Add convenience functions and macros for asymmetric key generation

Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)

CHANGES.md

@@ -405,6 +405,12 @@ OpenSSL 3.0
 
    *Dmitry Belyavskiy*
 
+ * Added convenience functions for generating asymmetric key pairs:
+   The 'quick' one-shot (yet somewhat limited) function L<EVP_PKEY_Q_keygen(3)>
+   and macros for the most common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)>.
+
+   *David von Oheimb*
+
  * All of the low-level EC_KEY functions have been deprecated including:
 
    EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
@@ -429,7 +435,8 @@ OpenSSL 3.0
    Applications that need to implement an EC_KEY_METHOD need to consider
    implementation of the functionality in a special provider.
    For replacement of the functions manipulating the EC_KEY objects
-   see the EVP_PKEY-EC(7) manual page.
+   see the L<EVP_PKEY-EC(7)> manual page.
+   A simple way of generating EC keys is L<EVP_EC_gen(3)>.
 
    Additionally functions that read and write EC_KEY objects such as
    o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
@@ -825,7 +832,7 @@ OpenSSL 3.0
 
  * All of the low-level RSA functions have been deprecated including:
 
-   RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
+   RSA_new, RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
    RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
    RSA_generate_multi_prime_key, RSA_X931_derive_ex, RSA_X931_generate_key_ex,
    RSA_check_key, RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
@@ -858,6 +865,9 @@ OpenSSL 3.0
    time.  Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
    L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
    L<EVP_PKEY_decrypt(3)>.
+   For replacement of the functions manipulating the RSA objects
+   see the L<EVP_PKEY-RSA(7)> manual page.
+   A simple way of generating RSA keys is L<EVP_RSA_gen(3)>.
 
    All of these low-level RSA functions have been deprecated without
    replacement:

NEWS.md

@@ -26,6 +26,7 @@ OpenSSL 3.0
     RC4, RC5, and DES to the legacy provider.
   * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy
     provider.
+  * Added convenience functions for generating asymmetric key pairs.
   * Deprecated the `OCSP_REQ_CTX` type and functions.
   * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions.
   * Deprecated the `RSA` and `RSA_METHOD` types and functions.

crypto/conf/conf_def.c

@@ -11,8 +11,8 @@
 
 #include <stdio.h>
 #include <string.h>
+#include "e_os.h" /* strcasecmp and struct stat */
 #ifdef __TANDEM
-# include <strings.h> /* strcasecmp */
 # include <sys/types.h> /* needed for stat.h */
 # include <sys/stat.h> /* struct stat */
 #endif
@@ -28,7 +28,6 @@
 # include <sys/stat.h>
 # ifdef _WIN32
 #  define stat    _stat
-#  define strcasecmp _stricmp
 # endif
 #endif
 

crypto/ec/ec_backend.c

@@ -328,7 +328,7 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
 
     if (curve_nid != NID_undef) {
         /* Named curve */
-        const char *curve_name = ossl_ec_curve_nid2name(curve_nid);
+        const char *curve_name = OSSL_EC_curve_nid2name(curve_nid);
 
         if (curve_name == NULL
             || !ossl_param_build_set_utf8_string(tmpl, params,

crypto/evp/ctrl_params_translate.c

@@ -1482,7 +1482,7 @@ static int get_payload_group_name(enum state state,
             if (grp != NULL)
                 nid = EC_GROUP_get_curve_name(grp);
             if (nid != NID_undef)
-                ctx->p2 = (char *)ossl_ec_curve_nid2name(nid);
+                ctx->p2 = (char *)OSSL_EC_curve_nid2name(nid);
         }
         break;
 #endif

crypto/evp/ec_support.c

@@ -115,7 +115,7 @@ static const EC_NAME2NID curve_list[] = {
     {"SM2", NID_sm2 },
 };
 
-const char *ossl_ec_curve_nid2name(int nid)
+const char *OSSL_EC_curve_nid2name(int nid)
 {
     size_t i;
 

crypto/evp/evp_lib.c

@@ -14,11 +14,14 @@
 #include "internal/deprecated.h"
 
 #include <stdio.h>
+#include <string.h>
+#include "e_os.h" /* strcasecmp */
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/params.h>
 #include <openssl/core_names.h>
+#include <openssl/rsa.h>
 #include <openssl/dh.h>
 #include <openssl/ec.h>
 #include "crypto/evp.h"
@@ -27,6 +30,7 @@
 #include "evp_local.h"
 
 #if !defined(FIPS_MODULE)
+
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
     return evp_cipher_param_to_asn1_ex(c, type, NULL);
@@ -1111,3 +1115,59 @@ int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
         return -1;
     return 1;
 }
+
+/*
+ * evp_pkey_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX>
+ * while providing a generic way of generating a new asymmetric key pair
+ * of algorithm type I<name> (e.g., C<RSA> or C<EC>).
+ * The library context I<libctx> and property query I<propq>
+ * are used when fetching algorithms from providers.
+ * The I<params> specify algorithm-specific parameters
+ * such as the RSA modulus size or the name of an EC curve.
+ */
+static EVP_PKEY *evp_pkey_keygen(OSSL_LIB_CTX *libctx, const char *name,
+                                 const char *propq, OSSL_PARAM *params)
+{
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq);
+
+    if (ctx != NULL
+            && EVP_PKEY_keygen_init(ctx) > 0
+            && EVP_PKEY_CTX_set_params(ctx, params))
+        (void)EVP_PKEY_generate(ctx, &pkey);
+
+    EVP_PKEY_CTX_free(ctx);
+    return pkey;
+}
+
+EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
+                            const char *type, ...)
+{
+    va_list args;
+    size_t bits;
+    char *name;
+    OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    EVP_PKEY *ret = NULL;
+
+    va_start(args, type);
+
+    if (strcasecmp(type, "RSA") == 0) {
+        bits = va_arg(args, size_t);
+        params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
+    } else if (strcasecmp(type, "EC") == 0) {
+        name = va_arg(args, char *);
+        params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+                                                     name, 0);
+    } else if (strcasecmp(type, "ED25519") != 0
+               && strcasecmp(type, "X25519") != 0
+               && strcasecmp(type, "ED448") != 0
+               && strcasecmp(type, "X448") != 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
+        goto end;
+    }
+    ret = evp_pkey_keygen(libctx, type, propq, params);
+
+ end:
+    va_end(args);
+    return ret;
+}

