mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate the low level Diffie-Hellman functions.

Browse Source 
Use of the low level DH functions has been informally discouraged for a
long time.  We now formally deprecate them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
This commit is contained in:
Pauli 2020-02-03 19:05:31 +10:00
parent 0ad05b190e
commit ada66e78ef
41 changed files with 437 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apps/lib/s_cb.c
View File

@ -1434,7 +1434,20 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
case SSL_SECOP_OTHER_DH:
{
DH *dh = other;
BIO_printf(sdb->out, "%d", DH_bits(dh));
EVP_PKEY *pkey = EVP_PKEY_new();
int fail = 1;
if (pkey != NULL) {
if (EVP_PKEY_set1_DH(pkey, dh)) {
BIO_printf(sdb->out, "%d", EVP_PKEY_bits(pkey));
fail = 0;
}
EVP_PKEY_free(pkey);
}
if (fail)
BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x",
op);
break;
}
#endif

1
apps/progs.pl
View File

@ -92,7 +92,6 @@ EOF
my %cmd_disabler = (
ciphers => "sock",
gendh => "dh",
pkcs12 => "des",
);
my %cmd_deprecated = (

6
crypto/dh/dh_ameth.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/x509.h>

6
crypto/dh/dh_asn1.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>

6
crypto/dh/dh_check.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>

6
crypto/dh/dh_depr.c
View File

@ -9,6 +9,12 @@
/* This file contains deprecated functions as wrappers to the new ones */
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DEPRECATED_0_9_8
NON_EMPTY_TRANSLATION_UNIT

6
crypto/dh/dh_gen.c
View File

@ -12,6 +12,12 @@
* dh_depr.c as wrappers to these ones. - Geoff
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>

6
crypto/dh/dh_group_params.c
View File

@ -9,6 +9,12 @@
/* DH parameters from RFC7919 and RFC3526 */
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"

6
crypto/dh/dh_kdf.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "e_os.h"
#ifndef OPENSSL_NO_CMS

6
crypto/dh/dh_key.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"

6
crypto/dh/dh_lib.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <openssl/bn.h>
#include <openssl/engine.h>

6
crypto/dh/dh_meth.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "dh_local.h"
#include <string.h>
#include <openssl/err.h>

2
crypto/dh/dh_pmeth.c
View File

@ -8,7 +8,7 @@
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* DH & DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"

6
crypto/dh/dh_prn.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>

6
crypto/dh/dh_rfc5114.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"

6
crypto/evp/pmeth_lib.c
View File

@ -8,6 +8,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <stdlib.h>
#include <openssl/engine.h>

13
doc/man3/DH_generate_key.pod
View File

@ -8,12 +8,20 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
Both of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_derive_init(3)>
and L<EVP_PKEY_derive(3)>.
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
DH_compute_key(), these are combined with the other party's public
@ -40,8 +48,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
=head1 SEE ALSO
L<EVP_PKEY_derive(3)>,
L<DH_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<DH_size(3)>
=head1 HISTORY
Both of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

11
doc/man3/DH_generate_parameters.pod
View File

@ -12,6 +12,10 @@ parameters
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
int DH_check(DH *dh, int *codes);
@ -30,6 +34,11 @@ L<openssl_user_macros(7)>:
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_check(3)>,
L<EVP_PKEY_public_check(3)>, L<EVP_PKEY_private_check(3)> and
L<EVP_PKEY_param_check(3)>.
DH_generate_parameters_ex() generates Diffie-Hellman parameters that can
be shared among a group of users, and stores them in the provided B<DH>
structure. The pseudo-random number generator must be
@ -144,6 +153,8 @@ L<DH_free(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
DH_generate_parameters() was deprecated in OpenSSL 0.9.8; use
DH_generate_parameters_ex() instead.

13
doc/man3/DH_get0_pqg.pod
View File

@ -26,6 +26,11 @@ DH_get_length, DH_set_length - Routines for getting and setting data in a DH obj
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
void DH_set_flags(DH *dh, int flags);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
ENGINE *DH_get0_engine(DH *d);
long DH_get_length(const DH *dh);
int DH_set_length(DH *dh, long length);
@ -78,12 +83,13 @@ zero if none of the flags are set. DH_clear_flags() clears the specified flags
within the DH object.
DH_get0_engine() returns a handle to the ENGINE that has been set for this DH
object, or NULL if no such ENGINE has been set.
object, or NULL if no such ENGINE has been set. This function is deprecated.
The DH_get_length() and DH_set_length() functions get and set the optional
length parameter associated with this DH object. If the length is nonzero then
it is used, otherwise it is ignored. The B<length> parameter indicates the
length of the secret exponent (private key) in bits.
length of the secret exponent (private key) in bits. These functions are
deprecated.
=head1 NOTES
@ -114,6 +120,9 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_meth_new(3)>
=head1 HISTORY
The DH_get0_engine(), DH_get_length() and DH_set_length() functions were
deprecated in OpenSSL 3.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

9
doc/man3/DH_meth_new.pod
View File

@ -14,6 +14,10 @@ DH_meth_set_generate_params - Routines to build up DH methods
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
DH_METHOD *DH_meth_new(const char *name, int flags);
void DH_meth_free(DH_METHOD *dhm);
@ -58,6 +62,9 @@ DH_meth_set_generate_params - Routines to build up DH methods
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use the provider APIs.
The B<DH_METHOD> type is a structure used for the provision of custom DH
implementations. It provides a set of functions used by OpenSSL for the
implementation of the various DH capabilities.
@ -153,6 +160,8 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_get0_pqg(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

