openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Add convenience functions and macros for asymmetric key generation 

Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
This commit is contained in:
Dr. David von Oheimb 2021-03-20 13:49:08 +01:00
parent 6dbb277627
commit f925315203
34 changed files with 232 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CHANGES.md
View File

@ -405,6 +405,12 @@ OpenSSL 3.0
*Dmitry Belyavskiy*
* Added convenience functions for generating asymmetric key pairs:
The 'quick' one-shot (yet somewhat limited) function L<EVP_PKEY_Q_keygen(3)>
and macros for the most common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)>.
*David von Oheimb*
* All of the low-level EC_KEY functions have been deprecated including:
EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
@ -429,7 +435,8 @@ OpenSSL 3.0
Applications that need to implement an EC_KEY_METHOD need to consider
implementation of the functionality in a special provider.
For replacement of the functions manipulating the EC_KEY objects
see the EVP_PKEY-EC(7) manual page.
see the L<EVP_PKEY-EC(7)> manual page.
A simple way of generating EC keys is L<EVP_EC_gen(3)>.
Additionally functions that read and write EC_KEY objects such as
o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
@ -825,7 +832,7 @@ OpenSSL 3.0
* All of the low-level RSA functions have been deprecated including:
RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
RSA_new, RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
RSA_generate_multi_prime_key, RSA_X931_derive_ex, RSA_X931_generate_key_ex,
RSA_check_key, RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
@ -858,6 +865,9 @@ OpenSSL 3.0
time. Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
L<EVP_PKEY_decrypt(3)>.
For replacement of the functions manipulating the RSA objects
see the L<EVP_PKEY-RSA(7)> manual page.
A simple way of generating RSA keys is L<EVP_RSA_gen(3)>.
All of these low-level RSA functions have been deprecated without
replacement:

1
NEWS.md
View File

@ -26,6 +26,7 @@ OpenSSL 3.0
RC4, RC5, and DES to the legacy provider.
* Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy
provider.
* Added convenience functions for generating asymmetric key pairs.
* Deprecated the `OCSP_REQ_CTX` type and functions.
* Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions.
* Deprecated the `RSA` and `RSA_METHOD` types and functions.

3
crypto/conf/conf_def.c
View File

@ -11,8 +11,8 @@
#include <stdio.h>
#include <string.h>
#include "e_os.h" /* strcasecmp and struct stat */
#ifdef __TANDEM
# include <strings.h> /* strcasecmp */
# include <sys/types.h> /* needed for stat.h */
# include <sys/stat.h> /* struct stat */
#endif
@ -28,7 +28,6 @@
# include <sys/stat.h>
# ifdef _WIN32
# define stat _stat
# define strcasecmp _stricmp
# endif
#endif

2
crypto/ec/ec_backend.c
View File

@ -328,7 +328,7 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
if (curve_nid != NID_undef) {
/* Named curve */
const char *curve_name = ossl_ec_curve_nid2name(curve_nid);
const char *curve_name = OSSL_EC_curve_nid2name(curve_nid);
if (curve_name == NULL
|| !ossl_param_build_set_utf8_string(tmpl, params,

2
crypto/evp/ctrl_params_translate.c
View File

@ -1482,7 +1482,7 @@ static int get_payload_group_name(enum state state,
if (grp != NULL)
nid = EC_GROUP_get_curve_name(grp);
if (nid != NID_undef)
ctx->p2 = (char *)ossl_ec_curve_nid2name(nid);
ctx->p2 = (char *)OSSL_EC_curve_nid2name(nid);
}
break;
#endif

2
crypto/evp/ec_support.c
View File

@ -115,7 +115,7 @@ static const EC_NAME2NID curve_list[] = {
{"SM2", NID_sm2 },
};
const char *ossl_ec_curve_nid2name(int nid)
const char *OSSL_EC_curve_nid2name(int nid)
{
size_t i;

60
crypto/evp/evp_lib.c
View File

@ -14,11 +14,14 @@
#include "internal/deprecated.h"
#include <stdio.h>
#include <string.h>
#include "e_os.h" /* strcasecmp */
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include <openssl/rsa.h>
#include <openssl/dh.h>
#include <openssl/ec.h>
#include "crypto/evp.h"
@ -27,6 +30,7 @@
#include "evp_local.h"
#if !defined(FIPS_MODULE)
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
return evp_cipher_param_to_asn1_ex(c, type, NULL);
@ -1111,3 +1115,59 @@ int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
return -1;
return 1;
}
/*
* evp_pkey_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX>
* while providing a generic way of generating a new asymmetric key pair
* of algorithm type I<name> (e.g., C<RSA> or C<EC>).
* The library context I<libctx> and property query I<propq>
* are used when fetching algorithms from providers.
* The I<params> specify algorithm-specific parameters
* such as the RSA modulus size or the name of an EC curve.
*/
static EVP_PKEY *evp_pkey_keygen(OSSL_LIB_CTX *libctx, const char *name,
const char *propq, OSSL_PARAM *params)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq);
if (ctx != NULL
&& EVP_PKEY_keygen_init(ctx) > 0
&& EVP_PKEY_CTX_set_params(ctx, params))
(void)EVP_PKEY_generate(ctx, &pkey);
EVP_PKEY_CTX_free(ctx);
return pkey;
}
EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
const char *type, ...)
{
va_list args;
size_t bits;
char *name;
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
EVP_PKEY *ret = NULL;
va_start(args, type);
if (strcasecmp(type, "RSA") == 0) {
bits = va_arg(args, size_t);
params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
} else if (strcasecmp(type, "EC") == 0) {
name = va_arg(args, char *);
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
name, 0);
} else if (strcasecmp(type, "ED25519") != 0
&& strcasecmp(type, "X25519") != 0
&& strcasecmp(type, "ED448") != 0
&& strcasecmp(type, "X448") != 0) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
goto end;
}
ret = evp_pkey_keygen(libctx, type, propq, params);
end:
va_end(args);
return ret;
}