crypto/evp/pmeth_gn.c

@@ -123,7 +123,7 @@ static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg)
     return ctx->pkey_gencb(ctx);
 }
 
-int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 {
     int ret = 0;
     OSSL_CALLBACK cb;
@@ -262,7 +262,7 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
         return -1;
     }
-    return EVP_PKEY_gen(ctx, ppkey);
+    return EVP_PKEY_generate(ctx, ppkey);
 }
 
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
@@ -271,7 +271,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
         return -1;
     }
-    return EVP_PKEY_gen(ctx, ppkey);
+    return EVP_PKEY_generate(ctx, ppkey);
 }
 
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)

doc/build.info

@@ -1206,10 +1206,6 @@ DEPEND[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod
 GENERATE[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod
 DEPEND[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod
 GENERATE[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod
-DEPEND[html/man3/EVP_PKEY_gen.html]=man3/EVP_PKEY_gen.pod
-GENERATE[html/man3/EVP_PKEY_gen.html]=man3/EVP_PKEY_gen.pod
-DEPEND[man/man3/EVP_PKEY_gen.3]=man3/EVP_PKEY_gen.pod
-GENERATE[man/man3/EVP_PKEY_gen.3]=man3/EVP_PKEY_gen.pod
 DEPEND[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod
 GENERATE[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod
 DEPEND[man/man3/EVP_PKEY_get_default_digest_nid.3]=man3/EVP_PKEY_get_default_digest_nid.pod
@@ -1230,6 +1226,10 @@ DEPEND[html/man3/EVP_PKEY_is_a.html]=man3/EVP_PKEY_is_a.pod
 GENERATE[html/man3/EVP_PKEY_is_a.html]=man3/EVP_PKEY_is_a.pod
 DEPEND[man/man3/EVP_PKEY_is_a.3]=man3/EVP_PKEY_is_a.pod
 GENERATE[man/man3/EVP_PKEY_is_a.3]=man3/EVP_PKEY_is_a.pod
+DEPEND[html/man3/EVP_PKEY_keygen.html]=man3/EVP_PKEY_keygen.pod
+GENERATE[html/man3/EVP_PKEY_keygen.html]=man3/EVP_PKEY_keygen.pod
+DEPEND[man/man3/EVP_PKEY_keygen.3]=man3/EVP_PKEY_keygen.pod
+GENERATE[man/man3/EVP_PKEY_keygen.3]=man3/EVP_PKEY_keygen.pod
 DEPEND[html/man3/EVP_PKEY_meth_get_count.html]=man3/EVP_PKEY_meth_get_count.pod
 GENERATE[html/man3/EVP_PKEY_meth_get_count.html]=man3/EVP_PKEY_meth_get_count.pod
 DEPEND[man/man3/EVP_PKEY_meth_get_count.3]=man3/EVP_PKEY_meth_get_count.pod
@@ -2999,12 +2999,12 @@ html/man3/EVP_PKEY_derive.html \
 html/man3/EVP_PKEY_encapsulate.html \
 html/man3/EVP_PKEY_encrypt.html \
 html/man3/EVP_PKEY_fromdata.html \
-html/man3/EVP_PKEY_gen.html \
 html/man3/EVP_PKEY_get_default_digest_nid.html \
 html/man3/EVP_PKEY_get_field_type.html \
 html/man3/EVP_PKEY_get_group_name.html \
 html/man3/EVP_PKEY_gettable_params.html \
 html/man3/EVP_PKEY_is_a.html \
+html/man3/EVP_PKEY_keygen.html \
 html/man3/EVP_PKEY_meth_get_count.html \
 html/man3/EVP_PKEY_meth_new.html \
 html/man3/EVP_PKEY_new.html \
@@ -3586,12 +3586,12 @@ man/man3/EVP_PKEY_derive.3 \
 man/man3/EVP_PKEY_encapsulate.3 \
 man/man3/EVP_PKEY_encrypt.3 \
 man/man3/EVP_PKEY_fromdata.3 \
-man/man3/EVP_PKEY_gen.3 \
 man/man3/EVP_PKEY_get_default_digest_nid.3 \
 man/man3/EVP_PKEY_get_field_type.3 \
 man/man3/EVP_PKEY_get_group_name.3 \
 man/man3/EVP_PKEY_gettable_params.3 \
 man/man3/EVP_PKEY_is_a.3 \
+man/man3/EVP_PKEY_keygen.3 \
 man/man3/EVP_PKEY_meth_get_count.3 \
 man/man3/EVP_PKEY_meth_new.3 \
 man/man3/EVP_PKEY_new.3 \

doc/man3/EC_GROUP_new.pod

@@ -20,8 +20,9 @@ EC_GROUP_set_curve_GFp,
 EC_GROUP_get_curve_GFp,
 EC_GROUP_set_curve_GF2m,
 EC_GROUP_get_curve_GF2m,
-EC_get_builtin_curves - Functions for creating and destroying EC_GROUP
-objects
+EC_get_builtin_curves,
+OSSL_EC_curve_nid2name -
+Functions for creating and destroying EC_GROUP objects
 
 =head1 SYNOPSIS
 
@@ -52,6 +53,7 @@ objects
                                              ECPKPARAMETERS *params);
 
  size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+ const char *OSSL_EC_curve_nid2name(int nid);
 
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
@@ -173,6 +175,8 @@ in the EC_GROUP is public anyway, this function is unnecessary.
 Its use can be safely replaced with EC_GROUP_free().
 If I<group> is NULL nothing is done.
 