12
doc/man3/DH_new_by_nid.pod
View File

@ -8,6 +8,11 @@ DH_new_by_nid, DH_get_nid - get or find DH named parameters
#include <openssl/dh.h>
DH *DH_new_by_nid(int nid);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int *DH_get_nid(DH *dh);
=head1 DESCRIPTION
@ -18,10 +23,9 @@ B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>,
B<NID_modp_1536>, B<NID_modp_2048>, B<NID_modp_3072>,
B<NID_modp_4096>, B<NID_modp_6144> or B<NID_modp_8192>.
DH_get_nid() determines if the parameters contained in B<dh> match
any named set. It returns the NID corresponding to the matching parameters or
B<NID_undef> if there is no match.
B<NID_undef> if there is no match. This function is deprecated.
=head1 RETURN VALUES
@ -30,6 +34,10 @@ DH_new_by_nid() returns a set of DH parameters or B<NULL> if an error occurred.
DH_get_nid() returns the NID of the matching set of parameters or
B<NID_undef> if there is no match.
=head1 HISTORY
The DH_get_nid() function was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

11
doc/man3/DH_set_method.pod
View File

@ -9,6 +9,10 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
@ -21,6 +25,9 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use the provider APIs.
A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
@ -76,6 +83,10 @@ returns a pointer to the newly allocated structure.
L<DH_new(3)>, L<DH_new(3)>, L<DH_meth_new(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

11
doc/man3/DH_size.pod
View File

@ -9,6 +9,10 @@ security bits
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DH_size(const DH *dh);
int DH_bits(const DH *dh);
@ -17,6 +21,10 @@ security bits
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_bits(3)>,
L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
DH_size() returns the Diffie-Hellman prime size in bytes. It can be used
to determine how much memory must be allocated for the shared secret
computed by L<DH_compute_key(3)>.
@ -38,11 +46,14 @@ DH_security_bits() returns the number of security bits.
=head1 SEE ALSO
L<EVP_PKEY_bits(3)>,
L<DH_new(3)>, L<DH_generate_key(3)>,
L<BN_num_bits(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
The DH_bits() function was added in OpenSSL 1.1.0.
=head1 COPYRIGHT

12
doc/man3/DSA_dup_DH.pod
View File

@ -8,10 +8,18 @@ DSA_dup_DH - create a DH structure out of DSA structure
#include <openssl/dsa.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
DH *DSA_dup_DH(const DSA *r);
=head1 DESCRIPTION
The function described on this page is deprecated. There is no direct
replacement, applications should use the EVP_PKEY APIs for Diffie-Hellman
operations.
DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
is lost during that conversion, but the resulting DH parameters
contain its length.
@ -29,6 +37,10 @@ Be careful to avoid small subgroup attacks when using this.
L<DH_new(3)>, L<DSA_new(3)>, L<ERR_get_error(3)>
=head1 HISTORY
This function was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

4
fuzz/asn1.c
View File

@ -329,8 +329,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(ESS_CERT_ID_V2, d2i_ESS_CERT_ID_V2, i2d_ESS_CERT_ID_V2);
DO_TEST_NO_PRINT(ESS_SIGNING_CERT_V2, d2i_ESS_SIGNING_CERT_V2, i2d_ESS_SIGNING_CERT_V2);
#ifndef OPENSSL_NO_DH
DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print);
DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print);
DO_TEST_NO_PRINT(DH, d2i_DHparams, i2d_DHparams);
DO_TEST_NO_PRINT(DH, d2i_DHxparams, i2d_DHxparams);
#endif
#ifndef OPENSSL_NO_DSA
DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);