6
crypto/evp/pmeth_gn.c
View File

@ -123,7 +123,7 @@ static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg)
return ctx->pkey_gencb(ctx);
}
int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
{
int ret = 0;
OSSL_CALLBACK cb;
@ -262,7 +262,7 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
return -1;
}
return EVP_PKEY_gen(ctx, ppkey);
return EVP_PKEY_generate(ctx, ppkey);
}
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
@ -271,7 +271,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
return -1;
}
return EVP_PKEY_gen(ctx, ppkey);
return EVP_PKEY_generate(ctx, ppkey);
}
void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)

12
doc/build.info
View File

@ -1206,10 +1206,6 @@ DEPEND[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod
GENERATE[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod
DEPEND[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod
GENERATE[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod
DEPEND[html/man3/EVP_PKEY_gen.html]=man3/EVP_PKEY_gen.pod
GENERATE[html/man3/EVP_PKEY_gen.html]=man3/EVP_PKEY_gen.pod
DEPEND[man/man3/EVP_PKEY_gen.3]=man3/EVP_PKEY_gen.pod
GENERATE[man/man3/EVP_PKEY_gen.3]=man3/EVP_PKEY_gen.pod
DEPEND[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod
GENERATE[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod
DEPEND[man/man3/EVP_PKEY_get_default_digest_nid.3]=man3/EVP_PKEY_get_default_digest_nid.pod
@ -1230,6 +1226,10 @@ DEPEND[html/man3/EVP_PKEY_is_a.html]=man3/EVP_PKEY_is_a.pod
GENERATE[html/man3/EVP_PKEY_is_a.html]=man3/EVP_PKEY_is_a.pod
DEPEND[man/man3/EVP_PKEY_is_a.3]=man3/EVP_PKEY_is_a.pod
GENERATE[man/man3/EVP_PKEY_is_a.3]=man3/EVP_PKEY_is_a.pod
DEPEND[html/man3/EVP_PKEY_keygen.html]=man3/EVP_PKEY_keygen.pod
GENERATE[html/man3/EVP_PKEY_keygen.html]=man3/EVP_PKEY_keygen.pod
DEPEND[man/man3/EVP_PKEY_keygen.3]=man3/EVP_PKEY_keygen.pod
GENERATE[man/man3/EVP_PKEY_keygen.3]=man3/EVP_PKEY_keygen.pod
DEPEND[html/man3/EVP_PKEY_meth_get_count.html]=man3/EVP_PKEY_meth_get_count.pod
GENERATE[html/man3/EVP_PKEY_meth_get_count.html]=man3/EVP_PKEY_meth_get_count.pod
DEPEND[man/man3/EVP_PKEY_meth_get_count.3]=man3/EVP_PKEY_meth_get_count.pod
@ -2999,12 +2999,12 @@ html/man3/EVP_PKEY_derive.html \
html/man3/EVP_PKEY_encapsulate.html \
html/man3/EVP_PKEY_encrypt.html \
html/man3/EVP_PKEY_fromdata.html \
html/man3/EVP_PKEY_gen.html \
html/man3/EVP_PKEY_get_default_digest_nid.html \
html/man3/EVP_PKEY_get_field_type.html \
html/man3/EVP_PKEY_get_group_name.html \
html/man3/EVP_PKEY_gettable_params.html \
html/man3/EVP_PKEY_is_a.html \
html/man3/EVP_PKEY_keygen.html \
html/man3/EVP_PKEY_meth_get_count.html \
html/man3/EVP_PKEY_meth_new.html \
html/man3/EVP_PKEY_new.html \
@ -3586,12 +3586,12 @@ man/man3/EVP_PKEY_derive.3 \
man/man3/EVP_PKEY_encapsulate.3 \
man/man3/EVP_PKEY_encrypt.3 \
man/man3/EVP_PKEY_fromdata.3 \
man/man3/EVP_PKEY_gen.3 \
man/man3/EVP_PKEY_get_default_digest_nid.3 \
man/man3/EVP_PKEY_get_field_type.3 \
man/man3/EVP_PKEY_get_group_name.3 \
man/man3/EVP_PKEY_gettable_params.3 \
man/man3/EVP_PKEY_is_a.3 \
man/man3/EVP_PKEY_keygen.3 \
man/man3/EVP_PKEY_meth_get_count.3 \
man/man3/EVP_PKEY_meth_new.3 \
man/man3/EVP_PKEY_new.3 \

