ -843,10 +849,11 @@ DEPRECATEDIN_3_0(int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *n, size_t num, - const EC_POINT *p[], const BIGNUM *m[], - BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *n, size_t num, + const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ /** Computes r = generator * n + q * m * \param group underlying EC_GROUP object @@ -860,18 +867,20 @@ DEPRECATEDIN_3_0(int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /** Stores multiples of generator for faster point multiplication * \param group EC_GROUP object * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -DEPRECATEDIN_3_0(int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); /** Reports whether a precomputation has been done * \param group EC_GROUP object * \return 1 if a pre-computation has been done and 0 otherwise */ -DEPRECATEDIN_3_0(int EC_GROUP_have_precompute_mult(const EC_GROUP *group)) +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_have_precompute_mult(const EC_GROUP *group); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ /********************************************************************/ /* ASN1 stuff */ @@ -906,10 +915,14 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); # define i2d_ECPKParameters_fp(fp,x) \ ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x)) -int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); -# ifndef OPENSSL_NO_STDIO -int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); -# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, + int off); +# ifndef OPENSSL_NO_STDIO +OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, + int off); +# endif +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ /********************************************************************/ /* EC_KEY functions */ @@ -920,33 +933,40 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); # define EC_PKEY_NO_PUBKEY 0x002 /* some values for the flags field */ -# define EC_FLAG_NON_FIPS_ALLOW 0x1 -# define EC_FLAG_FIPS_CHECKED 0x2 -# define EC_FLAG_COFACTOR_ECDH 0x1000 -# define EC_FLAG_SM2_RANGE 0x4 +# define EC_FLAG_SM2_RANGE 0x0004 +# define EC_FLAG_COFACTOR_ECDH 0x1000 +# define EC_FLAG_CHECK_NAMED_GROUP 0x2000 +# define EC_FLAG_CHECK_NAMED_GROUP_NIST 0x4000 +# define EC_FLAG_CHECK_NAMED_GROUP_MASK \ + (EC_FLAG_CHECK_NAMED_GROUP | EC_FLAG_CHECK_NAMED_GROUP_NIST) + +/* Deprecated flags - it was using 0x01..0x02 */ +# define EC_FLAG_NON_FIPS_ALLOW 0x0000 +# define EC_FLAG_FIPS_CHECKED 0x0000 +# ifndef OPENSSL_NO_DEPRECATED_3_0 /** * Creates a new EC_KEY object. * \param ctx The library context for to use for this EC_KEY. May be NULL in * which case the default library context is used. * \return EC_KEY object or NULL if an error occurred. */ -EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq); +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq); /** * Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a * NULL library context * \return EC_KEY object or NULL if an error occurred. */ -EC_KEY *EC_KEY_new(void); +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new(void); -int EC_KEY_get_flags(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_get_flags(const EC_KEY *key); -void EC_KEY_set_flags(EC_KEY *key, int flags); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_flags(EC_KEY *key, int flags); -void EC_KEY_clear_flags(EC_KEY *key, int flags); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_clear_flags(EC_KEY *key, int flags); -int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); /** * Creates a new EC_KEY object using a named curve as underlying @@ -957,8 +977,9 @@ int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); * \param nid NID of the named curve. * \return EC_KEY object or NULL if an error occurred. */ -EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq, - int nid); +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, + const char *propq, + int nid); /** * Creates a new EC_KEY object using a named curve as underlying @@ -967,44 +988,43 @@ EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq, * \param nid NID of the named curve. * \return EC_KEY object or NULL if an error occurred. */ -EC_KEY *EC_KEY_new_by_curve_name(int nid); - +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid); /** Frees a EC_KEY object. * \param key EC_KEY object to be freed. */ -void EC_KEY_free(EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key); /** Copies a EC_KEY object. * \param dst destination EC_KEY object * \param src src EC_KEY object * \return dst or NULL if an error occurred. */ -EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); /** Creates a new EC_KEY object and copies the content from src to it. * \param src the source EC_KEY object * \return newly created EC_KEY object or NULL if an error occurred. */ -EC_KEY *EC_KEY_dup(const EC_KEY *src); +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_dup(const EC_KEY *src); /** Increases the internal reference count of a EC_KEY object. * \param key EC_KEY object * \return 1 on success and 0 if an error occurred. */ -int EC_KEY_up_ref(EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_up_ref(EC_KEY *key); /** Returns the ENGINE object of a EC_KEY object * \param eckey EC_KEY object * \return the ENGINE object (possibly NULL). */ -ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); +OSSL_DEPRECATEDIN_3_0 ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); /** Returns the EC_GROUP object of a EC_KEY object * \param key EC_KEY object * \return the EC_GROUP object (possibly NULL). */ -const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); /** Sets the EC_GROUP of a EC_KEY object. * \param key EC_KEY object @@ -1012,13 +1032,13 @@ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); * object will use an own copy of the EC_GROUP). * \return 1 on success and 0 if an error occurred. */ -int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); /** Returns the private key of a EC_KEY object. * \param key EC_KEY object * \return a BIGNUM with the private key (possibly NULL). */ -const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); /** Sets the private key of a EC_KEY object. * \param key EC_KEY object @@ -1026,13 +1046,13 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); * will use an own copy of the BIGNUM). * \return 1 on success and 0 if an error occurred. */ -int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); /** Returns the public key of a EC_KEY object. * \param key the EC_KEY object * \return a EC_POINT object with the public key (possibly NULL) */ -const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); /** Sets the public key of a EC_KEY object. * \param key EC_KEY object @@ -1040,20 +1060,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); * will use an own copy of the EC_POINT object). * \return 1 on success and 0 if an error occurred. */ -int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); -unsigned EC_KEY_get_enc_flags(const EC_KEY *key); -void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); -point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); -void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +OSSL_DEPRECATEDIN_3_0 unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +OSSL_DEPRECATEDIN_3_0 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_conv_form(EC_KEY *eckey, + point_conversion_form_t cform); +# endif /*OPENSSL_NO_DEPRECATED_3_0 */ # define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) -int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); -void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +OSSL_DEPRECATEDIN_3_0 void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); /* wrapper functions for the underlying EC_GROUP object */ -void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); /** Creates a table of pre-computed multiples of the generator to * accelerate further EC_KEY operations. @@ -1061,25 +1085,25 @@ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred. */ -DEPRECATEDIN_3_0(int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)) +OSSL_DEPRECATEDIN_3_0 int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); /** Creates a new ec private (and optional a new public) key. * \param key EC_KEY object * \return 1 on success and 0 if an error occurred. */ -int EC_KEY_generate_key(EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_generate_key(EC_KEY *key); /** Verifies that a private and/or public key is valid. * \param key the EC_KEY object * \return 1 on success and 0 otherwise. */ -int EC_KEY_check_key(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key); /** Indicates if an EC_KEY can be used for signing. * \param eckey the EC_KEY object * \return 1 if can can sign and 0 otherwise. */ -int EC_KEY_can_sign(const EC_KEY *eckey); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey); /** Sets a public key from affine coordinates performing * necessary NIST PKV tests. @@ -1088,8 +1112,9 @@ int EC_KEY_can_sign(const EC_KEY *eckey); * \param y public key y coordinate * \return 1 on success and 0 otherwise. */ -int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, - BIGNUM *y); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, + BIGNUM *x, + BIGNUM *y); /** Encodes an EC_KEY public key to an allocated octet string * \param key key to encode @@ -1098,8 +1123,9 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, * \param ctx BN_CTX object (optional) * \return the length of the encoded octet string or 0 if an error occurred */ -size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, - unsigned char **pbuf, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_key2buf(const EC_KEY *key, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); /** Decodes a EC_KEY public key from a octet string * \param key key to decode @@ -1109,8 +1135,8 @@ size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, * \return 1 on success and 0 if an error occurred */ -int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, - BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, + size_t len, BN_CTX *ctx); /** Decodes an EC_KEY private key from an octet string * \param key key to decode @@ -1119,7 +1145,8 @@ int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, * \return 1 on success and 0 if an error occurred */ -int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, + size_t len); /** Encodes a EC_KEY private key to an octet string * \param key key to encode @@ -1129,14 +1156,16 @@ int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); * \return the length of the encoded octet string or 0 if an error occurred */ -size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); +OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2oct(const