openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Deprecate the low level DSA functions. 

Use of the low level DSA functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
This commit is contained in:
Pauli 2020-01-30 07:23:39 +10:00
parent 7f6deaf68e
commit f41ac0eeab
37 changed files with 359 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
CHANGES
View File

@ -21,6 +21,32 @@
options of the apps.
[Kurt Roeckx]
*) The command line utilities dhparam, dsa, gendsa and dsaparam have been
deprecated. Instead use the pkeyparam, pkey, genpkey and pkeyparam
programs respectively.
[Paul Dale]
*) All of the low level DSA functions have been deprecated including:
DSA_do_sign, DSA_do_verify, DSA_OpenSSL, DSA_set_default_method,
DSA_get_default_method, DSA_set_method, DSA_get_method, DSA_new_method,
DSA_sign_setup, DSA_sign, DSA_verify, DSA_get_ex_new_index,
DSA_set_ex_data, DSA_get_ex_data, DSA_generate_parameters_ex,
DSA_generate_key, DSA_meth_new, DSA_get0_engine, DSA_meth_free,
DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags,
DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data,
DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup,
DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify,
DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp,
DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init,
DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
Use of these low level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_DigestSignInit_ex(3)>,
L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
[Paul Dale]
*) Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC.
This means that applications don't have to look at the curve NID and

21
apps/dsa.c
View File

@ -81,6 +81,7 @@ int dsa_main(int argc, char **argv)
int pvk_encr = 2;
# endif
int private = 0;
EVP_PKEY *pkey = NULL;
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
@ -160,19 +161,14 @@ int dsa_main(int argc, char **argv)
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey != NULL)
dsa = EVP_PKEY_get1_DSA(pkey);
if (pkey != NULL) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
@ -185,7 +181,7 @@ int dsa_main(int argc, char **argv)
if (text) {
assert(pubin || private);
if (!DSA_print(out, dsa, 0)) {
if (!EVP_PKEY_print_private(out, pkey, 0, NULL)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
@ -261,6 +257,7 @@ int dsa_main(int argc, char **argv)
}
ret = 0;
end:
EVP_PKEY_free(pkey);
BIO_free_all(out);
DSA_free(dsa);
release_engine(e);

6
crypto/asn1/d2i_pu.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>

6
crypto/asn1/i2d_pu.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>

6
crypto/dh/dh_pmeth.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>

6
crypto/dsa/dsa_ameth.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>

6
crypto/dsa/dsa_asn1.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dsa_local.h"

6
crypto/dsa/dsa_depr.c
View File

@ -12,6 +12,12 @@
* version(s).
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
/*
* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
* also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB

6
crypto/dsa/dsa_gen.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/opensslconf.h>
#include <stdio.h>
#include "internal/cryptlib.h"

6
crypto/dsa/dsa_key.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"

6
crypto/dsa/dsa_lib.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"

2
crypto/dsa/dsa_meth.c
View File

@ -19,6 +19,7 @@
#include <string.h>
#include <openssl/err.h>
#ifndef OPENSSL_NO_DEPRECATED_3_0
DSA_METHOD *DSA_meth_new(const char *name, int flags)
{
DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam));
@ -222,3 +223,4 @@ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
dsam->dsa_keygen = keygen;
return 1;
}
#endif

6
crypto/dsa/dsa_ossl.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "crypto/bn.h"

6
crypto/dsa/dsa_pmeth.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>

6
crypto/dsa/dsa_prn.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>

6
crypto/dsa/dsa_sign.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/bn.h>
#include "internal/cryptlib.h"
#include "dsa_local.h"

6
crypto/dsa/dsa_vrf.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "internal/cryptlib.h"
#include "dsa_local.h"

6
crypto/evp/p_lib.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"

6
crypto/pem/pem_all.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bio.h>

6
crypto/pem/pem_info.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>

6
crypto/pem/pvkfmt.c
View File

@ -12,6 +12,12 @@
* and PRIVATEKEYBLOB).
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "internal/cryptlib.h"
#include <openssl/pem.h>
#include <openssl/rand.h>