10
doc/man3/EC_GROUP_new.pod
View File

@ -20,8 +20,9 @@ EC_GROUP_set_curve_GFp,
EC_GROUP_get_curve_GFp,
EC_GROUP_set_curve_GF2m,
EC_GROUP_get_curve_GF2m,
EC_get_builtin_curves - Functions for creating and destroying EC_GROUP
objects
EC_get_builtin_curves,
OSSL_EC_curve_nid2name -
Functions for creating and destroying EC_GROUP objects
=head1 SYNOPSIS
@ -52,6 +53,7 @@ objects
ECPKPARAMETERS *params);
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
const char *OSSL_EC_curve_nid2name(int nid);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
@ -173,6 +175,8 @@ in the EC_GROUP is public anyway, this function is unnecessary.
Its use can be safely replaced with EC_GROUP_free().
If I<group> is NULL nothing is done.
OSSL_EC_curve_nid2name() converts a curve I<nid> into the corresponding name.
=head1 RETURN VALUES
All EC_GROUP_new* functions return a pointer to the newly constructed group, or
@ -184,6 +188,8 @@ available.
EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(),
EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error.
OSSL_EC_curve_nid2name() returns a character string constant, or NULL on error.
=head1 SEE ALSO
L<crypto(7)>, L<EC_GROUP_copy(3)>,

16
doc/man3/EC_KEY_new.pod
View File

@ -2,6 +2,7 @@
=head1 NAME
EVP_EC_gen,
EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex,
EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags,
EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
@ -20,6 +21,8 @@ EC_KEY objects
#include <openssl/ec.h>
EVP_PKEY *EVP_EC_gen(const char *curve);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
@ -65,8 +68,11 @@ L<openssl_user_macros(7)>:
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_new(3)> and L<EVP_PKEY_free(3)>.
EVP_EC_gen() generates a new EC key pair on the given I<curve>.
All of the functions described below are deprecated.
Applications should instead use EVP_EC_gen(), L<EVP_PKEY_Q_keygen(3)>, or
L<EVP_PKEY_keygen_init(3)> and L<EVP_PKEY_keygen(3)>.
An EC_KEY represents a public key and, optionally, the associated private
key.
@ -152,7 +158,6 @@ EC_KEY_decoded_from_explicit_params() returns 1 if the group of the I<key> was
decoded from data with explicitly encoded group parameters, -1 if the I<key>
is NULL or the group parameters are missing, and 0 otherwise.
Although deprecated in OpenSSL 3.0 and should no longer be used,
EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator
for faster point multiplication. See also L<EC_POINT_add(3)>.
Modern versions should instead switch to named curves which OpenSSL has
@ -208,6 +213,7 @@ of the buffer or 0 on error.
=head1 SEE ALSO
L<EVP_PKEY_Q_keygen(3)>
L<crypto(7)>, L<EC_GROUP_new(3)>,
L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
L<EC_POINT_add(3)>,
@ -217,7 +223,9 @@ L<OSSL_LIB_CTX(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
EVP_EC_gen() was added in OpenSSL 3.0.
All other functions described here were deprecated in OpenSSL 3.0.
For replacement see L<EVP_PKEY-EC(7)>.
=head1 COPYRIGHT