EC_KEY *key, + unsigned char *buf, size_t len); /** Encodes an EC_KEY private key to an allocated octet string * \param eckey key to encode * \param pbuf returns pointer to allocated buffer * \return the length of the encoded octet string or 0 if an error occurred */ -size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2buf(const EC_KEY *eckey, + unsigned char **pbuf); /********************************************************************/ /* de- and encoding functions for SEC1 ECPrivateKey */ @@ -1148,7 +1177,9 @@ size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); * \param len length of the DER encoded private key * \return the decoded private key or NULL if an error occurred. */ -EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey(EC_KEY **key, + const unsigned char **in, + long len); /** Encodes a private key object and stores the result in a buffer. * \param key the EC_KEY object to encode @@ -1156,7 +1187,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); * of bytes needed). * \return 1 on success and 0 if an error occurred. */ -int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out); +OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey(const EC_KEY *key, + unsigned char **out); /********************************************************************/ /* de- and encoding functions for EC parameters */ @@ -1169,7 +1201,9 @@ int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out); * \return a EC_KEY object with the decoded parameters or NULL if an error * occurred. */ -EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECParameters(EC_KEY **key, + const unsigned char **in, + long len); /** Encodes ec parameter and stores the result in a buffer. * \param key the EC_KEY object with ec parameters to encode @@ -1177,7 +1211,8 @@ EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); * of bytes needed). * \return 1 on success and 0 if an error occurred. */ -int i2d_ECParameters(const EC_KEY *key, unsigned char **out); +OSSL_DEPRECATEDIN_3_0 int i2d_ECParameters(const EC_KEY *key, + unsigned char **out); /********************************************************************/ /* de- and encoding functions for EC public key */ @@ -1191,7 +1226,8 @@ int i2d_ECParameters(const EC_KEY *key, unsigned char **out); * \return EC_KEY object with decoded public key or NULL if an error * occurred. */ -EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); +OSSL_DEPRECATEDIN_3_0 EC_KEY *o2i_ECPublicKey(EC_KEY **key, + const unsigned char **in, long len); /** Encodes a ec public key in an octet string. * \param key the EC_KEY object with the public key @@ -1199,14 +1235,14 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); * of bytes needed). * \return 1 on success and 0 if an error occurred */ -int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); +OSSL_DEPRECATEDIN_3_0 int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); /** Prints out the ec parameters on human readable form. * \param bp BIO object to which the information is printed * \param key EC_KEY object * \return 1 on success and 0 if an error occurred */ -int ECParameters_print(BIO *bp, const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int ECParameters_print(BIO *bp, const EC_KEY *key); /** Prints out the contents of a EC_KEY object * \param bp BIO object to which the information is printed @@ -1214,15 +1250,15 @@ int ECParameters_print(BIO *bp, const EC_KEY *key); * \param off line offset * \return 1 on success and 0 if an error occurred */ -int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); -# ifndef OPENSSL_NO_STDIO +# ifndef OPENSSL_NO_STDIO /** Prints out the ec parameters on human readable form. * \param fp file descriptor to which the information is printed * \param key EC_KEY object * \return 1 on success and 0 if an error occurred */ -int ECParameters_print_fp(FILE *fp, const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int ECParameters_print_fp(FILE *fp, const EC_KEY *key); /** Prints out the contents of a EC_KEY object * \param fp file descriptor to which the information is printed @@ -1230,32 +1266,33 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *key); * \param off line offset * \return 1 on success and 0 if an error occurred */ -int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); - -# endif +OSSL_DEPRECATEDIN_3_0 int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); +# endif /* OPENSSL_NO_STDIO */ -const EC_KEY_METHOD *EC_KEY_OpenSSL(void); -const EC_KEY_METHOD *EC_KEY_get_default_method(void); -void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); -const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); -int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); -EC_KEY *EC_KEY_new_method(ENGINE *engine); +OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_default_method(void); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine); /** The old name for ecdh_KDF_X9_63 * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, * it is actually specified in ANSI X9.63. * This identifier is retained for backwards compatibility */ -DEPRECATEDIN_3_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md)) - -DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen, - const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, - void *out, size_t *outlen))) +OSSL_DEPRECATEDIN_3_0 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, + size_t sinfolen, const EVP_MD *md); + +OSSL_DEPRECATEDIN_3_0 int ECDH_compute_key(void *out, size_t outlen, + const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF)(const void *in, + size_t inlen, void *out, + size_t *outlen)); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ typedef struct ECDSA_SIG_st ECDSA_SIG; @@ -1310,6 +1347,7 @@ const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); */ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +# ifndef OPENSSL_NO_DEPRECATED_3_0 /** Computes the ECDSA signature of the given hash value using * the supplied private key and returns the created signature. * \param dgst pointer to the hash value @@ -1317,8 +1355,8 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); * \param eckey EC_KEY object containing a private EC key * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ -DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, - int dgst_len, EC_KEY *eckey)) +OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, + int dgst_len, EC_KEY *eckey); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). @@ -1330,9 +1368,9 @@ DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, * \param eckey EC_KEY object containing a private EC key * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ -DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, - int dgstlen, const BIGNUM *kinv, - const BIGNUM *rp, EC_KEY *eckey)) +OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, + int dgstlen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); /** Verifies that the supplied signature is a valid ECDSA * signature of the supplied hash value using the supplied public key. @@ -1343,8 +1381,8 @@ DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, * \return 1 if the signature is valid, 0 if the signature is invalid * and -1 on error */ -DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey)) +OSSL_DEPRECATEDIN_3_0 int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); /** Precompute parts of the signing operation * \param eckey EC_KEY object containing a private EC key @@ -1353,8 +1391,8 @@ DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, * \param rp BIGNUM pointer for x coordinate of k * generator * \return 1 on success and 0 otherwise */ -DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, - BIGNUM **kinv, BIGNUM **rp)) +OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, + BIGNUM **kinv, BIGNUM **rp); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). @@ -1366,9 +1404,9 @@ DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, * \param eckey EC_KEY object containing a private EC key * \return 1 on success and 0 otherwise */ -DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst, - int dgstlen, unsigned char *sig, - unsigned int *siglen, EC_KEY *eckey)) +OSSL_DEPRECATEDIN_3_0 int ECDSA_sign(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, EC_KEY *eckey); /** Computes ECDSA signature of a given hash value using the supplied * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). @@ -1383,10 +1421,10 @@ DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst, * \param eckey EC_KEY object containing a private EC key * \return 1 on success and 0 otherwise */ -DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst, - int dgstlen, unsigned char *sig, - unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *rp, EC_KEY *eckey)) +OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_ex(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); /** Verifies that the given signature is valid ECDSA signature * of the supplied hash value using the specified public key. @@ -1399,119 +1437,112 @@ DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst, * \return 1 if the signature is valid, 0 if the signature is invalid * and -1 on error */ -DEPRECATEDIN_3_0(int ECDSA_verify(int type, const unsigned char *dgst, - int dgstlen, const unsigned char *sig, - int siglen, EC_KEY *eckey)) +OSSL_DEPRECATEDIN_3_0 int ECDSA_verify(int type, const unsigned char *dgst, + int dgstlen, const unsigned char *sig, + int siglen, EC_KEY *eckey); /** Returns the maximum length of the DER encoded signature * \param eckey EC_KEY object * \return numbers of bytes required for the DER encoded signature */ -DEPRECATEDIN_3_0(int ECDSA_size(const EC_KEY *eckey)) +OSSL_DEPRECATEDIN_3_0 int ECDSA_size(const EC_KEY *eckey); /********************************************************************/ /* EC_KEY_METHOD constructors, destructors, writers and accessors */ /********************************************************************/ -DEPRECATEDIN_3_0(EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)) -DEPRECATEDIN_3_0(void EC_KEY_METHOD_free(EC_KEY_METHOD *meth)) -DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_init - (EC_KEY_METHOD *meth, - int (*init)(EC_KEY *key), - void (*finish)(EC_KEY *key), - int (*copy)(EC_KEY *dest, const EC_KEY *src), - int (*set_group)(EC_KEY *key, const EC_GROUP *grp), - int (*set_private)(EC_KEY *key, - const BIGNUM *priv_key), - int (*set_public)(EC_KEY *key, - const EC_POINT *pub_key))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, - int (*keygen)(EC_KEY *key))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_compute_key - (EC_KEY_METHOD *meth, - int (*ckey)(unsigned char **psec, - size_t *pseclen, - const EC_POINT *pub_key, - const EC_KEY *ecdh))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_sign - (EC_KEY_METHOD *meth, - int (*sign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey), - int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, - int dgst_len, - const BIGNUM *in_kinv, - const BIGNUM *in_r, - EC_KEY *eckey))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_verify - (EC_KEY_METHOD *meth, - int (*verify)(int type, const unsigned - char *dgst, int dgst_len, - const unsigned char *sigbuf, - int sig_len, EC_KEY *eckey), - int (*verify_sig)(const unsigned char *dgst, - int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_init - (const EC_KEY_METHOD *meth, - int (**pinit)(EC_KEY *key), - void (**pfinish)(EC_KEY *key), - int (**pcopy)(EC_KEY *dest, const EC_KEY *src), - int (**pset_group)(EC_KEY *key, - const EC_GROUP *grp), - int (**pset_private)(EC_KEY *key, - const BIGNUM *priv_key), - int (**pset_public)(EC_KEY *key, - const EC_POINT *pub_key))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, - int (**pkeygen)(EC_KEY *key))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_compute_key - (const EC_KEY_METHOD *meth, - int (**pck)(unsigned char **psec, - size_t *pseclen, - const EC_POINT *pub_key, - const EC_KEY *ecdh))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_sign - (const EC_KEY_METHOD *meth, - int (**psign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey), - int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, +OSSL_DEPRECATEDIN_3_0 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_init + (EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_compute_key + (EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, size_t *pseclen, + const EC_POINT *pub_key, const EC_KEY *ecdh)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_sign + (EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_verify + (EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, const ECDSA_SIG *sig, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_init + (const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_keygen + (const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_compute_key + (const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_sign + (const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify + (const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, - const BIGNUM *in_r, - EC_KEY *eckey))) - -DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify - (const EC_KEY_METHOD *meth, - int (**pverify)(int type, const unsigned - char *dgst, int dgst_len, - const unsigned char *sigbuf, - int sig_len, EC_KEY *eckey), - int (**pverify_sig)(const unsigned char *dgst, - int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey))) + const ECDSA_SIG *sig, + EC_KEY *eckey)); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ # define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \ - d2i_ECParameters, x) + d2i_ECParameters, x) # ifndef __cplusplus # if defined(__SUNPRO_C) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 6893b49ce4..bfab06d5df 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -494,9 +494,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, # define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh)) # endif -# ifndef OPENSSL_NO_EC -# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ - (eckey)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) \ + EVP_PKEY_assign((pkey), EVP_PKEY_EC, (eckey)) +# endif # endif # ifndef OPENSSL_NO_SIPHASH # define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\ @@ -1261,11 +1263,16 @@ OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); # endif # endif -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC struct ec_key_st; +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +OSSL_DEPRECATEDIN_3_0 struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif # endif EVP_PKEY *EVP_PKEY_new(void); diff --git a/include/openssl/pem.h b/include/openssl/pem.h index 97d52e729b..22d42be8e4 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -455,11 +455,15 @@ DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSA_PUBKEY, DSA) DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSAparams, DSA) # endif # endif -# ifndef OPENSSL_NO_EC -DECLARE_PEM_rw(ECPKParameters, EC_GROUP) -DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) -DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, ECPrivateKey, EC_KEY) +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY) +# endif # endif + # ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_DEPRECATED_3_0 DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH) diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 0025a2a8cd..8c01334f49 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1227,13 +1227,13 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_ERROR_WANT_ASYNC 9 # define SSL_ERROR_WANT_ASYNC_JOB 10 # define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 + # ifndef OPENSSL_NO_DEPRECATED_3_0 # define SSL_CTRL_SET_TMP_DH 3 -# endif -# define SSL_CTRL_SET_TMP_ECDH 4 -# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTRL_SET_TMP_ECDH 4 # define SSL_CTRL_SET_TMP_DH_CB 6 # endif + # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 # define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 diff --git a/include/openssl/types.h b/include/openssl/types.h index cf11b8549d..56437f96f9 100644 --- a/include/openssl/types.h +++ b/include/openssl/types.h @@ -144,8 +144,10 @@ typedef struct rsa_meth_st RSA_METHOD; # endif typedef struct rsa_pss_params_st RSA_PSS_PARAMS; +# ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct ec_key_st EC_KEY; typedef struct ec_key_method_st EC_KEY_METHOD; +# endif typedef struct rand_meth_st RAND_METHOD; typedef struct rand_drbg_st RAND_DRBG; diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index bf525f427f..cb4f126edf 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -430,12 +430,14 @@ OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa); # endif # endif -# ifndef OPENSSL_NO_EC -EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); -int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); -EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); -int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); -# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); +# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8); X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk); @@ -474,12 +476,16 @@ OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa); # endif # endif -# ifndef OPENSSL_NO_EC -EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); -int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); -EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); -int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); -# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); +# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8); X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk); @@ -555,8 +561,10 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY) # endif # endif -# ifndef OPENSSL_NO_EC -DECLARE_ASN1_ENCODE_FUNCTIONS_only(EC_KEY, EC_PUBKEY) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY) +# endif # endif DECLARE_ASN1_FUNCTIONS(X509_SIG) diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in index 2d56119ba1..0ec78389a4 100644 --- a/providers/common/der/der_ec.h.in +++ b/providers/common/der/der_ec.h.in @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include "crypto/ec.h" #include "internal/der.h" /* Well known OIDs precompiled */ diff --git a/providers/common/der/der_sm2.h.in b/providers/common/der/der_sm2.h.in index 406ddf2b16..721c63d421 100644 --- a/providers/common/der/der_sm2.h.in +++ b/providers/common/der/der_sm2.h.in @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include "crypto/ec.h" #include "internal/der.h" /* Well known OIDs precompiled */ diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c index a67e2c26e4..b1f62b03c7 100644 --- a/providers/implementations/asymciphers/sm2_enc.c +++ b/providers/implementations/asymciphers/sm2_enc.c @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" + #include <openssl/crypto.h> #include <openssl/evp.h> #include <openssl/core_dispatch.h> diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 8775622a01..5d71d3ee1d 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -229,11 +229,33 @@ static ossl_inline int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, OSSL_PARAM params[]) { - int ecdh_cofactor_mode = 0; + int ecdh_cofactor_mode = 0, group_check = 0; + const char *name = NULL; + point_conversion_form_t format; if (ec == NULL) return 0; + format = EC_KEY_get_conv_form(ec); + name = ec_pt_format_id2name((int)format); + if (name != NULL + && !ossl_param_build_set_utf8_string(tmpl, params, + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + name)) + return 0; + + group_check = EC_KEY_get_flags(ec) & EC_FLAG_CHECK_NAMED_GROUP_MASK; + name = ec_check_group_type_id2name(group_check); + if (name != NULL + && !ossl_param_build_set_utf8_string(tmpl, params, + OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, + name)) + return 0; + + if ((EC_KEY_get_enc_flags(ec) & EC_PKEY_NO_PUBKEY) != 0) + ossl_param_build_set_int(tmpl, params, + OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0); + ecdh_cofactor_mode = (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; return ossl_param_build_set_int(tmpl, params, @@ -462,6 +484,7 @@ end: # define EC_IMEXPORTABLE_DOM_PARAMETERS \ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), \ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),\ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0), \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0), \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0), \ @@ -476,7 +499,8 @@ end: # define EC_IMEXPORTABLE_PRIVATE_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) # define EC_IMEXPORTABLE_OTHER_PARAMETERS \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL) + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) /* * Include all the possible combinations of OSSL_PARAM arrays for @@ -484,11 +508,6 @@ end: * * They are in a separate file as it is ~100 lines of unreadable and * uninteresting machine generated stuff. - * - * TODO(3.0): the generated list looks quite ugly, as to cover all possible - * combinations of the bits in `selection`, it also includes combinations that - * are not really useful: we might want to consider alternatives to this - * solution. */ #include "ec_kmgmt_imexport.inc" @@ -727,6 +746,11 @@ const OSSL_PARAM *ec_gettable_params(void *provctx) static const OSSL_PARAM