Deprecate the low level Diffie-Hellman functions.

Use of the low level DH functions has been informally discouraged for a
long time.  We now formally deprecate them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
master
Pauli 3 years ago
parent 0ad05b190e
commit ada66e78ef
  1. 15
      apps/lib/s_cb.c
  2. 1
      apps/progs.pl
  3. 6
      crypto/dh/dh_ameth.c
  4. 6
      crypto/dh/dh_asn1.c
  5. 6
      crypto/dh/dh_check.c
  6. 6
      crypto/dh/dh_depr.c
  7. 6
      crypto/dh/dh_gen.c
  8. 6
      crypto/dh/dh_group_params.c
  9. 6
      crypto/dh/dh_kdf.c
  10. 6
      crypto/dh/dh_key.c
  11. 6
      crypto/dh/dh_lib.c
  12. 6
      crypto/dh/dh_meth.c
  13. 2
      crypto/dh/dh_pmeth.c
  14. 6
      crypto/dh/dh_prn.c
  15. 6
      crypto/dh/dh_rfc5114.c
  16. 6
      crypto/evp/pmeth_lib.c
  17. 13
      doc/man3/DH_generate_key.pod
  18. 11
      doc/man3/DH_generate_parameters.pod
  19. 13
      doc/man3/DH_get0_pqg.pod
  20. 9
      doc/man3/DH_meth_new.pod
  21. 12
      doc/man3/DH_new_by_nid.pod
  22. 11
      doc/man3/DH_set_method.pod
  23. 11
      doc/man3/DH_size.pod
  24. 12
      doc/man3/DSA_dup_DH.pod
  25. 4
      fuzz/asn1.c
  26. 244
      include/openssl/dh.h
  27. 4
      include/openssl/dsa.h
  28. 6
      providers/implementations/exchange/dh_exch.c
  29. 6
      providers/implementations/keymgmt/dh_kmgmt.c
  30. 6
      providers/implementations/serializers/serializer_dh.c
  31. 6
      providers/implementations/serializers/serializer_dh_param.c
  32. 6
      providers/implementations/serializers/serializer_dh_priv.c
  33. 6
      providers/implementations/serializers/serializer_dh_pub.c
  34. 6
      ssl/s3_lib.c
  35. 2
      ssl/ssl_local.h
  36. 2
      ssl/statem/extensions_srvr.c
  37. 15
      ssl/statem/statem_clnt.c
  38. 22
      test/build.info
  39. 6
      test/dhtest.c
  40. 6
      test/ssltest_old.c
  41. 96
      util/libcrypto.num

@ -1434,7 +1434,20 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
case SSL_SECOP_OTHER_DH:
{
DH *dh = other;
BIO_printf(sdb->out, "%d", DH_bits(dh));
EVP_PKEY *pkey = EVP_PKEY_new();
int fail = 1;
if (pkey != NULL) {
if (EVP_PKEY_set1_DH(pkey, dh)) {
BIO_printf(sdb->out, "%d", EVP_PKEY_bits(pkey));
fail = 0;
}
EVP_PKEY_free(pkey);
}
if (fail)
BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x",
op);
break;
}
#endif

@ -92,7 +92,6 @@ EOF
my %cmd_disabler = (
ciphers => "sock",
gendh => "dh",
pkcs12 => "des",
);
my %cmd_deprecated = (

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/x509.h>

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>

@ -9,6 +9,12 @@
/* This file contains deprecated functions as wrappers to the new ones */
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DEPRECATED_0_9_8
NON_EMPTY_TRANSLATION_UNIT

@ -12,6 +12,12 @@
* dh_depr.c as wrappers to these ones. - Geoff
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>

@ -9,6 +9,12 @@
/* DH parameters from RFC7919 and RFC3526 */
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "e_os.h"
#ifndef OPENSSL_NO_CMS

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <openssl/bn.h>
#include <openssl/engine.h>

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "dh_local.h"
#include <string.h>
#include <openssl/err.h>

@ -8,7 +8,7 @@
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* DH & DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_local.h"

@ -8,6 +8,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <stdlib.h>
#include <openssl/engine.h>