31
doc/man3/EVP_PKEY_gen.pod → doc/man3/EVP_PKEY_keygen.pod
View File

@ -2,7 +2,8 @@
=head1 NAME
EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_gen,
EVP_PKEY_Q_keygen,
EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_generate,
EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
EVP_PKEY_CTX_get_app_data,
@ -14,9 +15,12 @@ EVP_PKEY_paramgen, EVP_PKEY_keygen
#include <openssl/evp.h>
EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
const char *type, ...);
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
@ -57,16 +61,16 @@ After initialization, generation parameters may be provided with
L<EVP_PKEY_CTX_ctrl(3)> or L<EVP_PKEY_CTX_set_params(3)>, or any other
function described in those manuals.
EVP_PKEY_gen() performs the generation operation, the resulting key
EVP_PKEY_generate() performs the generation operation, the resulting key
parameters or key are written to I<*ppkey>. If I<*ppkey> is NULL when this
function is called, it will be allocated, and should be freed by the caller
when no longer useful, using L<EVP_PKEY_free(3)>.
EVP_PKEY_paramgen() and EVP_PKEY_keygen() do exactly the same thing as
EVP_PKEY_gen(), after checking that the corresponding EVP_PKEY_paramgen_init()
EVP_PKEY_generate(), after checking that the corresponding EVP_PKEY_paramgen_init()
or EVP_PKEY_keygen_init() was used to initialize I<ctx>.
These are older functions that are kept for backward compatibility.
It is safe to use EVP_PKEY_gen() instead.
It is safe to use EVP_PKEY_generate() instead.
The function EVP_PKEY_set_cb() sets the key or parameter generation callback
to I<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
@ -87,6 +91,18 @@ and retrieve an opaque pointer. This can be used to set some application
defined value which can be retrieved in the callback: for example a handle
which is used to update a "progress dialog".
EVP_PKEY_Q_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX> while
providing a 'quick' but limited way of generating a new asymmetric key pair.
It provides shorthands for simple and common cases of key generation.
As usual, the library context I<libctx> and property query I<propq>
can be given for fetching algorithms from providers.
If I<type> is C<RSA>,
a B<size_t> parameter must be given to specify the size of the RSA key.
If I<type> is C<EC>,
a string parameter must be given to specify the name of the EC curve.
If I<type> is C<X25519>, C<X448>, C<ED25519>, or C<ED448>
no further parameter is needed.
=head1 RETURN VALUES
EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
@ -94,6 +110,8 @@ EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
In particular a return value of -2 indicates the operation is not supported by
the public key algorithm.
EVP_PKEY_Q_keygen() returns an B<EVP_PKEY>, or NULL on failure.
=head1 NOTES
After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
@ -187,6 +205,7 @@ Example of generation callback for OpenSSL public key implementations:
=head1 SEE ALSO
L<EVP_RSA_gen(3)>, L<EVP_EC_gen(3)>,
L<EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_encrypt(3)>,
L<EVP_PKEY_decrypt(3)>,
@ -203,7 +222,7 @@ EVP_PKEY_CTX_get_cb(), EVP_PKEY_CTX_get_keygen_info(),
EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() were added in
OpenSSL 1.0.0.
EVP_PKEY_gen() was added in OpenSSL 3.0.
EVP_PKEY_Q_keygen() and EVP_PKEY_generate() were added in OpenSSL 3.0.
=head1 COPYRIGHT

59
doc/man3/RSA_generate_key.pod
View File

@ -2,6 +2,7 @@
=head1 NAME
EVP_RSA_gen,
RSA_generate_key_ex, RSA_generate_key,
RSA_generate_multi_prime_key - generate RSA key pair
@ -9,6 +10,8 @@ RSA_generate_multi_prime_key - generate RSA key pair
#include <openssl/rsa.h>
EVP_PKEY *EVP_RSA_gen(unsigned int bits);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
@ -16,44 +19,42 @@ L<openssl_user_macros(7)>:
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
Deprecated since OpenSSL 0.9.8:
RSA *RSA_generate_key(int bits, unsigned long e,
void (*callback)(int, int, void *), void *cb_arg);
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_keygen_init(3)> and
L<EVP_PKEY_keygen(3)>.
EVP_RSA_gen() generates a new RSA key pair with modulus size I<bits>.
All of the functions described below are deprecated.
Applications should instead use EVP_RSA_gen(), L<EVP_PKEY_Q_keygen(3)>, or
L<EVP_PKEY_keygen_init(3)> and L<EVP_PKEY_keygen(3)>.
RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the
B<RSA> structure provided in B<rsa>. The pseudo-random number generator must
be seeded prior to calling RSA_generate_key_ex().
B<RSA> structure provided in I<rsa>.
RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores
it in the B<RSA> structure provided in B<rsa>. The number of primes is given by
the B<primes> parameter. The random number generator must be seeded when
calling RSA_generate_multi_prime_key().
it in the B<RSA> structure provided in I<rsa>. The number of primes is given by
the I<primes> parameter.
If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
external circumstances (see L<RAND(7)>), the operation will fail.
The modulus size will be of length B<bits>, the number of primes to form the
modulus will be B<primes>, and the public exponent will be B<e>. Key sizes
with B<num> E<lt> 1024 should be considered insecure. The exponent is an odd
The modulus size will be of length I<bits>, the number of primes to form the
modulus will be I<primes>, and the public exponent will be I<e>. Key sizes
with I<num> E<lt> 1024 should be considered insecure. The exponent is an odd
number, typically 3, 17 or 65537.
In order to maintain adequate security level, the maximum number of permitted
B<primes> depends on modulus bit length:
I<primes> depends on modulus bit length:
<1024 | >=1024 | >=4096 | >=8192
------+--------+--------+-------
2 | 3 | 4 | 5
A callback function may be used to provide feedback about the
progress of the key generation. If B<cb> is not B<NULL>, it
progress of the key generation. If I<cb> is not NULL, it
will be called as follows using the BN_GENCB_call() function
described on the L<BN_generate_prime(3)> page.
@ -71,42 +72,44 @@ described in L<BN_generate_prime(3)>.
=item *
When the n-th randomly generated prime is rejected as not
suitable for the key, B<BN_GENCB_call(cb, 2, n)> is called.
suitable for the key, I<BN_GENCB_call(cb, 2, n)> is called.
=item *
When a random p has been found with p-1 relatively prime to B<e>,
it is called as B<BN_GENCB_call(cb, 3, 0)>.
When a random p has been found with p-1 relatively prime to I<e>,
it is called as I<BN_GENCB_call(cb, 3, 0)>.
=back
The process is then repeated for prime q and other primes (if any)
with B<BN_GENCB_call(cb, 3, i)> where B<i> indicates the i-th prime.
with I<BN_GENCB_call(cb, 3, i)> where I<i> indicates the i-th prime.
=head1 RETURN VALUES
EVP_RSA_gen() returns an I<EVP_PKEY> or NULL on failure.
RSA_generate_multi_prime_key() returns 1 on success or 0 on error.
RSA_generate_key_ex() returns 1 on success or 0 on error.
The error codes can be obtained by L<ERR_get_error(3)>.
RSA_generate_key() returns a pointer to the RSA structure or
B<NULL> if the key generation fails.
NULL if the key generation fails.
=head1 BUGS
B<BN_GENCB_call(cb, 2, x)> is used with two different meanings.
I<BN_GENCB_call(cb, 2, x)> is used with two different meanings.
=head1 SEE ALSO
L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<BN_generate_prime(3)>,
L<RAND(7)>
L<EVP_PKEY_Q_keygen(3)>
L<BN_generate_prime(3)>, L<ERR_get_error(3)>,
L<RAND_bytes(3)>, L<RAND(7)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
RSA_generate_key() was deprecated in OpenSSL 0.9.8; use
RSA_generate_key_ex() instead.
EVP_RSA_gen() was added in OpenSSL 3.0.
All other functions described here were deprecated in OpenSSL 3.0.
For replacement see L<EVP_PKEY-RSA(7)>.
=head1 COPYRIGHT