ec_known_settable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, NULL, 0), OSSL_PARAM_END }; @@ -742,6 +766,12 @@ int ec_set_params(void *key, const OSSL_PARAM params[]) EC_KEY *eck = key; const OSSL_PARAM *p; + if (key == NULL) + return 0; + + if (!ec_group_set_params((EC_GROUP *)EC_KEY_get0_group(key), params)) + return 0; + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key)); @@ -850,8 +880,15 @@ int ec_validate(const void *keydata, int selection) if ((selection & EC_POSSIBLE_SELECTIONS) != 0) ok = 1; - if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { + int flags = EC_KEY_get_flags(eck); + + if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0) + ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), + (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx); + else + ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); + } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ok = ok && ec_key_public_check(eck, ctx); @@ -870,6 +907,8 @@ struct ec_gen_ctx { OSSL_LIB_CTX *libctx; char *group_name; char *encoding; + char *pt_format; + char *group_check; char *field_type; BIGNUM *p, *a, *b, *order, *cofactor; unsigned char *gen, *seed; @@ -972,6 +1011,8 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_GROUP_NAME, gctx->group_name); COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE, gctx->field_type); COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_ENCODING, gctx->encoding); + COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, gctx->pt_format); + COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, gctx->group_check); COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_P, gctx->p); COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_A, gctx->a); @@ -1005,6 +1046,12 @@ static int ec_gen_set_group_from_params(struct ec_gen_ctx *gctx) gctx->encoding, 0)) goto err; + if (gctx->pt_format != NULL + && !OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + gctx->pt_format, 0)) + goto err; + if (gctx->group_name != NULL) { if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, gctx->group_name, 0)) @@ -1066,6 +1113,7 @@ static const OSSL_PARAM *ec_gen_settable_params(void *provctx) OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0), @@ -1107,12 +1155,20 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (!ec_gen_set_group_from_params(gctx)) goto err; } else { - if (gctx->encoding) { + if (gctx->encoding != NULL) { int flags = ec_encoding_name2id(gctx->encoding); + if (flags < 0) goto err; EC_GROUP_set_asn1_flag(gctx->gen_group, flags); } + if (gctx->pt_format != NULL) { + int format = ec_pt_format_name2id(gctx->pt_format); + + if (format < 0) + goto err; + EC_GROUP_set_point_conversion_form(gctx->gen_group, format); + } } /* We must always assign a group, no matter what */ @@ -1125,6 +1181,8 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (gctx->ecdh_mode != -1) ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode); + if (gctx->group_check != NULL) + ret = ret && ec_set_check_group_type_from_name(ec, gctx->group_check); if (ret) return ec; err: @@ -1154,10 +1212,18 @@ static void *sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) } else { if (gctx->encoding) { int flags = ec_encoding_name2id(gctx->encoding); + if (flags < 0) goto err; EC_GROUP_set_asn1_flag(gctx->gen_group, flags); } + if (gctx->pt_format != NULL) { + int format = ec_pt_format_name2id(gctx->pt_format); + + if (format < 0) + goto err; + EC_GROUP_set_point_conversion_form(gctx->gen_group, format); + } } /* We must always assign a group, no matter what */ @@ -1197,7 +1263,8 @@ static void ec_gen_cleanup(void *genctx) BN_free(gctx->order); BN_free(gctx->cofactor); OPENSSL_free(gctx->group_name); - OPENSSL_free(gctx->field_type);; + OPENSSL_free(gctx->field_type); + OPENSSL_free(gctx->pt_format); OPENSSL_free(gctx->encoding); OPENSSL_free(gctx->seed); OPENSSL_free(gctx->gen); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 0739bc9082..34980b0bc6 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -18,6 +18,7 @@ #include <openssl/rand.h> #include <openssl/trace.h> #include <openssl/x509v3.h> +#include <openssl/core_names.h> #include "internal/cryptlib.h" #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) @@ -3429,6 +3430,29 @@ static char *srp_password_from_info_cb(SSL *s, void *arg) } #endif +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) +static int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, + EVP_PKEY *pkey) +{ + char name[80]; + int nid, ret = 0; + size_t name_len; + + if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, + name, sizeof(name), &name_len)) { + SSLerr(0, EC_R_MISSING_PARAMETERS); + return 0; + } + nid = OBJ_txt2nid(name); + if (nid == NID_undef) + goto end; + ret = tls1_set_groups(pext, pextlen, &nid, 1); +end: + EVP_PKEY_free(pkey); + return ret; +} +#endif + static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len); long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) @@ -3472,33 +3496,28 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return ret; } -# endif +#endif case SSL_CTRL_SET_DH_AUTO: s->cert->dh_tmp_auto = larg; return 1; -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_ECDH: { - const EC_GROUP *group = NULL; - int nid; + EVP_PKEY *pkecdh = NULL; if (parg == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - group = EC_KEY_get0_group((const EC_KEY *)parg); - if (group == NULL) { - ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS); + pkecdh = ssl_ecdh_to_pkey(parg); + if (pkecdh == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } - nid = EC_GROUP_get_curve_name(group); - if (nid == NID_undef) - return 0; - return tls1_set_groups(&s->ext.supportedgroups, - &s->ext.supportedgroups_len, - &nid, 1); + return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, + pkecdh); } - break; #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_HOSTNAME: /* @@ -3816,27 +3835,23 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_DH_AUTO: ctx->cert->dh_tmp_auto = larg; return 1; -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_ECDH: { - const EC_GROUP *group = NULL; - int nid; + EVP_PKEY *pkecdh = NULL; if (parg == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - group = EC_KEY_get0_group((const EC_KEY *)parg); - if (group == NULL) { - ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS); + pkecdh = ssl_ecdh_to_pkey(parg); + if (pkecdh == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } - nid = EC_GROUP_get_curve_name(group); - if (nid == NID_undef) - return 0; - return tls1_set_groups(&ctx->ext.supportedgroups, - &ctx->ext.supportedgroups_len, - &nid, 1); + return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, + pkecdh); } #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 22ab387422..1819ccd981 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2468,6 +2468,9 @@ __owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, unsigned char **ctp, size_t *ctlenp, int gensecret); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); +# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0) +__owur EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec); +# endif __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl); __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 60c17dd809..799ff357f8 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -818,32 +818,39 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats, /* Check a key is compatible with compression extension */ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) { - const EC_KEY *ec; - const EC_GROUP *grp; unsigned char comp_id; size_t i; + char name[80]; + size_t name_len; + /* If not an EC key nothing to check */ if (!EVP_PKEY_is_a(pkey, "EC")) return 1; - ec = EVP_PKEY_get0_EC_KEY(pkey); - grp = EC_KEY_get0_group(ec); + + if (!EVP_PKEY_get_utf8_string_param(pkey, + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + name, sizeof(name), &name_len)) + return 0; /* Get required compression id */ - if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) { - comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; + if (strcasecmp(name, "uncompressed") == 0) { + comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; } else if (SSL_IS_TLS13(s)) { - /* - * ec_point_formats extension is not used in TLSv1.3 so we ignore - * this check. - */ - return 1; + /* + * ec_point_formats extension is not used in TLSv1.3 so we ignore + * this check. + */ + return 1; } else { - int field_type = EC_GROUP_get_field_type(grp); + if (!EVP_PKEY_get_utf8_string_param(pkey, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, + name, sizeof(name), &name_len)) + return 0; - if (field_type == NID_X9_62_prime_field) + if (strcasecmp(name, SN_X9_62_prime_field) == 0) comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - else if (field_type == NID_X9_62_characteristic_two_field) + else if (strcasecmp(name, SN_X9_62_characteristic_two_field) == 0) comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; else return 0; diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c index 6f2103ad91..68b007b12d 100644 --- a/ssl/tls_depr.c +++ b/ssl/tls_depr.c @@ -159,5 +159,21 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh) return ret; } # endif -#endif +/* Some deprecated public APIs pass EC_KEY objects */ +# ifndef OPENSSL_NO_EC +EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec) +{ + EVP_PKEY *ret; + + if (ec == NULL) + return NULL; + ret = EVP_PKEY_new(); + if (EVP_PKEY_set1_EC_KEY(ret, ec) <= 0) { + EVP_PKEY_free(ret); + return NULL; + } + return ret; +} +# endif +#endif diff --git a/test/build.info b/test/build.info index a8f60c385b..b9e6d4f3b1 100644 --- a/test/build.info +++ b/test/build.info @@ -32,7 +32,7 @@ IF[{- !$disabled{tests} -}] versions \ aborttest test_test pkcs12_format_test \ sanitytest rsa_complex exdatatest bntest \ - ectest ecstresstest gmdifftest pbelutest \ + ecstresstest gmdifftest pbelutest \ destest mdc2test \ exptest \ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ @@ -96,7 +96,7 @@ IF[{- !$disabled{tests} -}] SOURCE[ectest]=ectest.c INCLUDE[ectest]=../include ../apps/include - DEPEND[ectest]=../libcrypto libtestutil.a + DEPEND[ectest]=../libcrypto.a libtestutil.a SOURCE[ecstresstest]=ecstresstest.c INCLUDE[ecstresstest]=../include ../apps/include @@ -548,7 +548,7 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=sm4_internal_test ENDIF IF[{- !$disabled{ec} -}] - PROGRAMS{noinst}=ec_internal_test curve448_internal_test + PROGRAMS{noinst}=ectest ec_internal_test curve448_internal_test ENDIF IF[{- !