238
include/openssl/dh.h
View File

@ -47,6 +47,7 @@ extern "C" {
# define DH_FLAG_NO_EXP_CONSTTIME 0x00
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* If this flag is set the DH method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
@ -54,7 +55,7 @@ extern "C" {
* result is compliant.
*/
# define DH_FLAG_FIPS_METHOD 0x0400
# define DH_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
@ -62,7 +63,8 @@ extern "C" {
* usage is compliant.
*/
# define DH_FLAG_NON_FIPS_ALLOW 0x0400
# define DH_FLAG_NON_FIPS_ALLOW 0x0400
# endif
/* Already defined in ossl_typ.h */
/* typedef struct dh_st DH; */
@ -70,29 +72,30 @@ extern "C" {
DECLARE_ASN1_ITEM(DHparams)
# define DH_GENERATOR_2 2
# define DH_GENERATOR_3 3
# define DH_GENERATOR_5 5
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DH_GENERATOR_2 2
# define DH_GENERATOR_3 3
# define DH_GENERATOR_5 5
/* DH_check error codes */
/*
* NB: These values must align with the equivalently named macros in
* internal/ffc.h.
*/
# define DH_CHECK_P_NOT_PRIME 0x01
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
# define DH_NOT_SUITABLE_GENERATOR 0x08
# define DH_CHECK_Q_NOT_PRIME 0x10
# define DH_CHECK_INVALID_Q_VALUE 0x20
# define DH_CHECK_INVALID_J_VALUE 0x40
# define DH_MODULUS_TOO_SMALL 0x80
# define DH_MODULUS_TOO_LARGE 0x100
# define DH_CHECK_P_NOT_PRIME 0x01
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
# define DH_NOT_SUITABLE_GENERATOR 0x08
# define DH_CHECK_Q_NOT_PRIME 0x10
# define DH_CHECK_INVALID_Q_VALUE 0x20
# define DH_CHECK_INVALID_J_VALUE 0x40
# define DH_MODULUS_TOO_SMALL 0x80
# define DH_MODULUS_TOO_LARGE 0x100
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
# define DH_CHECK_PUBKEY_INVALID 0x04
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
# define DH_CHECK_PUBKEY_INVALID 0x04
/*
* primes p where (p-1)/2 is prime too are called "safe"; we define this for
@ -101,53 +104,58 @@ DECLARE_ASN1_ITEM(DHparams)
# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */
# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */
# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
# define d2i_DHparams_fp(fp,x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams, \
(fp), \
(unsigned char **)(x))
# define i2d_DHparams_fp(fp,x) \
ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
# define d2i_DHparams_bio(bp,x) \
ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
# define i2d_DHparams_bio(bp,x) \
ASN1_i2d_bio_of(DH,i2d_DHparams,bp,x)
# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
# define d2i_DHxparams_fp(fp,x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHxparams, \
(fp), \
(unsigned char **)(x))
# define i2d_DHxparams_fp(fp,x) \
ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
# define d2i_DHxparams_bio(bp,x) \
ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
# define i2d_DHxparams_bio(bp,x) \
ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
# define d2i_DHparams_fp(fp, x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams, \
(fp), \
(unsigned char **)(x))
# define i2d_DHparams_fp(fp, x) \
ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
# define d2i_DHparams_bio(bp, x) \
ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
# define i2d_DHparams_bio(bp, x) \
ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x)
# define d2i_DHxparams_fp(fp,x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHxparams, \
(fp), \
(unsigned char **)(x))
# define i2d_DHxparams_fp(fp, x) \
ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
# define d2i_DHxparams_bio(bp, x) \
ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
# define i2d_DHxparams_bio(bp, x) \
ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
# endif
DECLARE_ASN1_DUP_FUNCTION_name(DH, DHparams)
const DH_METHOD *DH_OpenSSL(void);
DEPRECATEDIN_3_0(const DH_METHOD *DH_OpenSSL(void))
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
int DH_set_method(DH *dh, const DH_METHOD *meth);
DH *DH_new_method(ENGINE *engine);
DEPRECATEDIN_3_0(void DH_set_default_method(const DH_METHOD *meth))
DEPRECATEDIN_3_0(const DH_METHOD *DH_get_default_method(void))
DEPRECATEDIN_3_0(int DH_set_method(DH *dh, const DH_METHOD *meth))
DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine))
DH *DH_new(void);
void DH_free(DH *dh);
int DH_up_ref(DH *dh);
int DH_bits(const DH *dh);
int DH_size(const DH *dh);
int DH_security_bits(const DH *dh);
# define DH_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
int DH_set_ex_data(DH *d, int idx, void *arg);
void *DH_get_ex_data(DH *d, int idx);
DEPRECATEDIN_3_0(int DH_bits(const DH *dh))
DEPRECATEDIN_3_0(int DH_size(const DH *dh))
DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh))
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DH_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
# endif
DEPRECATEDIN_3_0(int DH_set_ex_data(DH *d, int idx, void *arg))
DEPRECATEDIN_3_0(void *DH_get_ex_data(DH *d, int idx))
/* Deprecated version */
DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
@ -156,24 +164,30 @@ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
void *cb_arg))
/* New version */
int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
BN_GENCB *cb);
DEPRECATEDIN_3_0(int DH_generate_parameters_ex(DH *dh, int prime_len,
int generator, BN_GENCB *cb))
int DH_check_params_ex(const DH *dh);
int DH_check_ex(const DH *dh);
int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
DEPRECATEDIN_3_0(int DH_check_params_ex(const DH *dh))
DEPRECATEDIN_3_0(int DH_check_ex(const DH *dh))
DEPRECATEDIN_3_0(int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key))
/*
* TODO(3.0): deprecate DH_check_params once ssl/statem/statem_clnt.c is fixed.
*/
int DH_check_params(const DH *dh, int *ret);
int DH_check(const DH *dh, int *codes);
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
DEPRECATEDIN_3_0(int DH_check(const DH *dh, int *codes))
DEPRECATEDIN_3_0(int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
int *codes))
DEPRECATEDIN_3_0(int DH_generate_key(DH *dh))
DEPRECATEDIN_3_0(int DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh))
DEPRECATEDIN_3_0(int DH_compute_key_padded(unsigned char *key,
const BIGNUM *pub_key, DH *dh))
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHparams)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHxparams)
# ifndef OPENSSL_NO_STDIO
int DHparams_print_fp(FILE *fp, const DH *x);
DEPRECATEDIN_3_0(int DHparams_print_fp(FILE *fp, const DH *x))
# endif
int DHparams_print(BIO *bp, const DH *x);
DEPRECATEDIN_3_0(int DHparams_print(BIO *bp, const DH *x))
/* RFC 5114 parameters */
DH *DH_get_1024_160(void);
@ -181,15 +195,17 @@ DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void);
/* Named parameters, currently RFC7919 and RFC3526 */
/* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */
DH *DH_new_by_nid(int nid);
int DH_get_nid(DH *dh);
DEPRECATEDIN_3_0(int DH_get_nid(DH *dh))
# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
DEPRECATEDIN_3_0(int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm,
size_t ukmlen, const EVP_MD *md))
# endif
void DH_get0_pqg(const DH *dh,
@ -206,40 +222,53 @@ const BIGNUM *DH_get0_pub_key(const DH *dh);
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
void DH_set_flags(DH *dh, int flags);
ENGINE *DH_get0_engine(DH *d);
long DH_get_length(const DH *dh);
int DH_set_length(DH *dh, long length);
DH_METHOD *DH_meth_new(const char *name, int flags);
void DH_meth_free(DH_METHOD *dhm);
DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
const char *DH_meth_get0_name(const DH_METHOD *dhm);
int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
int DH_meth_get_flags(const DH_METHOD *dhm);
int DH_meth_set_flags(DH_METHOD *dhm, int flags);
void *DH_meth_get0_app_data(const DH_METHOD *dhm);
int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
(unsigned char *key, const BIGNUM *pub_key, DH *dh);
int DH_meth_set_compute_key(DH_METHOD *dhm,
int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
(const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
BN_CTX *, BN_MONT_CTX *);
int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
(DH *, int, int, BN_GENCB *);
int DH_meth_set_generate_params(DH_METHOD *dhm,
int (*generate_params) (DH *, int, int, BN_GENCB *));
DEPRECATEDIN_3_0(ENGINE *DH_get0_engine(DH *d))
DEPRECATEDIN_3_0(long DH_get_length(const DH *dh))
DEPRECATEDIN_3_0(int DH_set_length(DH *dh, long length))
DEPRECATEDIN_3_0(DH_METHOD *DH_meth_new(const char *name, int flags))
DEPRECATEDIN_3_0(void DH_meth_free(DH_METHOD *dhm))
DEPRECATEDIN_3_0(DH_METHOD *DH_meth_dup(const DH_METHOD *dhm))
DEPRECATEDIN_3_0(const char *DH_meth_get0_name(const DH_METHOD *dhm))
DEPRECATEDIN_3_0(int DH_meth_set1_name(DH_METHOD *dhm, const char *name))
DEPRECATEDIN_3_0(int DH_meth_get_flags(const DH_METHOD *dhm))
DEPRECATEDIN_3_0(int DH_meth_set_flags(DH_METHOD *dhm, int flags))
DEPRECATEDIN_3_0(void *DH_meth_get0_app_data(const DH_METHOD *dhm))
DEPRECATEDIN_3_0(int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data))
DEPRECATEDIN_3_0(int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *))
DEPRECATEDIN_3_0(int DH_meth_set_generate_key(DH_METHOD *dhm,
int (*generate_key) (DH *)))
DEPRECATEDIN_3_0(int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
(unsigned char *key,
const BIGNUM *pub_key, DH *dh))
DEPRECATEDIN_3_0(int DH_meth_set_compute_key(DH_METHOD *dhm,
int (*compute_key)
(unsigned char *key,
const BIGNUM *pub_key,
DH *dh)))
DEPRECATEDIN_3_0(int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
(const DH *, BIGNUM *,
const BIGNUM *,
const BIGNUM *,
const BIGNUM *, BN_CTX *,
BN_MONT_CTX *))
DEPRECATEDIN_3_0(int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
int (*bn_mod_exp)
(const DH *, BIGNUM *,
const BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *,
BN_MONT_CTX *)))
DEPRECATEDIN_3_0(int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *))
DEPRECATEDIN_3_0(int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)))
DEPRECATEDIN_3_0(int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *))
DEPRECATEDIN_3_0(int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)))
DEPRECATEDIN_3_0(int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
(DH *, int, int,
BN_GENCB *))
DEPRECATEDIN_3_0(int DH_meth_set_generate_params(DH_METHOD *dhm,
int (*generate_params)
(DH *, int, int,
BN_GENCB *)))
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
@ -335,7 +364,6 @@ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
# define EVP_PKEY_DH_KDF_X9_42 2
# endif
# ifdef __cplusplus
}
# endif