7
doc/man3/RSA_new.pod
View File

@ -8,6 +8,8 @@ RSA_new, RSA_free - allocate and free RSA objects
#include <openssl/rsa.h>
Deprecated since OpenSSL 3.0:
RSA *RSA_new(void);
void RSA_free(RSA *rsa);
@ -35,6 +37,11 @@ L<ERR_get_error(3)>,
L<RSA_generate_key(3)>,
L<RSA_new_method(3)>
=head1 HISTORY
All functions described here were deprecated in OpenSSL 3.0.
For replacement see EVP_PKEY-RSA(7).
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

6
doc/man7/EVP_PKEY-DH.pod
View File

@ -154,7 +154,7 @@ A B<DH> key can be generated with a named safe prime group by calling:
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_CTX_set_params(pctx, params);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_generate(pctx, &pkey);
...
EVP_PKEY_free(key);
EVP_PKEY_CTX_free(pctx);
@ -179,7 +179,7 @@ B<DHX> domain parameters can be generated according to B<FIPS 186-4> by calling:
params[5] = OSSL_PARAM_construct_end();
EVP_PKEY_CTX_set_params(pctx, params);
EVP_PKEY_gen(pctx, &param_key);
EVP_PKEY_generate(pctx, &param_key);
EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
...
@ -192,7 +192,7 @@ A B<DH> key can be generated using domain parameters by calling:
EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
EVP_PKEY_keygen_init(gctx);
EVP_PKEY_gen(gctx, &key);
EVP_PKEY_generate(gctx, &key);
EVP_PKEY_print_private(bio_out, key, 0, NULL);
...
EVP_PKEY_free(key);

4
doc/man7/EVP_PKEY-DSA.pod
View File

@ -54,7 +54,7 @@ The B<DSA> domain parameters can be generated by calling:
params[4] = OSSL_PARAM_construct_end();
EVP_PKEY_CTX_set_params(pctx, params);
EVP_PKEY_gen(pctx, &param_key);
EVP_PKEY_generate(pctx, &param_key);
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
@ -66,7 +66,7 @@ A B<DSA> key can be generated using domain parameters by calling:
gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
EVP_PKEY_keygen_init(gctx);
EVP_PKEY_gen(gctx, &key);
EVP_PKEY_generate(gctx, &key);
EVP_PKEY_CTX_free(gctx);
EVP_PKEY_print_private(bio_out, key, 0, NULL);

9
doc/man7/EVP_PKEY-EC.pod
View File

@ -159,6 +159,10 @@ An B<EVP_PKEY> context can be obtained by calling:
An B<EVP_PKEY> ECDSA or ECDH key can be generated with a "P-256" named group by
calling:
pkey = EVP_EC_gen("P-256");
or like this:
EVP_PKEY *key = NULL;
OSSL_PARAM params[2];
EVP_PKEY_CTX *gctx =
@ -171,7 +175,7 @@ calling:
params[1] = OSSL_PARAM_construct_end();
EVP_PKEY_CTX_set_params(gctx, params);
EVP_PKEY_gen(gctx, &key);
EVP_PKEY_generate(gctx, &key);
EVP_PKEY_print_private(bio_out, key, 0, NULL);
...
@ -201,7 +205,7 @@ An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a
params[2] = OSSL_PARAM_construct_end();
EVP_PKEY_CTX_set_params(gctx, params);
EVP_PKEY_gen(gctx, &key);
EVP_PKEY_generate(gctx, &key);
EVP_PKEY_print_private(bio_out, key, 0, NULL);
...
EVP_PKEY_free(key);
@ -209,6 +213,7 @@ An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a
=head1 SEE ALSO
L<EVP_EC_gen(3)>,
L<EVP_KEYMGMT(3)>,
L<EVP_PKEY(3)>,
L<provider-keymgmt(7)>,