$disabled{cmac} -}] PROGRAMS{noinst}=cmactest diff --git a/test/ectest.c b/test/ectest.c index 9088fd166a..b047d88c3e 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -9,13 +9,10 @@ */ /* - * We need access to the deprecated EC_POINTs_mul, EC_GROUP_precompute_mult, - * and EC_GROUP_have_precompute_mult for testing purposes - * when the deprecated calls are not hidden + * EC_KEY low level APIs are deprecated for public use, but still ok for + * internal use. */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# define OPENSSL_SUPPRESS_DEPRECATED -#endif +#include "internal/deprecated.h" #include <string.h> #include "internal/nelem.h" diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 4358fbe5c5..440b4759dd 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -384,6 +384,7 @@ static const unsigned char pExampleECParamDER[] = { typedef struct APK_DATA_st { const unsigned char *kder; size_t size; + const char *keytype; int evptype; int check; int pub_check; @@ -392,22 +393,22 @@ typedef struct APK_DATA_st { } APK_DATA; static APK_DATA keydata[] = { - {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, - {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA}, + {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA}, #ifndef OPENSSL_NO_EC - {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC} + {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC} #endif }; static APK_DATA keycheckdata[] = { - {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0}, - {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA, + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0}, + {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 0, 1, 1, 0}, #ifndef OPENSSL_NO_EC - {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0}, + {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0}, /* group is also associated in our pub key */ - {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1}, - {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2} + {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1}, + {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2} #endif }; @@ -911,18 +912,14 @@ static struct ec_der_pub_keys_st { static int test_invalide_ec_char2_pub_range_decode(int id) { int ret = 0; - BIO *bio = NULL; - EC_KEY *eckey = NULL; + EVP_PKEY *pkey; - if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der, - ec_der_pub_keys[id].len))) - goto err; - eckey = d2i_EC_PUBKEY_bio(bio, NULL); - ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey)) - || TEST_ptr_null(eckey); -err: - EC_KEY_free(eckey); - BIO_free(bio); + pkey = load_example_key("EC", ec_der_pub_keys[id].der, + ec_der_pub_keys[id].len); + + ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) + || TEST_ptr_null(pkey); + EVP_PKEY_free(pkey); return ret; } @@ -1417,11 +1414,7 @@ static EVP_PKEY_METHOD *custom_pmeth; static int test_EVP_PKEY_check(int i) { int ret = 0; - const unsigned char *p; EVP_PKEY *pkey = NULL; -#ifndef OPENSSL_NO_EC - EC_KEY *eckey = NULL; -#endif EVP_PKEY_CTX *ctx = NULL; #ifndef OPENSSL_NO_DEPRECATED_3_0 EVP_PKEY_CTX *ctx2 = NULL; @@ -1434,36 +1427,12 @@ static int test_EVP_PKEY_check(int i) int expected_pub_check = ak->pub_check; int expected_param_check = ak->param_check; int type = ak->type; - BIO *pubkey = NULL; - - p = input; - switch (type) { - case 0: - if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) - || !TEST_ptr_eq(p, input + input_len) - || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) - goto done; - break; -#ifndef OPENSSL_NO_EC - case 1: - if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) - || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) - || !TEST_ptr(pkey = EVP_PKEY_new()) - || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) - goto done; - break; - case 2: - if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) - || !TEST_ptr_eq(p, input + input_len) - || !TEST_ptr(pkey = EVP_PKEY_new()) - || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) - goto done; - break; -#endif - default: - return 0; - } + if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) + goto done; + if (type == 0 + && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) + goto done; if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto done; @@ -1501,7 +1470,6 @@ static int test_EVP_PKEY_check(int i) EVP_PKEY_CTX_free(ctx2); #endif EVP_PKEY_free(pkey); - BIO_free(pubkey); return ret; } diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index 08fcd39bea..0711639fd1 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -12,6 +12,7 @@ #include <openssl/bio.h> #include <openssl/x509_vfy.h> #include <openssl/ssl.h> +#include <openssl/core_names.h> #ifndef OPENSSL_NO_SRP #include <openssl/srp.h> #endif @@ -1270,15 +1271,18 @@ static char *dup_str(const unsigned char *in, size_t len) static int pkey_type(EVP_PKEY *pkey) { - int nid = EVP_PKEY_id(pkey); - #ifndef OPENSSL_NO_EC - if (nid == EVP_PKEY_EC) { - const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + if (EVP_PKEY_is_a(pkey, "EC")) { + char name[80]; + size_t name_len; + + if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, + name, sizeof(name), &name_len)) + return NID_undef; + return OBJ_txt2nid(name); } #endif - return nid; + return EVP_PKEY_id(pkey); } static int peer_pkey_type(SSL *s) diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 4114d94917..f63ec67854 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -718,6 +718,7 @@ static void sv_usage(void) static void print_key_details(BIO *out, EVP_PKEY *key) { int keyid = EVP_PKEY_id(key); +#if 0 #ifndef OPENSSL_NO_EC if (keyid == EVP_PKEY_EC) { EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); @@ -731,6 +732,7 @@ static void print_key_details(BIO *out, EVP_PKEY *key) BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname); } else #endif +#endif { const char *algname; switch (keyid) { diff --git a/util/libcrypto.num b/util/libcrypto.num index 8b23993b07..964ac7d725 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1,4 +1,4 @@ -d2i_EC_PUBKEY 1 3_0_0 EXIST::FUNCTION:EC +d2i_EC_PUBKEY 1 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC b2i_PVK_bio 2 3_0_0 EXIST::FUNCTION: PEM_read_bio_NETSCAPE_CERT_SEQUENCE 3 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get0_chain 4 3_0_0 EXIST::FUNCTION: @@ -15,7 +15,7 @@ X509at_get_attr_by_NID 14 3_0_0 EXIST::FUNCTION: X509_PUBKEY_set0_param 15 3_0_0 EXIST::FUNCTION: PKCS12_it 16 3_0_0 EXIST::FUNCTION: i2d_ASN1_OCTET_STRING 17 3_0_0 EXIST::FUNCTION: -EC_KEY_set_private_key 18 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_private_key 18 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SRP_VBASE_get_by_user 19 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP Camellia_cfb128_encrypt 21 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0 DES_ncbc_encrypt 22 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES @@ -180,7 +180,7 @@ i2d_ASN1_PRINTABLESTRING 183 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set_hostflags 184 3_0_0 EXIST::FUNCTION: SCT_get0_log_id 185 3_0_0 EXIST::FUNCTION:CT ASN1_IA5STRING_it 186 3_0_0 EXIST::FUNCTION: -PEM_write_bio_ECPrivateKey 187 3_0_0 EXIST::FUNCTION:EC +PEM_write_bio_ECPrivateKey 187 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BN_consttime_swap 188 3_0_0 EXIST::FUNCTION: BIO_f_buffer 189 3_0_0 EXIST::FUNCTION: CMS_SignerInfo_get0_signer_id 190 3_0_0 EXIST::FUNCTION:CMS @@ -198,7 +198,7 @@ OCSP_request_add0_id 201 3_0_0 EXIST::FUNCTION:OCSP EVP_seed_cfb128 202 3_0_0 EXIST::FUNCTION:SEED BASIC_CONSTRAINTS_free 203 3_0_0 EXIST::FUNCTION: EVP_CIPHER_flags 204 3_0_0 EXIST::FUNCTION: -PEM_write_bio_ECPKParameters 205 3_0_0 EXIST::FUNCTION:EC +PEM_write_bio_ECPKParameters 205 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SCT_set_version 206 3_0_0 EXIST::FUNCTION:CT CMS_add1_ReceiptRequest 207 3_0_0 EXIST::FUNCTION:CMS d2i_CRL_DIST_POINTS 208 3_0_0 EXIST::FUNCTION: @@ -206,7 +206,7 @@ X509_CRL_INFO_free 209 3_0_0 EXIST::FUNCTION: ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ERR_load_strings 211 3_0_0 EXIST::FUNCTION: RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PEM_write_PKCS8_PRIV_KEY_INFO 214 3_0_0 EXIST::FUNCTION:STDIO X509at_get0_data_by_OBJ 215 3_0_0 EXIST::FUNCTION: b2i_PublicKey_bio 216 3_0_0 EXIST::FUNCTION: @@ -234,9 +234,9 @@ ASN1_item_i2d 238 3_0_0 EXIST::FUNCTION: OCSP_copy_nonce 239 3_0_0 EXIST::FUNCTION:OCSP OBJ_txt2nid 240 3_0_0 EXIST::FUNCTION: SEED_set_key 241 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED -EC_KEY_clear_flags 242 3_0_0 EXIST::FUNCTION:EC +EC_KEY_clear_flags 242 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC CMS_RecipientInfo_ktri_get0_algs 243 3_0_0 EXIST::FUNCTION:CMS -i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:EC +i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC MDC2 245 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 BN_clear_free 246 3_0_0 EXIST::FUNCTION: ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -254,7 +254,7 @@ EVP_md2 259 3_0_0 EXIST::FUNCTION:MD2 RC2_ecb_encrypt 260 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 ENGINE_register_DH 261 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ASN1_NULL_free 262 3_0_0 EXIST::FUNCTION: -EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:EC +EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_des_ede3 264 3_0_0 EXIST::FUNCTION:DES PKCS7_add1_attrib_digest 265 3_0_0 EXIST::FUNCTION: EC_POINT_get_affine_coordinates_GFp 266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC @@ -318,7 +318,7 @@ BIO_s_accept 323 3_0_0 EXIST::FUNCTION:SOCK EVP_whirlpool 324 3_0_0 EXIST::FUNCTION:WHIRLPOOL OCSP_ONEREQ_get1_ext_d2i 325 3_0_0 EXIST::FUNCTION:OCSP d2i_ESS_SIGNING_CERT 326 3_0_0 EXIST::FUNCTION: -EC_KEY_set_default_method 327 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_default_method 327 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_OBJECT_up_ref_count 328 3_0_0 EXIST::FUNCTION: RAND_load_file 329 3_0_0 EXIST::FUNCTION: BIO_ctrl_reset_read_request 330 3_0_0 EXIST::FUNCTION: @@ -521,7 +521,7 @@ X509_CRL_add1_ext_i2d 532 3_0_0 EXIST::FUNCTION: i2d_TS_TST_INFO 533 3_0_0 EXIST::FUNCTION:TS OBJ_sigid_free 534 3_0_0 EXIST::FUNCTION: TS_STATUS_INFO_get0_status 535 3_0_0 EXIST::FUNCTION:TS -EC_KEY_get_flags 536 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get_flags 536 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC ASN1_TYPE_cmp 537 3_0_0 EXIST::FUNCTION: i2d_RSAPublicKey 538 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EC_GROUP_get_trinomial_basis 539 3_0_0 EXIST::FUNCTION:EC,EC2M @@ -537,7 +537,7 @@ RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 d2i_X509_CRL_fp 549 3_0_0 EXIST::FUNCTION:STDIO i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_aes_128_ccm 551 3_0_0 EXIST::FUNCTION: -ECParameters_print 552 3_0_0 EXIST::FUNCTION:EC +ECParameters_print 552 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OCSP_SINGLERESP_get1_ext_d2i 