QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-27 10:14:36 +00:00
Code Issues Projects Releases Wiki Activity

Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Browse Source 
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
This commit is contained in:
Shane Lontis 2020-10-15 13:41:59 +10:00 committed by Tomas Mraz
parent 98dbf2c1c8
commit 5b5eea4b60
51 changed files with 1411 additions and 955 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CHANGES.md
View File

@ -69,6 +69,49 @@ OpenSSL 3.0
*Dmitry Belyavskiy*
* All of the low level EC_KEY functions have been deprecated including:
EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign,
EC_KEY_METHOD_get_verify,
EC_KEY_new_ex, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags,
EC_KEY_clear_flags, EC_KEY_decoded_from_explicit_params,
EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine,
EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form,
EC_KEY_set_conv_form, EC_KEY_set_ex_data, EC_KEY_get_ex_data,
EC_KEY_set_asn1_flag, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_can_sign,
EC_KEY_set_public_key_affine_coordinates, EC_KEY_key2buf, EC_KEY_oct2key,
EC_KEY_oct2priv, EC_KEY_priv2oct and EC_KEY_priv2buf.
Applications that need to implement an EC_KEY_METHOD need to consider
implementation of the functionality in a special provider.
For replacement of the functions manipulating the EC_KEY objects
see the EVP_PKEY-EC(7) manual page.
Additionally functions that read and write EC_KEY objects such as
o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio,
d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp,
i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio,
i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio and i2d_EC_PUBKEY_fp
have also been deprecated. Applications should instead use the
OSSL_DECODER and OSSL_ENCODER APIs to read and write EC files.
Finally functions that assign or obtain EC_KEY objects from an EVP_PKEY such as
EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get1_EC_KEY and
EVP_PKEY_set1_EC_KEY are also deprecated. Applications should instead either
read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER
APIs. Or load an EVP_PKEY directly from EC data using EVP_PKEY_fromdata().
*Shane Lontis, Paul Dale, Richard Levitte, and Tomas Mraz*
* Deprecated all the libcrypto and libssl error string loading
functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(),
ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(),
@ -594,19 +637,6 @@ OpenSSL 3.0
*Paul Dale*
* Deprecated the EC_KEY_METHOD functions. These include:
EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign and
EC_KEY_METHOD_get_verify.
Instead applications and extension writers should use the OSSL_PROVIDER APIs.
*Paul Dale*
* Deprecated EVP_PKEY_decrypt_old(), please use EVP_PKEY_decrypt_init()
and EVP_PKEY_decrypt() instead.
Deprecated EVP_PKEY_encrypt_old(), please use EVP_PKEY_encrypt_init()

209
apps/ec.c
View File

@ -8,29 +8,17 @@
*/
#include <openssl/opensslconf.h>
#include <openssl/evp.h>
#include <openssl/encoder.h>
#include <openssl/decoder.h>
#include <openssl/core_names.h>
#include <openssl/core_dispatch.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
static OPT_PAIR conv_forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
static OPT_PAIR param_enc[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
#include "ec_common.h"
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@ -74,19 +62,22 @@ const OPTIONS ec_options[] = {
int ec_main(int argc, char **argv)
{
OSSL_ENCODER_CTX *ectx = NULL;
OSSL_DECODER_CTX *dctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *eckey = NULL;
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
const EVP_CIPHER *enc = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
int no_public = 0, check = 0;
int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0;
int check = 0;
char *asn1_encoding = NULL;
char *point_format = NULL;
int no_public = 0;
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
@ -143,16 +134,14 @@ int ec_main(int argc, char **argv)
goto opthelp;
break;
case OPT_CONV_FORM:
if (!opt_pair(opt_arg(), conv_forms, &i))
point_format = opt_arg();
if (!opt_string(point_format, point_format_options))
goto opthelp;
new_form = 1;
form = i;
break;
case OPT_PARAM_ENC:
if (!opt_pair(opt_arg(), param_enc, &i))
asn1_encoding = opt_arg();
if (!opt_string(asn1_encoding, asn1_encoding_options))
goto opthelp;
new_asn1_flag = 1;
asn1_flag = i;
break;
case OPT_NO_PUBLIC:
no_public = 1;
@ -188,30 +177,14 @@ int ec_main(int argc, char **argv)
}
BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1) {
if (pubin)
eckey = d2i_EC_PUBKEY_bio(in, NULL);
else
eckey = d2i_ECPrivateKey_bio(in, NULL);
} else if (informat == FORMAT_ENGINE) {
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
else
pkey = load_key(infile, informat, 1, passin, e, "private key");
if (pkey != NULL) {
eckey = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_free(pkey);
}
} else {
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
else
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
}
if (pubin)
eckey = load_pubkey(infile, informat, 1, passin, e, "public key");
else
eckey = load_key(infile, informat, 1, passin, e, "private key");
if (eckey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
@ -219,74 +192,96 @@ int ec_main(int argc, char **argv)
if (out == NULL)
goto end;
group = EC_KEY_get0_group(eckey);
if (point_format
&& !EVP_PKEY_set_utf8_string_param(
eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
point_format)) {
BIO_printf(bio_err, "unable to set point conversion format\n");
goto end;
}
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (asn1_encoding != NULL
&& !EVP_PKEY_set_utf8_string_param(
eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
BIO_printf(bio_err, "unable to set asn1 encoding format\n");
goto end;
}
if (new_asn1_flag)
EC_KEY_set_asn1_flag(eckey, asn1_flag);
if (no_public)
EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
if (no_public
&& !EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0)) {
BIO_printf(bio_err, "unable to disable public key encoding\n");
goto end;
}
if (text) {
assert(pubin || private);
if (!EC_KEY_print(out, eckey, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
if ((pubin && EVP_PKEY_print_public(out, eckey, 0, NULL) <= 0)
|| (!pubin && EVP_PKEY_print_private(out, eckey, 0, NULL) <= 0)) {
BIO_printf(bio_err, "unable to print EC key\n");
goto end;
}
}
if (check) {
if (EC_KEY_check_key(eckey) == 1) {
BIO_printf(bio_err, "EC Key valid.\n");
} else {
pctx = EVP_PKEY_CTX_new_from_pkey(NULL, eckey, NULL);
if (pctx == NULL) {
BIO_printf(bio_err, "unable to check EC key\n");
goto end;
}
if (!EVP_PKEY_check(pctx))
BIO_printf(bio_err, "EC Key Invalid!\n");
ERR_print_errors(bio_err);
}
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1) {
if (param_out) {
i = i2d_ECPKParameters_bio(out, group);
} else if (pubin || pubout) {
i = i2d_EC_PUBKEY_bio(out, eckey);
} else {
assert(private);
i = i2d_ECPrivateKey_bio(out, eckey);
}
} else {
if (param_out) {
i = PEM_write_bio_ECPKParameters(out, group);
} else if (pubin || pubout) {
i = PEM_write_bio_EC_PUBKEY(out, eckey);
} else {
assert(private);
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout);
}
}
if (!i) {
BIO_printf(bio_err, "unable to write private key\n");
else
BIO_printf(bio_err, "EC Key valid.\n");
ERR_print_errors(bio_err);
} else {
ret = 0;
}
end:
if (!noout) {
int selection;
const char *output_type = outformat == FORMAT_ASN1 ? "DER" : "PEM";
const char *output_structure = "type-specific";
BIO_printf(bio_err, "writing EC key\n");
if (param_out) {
selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
} else if (pubin || pubout) {
selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
| OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
output_structure = "SubjectPublicKeyInfo";
} else {
selection = OSSL_KEYMGMT_SELECT_ALL;
assert(private);
}
ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(eckey, selection,
output_type, output_structure,
NULL);
if (enc != NULL) {
OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
if (passout != NULL)
OSSL_ENCODER_CTX_set_passphrase(ectx,
(const unsigned char *)passout,
strlen(passout));
}
if (!OSSL_ENCODER_to_bio(ectx, out)) {
BIO_printf(bio_err, "unable to write EC key\n");
goto end;
}
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free(in);
BIO_free_all(out);
EC_KEY_free(eckey);
EVP_PKEY_free(eckey);
OSSL_ENCODER_CTX_free(ectx);
OSSL_DECODER_CTX_free(dctx);
EVP_PKEY_CTX_free(pctx);
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
if (passin != NULL)
OPENSSL_clear_free(passin, strlen(passin));
if (passout != NULL)
OPENSSL_clear_free(passout, strlen(passout));
return ret;
}

306
apps/ecparam.c
View File

@ -9,19 +9,16 @@
*/
#include <openssl/opensslconf.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/encoder.h>
#include <openssl/decoder.h>
#include <openssl/core_names.h>
#include <openssl/core_dispatch.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "ec_common.h"
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@ -67,36 +64,51 @@ const OPTIONS ecparam_options[] = {
{NULL}
};
static OPT_PAIR forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
static int list_builtin_curves(BIO *out)
{
int ret = 0;
EC_builtin_curve *curves = NULL;
size_t n, crv_len = EC_get_builtin_curves(NULL, 0);
static OPT_PAIR encodings[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
if (!EC_get_builtin_curves(curves, crv_len))
goto end;
for (n = 0; n < crv_len; n++) {
const char *comment = curves[n].comment;
const char *sname = OBJ_nid2sn(curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
BIO_printf(out, " %-10s: ", sname);
BIO_printf(out, "%s\n", comment);
}
ret = 1;
end:
OPENSSL_free(curves);
return ret;
}
int ecparam_main(int argc, char **argv)
{
EVP_PKEY_CTX *gctx_params = NULL, *gctx_key = NULL, *pctx = NULL;
EVP_PKEY *params_key = NULL, *key = NULL;
OSSL_ENCODER_CTX *ectx_key = NULL, *ectx_params = NULL;
OSSL_DECODER_CTX *dctx_params = NULL;
ENGINE *e = NULL;
BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
BIO *in = NULL, *out = NULL;
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *curve_name = NULL;
char *asn1_encoding = NULL;
char *point_format = NULL;
char *infile = NULL, *outfile = NULL, *prog;
unsigned char *buffer = NULL;
OPTION_CHOICE o;
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0;
int ret = 1, private = 0;
int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
int text = 0, i, genkey = 0, check_named = 0;
int no_seed = 0, check = 0, check_named = 0, text = 0, genkey = 0;
int list_curves = 0;
prog = opt_init(argc, argv, ecparam_options);
while ((o = opt_next()) != OPT_EOF) {
@ -146,15 +158,14 @@ int ecparam_main(int argc, char **argv)
curve_name = opt_arg();
break;
case OPT_CONV_FORM:
if (!opt_pair(opt_arg(), forms, &new_form))
point_format = opt_arg();
if (!opt_string(point_format, point_format_options))
goto opthelp;
form = new_form;
new_form = 1;
break;
case OPT_PARAM_ENC:
if (!opt_pair(opt_arg(), encodings, &asn1_flag))
asn1_encoding = opt_arg();
if (!opt_string(asn1_encoding, asn1_encoding_options))
goto opthelp;
new_asn1_flag = 1;
break;
case OPT_GENKEY:
genkey = 1;
@ -188,111 +199,88 @@ int ecparam_main(int argc, char **argv)
goto end;
if (list_curves) {
EC_builtin_curve *curves = NULL;
size_t crv_len = EC_get_builtin_curves(NULL, 0);
size_t n;
curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
if (!EC_get_builtin_curves(curves, crv_len)) {
OPENSSL_free(curves);
goto end;
}
for (n = 0; n < crv_len; n++) {
const char *comment;
const char *sname;
comment = curves[n].comment;
sname = OBJ_nid2sn(curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
BIO_printf(out, " %-10s: ", sname);
BIO_printf(out, "%s\n", comment);
}
OPENSSL_free(curves);
ret = 0;
if (list_builtin_curves(out))
ret = 0;
goto end;
}
if (curve_name != NULL) {
int nid;
OSSL_PARAM params[4];
OSSL_PARAM *p = params;
/*
* workaround for the SECG curve names secp192r1 and secp256r1 (which
* are the same as the curves prime192v1 and prime256v1 defined in
* X9.62)
*/
if (strcmp(curve_name, "secp192r1") == 0) {
BIO_printf(bio_err, "using curve name prime192v1 "
"instead of secp192r1\n");
nid = NID_X9_62_prime192v1;
BIO_printf(bio_err,
"using curve name prime192v1 instead of secp192r1\n");
curve_name = SN_X9_62_prime192v1;
} else if (strcmp(curve_name, "secp256r1") == 0) {
BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
} else {
nid = OBJ_sn2nid(curve_name);
BIO_printf(bio_err,
"using curve name prime256v1 instead of secp256r1\n");
curve_name = SN_X9_62_prime256v1;
}
if (nid == 0)
nid = EC_curve_nist2nid(curve_name);
if (nid == 0) {
BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
curve_name, 0);
if (asn1_encoding != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
asn1_encoding, 0);
if (point_format != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(
OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
point_format, 0);
*p = OSSL_PARAM_construct_end();
gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL);
if (gctx_params == NULL
|| EVP_PKEY_keygen_init(gctx_params) <= 0
|| EVP_PKEY_CTX_set_params(gctx_params, params) <= 0
|| EVP_PKEY_keygen(gctx_params, &params_key) <= 0) {
BIO_printf(bio_err, "unable to generate key\n");
goto end;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) {
BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
goto end;
}
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
} else if (informat == FORMAT_ASN1) {
group = d2i_ECPKParameters_bio(in, NULL);
} else {
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
params_key = load_keyparams(infile, 1, "EC", "EC parameters");
if (!EVP_PKEY_is_a(params_key, "EC"))
goto end;
if (point_format
&& !EVP_PKEY_set_utf8_string_param(
params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
point_format)) {
BIO_printf(bio_err, "unable to set point conversion format\n");
goto end;
}
if (asn1_encoding != NULL
&& !EVP_PKEY_set_utf8_string_param(
params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
BIO_printf(bio_err, "unable to set asn1 encoding format\n");
goto end;
}
}
if (group == NULL) {
BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
if (no_seed
&& !EVP_PKEY_set_octet_string_param(params_key, OSSL_PKEY_PARAM_EC_SEED,
NULL, 0)) {
BIO_printf(bio_err, "unable to clear seed\n");
goto end;
}
if (new_form)
EC_GROUP_set_point_conversion_form(group, form);
if (new_asn1_flag)
EC_GROUP_set_asn1_flag(group, asn1_flag);
if (no_seed) {
EC_GROUP_set_seed(group, NULL, 0);
if (text
&& !EVP_PKEY_print_params(out, params_key, 0, NULL)) {
BIO_printf(bio_err, "unable to print params\n");
goto end;
}
if (text) {
if (!ECPKParameters_print(out, group, 0))
goto end;
}
if (check_named) {
BIO_printf(bio_err, "validating named elliptic curve parameters: ");
if (EC_GROUP_check_named_curve(group, 0, NULL) <= 0) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err, "ok\n");
}
if (check) {
if (check || check_named) {
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
if (check_named
&& !EVP_PKEY_set_utf8_string_param(params_key,
OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
OSSL_PKEY_EC_GROUP_CHECK_NAMED)) {
BIO_printf(bio_err, "unable to set check_type\n");
goto end;
}
pctx = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL);
if (pctx == NULL || !EVP_PKEY_param_check(pctx)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err, "ok\n");
@ -302,60 +290,54 @@ int ecparam_main(int argc, char **argv)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
else
i = PEM_write_bio_ECPKParameters(out, group);
if (!i) {
BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n");
ERR_print_errors(bio_err);
ectx_params = OSSL_ENCODER_CTX_new_by_EVP_PKEY(
params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
if (!OSSL_ENCODER_to_bio(ectx_params, out)) {
BIO_printf(bio_err, "unable to write elliptic curve parameters\n");
goto end;
}
}
if (genkey) {
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
if (EC_KEY_set_group(eckey, group) == 0) {
BIO_printf(bio_err, "unable to set group when generating key\n");
EC_KEY_free(eckey);
ERR_print_errors(bio_err);
goto end;
}
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) {
/*
* NOTE: EC keygen does not normally need to pass in the param_key
* for named curves. This can be achieved using:
* gctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
* EVP_PKEY_keygen_init(gctx);
* EVP_PKEY_CTX_set_group_name(gctx, curvename);
* EVP_PKEY_keygen(gctx, &key) <= 0)
*/
gctx_key = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL);
if (EVP_PKEY_keygen_init(gctx_key) <= 0
|| EVP_PKEY_keygen(gctx_key, &key) <= 0) {
BIO_printf(bio_err, "unable to generate key\n");
EC_KEY_free(eckey);
ERR_print_errors(bio_err);
goto end;
}
assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
else
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
EC_KEY_free(eckey);
ectx_key = OSSL_ENCODER_CTX_new_by_EVP_PKEY(
key, OSSL_KEYMGMT_SELECT_ALL,
outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
if (!OSSL_ENCODER_to_bio(ectx_key, out)) {
BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n");
goto end;
}
}
ret = 0;
end:
BN_free(ec_p);
BN_free(ec_a);
BN_free(ec_b);
BN_free(ec_gen);
BN_free(ec_order);
BN_free(ec_cofactor);
OPENSSL_free(buffer);
EC_GROUP_free(group);
end:
if (ret != 0)
ERR_print_errors(bio_err);
release_engine(e);
EVP_PKEY_free(params_key);
EVP_PKEY_free(key);
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_CTX_free(gctx_params);
EVP_PKEY_CTX_free(gctx_key);
OSSL_DECODER_CTX_free(dctx_params);
OSSL_ENCODER_CTX_free(ectx_params);
OSSL_ENCODER_CTX_free(ectx_key);
BIO_free(in);
BIO_free_all(out);
return ret;

23
apps/include/ec_common.h Normal file
View File

@ -0,0 +1,23 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OPENSSL_NO_EC
static const char *point_format_options[] = {
"uncompressed",
"compressed",
"hybrid",
NULL
};
static const char *asn1_encoding_options[] = {
"named_curve",
"explicit",
NULL
};
#endif

1
apps/include/opt.h
View File

@ -363,6 +363,7 @@ int opt_umax(const char *arg, uintmax_t *result);
# define uintmax_t unsigned long
#endif
int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
int opt_string(const char *name, const char **options);
int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
int opt_md(const char *name, const EVP_MD **mdp);
char *opt_arg(void);

14
apps/lib/opt.c
View File

@ -391,6 +391,20 @@ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
return 0;
}
/* Look through a list of valid names */
int opt_string(const char *name, const char **options)
{
const char **p;
for (p = options; *p != NULL; p++)
if (strcmp(*p, name) == 0)
return 1;
opt_printf_stderr("%s: Value must be one of:\n", prog);
for (p = options; *p != NULL; p++)
opt_printf_stderr("\t%s\n", *p);
return 0;
}
/* Parse an int, put it into *result; return 0 on failure, else 1. */
int opt_int(const char *value, int *result)
{

16
apps/lib/s_cb.c
View File

@ -397,15 +397,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
int nid;
const char *cname;
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
EC_KEY_free(ec);
cname = EC_curve_nid2nist(nid);
if (cname == NULL)
cname = OBJ_nid2sn(nid);
BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
char name[80];
size_t name_len;
if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,
name, sizeof(name), &name_len))
strcpy(name, "?");
BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_bits(key));
}
break;
#endif

63
apps/pkey.c
View File

@ -11,26 +11,11 @@
#include <string.h>
#include "apps.h"
#include "progs.h"
#include "ec_common.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#ifndef OPENSSL_NO_EC
# include <openssl/ec.h>
static OPT_PAIR ec_conv_forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
static OPT_PAIR ec_param_enc[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
#endif
#include <openssl/core_names.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@ -94,10 +79,8 @@ int pkey_main(int argc, char **argv)
int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
int private = 0, traditional = 0, check = 0, pub_check = 0;
#ifndef OPENSSL_NO_EC
EC_KEY *eckey;
int ec_asn1_flag = OPENSSL_EC_NAMED_CURVE, new_ec_asn1_flag = 0;
int i, new_ec_form = 0;
point_conversion_form_t ec_form = POINT_CONVERSION_UNCOMPRESSED;
char *asn1_encoding = NULL;
char *point_format = NULL;
#endif
prog = opt_init(argc, argv, pkey_options);
@ -167,20 +150,18 @@ int pkey_main(int argc, char **argv)
#ifdef OPENSSL_NO_EC
goto opthelp;
#else
if (!opt_pair(opt_arg(), ec_conv_forms, &i))
point_format = opt_arg();
if (!opt_string(point_format, point_format_options))
goto opthelp;
new_ec_form = 1;
ec_form = i;
break;
#endif
case OPT_EC_PARAM_ENC:
#ifdef OPENSSL_NO_EC
goto opthelp;
#else
if (!opt_pair(opt_arg(), ec_param_enc, &i))
asn1_encoding = opt_arg();
if (!opt_string(asn1_encoding, asn1_encoding_options))
goto opthelp;
new_ec_asn1_flag = 1;
ec_asn1_flag = i;
break;
#endif
case OPT_PROV_CASES:
@ -234,20 +215,22 @@ int pkey_main(int argc, char **argv)
goto end;
#ifndef OPENSSL_NO_EC
/*
* TODO: remove this and use a set params call with a 'pkeyopt' command
* line option instead.
*/
if (new_ec_form || new_ec_asn1_flag) {
if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (new_ec_form)
EC_KEY_set_conv_form(eckey, ec_form);
if (asn1_encoding != NULL || point_format != NULL) {
OSSL_PARAM params[3], *p = params;
if (new_ec_asn1_flag)
EC_KEY_set_asn1_flag(eckey, ec_asn1_flag);
if (!EVP_PKEY_is_a(pkey, "EC"))
goto end;
if (asn1_encoding != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
asn1_encoding, 0);
if (point_format != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(
OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
point_format, 0);
*p = OSSL_PARAM_construct_end();
if (EVP_PKEY_set_params(pkey, params) <= 0)
goto end;
}
#endif

4
apps/speed.c
View File

@ -583,7 +583,9 @@ typedef struct loopargs_st {
DSA *dsa_key[DSA_NUM];
#endif
#ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_DEPRECATED_3_0
EC_KEY *ecdsa[ECDSA_NUM];
# endif
EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
@ -4082,8 +4084,10 @@ int speed_main(int argc, char **argv)
DSA_free(loopargs[i].dsa_key[k]);
#endif
#ifndef OPENSSL_NO_EC
# if !defined(OPENSSL_NO_DEPRECATED_3_0)
for (k = 0; k < ECDSA_NUM; k++)
EC_KEY_free(loopargs[i].ecdsa[k]);
# endif
for (k = 0; k < EC_NUM; k++)
EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
for (k = 0; k < EdDSA_NUM; k++) {

2
crypto/asn1/asn1_item_list.h
View File

@ -63,8 +63,10 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(DIST_POINT_NAME),
ASN1_ITEM_ref(DIST_POINT),
#ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_DEPRECATED_3_0
ASN1_ITEM_ref(ECPARAMETERS),
ASN1_ITEM_ref(ECPKPARAMETERS),
# endif
#endif
ASN1_ITEM_ref(EDIPARTYNAME),
ASN1_ITEM_ref(EXTENDED_KEY_USAGE),

219
crypto/ec/ec_backend.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* Low level APIs related to EC_KEY are deprecated for public use,
* but still ok for internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_names.h>
#include <openssl/objects.h>
#include <openssl/params.h>
@ -23,6 +29,18 @@ static const OSSL_ITEM encoding_nameid_map[] = {
{ OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP },
};
static const OSSL_ITEM check_group_type_nameid_map[] = {
{ 0, OSSL_PKEY_EC_GROUP_CHECK_DEFAULT },
{ EC_FLAG_CHECK_NAMED_GROUP, OSSL_PKEY_EC_GROUP_CHECK_NAMED },
{ EC_FLAG_CHECK_NAMED_GROUP_NIST, OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST },
};
static const OSSL_ITEM format_nameid_map[] = {
{ (int)POINT_CONVERSION_UNCOMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED },
{ (int)POINT_CONVERSION_COMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED },
{ (int)POINT_CONVERSION_HYBRID, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID },
};
int ec_encoding_name2id(const char *name)
{
size_t i, sz;
@ -49,13 +67,95 @@ static char *ec_param_encoding_id2name(int id)
return NULL;
}
char *ec_check_group_type_id2name(int id)
{
size_t i, sz;
for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) {
if (id == (int)check_group_type_nameid_map[i].id)
return check_group_type_nameid_map[i].ptr;
}
return NULL;
}
static int ec_check_group_type_name2id(const char *name)
{
size_t i, sz;
/* Return the default value if there is no name */
if (name == NULL)
return 0;
for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) {
if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0)
return check_group_type_nameid_map[i].id;
}
return -1;
}
int ec_set_check_group_type_from_name(EC_KEY *ec, const char *name)
{
int flags = ec_check_group_type_name2id(name);
if (flags == -1)
return 0;
EC_KEY_clear_flags(ec, EC_FLAG_CHECK_NAMED_GROUP_MASK);
EC_KEY_set_flags(ec, flags);
return 1;
}
static int ec_set_check_group_type_from_param(EC_KEY *ec, const OSSL_PARAM *p)
{
const char *name = NULL;
int status = 0;
switch (p->data_type) {
case OSSL_PARAM_UTF8_STRING:
name = p->data;
status = (name != NULL);
break;
case OSSL_PARAM_UTF8_PTR:
status = OSSL_PARAM_get_utf8_ptr(p, &name);
break;
}
if (status)
return ec_set_check_group_type_from_name(ec, name);
return 0;
}
int ec_pt_format_name2id(const char *name)
{
size_t i, sz;
/* Return the default value if there is no name */
if (name == NULL)
return (int)POINT_CONVERSION_UNCOMPRESSED;
for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) {
if (strcasecmp(name, format_nameid_map[i].ptr) == 0)
return format_nameid_map[i].id;
}
return -1;
}
char *ec_pt_format_id2name(int id)
{
size_t i, sz;
for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) {
if (id == (int)format_nameid_map[i].id)
return format_nameid_map[i].ptr;
}
return NULL;
}
int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
OSSL_PARAM params[], OSSL_LIB_CTX *libctx,
const char *propq,
BN_CTX *bnctx, unsigned char **genbuf)
{
int ret = 0, curve_nid, encoding_flag;
const char *field_type, *encoding_name;
const char *field_type, *encoding_name, *pt_form_name;
const BIGNUM *cofactor, *order;
BIGNUM *p = NULL, *a = NULL, *b = NULL;
point_conversion_form_t genform;
@ -68,6 +168,15 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
return 0;
}
genform = EC_GROUP_get_point_conversion_form(group);
pt_form_name = ec_pt_format_id2name(genform);
if (pt_form_name == NULL
|| !ossl_param_build_set_utf8_string(
tmpl, params,
OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) {
ECerr(0, EC_R_INVALID_FORM);
return 0;
}
encoding_flag = EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE;
encoding_name = ec_param_encoding_id2name(encoding_flag);
if (encoding_name == NULL
@ -115,7 +224,6 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
goto err;
}
genform = EC_GROUP_get_point_conversion_form(group);
genbuf_len = EC_POINT_point2buf(group, genpt, genform, genbuf, bnctx);
if (genbuf_len == 0) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
@ -336,17 +444,50 @@ int ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
if (!EC_KEY_set_group(ec, group))
goto err;
/*
* TODO(3.0): if the group has changed, should we invalidate the private and
* public key?
*/
ok = 1;
err:
EC_GROUP_free(group);
return ok;
}
static int ec_key_point_format_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
{
const OSSL_PARAM *p;
int format = -1;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT);
if (p != NULL) {
if (!ec_pt_format_param2id(p, &format)) {
ECerr(0, EC_R_INVALID_FORM);
return 0;
}
EC_KEY_set_conv_form(ec, format);
}
return 1;
}
static int ec_key_group_check_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
{
const OSSL_PARAM *p;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE);
if (p != NULL)
return ec_set_check_group_type_from_param(ec, p);
return 1;
}
static int ec_set_include_public(EC_KEY *ec, int include)
{
int flags = EC_KEY_get_enc_flags(ec);
if (!include)
flags |= EC_PKEY_NO_PUBKEY;
else
flags &= ~EC_PKEY_NO_PUBKEY;
EC_KEY_set_enc_flags(ec, flags);
return 1;
}
int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
{
const OSSL_PARAM *p;
@ -363,5 +504,69 @@ int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC);
if (p != NULL) {
int include = 1;
if (!OSSL_PARAM_get_int(p, &include)
|| !ec_set_include_public(ec, include))
return 0;
}
if (!ec_key_point_format_fromdata(ec, params))
return 0;
if (!ec_key_group_check_fromdata(ec, params))
return 0;
return 1;
}
int ec_encoding_param2id(const OSSL_PARAM *p, int *id)
{
const char *name = NULL;
int status = 0;
switch (p->data_type) {
case OSSL_PARAM_UTF8_STRING:
/* The OSSL_PARAM functions have no support for this */
name = p->data;
status = (name != NULL);
break;
case OSSL_PARAM_UTF8_PTR:
status = OSSL_PARAM_get_utf8_ptr(p, &name);
break;
}
if (status) {
int i = ec_encoding_name2id(name);
if (i >= 0) {
*id = i;
return 1;
}
}
return 0;
}
int ec_pt_format_param2id(const OSSL_PARAM *p, int *id)
{
const char *name = NULL;
int status = 0;
switch (p->data_type) {
case OSSL_PARAM_UTF8_STRING:
/* The OSSL_PARAM functions have no support for this */
name = p->data;
status = (name != NULL);
break;
case OSSL_PARAM_UTF8_PTR:
status = OSSL_PARAM_get_utf8_ptr(p, &name);
break;
}
if (status) {
int i = ec_pt_format_name2id(name);
if (i >= 0) {
*id = i;
return 1;
}
}
return 0;
}

2
crypto/ec/ec_key.c
View File

@ -9,7 +9,7 @@
*/
/*
* ECDSA low level APIs are deprecated for public use, but still ok for
* EC_KEY low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"

86
crypto/ec/ec_lib.c
View File

@ -9,7 +9,7 @@
*/
/*
* ECDSA low level APIs are deprecated for public use, but still ok for
* EC_GROUP low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
@ -1461,32 +1461,6 @@ err:
return NULL;
}
static int ec_encoding_param2id(const OSSL_PARAM *p, int *id)
{
const char *name = NULL;
int status = 0;
switch (p->data_type) {
case OSSL_PARAM_UTF8_STRING:
/* The OSSL_PARAM functions have no support for this */
name = p->data;
status = (name != NULL);
break;
case OSSL_PARAM_UTF8_PTR:
status = OSSL_PARAM_get_utf8_ptr(p, &name);
break;
}
if (status) {
int i = ec_encoding_name2id(name);
if (i >= 0) {
*id = i;
return 1;
}
}
return 0;
}
static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
OSSL_LIB_CTX *libctx, const char *propq)
{
@ -1516,6 +1490,42 @@ static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
return NULL;
}
/* These parameters can be set directly into an EC_GROUP */
int ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
{
int encoding_flag = -1, format = -1;
const OSSL_PARAM *p;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT);
if (p != NULL) {
if (!ec_pt_format_param2id(p, &format)) {
ECerr(0, EC_R_INVALID_FORM);
return 0;
}
EC_GROUP_set_point_conversion_form(group, format);
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
if (p != NULL) {
if (!ec_encoding_param2id(p, &encoding_flag)) {
ECerr(0, EC_R_INVALID_FORM);
return 0;
}
EC_GROUP_set_asn1_flag(group, encoding_flag);
}
/* Optional seed */
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED);
if (p != NULL) {
/* The seed is allowed to be NULL */
if (p->data_type != OSSL_PARAM_OCTET_STRING
|| !EC_GROUP_set_seed(group, p->data, p->data_size)) {
ECerr(0, EC_R_INVALID_SEED);
return 0;
}
}
return 1;
}
EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
OSSL_LIB_CTX *libctx, const char *propq)
{
@ -1530,19 +1540,19 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
const unsigned char *buf = NULL;
int encoding_flag = -1;
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
if (ptmp != NULL && !ec_encoding_param2id(ptmp, &encoding_flag)) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
return 0;
}
/* This is the simple named group case */
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
if (ptmp != NULL) {
group = group_new_from_name(ptmp, libctx, propq);
if (group != NULL)
EC_GROUP_set_asn1_flag(group, encoding_flag);
if (group != NULL) {
if (!ec_group_set_params(group, params)) {
EC_GROUP_free(group);
group = NULL;
}
}
return group;
}
/* If it gets here then we are trying explicit parameters */
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
@ -1690,6 +1700,12 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
* If we did not find a named group then the encoding should be explicit
* if it was specified
*/
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
if (ptmp != NULL
&& !ec_encoding_param2id(ptmp, &encoding_flag)) {
ECerr(0, EC_R_INVALID_ENCODING);
return 0;
}
if (encoding_flag == OPENSSL_EC_NAMED_CURVE) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
goto err;

8
crypto/ec/eck_prn.c
View File

@ -8,13 +8,16 @@
* https://www.openssl.org/source/license.html
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/ec.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_STDIO
#ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_STDIO
int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
{
BIO *b;
@ -59,7 +62,7 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
BIO_free(b);
return ret;
}
#endif
#endif /* OPENSSL_NO_STDIO */
static int print_bin(BIO *fp, const char *str, const unsigned char *num,
size_t len, int off);
@ -256,3 +259,4 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
return 1;
}
#endif /* OPENSSL_NO_DEPRECATED_3_0 */

4
crypto/evp/ec_ctrl.c
View File

@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#include "internal/deprecated.h"
#include <string.h>
#include <openssl/core_names.h>
@ -466,7 +468,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
(char *)enc, 0);
*p++ = OSSL_PARAM_construct_end();
*p = OSSL_PARAM_construct_end();
ret = evp_pkey_ctx_set_params_strict(ctx, params);
end:

36
crypto/evp/p_legacy.c
View File

@ -17,6 +17,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/ec.h>
#include "crypto/types.h"
#include "crypto/evp.h"
#include "evp_local.h"
@ -24,6 +25,7 @@
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
{
int ret = EVP_PKEY_assign_RSA(pkey, key);
if (ret)
RSA_up_ref(key);
return ret;
@ -45,7 +47,41 @@ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
{
RSA *ret = EVP_PKEY_get0_RSA(pkey);
if (ret != NULL)
RSA_up_ref(ret);
return ret;
}
#ifndef OPENSSL_NO_EC
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
{
int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
if (ret)
EC_KEY_up_ref(key);
return ret;
}
EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
{
if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
return NULL;
}
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
return NULL;
}
return pkey->pkey.ec;
}
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
{
EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
if (ret != NULL)
EC_KEY_up_ref(ret);
return ret;
}
#endif /* OPENSSL_NO_EC */

33
crypto/evp/p_lib.c
View File

@ -43,7 +43,6 @@
#include "crypto/ec.h"
/* TODO remove this when the EVP_PKEY_is_a() #legacy support hack is removed */
#include "e_os.h" /* strcasecmp on Windows */
static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
@ -115,8 +114,7 @@ void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx)
int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
/*
* TODO: clean up legacy stuff from this function when legacy support
* is gone.
* Clean up legacy stuff from this function when legacy support is gone.
*/
/*
@ -814,35 +812,6 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_EC
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
{
int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
if (ret)
EC_KEY_up_ref(key);
return ret;
}
EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
{
if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
return NULL;
}
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY);
return NULL;
}
return pkey->pkey.ec;
}
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
{
EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
if (ret != NULL)
EC_KEY_up_ref(ret);
return ret;
}
static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
{
if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {

13
crypto/pem/pem_all.c
View File

@ -128,7 +128,9 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
#endif
#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_EC
static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
{
EC_KEY *dtmp;
@ -160,7 +162,7 @@ IMPLEMENT_PEM_rw(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
ECPrivateKey)
IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
# ifndef OPENSSL_NO_STDIO
# ifndef OPENSSL_NO_STDIO
EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
void *u)
{
@ -168,10 +170,9 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
}
# endif
#endif
# endif
# endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
#ifndef OPENSSL_NO_DH

2
crypto/sm2/sm2_key.c
View File

@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#include "internal/deprecated.h" /* to be able to use EC_KEY and EC_GROUP */
#include <openssl/err.h>
#include "crypto/sm2err.h"
#include "crypto/sm2.h"

2
crypto/sm2/sm2_sign.c
View File

@ -9,6 +9,8 @@
* https://www.openssl.org/source/license.html
*/
#include "internal/deprecated.h"
#include "crypto/sm2.h"
#include "crypto/sm2err.h"
#include "crypto/ec.h" /* ec_group_do_inverse_ord() */

16
crypto/x509/x509_cmp.c
View File

@ -400,13 +400,19 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
{
const EC_GROUP *grp = NULL;
char curve_name[80];
size_t curve_name_len;
int curve_nid;
if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC)
grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
if (!grp)
if (pkey == NULL || !EVP_PKEY_is_a(pkey, "EC"))
return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
curve_nid = EC_GROUP_get_curve_name(grp);
if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
curve_name, sizeof(curve_name),
&curve_name_len))
return X509_V_ERR_SUITE_B_INVALID_CURVE;
curve_nid = OBJ_txt2nid(curve_name);
/* Check curve is consistent with LOS */
if (curve_nid == NID_secp384r1) { /* P-384 */
/*

2
crypto/x509/x509_vfy.c
View File

@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <time.h>
#include <errno.h>

18
doc/man3/d2i_RSAPrivateKey.pod
View File

@ -28,6 +28,14 @@ d2i_RSA_PUBKEY_fp,
d2i_DHparams,
d2i_DHparams_bio,
d2i_DHparams_fp,
d2i_ECPKParameters,
d2i_ECParameters,
d2i_ECPrivateKey,
d2i_ECPrivateKey_bio,
d2i_ECPrivateKey_fp,
d2i_EC_PUBKEY,
d2i_EC_PUBKEY_bio,
d2i_EC_PUBKEY_fp,
i2d_RSAPrivateKey,
i2d_RSAPrivateKey_bio,
i2d_RSAPrivateKey_fp,
@ -39,7 +47,15 @@ i2d_RSA_PUBKEY_bio,
i2d_RSA_PUBKEY_fp,
i2d_DHparams,
i2d_DHparams_bio,
i2d_DHparams_fp
i2d_DHparams_fp,
i2d_ECPKParameters,
i2d_ECParameters,
i2d_ECPrivateKey,
i2d_ECPrivateKey_bio,
i2d_ECPrivateKey_fp,
i2d_EC_PUBKEY,
i2d_EC_PUBKEY_bio,
i2d_EC_PUBKEY_fp
- DEPRECATED
=head1 SYNOPSIS

16
doc/man3/d2i_X509.pod
View File

@ -53,14 +53,6 @@ d2i_DIST_POINT,
d2i_DIST_POINT_NAME,
d2i_DSA_SIG,
d2i_ECDSA_SIG,
d2i_ECPKParameters,
d2i_ECParameters,
d2i_ECPrivateKey,
d2i_ECPrivateKey_bio,
d2i_ECPrivateKey_fp,
d2i_EC_PUBKEY,
d2i_EC_PUBKEY_bio,
d2i_EC_PUBKEY_fp,
d2i_EDIPARTYNAME,
d2i_ESS_CERT_ID,
d2i_ESS_CERT_ID_V2,
@ -237,14 +229,6 @@ i2d_DSA_PUBKEY_fp,
i2d_DSA_SIG,
i2d_DSAparams,
i2d_ECDSA_SIG,
i2d_ECPKParameters,
i2d_ECParameters,
i2d_ECPrivateKey,
i2d_ECPrivateKey_bio,
i2d_ECPrivateKey_fp,
i2d_EC_PUBKEY,
i2d_EC_PUBKEY_bio,
i2d_EC_PUBKEY_fp,
i2d_EDIPARTYNAME,
i2d_ESS_CERT_ID,
i2d_ESS_CERT_ID_V2,

20
doc/man7/EVP_PKEY-EC.pod
View File

@ -79,6 +79,26 @@ EC curve's cofactor (note for some curves the cofactor is 1).
Set the format used for serializing the EC group parameters.
Valid values are "explicit" or "named_curve". The default value is "named_curve".
=item "point-format" (B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>) <utf8 string>
Sets or gets the point_conversion_form for the I<key>. For a description of
point_conversion_forms please see L<EC_POINT_new(3)>. Valid values are
"uncompressed" or "compressed". The default value is "uncompressed".
=item "group-check" (B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>) <utf8 string>
Sets or Gets the type of group check done when EVP_PKEY_param_check() is called.
Valid values are "default", "named" and "named-nist".
The "named" type checks that the domain parameters match the inbuilt curve parameters,
"named-nist" is similiar but also checks that the named curve is a nist curve.
The "default" type does domain parameter validation for the OpenSSL default provider,
but is equivalent to "named-nist" for the OpenSSL fips provider.
=item "include-public" (B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>) <integer>
Setting this value to 0 indicates that the public key should not be included when
encoding the private key. The default value of 1 will include the public key.
See also L<EVP_KEYEXCH-ECDH(7)> for the related
B<OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE> parameter that can be set on a
per-operation basis.

4
fuzz/asn1.c
View File

@ -96,7 +96,7 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(DISPLAYTEXT),
ASN1_ITEM_ref(DIST_POINT),
ASN1_ITEM_ref(DIST_POINT_NAME),
#ifndef OPENSSL_NO_EC
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
ASN1_ITEM_ref(ECPARAMETERS),
ASN1_ITEM_ref(ECPKPARAMETERS),
#endif
@ -347,10 +347,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey);
#endif
#ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_DEPRECATED_3_0
DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print);
# ifndef OPENSSL_NO_DEPRECATED_3_0
DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG);
# endif
#endif

16
fuzz/server.c
View File

@ -12,7 +12,7 @@
/* Test first part of SSL server handshake. */
/* We need to use the deprecated RSA low level calls */
/* We need to use the deprecated RSA/EC low level calls */
#define OPENSSL_SUPPRESS_DEPRECATED
#include <time.h>
@ -200,8 +200,8 @@ static const uint8_t kRSAPrivateKeyDER[] = {
};
#endif
#ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* -----BEGIN EC PRIVATE KEY-----
* MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49
@ -230,6 +230,7 @@ static const char ECDSAPrivateKeyPEM[] = {
0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54,
0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
};
# endif
/*
* -----BEGIN CERTIFICATE-----
@ -522,14 +523,14 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
RSA *privkey;
#endif
const uint8_t *bufp;
#if !defined(OPENSSL_NO_DEPRECATED_3_0) \
|| !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_EC)
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
EVP_PKEY *pkey;
#endif
X509 *cert;
#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_EC
EC_KEY *ecdsakey = NULL;
# endif
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
DSA *dsakey = NULL;
@ -571,6 +572,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
X509_free(cert);
#ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_DEPRECATED_3_0
/* ECDSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM));
@ -583,7 +585,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
# endif
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM));
cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);

9
include/crypto/ec.h
View File

@ -23,6 +23,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc);
# ifndef OPENSSL_NO_EC
# include <openssl/core.h>
# include <openssl/ec.h>
# include "crypto/types.h"
/*-
* Computes the multiplicative inverse of x in the range
@ -69,10 +70,18 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
const char *propq,
BN_CTX *bnctx, unsigned char **genbuf);
int ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
int ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]);
int ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], int include_private);
int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode);
int ec_encoding_name2id(const char *name);
int ec_encoding_param2id(const OSSL_PARAM *p, int *id);
int ec_pt_format_name2id(const char *name);
int ec_pt_format_param2id(const OSSL_PARAM *p, int *id);
char *ec_pt_format_id2name(int id);
char *ec_check_group_type_id2name(int flags);
int ec_set_check_group_type_from_name(EC_KEY *ec, const char *name);
# endif /* OPENSSL_NO_EC */
#endif

1
include/crypto/sm2.h
View File

@ -16,6 +16,7 @@
# ifndef OPENSSL_NO_SM2
# include <openssl/ec.h>
# include "crypto/types.h"
int sm2_key_private_check(const EC_KEY *eckey);

3
include/crypto/types.h
View File

@ -12,5 +12,6 @@
#ifdef OPENSSL_NO_DEPRECATED_3_0
typedef struct rsa_st RSA;
typedef struct rsa_meth_st RSA_METHOD;
typedef struct ec_key_st EC_KEY;
typedef struct ec_key_method_st EC_KEY_METHOD;
#endif

13
include/openssl/core_names.h
View File

@ -400,12 +400,23 @@ extern "C" {
#define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */
#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */
#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
/* OSSL_PKEY_PARAM_EC_ENCODING values */
#define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit"
#define OSSL_PKEY_EC_ENCODING_GROUP "named_curve"
#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed"
#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid"
#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default"
#define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named"
#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist"
/* Key Exchange parameters */
#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */
#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */

599
include/openssl/ec.h
View File

File diff suppressed because it is too large Load Diff

15
include/openssl/evp.h
View File

@ -494,9 +494,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh))
# endif
# ifndef OPENSSL_NO_EC
# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
(eckey))
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_EC
# define EVP_PKEY_assign_EC_KEY(pkey,eckey) \
EVP_PKEY_assign((pkey), EVP_PKEY_EC, (eckey))
# endif
# endif
# ifndef OPENSSL_NO_SIPHASH
# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\
@ -1261,11 +1263,16 @@ OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
# endif
# endif
# ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_EC
struct ec_key_st;
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
OSSL_DEPRECATEDIN_3_0
struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
# endif
# endif
EVP_PKEY *EVP_PKEY_new(void);

12
include/openssl/pem.h
View File

@ -455,11 +455,15 @@ DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSA_PUBKEY, DSA)
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSAparams, DSA)
# endif
# endif
# ifndef OPENSSL_NO_EC
DECLARE_PEM_rw(ECPKParameters, EC_GROUP)
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_EC
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, ECPKParameters, EC_GROUP)
DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, ECPrivateKey, EC_KEY)
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY)
# endif
# endif
# ifndef OPENSSL_NO_DH
# ifndef OPENSSL_NO_DEPRECATED_3_0
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)

6
include/openssl/ssl.h.in
View File

@ -1227,13 +1227,13 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_ERROR_WANT_ASYNC 9
# define SSL_ERROR_WANT_ASYNC_JOB 10
# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define SSL_CTRL_SET_TMP_DH 3
# endif
# define SSL_CTRL_SET_TMP_ECDH 4
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define SSL_CTRL_SET_TMP_ECDH 4
# define SSL_CTRL_SET_TMP_DH_CB 6
# endif
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11

2
include/openssl/types.h
View File

@ -144,8 +144,10 @@ typedef struct rsa_meth_st RSA_METHOD;
# endif
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
# ifndef OPENSSL_NO_DEPRECATED_3_0
typedef struct ec_key_st EC_KEY;
typedef struct ec_key_method_st EC_KEY_METHOD;
# endif
typedef struct rand_meth_st RAND_METHOD;
typedef struct rand_drbg_st RAND_DRBG;

36
include/openssl/x509.h.in
View File

@ -430,12 +430,14 @@ OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa);
# endif
# endif
# ifndef OPENSSL_NO_EC
EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey);
EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey);
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_EC
OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey);
OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey);
# endif /* OPENSSL_NO_EC */
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8);
X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk);
@ -474,12 +476,16 @@ OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa);
# endif
# endif
# ifndef OPENSSL_NO_EC
EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey);
EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey);
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_EC
OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey);
OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey);
# endif /* OPENSSL_NO_EC */
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8);
X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk);
@ -555,8 +561,10 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY)
# endif
# endif
# ifndef OPENSSL_NO_EC
DECLARE_ASN1_ENCODE_FUNCTIONS_only(EC_KEY, EC_PUBKEY)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_EC
DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY)
# endif
# endif
DECLARE_ASN1_FUNCTIONS(X509_SIG)

1
providers/common/der/der_ec.h.in
View File

@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include "crypto/ec.h"
#include "internal/der.h"
/* Well known OIDs precompiled */

1
providers/common/der/der_sm2.h.in
View File

@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include "crypto/ec.h"
#include "internal/der.h"
/* Well known OIDs precompiled */

2
providers/implementations/asymciphers/sm2_enc.c
View File

@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#include "internal/deprecated.h"
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/core_dispatch.h>

89
providers/implementations/keymgmt/ec_kmgmt.c
View File

@ -229,11 +229,33 @@ static ossl_inline
int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
OSSL_PARAM params[])
{
int ecdh_cofactor_mode = 0;
int ecdh_cofactor_mode = 0, group_check = 0;
const char *name = NULL;
point_conversion_form_t format;
if (ec == NULL)
return 0;
format = EC_KEY_get_conv_form(ec);
name = ec_pt_format_id2name((int)format);
if (name != NULL
&& !ossl_param_build_set_utf8_string(tmpl, params,
OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
name))
return 0;
group_check = EC_KEY_get_flags(ec) & EC_FLAG_CHECK_NAMED_GROUP_MASK;
name = ec_check_group_type_id2name(group_check);
if (name != NULL
&& !ossl_param_build_set_utf8_string(tmpl, params,
OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
name))
return 0;
if ((EC_KEY_get_enc_flags(ec) & EC_PKEY_NO_PUBKEY) != 0)
ossl_param_build_set_int(tmpl, params,
OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0);
ecdh_cofactor_mode =
(EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
return ossl_param_build_set_int(tmpl, params,
@ -462,6 +484,7 @@ end:
# define EC_IMEXPORTABLE_DOM_PARAMETERS \
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), \
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), \
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),\
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0), \
@ -476,7 +499,8 @@ end:
# define EC_IMEXPORTABLE_PRIVATE_KEY \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
# define EC_IMEXPORTABLE_OTHER_PARAMETERS \
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL)
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \
OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL)
/*
* Include all the possible combinations of OSSL_PARAM arrays for
@ -484,11 +508,6 @@ end:
*
* They are in a separate file as it is ~100 lines of unreadable and
* uninteresting machine generated stuff.
*
* TODO(3.0): the generated list looks quite ugly, as to cover all possible
* combinations of the bits in `selection`, it also includes combinations that
* are not really useful: we might want to consider alternatives to this
* solution.
*/
#include "ec_kmgmt_imexport.inc"
@ -727,6 +746,11 @@ const OSSL_PARAM *ec_gettable_params(void *provctx)
static const OSSL_PARAM ec_known_settable_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0),
OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, NULL, 0),
OSSL_PARAM_END
};
@ -742,6 +766,12 @@ int ec_set_params(void *key, const OSSL_PARAM params[])
EC_KEY *eck = key;
const OSSL_PARAM *p;
if (key == NULL)
return 0;
if (!ec_group_set_params((EC_GROUP *)EC_KEY_get0_group(key), params))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
if (p != NULL) {
BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
@ -850,8 +880,15 @@ int ec_validate(const void *keydata, int selection)
if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
ok = 1;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
int flags = EC_KEY_get_flags(eck);
if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0)
ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
(flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
else
ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
}
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && ec_key_public_check(eck, ctx);
@ -870,6 +907,8 @@ struct ec_gen_ctx {
OSSL_LIB_CTX *libctx;
char *group_name;
char *encoding;
char *pt_format;
char *group_check;
char *field_type;
BIGNUM *p, *a, *b, *order, *cofactor;
unsigned char *gen, *seed;
@ -972,6 +1011,8 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[])
COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_GROUP_NAME, gctx->group_name);
COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE, gctx->field_type);
COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_ENCODING, gctx->encoding);
COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, gctx->pt_format);
COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, gctx->group_check);
COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_P, gctx->p);
COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_A, gctx->a);
@ -1005,6 +1046,12 @@ static int ec_gen_set_group_from_params(struct ec_gen_ctx *gctx)
gctx->encoding, 0))
goto err;
if (gctx->pt_format != NULL
&& !OSSL_PARAM_BLD_push_utf8_string(bld,
OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
gctx->pt_format, 0))
goto err;
if (gctx->group_name != NULL) {
if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
gctx->group_name, 0))
@ -1066,6 +1113,7 @@ static const OSSL_PARAM *ec_gen_settable_params(void *provctx)
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0),
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0),
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0),
@ -1107,12 +1155,20 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (!ec_gen_set_group_from_params(gctx))
goto err;
} else {
if (gctx->encoding) {
if (gctx->encoding != NULL) {
int flags = ec_encoding_name2id(gctx->encoding);
if (flags < 0)
goto err;
EC_GROUP_set_asn1_flag(gctx->gen_group, flags);
}
if (gctx->pt_format != NULL) {
int format = ec_pt_format_name2id(gctx->pt_format);
if (format < 0)
goto err;
EC_GROUP_set_point_conversion_form(gctx->gen_group, format);
}
}
/* We must always assign a group, no matter what */
@ -1125,6 +1181,8 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (gctx->ecdh_mode != -1)
ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
if (gctx->group_check != NULL)
ret = ret && ec_set_check_group_type_from_name(ec, gctx->group_check);
if (ret)
return ec;
err:
@ -1154,10 +1212,18 @@ static void *sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
} else {
if (gctx->encoding) {
int flags = ec_encoding_name2id(gctx->encoding);
if (flags < 0)
goto err;
EC_GROUP_set_asn1_flag(gctx->gen_group, flags);
}
if (gctx->pt_format != NULL) {
int format = ec_pt_format_name2id(gctx->pt_format);
if (format < 0)
goto err;
EC_GROUP_set_point_conversion_form(gctx->gen_group, format);
}
}
/* We must always assign a group, no matter what */
@ -1197,7 +1263,8 @@ static void ec_gen_cleanup(void *genctx)
BN_free(gctx->order);
BN_free(gctx->cofactor);
OPENSSL_free(gctx->group_name);
OPENSSL_free(gctx->field_type);;
OPENSSL_free(gctx->field_type);
OPENSSL_free(gctx->pt_format);
OPENSSL_free(gctx->encoding);
OPENSSL_free(gctx->seed);
OPENSSL_free(gctx->gen);

67
ssl/s3_lib.c
View File

@ -18,6 +18,7 @@
#include <openssl/rand.h>
#include <openssl/trace.h>
#include <openssl/x509v3.h>
#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
@ -3429,6 +3430,29 @@ static char *srp_password_from_info_cb(SSL *s, void *arg)
}
#endif
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
EVP_PKEY *pkey)
{
char name[80];
int nid, ret = 0;
size_t name_len;
if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
name, sizeof(name), &name_len)) {
SSLerr(0, EC_R_MISSING_PARAMETERS);
return 0;
}
nid = OBJ_txt2nid(name);
if (nid == NID_undef)
goto end;
ret = tls1_set_groups(pext, pextlen, &nid, 1);
end:
EVP_PKEY_free(pkey);
return ret;
}
#endif
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@ -3472,33 +3496,28 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return ret;
}
# endif
#endif
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
return 1;
#ifndef OPENSSL_NO_EC
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
const EC_GROUP *group = NULL;
int nid;
EVP_PKEY *pkecdh = NULL;
if (parg == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
group = EC_KEY_get0_group((const EC_KEY *)parg);
if (group == NULL) {
ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
pkecdh = ssl_ecdh_to_pkey(parg);
if (pkecdh == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
nid = EC_GROUP_get_curve_name(group);
if (nid == NID_undef)
return 0;
return tls1_set_groups(&s->ext.supportedgroups,
&s->ext.supportedgroups_len,
&nid, 1);
return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
&s->ext.supportedgroups_len,
pkecdh);
}
break;
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
/*
@ -3816,27 +3835,23 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return 1;
#ifndef OPENSSL_NO_EC
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
const EC_GROUP *group = NULL;
int nid;
EVP_PKEY *pkecdh = NULL;
if (parg == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
group = EC_KEY_get0_group((const EC_KEY *)parg);
if (group == NULL) {
ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
pkecdh = ssl_ecdh_to_pkey(parg);
if (pkecdh == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
nid = EC_GROUP_get_curve_name(group);
if (nid == NID_undef)
return 0;
return tls1_set_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
&nid, 1);
return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
pkecdh);
}
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:

3
ssl/ssl_local.h
View File

@ -2468,6 +2468,9 @@ __owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
unsigned char **ctp, size_t *ctlenp,
int gensecret);
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
__owur EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec);
# endif
__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);

35
ssl/t1_lib.c
View File

@ -818,32 +818,39 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
/* Check a key is compatible with compression extension */
static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
{
const EC_KEY *ec;
const EC_GROUP *grp;
unsigned char comp_id;
size_t i;
char name[80];
size_t name_len;
/* If not an EC key nothing to check */
if (!EVP_PKEY_is_a(pkey, "EC"))
return 1;
ec = EVP_PKEY_get0_EC_KEY(pkey);
grp = EC_KEY_get0_group(ec);
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
name, sizeof(name), &name_len))
return 0;
/* Get required compression id */
if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
if (strcasecmp(name, "uncompressed") == 0) {
comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
} else if (SSL_IS_TLS13(s)) {
/*
* ec_point_formats extension is not used in TLSv1.3 so we ignore
* this check.
*/
return 1;
/*
* ec_point_formats extension is not used in TLSv1.3 so we ignore
* this check.
*/
return 1;
} else {
int field_type = EC_GROUP_get_field_type(grp);
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_EC_FIELD_TYPE,
name, sizeof(name), &name_len))
return 0;
if (field_type == NID_X9_62_prime_field)
if (strcasecmp(name, SN_X9_62_prime_field) == 0)
comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
else if (field_type == NID_X9_62_characteristic_two_field)
else if (strcasecmp(name, SN_X9_62_characteristic_two_field) == 0)
comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
else
return 0;

18
ssl/tls_depr.c
View File

@ -159,5 +159,21 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh)
return ret;
}
# endif
#endif
/* Some deprecated public APIs pass EC_KEY objects */
# ifndef OPENSSL_NO_EC
EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec)
{
EVP_PKEY *ret;
if (ec == NULL)
return NULL;
ret = EVP_PKEY_new();
if (EVP_PKEY_set1_EC_KEY(ret, ec) <= 0) {
EVP_PKEY_free(ret);
return NULL;
}
return ret;
}
# endif
#endif

6
test/build.info
View File

@ -32,7 +32,7 @@ IF[{- !$disabled{tests} -}]
versions \
aborttest test_test pkcs12_format_test \
sanitytest rsa_complex exdatatest bntest \
ectest ecstresstest gmdifftest pbelutest \
ecstresstest gmdifftest pbelutest \
destest mdc2test \
exptest \
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
@ -96,7 +96,7 @@ IF[{- !$disabled{tests} -}]
SOURCE[ectest]=ectest.c
INCLUDE[ectest]=../include ../apps/include
DEPEND[ectest]=../libcrypto libtestutil.a
DEPEND[ectest]=../libcrypto.a libtestutil.a
SOURCE[ecstresstest]=ecstresstest.c
INCLUDE[ecstresstest]=../include ../apps/include
@ -548,7 +548,7 @@ IF[{- !$disabled{tests} -}]
PROGRAMS{noinst}=sm4_internal_test
ENDIF
IF[{- !$disabled{ec} -}]
PROGRAMS{noinst}=ec_internal_test curve448_internal_test
PROGRAMS{noinst}=ectest ec_internal_test curve448_internal_test
ENDIF
IF[{- !$disabled{cmac} -}]
PROGRAMS{noinst}=cmactest

9
test/ectest.c
View File

@ -9,13 +9,10 @@
*/
/*
* We need access to the deprecated EC_POINTs_mul, EC_GROUP_precompute_mult,
* and EC_GROUP_have_precompute_mult for testing purposes
* when the deprecated calls are not hidden
* EC_KEY low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#ifndef OPENSSL_NO_DEPRECATED_3_0
# define OPENSSL_SUPPRESS_DEPRECATED
#endif
#include "internal/deprecated.h"
#include <string.h>
#include "internal/nelem.h"

74
test/evp_extra_test.c
View File

@ -384,6 +384,7 @@ static const unsigned char pExampleECParamDER[] = {
typedef struct APK_DATA_st {
const unsigned char *kder;
size_t size;
const char *keytype;
int evptype;
int check;
int pub_check;
@ -392,22 +393,22 @@ typedef struct APK_DATA_st {
} APK_DATA;
static APK_DATA keydata[] = {
{kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
{kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
{kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
{kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
#ifndef OPENSSL_NO_EC
{kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
{kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
#endif
};
static APK_DATA keycheckdata[] = {
{kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
{kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
{kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0},
{kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
0, 1, 1, 0},
#ifndef OPENSSL_NO_EC
{kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
{kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
/* group is also associated in our pub key */
{kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
{pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
{kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1},
{pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}
#endif
};
@ -911,18 +912,14 @@ static struct ec_der_pub_keys_st {
static int test_invalide_ec_char2_pub_range_decode(int id)
{
int ret = 0;
BIO *bio = NULL;
EC_KEY *eckey = NULL;
EVP_PKEY *pkey;
if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
ec_der_pub_keys[id].len)))
goto err;
eckey = d2i_EC_PUBKEY_bio(bio, NULL);
ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
|| TEST_ptr_null(eckey);
err:
EC_KEY_free(eckey);
BIO_free(bio);
pkey = load_example_key("EC", ec_der_pub_keys[id].der,
ec_der_pub_keys[id].len);
ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
|| TEST_ptr_null(pkey);
EVP_PKEY_free(pkey);
return ret;
}
@ -1417,11 +1414,7 @@ static EVP_PKEY_METHOD *custom_pmeth;
static int test_EVP_PKEY_check(int i)
{
int ret = 0;
const unsigned char *p;
EVP_PKEY *pkey = NULL;
#ifndef OPENSSL_NO_EC
EC_KEY *eckey = NULL;
#endif
EVP_PKEY_CTX *ctx = NULL;
#ifndef OPENSSL_NO_DEPRECATED_3_0
EVP_PKEY_CTX *ctx2 = NULL;
@ -1434,36 +1427,12 @@ static int test_EVP_PKEY_check(int i)
int expected_pub_check = ak->pub_check;
int expected_param_check = ak->param_check;
int type = ak->type;
BIO *pubkey = NULL;
p = input;
switch (type) {
case 0:
if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
|| !TEST_ptr_eq(p, input + input_len)
|| !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
goto done;
break;
#ifndef OPENSSL_NO_EC
case 1:
if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
|| !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
|| !TEST_ptr(pkey = EVP_PKEY_new())
|| !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
goto done;
break;
case 2:
if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
|| !TEST_ptr_eq(p, input + input_len)
|| !TEST_ptr(pkey = EVP_PKEY_new())
|| !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
goto done;
break;
#endif
default:
return 0;
}
if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
goto done;
if (type == 0
&& !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
goto done;
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
goto done;
@ -1501,7 +1470,6 @@ static int test_EVP_PKEY_check(int i)
EVP_PKEY_CTX_free(ctx2);
#endif
EVP_PKEY_free(pkey);
BIO_free(pubkey);
return ret;
}

16
test/helpers/handshake.c
View File

@ -12,6 +12,7 @@
#include <openssl/bio.h>
#include <openssl/x509_vfy.h>
#include <openssl/ssl.h>
#include <openssl/core_names.h>
#ifndef OPENSSL_NO_SRP
#include <openssl/srp.h>
#endif
@ -1270,15 +1271,18 @@ static char *dup_str(const unsigned char *in, size_t len)
static int pkey_type(EVP_PKEY *pkey)
{
int nid = EVP_PKEY_id(pkey);
#ifndef OPENSSL_NO_EC
if (nid == EVP_PKEY_EC) {
const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
if (EVP_PKEY_is_a(pkey, "EC")) {
char name[80];
size_t name_len;
if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
name, sizeof(name), &name_len))
return NID_undef;
return OBJ_txt2nid(name);
}
#endif
return nid;
return EVP_PKEY_id(pkey);
}
static int peer_pkey_type(SSL *s)

2
test/ssl_old_test.c
View File

@ -718,6 +718,7 @@ static void sv_usage(void)
static void print_key_details(BIO *out, EVP_PKEY *key)
{
int keyid = EVP_PKEY_id(key);
#if 0
#ifndef OPENSSL_NO_EC
if (keyid == EVP_PKEY_EC) {
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
@ -730,6 +731,7 @@ static void print_key_details(BIO *out, EVP_PKEY *key)
cname = OBJ_nid2sn(nid);
BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
} else
#endif
#endif
{
const char *algname;

156
util/libcrypto.num
View File

@ -1,4 +1,4 @@
d2i_EC_PUBKEY 1 3_0_0 EXIST::FUNCTION:EC
d2i_EC_PUBKEY 1 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
b2i_PVK_bio 2 3_0_0 EXIST::FUNCTION:
PEM_read_bio_NETSCAPE_CERT_SEQUENCE 3 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_chain 4 3_0_0 EXIST::FUNCTION:
@ -15,7 +15,7 @@ X509at_get_attr_by_NID 14 3_0_0 EXIST::FUNCTION:
X509_PUBKEY_set0_param 15 3_0_0 EXIST::FUNCTION:
PKCS12_it 16 3_0_0 EXIST::FUNCTION:
i2d_ASN1_OCTET_STRING 17 3_0_0 EXIST::FUNCTION:
EC_KEY_set_private_key 18 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_private_key 18 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SRP_VBASE_get_by_user 19 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
Camellia_cfb128_encrypt 21 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
DES_ncbc_encrypt 22 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
@ -180,7 +180,7 @@ i2d_ASN1_PRINTABLESTRING 183 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set_hostflags 184 3_0_0 EXIST::FUNCTION:
SCT_get0_log_id 185 3_0_0 EXIST::FUNCTION:CT
ASN1_IA5STRING_it 186 3_0_0 EXIST::FUNCTION:
PEM_write_bio_ECPrivateKey 187 3_0_0 EXIST::FUNCTION:EC
PEM_write_bio_ECPrivateKey 187 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_consttime_swap 188 3_0_0 EXIST::FUNCTION:
BIO_f_buffer 189 3_0_0 EXIST::FUNCTION:
CMS_SignerInfo_get0_signer_id 190 3_0_0 EXIST::FUNCTION:CMS
@ -198,7 +198,7 @@ OCSP_request_add0_id 201 3_0_0 EXIST::FUNCTION:OCSP
EVP_seed_cfb128 202 3_0_0 EXIST::FUNCTION:SEED
BASIC_CONSTRAINTS_free 203 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_flags 204 3_0_0 EXIST::FUNCTION:
PEM_write_bio_ECPKParameters 205 3_0_0 EXIST::FUNCTION:EC
PEM_write_bio_ECPKParameters 205 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SCT_set_version 206 3_0_0 EXIST::FUNCTION:CT
CMS_add1_ReceiptRequest 207 3_0_0 EXIST::FUNCTION:CMS
d2i_CRL_DIST_POINTS 208 3_0_0 EXIST::FUNCTION:
@ -206,7 +206,7 @@ X509_CRL_INFO_free 209 3_0_0 EXIST::FUNCTION:
ERR_load_UI_strings 210 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ERR_load_strings 211 3_0_0 EXIST::FUNCTION:
RSA_X931_hash_id 212 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PEM_write_PKCS8_PRIV_KEY_INFO 214 3_0_0 EXIST::FUNCTION:STDIO
X509at_get0_data_by_OBJ 215 3_0_0 EXIST::FUNCTION:
b2i_PublicKey_bio 216 3_0_0 EXIST::FUNCTION:
@ -234,9 +234,9 @@ ASN1_item_i2d 238 3_0_0 EXIST::FUNCTION:
OCSP_copy_nonce 239 3_0_0 EXIST::FUNCTION:OCSP
OBJ_txt2nid 240 3_0_0 EXIST::FUNCTION:
SEED_set_key 241 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
EC_KEY_clear_flags 242 3_0_0 EXIST::FUNCTION:EC
EC_KEY_clear_flags 242 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CMS_RecipientInfo_ktri_get0_algs 243 3_0_0 EXIST::FUNCTION:CMS
i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:EC
i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
MDC2 245 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
BN_clear_free 246 3_0_0 EXIST::FUNCTION:
ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@ -254,7 +254,7 @@ EVP_md2 259 3_0_0 EXIST::FUNCTION:MD2
RC2_ecb_encrypt 260 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
ENGINE_register_DH 261 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
ASN1_NULL_free 262 3_0_0 EXIST::FUNCTION:
EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:EC
EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_des_ede3 264 3_0_0 EXIST::FUNCTION:DES
PKCS7_add1_attrib_digest 265 3_0_0 EXIST::FUNCTION:
EC_POINT_get_affine_coordinates_GFp 266 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
@ -318,7 +318,7 @@ BIO_s_accept 323 3_0_0 EXIST::FUNCTION:SOCK
EVP_whirlpool 324 3_0_0 EXIST::FUNCTION:WHIRLPOOL
OCSP_ONEREQ_get1_ext_d2i 325 3_0_0 EXIST::FUNCTION:OCSP
d2i_ESS_SIGNING_CERT 326 3_0_0 EXIST::FUNCTION:
EC_KEY_set_default_method 327 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_default_method 327 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_OBJECT_up_ref_count 328 3_0_0 EXIST::FUNCTION:
RAND_load_file 329 3_0_0 EXIST::FUNCTION:
BIO_ctrl_reset_read_request 330 3_0_0 EXIST::FUNCTION:
@ -521,7 +521,7 @@ X509_CRL_add1_ext_i2d 532 3_0_0 EXIST::FUNCTION:
i2d_TS_TST_INFO 533 3_0_0 EXIST::FUNCTION:TS
OBJ_sigid_free 534 3_0_0 EXIST::FUNCTION:
TS_STATUS_INFO_get0_status 535 3_0_0 EXIST::FUNCTION:TS
EC_KEY_get_flags 536 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get_flags 536 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ASN1_TYPE_cmp 537 3_0_0 EXIST::FUNCTION:
i2d_RSAPublicKey 538 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EC_GROUP_get_trinomial_basis 539 3_0_0 EXIST::FUNCTION:EC,EC2M
@ -537,7 +537,7 @@ RSA_sign_ASN1_OCTET_STRING 548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
d2i_X509_CRL_fp 549 3_0_0 EXIST::FUNCTION:STDIO
i2d_RSA_PUBKEY 550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_aes_128_ccm 551 3_0_0 EXIST::FUNCTION:
ECParameters_print 552 3_0_0 EXIST::FUNCTION:EC
ECParameters_print 552 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OCSP_SINGLERESP_get1_ext_d2i 553 3_0_0 EXIST::FUNCTION:OCSP
RAND_status 554 3_0_0 EXIST::FUNCTION:
EVP_ripemd160 555 3_0_0 EXIST::FUNCTION:RMD160
@ -645,7 +645,7 @@ OCSP_resp_get0_produced_at 661 3_0_0 EXIST::FUNCTION:OCSP
IDEA_encrypt 662 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
CRYPTO_nistcts128_encrypt_block 663 3_0_0 EXIST::FUNCTION:
EVP_MD_do_all 664 3_0_0 EXIST::FUNCTION:
EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:EC
EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CONF_parse_list 666 3_0_0 EXIST::FUNCTION:
ENGINE_set_table_flags 667 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
EVP_MD_meth_get_ctrl 668 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@ -772,7 +772,7 @@ CONF_get1_default_config_file 790 3_0_0 EXIST::FUNCTION:
CRYPTO_ocb128_encrypt 791 3_0_0 EXIST::FUNCTION:OCB
EXTENDED_KEY_USAGE_new 792 3_0_0 EXIST::FUNCTION:
EVP_EncryptFinal 793 3_0_0 EXIST::FUNCTION:
PEM_write_ECPrivateKey 794 3_0_0 EXIST::FUNCTION:EC,STDIO
PEM_write_ECPrivateKey 794 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
EVP_CIPHER_meth_set_get_asn1_params 796 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PKCS7_dataInit 797 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_app_data 798 3_0_0 EXIST::FUNCTION:
@ -792,8 +792,8 @@ i2a_ASN1_ENUMERATED 811 3_0_0 EXIST::FUNCTION:
PKCS7_ISSUER_AND_SERIAL_new 812 3_0_0 EXIST::FUNCTION:
d2i_USERNOTICE 813 3_0_0 EXIST::FUNCTION:
X509_cmp 814 3_0_0 EXIST::FUNCTION:
EVP_PKEY_set1_EC_KEY 815 3_0_0 EXIST::FUNCTION:EC
ECPKParameters_print_fp 816 3_0_0 EXIST::FUNCTION:EC,STDIO
EVP_PKEY_set1_EC_KEY 815 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ECPKParameters_print_fp 816 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
GENERAL_SUBTREE_free 817 3_0_0 EXIST::FUNCTION:
RSA_blinding_off 818 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
i2d_OCSP_REVOKEDINFO 819 3_0_0 EXIST::FUNCTION:OCSP
@ -910,7 +910,7 @@ DHparams_dup 932 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
X509_get_ext 933 3_0_0 EXIST::FUNCTION:
X509_issuer_and_serial_hash 934 3_0_0 EXIST::FUNCTION:
ASN1_BMPSTRING_it 935 3_0_0 EXIST::FUNCTION:
PEM_read_EC_PUBKEY 936 3_0_0 EXIST::FUNCTION:EC,STDIO
PEM_read_EC_PUBKEY 936 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
d2i_ASN1_IA5STRING 937 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_ext_free 938 3_0_0 EXIST::FUNCTION:TS
i2d_X509_CRL_fp 939 3_0_0 EXIST::FUNCTION:STDIO
@ -920,7 +920,7 @@ TS_VERIFY_CTX_set_certs 942 3_0_0 EXIST::FUNCTION:TS
BN_MONT_CTX_copy 943 3_0_0 EXIST::FUNCTION:
OPENSSL_INIT_new 945 3_0_0 EXIST::FUNCTION:
TS_ACCURACY_dup 946 3_0_0 EXIST::FUNCTION:TS
i2d_ECPrivateKey 947 3_0_0 EXIST::FUNCTION:EC
i2d_ECPrivateKey 947 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_NAME_ENTRY_create_by_OBJ 948 3_0_0 EXIST::FUNCTION:
TS_VERIFY_CTX_cleanup 949 3_0_0 EXIST::FUNCTION:TS
ASN1_INTEGER_get 950 3_0_0 EXIST::FUNCTION:
@ -1021,7 +1021,7 @@ X509_EXTENSION_new 1047 3_0_0 EXIST::FUNCTION:
X509_getm_notAfter 1048 3_0_0 EXIST::FUNCTION:
X509_ALGOR_dup 1049 3_0_0 EXIST::FUNCTION:
d2i_X509_REQ_INFO 1050 3_0_0 EXIST::FUNCTION:
d2i_EC_PUBKEY_bio 1051 3_0_0 EXIST::FUNCTION:EC
d2i_EC_PUBKEY_bio 1051 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_STORE_CTX_set_error 1052 3_0_0 EXIST::FUNCTION:
EC_KEY_METHOD_set_keygen 1053 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CRYPTO_free 1054 3_0_0 EXIST::FUNCTION:
@ -1074,7 +1074,7 @@ X509_CRL_set1_nextUpdate 1100 3_0_0 EXIST::FUNCTION:
EVP_des_ede3_cfb64 1101 3_0_0 EXIST::FUNCTION:DES
BN_to_ASN1_INTEGER 1102 3_0_0 EXIST::FUNCTION:
EXTENDED_KEY_USAGE_free 1103 3_0_0 EXIST::FUNCTION:
PEM_read_bio_EC_PUBKEY 1104 3_0_0 EXIST::FUNCTION:EC
PEM_read_bio_EC_PUBKEY 1104 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_MONT_CTX_set 1105 3_0_0 EXIST::FUNCTION:
TS_CONF_set_serial 1106 3_0_0 EXIST::FUNCTION:TS
X509_NAME_ENTRY_new 1107 3_0_0 EXIST::FUNCTION:
@ -1091,7 +1091,7 @@ X509_STORE_CTX_get0_store 1117 3_0_0 EXIST::FUNCTION:
PKCS12_pack_p7data 1118 3_0_0 EXIST::FUNCTION:
RSA_print_fp 1119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO
OPENSSL_INIT_set_config_appname 1120 3_0_0 EXIST::FUNCTION:STDIO
EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:EC,STDIO
EC_KEY_print_fp 1121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
BIO_dup_chain 1122 3_0_0 EXIST::FUNCTION:
PKCS8_PRIV_KEY_INFO_it 1123 3_0_0 EXIST::FUNCTION:
RSA_OAEP_PARAMS_free 1124 3_0_0 EXIST::FUNCTION:
@ -1185,7 +1185,7 @@ EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
X509_it 1212 3_0_0 EXIST::FUNCTION:
d2i_PROXY_POLICY 1213 3_0_0 EXIST::FUNCTION:
MDC2_Update 1214 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
EC_KEY_new_by_curve_name 1215 3_0_0 EXIST::FUNCTION:EC
EC_KEY_new_by_curve_name 1215 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_CRL_free 1216 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_SIGN_ENVELOPE 1217 3_0_0 EXIST::FUNCTION:
OCSP_CERTSTATUS_it 1218 3_0_0 EXIST::FUNCTION:OCSP
@ -1256,7 +1256,7 @@ MD5_Init 1284 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
UI_add_error_string 1285 3_0_0 EXIST::FUNCTION:
X509_TRUST_cleanup 1286 3_0_0 EXIST::FUNCTION:
PEM_read_X509 1287 3_0_0 EXIST::FUNCTION:STDIO
EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:EC
EC_KEY_new_method 1288 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
i2d_RSAPublicKey_fp 1289 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO
CRYPTO_ctr128_encrypt_ctr32 1290 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_move_peername 1291 3_0_0 EXIST::FUNCTION:
@ -1266,7 +1266,7 @@ X509_CRL_METHOD_free 1294 3_0_0 EXIST::FUNCTION:
PEM_read_NETSCAPE_CERT_SEQUENCE 1295 3_0_0 EXIST::FUNCTION:STDIO
OPENSSL_load_builtin_modules 1296 3_0_0 EXIST::FUNCTION:
X509_set_version 1297 3_0_0 EXIST::FUNCTION:
i2d_EC_PUBKEY_bio 1298 3_0_0 EXIST::FUNCTION:EC
i2d_EC_PUBKEY_bio 1298 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_REQ_get_attr_count 1299 3_0_0 EXIST::FUNCTION:
CMS_set1_signers_certs 1300 3_0_0 EXIST::FUNCTION:CMS
TS_ACCURACY_free 1301 3_0_0 EXIST::FUNCTION:TS
@ -1312,7 +1312,7 @@ CRYPTO_mem_leaks_fp 1340 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG
DES_set_key_unchecked 1341 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
BN_free 1342 3_0_0 EXIST::FUNCTION:
EVP_aes_128_cfb1 1343 3_0_0 EXIST::FUNCTION:
EC_KEY_get0_group 1344 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get0_group 1344 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PEM_write_bio_CMS_stream 1345 3_0_0 EXIST::FUNCTION:CMS
BIO_f_linebuffer 1346 3_0_0 EXIST::FUNCTION:
ASN1_item_d2i_bio 1347 3_0_0 EXIST::FUNCTION:
@ -1403,7 +1403,7 @@ ASN1_check_infinite_end 1435 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_DIGEST 1436 3_0_0 EXIST::FUNCTION:
ERR_lib_error_string 1437 3_0_0 EXIST::FUNCTION:
X509_ATTRIBUTE_set1_object 1438 3_0_0 EXIST::FUNCTION:
i2d_ECPrivateKey_bio 1439 3_0_0 EXIST::FUNCTION:EC
i2d_ECPrivateKey_bio 1439 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_GENCB_free 1440 3_0_0 EXIST::FUNCTION:
HMAC_size 1441 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_get0_DH 1442 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
@ -1513,7 +1513,7 @@ EVP_CIPHER_asn1_to_param 1546 3_0_0 EXIST::FUNCTION:
OCSP_request_onereq_get0 1547 3_0_0 EXIST::FUNCTION:OCSP
ERR_load_PKCS7_strings 1548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_PUBKEY_get 1549 3_0_0 EXIST::FUNCTION:
EC_KEY_free 1550 3_0_0 EXIST::FUNCTION:EC
EC_KEY_free 1550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BIO_read 1551 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get_attr_by_NID 1552 3_0_0 EXIST::FUNCTION:
BIO_get_accept_socket 1553 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
@ -1629,7 +1629,7 @@ i2d_CMS_bio_stream 1667 3_0_0 EXIST::FUNCTION:CMS
DES_quad_cksum 1668 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
X509_ATTRIBUTE_create_by_NID 1669 3_0_0 EXIST::FUNCTION:
TS_VERIFY_CTX_free 1670 3_0_0 EXIST::FUNCTION:TS
EC_KEY_up_ref 1671 3_0_0 EXIST::FUNCTION:EC
EC_KEY_up_ref 1671 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EC_GROUP_get_basis_type 1672 3_0_0 EXIST::FUNCTION:EC
OCSP_crlID_new 1673 3_0_0 EXIST:!VMS:FUNCTION:OCSP
OCSP_crlID2_new 1673 3_0_0 EXIST:VMS:FUNCTION:OCSP
@ -1650,9 +1650,9 @@ OBJ_find_sigid_by_algs 1687 3_0_0 EXIST::FUNCTION:
ASN1_generate_nconf 1688 3_0_0 EXIST::FUNCTION:
CMS_add0_recipient_password 1689 3_0_0 EXIST::FUNCTION:CMS
UI_get_string_type 1690 3_0_0 EXIST::FUNCTION:
PEM_read_bio_ECPrivateKey 1691 3_0_0 EXIST::FUNCTION:EC
PEM_read_bio_ECPrivateKey 1691 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_PKEY_get_attr 1692 3_0_0 EXIST::FUNCTION:
PEM_read_bio_ECPKParameters 1693 3_0_0 EXIST::FUNCTION:EC
PEM_read_bio_ECPKParameters 1693 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
d2i_PKCS12_MAC_DATA 1694 3_0_0 EXIST::FUNCTION:
ENGINE_ctrl_cmd 1695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
PKCS12_SAFEBAG_get_bag_nid 1696 3_0_0 EXIST::FUNCTION:
@ -1793,7 +1793,7 @@ EVP_MD_meth_set_update 1835 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EVP_camellia_192_cbc 1836 3_0_0 EXIST::FUNCTION:CAMELLIA
OPENSSL_LH_stats_bio 1837 3_0_0 EXIST::FUNCTION:
PKCS7_set_signed_attributes 1838 3_0_0 EXIST::FUNCTION:
EC_KEY_priv2buf 1839 3_0_0 EXIST::FUNCTION:EC
EC_KEY_priv2buf 1839 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_BLINDING_free 1840 3_0_0 EXIST::FUNCTION:
IPAddressChoice_new 1841 3_0_0 EXIST::FUNCTION:RFC3779
X509_CRL_get_ext_count 1842 3_0_0 EXIST::FUNCTION:
@ -1928,7 +1928,7 @@ NCONF_load_fp 1973 3_0_0 EXIST::FUNCTION:STDIO
i2d_OCSP_REQINFO 1974 3_0_0 EXIST::FUNCTION:OCSP
EVP_PKEY_sign 1975 3_0_0 EXIST::FUNCTION:
TS_REQ_get_ext_by_critical 1976 3_0_0 EXIST::FUNCTION:TS
EC_KEY_key2buf 1977 3_0_0 EXIST::FUNCTION:EC
EC_KEY_key2buf 1977 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_EXTENSION_it 1978 3_0_0 EXIST::FUNCTION:
i2d_PKCS8_fp 1979 3_0_0 EXIST::FUNCTION:STDIO
UTF8_getc 1980 3_0_0 EXIST::FUNCTION:
@ -1972,7 +1972,7 @@ UI_dup_input_boolean 2017 3_0_0 EXIST::FUNCTION:
PKCS7_dup 2018 3_0_0 EXIST::FUNCTION:
i2d_TS_REQ_fp 2019 3_0_0 EXIST::FUNCTION:STDIO,TS
i2d_OTHERNAME 2020 3_0_0 EXIST::FUNCTION:
EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SCT_get0_extensions 2022 3_0_0 EXIST::FUNCTION:CT
OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION:
i2d_DIRECTORYSTRING 2024 3_0_0 EXIST::FUNCTION:
@ -1998,12 +1998,12 @@ PKCS7_SIGN_ENVELOPE_it 2044 3_0_0 EXIST::FUNCTION:
ASN1_d2i_fp 2045 3_0_0 EXIST::FUNCTION:STDIO
EVP_DecryptFinal 2046 3_0_0 EXIST::FUNCTION:
ASN1_ENUMERATED_it 2047 3_0_0 EXIST::FUNCTION:
o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:EC
o2i_ECPublicKey 2048 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ERR_load_BUF_strings 2049 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PEM_read_bio_RSA_PUBKEY 2050 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OCSP_SINGLERESP_new 2051 3_0_0 EXIST::FUNCTION:OCSP
ASN1_SCTX_free 2052 3_0_0 EXIST::FUNCTION:
i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:EC,STDIO
i2d_ECPrivateKey_fp 2053 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
EVP_CIPHER_CTX_original_iv 2054 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PKCS7_SIGNED_free 2055 3_0_0 EXIST::FUNCTION:
X509_TRUST_get0_name 2056 3_0_0 EXIST::FUNCTION:
@ -2168,7 +2168,7 @@ CRYPTO_ccm128_decrypt_ccm64 2215 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_clock_precision_digits 2216 3_0_0 EXIST::FUNCTION:TS
SCT_LIST_validate 2217 3_0_0 EXIST::FUNCTION:CT
X509_PURPOSE_get_id 2218 3_0_0 EXIST::FUNCTION:
EC_KEY_get_ex_data 2219 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get_ex_data 2219 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_MD_size 2220 3_0_0 EXIST::FUNCTION:
CRYPTO_malloc 2221 3_0_0 EXIST::FUNCTION:
ERR_load_ASN1_strings 2222 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@ -2238,7 +2238,7 @@ SXNET_get_id_asc 2285 3_0_0 EXIST::FUNCTION:
SCT_set1_extensions 2286 3_0_0 EXIST::FUNCTION:CT
PKCS12_SAFEBAG_new 2287 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_set_nonce 2288 3_0_0 EXIST::FUNCTION:TS
PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:EC,STDIO
PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
RSA_free 2290 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_CRL_INFO_new 2291 3_0_0 EXIST::FUNCTION:
AES_cfb8_encrypt 2292 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@ -2268,7 +2268,7 @@ PKCS7_ISSUER_AND_SERIAL_digest 2315 3_0_0 EXIST::FUNCTION:
EVP_des_ofb 2316 3_0_0 EXIST::FUNCTION:DES
DSA_set_method 2317 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
EVP_PKEY_get1_RSA 2318 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:EC
EC_KEY_OpenSSL 2319 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_camellia_192_ofb 2320 3_0_0 EXIST::FUNCTION:CAMELLIA
ASN1_STRING_length 2321 3_0_0 EXIST::FUNCTION:
PKCS7_set_digest 2322 3_0_0 EXIST::FUNCTION:
@ -2345,11 +2345,11 @@ BN_sqr 2393 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_set_time 2394 3_0_0 EXIST::FUNCTION:TS
OPENSSL_die 2395 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_by_alias 2396 3_0_0 EXIST::FUNCTION:
EC_KEY_set_conv_form 2397 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_conv_form 2397 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_TRUST_get_count 2399 3_0_0 EXIST::FUNCTION:
IPAddressOrRange_free 2400 3_0_0 EXIST::FUNCTION:RFC3779
RSA_padding_add_PKCS1_OAEP 2401 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_ex_data 2402 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SRP_VBASE_new 2403 3_0_0 EXIST::FUNCTION:SRP
i2d_ECDSA_SIG 2404 3_0_0 EXIST::FUNCTION:EC
BIO_dump_indent 2405 3_0_0 EXIST::FUNCTION:
@ -2393,7 +2393,7 @@ ASIdentifiers_new 2443 3_0_0 EXIST::FUNCTION:RFC3779
CONF_imodule_get_flags 2444 3_0_0 EXIST::FUNCTION:
PKCS12_SAFEBAG_it 2445 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_meth_set_set_asn1_params 2446 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EC_KEY_get_enc_flags 2447 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get_enc_flags 2447 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_OBJECT_idx_by_subject 2448 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_copy 2449 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
NETSCAPE_CERT_SEQUENCE_new 2450 3_0_0 EXIST::FUNCTION:
@ -2488,7 +2488,7 @@ WHIRLPOOL 2540 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
UI_set_default_method 2542 3_0_0 EXIST::FUNCTION:
EC_POINT_is_at_infinity 2543 3_0_0 EXIST::FUNCTION:EC
i2d_NOTICEREF 2544 3_0_0 EXIST::FUNCTION:
EC_KEY_new 2545 3_0_0 EXIST::FUNCTION:EC
EC_KEY_new 2545 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_chacha20 2546 3_0_0 EXIST::FUNCTION:CHACHA
BN_bn2dec 2547 3_0_0 EXIST::FUNCTION:
X509_REQ_print_ex 2548 3_0_0 EXIST::FUNCTION:
@ -2504,7 +2504,7 @@ X509_CRL_get0_signature 2557 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get_keygen_info 2558 3_0_0 EXIST::FUNCTION:
d2i_ASN1_UINTEGER 2559 3_0_0 EXIST::FUNCTION:
i2s_ASN1_INTEGER 2560 3_0_0 EXIST::FUNCTION:
d2i_EC_PUBKEY_fp 2561 3_0_0 EXIST::FUNCTION:EC,STDIO
d2i_EC_PUBKEY_fp 2561 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
i2d_OCSP_SIGNATURE 2562 3_0_0 EXIST::FUNCTION:OCSP
i2d_X509_EXTENSION 2563 3_0_0 EXIST::FUNCTION:
PEM_read_bio_X509 2564 3_0_0 EXIST::FUNCTION:
@ -2566,7 +2566,7 @@ CMS_get0_type 2620 3_0_0 EXIST::FUNCTION:CMS
ASN1_PCTX_free 2621 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_new 2622 3_0_0 EXIST::FUNCTION:
X509V3_EXT_conf_nid 2623 3_0_0 EXIST::FUNCTION:
EC_KEY_check_key 2624 3_0_0 EXIST::FUNCTION:EC
EC_KEY_check_key 2624 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PKCS5_PBKDF2_HMAC 2625 3_0_0 EXIST::FUNCTION:
CONF_get_section 2626 3_0_0 EXIST::FUNCTION:
CMS_RecipientInfo_kari_decrypt 2627 3_0_0 EXIST::FUNCTION:CMS
@ -2601,7 +2601,7 @@ OPENSSL_sk_new 2656 3_0_0 EXIST::FUNCTION:
BN_dup 2657 3_0_0 EXIST::FUNCTION:
TS_MSG_IMPRINT_print_bio 2658 3_0_0 EXIST::FUNCTION:TS
CONF_module_set_usr_data 2659 3_0_0 EXIST::FUNCTION:
EC_KEY_generate_key 2660 3_0_0 EXIST::FUNCTION:EC
EC_KEY_generate_key 2660 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BIO_ctrl_get_write_guarantee 2661 3_0_0 EXIST::FUNCTION:
EVP_PKEY_assign 2662 3_0_0 EXIST::FUNCTION:
EVP_aes_128_ofb 2663 3_0_0 EXIST::FUNCTION:
@ -2629,14 +2629,14 @@ TS_RESP_CTX_set_signer_cert 2685 3_0_0 EXIST::FUNCTION:TS
X509V3_EXT_d2i 2686 3_0_0 EXIST::FUNCTION:
ASN1_GENERALSTRING_it 2687 3_0_0 EXIST::FUNCTION:
POLICYQUALINFO_free 2688 3_0_0 EXIST::FUNCTION:
EC_KEY_set_group 2689 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_group 2689 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OCSP_check_validity 2690 3_0_0 EXIST::FUNCTION:OCSP
PEM_write_ECPKParameters 2691 3_0_0 EXIST::FUNCTION:EC,STDIO
PEM_write_ECPKParameters 2691 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509_VERIFY_PARAM_lookup 2692 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_by_fingerprint 2693 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_meth_free 2694 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
PKCS7_RECIP_INFO_new 2695 3_0_0 EXIST::FUNCTION:
d2i_ECPrivateKey_fp 2696 3_0_0 EXIST::FUNCTION:EC,STDIO
d2i_ECPrivateKey_fp 2696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
TS_CONF_set_ordering 2697 3_0_0 EXIST::FUNCTION:TS
X509_CRL_get_ext 2698 3_0_0 EXIST::FUNCTION:
X509_CRL_get_ext_by_OBJ 2699 3_0_0 EXIST::FUNCTION:
@ -2742,13 +2742,13 @@ EC_GROUP_set_point_conversion_form 2801 3_0_0 EXIST::FUNCTION:EC
CMS_dataFinal 2802 3_0_0 EXIST::FUNCTION:CMS
ASN1_TIME_it 2803 3_0_0 EXIST::FUNCTION:
ENGINE_get_static_state 2804 3_0_0 EXIST::FUNCTION:ENGINE
EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EC_GFp_mont_method 2806 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OPENSSL_asc2uni 2807 3_0_0 EXIST::FUNCTION:
TS_REQ_new 2808 3_0_0 EXIST::FUNCTION:TS
ENGINE_register_all_DH 2809 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
ERR_clear_error 2810 3_0_0 EXIST::FUNCTION:
EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:EC
EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_LOOKUP_init 2812 3_0_0 EXIST::FUNCTION:
i2b_PVK_bio 2813 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_free 2814 3_0_0 EXIST::FUNCTION:OCSP
@ -2770,7 +2770,7 @@ X509_REQ_get_signature_nid 2830 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_get_ext 2831 3_0_0 EXIST::FUNCTION:TS
i2d_OCSP_RESPID 2832 3_0_0 EXIST::FUNCTION:OCSP
EVP_camellia_256_cfb8 2833 3_0_0 EXIST::FUNCTION:CAMELLIA
EC_KEY_get0_public_key 2834 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get0_public_key 2834 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SRP_Calc_x 2835 3_0_0 EXIST::FUNCTION:SRP
a2i_ASN1_ENUMERATED 2836 3_0_0 EXIST::FUNCTION:
CONF_module_get_usr_data 2837 3_0_0 EXIST::FUNCTION:
@ -2802,13 +2802,13 @@ BIO_socket_nbio 2863 3_0_0 EXIST::FUNCTION:SOCK
EVP_CIPHER_set_asn1_iv 2864 3_0_0 EXIST::FUNCTION:
EC_GFp_nistp224_method 2865 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128
BN_swap 2866 3_0_0 EXIST::FUNCTION:
d2i_ECParameters 2867 3_0_0 EXIST::FUNCTION:EC
d2i_ECParameters 2867 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
X509_NAME_add_entry_by_OBJ 2868 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_get_ext_count 2869 3_0_0 EXIST::FUNCTION:TS
i2d_OCSP_CERTID 2870 3_0_0 EXIST::FUNCTION:OCSP
BN_CTX_start 2871 3_0_0 EXIST::FUNCTION:
BN_print 2872 3_0_0 EXIST::FUNCTION:
EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_flags 2873 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_PKEY_get0 2874 3_0_0 EXIST::FUNCTION:
ENGINE_set_default 2875 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
NCONF_get_number_e 2876 3_0_0 EXIST::FUNCTION:
@ -2827,7 +2827,7 @@ POLICY_CONSTRAINTS_it 2888 3_0_0 EXIST::FUNCTION:
NCONF_free_data 2889 3_0_0 EXIST::FUNCTION:
BIO_asn1_set_prefix 2890 3_0_0 EXIST::FUNCTION:
PEM_SignUpdate 2891 3_0_0 EXIST::FUNCTION:
PEM_write_bio_EC_PUBKEY 2892 3_0_0 EXIST::FUNCTION:EC
PEM_write_bio_EC_PUBKEY 2892 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CMS_add_simple_smimecap 2893 3_0_0 EXIST::FUNCTION:CMS
IPAddressChoice_free 2894 3_0_0 EXIST::FUNCTION:RFC3779
d2i_X509_AUX 2895 3_0_0 EXIST::FUNCTION:
@ -2901,7 +2901,7 @@ BN_CTX_new 2963 3_0_0 EXIST::FUNCTION:
EC_curve_nid2nist 2964 3_0_0 EXIST::FUNCTION:EC
ENGINE_get_finish_function 2965 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
EC_POINT_add 2966 3_0_0 EXIST::FUNCTION:EC
EC_KEY_oct2key 2967 3_0_0 EXIST::FUNCTION:EC
EC_KEY_oct2key 2967 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
SHA384_Init 2968 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ASN1_UNIVERSALSTRING_new 2969 3_0_0 EXIST::FUNCTION:
EVP_PKEY_print_private 2970 3_0_0 EXIST::FUNCTION:
@ -2952,7 +2952,7 @@ EVP_aes_128_gcm 3015 3_0_0 EXIST::FUNCTION:
BIO_dgram_non_fatal_error 3016 3_0_0 EXIST::FUNCTION:DGRAM
OCSP_request_is_signed 3017 3_0_0 EXIST::FUNCTION:OCSP
i2d_BASIC_CONSTRAINTS 3018 3_0_0 EXIST::FUNCTION:
EC_KEY_get_method 3019 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get_method 3019 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EC_POINT_bn2point 3021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PBE2PARAM_it 3022 3_0_0 EXIST::FUNCTION:
BN_rand 3023 3_0_0 EXIST::FUNCTION:
@ -3026,7 +3026,7 @@ TS_TST_INFO_set_version 3090 3_0_0 EXIST::FUNCTION:TS
PKCS12_get0_mac 3091 3_0_0 EXIST::FUNCTION:
EVP_EncodeInit 3092 3_0_0 EXIST::FUNCTION:
X509_get0_trust_objects 3093 3_0_0 EXIST::FUNCTION:
d2i_ECPrivateKey_bio 3094 3_0_0 EXIST::FUNCTION:EC
d2i_ECPrivateKey_bio 3094 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BIO_s_secmem 3095 3_0_0 EXIST::FUNCTION:
ENGINE_get_default_EC 3096 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
TS_RESP_create_response 3097 3_0_0 EXIST::FUNCTION:TS
@ -3110,7 +3110,7 @@ EVP_MD_CTX_update_fn 3174 3_0_0 EXIST::FUNCTION:
EVP_aes_128_ecb 3175 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_bio_stream 3176 3_0_0 EXIST::FUNCTION:
i2a_ACCESS_DESCRIPTION 3178 3_0_0 EXIST::FUNCTION:
EC_KEY_set_enc_flags 3179 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_enc_flags 3179 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
i2d_PUBKEY_fp 3180 3_0_0 EXIST::FUNCTION:STDIO
b2i_PrivateKey_bio 3181 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_add_ext 3182 3_0_0 EXIST::FUNCTION:OCSP
@ -3155,13 +3155,13 @@ OCSP_CERTID_free 3220 3_0_0 EXIST::FUNCTION:OCSP
BIO_hex_string 3221 3_0_0 EXIST::FUNCTION:
X509_REQ_sign_ctx 3222 3_0_0 EXIST::FUNCTION:
CRYPTO_ocb128_init 3223 3_0_0 EXIST::FUNCTION:OCB
EVP_PKEY_get1_EC_KEY 3224 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get1_EC_KEY 3224 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ASN1_PRINTABLESTRING_free 3225 3_0_0 EXIST::FUNCTION:
BIO_get_retry_reason 3226 3_0_0 EXIST::FUNCTION:
X509_NAME_print 3227 3_0_0 EXIST::FUNCTION:
ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION:
BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION:
i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO
i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
DH_bits 3232 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION:
@ -3193,7 +3193,7 @@ ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DE
PEM_read_bio_DHparams 3259 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
CMS_SharedInfo_encode 3260 3_0_0 EXIST::FUNCTION:CMS
ASN1_OBJECT_create 3261 3_0_0 EXIST::FUNCTION:
i2d_ECParameters 3262 3_0_0 EXIST::FUNCTION:EC
i2d_ECParameters 3262 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
BN_GF2m_mod_arr 3263 3_0_0 EXIST::FUNCTION:EC2M
ENGINE_set_finish_function 3264 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
d2i_ASN1_OCTET_STRING 3265 3_0_0 EXIST::FUNCTION:
@ -3226,7 +3226,7 @@ NETSCAPE_SPKI_set_pubkey 3292 3_0_0 EXIST::FUNCTION:
EVP_sha512 3293 3_0_0 EXIST::FUNCTION:
X509_CRL_match 3294 3_0_0 EXIST::FUNCTION:
i2s_ASN1_IA5STRING 3295 3_0_0 EXIST::FUNCTION:
EC_KEY_get_default_method 3296 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get_default_method 3296 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PKCS8_decrypt 3297 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get_data 3298 3_0_0 EXIST::FUNCTION:
POLICYQUALINFO_it 3299 3_0_0 EXIST::FUNCTION:
@ -3248,7 +3248,7 @@ ASN1_STRING_dup 3314 3_0_0 EXIST::FUNCTION:
X509_LOOKUP_free 3315 3_0_0 EXIST::FUNCTION:
EC_GROUP_cmp 3316 3_0_0 EXIST::FUNCTION:EC
TS_TST_INFO_get_ext_by_critical 3317 3_0_0 EXIST::FUNCTION:TS
ECParameters_print_fp 3318 3_0_0 EXIST::FUNCTION:EC,STDIO
ECParameters_print_fp 3318 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509_REQ_sign 3319 3_0_0 EXIST::FUNCTION:
CRYPTO_xts128_encrypt 3320 3_0_0 EXIST::FUNCTION:
PEM_def_callback 3321 3_0_0 EXIST::FUNCTION:
@ -3306,7 +3306,7 @@ RSA_padding_check_SSLv23 3373 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
CRYPTO_gcm128_finish 3374 3_0_0 EXIST::FUNCTION:
PKCS12_SAFEBAGS_it 3375 3_0_0 EXIST::FUNCTION:
PKCS12_PBE_add 3376 3_0_0 EXIST::FUNCTION:
EC_KEY_set_public_key_affine_coordinates 3377 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_public_key_affine_coordinates 3377 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_EncryptInit_ex 3378 3_0_0 EXIST::FUNCTION:
ENGINE_add 3379 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
OPENSSL_LH_error 3380 3_0_0 EXIST::FUNCTION:
@ -3377,7 +3377,7 @@ BN_get_rfc3526_prime_2048 3448 3_0_0 EXIST::FUNCTION:
BIO_new_bio_pair 3449 3_0_0 EXIST::FUNCTION:
EC_GFp_nistp256_method 3450 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128
BIO_method_type 3451 3_0_0 EXIST::FUNCTION:
ECPKParameters_print 3452 3_0_0 EXIST::FUNCTION:EC
ECPKParameters_print 3452 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_rc4 3453 3_0_0 EXIST::FUNCTION:RC4
CMS_data_create 3454 3_0_0 EXIST::FUNCTION:CMS
EC_POINT_point2bn 3455 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
@ -3385,7 +3385,7 @@ CMS_unsigned_get0_data_by_OBJ 3456 3_0_0 EXIST::FUNCTION:CMS
ASN1_OCTET_STRING_cmp 3457 3_0_0 EXIST::FUNCTION:
X509_NAME_print_ex 3458 3_0_0 EXIST::FUNCTION:
ASN1_parse 3459 3_0_0 EXIST::FUNCTION:
EC_KEY_priv2oct 3460 3_0_0 EXIST::FUNCTION:EC
EC_KEY_priv2oct 3460 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PKCS7_simple_smimecap 3461 3_0_0 EXIST::FUNCTION:
ASN1_TYPE_set_int_octetstring 3462 3_0_0 EXIST::FUNCTION:
BIO_number_written 3463 3_0_0 EXIST::FUNCTION:
@ -3432,7 +3432,7 @@ BIO_ADDR_rawport 3503 3_0_0 EXIST::FUNCTION:SOCK
BUF_MEM_grow_clean 3504 3_0_0 EXIST::FUNCTION:
X509_NAME_print_ex_fp 3505 3_0_0 EXIST::FUNCTION:STDIO
X509_check_host 3506 3_0_0 EXIST::FUNCTION:
PEM_read_ECPKParameters 3507 3_0_0 EXIST::FUNCTION:EC,STDIO
PEM_read_ECPKParameters 3507 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509_ATTRIBUTE_get0_data 3508 3_0_0 EXIST::FUNCTION:
CMS_add1_signer 3509 3_0_0 EXIST::FUNCTION:CMS
BN_pseudo_rand 3510 3_0_0 EXIST::FUNCTION:
@ -3525,7 +3525,7 @@ CMS_get0_signers 3602 3_0_0 EXIST::FUNCTION:CMS
i2d_PrivateKey_fp 3603 3_0_0 EXIST::FUNCTION:STDIO
OTHERNAME_cmp 3604 3_0_0 EXIST::FUNCTION:
SMIME_write_PKCS7 3605 3_0_0 EXIST::FUNCTION:
EC_KEY_set_public_key 3606 3_0_0 EXIST::FUNCTION:EC
EC_KEY_set_public_key 3606 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
d2i_X509_EXTENSION 3607 3_0_0 EXIST::FUNCTION:
CMS_add1_recipient_cert 3608 3_0_0 EXIST::FUNCTION:CMS
CMS_RecipientInfo_kekri_get0_id 3609 3_0_0 EXIST::FUNCTION:CMS
@ -3535,7 +3535,7 @@ BN_is_prime_ex 3612 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
PKCS5_v2_PBE_keyivgen 3613 3_0_0 EXIST::FUNCTION:
CRYPTO_ctr128_encrypt 3614 3_0_0 EXIST::FUNCTION:
CMS_unsigned_add1_attr_by_OBJ 3615 3_0_0 EXIST::FUNCTION:CMS
PEM_write_EC_PUBKEY 3616 3_0_0 EXIST::FUNCTION:EC,STDIO
PEM_write_EC_PUBKEY 3616 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
X509v3_asid_add_inherit 3617 3_0_0 EXIST::FUNCTION:RFC3779
ERR_get_error 3618 3_0_0 EXIST::FUNCTION:
TS_CONF_set_signer_digest 3619 3_0_0 EXIST::FUNCTION:TS
@ -3611,7 +3611,7 @@ X509_VERIFY_PARAM_set1_ip 3691 3_0_0 EXIST::FUNCTION:
OTHERNAME_free 3692 3_0_0 EXIST::FUNCTION:
OCSP_REVOKEDINFO_free 3693 3_0_0 EXIST::FUNCTION:OCSP
EVP_CIPHER_CTX_encrypting 3694 3_0_0 EXIST::FUNCTION:
EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:EC
EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION:
OCSP_sendreq_nbio 3698 3_0_0 EXIST::FUNCTION:OCSP
@ -3647,7 +3647,7 @@ DES_set_key_checked 3727 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
EVP_PKEY_meth_free 3728 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_sha224 3729 3_0_0 EXIST::FUNCTION:
ENGINE_set_id 3730 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
d2i_ECPrivateKey 3731 3_0_0 EXIST::FUNCTION:EC
d2i_ECPrivateKey 3731 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CMS_signed_add1_attr_by_NID 3732 3_0_0 EXIST::FUNCTION:CMS
i2d_DSAPrivateKey_fp 3733 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
EVP_CIPHER_meth_get_set_asn1_params 3734 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@ -3701,7 +3701,7 @@ EC_GROUP_new_curve_GFp 3782 3_0_0 EXIST::FUNCTION:EC
UI_new_method 3783 3_0_0 EXIST::FUNCTION:
Camellia_ofb128_encrypt 3784 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
X509_new 3785 3_0_0 EXIST::FUNCTION:
EC_KEY_get_conv_form 3786 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get_conv_form 3786 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
CTLOG_STORE_get0_log_by_id 3787 3_0_0 EXIST::FUNCTION:CT
CMS_signed_add1_attr 3788 3_0_0 EXIST::FUNCTION:CMS
EVP_CIPHER_meth_set_iv_length 3789 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@ -3746,14 +3746,14 @@ d2i_AUTHORITY_KEYID 3828 3_0_0 EXIST::FUNCTION:
RIPEMD160_Transform 3829 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160
DES_random_key 3830 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
i2d_PKCS12_MAC_DATA 3831 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_EC_KEY 3832 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_get0_EC_KEY 3832 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
ASN1_SCTX_get_item 3833 3_0_0 EXIST::FUNCTION:
NOTICEREF_new 3834 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_inv 3835 3_0_0 EXIST::FUNCTION:EC2M
X509_CERT_AUX_free 3836 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_inv_arr 3837 3_0_0 EXIST::FUNCTION:EC2M
X509_REQ_get1_email 3838 3_0_0 EXIST::FUNCTION:
EC_KEY_print 3839 3_0_0 EXIST::FUNCTION:EC
EC_KEY_print 3839 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
i2d_ASN1_INTEGER 3840 3_0_0 EXIST::FUNCTION:
OCSP_SINGLERESP_add1_ext_i2d 3841 3_0_0 EXIST::FUNCTION:OCSP
PKCS7_add_signed_attribute 3842 3_0_0 EXIST::FUNCTION:
@ -3772,7 +3772,7 @@ d2i_OCSP_ONEREQ 3854 3_0_0 EXIST::FUNCTION:OCSP
EVP_PKEY_asn1_set_security_bits 3855 3_0_0 EXIST::FUNCTION:
i2d_CERTIFICATEPOLICIES 3856 3_0_0 EXIST::FUNCTION:
i2d_X509_CERT_AUX 3857 3_0_0 EXIST::FUNCTION:
i2o_ECPublicKey 3858 3_0_0 EXIST::FUNCTION:EC
i2o_ECPublicKey 3858 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
PKCS12_SAFEBAG_create0_pkcs8 3859 3_0_0 EXIST::FUNCTION:
OBJ_get0_data 3860 3_0_0 EXIST::FUNCTION:
EC_GROUP_get0_seed 3861 3_0_0 EXIST::FUNCTION:EC
@ -4114,7 +4114,7 @@ EVP_aria_256_ctr 4203 3_0_0 EXIST::FUNCTION:ARIA
EVP_aria_128_ctr 4204 3_0_0 EXIST::FUNCTION:ARIA
EVP_aria_192_ctr 4205 3_0_0 EXIST::FUNCTION:ARIA
UI_null 4206 3_0_0 EXIST::FUNCTION:
EC_KEY_get0_engine 4207 3_0_0 EXIST::FUNCTION:EC
EC_KEY_get0_engine 4207 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
INT32_it 4208 3_0_0 EXIST::FUNCTION:
UINT64_it 4209 3_0_0 EXIST::FUNCTION:
ZINT32_it 4210 3_0_0 EXIST::FUNCTION:
@ -5084,8 +5084,8 @@ OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_get_capabilities ? 3_0_0 EXIST::FUNCTION:
EC_GROUP_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC
EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:EC
EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC
EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
OSSL_LIB_CTX_set0_default ? 3_0_0 EXIST::FUNCTION:
PEM_X509_INFO_read_bio_ex ? 3_0_0 EXIST::FUNCTION:
PEM_X509_INFO_read_ex ? 3_0_0 EXIST::FUNCTION:STDIO
@ -5232,7 +5232,7 @@ CMS_AuthEnvelopedData_create_ex ? 3_0_0 EXIST::FUNCTION:CMS
EVP_PKEY_CTX_set_ec_param_enc ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_first_alg_name ? 3_0_0 EXIST::FUNCTION:
EVP_KEYMGMT_get0_first_name ? 3_0_0 EXIST::FUNCTION:
EC_KEY_decoded_from_explicit_params ? 3_0_0 EXIST::FUNCTION:EC
EC_KEY_decoded_from_explicit_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
EVP_KEM_free ? 3_0_0 EXIST::FUNCTION:
EVP_KEM_up_ref ? 3_0_0 EXIST::FUNCTION:
EVP_KEM_provider ? 3_0_0 EXIST::FUNCTION: