From 588d5d01fefde6a3437d6749b4435c41180df868 Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 28 Apr 2020 19:03:05 +1000 Subject: [PATCH] Undeprecate DH, DSA and RSA _bits() functions. These were deemed information and useful and that they should not be deprecated. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11669) --- CHANGES.md | 80 +++++++++++++++++++++---------------------- doc/man3/DH_size.pod | 24 ++++++------- doc/man3/DSA_size.pod | 22 ++++++------ doc/man3/RSA_size.pod | 20 +++++------ include/openssl/dh.h | 2 +- include/openssl/dsa.h | 2 +- include/openssl/rsa.h | 2 +- util/libcrypto.num | 6 ++-- 8 files changed, 79 insertions(+), 79 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 45789ed612..b11ca85c65 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -101,24 +101,22 @@ OpenSSL 3.0 * All of the low level RSA functions have been deprecated including: - RSA_new_method, RSA_bits, RSA_size, RSA_security_bits, - RSA_get0_pss_params, RSA_get_version, RSA_get0_engine, - RSA_generate_key_ex, RSA_generate_multi_prime_key, - RSA_X931_derive_ex, RSA_X931_generate_key_ex, RSA_check_key, - RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt, + RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params, + RSA_get_version, RSA_get0_engine, RSA_generate_key_ex, + RSA_generate_multi_prime_key, RSA_X931_derive_ex, RSA_X931_generate_key_ex, + RSA_check_key, RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt, RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method, RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method, RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify, - RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING, - RSA_blinding_on, RSA_blinding_off, RSA_setup_blinding, - RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, - RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, - PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, - RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, - RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, - RSA_padding_add_none, RSA_padding_check_none, RSA_padding_add_X931, - RSA_padding_check_X931, RSA_X931_hash_id, RSA_verify_PKCS1_PSS, - RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1, + RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING, RSA_blinding_on, + RSA_blinding_off, RSA_setup_blinding, RSA_padding_add_PKCS1_type_1, + RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, + RSA_padding_check_PKCS1_type_2, PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, + RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, + RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, + RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none, + RSA_padding_add_X931, RSA_padding_check_X931, RSA_X931_hash_id, + RSA_verify_PKCS1_PSS, RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1, RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, @@ -171,20 +169,19 @@ OpenSSL 3.0 * All of the low level DH functions have been deprecated including: - DH_OpenSSL, DH_set_default_method, DH_get_default_method, - DH_set_method, DH_new_method, DH_bits, DH_size, DH_security_bits, - DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, - DH_generate_parameters_ex, DH_check_params_ex, DH_check_ex, - DH_check_pub_key_ex, DH_check, DH_check_pub_key, DH_generate_key, - DH_compute_key, DH_compute_key_padded, DHparams_print_fp, - DHparams_print, DH_get_nid, DH_KDF_X9_42, DH_get0_engine, DH_meth_new, - DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, - DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, - DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, - DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, - DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, - DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params - and DH_meth_set_generate_params. + DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method, + DH_new_method, DH_size, DH_security_bits, DH_get_ex_new_index, + DH_set_ex_data, DH_get_ex_data, DH_generate_parameters_ex, + DH_check_params_ex, DH_check_ex, DH_check_pub_key_ex, + DH_check, DH_check_pub_key, DH_generate_key, DH_compute_key, + DH_compute_key_padded, DHparams_print_fp, DHparams_print, DH_get_nid, + DH_KDF_X9_42, DH_get0_engine, DH_meth_new, DH_meth_free, DH_meth_dup, + DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, + DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, + DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, + DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, + DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, + DH_meth_get_generate_params and DH_meth_set_generate_params. Use of these low level functions has been informally discouraged for a long time. Instead applications should use L @@ -195,18 +192,19 @@ OpenSSL 3.0 * All of the low level DSA functions have been deprecated including: DSA_do_sign, DSA_do_verify, DSA_OpenSSL, DSA_set_default_method, - DSA_get_default_method, DSA_set_method, DSA_get_method, DSA_new_method, - DSA_sign_setup, DSA_sign, DSA_verify, DSA_get_ex_new_index, - DSA_set_ex_data, DSA_get_ex_data, DSA_generate_parameters_ex, - DSA_generate_key, DSA_meth_new, DSA_get0_engine, DSA_meth_free, - DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, - DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, - DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, - DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, - DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, - DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, - DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, - DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen. + DSA_get_default_method, DSA_set_method, DSA_get_method, + DSA_new_method, DSA_size, DSA_security_bits, DSA_sign_setup, DSA_sign, + DSA_verify, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, + DSA_generate_parameters_ex, DSA_generate_key, DSA_meth_new, DSA_get0_engine, + DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, + DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, + DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, + DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, + DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, + DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, + DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, + DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen and + DSA_meth_set_keygen. Use of these low level functions has been informally discouraged for a long time. Instead applications should use L, diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod index 98452524b6..099c1bad3f 100644 --- a/doc/man3/DH_size.pod +++ b/doc/man3/DH_size.pod @@ -9,39 +9,39 @@ security bits #include + int DH_bits(const DH *dh); + Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: int DH_size(const DH *dh); - int DH_bits(const DH *dh); - int DH_security_bits(const DH *dh); =head1 DESCRIPTION -All of the functions described on this page are deprecated. -Applications should instead use L, -L and L. +DH_bits() returns the number of significant bits. + +B and Bp> must not be B. + +The remaining functions described on this page are deprecated. +Applications should instead use L and +L. DH_size() returns the Diffie-Hellman prime size in bytes. It can be used to determine how much memory must be allocated for the shared secret computed by L. -DH_bits() returns the number of significant bits. - -B and Bp> must not be B. - DH_security_bits() returns the number of security bits of the given B key. See L. =head1 RETURN VALUES -DH_size() returns the prime size of Diffie-Hellman in bytes. - DH_bits() returns the number of bits in the key. +DH_size() returns the prime size of Diffie-Hellman in bytes. + DH_security_bits() returns the number of security bits. =head1 SEE ALSO @@ -52,7 +52,7 @@ L =head1 HISTORY -All of these functions were deprecated in OpenSSL 3.0. +The DH_size() and DH_security_bits() functions were deprecated in OpenSSL 3.0. The DH_bits() function was added in OpenSSL 1.1.0. diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod index 2d74eea365..404f1bb231 100644 --- a/doc/man3/DSA_size.pod +++ b/doc/man3/DSA_size.pod @@ -8,19 +8,24 @@ DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or secu #include + int DSA_bits(const DSA *dsa); + Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: int DSA_size(const DSA *dsa); - int DSA_bits(const DSA *dsa); + int DSA_security_bits(const DSA *dsa); =head1 DESCRIPTION -All of the functions described on this page are deprecated. -Applications should instead use L, -L and L. +DSA_bits() returns the number of bits in key B: this is the number +of bits in the B

parameter. + +The remaining functions described on this page are deprecated. +Applications should instead use L and +L. DSA_size() returns the maximum size of an ASN.1 encoded DSA signature for key B in bytes. It can be used to determine how much memory must @@ -28,18 +33,15 @@ be allocated for a DSA signature. Bq> must not be B. -DSA_bits() returns the number of bits in key B: this is the number -of bits in the B

parameter. - DSA_security_bits() returns the number of security bits of the given B key. See L. =head1 RETURN VALUES -DSA_size() returns the signature size in bytes. - DSA_bits() returns the number of bits in the key. +DSA_size() returns the signature size in bytes. + =head1 SEE ALSO L, @@ -49,7 +51,7 @@ L, L =head1 HISTORY -All of these functions were deprecated in OpenSSL 3.0. +The DSA_size() and DSA_security_bits() functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod index b2a7c96788..a23f51abc2 100644 --- a/doc/man3/RSA_size.pod +++ b/doc/man3/RSA_size.pod @@ -8,19 +8,23 @@ RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits #include + int RSA_bits(const RSA *rsa); + Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: int RSA_size(const RSA *rsa); - int RSA_bits(const RSA *rsa); - int RSA_security_bits(const RSA *rsa) =head1 DESCRIPTION -All of the functions described on this page are deprecated. +RSA_bits() returns the number of significant bits. + +B and Bn> must not be B. + +The remaining functions described on this page are deprecated. Applications should instead use L, L and L. @@ -28,18 +32,14 @@ RSA_size() returns the RSA modulus size in bytes. It can be used to determine how much memory must be allocated for an RSA encrypted value. -RSA_bits() returns the number of significant bits. - -B and Bn> must not be B. - RSA_security_bits() returns the number of security bits of the given B key. See L. =head1 RETURN VALUES -RSA_size() returns the size of modulus in bytes. +RSA_bits() returns the number of bits in the key. -DSA_bits() returns the number of bits in the key. +RSA_size() returns the size of modulus in bytes. RSA_security_bits() returns the number of security bits. @@ -49,7 +49,7 @@ L =head1 HISTORY -All of these functions were deprecated in OpenSSL 3.0. +The RSA_size() and RSA_security_bits() functions were deprecated in OpenSSL 3.0. The RSA_bits() function was added in OpenSSL 1.1.0. diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 437d303299..4907bc6567 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -146,7 +146,7 @@ DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine)) DH *DH_new(void); void DH_free(DH *dh); int DH_up_ref(DH *dh); -DEPRECATEDIN_3_0(int DH_bits(const DH *dh)) +int DH_bits(const DH *dh); DEPRECATEDIN_3_0(int DH_size(const DH *dh)) DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh)) # ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 92be4760e6..a7d32eee98 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -114,7 +114,7 @@ void DSA_free(DSA *r); /* "up" the DSA object's reference count */ int DSA_up_ref(DSA *r); DEPRECATEDIN_3_0(int DSA_size(const DSA *)) -DEPRECATEDIN_3_0(int DSA_bits(const DSA *d)) +int DSA_bits(const DSA *d); DEPRECATEDIN_3_0(int DSA_security_bits(const DSA *d)) /* next 4 return -1 on error */ DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 27be5f5e39..2508abd81c 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -192,7 +192,7 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); RSA *RSA_new(void); DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine)) -DEPRECATEDIN_3_0(int RSA_bits(const RSA *rsa)) +int RSA_bits(const RSA *rsa); DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa)) diff --git a/util/libcrypto.num b/util/libcrypto.num index 79f8fd86c0..6c7ce4c0c3 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2586,7 +2586,7 @@ d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION: ERR_load_COMP_strings 2641 3_0_0 EXIST::FUNCTION:COMP EVP_PKEY_meth_add0 2642 3_0_0 EXIST::FUNCTION: EVP_rc4_40 2643 3_0_0 EXIST::FUNCTION:RC4 -RSA_bits 2645 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA +RSA_bits 2645 3_0_0 EXIST::FUNCTION:RSA ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION: GENERAL_NAMES_it 2647 3_0_0 EXIST::FUNCTION: X509_issuer_name_hash 2648 3_0_0 EXIST::FUNCTION: @@ -3163,7 +3163,7 @@ ACCESS_DESCRIPTION_free 3228 3_0_0 EXIST::FUNCTION: BN_nist_mod_384 3229 3_0_0 EXIST::FUNCTION: i2d_EC_PUBKEY_fp 3230 3_0_0 EXIST::FUNCTION:EC,STDIO ENGINE_set_default_pkey_meths 3231 3_0_0 EXIST::FUNCTION:ENGINE -DH_bits 3232 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH +DH_bits 3232 3_0_0 EXIST::FUNCTION:DH i2d_X509_ALGORS 3233 3_0_0 EXIST::FUNCTION: EVP_camellia_192_cfb1 3234 3_0_0 EXIST::FUNCTION:CAMELLIA TS_RESP_CTX_add_failure_info 3235 3_0_0 EXIST::FUNCTION:TS @@ -4045,7 +4045,7 @@ X509_STORE_unlock 4133 3_0_0 EXIST::FUNCTION: X509_STORE_lock 4134 3_0_0 EXIST::FUNCTION: X509_set_proxy_pathlen 4135 3_0_0 EXIST::FUNCTION: X509_get_proxy_pathlen 4136 3_0_0 EXIST::FUNCTION: -DSA_bits 4137 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA +DSA_bits 4137 3_0_0 EXIST::FUNCTION:DSA EVP_PKEY_set1_tls_encodedpoint 4138 3_0_0 EXIST::FUNCTION: EVP_PKEY_get1_tls_encodedpoint 4139 3_0_0 EXIST::FUNCTION: ASN1_STRING_get0_data 4140 3_0_0 EXIST::FUNCTION: -- 2.25.1