12
doc/man7/EVP_PKEY-RSA.pod
View File

@ -202,14 +202,18 @@ An B<EVP_PKEY> context can be obtained by calling:
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
An B<RSA> key can be generated like this:
An B<RSA> key can be generated simply like this:
pkey = EVP_RSA_gen(4096);
or like this:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_generate(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
An B<RSA> key can be generated with key generation parameters:
@ -227,13 +231,13 @@ An B<RSA> key can be generated with key generation parameters:
params[2] = OSSL_PARAM_construct_end();
EVP_PKEY_CTX_set_params(pctx, params);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_generate(pctx, &pkey);
EVP_PKEY_print_private(bio_out, pkey, 0, NULL);
EVP_PKEY_CTX_free(pctx);
=head1 SEE ALSO
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
L<EVP_RSA_gen(3)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
=head1 COPYRIGHT

20
doc/man7/EVP_PKEY-X25519.pod
View File

@ -84,25 +84,11 @@ An B<EVP_PKEY> context can be obtained by calling:
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
An B<ED25519> key can be generated like this:
An B<X25519> key can be generated like this:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
pkey = EVP_Q_keygen(NULL, NULL, "X25519");
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
An B<X25519> key can be generated in a similar way:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
An B<X448>, B<ED25519>, or B<ED448> key can be generated likewise.
=head1 SEE ALSO

2
doc/man7/crypto.pod
View File

@ -422,7 +422,7 @@ For information on the OpenSSL configuration file format see L<config(5)>.
=head1 ENCODING AND DECODING KEYS
Many algorithms require the use of a key. Keys can be generated dynamically
using the EVP APIs (for example see L<EVP_PKEY_gen(3)>). However it is often
using the EVP APIs (for example see L<EVP_PKEY_Q_keygen(3)>). However it is often
necessary to save or load keys (or their associated parameters) to or from some
external format such as PEM or DER (see L<openssl-glossary(7)>). OpenSSL uses
encoders and decoders to perform this task.

1
include/crypto/ec.h
View File

@ -16,7 +16,6 @@
# include <openssl/opensslconf.h>
# include <openssl/evp.h>
const char *ossl_ec_curve_nid2name(int nid);
int ossl_ec_curve_name2nid(const char *name);
const char *ossl_ec_curve_nid2nist_int(int nid);
int ossl_ec_curve_nist2nid_int(const char *name);

6
include/openssl/ec.h
View File

@ -84,6 +84,8 @@ typedef enum {
POINT_CONVERSION_HYBRID = 6
} point_conversion_form_t;
const char *OSSL_EC_curve_nid2name(int nid);
# ifndef OPENSSL_NO_EC
# include <openssl/asn1.h>
# include <openssl/symhacks.h>
@ -1072,7 +1074,7 @@ OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_conv_form(EC_KEY *eckey,
point_conversion_form_t cform);
# endif /*OPENSSL_NO_DEPRECATED_3_0 */
# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
# ifndef OPENSSL_NO_DEPRECATED_3_0
@ -1544,6 +1546,8 @@ OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify
EC_KEY *eckey));
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
# define EVP_EC_gen(curve) \
EVP_PKEY_Q_keygen(NULL, NULL, "EC", (char *)(strstr(curve, "")))
# define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \
d2i_ECParameters, x)

4
include/openssl/evp.h
View File

@ -1933,11 +1933,13 @@ int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);
EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
const char *type, ...);
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
int EVP_PKEY_public_check_quick(EVP_PKEY_CTX *ctx);

3
include/openssl/rsa.h
View File

@ -245,6 +245,9 @@ OSSL_DEPRECATEDIN_3_0 int RSA_get_version(RSA *r);
OSSL_DEPRECATEDIN_3_0 ENGINE *RSA_get0_engine(const RSA *r);
# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
# define EVP_RSA_gen(bits) \
EVP_PKEY_Q_keygen(NULL, NULL, "RSA", (size_t)(0 + (bits)))
/* Deprecated version */
# ifndef OPENSSL_NO_DEPRECATED_0_9_8
OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void

