root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Deprecate ASN1_METH internal usage 

Some of them are needed and were kept by adding `#include
"internal/deprecated"` and some had to be turned off.

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27727)
This commit is contained in:
Norbert Pocs 2025-06-17 12:47:54 +02:00 committed by Neil Horman
parent 6b5540c21c
commit af2aaf3271
22 changed files with 212 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/genpkey.c
View File

@ -374,17 +374,21 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
OSSL_LIB_CTX *libctx, const char *propq)
{
EVP_PKEY_CTX *ctx = NULL;
#ifndef OPENSSL_NO_DEPRECATED_3_6
int pkey_id;
#endif
if (*pctx) {
BIO_puts(bio_err, "Algorithm already set!\n");
return 0;
}
#ifndef OPENSSL_NO_DEPRECATED_3_6
pkey_id = get_legacy_pkey_id(libctx, algname, e);
if (pkey_id != NID_undef)
ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
else
#endif
ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
if (ctx == NULL)

2
apps/include/apps.h
View File

@ -184,7 +184,9 @@ int init_engine(ENGINE *e);
int finish_engine(ENGINE *e);
char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc);
# ifndef OPENSSL_NO_DEPRECATED_3_6
int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
# endif
const EVP_MD *get_digest_from_engine(const char *name);
const EVP_CIPHER *get_cipher_from_engine(const char *name);

2
apps/lib/engine.c
View File

@ -135,6 +135,7 @@ char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc)
return new_uri;
}
#ifndef OPENSSL_NO_DEPRECATED_3_6
int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
{
const EVP_PKEY_ASN1_METHOD *ameth;
@ -163,6 +164,7 @@ int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
return pkey_id;
}
#endif
const EVP_MD *get_digest_from_engine(const char *name)
{

7
apps/lib/s_cb.c
View File

@ -1547,12 +1547,9 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
if (pkey == NULL) {
BIO_printf(sdb->out, "Public key missing");
} else {
const char *algname = "";
EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
&algname, EVP_PKEY_get0_asn1(pkey));
BIO_printf(sdb->out, "%s, bits=%d",
algname, EVP_PKEY_get_bits(pkey));
EVP_PKEY_get0_type_name(pkey),
EVP_PKEY_get_bits(pkey));
}
}
break;

4
apps/req.c
View File

@ -1608,6 +1608,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
*pkeylen = EVP_PKEY_get_bits(param);
EVP_PKEY_free(param);
} else {
#ifndef OPENSSL_NO_DEPRECATED_3_6
if (keygen_engine != NULL) {
int pkey_id = get_legacy_pkey_id(app_get0_libctx(), *pkeytype,
keygen_engine);
@ -1615,9 +1616,12 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
if (pkey_id != NID_undef)
gctx = EVP_PKEY_CTX_new_id(pkey_id, keygen_engine);
} else {
#endif
gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
*pkeytype, app_get0_propq());
#ifndef OPENSSL_NO_DEPRECATED_3_6
}
#endif
}
if (gctx == NULL) {

8
crypto/asn1/ameth_lib.c
View File

@ -7,9 +7,10 @@
* https://www.openssl.org/source/license.html
*/
#ifndef OPENSSL_NO_DEPRECATED_3_6
/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
/*
* We need to use some engine deprecated APIs
*/
#include "internal/deprecated.h"
#include "internal/cryptlib.h"
#include <stdio.h>
@ -433,4 +434,3 @@ void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
{
ameth->get_pub_key = get_pub_key;
}
#endif

2
crypto/asn1/standard_methods.h
View File

@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#ifndef OPENSSL_NO_DEPRECATED_3_6
/*
* This table MUST be kept in ascending order of the NID each method
* represents (corresponding to the pkey_id field) as OBJ_bsearch
@ -41,3 +42,4 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
&ossl_sm2_asn1_meth,
#endif
};
#endif