6
crypto/x509/x_pubkey.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>

12
doc/man3/DSA_meth_new.pod
View File

@ -16,6 +16,10 @@ DSA_meth_set_keygen - Routines to build up DSA methods
#include <openssl/dsa.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
DSA_METHOD *DSA_meth_new(const char *name, int flags);
void DSA_meth_free(DSA_METHOD *dsam);
@ -86,6 +90,10 @@ DSA_meth_set_keygen - Routines to build up DSA methods
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications and extension implementations should instead use the
OSSL_PROVIDER APIs.
The B<DSA_METHOD> type is a structure used for the provision of custom DSA
implementations. It provides a set of functions used by OpenSSL for the
implementation of the various DSA capabilities.
@ -200,11 +208,13 @@ L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_get0_pqg(3)>
=head1 HISTORY
The functions described here were deprecated in OpenSSL 3.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

15
doc/man3/DSA_size.pod
View File

@ -8,12 +8,20 @@ DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or secu
#include <openssl/dsa.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DSA_size(const DSA *dsa);
int DSA_bits(const DSA *dsa);
int DSA_security_bits(const DSA *dsa);
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_bits(3)>,
L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
DSA_size() returns the maximum size of an ASN.1 encoded DSA signature
for key B<dsa> in bytes. It can be used to determine how much memory must
be allocated for a DSA signature.
@ -34,8 +42,15 @@ DSA_bits() returns the number of bits in the key.
=head1 SEE ALSO
L<EVP_PKEY_bits(3)>,
L<EVP_PKEY_security_bits(3)>,
L<EVP_PKEY_size(3)>,
L<DSA_new(3)>, L<DSA_sign(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

24
doc/man3/RSA_print.pod
View File

@ -10,11 +10,19 @@ DHparams_print, DHparams_print_fp - print cryptographic parameters
#include <openssl/rsa.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int RSA_print(BIO *bp, RSA *x, int offset);
int RSA_print_fp(FILE *fp, RSA *x, int offset);
#include <openssl/dsa.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DSAparams_print(BIO *bp, DSA *x);
int DSAparams_print_fp(FILE *fp, DSA *x);
int DSA_print(BIO *bp, DSA *x, int offset);
@ -22,11 +30,19 @@ DHparams_print, DHparams_print_fp - print cryptographic parameters
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DHparams_print(BIO *bp, DH *x);
int DHparams_print_fp(FILE *fp, DH *x);
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_print_params(3)> and
L<EVP_PKEY_print_private(3)>.
A human-readable hexadecimal output of the components of the RSA
key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
@ -38,7 +54,13 @@ These functions return 1 on success, 0 on error.
=head1 SEE ALSO
L<BN_bn2bin(3)>
L<EVP_PKEY_print_params(3)>,
L<EVP_PKEY_print_private(3)>,
L<BN_bn2bin(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT

6
fuzz/asn1.c
View File

@ -334,9 +334,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
#endif
#ifndef OPENSSL_NO_DSA
DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);
DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print);
DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print);
DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print);
DO_TEST_NO_PRINT(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey);
DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey);
DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams);
#endif
DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
#ifndef OPENSSL_NO_EC

