diff options
| author | Pauli <paul.dale@oracle.com> | 2020-02-12 15:03:51 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-02-20 18:58:40 +1000 |
| commit | c5f8713443c8d606ff149b12c478cd6162f2a7ac (patch) | |
| tree | 536ea6ba3fdf7e0f4e80ef2b50f8f979cfb730a2 /apps | |
| parent | b9f733c2846329ca6ee6b906b2291e31c0c14183 (diff) | |
| download | openssl-new-c5f8713443c8d606ff149b12c478cd6162f2a7ac.tar.gz | |
Deprecate the low level RSA functions.
Use of the low level RSA functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/build.info | 8 | ||||
| -rw-r--r-- | apps/genrsa.c | 3 | ||||
| -rw-r--r-- | apps/progs.c | 12 | ||||
| -rw-r--r-- | apps/progs.pl | 5 | ||||
| -rw-r--r-- | apps/rsa.c | 3 | ||||
| -rw-r--r-- | apps/rsautl.c | 3 | ||||
| -rw-r--r-- | apps/speed.c | 31 |
7 files changed, 41 insertions, 24 deletions
diff --git a/apps/build.info b/apps/build.info index ad3ef74ad4..1b931c8ac1 100644 --- a/apps/build.info +++ b/apps/build.info @@ -14,9 +14,9 @@ $OPENSSLSRC=\ openssl.c progs.c \ asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c \ ec.c ecparam.c enc.c engine.c errstr.c \ - genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \ - pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \ - rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ + genpkey.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \ + pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \ + s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c \ list.c info.c provider.c fipsinstall.c @@ -32,7 +32,7 @@ IF[{- !$disabled{apps} -}] ENDIF IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c + SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c rsa.c rsautl.c genrsa.c ENDIF SCRIPTS{misc}=CA.pl diff --git a/apps/genrsa.c b/apps/genrsa.c index 96fb23aaf5..c45fe19b12 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/progs.c b/apps/progs.c index c4fb1790e6..3492c93e25 100644 --- a/apps/progs.c +++ b/apps/progs.c @@ -49,8 +49,8 @@ FUNCTION functions[] = { {FT_general, "gendsa", gendsa_main, gendsa_options, "genpkey"}, #endif {FT_general, "genpkey", genpkey_main, genpkey_options, NULL}, -#ifndef OPENSSL_NO_RSA - {FT_general, "genrsa", genrsa_main, genrsa_options, NULL}, +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "genrsa", genrsa_main, genrsa_options, "genpkey"}, #endif {FT_general, "help", help_main, help_options, NULL}, {FT_general, "info", info_main, info_options, NULL}, @@ -75,9 +75,11 @@ FUNCTION functions[] = { {FT_general, "rand", rand_main, rand_options, NULL}, {FT_general, "rehash", rehash_main, rehash_options, NULL}, {FT_general, "req", req_main, req_options, NULL}, - {FT_general, "rsa", rsa_main, rsa_options, NULL}, -#ifndef OPENSSL_NO_RSA - {FT_general, "rsautl", rsautl_main, rsautl_options, NULL}, +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "rsa", rsa_main, rsa_options, "pkey"}, +#endif +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "rsautl", rsautl_main, rsautl_options, "pkeyutl"}, #endif #ifndef OPENSSL_NO_SOCK {FT_general, "s_client", s_client_main, s_client_options, NULL}, diff --git a/apps/progs.pl b/apps/progs.pl index b4ff4b7d55..1d8c305713 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -92,12 +92,13 @@ EOF my %cmd_disabler = ( ciphers => "sock", - genrsa => "rsa", - rsautl => "rsa", gendh => "dh", pkcs12 => "des", ); my %cmd_deprecated = ( + rsa => [ "3_0", "pkey", "rsa" ], + genrsa => [ "3_0", "genpkey", "rsa" ], + rsautl => [ "3_0", "pkeyutl", "rsa" ], dhparam => [ "3_0", "pkeyparam", "dh" ], dsaparam => [ "3_0", "pkeyparam", "dsa" ], dsa => [ "3_0", "pkey", "dsa" ], diff --git a/apps/rsa.c b/apps/rsa.c index 82b34e7ca3..7d03a862a0 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/rsautl.c b/apps/rsautl.c index 99f1c44007..7bb9096bcd 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/speed.c b/apps/speed.c index 0e94e7cae6..13285d6355 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -94,7 +94,7 @@ #ifndef OPENSSL_NO_CAST # include <openssl/cast.h> #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) # include <openssl/rsa.h> # include "./testrsa.h" #endif @@ -416,7 +416,7 @@ static const OPT_PAIR dsa_choices[DSA_NUM] = { static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) enum { R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680, R_RSA_15360, RSA_NUM @@ -542,7 +542,7 @@ typedef struct loopargs_st { unsigned char *key; unsigned int siglen; size_t sigsize; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) RSA *rsa_key[RSA_NUM]; #endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1021,7 +1021,7 @@ static int EVP_CMAC_loop(void *args) } #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ static int RSA_sign_loop(void *args) @@ -1503,7 +1503,7 @@ int speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0) CAMELLIA_KEY camellia_ks[3]; #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static const struct { const unsigned char *data; unsigned int length; @@ -1707,8 +1707,10 @@ int speed_main(int argc, char **argv) goto end; break; case OPT_PRIMES: +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (!opt_int(opt_arg(), &primes)) goto end; +#endif break; case OPT_SECONDS: seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa @@ -1746,7 +1748,7 @@ int speed_main(int argc, char **argv) doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1; continue; } -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (strcmp(algo, "openssl") == 0) /* just for compatibility */ continue; if (strncmp(algo, "rsa", 3) == 0) { @@ -1909,7 +1911,7 @@ int speed_main(int argc, char **argv) if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC] && !doit[D_EVP_CMAC]) { memset(doit, 1, sizeof(doit)); doit[D_EVP] = doit[D_EVP_HMAC] = doit[D_EVP_CMAC] = 0; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) memset(rsa_doit, 1, sizeof(rsa_doit)); #endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1933,7 +1935,7 @@ int speed_main(int argc, char **argv) "You have chosen to measure elapsed time " "instead of user CPU time.\n"); -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (i = 0; i < loopargs_len; i++) { if (primes > RSA_DEFAULT_PRIME_NUM) { /* for multi-prime RSA, skip this */ @@ -2103,7 +2105,7 @@ int speed_main(int argc, char **argv) c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1; } -# ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) rsa_c[R_RSA_512][0] = count / 2000; rsa_c[R_RSA_512][1] = count / 400; for (i = 1; i < RSA_NUM; i++) { @@ -2859,7 +2861,7 @@ int speed_main(int argc, char **argv) if (RAND_bytes(loopargs[i].buf, 36) <= 0) goto end; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (testnum = 0; testnum < RSA_NUM; testnum++) { int st = 0; if (!rsa_doit[testnum]) @@ -3564,7 +3566,7 @@ int speed_main(int argc, char **argv) } printf("\n"); } -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) testnum = 1; for (k = 0; k < RSA_NUM; k++) { if (!rsa_doit[k]) @@ -3691,7 +3693,7 @@ int speed_main(int argc, char **argv) OPENSSL_free(loopargs[i].buf_malloc); OPENSSL_free(loopargs[i].buf2_malloc); -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (k = 0; k < RSA_NUM; k++) RSA_free(loopargs[i].rsa_key[k]); #endif @@ -3887,7 +3889,9 @@ static int do_multi(int multi, int size_num) sstrsep(&p, sep); for (j = 0; j < size_num; ++j) results[alg][j] += atof(sstrsep(&p, sep)); - } else if (strncmp(buf, "+F2:", 4) == 0) { + } +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + else if (strncmp(buf, "+F2:", 4) == 0) { int k; double d; @@ -3901,6 +3905,7 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); rsa_results[k][1] += d; } +#endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) else if (strncmp(buf, "+F3:", 4) == 0) { int k; |