4
include/openssl/dsa.h
View File

@ -178,10 +178,8 @@ DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off))
/*
* Convert DSA structure (key or just parameters) into DH structure (be
* careful to avoid small subgroup attacks when using this!)
*
* TODO(3.0): figure out how to remove this monstrosity
*/
DH *DSA_dup_DH(const DSA *r);
DEPRECATEDIN_3_0(DH *DSA_dup_DH(const DSA *r))
# endif
# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \

6
providers/implementations/exchange/dh_exch.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/crypto.h>
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>

6
providers/implementations/keymgmt/dh_kmgmt.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/bn.h>

6
providers/implementations/serializers/serializer_dh.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/dh.h>
#include <openssl/err.h>
#include "prov/bio.h" /* ossl_prov_bio_printf() */

6
providers/implementations/serializers/serializer_dh_param.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/pem.h>
#include <openssl/dh.h>

6
providers/implementations/serializers/serializer_dh_priv.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/err.h>

6
providers/implementations/serializers/serializer_dh_pub.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/err.h>
#include <openssl/pem.h>

6
ssl/s3_lib.c
View File

@ -4752,7 +4752,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
|| (dh = DH_new_by_nid(ginf->nid)) == NULL
|| !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
ERR_R_EVP_LIB);
DH_free(dh);
EVP_PKEY_free(pkey);
pkey = NULL;
@ -4760,7 +4760,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
}
if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
ERR_R_EVP_LIB);
EVP_PKEY_free(pkey);
pkey = NULL;
goto err;
@ -4796,7 +4796,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
/*
* Generate parameters from a group ID
*/
EVP_PKEY *ssl_generate_param_group(uint16_t id)
EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;

2
ssl/ssl_local.h
View File

@ -2605,7 +2605,7 @@ __owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
const char *str);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int version);
__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
__owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id);
# ifndef OPENSSL_NO_EC
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
size_t *num_formats);

2
ssl/statem/extensions_srvr.c
View File

@ -705,7 +705,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
continue;
}
if ((s->s3.peer_tmp = ssl_generate_param_group(group_id)) == NULL) {
if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;