+OSSL_EC_curve_nid2name() converts a curve I<nid> into the corresponding name.
+
 =head1 RETURN VALUES
 
 All EC_GROUP_new* functions return a pointer to the newly constructed group, or
@@ -184,6 +188,8 @@ available.
 EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(),
 EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error.
 
+OSSL_EC_curve_nid2name() returns a character string constant, or NULL on error.
+
 =head1 SEE ALSO
 
 L<crypto(7)>, L<EC_GROUP_copy(3)>,

doc/man3/EC_KEY_new.pod

@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+EVP_EC_gen,
 EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex,
 EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags,
 EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
@@ -20,6 +21,8 @@ EC_KEY objects
 
  #include <openssl/ec.h>
 
+ EVP_PKEY *EVP_EC_gen(const char *curve);
+
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
@@ -65,8 +68,11 @@ L<openssl_user_macros(7)>:
 
 =head1 DESCRIPTION
 
-All of the functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_new(3)> and L<EVP_PKEY_free(3)>.
+EVP_EC_gen() generates a new EC key pair on the given I<curve>.
+
+All of the functions described below are deprecated.
+Applications should instead use EVP_EC_gen(), L<EVP_PKEY_Q_keygen(3)>, or
+L<EVP_PKEY_keygen_init(3)> and L<EVP_PKEY_keygen(3)>.
 
 An EC_KEY represents a public key and, optionally, the associated private
 key.
@@ -152,7 +158,6 @@ EC_KEY_decoded_from_explicit_params() returns 1 if the group of the I<key> was
 decoded from data with explicitly encoded group parameters, -1 if the I<key>
 is NULL or the group parameters are missing, and 0 otherwise.
 
-Although deprecated in OpenSSL 3.0 and should no longer be used,
 EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator
 for faster point multiplication. See also L<EC_POINT_add(3)>.
 Modern versions should instead switch to named curves which OpenSSL has
@@ -208,6 +213,7 @@ of the buffer or 0 on error.
 
 =head1 SEE ALSO
 
+L<EVP_PKEY_Q_keygen(3)>
 L<crypto(7)>, L<EC_GROUP_new(3)>,
 L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
 L<EC_POINT_add(3)>,
@@ -217,7 +223,9 @@ L<OSSL_LIB_CTX(3)>
 
 =head1 HISTORY
 
-All of these functions were deprecated in OpenSSL 3.0.
+EVP_EC_gen() was added in OpenSSL 3.0.
+All other functions described here were deprecated in OpenSSL 3.0.
+For replacement see L<EVP_PKEY-EC(7)>.
 
 =head1 COPYRIGHT
 

doc/man3/EVP_PKEY_keygen.pod

@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_gen,
+EVP_PKEY_Q_keygen,
+EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_generate,
 EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
 EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
 EVP_PKEY_CTX_get_app_data,
@@ -14,9 +15,12 @@ EVP_PKEY_paramgen, EVP_PKEY_keygen
 
  #include <openssl/evp.h>
 
+ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
+                             const char *type, ...);
+
  int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
  int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
  int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 
@@ -57,16 +61,16 @@ After initialization, generation parameters may be provided with
 L<EVP_PKEY_CTX_ctrl(3)> or L<EVP_PKEY_CTX_set_params(3)>, or any other
 function described in those manuals.
 
-EVP_PKEY_gen() performs the generation operation, the resulting key
+EVP_PKEY_generate() performs the generation operation, the resulting key
 parameters or key are written to I<*ppkey>.  If I<*ppkey> is NULL when this
 function is called, it will be allocated, and should be freed by the caller
 when no longer useful, using L<EVP_PKEY_free(3)>.
 
 EVP_PKEY_paramgen() and EVP_PKEY_keygen() do exactly the same thing as
-EVP_PKEY_gen(), after checking that the corresponding EVP_PKEY_paramgen_init()
+EVP_PKEY_generate(), after checking that the corresponding EVP_PKEY_paramgen_init()
 or EVP_PKEY_keygen_init() was used to initialize I<ctx>.
 These are older functions that are kept for backward compatibility.
-It is safe to use EVP_PKEY_gen() instead.
+It is safe to use EVP_PKEY_generate() instead.
 
 The function EVP_PKEY_set_cb() sets the key or parameter generation callback
 to I<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
@@ -87,6 +91,18 @@ and retrieve an opaque pointer. This can be used to set some application
 defined value which can be retrieved in the callback: for example a handle
 which is used to update a "progress dialog".
 
+EVP_PKEY_Q_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX> while
+providing a 'quick' but limited way of generating a new asymmetric key pair.
+It provides shorthands for simple and common cases of key generation.
+As usual, the library context I<libctx> and property query I<propq>
+can be given for fetching algorithms from providers.
+If I<type> is C<RSA>,
+a B<size_t> parameter must be given to specify the size of the RSA key.
+If I<type> is C<EC>,
+a string parameter must be given to specify the name of the EC curve.
+If I<type> is C<X25519>, C<X448>, C<ED25519>, or C<ED448>
+no further parameter is needed.
+
 =head1 RETURN VALUES
 
 EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
@@ -94,6 +110,8 @@ EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
 In particular a return value of -2 indicates the operation is not supported by
 the public key algorithm.
 
+EVP_PKEY_Q_keygen() returns an B<EVP_PKEY>, or NULL on failure.
+
 =head1 NOTES
 
 After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
@@ -187,6 +205,7 @@ Example of generation callback for OpenSSL public key implementations:
 
 =head1 SEE ALSO
 
+L<EVP_RSA_gen(3)>, L<EVP_EC_gen(3)>,
 L<EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)>,
@@ -203,7 +222,7 @@ EVP_PKEY_CTX_get_cb(), EVP_PKEY_CTX_get_keygen_info(),
 EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() were added in
 OpenSSL 1.0.0.
 
-EVP_PKEY_gen() was added in OpenSSL 3.0.
+EVP_PKEY_Q_keygen() and EVP_PKEY_generate() were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 

doc/man3/RSA_generate_key.pod

@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+EVP_RSA_gen,
 RSA_generate_key_ex, RSA_generate_key,
 RSA_generate_multi_prime_key - generate RSA key pair
 
@@ -9,6 +10,8 @@ RSA_generate_multi_prime_key - generate RSA key pair
 
  #include <openssl/rsa.h>
 
+ EVP_PKEY *EVP_RSA_gen(unsigned int bits);
+
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
@@ -16,44 +19,42 @@ L<openssl_user_macros(7)>:
  int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
  int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
 
-Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining
-B<OPENSSL_API_COMPAT> with a suitable version value, see
-L<openssl_user_macros(7)>:
+Deprecated since OpenSSL 0.9.8:
 
  RSA *RSA_generate_key(int bits, unsigned long e,
                        void (*callback)(int, int, void *), void *cb_arg);
 
 =head1 DESCRIPTION
 
-All of the functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_keygen_init(3)> and
-L<EVP_PKEY_keygen(3)>.
+EVP_RSA_gen() generates a new RSA key pair with modulus size I<bits>.
+
+All of the functions described below are deprecated.
+Applications should instead use EVP_RSA_gen(), L<EVP_PKEY_Q_keygen(3)>, or
+L<EVP_PKEY_keygen_init(3)> and L<EVP_PKEY_keygen(3)>.
 
 RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the
-B<RSA> structure provided in B<rsa>. The pseudo-random number generator must
-be seeded prior to calling RSA_generate_key_ex().
+B<RSA> structure provided in I<rsa>.
 
 RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores
-it in the B<RSA> structure provided in B<rsa>. The number of primes is given by
-the B<primes> parameter. The random number generator must be seeded when
-calling RSA_generate_multi_prime_key().
+it in the B<RSA> structure provided in I<rsa>. The number of primes is given by
+the I<primes> parameter.
 If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
 external circumstances (see L<RAND(7)>), the operation will fail.
 
-The modulus size will be of length B<bits>, the number of primes to form the
-modulus will be B<primes>, and the public exponent will be B<e>. Key sizes
-with B<num> E<lt> 1024 should be considered insecure. The exponent is an odd
+The modulus size will be of length I<bits>, the number of primes to form the
+modulus will be I<primes>, and the public exponent will be I<e>. Key sizes
+with I<num> E<lt> 1024 should be considered insecure. The exponent is an odd
 number, typically 3, 17 or 65537.
 
 In order to maintain adequate security level, the maximum number of permitted
-B<primes> depends on modulus bit length:
+I<primes> depends on modulus bit length:
 
    <1024 | >=1024 | >=4096 | >=8192
    ------+--------+--------+-------
      2   |   3    |   4    |   5
 
 A callback function may be used to provide feedback about the
-progress of the key generation. If B<cb> is not B<NULL>, it
+progress of the key generation. If I<cb> is not NULL, it
 will be called as follows using the BN_GENCB_call() function
 described on the L<BN_generate_prime(3)> page.
 
@@ -71,42 +72,44 @@ described in L<BN_generate_prime(3)>.
 =item *
 
 When the n-th randomly generated prime is rejected as not
-suitable for the key, B<BN_GENCB_call(cb, 2, n)> is called.
+suitable for the key, I<BN_GENCB_call(cb, 2, n)> is called.
 
 =item *
 
-When a random p has been found with p-1 relatively prime to B<e>,
-it is called as B<BN_GENCB_call(cb, 3, 0)>.
+When a random p has been found with p-1 relatively prime to I<e>,
+it is called as I<BN_GENCB_call(cb, 3, 0)>.
 
 =back
 
 The process is then repeated for prime q and other primes (if any)
-with B<BN_GENCB_call(cb, 3, i)> where B<i> indicates the i-th prime.
+with I<BN_GENCB_call(cb, 3, i)> where I<i> indicates the i-th prime.
 
 =head1 RETURN VALUES
 
+EVP_RSA_gen() returns an I<EVP_PKEY> or NULL on failure.
+
 RSA_generate_multi_prime_key() returns 1 on success or 0 on error.
 RSA_generate_key_ex() returns 1 on success or 0 on error.
 The error codes can be obtained by L<ERR_get_error(3)>.
 
 RSA_generate_key() returns a pointer to the RSA structure or
-B<NULL> if the key generation fails.
+NULL if the key generation fails.
 
 =head1 BUGS
 
-B<BN_GENCB_call(cb, 2, x)> is used with two different meanings.
+I<BN_GENCB_call(cb, 2, x)> is used with two different meanings.
 
 =head1 SEE ALSO
 
-L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<BN_generate_prime(3)>,
-L<RAND(7)>
+L<EVP_PKEY_Q_keygen(3)>
+L<BN_generate_prime(3)>, L<ERR_get_error(3)>,
+L<RAND_bytes(3)>, L<RAND(7)>
 
 =head1 HISTORY
 
-All of these functions were deprecated in OpenSSL 3.0.
-
-RSA_generate_key() was deprecated in OpenSSL 0.9.8; use
-RSA_generate_key_ex() instead.
+EVP_RSA_gen() was added in OpenSSL 3.0.
+All other functions described here were deprecated in OpenSSL 3.0.
+For replacement see L<EVP_PKEY-RSA(7)>.
 
 =head1 COPYRIGHT
 

doc/man3/RSA_new.pod

@@ -8,6 +8,8 @@ RSA_new, RSA_free - allocate and free RSA objects
 
  #include <openssl/rsa.h>
 
+Deprecated since OpenSSL 3.0:
+
  RSA *RSA_new(void);
 
  void RSA_free(RSA *rsa);
@@ -35,6 +37,11 @@ L<ERR_get_error(3)>,
 L<RSA_generate_key(3)>,
 L<RSA_new_method(3)>
 
+=head1 HISTORY
+
+All functions described here were deprecated in OpenSSL 3.0.
+For replacement see EVP_PKEY-RSA(7).
+
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/man7/EVP_PKEY-DH.pod

@@ -154,7 +154,7 @@ A B<DH> key can be generated with a named safe prime group by calling:
 
     EVP_PKEY_keygen_init(pctx);
     EVP_PKEY_CTX_set_params(pctx, params);
-    EVP_PKEY_gen(pctx, &pkey);
+    EVP_PKEY_generate(pctx, &pkey);
     ...
     EVP_PKEY_free(key);
     EVP_PKEY_CTX_free(pctx);
@@ -179,7 +179,7 @@ B<DHX> domain parameters can be generated according to B<FIPS 186-4> by calling:
     params[5] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(pctx, params);
 
-    EVP_PKEY_gen(pctx, &param_key);
+    EVP_PKEY_generate(pctx, &param_key);
 
     EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
     ...
@@ -192,7 +192,7 @@ A B<DH> key can be generated using domain parameters by calling:
     EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
 
     EVP_PKEY_keygen_init(gctx);
-    EVP_PKEY_gen(gctx, &key);
+    EVP_PKEY_generate(gctx, &key);
     EVP_PKEY_print_private(bio_out, key, 0, NULL);
     ...
     EVP_PKEY_free(key);

doc/man7/EVP_PKEY-DSA.pod

@@ -54,7 +54,7 @@ The B<DSA> domain parameters can be generated by calling:
     params[4] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(pctx, params);
 
-    EVP_PKEY_gen(pctx, &param_key);
+    EVP_PKEY_generate(pctx, &param_key);
     EVP_PKEY_CTX_free(pctx);
 
     EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
@@ -66,7 +66,7 @@ A B<DSA> key can be generated using domain parameters by calling:
 
     gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
     EVP_PKEY_keygen_init(gctx);
-    EVP_PKEY_gen(gctx, &key);
+    EVP_PKEY_generate(gctx, &key);
     EVP_PKEY_CTX_free(gctx);
     EVP_PKEY_print_private(bio_out, key, 0, NULL);
 

doc/man7/EVP_PKEY-EC.pod

@@ -159,6 +159,10 @@ An B<EVP_PKEY> context can be obtained by calling:
 An B<EVP_PKEY> ECDSA or ECDH key can be generated with a "P-256" named group by
 calling:
 
+    pkey = EVP_EC_gen("P-256");
+
+or like this:
+
     EVP_PKEY *key = NULL;
     OSSL_PARAM params[2];
     EVP_PKEY_CTX *gctx =
@@ -171,7 +175,7 @@ calling:
     params[1] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(gctx, params);
 
-    EVP_PKEY_gen(gctx, &key);
+    EVP_PKEY_generate(gctx, &key);
 
     EVP_PKEY_print_private(bio_out, key, 0, NULL);
     ...
@@ -201,7 +205,7 @@ An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a
     params[2] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(gctx, params);
 
-    EVP_PKEY_gen(gctx, &key);
+    EVP_PKEY_generate(gctx, &key);
     EVP_PKEY_print_private(bio_out, key, 0, NULL);
     ...
     EVP_PKEY_free(key);
@@ -209,6 +213,7 @@ An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a
 
 =head1 SEE ALSO
 
+L<EVP_EC_gen(3)>,
 L<EVP_KEYMGMT(3)>,
 L<EVP_PKEY(3)>,
 L<provider-keymgmt(7)>,

doc/man7/EVP_PKEY-RSA.pod

@@ -202,14 +202,18 @@ An B<EVP_PKEY> context can be obtained by calling:
     EVP_PKEY_CTX *pctx =
         EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
 
-An B<RSA> key can be generated like this:
+An B<RSA> key can be generated simply like this:
+
+    pkey = EVP_RSA_gen(4096);
+
+or like this:
 
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *pctx =
         EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
 
     EVP_PKEY_keygen_init(pctx);
-    EVP_PKEY_gen(pctx, &pkey);
+    EVP_PKEY_generate(pctx, &pkey);
     EVP_PKEY_CTX_free(pctx);
 
 An B<RSA> key can be generated with key generation parameters:
@@ -227,13 +231,13 @@ An B<RSA> key can be generated with key generation parameters:
     params[2] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(pctx, params);
 
-    EVP_PKEY_gen(pctx, &pkey);
+    EVP_PKEY_generate(pctx, &pkey);
     EVP_PKEY_print_private(bio_out, pkey, 0, NULL);
     EVP_PKEY_CTX_free(pctx);
 
 =head1 SEE ALSO
 
-L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
+L<EVP_RSA_gen(3)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
 
 =head1 COPYRIGHT
 

doc/man7/EVP_PKEY-X25519.pod

@@ -84,25 +84,11 @@ An B<EVP_PKEY> context can be obtained by calling:
     EVP_PKEY_CTX *pctx =
         EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
 
-An B<ED25519> key can be generated like this:
+An B<X25519> key can be generated like this:
 
-    EVP_PKEY *pkey = NULL;
-    EVP_PKEY_CTX *pctx =
-        EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
+    pkey = EVP_Q_keygen(NULL, NULL, "X25519");
 
-    EVP_PKEY_keygen_init(pctx);
-    EVP_PKEY_gen(pctx, &pkey);
-    EVP_PKEY_CTX_free(pctx);
-
-An B<X25519> key can be generated in a similar way:
-
-    EVP_PKEY *pkey = NULL;
-    EVP_PKEY_CTX *pctx =
-        EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
-
-    EVP_PKEY_keygen_init(pctx);
-    EVP_PKEY_gen(pctx, &pkey);
-    EVP_PKEY_CTX_free(pctx);
+An B<X448>, B<ED25519>, or B<ED448> key can be generated likewise.
 
 =head1 SEE ALSO
 

doc/man7/crypto.pod

@@ -422,7 +422,7 @@ For information on the OpenSSL configuration file format see L<config(5)>.
 =head1 ENCODING AND DECODING KEYS
 
 Many algorithms require the use of a key. Keys can be generated dynamically
-using the EVP APIs (for example see L<EVP_PKEY_gen(3)>). However it is often
+using the EVP APIs (for example see L<EVP_PKEY_Q_keygen(3)>). However it is often
 necessary to save or load keys (or their associated parameters) to or from some
 external format such as PEM or DER (see L<openssl-glossary(7)>). OpenSSL uses
 encoders and decoders to perform this task.

include/crypto/ec.h

@@ -16,7 +16,6 @@
 # include <openssl/opensslconf.h>
 # include <openssl/evp.h>
 
-const char *ossl_ec_curve_nid2name(int nid);
 int ossl_ec_curve_name2nid(const char *name);
 const char *ossl_ec_curve_nid2nist_int(int nid);
 int ossl_ec_curve_nist2nid_int(const char *name);

include/openssl/ec.h

@@ -84,6 +84,8 @@ typedef enum {
     POINT_CONVERSION_HYBRID = 6
 } point_conversion_form_t;
 
+const char *OSSL_EC_curve_nid2name(int nid);
+
 # ifndef OPENSSL_NO_EC
 #  include <openssl/asn1.h>
 #  include <openssl/symhacks.h>
@@ -1072,7 +1074,7 @@ OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_conv_form(EC_KEY *eckey,
                                                 point_conversion_form_t cform);
 #  endif /*OPENSSL_NO_DEPRECATED_3_0 */
 
-# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
+#  define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
 
 #  ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -1544,6 +1546,8 @@ OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify
                                            EC_KEY *eckey));
 #  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
+#  define EVP_EC_gen(curve) \
+    EVP_PKEY_Q_keygen(NULL, NULL, "EC", (char *)(strstr(curve, "")))
 #  define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \
                                           d2i_ECParameters, x)
 

include/openssl/evp.h

@@ -1933,11 +1933,13 @@ int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
 int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
 int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);
 
+EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
+                            const char *type, ...);
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_public_check_quick(EVP_PKEY_CTX *ctx);

include/openssl/rsa.h

@@ -245,6 +245,9 @@ OSSL_DEPRECATEDIN_3_0 int RSA_get_version(RSA *r);
 OSSL_DEPRECATEDIN_3_0 ENGINE *RSA_get0_engine(const RSA *r);
 # endif  /* !OPENSSL_NO_DEPRECATED_3_0 */
 
+# define EVP_RSA_gen(bits) \
+    EVP_PKEY_Q_keygen(NULL, NULL, "RSA", (size_t)(0 + (bits)))
+
 /* Deprecated version */
 # ifndef OPENSSL_NO_DEPRECATED_0_9_8
 OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void

providers/fips-sources.checksums

@@ -143,7 +143,7 @@ d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curv
 04f8d52acc6332bdf879bf1684e8c59d2f4d8ca303d16c74d87aab3dd4a94932  crypto/ec/ec2_oct.c
 7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
-8cf8af8e9bfc29e0cdc41720ec4a6d6c74eb5c15a9fc8193f8ec8270c0df1d37  crypto/ec/ec_backend.c
+4ec7fe2efa0e55316ac4bb8507c7a37360339070c406c2623c38c5a541ac65d6  crypto/ec/ec_backend.c
 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
 845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
@@ -167,10 +167,10 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
 e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5  crypto/evp/digest.c
-87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8  crypto/evp/ec_support.c
+5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b  crypto/evp/ec_support.c
 c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
 9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561  crypto/evp/evp_fetch.c
-f975f6ba3aff8130b775f39182fdc783a3ef954402313248edd661d29032aa05  crypto/evp/evp_lib.c
+b8f6bb49081428374f183255c6759520041d084bc85acd2fdc8d4392cb1ba0dd  crypto/evp/evp_lib.c
 af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
 c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
 896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a  crypto/evp/exchange.c
@@ -184,7 +184,7 @@ ec959b00487bfc51f4cf33c21a60fd8a73087a622504f459ba4cfe48bb0a738c  crypto/evp/mac
 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5  crypto/evp/mac_meth.c
 f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5  crypto/evp/p_lib.c
 b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pmeth_check.c
-d22e6f5041a894b7e8433c1be4c5f1bc5897453bcbdd66bbc8cbfba854f7fd74  crypto/evp/pmeth_gn.c
+ff8a5ff024c228fe714e4cf758260cf9e9c992a9311acb5f96b0f2ed6af1a814  crypto/evp/pmeth_gn.c
 12b8e891dc2f3a1cf8365d9fddd319343dc229d3e60149c51b5ae9df9b6b504d  crypto/evp/pmeth_lib.c
 52d8ea3b8b3ef52b58306b0fbd4557d682ba69a5384672ba7e1682c9a853f417  crypto/evp/signature.c
 e0a58ecf268c6bec531898d8fe6b148601b0bed8324fa8d5668de643c027606b  crypto/ex_data.c

providers/fips.checksum

@@ -1 +1 @@
-14ae4fff4bd856c7e146d65b63880ff152276fe35b0f1f4ed5f24eb6e97e7b44  providers/fips-sources.checksums
+a1b5830f0c664b833a60a60b5801afb3a750eeeb41f3218d7fdae5d99ed05be7  providers/fips-sources.checksums

test/acvp_test.c

@@ -114,7 +114,6 @@ err:
 static int ecdsa_keygen_test(int id)
 {
     int ret = 0;
-    EVP_PKEY_CTX *ctx = NULL;
     EVP_PKEY *pkey = NULL;
     unsigned char *priv = NULL;
     unsigned char *pubx = NULL, *puby = NULL;
@@ -123,10 +122,7 @@ static int ecdsa_keygen_test(int id)
 
     self_test_args.called = 0;
     self_test_args.enable = 1;
-    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
-        || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
-        || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
-        || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
+    if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
         || !TEST_int_ge(self_test_args.called, 3)
         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
                                         &priv_len))
@@ -147,7 +143,6 @@ err:
     OPENSSL_free(pubx);
     OPENSSL_free(puby);
     EVP_PKEY_free(pkey);
-    EVP_PKEY_CTX_free(ctx);
     return ret;
 }
 
@@ -251,17 +246,13 @@ err:
 static int ecdsa_siggen_test(int id)
 {
     int ret = 0;
-    EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
     EVP_PKEY *pkey = NULL;
     size_t sig_len = 0, rlen = 0, slen = 0;
     unsigned char *sig = NULL;
     unsigned char *r = NULL, *s = NULL;
     const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
 
-    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
-        || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
-        || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
-        || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
+    if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
         goto err;
 
     if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
@@ -276,8 +267,6 @@ err:
     OPENSSL_free(s);
     OPENSSL_free(sig);
     EVP_PKEY_free(pkey);
-    EVP_PKEY_CTX_free(key_ctx);
-    EVP_PKEY_CTX_free(ctx);
     return ret;
 }
 
@@ -1007,21 +996,6 @@ err:
 #endif /* OPENSSL_NO_DH */
 
 
-static EVP_PKEY *rsa_keygen(int bits)
-{
-    EVP_PKEY *key = NULL;
-    EVP_PKEY_CTX *keygen_ctx = NULL;
-
-    if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
-        || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
-        || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
-        || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
-        goto err;
-err:
-    EVP_PKEY_CTX_free(keygen_ctx);
-    return key;
-}
-
 static int rsa_create_pkey(EVP_PKEY **pkey,
                            const unsigned char *n, size_t n_len,
                            const unsigned char *e, size_t e_len,
@@ -1199,7 +1173,7 @@ static int rsa_siggen_test(int id)
     }
     *p++ = OSSL_PARAM_construct_end();
 
-    if (!TEST_ptr(pkey = rsa_keygen(tst->mod))
+    if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
        || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
        || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
        || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
@@ -1275,7 +1249,7 @@ static int rsa_decryption_primitive_test(int id)
     BN_CTX *bn_ctx = NULL;
     const struct rsa_decrypt_prim_st *tst  = &rsa_decrypt_prim_data[id];
 
-    if (!TEST_ptr(pkey = rsa_keygen(2048))
+    if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))
         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))

test/dsatest.c

@@ -256,10 +256,10 @@ static int dsa_keygen_test(void)
                                                          sizeof(seed_data)))
         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
                                                              ""))
-        || !TEST_int_gt(EVP_PKEY_gen(pg_ctx, &param_key), 0)
+        || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, &param_key), 0)
         || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
         || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
-        || !TEST_int_gt(EVP_PKEY_gen(kg_ctx, &key), 0))
+        || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0))
         goto end;
 
     if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
@@ -313,7 +313,7 @@ static int test_dsa_default_paramgen_validate(int i)
           && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
           && (i == 0
               || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
-          && TEST_int_gt(EVP_PKEY_gen(gen_ctx, &params), 0)
+          && TEST_int_gt(EVP_PKEY_generate(gen_ctx, &params), 0)
           && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
           && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);
 

test/endecode_test.c

@@ -81,7 +81,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
            && EVP_PKEY_paramgen_init(ctx) > 0
            && (genparams == NULL
                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
-           && EVP_PKEY_gen(ctx, &pkey) > 0);
+           && EVP_PKEY_generate(ctx, &pkey) > 0);
     EVP_PKEY_CTX_free(ctx);
 
     return pkey;

test/endecoder_legacy_test.c

@@ -249,7 +249,7 @@ static EVP_PKEY *make_key(const char *type,
             || EVP_PKEY_paramgen_init(ctx) <= 0
             || (gen_template_params[0].key != NULL
                 && EVP_PKEY_CTX_set_params(ctx, gen_template_params_noconst) <= 0)
-            || EVP_PKEY_gen(ctx, &template) <= 0))
+            || EVP_PKEY_generate(ctx, &template) <= 0))
         goto end;
     EVP_PKEY_CTX_free(ctx);
 

test/evp_libctx_test.c

@@ -488,16 +488,12 @@ static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
 {
     int ret = 0;
-    EVP_PKEY_CTX *keygen_ctx = NULL;
     unsigned char *pub_der = NULL;
     const unsigned char *pp = NULL;
     size_t len = 0;
     OSSL_ENCODER_CTX *ectx = NULL;
 
-    if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
-        || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
-        || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
-        || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
+    if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
         || !TEST_ptr(ectx =
                      OSSL_ENCODER_CTX_new_for_pkey(*priv,
                                                    EVP_PKEY_PUBLIC_KEY,
@@ -512,7 +508,6 @@ static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
 err:
     OSSL_ENCODER_CTX_free(ectx);
     OPENSSL_free(pub_der);
-    EVP_PKEY_CTX_free(keygen_ctx);
     return ret;
 }
 

test/threadstest.c

@@ -16,7 +16,7 @@
 
 #include <string.h>
 #include <openssl/crypto.h>
-#include <openssl/evp.h>
+#include <openssl/rsa.h>
 #include <openssl/aes.h>
 #include <openssl/rsa.h>
 #include "testutil.h"
@@ -291,7 +291,6 @@ static void thread_general_worker(void)
     };
     unsigned int mdoutl;
     int ciphoutl;
-    EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
     int testresult = 0;
     int i, isfips;
@@ -320,18 +319,13 @@ static void thread_general_worker(void)
             goto err;
     }
 
-    pctx = EVP_PKEY_CTX_new_from_name(multi_libctx, "RSA", NULL);
-    if (!TEST_ptr(pctx)
-            || !TEST_int_gt(EVP_PKEY_keygen_init(pctx), 0)
-               /*
-                * We want the test to run quickly - not securely. Therefore we
-                * use an insecure bit length where we can (512). In the FIPS
-                * module though we must use a longer length.
-                */
-            || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx,
-                                                             isfips ? 2048 : 512),
-                                                             0)
-            || !TEST_int_gt(EVP_PKEY_keygen(pctx, &pkey), 0))
+    /*
+     * We want the test to run quickly - not securely.
+     * Therefore we use an insecure bit length where we can (512).
+     * In the FIPS module though we must use a longer length.
+     */
+    pkey = EVP_PKEY_Q_keygen(multi_libctx, NULL, "RSA", isfips ? 2048 : 512);
+    if (!TEST_ptr(pkey))
         goto err;
 
     testresult = 1;
@@ -340,7 +334,6 @@ static void thread_general_worker(void)
     EVP_MD_free(md);
     EVP_CIPHER_CTX_free(cipherctx);
     EVP_CIPHER_free(ciph);
-    EVP_PKEY_CTX_free(pctx);
     EVP_PKEY_free(pkey);
     if (!testresult)
         multi_success = 0;

util/libcrypto.num

@@ -4413,6 +4413,7 @@ EVP_MAC_init                            ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_update                          ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_final                           ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_finalXOF                        ?	3_0_0	EXIST::FUNCTION:
+OSSL_EC_curve_nid2name                  ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_supports_digest_nid            ?	3_0_0	EXIST::FUNCTION:
 SRP_VBASE_add0_user                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SRP_user_pwd_new                        ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
@@ -4947,7 +4948,8 @@ OSSL_CMP_exec_GENM_ses                  ?	3_0_0	EXIST::FUNCTION:CMP
 OSSL_CMP_MSG_http_perform               ?	3_0_0	EXIST::FUNCTION:CMP
 OSSL_CMP_MSG_read                       ?	3_0_0	EXIST::FUNCTION:CMP
 OSSL_CMP_MSG_write                      ?	3_0_0	EXIST::FUNCTION:CMP
-EVP_PKEY_gen                            ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_Q_keygen                       ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_generate                       ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_rsa_keygen_bits        ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_rsa_keygen_pubexp      ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_PKEY_CTX_set1_rsa_keygen_pubexp     ?	3_0_0	EXIST::FUNCTION:

util/other.syms

@@ -322,6 +322,7 @@ EVP_VerifyUpdate                        define
 EVP_bf_cfb                              define
 EVP_cast5_cfb                           define
 EVP_cleanup                             define deprecated 1.1.0
+EVP_EC_gen                              define
 EVP_get_digestbynid                     define
 EVP_get_digestbyobj                     define
 EVP_get_macbynid                        define
@@ -329,6 +330,7 @@ EVP_get_macbyobj                        define
 EVP_idea_cfb                            define
 EVP_rc2_cfb                             define
 EVP_rc5_32_12_16_cfb                    define
+EVP_RSA_gen                             define
 EVP_seed_cfb                            define
 EVP_sm4_cfb                             define
 OBJ_cleanup                             define deprecated 1.1.0