164
include/openssl/dsa.h
View File

@ -39,7 +39,6 @@ extern "C" {
# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
# define DSA_FLAG_CACHE_MONT_P 0x01
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
/*
* Does nothing. Previously this switched off constant time behaviour.
@ -47,6 +46,9 @@ extern "C" {
# define DSA_FLAG_NO_EXP_CONSTTIME 0x00
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DSA_FLAG_CACHE_MONT_P 0x01
/*
* If this flag is set the DSA method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
@ -54,7 +56,7 @@ extern "C" {
* result is compliant.
*/
# define DSA_FLAG_FIPS_METHOD 0x0400
# define DSA_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
@ -62,8 +64,9 @@ extern "C" {
* usage is compliant.
*/
# define DSA_FLAG_NON_FIPS_ALLOW 0x0400
# define DSA_FLAG_FIPS_CHECKED 0x0800
# define DSA_FLAG_NON_FIPS_ALLOW 0x0400
# define DSA_FLAG_FIPS_CHECKED 0x0800
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/* Already defined in ossl_typ.h */
/* typedef struct dsa_st DSA; */
@ -71,12 +74,16 @@ extern "C" {
typedef struct DSA_SIG_st DSA_SIG;
/*
* TODO(3.0): consider removing the ASN.1 encoding and decoding when
* deserialisation is completed elsewhere.
*/
# define d2i_DSAparams_fp(fp, x) \
(DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
(char *(*)())d2i_DSAparams, (fp), \
(unsigned char **)(x))
# define i2d_DSAparams_fp(fp, x) \
ASN1_i2d_fp(i2d_DSAparams,(fp), (unsigned char *)(x))
ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x))
# define d2i_DSAparams_bio(bp, x) \
ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x)
# define i2d_DSAparams_bio(bp, x) \
@ -89,35 +96,41 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA_SIG, DSA_SIG)
void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
int DSA_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
DEPRECATEDIN_3_0(DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen,
DSA *dsa))
DEPRECATEDIN_3_0(int DSA_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa))
const DSA_METHOD *DSA_OpenSSL(void);
DEPRECATEDIN_3_0(const DSA_METHOD *DSA_OpenSSL(void))
void DSA_set_default_method(const DSA_METHOD *);
const DSA_METHOD *DSA_get_default_method(void);
int DSA_set_method(DSA *dsa, const DSA_METHOD *);
const DSA_METHOD *DSA_get_method(DSA *d);
DEPRECATEDIN_3_0(void DSA_set_default_method(const DSA_METHOD *))
DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_default_method(void))
DEPRECATEDIN_3_0(int DSA_set_method(DSA *dsa, const DSA_METHOD *))
DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_method(DSA *d))
DSA *DSA_new(void);
DSA *DSA_new_method(ENGINE *engine);
DEPRECATEDIN_3_0(DSA *DSA_new_method(ENGINE *engine))
void DSA_free(DSA *r);
/* "up" the DSA object's reference count */
int DSA_up_ref(DSA *r);
int DSA_size(const DSA *);
int DSA_bits(const DSA *d);
int DSA_security_bits(const DSA *d);
DEPRECATEDIN_3_0(int DSA_size(const DSA *))
DEPRECATEDIN_3_0(int DSA_bits(const DSA *d))
DEPRECATEDIN_3_0(int DSA_security_bits(const DSA *d))
/* next 4 return -1 on error */
DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
int DSA_sign(int type, const unsigned char *dgst, int dlen,
unsigned char *sig, unsigned int *siglen, DSA *dsa);
int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int siglen, DSA *dsa);
# define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp))
DEPRECATEDIN_3_0(int DSA_sign(int type, const unsigned char *dgst, int dlen,
unsigned char *sig, unsigned int *siglen,
DSA *dsa))
DEPRECATEDIN_3_0(int DSA_verify(int type, const unsigned char *dgst,
int dgst_len, const unsigned char *sigbuf,
int siglen, DSA *dsa))
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
int DSA_set_ex_data(DSA *d, int idx, void *arg);
void *DSA_get_ex_data(DSA *d, int idx);
# endif
DEPRECATEDIN_3_0(int DSA_set_ex_data(DSA *d, int idx, void *arg))
DEPRECATEDIN_3_0(void *DSA_get_ex_data(DSA *d, int idx))
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPublicKey)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPrivateKey)
@ -134,18 +147,19 @@ DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
void *cb_arg))
/* New version */
int DSA_generate_parameters_ex(DSA *dsa, int bits,
const unsigned char *seed, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb);
DEPRECATEDIN_3_0(int DSA_generate_parameters_ex(DSA *dsa, int bits,
const unsigned char *seed,
int seed_len, int *counter_ret,
unsigned long *h_ret,
BN_GENCB *cb))
int DSA_generate_key(DSA *a);
DEPRECATEDIN_3_0(int DSA_generate_key(DSA *a))