15
ssl/statem/statem_clnt.c
View File

@ -2147,18 +2147,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
}
bnpub_key = NULL;
if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
SSL_R_DH_KEY_TOO_SMALL);
goto err;
}
if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
ERR_R_EVP_LIB);
goto err;
}
if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
0, dh)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
SSL_R_DH_KEY_TOO_SMALL);
goto err;
}
s->s3.peer_tmp = peer_tmp;
/*
@ -2213,7 +2214,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
return 0;
}
if ((s->s3.peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;

22
test/build.info
View File

@ -34,8 +34,7 @@ IF[{- !$disabled{tests} -}]
sanitytest rsa_complex exdatatest bntest \
ectest ecstresstest gmdifftest pbelutest \
destest mdc2test \
dhtest enginetest \
ssltest_old exptest \
enginetest exptest \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@ -109,18 +108,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[mdc2test]=../include ../apps/include
DEPEND[mdc2test]=../libcrypto libtestutil.a
SOURCE[dhtest]=dhtest.c
INCLUDE[dhtest]=../include ../apps/include
DEPEND[dhtest]=../libcrypto libtestutil.a
SOURCE[enginetest]=enginetest.c
INCLUDE[enginetest]=../include ../apps/include
DEPEND[enginetest]=../libcrypto libtestutil.a
SOURCE[ssltest_old]=ssltest_old.c
INCLUDE[ssltest_old]=.. ../include ../apps/include
DEPEND[ssltest_old]=../libcrypto ../libssl
SOURCE[exptest]=exptest.c
INCLUDE[exptest]=../include ../apps/include
DEPEND[exptest]=../libcrypto libtestutil.a
@ -490,7 +481,8 @@ IF[{- !$disabled{tests} -}]
rdrand_sanitytest property_test ideatest rsa_mp_test \
rsa_sp800_56b_test bn_internal_test ecdsatest rsa_test \
rc2test rc4test rc5test hmactest ffc_internal_test \
asn1_dsa_internal_test dsatest dsa_no_digest_size_test
asn1_dsa_internal_test dsatest dsa_no_digest_size_test \
dhtest ssltest_old
IF[{- !$disabled{poly1305} -}]
PROGRAMS{noinst}=poly1305_internal_test
@ -575,6 +567,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[sparse_array_test]=../crypto/include ../include ../apps/include
DEPEND[sparse_array_test]=../libcrypto.a libtestutil.a
SOURCE[dhtest]=dhtest.c
INCLUDE[dhtest]=../include ../apps/include
DEPEND[dhtest]=../libcrypto.a libtestutil.a
SOURCE[hmactest]=hmactest.c
INCLUDE[hmactest]=../include ../apps/include
DEPEND[hmactest]=../libcrypto.a libtestutil.a
@ -650,6 +646,10 @@ IF[{- !$disabled{tests} -}]
SOURCE[mdc2_internal_test]=mdc2_internal_test.c
INCLUDE[mdc2_internal_test]=.. ../include ../apps/include
DEPEND[mdc2_internal_test]=../libcrypto.a libtestutil.a
SOURCE[ssltest_old]=ssltest_old.c
INCLUDE[ssltest_old]=.. ../include ../apps/include
DEPEND[ssltest_old]=../libcrypto.a ../libssl.a
ENDIF
PROGRAMS{noinst}=asn1_time_test

6
test/dhtest.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

6
test/ssltest_old.c
View File

@ -9,6 +9,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "e_os.h"
/* Or gethostname won't be declared properly on Linux and GNU platforms. */