8
providers/fips-sources.checksums
View File

@ -143,7 +143,7 @@ d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61 crypto/ec/curv
04f8d52acc6332bdf879bf1684e8c59d2f4d8ca303d16c74d87aab3dd4a94932 crypto/ec/ec2_oct.c
7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762 crypto/ec/ec2_smpl.c
69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd crypto/ec/ec_asn1.c
8cf8af8e9bfc29e0cdc41720ec4a6d6c74eb5c15a9fc8193f8ec8270c0df1d37 crypto/ec/ec_backend.c
4ec7fe2efa0e55316ac4bb8507c7a37360339070c406c2623c38c5a541ac65d6 crypto/ec/ec_backend.c
86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a crypto/ec/ec_check.c
845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5 crypto/ec/ec_curve.c
8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c
@ -167,10 +167,10 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84 crypto/ec/ecp_
7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128 crypto/evp/asymcipher.c
0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c
e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5 crypto/evp/digest.c
87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8 crypto/evp/ec_support.c
5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c
c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0 crypto/evp/evp_enc.c
9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561 crypto/evp/evp_fetch.c
f975f6ba3aff8130b775f39182fdc783a3ef954402313248edd661d29032aa05 crypto/evp/evp_lib.c
b8f6bb49081428374f183255c6759520041d084bc85acd2fdc8d4392cb1ba0dd crypto/evp/evp_lib.c
af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291 crypto/evp/evp_rand.c
c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329 crypto/evp/evp_utils.c
896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a crypto/evp/exchange.c
@ -184,7 +184,7 @@ ec959b00487bfc51f4cf33c21a60fd8a73087a622504f459ba4cfe48bb0a738c crypto/evp/mac
5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5 crypto/evp/mac_meth.c
f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5 crypto/evp/p_lib.c
b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4 crypto/evp/pmeth_check.c
d22e6f5041a894b7e8433c1be4c5f1bc5897453bcbdd66bbc8cbfba854f7fd74 crypto/evp/pmeth_gn.c
ff8a5ff024c228fe714e4cf758260cf9e9c992a9311acb5f96b0f2ed6af1a814 crypto/evp/pmeth_gn.c
12b8e891dc2f3a1cf8365d9fddd319343dc229d3e60149c51b5ae9df9b6b504d crypto/evp/pmeth_lib.c
52d8ea3b8b3ef52b58306b0fbd4557d682ba69a5384672ba7e1682c9a853f417 crypto/evp/signature.c
e0a58ecf268c6bec531898d8fe6b148601b0bed8324fa8d5668de643c027606b crypto/ex_data.c

2
providers/fips.checksum
View File

@ -1 +1 @@
14ae4fff4bd856c7e146d65b63880ff152276fe35b0f1f4ed5f24eb6e97e7b44 providers/fips-sources.checksums
a1b5830f0c664b833a60a60b5801afb3a750eeeb41f3218d7fdae5d99ed05be7 providers/fips-sources.checksums

34
test/acvp_test.c
View File

@ -114,7 +114,6 @@ err:
static int ecdsa_keygen_test(int id)
{
int ret = 0;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned char *priv = NULL;
unsigned char *pubx = NULL, *puby = NULL;
@ -123,10 +122,7 @@ static int ecdsa_keygen_test(int id)
self_test_args.called = 0;
self_test_args.enable = 1;
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
|| !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
|| !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
|| !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
|| !TEST_int_ge(self_test_args.called, 3)
|| !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
&priv_len))
@ -147,7 +143,6 @@ err:
OPENSSL_free(pubx);
OPENSSL_free(puby);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
return ret;
}
@ -251,17 +246,13 @@ err:
static int ecdsa_siggen_test(int id)
{
int ret = 0;
EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
EVP_PKEY *pkey = NULL;
size_t sig_len = 0, rlen = 0, slen = 0;
unsigned char *sig = NULL;
unsigned char *r = NULL, *s = NULL;
const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
|| !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
|| !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
|| !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
goto err;
if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
@ -276,8 +267,6 @@ err:
OPENSSL_free(s);
OPENSSL_free(sig);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(key_ctx);
EVP_PKEY_CTX_free(ctx);
return ret;
}
@ -1007,21 +996,6 @@ err:
#endif /* OPENSSL_NO_DH */
static EVP_PKEY *rsa_keygen(int bits)
{
EVP_PKEY *key = NULL;
EVP_PKEY_CTX *keygen_ctx = NULL;
if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
|| !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
|| !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
|| !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
goto err;
err:
EVP_PKEY_CTX_free(keygen_ctx);
return key;
}
static int rsa_create_pkey(EVP_PKEY **pkey,
const unsigned char *n, size_t n_len,
const unsigned char *e, size_t e_len,
@ -1199,7 +1173,7 @@ static int rsa_siggen_test(int id)
}
*p++ = OSSL_PARAM_construct_end();
if (!TEST_ptr(pkey = rsa_keygen(tst->mod))
if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
|| !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
|| !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
|| !TEST_true(sig_gen(pkey, params, tst->digest_alg,
@ -1275,7 +1249,7 @@ static int rsa_decryption_primitive_test(int id)
BN_CTX *bn_ctx = NULL;
const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
if (!TEST_ptr(pkey = rsa_keygen(2048))
if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))
|| !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
|| !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
|| !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))

6
test/dsatest.c
View File

@ -256,10 +256,10 @@ static int dsa_keygen_test(void)
sizeof(seed_data)))
|| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
""))
|| !TEST_int_gt(EVP_PKEY_gen(pg_ctx, &param_key), 0)
|| !TEST_int_gt(EVP_PKEY_generate(pg_ctx, &param_key), 0)
|| !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
|| !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
|| !TEST_int_gt(EVP_PKEY_gen(kg_ctx, &key), 0))
|| !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0))
goto end;
if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
@ -313,7 +313,7 @@ static int test_dsa_default_paramgen_validate(int i)
&& TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
&& (i == 0
|| TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
&& TEST_int_gt(EVP_PKEY_gen(gen_ctx, &params), 0)
&& TEST_int_gt(EVP_PKEY_generate(gen_ctx, &params), 0)
&& TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
&& TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);

2
test/endecode_test.c
View File

@ -81,7 +81,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
&& EVP_PKEY_paramgen_init(ctx) > 0
&& (genparams == NULL
|| EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
&& EVP_PKEY_gen(ctx, &pkey) > 0);
&& EVP_PKEY_generate(ctx, &pkey) > 0);
EVP_PKEY_CTX_free(ctx);
return pkey;

2
test/endecoder_legacy_test.c
View File

@ -249,7 +249,7 @@ static EVP_PKEY *make_key(const char *type,
|| EVP_PKEY_paramgen_init(ctx) <= 0
|| (gen_template_params[0].key != NULL
&& EVP_PKEY_CTX_set_params(ctx, gen_template_params_noconst) <= 0)
|| EVP_PKEY_gen(ctx, &template) <= 0))
|| EVP_PKEY_generate(ctx, &template) <= 0))
goto end;
EVP_PKEY_CTX_free(ctx);

7
test/evp_libctx_test.c
View File

@ -488,16 +488,12 @@ static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
{
int ret = 0;
EVP_PKEY_CTX *keygen_ctx = NULL;
unsigned char *pub_der = NULL;
const unsigned char *pp = NULL;
size_t len = 0;
OSSL_ENCODER_CTX *ectx = NULL;
if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
|| !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
|| !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
|| !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
|| !TEST_ptr(ectx =
OSSL_ENCODER_CTX_new_for_pkey(*priv,
EVP_PKEY_PUBLIC_KEY,
@ -512,7 +508,6 @@ static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
err:
OSSL_ENCODER_CTX_free(ectx);
OPENSSL_free(pub_der);
EVP_PKEY_CTX_free(keygen_ctx);
return ret;
}

23
test/threadstest.c
View File

@ -16,7 +16,7 @@
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/aes.h>
#include <openssl/rsa.h>
#include "testutil.h"
@ -291,7 +291,6 @@ static void thread_general_worker(void)
};
unsigned int mdoutl;
int ciphoutl;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
int testresult = 0;
int i, isfips;
@ -320,18 +319,13 @@ static void thread_general_worker(void)
goto err;
}
pctx = EVP_PKEY_CTX_new_from_name(multi_libctx, "RSA", NULL);
if (!TEST_ptr(pctx)
|| !TEST_int_gt(EVP_PKEY_keygen_init(pctx), 0)
/*
* We want the test to run quickly - not securely. Therefore we
* use an insecure bit length where we can (512). In the FIPS
* module though we must use a longer length.
*/
|| !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx,
isfips ? 2048 : 512),
0)
|| !TEST_int_gt(EVP_PKEY_keygen(pctx, &pkey), 0))
/*
* We want the test to run quickly - not securely.
* Therefore we use an insecure bit length where we can (512).
* In the FIPS module though we must use a longer length.
*/
pkey = EVP_PKEY_Q_keygen(multi_libctx, NULL, "RSA", isfips ? 2048 : 512);
if (!TEST_ptr(pkey))
goto err;
testresult = 1;
@ -340,7 +334,6 @@ static void thread_general_worker(void)
EVP_MD_free(md);
EVP_CIPHER_CTX_free(cipherctx);
EVP_CIPHER_free(ciph);
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_free(pkey);
if (!testresult)
multi_success = 0;

4
util/libcrypto.num
View File

@ -4413,6 +4413,7 @@ EVP_MAC_init ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_update ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_final ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_finalXOF ? 3_0_0 EXIST::FUNCTION:
OSSL_EC_curve_nid2name ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_supports_digest_nid ? 3_0_0 EXIST::FUNCTION:
SRP_VBASE_add0_user ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
SRP_user_pwd_new ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
@ -4947,7 +4948,8 @@ OSSL_CMP_exec_GENM_ses ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_http_perform ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_read ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_write ? 3_0_0 EXIST::FUNCTION:CMP
EVP_PKEY_gen ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_Q_keygen ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_generate ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_rsa_keygen_bits ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_rsa_keygen_pubexp ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_CTX_set1_rsa_keygen_pubexp ? 3_0_0 EXIST::FUNCTION:

2
util/other.syms
View File

@ -322,6 +322,7 @@ EVP_VerifyUpdate define
EVP_bf_cfb define
EVP_cast5_cfb define
EVP_cleanup define deprecated 1.1.0
EVP_EC_gen define
EVP_get_digestbynid define
EVP_get_digestbyobj define
EVP_get_macbynid define
@ -329,6 +330,7 @@ EVP_get_macbyobj define
EVP_idea_cfb define
EVP_rc2_cfb define
EVP_rc5_32_12_16_cfb define
EVP_RSA_gen define
EVP_seed_cfb define
EVP_sm4_cfb define
OBJ_cleanup define deprecated 1.1.0