553 3_0_0 EXIST::FUNCTION:OCSP RAND_status 554 3_0_0 EXIST::FUNCTION: EVP_ripemd160 555 3_0_0 EXIST::FUNCTION:RMD160 @@ -645,7 +645,7 @@ OCSP_resp_get0_produced_at 661 3_0_0 EXIST::FUNCTION:OCSP IDEA_encrypt 662 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA CRYPTO_nistcts128_encrypt_block 663 3_0_0 EXIST::FUNCTION: EVP_MD_do_all 664 3_0_0 EXIST::FUNCTION: -EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:EC +EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC CONF_parse_list 666 3_0_0 EXIST::FUNCTION: ENGINE_set_table_flags 667 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EVP_MD_meth_get_ctrl 668 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -772,7 +772,7 @@ CONF_get1_default_config_file 790 3_0_0 EXIST::FUNCTION: CRYPTO_ocb128_encrypt 791 3_0_0 EXIST::FUNCTION:OCB EXTENDED_KEY_USAGE_new 792 3_0_0 EXIST::FUNCTION: EVP_EncryptFinal 793 3_0_0 EXIST::FUNCTION: -PEM_write_ECPrivateKey 794 3_0_0 EXIST::FUNCTION:EC,STDIO +PEM_write_ECPrivateKey 794 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO EVP_CIPHER_meth_set_get_asn1_params 796 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PKCS7_dataInit 797 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_app_data 798 3_0_0 EXIST::FUNCTION: @@ -792,8 +792,8 @@ i2a_ASN1_ENUMERATED 811 3_0_0 EXIST::FUNCTION: PKCS7_ISSUER_AND_SERIAL_new 812 3_0_0 EXIST::FUNCTION: d2i_USERNOTICE 813 3_0_0 EXIST::FUNCTION: X509_cmp 814 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set1_EC_KEY 815 3_0_0 EXIST::FUNCTION:EC -ECPKParameters_print_fp 816 3_0_0 EXIST::FUNCTION:EC,STDIO +EVP_PKEY_set1_EC_KEY 815 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC +ECPKParameters_print_fp 816 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO GENERAL_SUBTREE_free 817 3_0_0 EXIST::FUNCTION: RSA_blinding_off 818 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_OCSP_REVOKEDINFO 819 3_0_0 EXIST::FUNCTION:OCSP @@ -910,7 +910,7 @@ DHparams_dup 932 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 X509_get_ext 933 3_0_0 EXIST::FUNCTION: X509_issuer_and_serial_hash 934 3_0_0 EXIST::FUNCTION: ASN1_BMPSTRING_it 935 3_0_0 EXIST::FUNCTION: -PEM_read_EC_PUBKEY 936 3_0_0 EXIST::FUNCTION:EC,STDIO +PEM_read_EC_PUBKEY 936 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO d2i_ASN1_IA5STRING 937 3_0_0 EXIST::FUNCTION: TS_TST_INFO_ext_free 938 3_0_0 EXIST::FUNCTION:TS i2d_X509_CRL_fp 939 3_0_0 EXIST::FUNCTION:STDIO @@ -920,7 +920,7 @@ TS_VERIFY_CTX_set_certs 942 3_0_0 EXIST::FUNCTION:TS BN_MONT_CTX_copy 943 3_0_0 EXIST::FUNCTION: OPENSSL_INIT_new 945 3_0_0 EXIST::FUNCTION: TS_ACCURACY_dup 946 3_0_0 EXIST::FUNCTION:TS -i2d_ECPrivateKey 947 3_0_0 EXIST::FUNCTION:EC +i2d_ECPrivateKey 947 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_NAME_ENTRY_create_by_OBJ 948 3_0_0 EXIST::FUNCTION: TS_VERIFY_CTX_cleanup 949 3_0_0 EXIST::FUNCTION:TS ASN1_INTEGER_get 950 3_0_0 EXIST::FUNCTION: @@ -1021,7 +1021,7 @@ X509_EXTENSION_new 1047 3_0_0 EXIST::FUNCTION: X509_getm_notAfter 1048 3_0_0 EXIST::FUNCTION: X509_ALGOR_dup 1049 3_0_0 EXIST::FUNCTION: d2i_X509_REQ_INFO 1050 3_0_0 EXIST::FUNCTION: -d2i_EC_PUBKEY_bio 1051 3_0_0 EXIST::FUNCTION:EC +d2i_EC_PUBKEY_bio 1051 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_STORE_CTX_set_error 1052 3_0_0 EXIST::FUNCTION: EC_KEY_METHOD_set_keygen 1053 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC CRYPTO_free 1054 3_0_0 EXIST::FUNCTION: @@ -1074,7 +1074,7 @@ X509_CRL_set1_nextUpdate 1100 3_0_0 EXIST::FUNCTION: EVP_des_ede3_cfb64 1101 3_0_0 EXIST::FUNCTION:DES BN_to_ASN1_INTEGER 1102 3_0_0 EXIST::FUNCTION: EXTENDED_KEY_USAGE_free 1103 3_0_0 EXIST::FUNCTION: -PEM_read_bio_EC_PUBKEY 1104 3_0_0 EXIST::FUNCTION:EC +PEM_read_bio_EC_PUBKEY 1104 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BN_MONT_CTX_set 1105 3_0_0 EXIST::FUNCTION: TS_CONF_set_serial 1106 3_0_0 EXIST::FUNCTION:TS X509_NAME_ENTRY_new 1107 3_0_0 EXIST::FUNCTION: @@ -1091,7 +1091,7 @@ X509_STORE_CTX_get0_store 1117 3_0_0 EXIST::FUNCTION: PKCS12_pack_p7data 1118 3_0_0 EXIST::FUNCTION: RSA_print_fp 1119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO OPENSSL_INIT_set_config_appname 1120 3_0_0 EXIST::FUNCTION:STDIO -EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:EC,STDIO +EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO BIO_dup_chain 1122 3_0_0 EXIST::FUNCTION: PKCS8_PRIV_KEY_INFO_it 1123 3_0_0 EXIST::FUNCTION: RSA_OAEP_PARAMS_free 1124 3_0_0 EXIST::FUNCTION: @@ -1185,7 +1185,7 @@ EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ X509_it 1212 3_0_0 EXIST::FUNCTION: d2i_PROXY_POLICY 1213 3_0_0 EXIST::FUNCTION: MDC2_Update 1214 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 -EC_KEY_new_by_curve_name 1215 3_0_0 EXIST::FUNCTION:EC +EC_KEY_new_by_curve_name 1215 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_CRL_free 1216 3_0_0 EXIST::FUNCTION: i2d_PKCS7_SIGN_ENVELOPE 1217 3_0_0 EXIST::FUNCTION: OCSP_CERTSTATUS_it 1218 3_0_0 EXIST::FUNCTION:OCSP @@ -1256,7 +1256,7 @@ MD5_Init 1284 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ UI_add_error_string 1285 3_0_0 EXIST::FUNCTION: X509_TRUST_cleanup 1286 3_0_0 EXIST::FUNCTION: PEM_read_X509 1287 3_0_0 EXIST::FUNCTION:STDIO -EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:EC +EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC i2d_RSAPublicKey_fp 1289 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO CRYPTO_ctr128_encrypt_ctr32 1290 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_move_peername 1291 3_0_0 EXIST::FUNCTION: @@ -1266,7 +1266,7 @@ X509_CRL_METHOD_free 1294 3_0_0 EXIST::FUNCTION: PEM_read_NETSCAPE_CERT_SEQUENCE 1295 3_0_0 EXIST::FUNCTION:STDIO OPENSSL_load_builtin_modules 1296 3_0_0 EXIST::FUNCTION: X509_set_version 1297 3_0_0 EXIST::FUNCTION: -i2d_EC_PUBKEY_bio 1298 3_0_0 EXIST::FUNCTION:EC +i2d_EC_PUBKEY_bio 1298 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_REQ_get_attr_count 1299 3_0_0 EXIST::FUNCTION: CMS_set1_signers_certs 1300 3_0_0 EXIST::FUNCTION:CMS TS_ACCURACY_free 1301 3_0_0 EXIST::FUNCTION:TS @@ -1312,7 +1312,7 @@ CRYPTO_mem_leaks_fp 1340 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG DES_set_key_unchecked 1341 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES BN_free 1342 3_0_0 EXIST::FUNCTION: EVP_aes_128_cfb1 1343 3_0_0 EXIST::FUNCTION: -EC_KEY_get0_group 1344 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get0_group 1344 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PEM_write_bio_CMS_stream 1345 3_0_0 EXIST::FUNCTION:CMS BIO_f_linebuffer 1346 3_0_0 EXIST::FUNCTION: ASN1_item_d2i_bio 1347 3_0_0 EXIST::FUNCTION: @@ -1403,7 +1403,7 @@ ASN1_check_infinite_end 1435 3_0_0 EXIST::FUNCTION: i2d_PKCS7_DIGEST 1436 3_0_0 EXIST::FUNCTION: ERR_lib_error_string 1437 3_0_0 EXIST::FUNCTION: X509_ATTRIBUTE_set1_object 1438 3_0_0 EXIST::FUNCTION: -i2d_ECPrivateKey_bio 1439 3_0_0 EXIST::FUNCTION:EC +i2d_ECPrivateKey_bio 1439 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BN_GENCB_free 1440 3_0_0 EXIST::FUNCTION: HMAC_size 1441 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_get0_DH 1442 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH @@ -1513,7 +1513,7 @@ EVP_CIPHER_asn1_to_param 1546 3_0_0 EXIST::FUNCTION: OCSP_request_onereq_get0 1547 3_0_0 EXIST::FUNCTION:OCSP ERR_load_PKCS7_strings 1548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_PUBKEY_get 1549 3_0_0 EXIST::FUNCTION: -EC_KEY_free 1550 3_0_0 EXIST::FUNCTION:EC +EC_KEY_free 1550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BIO_read 1551 3_0_0 EXIST::FUNCTION: EVP_PKEY_get_attr_by_NID 1552 3_0_0 EXIST::FUNCTION: BIO_get_accept_socket 1553 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK @@ -1629,7 +1629,7 @@ i2d_CMS_bio_stream 1667 3_0_0 EXIST::FUNCTION:CMS DES_quad_cksum 1668 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES X509_ATTRIBUTE_create_by_NID 1669 3_0_0 EXIST::FUNCTION: TS_VERIFY_CTX_free 1670 3_0_0 EXIST::FUNCTION:TS -EC_KEY_up_ref 1671 3_0_0 EXIST::FUNCTION:EC +EC_KEY_up_ref 1671 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EC_GROUP_get_basis_type 1672 3_0_0 EXIST::FUNCTION:EC OCSP_crlID_new 1673 3_0_0 EXIST:!VMS:FUNCTION:OCSP OCSP_crlID2_new 1673 3_0_0 EXIST:VMS:FUNCTION:OCSP @@ -1650,9 +1650,9 @@ OBJ_find_sigid_by_algs 1687 3_0_0 EXIST::FUNCTION: ASN1_generate_nconf 1688 3_0_0 EXIST::FUNCTION: CMS_add0_recipient_password 1689 3_0_0 EXIST::FUNCTION:CMS UI_get_string_type 1690 3_0_0 EXIST::FUNCTION: -PEM_read_bio_ECPrivateKey 1691 3_0_0 EXIST::FUNCTION:EC +PEM_read_bio_ECPrivateKey 1691 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_PKEY_get_attr 1692 3_0_0 EXIST::FUNCTION: -PEM_read_bio_ECPKParameters 1693 3_0_0 EXIST::FUNCTION:EC +PEM_read_bio_ECPKParameters 1693 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC d2i_PKCS12_MAC_DATA 1694 3_0_0 EXIST::FUNCTION: ENGINE_ctrl_cmd 1695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE PKCS12_SAFEBAG_get_bag_nid 1696 3_0_0 EXIST::FUNCTION: @@ -1793,7 +1793,7 @@ EVP_MD_meth_set_update 1835 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ EVP_camellia_192_cbc 1836 3_0_0 EXIST::FUNCTION:CAMELLIA OPENSSL_LH_stats_bio 1837 3_0_0 EXIST::FUNCTION: PKCS7_set_signed_attributes 1838 3_0_0 EXIST::FUNCTION: -EC_KEY_priv2buf 1839 3_0_0 EXIST::FUNCTION:EC +EC_KEY_priv2buf 1839 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BN_BLINDING_free 1840 3_0_0 EXIST::FUNCTION: IPAddressChoice_new 1841 3_0_0 EXIST::FUNCTION:RFC3779 X509_CRL_get_ext_count 1842 3_0_0 EXIST::FUNCTION: @@ -1928,7 +1928,7 @@ NCONF_load_fp 1973 3_0_0 EXIST::FUNCTION:STDIO i2d_OCSP_REQINFO 1974 3_0_0 EXIST::FUNCTION:OCSP EVP_PKEY_sign 1975 3_0_0 EXIST::FUNCTION: TS_REQ_get_ext_by_critical 1976 3_0_0 EXIST::FUNCTION:TS -EC_KEY_key2buf 1977 3_0_0 EXIST::FUNCTION:EC +EC_KEY_key2buf 1977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_EXTENSION_it 1978 3_0_0 EXIST::FUNCTION: i2d_PKCS8_fp 1979 3_0_0 EXIST::FUNCTION:STDIO UTF8_getc 1980 3_0_0 EXIST::FUNCTION: @@ -1972,7 +1972,7 @@ UI_dup_input_boolean 2017 3_0_0 EXIST::FUNCTION: PKCS7_dup 2018 3_0_0 EXIST::FUNCTION: i2d_TS_REQ_fp 2019 3_0_0 EXIST::FUNCTION:STDIO,TS i2d_OTHERNAME 2020 3_0_0 EXIST::FUNCTION: -EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SCT_get0_extensions 2022 3_0_0 EXIST::FUNCTION:CT OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION: i2d_DIRECTORYSTRING 2024 3_0_0 EXIST::FUNCTION: @@ -1998,12 +1998,12 @@ PKCS7_SIGN_ENVELOPE_it 2044 3_0_0 EXIST::FUNCTION: ASN1_d2i_fp 2045 3_0_0 EXIST::FUNCTION:STDIO EVP_DecryptFinal 2046 3_0_0 EXIST::FUNCTION: ASN1_ENUMERATED_it 2047 3_0_0 EXIST::FUNCTION: -o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:EC +o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC ERR_load_BUF_strings 2049 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OCSP_SINGLERESP_new 2051 3_0_0 EXIST::FUNCTION:OCSP ASN1_SCTX_free 2052 3_0_0 EXIST::FUNCTION: -i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:EC,STDIO +i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO EVP_CIPHER_CTX_original_iv 2054 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PKCS7_SIGNED_free 2055 3_0_0 EXIST::FUNCTION: X509_TRUST_get0_name 2056 3_0_0 EXIST::FUNCTION: @@ -2168,7 +2168,7 @@ CRYPTO_ccm128_decrypt_ccm64 2215 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_clock_precision_digits 2216 3_0_0 EXIST::FUNCTION:TS SCT_LIST_validate 2217 3_0_0 EXIST::FUNCTION:CT X509_PURPOSE_get_id 2218 3_0_0 EXIST::FUNCTION: -EC_KEY_get_ex_data 2219 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get_ex_data 2219 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_MD_size 2220 3_0_0 EXIST::FUNCTION: CRYPTO_malloc 2221 3_0_0 EXIST::FUNCTION: ERR_load_ASN1_strings 2222 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -2238,7 +2238,7 @@ SXNET_get_id_asc 2285 3_0_0 EXIST::FUNCTION: SCT_set1_extensions 2286 3_0_0 EXIST::FUNCTION:CT PKCS12_SAFEBAG_new 2287 3_0_0 EXIST::FUNCTION: TS_TST_INFO_set_nonce 2288 3_0_0 EXIST::FUNCTION:TS -PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:EC,STDIO +PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO RSA_free 2290 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_CRL_INFO_new 2291 3_0_0 EXIST::FUNCTION: AES_cfb8_encrypt 2292 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -2268,7 +2268,7 @@ PKCS7_ISSUER_AND_SERIAL_digest 2315 3_0_0 EXIST::FUNCTION: EVP_des_ofb 2316 3_0_0 EXIST::FUNCTION:DES DSA_set_method 2317 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA EVP_PKEY_get1_RSA 2318 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:EC +EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_camellia_192_ofb 2320 3_0_0 EXIST::FUNCTION:CAMELLIA ASN1_STRING_length 2321 3_0_0 EXIST::FUNCTION: PKCS7_set_digest 2322 3_0_0 EXIST::FUNCTION: @@ -2345,11 +2345,11 @@ BN_sqr 2393 3_0_0 EXIST::FUNCTION: TS_TST_INFO_set_time 2394 3_0_0 EXIST::FUNCTION:TS OPENSSL_die 2395 3_0_0 EXIST::FUNCTION: X509_LOOKUP_by_alias 2396 3_0_0 EXIST::FUNCTION: -EC_KEY_set_conv_form 2397 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_conv_form 2397 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_TRUST_get_count 2399 3_0_0 EXIST::FUNCTION: IPAddressOrRange_free 2400 3_0_0 EXIST::FUNCTION:RFC3779 RSA_padding_add_PKCS1_OAEP 2401 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SRP_VBASE_new 2403 3_0_0 EXIST::FUNCTION:SRP i2d_ECDSA_SIG 2404 3_0_0 EXIST::FUNCTION:EC BIO_dump_indent 2405 3_0_0 EXIST::FUNCTION: @@ -2393,7 +2393,7 @@ ASIdentifiers_new 2443 3_0_0 EXIST::FUNCTION:RFC3779 CONF_imodule_get_flags 2444 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAG_it 2445 3_0_0 EXIST::FUNCTION: EVP_CIPHER_meth_set_set_asn1_params 2446 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EC_KEY_get_enc_flags 2447 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get_enc_flags 2447 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_OBJECT_idx_by_subject 2448 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_copy 2449 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 NETSCAPE_CERT_SEQUENCE_new 2450 3_0_0 EXIST::FUNCTION: @@ -2488,7 +2488,7 @@ WHIRLPOOL 2540 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ UI_set_default_method 2542 3_0_0 EXIST::FUNCTION: EC_POINT_is_at_infinity 2543 3_0_0 EXIST::FUNCTION:EC i2d_NOTICEREF 2544 3_0_0 EXIST::FUNCTION: -EC_KEY_new 2545 3_0_0 EXIST::FUNCTION:EC +EC_KEY_new 2545 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_chacha20 2546 3_0_0 EXIST::FUNCTION:CHACHA BN_bn2dec 2547 3_0_0 EXIST::FUNCTION: X509_REQ_print_ex 2548 3_0_0 EXIST::FUNCTION: @@ -2504,7 +2504,7 @@ X509_CRL_get0_signature 2557 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_keygen_info 2558 3_0_0 EXIST::FUNCTION: d2i_ASN1_UINTEGER 2559 3_0_0 EXIST::FUNCTION: i2s_ASN1_INTEGER 2560 3_0_0 EXIST::FUNCTION: -d2i_EC_PUBKEY_fp 2561 3_0_0 EXIST::FUNCTION:EC,STDIO +d2i_EC_PUBKEY_fp 2561 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO i2d_OCSP_SIGNATURE 2562 3_0_0 EXIST::FUNCTION:OCSP i2d_X509_EXTENSION 2563 3_0_0 EXIST::FUNCTION: PEM_read_bio_X509 2564 3_0_0 EXIST::FUNCTION: @@ -2566,7 +2566,7 @@ CMS_get0_type 2620 3_0_0 EXIST::FUNCTION:CMS ASN1_PCTX_free 2621 3_0_0 EXIST::FUNCTION: ESS_SIGNING_CERT_new 2622 3_0_0 EXIST::FUNCTION: X509V3_EXT_conf_nid 2623 3_0_0 EXIST::FUNCTION: -EC_KEY_check_key 2624 3_0_0 EXIST::FUNCTION:EC +EC_KEY_check_key 2624 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PKCS5_PBKDF2_HMAC 2625 3_0_0 EXIST::FUNCTION: CONF_get_section 2626 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_kari_decrypt 2627 3_0_0 EXIST::FUNCTION:CMS @@ -2601,7 +2601,7 @@ OPENSSL_sk_new 2656 3_0_0 EXIST::FUNCTION: BN_dup 2657 3_0_0 EXIST::FUNCTION: TS_MSG_IMPRINT_print_bio 2658 3_0_0 EXIST::FUNCTION:TS CONF_module_set_usr_data 2659 3_0_0 EXIST::FUNCTION: -EC_KEY_generate_key 2660 3_0_0 EXIST::FUNCTION:EC +EC_KEY_generate_key 2660 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BIO_ctrl_get_write_guarantee 2661 3_0_0 EXIST::FUNCTION: EVP_PKEY_assign 2662 3_0_0 EXIST::FUNCTION: EVP_aes_128_ofb 2663 3_0_0 EXIST::FUNCTION: @@ -2629,14 +2629,14 @@ TS_RESP_CTX_set_signer_cert 2685 3_0_0 EXIST::FUNCTION:TS X509V3_EXT_d2i 2686 3_0_0 EXIST::FUNCTION: ASN1_GENERALSTRING_it 2687 3_0_0 EXIST::FUNCTION: POLICYQUALINFO_free 2688 3_0_0 EXIST::FUNCTION: -EC_KEY_set_group 2689 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_group 2689 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OCSP_check_validity 2690 3_0_0 EXIST::FUNCTION:OCSP -PEM_write_ECPKParameters 2691 3_0_0 EXIST::FUNCTION:EC,STDIO +PEM_write_ECPKParameters 2691 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO X509_VERIFY_PARAM_lookup 2692 3_0_0 EXIST::FUNCTION: X509_LOOKUP_by_fingerprint 2693 3_0_0 EXIST::FUNCTION: EVP_CIPHER_meth_free 2694 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 PKCS7_RECIP_INFO_new 2695 3_0_0 EXIST::FUNCTION: -d2i_ECPrivateKey_fp 2696 3_0_0 EXIST::FUNCTION:EC,STDIO +d2i_ECPrivateKey_fp 2696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO TS_CONF_set_ordering 2697 3_0_0 EXIST::FUNCTION:TS X509_CRL_get_ext 2698 3_0_0 EXIST::FUNCTION: X509_CRL_get_ext_by_OBJ 2699 3_0_0 EXIST::FUNCTION: @@ -2742,13 +2742,13 @@ EC_GROUP_set_point_conversion_form 2801 3_0_0 EXIST::FUNCTION:EC CMS_dataFinal 2802 3_0_0 EXIST::FUNCTION:CMS ASN1_TIME_it 2803 3_0_0 EXIST::FUNCTION: ENGINE_get_static_state 2804 3_0_0 EXIST::FUNCTION:ENGINE -EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EC_GFp_mont_method 2806 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OPENSSL_asc2uni 2807 3_0_0 EXIST::FUNCTION: TS_REQ_new 2808 3_0_0 EXIST::FUNCTION:TS ENGINE_register_all_DH 2809 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ERR_clear_error 2810 3_0_0 EXIST::FUNCTION: -EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:EC +EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_LOOKUP_init 2812 3_0_0 EXIST::FUNCTION: i2b_PVK_bio 2813 3_0_0 EXIST::FUNCTION: OCSP_ONEREQ_free 2814 3_0_0 EXIST::FUNCTION:OCSP @@ -2770,7 +2770,7 @@ X509_REQ_get_signature_nid 2830 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_ext 2831 3_0_0 EXIST::FUNCTION:TS i2d_OCSP_RESPID 2832 3_0_0 EXIST::FUNCTION:OCSP EVP_camellia_256_cfb8 2833 3_0_0 EXIST::FUNCTION:CAMELLIA -EC_KEY_get0_public_key 2834 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get0_public_key 2834 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SRP_Calc_x 2835 3_0_0 EXIST::FUNCTION:SRP a2i_ASN1_ENUMERATED 2836 3_0_0 EXIST::FUNCTION: CONF_module_get_usr_data 2837 3_0_0 EXIST::FUNCTION: @@ -2802,13 +2802,13 @@ BIO_socket_nbio 2863 3_0_0 EXIST::FUNCTION:SOCK EVP_CIPHER_set_asn1_iv 2864 3_0_0 EXIST::FUNCTION: EC_GFp_nistp224_method 2865 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128 BN_swap 2866 3_0_0 EXIST::FUNCTION: -d2i_ECParameters 2867 3_0_0 EXIST::FUNCTION:EC +d2i_ECParameters 2867 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_NAME_add_entry_by_OBJ 2868 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_ext_count 2869 3_0_0 EXIST::FUNCTION:TS i2d_OCSP_CERTID 2870 3_0_0 EXIST::FUNCTION:OCSP BN_CTX_start 2871 3_0_0 EXIST::FUNCTION: BN_print 2872 3_0_0 EXIST::FUNCTION: -EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_PKEY_get0 2874 3_0_0 EXIST::FUNCTION: ENGINE_set_default 2875 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE NCONF_get_number_e 2876 3_0_0 EXIST::FUNCTION: @@ -2827,7 +2827,7 @@ POLICY_CONSTRAINTS_it 2888 3_0_0 EXIST::FUNCTION: NCONF_free_data 2889 3_0_0 EXIST::FUNCTION: BIO_asn1_set_prefix 2890 3_0_0 EXIST::FUNCTION: PEM_SignUpdate 2891 3_0_0 EXIST::FUNCTION: -PEM_write_bio_EC_PUBKEY 2892 3_0_0 EXIST::FUNCTION:EC +PEM_write_bio_EC_PUBKEY 2892 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC CMS_add_simple_smimecap 2893 3_0_0 EXIST::FUNCTION:CMS IPAddressChoice_free 2894 3_0_0 EXIST::FUNCTION:RFC3779 d2i_X509_AUX 2895 3_0_0 EXIST::FUNCTION: @@ -2901,7 +2901,7 @@ BN_CTX_new 2963 3_0_0 EXIST::FUNCTION: EC_curve_nid2nist 2964 3_0_0 EXIST::FUNCTION:EC ENGINE_get_finish_function 2965 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE EC_POINT_add 2966 3_0_0 EXIST::FUNCTION:EC -EC_KEY_oct2key 2967 3_0_0 EXIST::FUNCTION:EC +EC_KEY_oct2key 2967 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SHA384_Init 2968 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ASN1_UNIVERSALSTRING_new 2969 3_0_0 EXIST::FUNCTION: EVP_PKEY_print_private 2970 3_0_0 EXIST::FUNCTION: @@ -2952,7 +2952,7 @@ EVP_aes_128_gcm 3015 3_0_0 EXIST::FUNCTION: BIO_dgram_non_fatal_error 3016 3_0_0 EXIST::FUNCTION:DGRAM OCSP_request_is_signed 3017 3_0_0 EXIST::FUNCTION:OCSP i2d_BASIC_CONSTRAINTS 3018 3_0_0 EXIST::FUNCTION: -EC_KEY_get_method 3019 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get_method 3019 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EC_POINT_bn2point 3021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PBE2PARAM_it 3022 3_0_0 EXIST::FUNCTION: BN_rand 3023 3_0_0 EXIST::FUNCTION: @@ -3026,7 +3026,7 @@ TS_TST_INFO_set_version 3090 3_0_0 EXIST::FUNCTION:TS PKCS12_get0_mac 3091 3_0_0 EXIST::FUNCTION: EVP_EncodeInit 3092 3_0_0 EXIST::FUNCTION: X509_get0_trust_objects 3093 3_0_0 EXIST::FUNCTION: -d2i_ECPrivateKey_bio 3094 3_0_0 EXIST::FUNCTION:EC +d2i_ECPrivateKey_bio 3094 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BIO_s_secmem 3095 3_0_0 EXIST::FUNCTION: ENGINE_get_default_EC 3096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE TS_RESP_create_response 3097 3_0_0 EXIST::FUNCTION:TS @@ -3110,7 +3110,7 @@ EVP_MD_CTX_update_fn 3174 3_0_0 EXIST::FUNCTION: EVP_aes_128_ecb 3175 3_0_0 EXIST::FUNCTION: i2d_PKCS7_bio_stream 3176 3_0_0 EXIST::FUNCTION: i2a_ACCESS_DESCRIPTION 3178 3_0_0 EXIST::FUNCTION: -EC_KEY_set_enc_flags 3179 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_enc_flags 3179 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC i2d_PUBKEY_fp 3180 3_0_0 EXIST::FUNCTION:STDIO b2i_PrivateKey_bio 3181 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_add_ext 3182 3_0_0 EXIST::FUNCTION:OCSP @@ -3155,13 +3155,13 @@ OCSP_CERTID_free 3220 3_0_0 EXIST::FUNCTION:OCSP BIO_hex_string 3221 3_0_0 EXIST::FUNCTION: X509_REQ_sign_ctx 3222 3_0_0 EXIST::FUNCTION: CRYPTO_ocb128_init 3223 3_0_0 EXIST::FUNCTION:OCB -EVP_PKEY_get1_EC_KEY 3224 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_get1_EC_KEY 3224 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC ASN1_PRINTABLESTRING_free 3225 3_0_0 EXIST::FUNCTION: BIO_get_retry_reason 3226 3_0_0 EXIST::FUNCTION: X509_NAME_print 3227 3_0_0 EXIST::FUNCTION: ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION: BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION: -i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO +i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE DH_bits 3232 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION: @@ -3193,7 +3193,7 @@ ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DE PEM_read_bio_DHparams 3259 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH CMS_SharedInfo_encode 3260 3_0_0 EXIST::FUNCTION:CMS ASN1_OBJECT_create 3261 3_0_0 EXIST::FUNCTION: -i2d_ECParameters 3262 3_0_0 EXIST::FUNCTION:EC +i2d_ECParameters 3262 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BN_GF2m_mod_arr 3263 3_0_0 EXIST::FUNCTION:EC2M ENGINE_set_finish_function 3264 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE d2i_ASN1_OCTET_STRING 3265 3_0_0 EXIST::FUNCTION: @@ -3226,7 +3226,7 @@ NETSCAPE_SPKI_set_pubkey 3292 3_0_0 EXIST::FUNCTION: EVP_sha512 3293 3_0_0 EXIST::FUNCTION: X509_CRL_match 3294 3_0_0 EXIST::FUNCTION: i2s_ASN1_IA5STRING 3295 3_0_0 EXIST::FUNCTION: -EC_KEY_get_default_method 3296 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get_default_method 3296 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PKCS8_decrypt 3297 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_data 3298 3_0_0 EXIST::FUNCTION: POLICYQUALINFO_it 3299 3_0_0 EXIST::FUNCTION: @@ -3248,7 +3248,7 @@ ASN1_STRING_dup 3314 3_0_0 EXIST::FUNCTION: X509_LOOKUP_free 3315 3_0_0 EXIST::FUNCTION: EC_GROUP_cmp 3316 3_0_0 EXIST::FUNCTION:EC TS_TST_INFO_get_ext_by_critical 3317 3_0_0 EXIST::FUNCTION:TS -ECParameters_print_fp 3318 3_0_0 EXIST::FUNCTION:EC,STDIO +ECParameters_print_fp 3318 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO X509_REQ_sign 3319 3_0_0 EXIST::FUNCTION: CRYPTO_xts128_encrypt 3320 3_0_0 EXIST::FUNCTION: PEM_def_callback 3321 3_0_0 EXIST::FUNCTION: @@ -3306,7 +3306,7 @@ RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ CRYPTO_gcm128_finish 3374 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST::FUNCTION: PKCS12_PBE_add 3376 3_0_0 EXIST::FUNCTION: -EC_KEY_set_public_key_affine_coordinates 3377 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_public_key_affine_coordinates 3377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_EncryptInit_ex 3378 3_0_0 EXIST::FUNCTION: ENGINE_add 3379 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OPENSSL_LH_error 3380 3_0_0 EXIST::FUNCTION: @@ -3377,7 +3377,7 @@ BN_get_rfc3526_prime_2048 3448 3_0_0 EXIST::FUNCTION: BIO_new_bio_pair 3449 3_0_0 EXIST::FUNCTION: EC_GFp_nistp256_method 3450 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128 BIO_method_type 3451 3_0_0 EXIST::FUNCTION: -ECPKParameters_print 3452 3_0_0 EXIST::FUNCTION:EC +ECPKParameters_print 3452 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_rc4 3453 3_0_0 EXIST::FUNCTION:RC4 CMS_data_create 3454 3_0_0 EXIST::FUNCTION:CMS EC_POINT_point2bn 3455 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC @@ -3385,7 +3385,7 @@ CMS_unsigned_get0_data_by_OBJ 3456 3_0_0 EXIST::FUNCTION:CMS ASN1_OCTET_STRING_cmp 3457 3_0_0 EXIST::FUNCTION: X509_NAME_print_ex 3458 3_0_0 EXIST::FUNCTION: ASN1_parse 3459 3_0_0 EXIST::FUNCTION: -EC_KEY_priv2oct 3460 3_0_0 EXIST::FUNCTION:EC +EC_KEY_priv2oct 3460 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PKCS7_simple_smimecap 3461 3_0_0 EXIST::FUNCTION: ASN1_TYPE_set_int_octetstring 3462 3_0_0 EXIST::FUNCTION: BIO_number_written 3463 3_0_0 EXIST::FUNCTION: @@ -3432,7 +3432,7 @@ BIO_ADDR_rawport 3503 3_0_0 EXIST::FUNCTION:SOCK BUF_MEM_grow_clean 3504 3_0_0 EXIST::FUNCTION: X509_NAME_print_ex_fp 3505 3_0_0 EXIST::FUNCTION:STDIO X509_check_host 3506 3_0_0 EXIST::FUNCTION: -PEM_read_ECPKParameters 3507 3_0_0 EXIST::FUNCTION:EC,STDIO +PEM_read_ECPKParameters 3507 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO X509_ATTRIBUTE_get0_data 3508 3_0_0 EXIST::FUNCTION: CMS_add1_signer 3509 3_0_0 EXIST::FUNCTION:CMS BN_pseudo_rand 3510 3_0_0 EXIST::FUNCTION: @@ -3525,7 +3525,7 @@ CMS_get0_signers 3602 3_0_0 EXIST::FUNCTION:CMS i2d_PrivateKey_fp 3603 3_0_0 EXIST::FUNCTION:STDIO OTHERNAME_cmp 3604 3_0_0 EXIST::FUNCTION: SMIME_write_PKCS7 3605 3_0_0 EXIST::FUNCTION: -EC_KEY_set_public_key 3606 3_0_0 EXIST::FUNCTION:EC +EC_KEY_set_public_key 3606 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC d2i_X509_EXTENSION 3607 3_0_0 EXIST::FUNCTION: CMS_add1_recipient_cert 3608 3_0_0 EXIST::FUNCTION:CMS CMS_RecipientInfo_kekri_get0_id 3609 3_0_0 EXIST::FUNCTION:CMS @@ -3535,7 +3535,7 @@ BN_is_prime_ex 3612 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ PKCS5_v2_PBE_keyivgen 3613 3_0_0 EXIST::FUNCTION: CRYPTO_ctr128_encrypt 3614 3_0_0 EXIST::FUNCTION: CMS_unsigned_add1_attr_by_OBJ 3615 3_0_0 EXIST::FUNCTION:CMS -PEM_write_EC_PUBKEY 3616 3_0_0 EXIST::FUNCTION:EC,STDIO +PEM_write_EC_PUBKEY 3616 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO X509v3_asid_add_inherit 3617 3_0_0 EXIST::FUNCTION:RFC3779 ERR_get_error 3618 3_0_0 EXIST::FUNCTION: TS_CONF_set_signer_digest 3619 3_0_0 EXIST::FUNCTION:TS @@ -3611,7 +3611,7 @@ X509_VERIFY_PARAM_set1_ip 3691 3_0_0 EXIST::FUNCTION: OTHERNAME_free 3692 3_0_0 EXIST::FUNCTION: OCSP_REVOKEDINFO_free 3693 3_0_0 EXIST::FUNCTION:OCSP EVP_CIPHER_CTX_encrypting 3694 3_0_0 EXIST::FUNCTION: -EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:EC +EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION: OCSP_sendreq_nbio 3698 3_0_0 EXIST::FUNCTION:OCSP @@ -3647,7 +3647,7 @@ DES_set_key_checked 3727 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ EVP_PKEY_meth_free 3728 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_sha224 3729 3_0_0 EXIST::FUNCTION: ENGINE_set_id 3730 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -d2i_ECPrivateKey 3731 3_0_0 EXIST::FUNCTION:EC +d2i_ECPrivateKey 3731 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC CMS_signed_add1_attr_by_NID 3732 3_0_0 EXIST::FUNCTION:CMS i2d_DSAPrivateKey_fp 3733 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO EVP_CIPHER_meth_get_set_asn1_params 3734 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -3701,7 +3701,7 @@ EC_GROUP_new_curve_GFp 3782 3_0_0 EXIST::FUNCTION:EC UI_new_method 3783 3_0_0 EXIST::FUNCTION: Camellia_ofb128_encrypt 3784 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0 X509_new 3785 3_0_0 EXIST::FUNCTION: -EC_KEY_get_conv_form 3786 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get_conv_form 3786 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC CTLOG_STORE_get0_log_by_id 3787 3_0_0 EXIST::FUNCTION:CT CMS_signed_add1_attr 3788 3_0_0 EXIST::FUNCTION:CMS EVP_CIPHER_meth_set_iv_length 3789 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -3746,14 +3746,14 @@ d2i_AUTHORITY_KEYID 3828 3_0_0 EXIST::FUNCTION: RIPEMD160_Transform 3829 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160 DES_random_key 3830 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES i2d_PKCS12_MAC_DATA 3831 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get0_EC_KEY 3832 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_get0_EC_KEY 3832 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC ASN1_SCTX_get_item 3833 3_0_0 EXIST::FUNCTION: NOTICEREF_new 3834 3_0_0 EXIST::FUNCTION: BN_GF2m_mod_inv 3835 3_0_0 EXIST::FUNCTION:EC2M X509_CERT_AUX_free 3836 3_0_0 EXIST::FUNCTION: BN_GF2m_mod_inv_arr 3837 3_0_0 EXIST::FUNCTION:EC2M X509_REQ_get1_email 3838 3_0_0 EXIST::FUNCTION: -EC_KEY_print 3839 3_0_0 EXIST::FUNCTION:EC +EC_KEY_print 3839 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC i2d_ASN1_INTEGER 3840 3_0_0 EXIST::FUNCTION: OCSP_SINGLERESP_add1_ext_i2d 3841 3_0_0 EXIST::FUNCTION:OCSP PKCS7_add_signed_attribute 3842 3_0_0 EXIST::FUNCTION: @@ -3772,7 +3772,7 @@ d2i_OCSP_ONEREQ 3854 3_0_0 EXIST::FUNCTION:OCSP EVP_PKEY_asn1_set_security_bits 3855 3_0_0 EXIST::FUNCTION: i2d_CERTIFICATEPOLICIES 3856 3_0_0 EXIST::FUNCTION: i2d_X509_CERT_AUX 3857 3_0_0 EXIST::FUNCTION: -i2o_ECPublicKey 3858 3_0_0 EXIST::FUNCTION:EC +i2o_ECPublicKey 3858 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PKCS12_SAFEBAG_create0_pkcs8 3859 3_0_0 EXIST::FUNCTION: OBJ_get0_data 3860 3_0_0 EXIST::FUNCTION: EC_GROUP_get0_seed 3861 3_0_0 EXIST::FUNCTION:EC @@ -4114,7 +4114,7 @@ EVP_aria_256_ctr 4203 3_0_0 EXIST::FUNCTION:ARIA EVP_aria_128_ctr 4204 3_0_0 EXIST::FUNCTION:ARIA EVP_aria_192_ctr 4205 3_0_0 EXIST::FUNCTION:ARIA UI_null 4206 3_0_0 EXIST::FUNCTION: -EC_KEY_get0_engine 4207 3_0_0 EXIST::FUNCTION:EC +EC_KEY_get0_engine 4207 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC INT32_it 4208 3_0_0 EXIST::FUNCTION: UINT64_it 4209 3_0_0 EXIST::FUNCTION: ZINT32_it 4210 3_0_0 EXIST::FUNCTION: @@ -5084,8 +5084,8 @@ OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_get_capabilities ? 3_0_0 EXIST::FUNCTION: EC_GROUP_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC -EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:EC -EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC +EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC +EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OSSL_LIB_CTX_set0_default ? 3_0_0 EXIST::FUNCTION: PEM_X509_INFO_read_bio_ex ? 3_0_0 EXIST::FUNCTION: PEM_X509_INFO_read_ex ? 3_0_0 EXIST::FUNCTION:STDIO @@ -5232,7 +5232,7 @@ CMS_AuthEnvelopedData_create_ex ? 3_0_0 EXIST::FUNCTION:CMS EVP_PKEY_CTX_set_ec_param_enc ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_get0_first_alg_name ? 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_get0_first_name ? 3_0_0 EXIST::FUNCTION: -EC_KEY_decoded_from_explicit_params ? 3_0_0 EXIST::FUNCTION:EC +EC_KEY_decoded_from_explicit_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_KEM_free ? 3_0_0 EXIST::FUNCTION: EVP_KEM_up_ref ? 3_0_0 EXIST::FUNCTION: EVP_KEM_provider ? 3_0_0 EXIST::FUNCTION: |