96
util/libcrypto.num
View File

@ -100,7 +100,7 @@ DSAparams_print 101 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
BF_set_key 102 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
d2i_DHparams 103 3_0_0 EXIST::FUNCTION:DH
i2d_PKCS7_ENC_CONTENT 104 3_0_0 EXIST::FUNCTION:
DH_generate_key 105 3_0_0 EXIST::FUNCTION:DH
DH_generate_key 105 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ENGINE_add_conf_module 106 3_0_0 EXIST::FUNCTION:ENGINE
BIO_new_socket 107 3_0_0 EXIST::FUNCTION:SOCK
ASN1_OBJECT_free 108 3_0_0 EXIST::FUNCTION:
@ -445,7 +445,7 @@ X509_get_serialNumber 453 3_0_0 EXIST::FUNCTION:
BIO_sock_should_retry 454 3_0_0 EXIST::FUNCTION:SOCK
ENGINE_get_digests 455 3_0_0 EXIST::FUNCTION:ENGINE
TS_MSG_IMPRINT_get_algo 456 3_0_0 EXIST::FUNCTION:TS
DH_new_method 457 3_0_0 EXIST::FUNCTION:DH
DH_new_method 457 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BF_ecb_encrypt 458 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
PEM_write_bio_DHparams 459 3_0_0 EXIST::FUNCTION:DH
EVP_DigestFinal 460 3_0_0 EXIST::FUNCTION:
@ -563,7 +563,7 @@ a2i_ASN1_STRING 575 3_0_0 EXIST::FUNCTION:
EC_GROUP_get_mont_data 576 3_0_0 EXIST::FUNCTION:EC
CMAC_CTX_copy 577 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
EVP_camellia_128_cfb128 579 3_0_0 EXIST::FUNCTION:CAMELLIA
DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DH
DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:
ESS_ISSUER_SERIAL_dup 582 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_exp_arr 583 3_0_0 EXIST::FUNCTION:EC2M
@ -617,7 +617,7 @@ X509_REQ_dup 631 3_0_0 EXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DSA,STDIO
OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION:SOCK
d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DH
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:DH
X509_REVOKED_it 638 3_0_0 EXIST::FUNCTION:
CRYPTO_THREAD_write_lock 639 3_0_0 EXIST::FUNCTION:
@ -672,13 +672,13 @@ CTLOG_get0_log_id 688 3_0_0 EXIST::FUNCTION:CT
CMS_RecipientInfo_ktri_get0_signer_id 689 3_0_0 EXIST::FUNCTION:CMS
OCSP_REQUEST_add1_ext_i2d 690 3_0_0 EXIST::FUNCTION:OCSP
EVP_PBE_CipherInit 691 3_0_0 EXIST::FUNCTION:
DSA_dup_DH 692 3_0_0 EXIST::FUNCTION:DH,DSA
DSA_dup_DH 692 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,DSA
CONF_imodule_get_value 693 3_0_0 EXIST::FUNCTION:
OCSP_id_issuer_cmp 694 3_0_0 EXIST::FUNCTION:OCSP
ASN1_INTEGER_free 695 3_0_0 EXIST::FUNCTION:
BN_get0_nist_prime_224 696 3_0_0 EXIST::FUNCTION:
OPENSSL_isservice 697 3_0_0 EXIST::FUNCTION:
DH_compute_key 698 3_0_0 EXIST::FUNCTION:DH
DH_compute_key 698 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
TS_RESP_CTX_set_signer_key 699 3_0_0 EXIST::FUNCTION:TS
i2d_DSAPrivateKey_bio 700 3_0_0 EXIST::FUNCTION:DSA
ASN1_item_d2i 702 3_0_0 EXIST::FUNCTION:
@ -718,7 +718,7 @@ OCSP_REQUEST_get1_ext_d2i 736 3_0_0 EXIST::FUNCTION:OCSP
CMS_unsigned_add1_attr_by_NID 737 3_0_0 EXIST::FUNCTION:CMS
BN_mod_exp_mont 738 3_0_0 EXIST::FUNCTION:
d2i_DHxparams 739 3_0_0 EXIST::FUNCTION:DH
DH_size 740 3_0_0 EXIST::FUNCTION:DH
DH_size 740 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CONF_imodule_get_name 741 3_0_0 EXIST::FUNCTION:
ENGINE_get_pkey_meth_engine 742 3_0_0 EXIST::FUNCTION:ENGINE
OCSP_BASICRESP_free 743 3_0_0 EXIST::FUNCTION:OCSP
@ -965,7 +965,7 @@ ERR_load_TS_strings 989 3_0_0 EXIST::FUNCTION:TS
BN_nist_mod_func 990 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_new 991 3_0_0 EXIST::FUNCTION:OCSP
DSA_SIG_new 992 3_0_0 EXIST::FUNCTION:DSA
DH_get_default_method 993 3_0_0 EXIST::FUNCTION:DH
DH_get_default_method 993 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
PEM_proc_type 994 3_0_0 EXIST::FUNCTION:
BIO_printf 995 3_0_0 EXIST::FUNCTION:
a2i_IPADDRESS 996 3_0_0 EXIST::FUNCTION:
@ -1337,7 +1337,7 @@ X509_get_default_cert_file_env 1366 3_0_0 EXIST::FUNCTION:
X509v3_addr_validate_resource_set 1367 3_0_0 EXIST::FUNCTION:RFC3779
d2i_X509_VAL 1368 3_0_0 EXIST::FUNCTION:
CRYPTO_gcm128_decrypt_ctr32 1370 3_0_0 EXIST::FUNCTION:
DHparams_print 1371 3_0_0 EXIST::FUNCTION:DH
DHparams_print 1371 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
OPENSSL_sk_unshift 1372 3_0_0 EXIST::FUNCTION:
BN_GENCB_set_old 1373 3_0_0 EXIST::FUNCTION:
PEM_write_bio_X509 1374 3_0_0 EXIST::FUNCTION:
@ -1716,7 +1716,7 @@ i2d_NETSCAPE_SPKI 1754 3_0_0 EXIST::FUNCTION:
ASYNC_init_thread 1755 3_0_0 EXIST::FUNCTION:
OCSP_BASICRESP_get_ext_by_OBJ 1756 3_0_0 EXIST::FUNCTION:OCSP
X509_reject_clear 1757 3_0_0 EXIST::FUNCTION:
DH_security_bits 1758 3_0_0 EXIST::FUNCTION:DH
DH_security_bits 1758 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
LONG_it 1759 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ASN1_dup 1760 3_0_0 EXIST::FUNCTION:
TS_RESP_new 1761 3_0_0 EXIST::FUNCTION:TS
@ -2018,7 +2018,7 @@ EVP_MD_CTX_clear_flags 2064 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_verifyctx 2065 3_0_0 EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_get0_cert 2066 3_0_0 EXIST::FUNCTION:CT
PEM_write_DHparams 2067 3_0_0 EXIST::FUNCTION:DH,STDIO
DH_set_ex_data 2068 3_0_0 EXIST::FUNCTION:DH
DH_set_ex_data 2068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
OCSP_SIGNATURE_free 2069 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_128_unwrap_pad 2070 3_0_0 EXIST::FUNCTION:
BIO_new_CMS 2071 3_0_0 EXIST::FUNCTION:CMS
@ -2061,7 +2061,7 @@ OCSP_ONEREQ_add1_ext_i2d 2107 3_0_0 EXIST::FUNCTION:OCSP
ENGINE_register_pkey_meths 2108 3_0_0 EXIST::FUNCTION:ENGINE
ENGINE_load_public_key 2109 3_0_0 EXIST::FUNCTION:ENGINE
ASIdOrRange_it 2110 3_0_0 EXIST::FUNCTION:RFC3779
DHparams_print_fp 2111 3_0_0 EXIST::FUNCTION:DH,STDIO
DHparams_print_fp 2111 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
ERR_load_CRYPTO_strings 2112 3_0_0 EXIST:!VMS:FUNCTION:
ERR_load_CRYPTOlib_strings 2112 3_0_0 EXIST:VMS:FUNCTION:
X509_REQ_set_version 2113 3_0_0 EXIST::FUNCTION:
@ -2289,7 +2289,7 @@ OPENSSL_sk_zero 2337 3_0_0 EXIST::FUNCTION:
ASN1_PRINTABLE_type 2338 3_0_0 EXIST::FUNCTION:
TS_CONF_set_ess_cert_id_chain 2339 3_0_0 EXIST::FUNCTION:TS
PEM_read_DSAPrivateKey 2340 3_0_0 EXIST::FUNCTION:DSA,STDIO
DH_generate_parameters_ex 2341 3_0_0 EXIST::FUNCTION:DH
DH_generate_parameters_ex 2341 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
UI_dup_input_string 2342 3_0_0 EXIST::FUNCTION:
X509_keyid_set1 2343 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set1 2344 3_0_0 EXIST::FUNCTION:
@ -2315,7 +2315,7 @@ OTHERNAME_it 2363 3_0_0 EXIST::FUNCTION:
X509at_add1_attr_by_txt 2364 3_0_0 EXIST::FUNCTION:
PKCS7_SIGN_ENVELOPE_free 2365 3_0_0 EXIST::FUNCTION:
BIO_dgram_is_sctp 2366 3_0_0 EXIST::FUNCTION:DGRAM,SCTP
DH_check 2367 3_0_0 EXIST::FUNCTION:DH
DH_check 2367 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
Camellia_set_key 2368 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
X509_LOOKUP_by_issuer_serial 2369 3_0_0 EXIST::FUNCTION:
ASN1_BMPSTRING_free 2370 3_0_0 EXIST::FUNCTION:
@ -2545,7 +2545,7 @@ MD4_Update 2598 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
X509_STORE_CTX_set_time 2599 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_DH 2600 3_0_0 EXIST::FUNCTION:ENGINE
X509_ocspid_print 2601 3_0_0 EXIST::FUNCTION:
DH_set_method 2602 3_0_0 EXIST::FUNCTION:DH
DH_set_method 2602 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
EVP_rc2_64_cbc 2603 3_0_0 EXIST::FUNCTION:RC2
CRYPTO_THREAD_get_current_id 2604 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_cb 2605 3_0_0 EXIST::FUNCTION:
@ -2841,7 +2841,7 @@ i2d_RSAPrivateKey_fp 2902 3_0_0 EXIST::FUNCTION:RSA,STDIO
X509_REQ_print 2903 3_0_0 EXIST::FUNCTION:
RSA_size 2904 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
EVP_CIPHER_CTX_iv_noconst 2905 3_0_0 EXIST::FUNCTION:
DH_set_default_method 2906 3_0_0 EXIST::FUNCTION:DH
DH_set_default_method 2906 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
X509_ALGOR_new 2907 3_0_0 EXIST::FUNCTION:
EVP_aes_192_ofb 2908 3_0_0 EXIST::FUNCTION:
EVP_des_ede3_cfb1 2909 3_0_0 EXIST::FUNCTION:DES
@ -2911,7 +2911,7 @@ TS_REQ_get_cert_req 2973 3_0_0 EXIST::FUNCTION:TS
BIO_pop 2974 3_0_0 EXIST::FUNCTION:
SHA256_Final 2975 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_DH 2976 3_0_0 EXIST::FUNCTION:DH
DH_get_ex_data 2977 3_0_0 EXIST::FUNCTION:DH
DH_get_ex_data 2977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CRYPTO_secure_malloc 2978 3_0_0 EXIST::FUNCTION:
TS_RESP_get_status_info 2979 3_0_0 EXIST::FUNCTION:TS
HMAC_CTX_new 2980 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@ -2939,7 +2939,7 @@ TS_RESP_CTX_set_status_info 3001 3_0_0 EXIST::FUNCTION:TS
BIO_f_nbio_test 3002 3_0_0 EXIST::FUNCTION:
SEED_ofb128_encrypt 3003 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
d2i_RSAPrivateKey_bio 3004 3_0_0 EXIST::FUNCTION:RSA
DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:CMS,DH
DH_KDF_X9_42 3005 3_0_0 EXIST::FUNCTION:CMS,DEPRECATEDIN_3_0,DH
EVP_PKEY_meth_set_signctx 3006 3_0_0 EXIST::FUNCTION:
X509_CRL_get_version 3007 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get0_info 3008 3_0_0 EXIST::FUNCTION:
@ -3163,7 +3163,7 @@ ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION:
BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION:
i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO
ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:ENGINE
DH_bits 3232 3_0_0 EXIST::FUNCTION:DH
DH_bits 3232 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION:
EVP_camellia_192_cfb1 3234 3_0_0 EXIST::FUNCTION:CAMELLIA
TS_RESP_CTX_add_failure_info 3235 3_0_0 EXIST::FUNCTION:TS
@ -3343,7 +3343,7 @@ BUF_MEM_new_ex 3412 3_0_0 EXIST::FUNCTION:
RSA_padding_add_X931 3413 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
BN_get0_nist_prime_256 3414 3_0_0 EXIST::FUNCTION:
CRYPTO_memcmp 3415 3_0_0 EXIST::FUNCTION:
DH_check_pub_key 3416 3_0_0 EXIST::FUNCTION:DH
DH_check_pub_key 3416 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ASN1_mbstring_copy 3417 3_0_0 EXIST::FUNCTION:
PKCS7_set_type 3418 3_0_0 EXIST::FUNCTION:
BIO_gets 3419 3_0_0 EXIST::FUNCTION:
@ -3951,33 +3951,33 @@ RSA_get0_crt_params 4038 3_0_0 EXIST::FUNCTION:RSA
DH_set0_pqg 4039 3_0_0 EXIST::FUNCTION:DH
DH_clear_flags 4041 3_0_0 EXIST::FUNCTION:DH
DH_get0_key 4042 3_0_0 EXIST::FUNCTION:DH
DH_get0_engine 4043 3_0_0 EXIST::FUNCTION:DH
DH_get0_engine 4043 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_set0_key 4044 3_0_0 EXIST::FUNCTION:DH
DH_set_length 4045 3_0_0 EXIST::FUNCTION:DH
DH_set_length 4045 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_test_flags 4046 3_0_0 EXIST::FUNCTION:DH
DH_get_length 4047 3_0_0 EXIST::FUNCTION:DH
DH_get_length 4047 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_get0_pqg 4048 3_0_0 EXIST::FUNCTION:DH
DH_meth_get_compute_key 4049 3_0_0 EXIST::FUNCTION:DH
DH_meth_set1_name 4050 3_0_0 EXIST::FUNCTION:DH
DH_meth_set_init 4051 3_0_0 EXIST::FUNCTION:DH
DH_meth_get_finish 4052 3_0_0 EXIST::FUNCTION:DH
DH_meth_get0_name 4053 3_0_0 EXIST::FUNCTION:DH
DH_meth_set_generate_params 4054 3_0_0 EXIST::FUNCTION:DH
DH_meth_set_compute_key 4055 3_0_0 EXIST::FUNCTION:DH
DH_meth_set_flags 4056 3_0_0 EXIST::FUNCTION:DH
DH_meth_get_generate_params 4057 3_0_0 EXIST::FUNCTION:DH
DH_meth_get_flags 4058 3_0_0 EXIST::FUNCTION:DH
DH_meth_set_finish 4059 3_0_0 EXIST::FUNCTION:DH
DH_meth_get0_app_data 4060 3_0_0 EXIST::FUNCTION:DH
DH_meth_set0_app_data 4061 3_0_0 EXIST::FUNCTION:DH
DH_meth_get_init 4062 3_0_0 EXIST::FUNCTION:DH
DH_meth_get_bn_mod_exp 4063 3_0_0 EXIST::FUNCTION:DH
DH_meth_new 4064 3_0_0 EXIST::FUNCTION:DH
DH_meth_dup 4065 3_0_0 EXIST::FUNCTION:DH
DH_meth_set_bn_mod_exp 4066 3_0_0 EXIST::FUNCTION:DH
DH_meth_set_generate_key 4067 3_0_0 EXIST::FUNCTION:DH
DH_meth_free 4068 3_0_0 EXIST::FUNCTION:DH
DH_meth_get_generate_key 4069 3_0_0 EXIST::FUNCTION:DH
DH_meth_get_compute_key 4049 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set1_name 4050 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set_init 4051 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get_finish 4052 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get0_name 4053 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set_generate_params 4054 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set_compute_key 4055 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set_flags 4056 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get_generate_params 4057 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get_flags 4058 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set_finish 4059 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get0_app_data 4060 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set0_app_data 4061 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get_init 4062 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get_bn_mod_exp 4063 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_new 4064 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_dup 4065 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set_bn_mod_exp 4066 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_set_generate_key 4067 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_free 4068 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_meth_get_generate_key 4069 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_set_flags 4070 3_0_0 EXIST::FUNCTION:DH
X509_STORE_CTX_get_obj_by_subject 4071 3_0_0 EXIST::FUNCTION:
X509_OBJECT_free 4072 3_0_0 EXIST::FUNCTION:
@ -4250,7 +4250,7 @@ EVP_PKEY_meth_remove 4343 3_0_0 EXIST::FUNCTION:
OPENSSL_sk_reserve 4344 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_engine 4347 3_0_0 EXIST::FUNCTION:ENGINE
DH_new_by_nid 4348 3_0_0 EXIST::FUNCTION:DH
DH_get_nid 4349 3_0_0 EXIST::FUNCTION:DH
DH_get_nid 4349 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CRYPTO_get_alloc_counts 4350 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG
OPENSSL_sk_new_reserve 4351 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_check 4352 3_0_0 EXIST::FUNCTION:
@ -4270,9 +4270,9 @@ EVP_PKEY_meth_get_public_check 4365 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_get_param_check 4366 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_public_check 4367 3_0_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_param_check 4368 3_0_0 EXIST::FUNCTION:
DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DH
DH_check_pub_key_ex 4370 3_0_0 EXIST::FUNCTION:DH
DH_check_params_ex 4371 3_0_0 EXIST::FUNCTION:DH
DH_check_ex 4369 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_check_pub_key_ex 4370 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
DH_check_params_ex 4371 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
RSA_generate_multi_prime_key 4372 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
RSA_get_multi_prime_extra_count 4373 3_0_0 EXIST::FUNCTION:RSA
OCSP_resp_get0_signer 4374 3_0_0 EXIST::FUNCTION:OCSP