33
crypto/core_namemap.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* For EVP_PKEY_asn1_get0_info(), EVP_PKEY_asn1_get_count() and
* EVP_PKEY_asn1_get0()
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include "internal/namemap.h"
#include "internal/tsan_assist.h"
#include "internal/hashtable.h"
@ -432,6 +438,7 @@ static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
}
# ifndef OPENSSL_NO_DEPRECATED_3_6
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
void *arg)
{
@ -470,6 +477,7 @@ static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
}
}
}
# endif /* OPENSSL_NO_DEPRECATED_3_6 */
#endif
/*-
@ -498,7 +506,7 @@ OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx)
return NULL;
}
if (nms == 1) {
int i, end;
int num;
/* Before pilfering, we make sure the legacy database is populated */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
@ -509,9 +517,26 @@ OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx)
OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
get_legacy_md_names, namemap);
/* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
/*
* Some old providers (<= 3.5) may not have the rsassaPSS alias which
* may cause problems in some cases. We add it manually here
*/
num = ossl_namemap_add_name(namemap, 0, "RSA-PSS");
if (num != 0) {
ossl_namemap_add_name(namemap, num, "rsassaPss");
/* Add other RSA-PSS aliases as well */
ossl_namemap_add_name(namemap, num, "RSASSA-PSS");
ossl_namemap_add_name(namemap, num, "1.2.840.113549.1.1.10");
}
# ifndef OPENSSL_NO_DEPRECATED_3_6
{
int i, end;
/* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
}
# endif
}
#endif

3
crypto/evp/build.info
View File

@ -3,7 +3,8 @@ $COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c evp_utils.c \
mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c \
skeymgmt_meth.c \
pmeth_lib.c signature.c p_lib.c s_lib.c pmeth_gn.c exchange.c \
evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c
evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c \
evp_pkey_type.c
SOURCE[../../libcrypto]=$COMMON\
encode.c evp_key.c evp_cnf.c \

9
crypto/evp/evp_pkey.c
View File

@ -7,6 +7,11 @@
* https://www.openssl.org/source/license.html
*/
/*
* Needed for EVP_PKEY_get0_asn1 and EVP_PKEY_asn1_get0_info
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
@ -244,17 +249,21 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key)
{
#ifndef OPENSSL_NO_DEPRECATED_3_6
const EVP_PKEY_ASN1_METHOD *ameth;
#endif
const char *name = NULL;
if (key->keymgmt != NULL)
return EVP_KEYMGMT_get0_name(key->keymgmt);
#ifndef OPENSSL_NO_DEPRECATED_3_6
/* Otherwise fallback to legacy */
ameth = EVP_PKEY_get0_asn1(key);
if (ameth != NULL)
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &name, ameth);
#endif
return name;
}

88
crypto/evp/evp_pkey_type.c Normal file
View File

@ -0,0 +1,88 @@
/*
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include "crypto/evp.h"
#include <openssl/core_names.h>
#include <openssl/macros.h>
#ifndef OPENSSL_NO_DEPRECATED_3_6
# include <openssl/engine.h>
# include "crypto/asn1.h"
#include <openssl/types.h>
#else
# include "internal/nelem.h"
#endif
#ifdef OPENSSL_NO_DEPRECATED_3_6
/*
* This is a hardcoded conversion table for legacy ASN1_METHOD and pkey type.
* As the deprecated ASN1 should not enable to add any asn1 method, therefore
* this should work.
*/
struct pkid2bid {
int pkey_id;
int pkey_base_id;
};
const struct pkid2bid base_id_conversion[] = {
{EVP_PKEY_RSA, EVP_PKEY_RSA},
{EVP_PKEY_RSA2, EVP_PKEY_RSA},
{EVP_PKEY_RSA_PSS, EVP_PKEY_RSA_PSS},
#ifndef OPENSSL_NO_DH
{EVP_PKEY_DH, EVP_PKEY_DH},
{EVP_PKEY_DHX, EVP_PKEY_DHX},
#endif
#ifndef OPENSSL_NO_DSA
{EVP_PKEY_DSA1, EVP_PKEY_DSA},
{EVP_PKEY_DSA4, EVP_PKEY_DSA2},
{EVP_PKEY_DSA3, EVP_PKEY_DSA2},
{EVP_PKEY_DSA, EVP_PKEY_DSA},
#endif
#ifndef OPENSSL_NO_EC
{EVP_PKEY_EC, EVP_PKEY_EC},
#endif
#ifndef OPENSSL_NO_ECX
{EVP_PKEY_X25519, EVP_PKEY_X25519},
{EVP_PKEY_X448, EVP_PKEY_X448},
{EVP_PKEY_ED25519, EVP_PKEY_ED25519},
{EVP_PKEY_ED448, EVP_PKEY_ED448},
#endif
#ifndef OPENSSL_NO_SM2
{EVP_PKEY_SM2, EVP_PKEY_EC},
#endif
};
#endif
int EVP_PKEY_type(int type)
{
#ifndef OPENSSL_NO_DEPRECATED_3_6
int ret;
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *e;
ameth = EVP_PKEY_asn1_find(&e, type);
if (ameth)
ret = ameth->pkey_id;
else
ret = NID_undef;
# ifndef OPENSSL_NO_ENGINE
ENGINE_finish(e);
# endif
return ret;
#else
size_t i;
for (i = 0; i < OSSL_NELEM(base_id_conversion); i++) {
if (type == base_id_conversion[i].pkey_id)
return base_id_conversion[i].pkey_base_id;
}
return NID_undef;
#endif
}

18
crypto/evp/p_lib.c
View File

@ -1022,22 +1022,6 @@ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
}
# endif
int EVP_PKEY_type(int type)
{
int ret;
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *e;
ameth = EVP_PKEY_asn1_find(&e, type);
if (ameth)
ret = ameth->pkey_id;
else
ret = NID_undef;
# ifndef OPENSSL_NO_ENGINE
ENGINE_finish(e);
# endif
return ret;
}
int EVP_PKEY_get_id(const EVP_PKEY *pkey)
{
return pkey->type;
@ -1558,7 +1542,7 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
{
#ifndef FIPS_MODULE
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
ENGINE **eptr = (e == NULL) ? &e : NULL;
ENGINE **eptr = (e == NULL) ? &e : NULL;
#endif
/*

2
crypto/evp/pmeth_gn.c
View File

@ -192,7 +192,7 @@ int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
ctx->keygen_info = NULL;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_DEPRECATED_3_6)
/* In case |*ppkey| was originally a legacy key */
if (ret)
evp_pkey_free_legacy(*ppkey);

6
crypto/pem/pem_lib.c
View File

@ -7,8 +7,10 @@
* https://www.openssl.org/source/license.html
*/
/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
/*
* We need to use some engine deprecated APIs
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "crypto/ctype.h"

6
crypto/pem/pem_pkey.c
View File

@ -7,8 +7,10 @@
* https://www.openssl.org/source/license.html
*/
/* We need to use some deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
/*
* We need to use some deprecated APIs
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <openssl/buffer.h>

9
crypto/x509/t_x509.c
View File

@ -7,6 +7,11 @@
* https://www.openssl.org/source/license.html
*/
/*
* because of EVP_PKEY_asn1_find deprecation
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
@ -287,7 +292,9 @@ int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
const ASN1_STRING *sig)
{
#ifndef OPENSSL_NO_DEPRECATED_3_6
int sig_nid;
#endif
int indent = 4;
if (BIO_printf(bp, "%*sSignature Algorithm: ", indent, "") <= 0)
return 0;
@ -296,6 +303,7 @@ int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
if (sig && BIO_printf(bp, "\n%*sSignature Value:", indent, "") <= 0)
return 0;
#ifndef OPENSSL_NO_DEPRECATED_3_6
sig_nid = OBJ_obj2nid(sigalg->algorithm);
if (sig_nid != NID_undef) {
int pkey_nid, dig_nid;
@ -306,6 +314,7 @@ int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
return ameth->sig_print(bp, sigalg, sig, indent + 4, 0);
}
}
#endif
if (BIO_write(bp, "\n", 1) != 1)
return 0;
if (sig)

11
crypto/x509/v3_ac_tgt.c
View File

@ -7,6 +7,11 @@
* https://www.openssl.org/source/license.html
*/
/*
* Needed for EVP_PKEY_asn1_find
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include <openssl/x509_acert.h>
#include <crypto/x509_acert.h>
@ -103,15 +108,16 @@ static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method,
BIO *out, int indent)
{
int64_t dot = 0;
#ifndef OPENSSL_NO_DEPRECATED_3_6
int sig_nid;
X509_ALGOR *digalg;
#endif
ASN1_STRING *sig;
if (odi == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
digalg = &odi->digestAlgorithm;
sig = &odi->objectDigest;
if (!ASN1_ENUMERATED_get_int64(&dot, &odi->digestedObjectType)) {
return 0;
@ -139,6 +145,8 @@ static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method,
BIO_puts(out, "\n");
if (BIO_printf(out, "\n%*sSignature Value: ", indent, "") <= 0)
return 0;
#ifndef OPENSSL_NO_DEPRECATED_3_6
digalg = &odi->digestAlgorithm;
sig_nid = OBJ_obj2nid(odi->digestAlgorithm.algorithm);
if (sig_nid != NID_undef) {
int pkey_nid, dig_nid;
@ -149,6 +157,7 @@ static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method,
return ameth->sig_print(out, digalg, sig, indent + 4, 0);
}
}
#endif
if (BIO_write(out, "\n", 1) != 1)
return 0;
if (sig)

5
crypto/x509/x509_set.c
View File

@ -7,6 +7,11 @@
* https://www.openssl.org/source/license.html
*/
/*
* because of EVP_PKEY_asn1_find deprecation
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"

4
engines/e_loader_attic.c
View File

@ -11,7 +11,9 @@
/* This file has quite some overlap with providers/implementations/storemgmt/file_store.c */
/* We need to use some engine deprecated APIs */
/*
* We need to use some asn1_meth deprecated APIs
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include "internal/e_os.h" /* for stat */

18
include/openssl/evp.h
View File

@ -523,9 +523,11 @@ typedef int (EVP_PBE_KEYGEN_EX) (EVP_CIPHER_CTX *ctx, const char *pass,
(rsa))
# endif
# ifndef OPENSSL_NO_DSA
# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
(dsa))
# ifndef OPENSSL_NO_DEPRECATED_3_6
# ifndef OPENSSL_NO_DSA
# define EVP_PKEY_assign_DSA(pkey, dsa) EVP_PKEY_assign((pkey), EVP_PKEY_DSA, \
(dsa))
# endif
# endif
# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@ -539,10 +541,12 @@ typedef int (EVP_PBE_KEYGEN_EX) (EVP_CIPHER_CTX *ctx, const char *pass,
(eckey))
# endif
# endif
# ifndef OPENSSL_NO_SIPHASH
# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\
EVP_PKEY_SIPHASH,(shkey))
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_6
# ifndef OPENSSL_NO_SIPHASH
# define EVP_PKEY_assign_SIPHASH(pkey, shkey) EVP_PKEY_assign((pkey), \
EVP_PKEY_SIPHASH, \
(shkey))
# endif
# ifndef OPENSSL_NO_POLY1305
# define EVP_PKEY_assign_POLY1305(pkey, polykey) EVP_PKEY_assign((pkey), \

2
providers/implementations/include/prov/names.h
View File

@ -400,7 +400,7 @@
#define PROV_NAMES_RSA_SHA3_384 "RSA-SHA3-384:id-rsassa-pkcs1-v1_5-with-sha3-384:2.16.840.1.101.3.4.3.15"
#define PROV_NAMES_RSA_SHA3_512 "RSA-SHA3-512:id-rsassa-pkcs1-v1_5-with-sha3-512:2.16.840.1.101.3.4.3.16"
#define PROV_DESCS_RSA "OpenSSL RSA implementation"
#define PROV_NAMES_RSA_PSS "RSA-PSS:RSASSA-PSS:1.2.840.113549.1.1.10"
#define PROV_NAMES_RSA_PSS "RSA-PSS:RSASSA-PSS:rsassaPss:1.2.840.113549.1.1.10"
#define PROV_DESCS_RSA_PSS "OpenSSL RSA-PSS implementation"
#define PROV_NAMES_SM2 "SM2:1.2.156.10197.1.301"
#define PROV_DESCS_SM2 "OpenSSL SM2 implementation"

18
ssl/ssl_ciph.c
View File

@ -9,6 +9,11 @@
* https://www.openssl.org/source/license.html
*/
/*
* Because of *asn1_*
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include <ctype.h>
#include <openssl/objects.h>
@ -275,11 +280,12 @@ static const SSL_CIPHER cipher_aliases[] = {
};
#ifndef OPENSSL_NO_DEPRECATED_3_6
/*
* Search for public key algorithm with given name and return its pkey_id if
* it is available. Otherwise return 0
*/
#ifdef OPENSSL_NO_ENGINE
# ifdef OPENSSL_NO_ENGINE
static int get_optional_pkey_id(const char *pkey_name)
{
@ -292,7 +298,7 @@ static int get_optional_pkey_id(const char *pkey_name)
return 0;
}
#else
# else
static int get_optional_pkey_id(const char *pkey_name)
{
@ -308,7 +314,13 @@ static int get_optional_pkey_id(const char *pkey_name)
tls_engine_finish(tmpeng);
return pkey_id;
}
# endif
#else
static int get_optional_pkey_id(const char *pkey_name)
{
(void)pkey_name;
return 0;
}
#endif
int ssl_load_ciphers(SSL_CTX *ctx)