int DSAparams_print(BIO *bp, const DSA *x);
int DSA_print(BIO *bp, const DSA *x, int off);
DEPRECATEDIN_3_0(int DSAparams_print(BIO *bp, const DSA *x))
DEPRECATEDIN_3_0(int DSA_print(BIO *bp, const DSA *x, int off))
# ifndef OPENSSL_NO_STDIO
int DSAparams_print_fp(FILE *fp, const DSA *x);
int DSA_print_fp(FILE *bp, const DSA *x, int off);
DEPRECATEDIN_3_0(int DSAparams_print_fp(FILE *fp, const DSA *x))
DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off))
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
@ -164,6 +178,8 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off);
/*
* Convert DSA structure (key or just parameters) into DH structure (be
* careful to avoid small subgroup attacks when using this!)
*
* TODO(3.0): figure out how to remove this monstrosity
*/
DH *DSA_dup_DH(const DSA *r);
# endif
@ -196,54 +212,54 @@ const BIGNUM *DSA_get0_priv_key(const DSA *d);
void DSA_clear_flags(DSA *d, int flags);
int DSA_test_flags(const DSA *d, int flags);
void DSA_set_flags(DSA *d, int flags);
ENGINE *DSA_get0_engine(DSA *d);
DEPRECATEDIN_3_0(ENGINE *DSA_get0_engine(DSA *d))
DSA_METHOD *DSA_meth_new(const char *name, int flags);
void DSA_meth_free(DSA_METHOD *dsam);
DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
int DSA_meth_get_flags(const DSA_METHOD *dsam);
int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
(const unsigned char *, int, DSA *);
int DSA_meth_set_sign(DSA_METHOD *dsam,
DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
(DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
(const unsigned char *, int, DSA_SIG *, DSA *);
int DSA_meth_set_verify(DSA_METHOD *dsam,
int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
DEPRECATEDIN_3_0(DSA_METHOD *DSA_meth_new(const char *name, int flags))
DEPRECATEDIN_3_0(void DSA_meth_free(DSA_METHOD *dsam))
DEPRECATEDIN_3_0(DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam))
DEPRECATEDIN_3_0(const char *DSA_meth_get0_name(const DSA_METHOD *dsam))
DEPRECATEDIN_3_0(int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name))
DEPRECATEDIN_3_0(int DSA_meth_get_flags(const DSA_METHOD *dsam))
DEPRECATEDIN_3_0(int DSA_meth_set_flags(DSA_METHOD *dsam, int flags))
DEPRECATEDIN_3_0(void *DSA_meth_get0_app_data(const DSA_METHOD *dsam))
DEPRECATEDIN_3_0(int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data))
DEPRECATEDIN_3_0(DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
(const unsigned char *, int, DSA *))
DEPRECATEDIN_3_0(int DSA_meth_set_sign(DSA_METHOD *dsam,
DSA_SIG *(*sign) (const unsigned char *, int, DSA *)))
DEPRECATEDIN_3_0(int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
(DSA *, BN_CTX *, BIGNUM **, BIGNUM **))
DEPRECATEDIN_3_0(int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)))
DEPRECATEDIN_3_0(int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
(const unsigned char *, int, DSA_SIG *, DSA *))
DEPRECATEDIN_3_0(int DSA_meth_set_verify(DSA_METHOD *dsam,
int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)))
DEPRECATEDIN_3_0(int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
DEPRECATEDIN_3_0(int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
BN_MONT_CTX *));
int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
BN_MONT_CTX *)))
DEPRECATEDIN_3_0(int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
BN_CTX *, BN_MONT_CTX *);
int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
BN_CTX *, BN_MONT_CTX *))
DEPRECATEDIN_3_0(int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
const BIGNUM *, BN_CTX *, BN_MONT_CTX *)))
DEPRECATEDIN_3_0(int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *))
DEPRECATEDIN_3_0(int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)))
DEPRECATEDIN_3_0(int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *))
DEPRECATEDIN_3_0(int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)))
DEPRECATEDIN_3_0(int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
(DSA *, int, const unsigned char *, int, int *, unsigned long *,
BN_GENCB *);
int DSA_meth_set_paramgen(DSA_METHOD *dsam,
BN_GENCB *))
DEPRECATEDIN_3_0(int DSA_meth_set_paramgen(DSA_METHOD *dsam,
int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
unsigned long *, BN_GENCB *));
int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
unsigned long *, BN_GENCB *)))
DEPRECATEDIN_3_0(int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *))
DEPRECATEDIN_3_0(int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)))
# ifdef __cplusplus
}

