Browse Source

bn: Deprecate the X9.31 RSA key generation related functions

This key generation method is obsolete.

Fixes #10111

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13921)
master
Tomas Mraz 1 year ago
parent
commit
c27e792221
7 changed files with 23 additions and 8 deletions
  1. +6
    -0
      CHANGES.md
  2. +2
    -0
      crypto/bn/bn_x931p.c
  3. +2
    -3
      crypto/bn/build.info
  4. +4
    -1
      crypto/rsa/build.info
  5. +1
    -1
      crypto/rsa/rsa_x931g.c
  6. +5
    -0
      include/openssl/bn.h
  7. +3
    -3
      util/libcrypto.num

+ 6
- 0
CHANGES.md View File

@ -23,6 +23,12 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
* Deprecated the obsolete X9.31 RSA key generation related functions
BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
BN_X931_generate_prime_ex().
*Tomas Mraz*
* Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),


+ 2
- 0
crypto/bn/bn_x931p.c View File

@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include <openssl/bn.h>
#include "bn_local.h"


+ 2
- 3
crypto/bn/build.info View File

@ -105,11 +105,10 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
bn_x931p.c bn_intern.c bn_dh.c \
bn_rsa_fips186_4.c bn_const.c
bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
IF[{- !$disabled{'deprecated-3.0'} -}]
SOURCE[../../libcrypto]=bn_depr.c
SOURCE[../../libcrypto]=bn_depr.c bn_x931p.c
ENDIF
SOURCE[../../providers/libfips.a]=$COMMON $BNASM
SOURCE[../../providers/liblegacy.a]=$BNASM


+ 4
- 1
crypto/rsa/build.info View File

@ -2,7 +2,7 @@ LIBS=../../libcrypto
$COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \
rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c rsa_x931.c rsa_crpt.c \
rsa_x931g.c rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \
rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \
rsa_mp_names.c rsa_schemes.c
SOURCE[../../libcrypto]=$COMMON\
@ -11,6 +11,9 @@ SOURCE[../../libcrypto]=$COMMON\
IF[{- !$disabled{'deprecated-0.9.8'} -}]
SOURCE[../../libcrypto]=rsa_depr.c
ENDIF
IF[{- !$disabled{'deprecated-3.0'} -}]
SOURCE[../../libcrypto]=rsa_x931g.c
ENDIF
SOURCE[../../providers/libfips.a]=$COMMON


+ 1
- 1
crypto/rsa/rsa_x931g.c View File

@ -11,7 +11,7 @@
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include <string.h>


+ 5
- 0
include/openssl/bn.h View File

@ -370,15 +370,20 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
const BIGNUM *rem, BN_GENCB *cb);
int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb);
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
OSSL_DEPRECATEDIN_3_0
int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
const BIGNUM *Xp, const BIGNUM *Xp1,
const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb);
OSSL_DEPRECATEDIN_3_0
int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
BN_CTX *ctx, BN_GENCB *cb);
# endif
BN_MONT_CTX *BN_MONT_CTX_new(void);
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,


+ 3
- 3
util/libcrypto.num View File

@ -568,7 +568,7 @@ ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
ESS_ISSUER_SERIAL_dup 582 3_0_0 EXIST::FUNCTION:
BN_GF2m_mod_exp_arr 583 3_0_0 EXIST::FUNCTION:EC2M
ASN1_UTF8STRING_free 584 3_0_0 EXIST::FUNCTION:
BN_X931_generate_prime_ex 585 3_0_0 EXIST::FUNCTION:
BN_X931_generate_prime_ex 585 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ENGINE_get_RAND 586 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
EVP_DecryptInit 587 3_0_0 EXIST::FUNCTION:
BN_bin2bn 588 3_0_0 EXIST::FUNCTION:
@ -980,7 +980,7 @@ CRYPTO_cbc128_encrypt 1004 3_0_0 EXIST::FUNCTION:
i2d_RSAPublicKey_bio 1005 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_chain_check_suiteb 1006 3_0_0 EXIST::FUNCTION:
i2d_OCSP_REQUEST 1007 3_0_0 EXIST::FUNCTION:OCSP
BN_X931_generate_Xpq 1008 3_0_0 EXIST::FUNCTION:
BN_X931_generate_Xpq 1008 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ASN1_item_digest 1009 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_set_trust 1010 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get_error 1011 3_0_0 EXIST::FUNCTION:
@ -1976,7 +1976,7 @@ EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:EC
SCT_get0_extensions 2022 3_0_0 EXIST::FUNCTION:CT
OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION:
i2d_DIRECTORYSTRING 2024 3_0_0 EXIST::FUNCTION:
BN_X931_derive_prime_ex 2025 3_0_0 EXIST::FUNCTION:
BN_X931_derive_prime_ex 2025 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ENGINE_get_pkey_asn1_meth_str 2026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
PKCS7_signatureVerify 2027 3_0_0 EXIST::FUNCTION:
CRYPTO_ocb128_new 2028 3_0_0 EXIST::FUNCTION:OCB


Loading…
Cancel
Save