@ -8,12 +8,20 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
Both of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_derive_init(3)>
and L<EVP_PKEY_derive(3)>.
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
DH_compute_key(), these are combined with the other party's public
@ -40,8 +48,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
=head1 SEE ALSO
L<EVP_PKEY_derive(3)>,
L<DH_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<DH_size(3)>
=head1 HISTORY
Both of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

@ -12,6 +12,10 @@ parameters
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
int DH_check(DH *dh, int *codes);
@ -30,6 +34,11 @@ L<openssl_user_macros(7)>:
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_check(3)>,
L<EVP_PKEY_public_check(3)>, L<EVP_PKEY_private_check(3)> and
L<EVP_PKEY_param_check(3)>.
DH_generate_parameters_ex() generates Diffie-Hellman parameters that can
be shared among a group of users, and stores them in the provided B<DH>
structure. The pseudo-random number generator must be
@ -144,6 +153,8 @@ L<DH_free(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
DH_generate_parameters() was deprecated in OpenSSL 0.9.8; use
DH_generate_parameters_ex() instead.

@ -26,6 +26,11 @@ DH_get_length, DH_set_length - Routines for getting and setting data in a DH obj
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
void DH_set_flags(DH *dh, int flags);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
ENGINE *DH_get0_engine(DH *d);
long DH_get_length(const DH *dh);
int DH_set_length(DH *dh, long length);
@ -78,12 +83,13 @@ zero if none of the flags are set. DH_clear_flags() clears the specified flags
within the DH object.
DH_get0_engine() returns a handle to the ENGINE that has been set for this DH
object, or NULL if no such ENGINE has been set.
object, or NULL if no such ENGINE has been set. This function is deprecated.
The DH_get_length() and DH_set_length() functions get and set the optional
length parameter associated with this DH object. If the length is nonzero then
it is used, otherwise it is ignored. The B<length> parameter indicates the
length of the secret exponent (private key) in bits.
length of the secret exponent (private key) in bits. These functions are
deprecated.
=head1 NOTES
@ -114,6 +120,9 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_meth_new(3)>
=head1 HISTORY
The DH_get0_engine(), DH_get_length() and DH_set_length() functions were
deprecated in OpenSSL 3.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

@ -14,6 +14,10 @@ DH_meth_set_generate_params - Routines to build up DH methods
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
DH_METHOD *DH_meth_new(const char *name, int flags);
void DH_meth_free(DH_METHOD *dhm);
@ -58,6 +62,9 @@ DH_meth_set_generate_params - Routines to build up DH methods
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use the provider APIs.
The B<DH_METHOD> type is a structure used for the provision of custom DH
implementations. It provides a set of functions used by OpenSSL for the
implementation of the various DH capabilities.
@ -153,6 +160,8 @@ L<DH_set_method(3)>, L<DH_size(3)>, L<DH_get0_pqg(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

@ -8,6 +8,11 @@ DH_new_by_nid, DH_get_nid - get or find DH named parameters
#include <openssl/dh.h>
DH *DH_new_by_nid(int nid);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int *DH_get_nid(DH *dh);
=head1 DESCRIPTION
@ -18,10 +23,9 @@ B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>,
B<NID_modp_1536>, B<NID_modp_2048>, B<NID_modp_3072>,
B<NID_modp_4096>, B<NID_modp_6144> or B<NID_modp_8192>.
DH_get_nid() determines if the parameters contained in B<dh> match
any named set. It returns the NID corresponding to the matching parameters or
B<NID_undef> if there is no match.
B<NID_undef> if there is no match. This function is deprecated.
=head1 RETURN VALUES
@ -30,6 +34,10 @@ DH_new_by_nid() returns a set of DH parameters or B<NULL> if an error occurred.
DH_get_nid() returns the NID of the matching set of parameters or
B<NID_undef> if there is no match.
=head1 HISTORY
The DH_get_nid() function was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

@ -9,6 +9,10 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
@ -21,6 +25,9 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use the provider APIs.
A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
@ -76,6 +83,10 @@ returns a pointer to the newly allocated structure.
L<DH_new(3)>, L<DH_new(3)>, L<DH_meth_new(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

@ -9,6 +9,10 @@ security bits
#include <openssl/dh.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DH_size(const DH *dh);
int DH_bits(const DH *dh);
@ -17,6 +21,10 @@ security bits
=head1 DESCRIPTION
All of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_bits(3)>,
L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
DH_size() returns the Diffie-Hellman prime size in bytes. It can be used
to determine how much memory must be allocated for the shared secret
computed by L<DH_compute_key(3)>.
@ -38,11 +46,14 @@ DH_security_bits() returns the number of security bits.
=head1 SEE ALSO
L<EVP_PKEY_bits(3)>,
L<DH_new(3)>, L<DH_generate_key(3)>,
L<BN_num_bits(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
The DH_bits() function was added in OpenSSL 1.1.0.
=head1 COPYRIGHT

@ -8,10 +8,18 @@ DSA_dup_DH - create a DH structure out of DSA structure
#include <openssl/dsa.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
DH *DSA_dup_DH(const DSA *r);
=head1 DESCRIPTION
The function described on this page is deprecated. There is no direct
replacement, applications should use the EVP_PKEY APIs for Diffie-Hellman
operations.
DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
is lost during that conversion, but the resulting DH parameters
contain its length.
@ -29,6 +37,10 @@ Be careful to avoid small subgroup attacks when using this.
L<DH_new(3)>, L<DSA_new(3)>, L<ERR_get_error(3)>
=head1 HISTORY
This function was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

@ -329,8 +329,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(ESS_CERT_ID_V2, d2i_ESS_CERT_ID_V2, i2d_ESS_CERT_ID_V2);
DO_TEST_NO_PRINT(ESS_SIGNING_CERT_V2, d2i_ESS_SIGNING_CERT_V2, i2d_ESS_SIGNING_CERT_V2);
#ifndef OPENSSL_NO_DH
DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print);
DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print);
DO_TEST_NO_PRINT(DH, d2i_DHparams, i2d_DHparams);
DO_TEST_NO_PRINT(DH, d2i_DHxparams, i2d_DHxparams);
#endif
#ifndef OPENSSL_NO_DSA
DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);

@ -47,6 +47,7 @@ extern "C" {
# define DH_FLAG_NO_EXP_CONSTTIME 0x00
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* If this flag is set the DH method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
@ -54,7 +55,7 @@ extern "C" {
* result is compliant.
*/
# define DH_FLAG_FIPS_METHOD 0x0400
# define DH_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
@ -62,7 +63,8 @@ extern "C" {
* usage is compliant.
*/
# define DH_FLAG_NON_FIPS_ALLOW 0x0400
# define DH_FLAG_NON_FIPS_ALLOW 0x0400
# endif
/* Already defined in ossl_typ.h */
/* typedef struct dh_st DH; */
@ -70,29 +72,30 @@ extern "C" {
DECLARE_ASN1_ITEM(DHparams)
# define DH_GENERATOR_2 2
# define DH_GENERATOR_3 3
# define DH_GENERATOR_5 5
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DH_GENERATOR_2 2
# define DH_GENERATOR_3 3
# define DH_GENERATOR_5 5
/* DH_check error codes */
/*
* NB: These values must align with the equivalently named macros in
* internal/ffc.h.
*/
# define DH_CHECK_P_NOT_PRIME 0x01
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
# define DH_NOT_SUITABLE_GENERATOR 0x08
# define DH_CHECK_Q_NOT_PRIME 0x10
# define DH_CHECK_INVALID_Q_VALUE 0x20
# define DH_CHECK_INVALID_J_VALUE 0x40
# define DH_MODULUS_TOO_SMALL 0x80
# define DH_MODULUS_TOO_LARGE 0x100
# define DH_CHECK_P_NOT_PRIME 0x01
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
# define DH_NOT_SUITABLE_GENERATOR 0x08
# define DH_CHECK_Q_NOT_PRIME 0x10
# define DH_CHECK_INVALID_Q_VALUE 0x20
# define DH_CHECK_INVALID_J_VALUE 0x40
# define DH_MODULUS_TOO_SMALL 0x80
# define DH_MODULUS_TOO_LARGE 0x100
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
# define DH_CHECK_PUBKEY_INVALID 0x04
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
# define DH_CHECK_PUBKEY_INVALID 0x04
/*
* primes p where (p-1)/2 is prime too are called "safe"; we define this for
@ -101,53 +104,58 @@ DECLARE_ASN1_ITEM(DHparams)
# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */
# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
# define d2i_DHparams_fp(fp,x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams, \
(fp), \
(unsigned char **)(x))
# define i2d_DHparams_fp(fp,x) \
ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
# define d2i_DHparams_bio(bp,x) \
ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
# define i2d_DHparams_bio(bp,x) \
ASN1_i2d_bio_of(DH,i2d_DHparams,bp,x)
# define d2i_DHxparams_fp(fp,x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHxparams, \
(fp), \
(unsigned char **)(x))
# define i2d_DHxparams_fp(fp,x) \
ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
# define d2i_DHxparams_bio(bp,x) \
ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
# define i2d_DHxparams_bio(bp,x) \
ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */
# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
# define d2i_DHparams_fp(fp, x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams, \
(fp), \
(unsigned char **)(x))
# define i2d_DHparams_fp(fp, x) \
ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
# define d2i_DHparams_bio(bp, x) \
ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
# define i2d_DHparams_bio(bp, x) \
ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x)
# define d2i_DHxparams_fp(fp,x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHxparams, \
(fp), \
(unsigned char **)(x))
# define i2d_DHxparams_fp(fp, x) \
ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
# define d2i_DHxparams_bio(bp, x) \
ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
# define i2d_DHxparams_bio(bp, x) \
ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x)
# endif
DECLARE_ASN1_DUP_FUNCTION_name(DH, DHparams)
const DH_METHOD *DH_OpenSSL(void);
DEPRECATEDIN_3_0(const DH_METHOD *DH_OpenSSL(void))
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
int DH_set_method(DH *dh, const DH_METHOD *meth);
DH *DH_new_method(ENGINE *engine);
DEPRECATEDIN_3_0(void DH_set_default_method(const DH_METHOD *meth))
DEPRECATEDIN_3_0(const DH_METHOD *DH_get_default_method(void))
DEPRECATEDIN_3_0(int DH_set_method(DH *dh, const DH_METHOD *meth))
DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine))
DH *DH_new(void);
void DH_free(DH *dh);
int DH_up_ref(DH *dh);
int DH_bits(const DH *dh);
int DH_size(const DH *dh);
int DH_security_bits(const DH *dh);
# define DH_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
int DH_set_ex_data(DH *d, int idx, void *arg);
void *DH_get_ex_data(DH *d, int idx);
DEPRECATEDIN_3_0(int DH_bits(const DH *dh))
DEPRECATEDIN_3_0(int DH_size(const DH *dh))
DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh))
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DH_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
# endif
DEPRECATEDIN_3_0(int DH_set_ex_data(DH *d, int idx, void *arg))
DEPRECATEDIN_3_0(void *DH_get_ex_data(DH *d, int idx))
/* Deprecated version */
DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
@ -156,24 +164,30 @@ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
void *cb_arg))
/* New version */
int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
BN_GENCB *cb);
DEPRECATEDIN_3_0(int DH_generate_parameters_ex(DH *dh, int prime_len,
int generator, BN_GENCB *cb))
int DH_check_params_ex(const DH *dh);
int DH_check_ex(const DH *dh);
int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
DEPRECATEDIN_3_0(int DH_check_params_ex(const DH *dh))
DEPRECATEDIN_3_0(int DH_check_ex(const DH *dh))
DEPRECATEDIN_3_0(int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key))
/*
* TODO(3.0): deprecate DH_check_params once ssl/statem/statem_clnt.c is fixed.
*/
int DH_check_params(const DH *dh, int *ret);
int DH_check(const DH *dh, int *codes);
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
DEPRECATEDIN_3_0(int DH_check(const DH *dh, int *codes))
DEPRECATEDIN_3_0(int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
int *codes))
DEPRECATEDIN_3_0(int DH_generate_key(DH *dh))
DEPRECATEDIN_3_0(int DH_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh))
DEPRECATEDIN_3_0(int DH_compute_key_padded(unsigned char *key,
const BIGNUM *pub_key, DH *dh))
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHparams)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHxparams)
# ifndef OPENSSL_NO_STDIO
int DHparams_print_fp(FILE *fp, const DH *x);
DEPRECATEDIN_3_0(int DHparams_print_fp(FILE *fp, const DH *x))
# endif
int DHparams_print(BIO *bp, const DH *x);
DEPRECATEDIN_3_0(int DHparams_print(BIO *bp, const DH *x))
/* RFC 5114 parameters */
DH *DH_get_1024_160(void);
@ -181,15 +195,17 @@ DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void);
/* Named parameters, currently RFC7919 and RFC3526 */
/* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */
DH *DH_new_by_nid(int nid);
int DH_get_nid(DH *dh);
DEPRECATEDIN_3_0(int DH_get_nid(DH *dh))
# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
DEPRECATEDIN_3_0(int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm,
size_t ukmlen, const EVP_MD *md))
# endif
void DH_get0_pqg(const DH *dh,
@ -206,40 +222,53 @@ const BIGNUM *DH_get0_pub_key(const DH *dh);
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
void DH_set_flags(DH *dh, int flags);
ENGINE *DH_get0_engine(DH *d);
long DH_get_length(const DH *dh);
int DH_set_length(DH *dh, long length);
DH_METHOD *DH_meth_new(const char *name, int flags);
void DH_meth_free(DH_METHOD *dhm);
DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
const char *DH_meth_get0_name(const DH_METHOD *dhm);
int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
int DH_meth_get_flags(const DH_METHOD *dhm);
int DH_meth_set_flags(DH_METHOD *dhm, int flags);
void *DH_meth_get0_app_data(const DH_METHOD *dhm);
int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
(unsigned char *key, const BIGNUM *pub_key, DH *dh);
int DH_meth_set_compute_key(DH_METHOD *dhm,
int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
(const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
BN_CTX *, BN_MONT_CTX *);
int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
(DH *, int, int, BN_GENCB *);
int DH_meth_set_generate_params(DH_METHOD *dhm,
int (*generate_params) (DH *, int, int, BN_GENCB *));
DEPRECATEDIN_3_0(ENGINE *DH_get0_engine(DH *d))
DEPRECATEDIN_3_0(long DH_get_length(const DH *dh))
DEPRECATEDIN_3_0(int DH_set_length(DH *dh, long length))
DEPRECATEDIN_3_0(DH_METHOD *DH_meth_new(const char *name, int flags))
DEPRECATEDIN_3_0(void DH_meth_free(DH_METHOD *dhm))
DEPRECATEDIN_3_0(DH_METHOD *DH_meth_dup(const DH_METHOD *dhm))
DEPRECATEDIN_3_0(const char *DH_meth_get0_name(const DH_METHOD *dhm))
DEPRECATEDIN_3_0(int DH_meth_set1_name(DH_METHOD *dhm, const char *name))
DEPRECATEDIN_3_0(int DH_meth_get_flags(const DH_METHOD *dhm))
DEPRECATEDIN_3_0(int DH_meth_set_flags(DH_METHOD *dhm, int flags))
DEPRECATEDIN_3_0(void *DH_meth_get0_app_data(const DH_METHOD *dhm))
DEPRECATEDIN_3_0(int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data))
DEPRECATEDIN_3_0(int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *))
DEPRECATEDIN_3_0(int DH_meth_set_generate_key(DH_METHOD *dhm,
int (*generate_key) (DH *)))
DEPRECATEDIN_3_0(int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
(unsigned char *key,
const BIGNUM *pub_key, DH *dh))
DEPRECATEDIN_3_0(int DH_meth_set_compute_key(DH_METHOD *dhm,
int (*compute_key)
(unsigned char *key,
const BIGNUM *pub_key,
DH *dh)))
DEPRECATEDIN_3_0(int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
(const DH *, BIGNUM *,
const BIGNUM *,
const BIGNUM *,
const BIGNUM *, BN_CTX *,
BN_MONT_CTX *))
DEPRECATEDIN_3_0(int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
int (*bn_mod_exp)
(const DH *, BIGNUM *,
const BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *,
BN_MONT_CTX *)))
DEPRECATEDIN_3_0(int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *))
DEPRECATEDIN_3_0(int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)))
DEPRECATEDIN_3_0(int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *))
DEPRECATEDIN_3_0(int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)))
DEPRECATEDIN_3_0(int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
(DH *, int, int,
BN_GENCB *))
DEPRECATEDIN_3_0(int DH_meth_set_generate_params(DH_METHOD *dhm,
int (*generate_params)
(DH *, int, int,
BN_GENCB *)))
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
@ -335,7 +364,6 @@ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
# define EVP_PKEY_DH_KDF_X9_42 2
# endif
# ifdef __cplusplus
}
# endif

@ -178,10 +178,8 @@ DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off))
/*
* Convert DSA structure (key or just parameters) into DH structure (be
* careful to avoid small subgroup attacks when using this!)
*
* TODO(3.0): figure out how to remove this monstrosity
*/
DH *DSA_dup_DH(const DSA *r);
DEPRECATEDIN_3_0(DH *DSA_dup_DH(const DSA *r))
# endif
# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/crypto.h>
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/bn.h>

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/dh.h>
#include <openssl/err.h>
#include "prov/bio.h" /* ossl_prov_bio_printf() */

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/pem.h>
#include <openssl/dh.h>

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/err.h>

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/err.h>
#include <openssl/pem.h>

@ -4752,7 +4752,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
|| (dh = DH_new_by_nid(ginf->nid)) == NULL
|| !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
ERR_R_EVP_LIB);
DH_free(dh);
EVP_PKEY_free(pkey);
pkey = NULL;
@ -4760,7 +4760,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
}
if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
ERR_R_EVP_LIB);
EVP_PKEY_free(pkey);
pkey = NULL;
goto err;
@ -4796,7 +4796,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
/*
* Generate parameters from a group ID
*/
EVP_PKEY *ssl_generate_param_group(uint16_t id)
EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;

@ -2605,7 +2605,7 @@ __owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
const char *str);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int version);
__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
__owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id);
# ifndef OPENSSL_NO_EC
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
size_t *num_formats);

@ -705,7 +705,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
continue;
}
if ((s->s3.peer_tmp = ssl_generate_param_group(group_id)) == NULL) {
if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;

@ -2147,18 +2147,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
}
bnpub_key = NULL;
if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
SSL_R_DH_KEY_TOO_SMALL);
goto err;
}
if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
ERR_R_EVP_LIB);
goto err;
}
if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
0, dh)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
SSL_R_DH_KEY_TOO_SMALL);
goto err;
}
s->s3.peer_tmp = peer_tmp;
/*
@ -2213,7 +2214,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
return 0;
}
if ((s->s3.peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;

@ -34,8 +34,7 @@ IF[{- !$disabled{tests} -}]
sanitytest rsa_complex exdatatest bntest \
ectest ecstresstest gmdifftest pbelutest \
destest mdc2test \
dhtest enginetest \
ssltest_old exptest \
enginetest exptest \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@ -109,18 +108,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[mdc2test]=../include ../apps/include
DEPEND[mdc2test]=../libcrypto libtestutil.a
SOURCE[dhtest]=dhtest.c
INCLUDE[dhtest]=../include ../apps/include
DEPEND[dhtest]=../libcrypto libtestutil.a
SOURCE[enginetest]=enginetest.c
INCLUDE[enginetest]=../include ../apps/include
DEPEND[enginetest]=../libcrypto libtestutil.a
SOURCE[ssltest_old]=ssltest_old.c
INCLUDE[ssltest_old]=.. ../include ../apps/include
DEPEND[ssltest_old]=../libcrypto ../libssl
SOURCE[exptest]=exptest.c
INCLUDE[exptest]=../include ../apps/include
DEPEND[exptest]=../libcrypto libtestutil.a
@ -490,7 +481,8 @@ IF[{- !$disabled{tests} -}]
rdrand_sanitytest property_test ideatest rsa_mp_test \
rsa_sp800_56b_test bn_internal_test ecdsatest rsa_test \
rc2test rc4test rc5test hmactest ffc_internal_test \
asn1_dsa_internal_test dsatest dsa_no_digest_size_test
asn1_dsa_internal_test dsatest dsa_no_digest_size_test \
dhtest ssltest_old
IF[{- !$disabled{poly1305} -}]
PROGRAMS{noinst}=poly1305_internal_test
@ -575,6 +567,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[sparse_array_test]=../crypto/include ../include ../apps/include
DEPEND[sparse_array_test]=../libcrypto.a libtestutil.a
SOURCE[dhtest]=dhtest.c
INCLUDE[dhtest]=../include ../apps/include
DEPEND[dhtest]=../libcrypto.a libtestutil.a
SOURCE[hmactest]=hmactest.c
INCLUDE[hmactest]=../include ../apps/include
DEPEND[hmactest]=../libcrypto.a libtestutil.a
@ -650,6 +646,10 @@ IF[{- !$disabled{tests} -}]
SOURCE[mdc2_internal_test]=mdc2_internal_test.c
INCLUDE[mdc2_internal_test]=.. ../include ../apps/include
DEPEND[mdc2_internal_test]=../libcrypto.a libtestutil.a
SOURCE[ssltest_old]=ssltest_old.c
INCLUDE[ssltest_old]=.. ../include ../apps/include
DEPEND[ssltest_old]=../libcrypto.a ../libssl.a
ENDIF
PROGRAMS{noinst}=asn1_time_test

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

@ -9,6 +9,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* DH low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "e_os.h"
/* Or gethostname won't be declared properly on Linux and GNU platforms. */

@ -100,7 +100,7 @@ DSAparams_print 101 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
BF_set_key 102 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
d2i_DHparams 103 3_0_0 EXIST::FUNCTION:DH
i2d_PKCS7_ENC_CONTENT 104 3_0_0 EXIST::FUNCTION:
DH_generate_key 105 3_0_0 EXIST::FUNCTION:DH
DH_generate_key 105 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ENGINE_add_conf_module 106 3_0_0 EXIST::FUNCTION:ENGINE
BIO_new_socket 107 3_0_0 EXIST::FUNCTION:SOCK
ASN1_OBJECT_free 108 3_0_0 EXIST::FUNCTION:
@ -445,7 +445,7 @@ X509_get_serialNumber 453 3_0_0 EXIST::FUNCTION:
BIO_sock_should_retry 454 3_0_0 EXIST::FUNCTION:SOCK
ENGINE_get_digests 455 3_0_0 EXIST::FUNCTION:ENGINE
TS_MSG_IMPRINT_get_algo 456 3_0_0 EXIST::FUNCTION:TS
DH_new_method 457 3_0_0 EXIST::FUNCTION:DH
DH_new_method 457 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BF_ecb_encrypt 458 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
PEM_write_bio_DHparams 459 3_0_0 EXIST::FUNCTION:DH
EVP_DigestFinal 460 3_0_0 EXIST::FUNCTION:
@ -563,7 +563,7 @@ a2i_ASN1_STRING 575 3_0_0 EXIST::FUNCTION:
EC_GROUP_get_mont_data 576 3_0_0 EXIST::FUNCTION:EC
CMAC_CTX_copy 577 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
EVP_camellia_128_cfb128 579 3_0_0 EXIST::FUNCTION:CAMELLIA
DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DH
DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:
ESS_ISSUER_SERIAL_dup 582 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_exp_arr 583 3_0_0 EXIST::FUNCTION:EC2M
@ -617,7 +617,7 @@ X509_REQ_dup 631 3_0_0 EXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DSA,STDIO
OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION:SOCK
d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DH
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:DH
X509_REVOKED_it 638 3_0_0 EXIST::FUNCTION:
CRYPTO_THREAD_write_lock 639 3_0_0 EXIST::FUNCTION:
@ -672,13 +672,13 @@ CTLOG_get0_log_id 688 3_0_0 EXIST::FUNCTION:CT
CMS_RecipientInfo_ktri_get0_signer_id 689 3_0_0 EXIST::FUNCTION:CMS
OCSP_REQUEST_add1_ext_i2d 690 3_0_0 EXIST::FUNCTION:OCSP
EVP_PBE_CipherInit 691 3_0_0 EXIST::FUNCTION:
DSA_dup_DH 692 3_0_0 EXIST::FUNCTION:DH,DSA
DSA_dup_DH 692 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,DSA
CONF_imodule_get_value 693 3_0_0 EXIST::FUNCTION:
OCSP_id_issuer_cmp 694 3_0_0 EXIST::FUNCTION:OCSP
ASN1_INTEGER_free 695 3_0_0 EXIST::FUNCTION:
BN_get0_nist_prime_224 696 3_0_0 EXIST::FUNCTION:
OPENSSL_isservice 697 3_0_0 EXIST::FUNCTION:
DH_compute_key 698 3_0_0 EXIST::FUNCTION:DH
DH_compute_key 698 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
TS_RESP_CTX_set_signer_key 699 3_0_0 EXIST::FUNCTION:TS
i2d_DSAPrivateKey_bio 700 3_0_0 EXIST::FUNCTION:DSA<