6
providers/implementations/keymgmt/dsa_kmgmt.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/bn.h>

6
providers/implementations/serializers/serializer_dsa.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/dsa.h>
#include <openssl/err.h>
#include "prov/bio.h" /* ossl_prov_bio_printf() */

6
providers/implementations/serializers/serializer_dsa_param.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/pem.h>
#include <openssl/dsa.h>

6
providers/implementations/serializers/serializer_dsa_priv.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/err.h>

6
providers/implementations/serializers/serializer_dsa_pub.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/err.h>
#include <openssl/pem.h>

6
providers/implementations/signature/dsa.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <string.h>
#include <openssl/crypto.h>

21
test/build.info
View File

@ -35,7 +35,7 @@ IF[{- !$disabled{tests} -}]
ectest ecstresstest gmdifftest pbelutest \
destest mdc2test \
dhtest enginetest \
ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
ssltest_old exptest rsa_test \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@ -121,14 +121,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[ssltest_old]=.. ../include ../apps/include
DEPEND[ssltest_old]=../libcrypto ../libssl
SOURCE[dsatest]=dsatest.c
INCLUDE[dsatest]=../include ../apps/include
DEPEND[dsatest]=../libcrypto libtestutil.a
SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c
INCLUDE[dsa_no_digest_size_test]=../include ../apps/include
DEPEND[dsa_no_digest_size_test]=../libcrypto libtestutil.a
SOURCE[exptest]=exptest.c
INCLUDE[exptest]=../include ../apps/include
DEPEND[exptest]=../libcrypto libtestutil.a
@ -502,7 +494,7 @@ IF[{- !$disabled{tests} -}]
rdrand_sanitytest property_test ideatest \
rsa_sp800_56b_test bn_internal_test ecdsatest \
rc2test rc4test rc5test hmactest \
asn1_dsa_internal_test
asn1_dsa_internal_test dsatest dsa_no_digest_size_test
IF[{- !$disabled{poly1305} -}]
PROGRAMS{noinst}=poly1305_internal_test
@ -543,10 +535,19 @@ IF[{- !$disabled{tests} -}]
INCLUDE[x509_internal_test]=.. ../include ../apps/include
DEPEND[x509_internal_test]=../libcrypto.a libtestutil.a
SOURCE[ecdsatest]=ecdsatest.c
INCLUDE[ecdsatest]=../include ../apps/include
DEPEND[ecdsatest]=../libcrypto.a libtestutil.a
SOURCE[dsatest]=dsatest.c
INCLUDE[dsatest]=../include ../apps/include
DEPEND[dsatest]=../libcrypto.a libtestutil.a
SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c
INCLUDE[dsa_no_digest_size_test]=../include ../apps/include
DEPEND[dsa_no_digest_size_test]=../libcrypto.a libtestutil.a
SOURCE[tls13encryptiontest]=tls13encryptiontest.c
INCLUDE[tls13encryptiontest]=.. ../include ../apps/include
DEPEND[tls13encryptiontest]=../libcrypto ../libssl.a libtestutil.a

6
test/dsa_no_digest_size_test.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdlib.h>
#include <string.h>

6
test/dsatest.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

14
util/libcrypto.num
View File

@ -88,7 +88,7 @@ d2i_OCSP_RESPBYTES 89 3_0_0 EXIST::FUNCTION:OCSP
TS_REQ_get_ext_by_NID 90 3_0_0 EXIST::FUNCTION:TS
ASN1_item_ndef_i2d 91 3_0_0 EXIST::FUNCTION:
OCSP_archive_cutoff_new 92 3_0_0 EXIST::FUNCTION:OCSP
DSA_size 93 3_0_0 EXIST::FUNCTION:DSA
DSA_size 93 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
IPAddressRange_free 94 3_0_0 EXIST::FUNCTION:RFC3779
CMS_ContentInfo_free 95 3_0_0 EXIST::FUNCTION:CMS
BIO_accept 96 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
@ -96,7 +96,7 @@ X509_VERIFY_PARAM_set1_policies 97 3_0_0 EXIST::FUNCTION:
SCT_set0_extensions 98 3_0_0 EXIST::FUNCTION:CT
PKCS5_pbe2_set_scrypt 99 3_0_0 EXIST::FUNCTION:SCRYPT
X509_find_by_subject 100 3_0_0 EXIST::FUNCTION:
DSAparams_print 101 3_0_0 EXIST::FUNCTION:DSA
DSAparams_print 101 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
BF_set_key 102 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
d2i_DHparams 103 3_0_0 EXIST::FUNCTION:DH
i2d_PKCS7_ENC_CONTENT 104 3_0_0 EXIST::FUNCTION:
@ -222,7 +222,7 @@ ASN1_put_eoc 225 3_0_0 EXIST::FUNCTION:
EVP_MD_meth_set_input_blocksize 226 3_0_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_get0_attrs 227 3_0_0 EXIST::FUNCTION:
PKCS8_get_attr 228 3_0_0 EXIST::FUNCTION:
DSAparams_print_fp 229 3_0_0 EXIST::FUNCTION:DSA,STDIO
DSAparams_print_fp 229 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
EC_POINT_set_Jprojective_coordinates_GFp 230 3_0_0 EXIST::FUNCTION:EC
DIST_POINT_NAME_new 231 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_file 232 3_0_0 EXIST::FUNCTION:
@ -269,7 +269,7 @@ CRYPTO_gcm128_tag 274 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_parse_url 275 3_0_0 EXIST::FUNCTION:
UI_get0_test_string 276 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_free 277 3_0_0 EXIST::FUNCTION:
DSA_print_fp 278 3_0_0 EXIST::FUNCTION:DSA,STDIO
DSA_print_fp 278 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
X509_get_ext_d2i 279 3_0_0 EXIST::FUNCTION:
d2i_PKCS7_ENC_CONTENT 280 3_0_0 EXIST::FUNCTION:
BUF_MEM_grow 281 3_0_0 EXIST::FUNCTION:
@ -1954,7 +1954,7 @@ PEM_read_PrivateKey 1999 3_0_0 EXIST::FUNCTION:STDIO
X509V3_get_d2i 2000 3_0_0 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_sign 2001 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_free 2002 3_0_0 EXIST::FUNCTION:TS
DSA_security_bits 2003 3_0_0 EXIST::FUNCTION:DSA
DSA_security_bits 2003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
X509v3_addr_is_canonical 2004 3_0_0 EXIST::FUNCTION:RFC3779
BN_mod_mul_reciprocal 2005 3_0_0 EXIST::FUNCTION:
TS_REQ_get_version 2006 3_0_0 EXIST::FUNCTION:TS
@ -3564,7 +3564,7 @@ SCT_get0_signature 3641 3_0_0 EXIST::FUNCTION:CT
DISPLAYTEXT_it 3643 3_0_0 EXIST::FUNCTION:
OPENSSL_gmtime_adj 3644 3_0_0 EXIST::FUNCTION:
ASN1_INTEGER_dup 3645 3_0_0 EXIST::FUNCTION:
DSA_print 3646 3_0_0 EXIST::FUNCTION:DSA
DSA_print 3646 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
X509_REQ_set_extension_nids 3647 3_0_0 EXIST::FUNCTION:
X509_free 3648 3_0_0 EXIST::FUNCTION:
ERR_load_ERR_strings 3649 3_0_0 EXIST::FUNCTION:
@ -4045,7 +4045,7 @@ X509_STORE_unlock 4133 3_0_0 EXIST::FUNCTION:
X509_STORE_lock 4134 3_0_0 EXIST::FUNCTION:
X509_set_proxy_pathlen 4135 3_0_0 EXIST::FUNCTION:
X509_get_proxy_pathlen 4136 3_0_0 EXIST::FUNCTION:
DSA_bits 4137 3_0_0 EXIST::FUNCTION:DSA
DSA_bits 4137 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
EVP_PKEY_set1_tls_encodedpoint 4138 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get1_tls_encodedpoint 4139 3_0_0 EXIST::FUNCTION:
ASN1_STRING_get0_data 4140 3_0_0 EXIST::FUNCTION: