From 4d8e8a2d3781b6ca7c453492ee8e06885c812e73 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 14 Oct 2020 17:12:38 +0100
Subject: Deprecate the DHparams and DHxparams PEM routines

The functions return a DH object and therefore need to be deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13138)
---
 include/openssl/pem.h                         |  6 ++++--
 test/build.info                               | 10 ++++++----
 test/endecoder_legacy_test.c                  |  2 --
 test/recipes/04-test_encoder_decoder_legacy.t |  6 +++++-
 util/libcrypto.num                            | 12 ++++++------
 5 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 3dcf97e36c..b3c2d2e1c1 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -391,8 +391,10 @@ DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
 DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
 # endif
 # ifndef OPENSSL_NO_DH
-DECLARE_PEM_rw(DHparams, DH)
-DECLARE_PEM_write(DHxparams, DH)
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
+DECLARE_PEM_write_attr(OSSL_DEPRECATEDIN_3_0, DHxparams, DH)
+#  endif
 # endif
 DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
 EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
diff --git a/test/build.info b/test/build.info
index bd87bf6a94..7f9e44b591 100644
--- a/test/build.info
+++ b/test/build.info
@@ -793,10 +793,12 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[endecode_test]=.. ../include ../apps/include
   DEPEND[endecode_test]=../libcrypto.a libtestutil.a
 
-  PROGRAMS{noinst}=endecoder_legacy_test
-  SOURCE[endecoder_legacy_test]=endecoder_legacy_test.c
-  INCLUDE[endecoder_legacy_test]=.. ../include ../apps/include
-  DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a
+  IF[{- !$disabled{'deprecated-3.0'} -}]
+    PROGRAMS{noinst}=endecoder_legacy_test
+    SOURCE[endecoder_legacy_test]=endecoder_legacy_test.c
+    INCLUDE[endecoder_legacy_test]=.. ../include ../apps/include
+    DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a
+  ENDIF
 
   PROGRAMS{noinst}=namemap_internal_test
   SOURCE[namemap_internal_test]=namemap_internal_test.c
diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index 6fd7b356cd..467c072b3e 100644
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -166,7 +166,6 @@ static struct test_stanza_st {
       NULL,                      /* No PEM_read_bio_ECParameters */
       (PEM_read_bio_of_void *)PEM_read_bio_EC_PUBKEY, },
 #endif
-#ifndef OPENSSL_NO_DEPRECATED_3_0
     { "RSA", { "RSA", "type-specific" }, EVP_PKEY_RSA,
       (i2d_of_void *)i2d_RSAPrivateKey,
       (i2d_of_void *)i2d_RSAPublicKey,
@@ -184,7 +183,6 @@ static struct test_stanza_st {
       (PEM_read_bio_of_void *)PEM_read_bio_RSAPublicKey,
       NULL,                      /* No PEM_read_bio_RSAparams */
       (PEM_read_bio_of_void *)PEM_read_bio_RSA_PUBKEY }
-#endif
 };
 
 /*
diff --git a/test/recipes/04-test_encoder_decoder_legacy.t b/test/recipes/04-test_encoder_decoder_legacy.t
index 9881322628..ef252a3766 100644
--- a/test/recipes/04-test_encoder_decoder_legacy.t
+++ b/test/recipes/04-test_encoder_decoder_legacy.t
@@ -11,12 +11,16 @@ use warnings;
 
 use OpenSSL::Test::Simple;
 use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
+use OpenSSL::Test::Utils;
 use Cwd qw(abs_path);
 
-setup("test_encode_legacy");
+setup("test_encoder_decoder_legacy");
 
+plan skip_all => "Not available in a no-deprecated build"
+    if disabled("deprecated");
 plan tests => 1;
 
+
 $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
 $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf"));
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 8ef0f2a02b..d81534ad06 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -274,7 +274,7 @@ X509_get_ext_d2i                        279	3_0_0	EXIST::FUNCTION:
 d2i_PKCS7_ENC_CONTENT                   280	3_0_0	EXIST::FUNCTION:
 BUF_MEM_grow                            281	3_0_0	EXIST::FUNCTION:
 TS_REQ_free                             282	3_0_0	EXIST::FUNCTION:TS
-PEM_read_DHparams                       283	3_0_0	EXIST::FUNCTION:DH,STDIO
+PEM_read_DHparams                       283	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
 RSA_private_decrypt                     284	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
 X509V3_EXT_get_nid                      285	3_0_0	EXIST::FUNCTION:
 BIO_s_log                               286	3_0_0	EXIST::FUNCTION:
@@ -447,7 +447,7 @@ ENGINE_get_digests                      455	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3
 TS_MSG_IMPRINT_get_algo                 456	3_0_0	EXIST::FUNCTION:TS
 DH_new_method                           457	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 BF_ecb_encrypt                          458	3_0_0	EXIST::FUNCTION:BF,DEPRECATEDIN_3_0
-PEM_write_bio_DHparams                  459	3_0_0	EXIST::FUNCTION:DH
+PEM_write_bio_DHparams                  459	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 EVP_DigestFinal                         460	3_0_0	EXIST::FUNCTION:
 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE 461	3_0_0	EXIST::FUNCTION:CT
 X509v3_asid_add_id_or_range             462	3_0_0	EXIST::FUNCTION:RFC3779
@@ -2017,7 +2017,7 @@ BN_GENCB_get_arg                        2063	3_0_0	EXIST::FUNCTION:
 EVP_MD_CTX_clear_flags                  2064	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_meth_get_verifyctx             2065	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 CT_POLICY_EVAL_CTX_get0_cert            2066	3_0_0	EXIST::FUNCTION:CT
-PEM_write_DHparams                      2067	3_0_0	EXIST::FUNCTION:DH,STDIO
+PEM_write_DHparams                      2067	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
 DH_set_ex_data                          2068	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 OCSP_SIGNATURE_free                     2069	3_0_0	EXIST::FUNCTION:OCSP
 CRYPTO_128_unwrap_pad                   2070	3_0_0	EXIST::FUNCTION:
@@ -2405,7 +2405,7 @@ BIGNUM_it                               2455	3_0_0	EXIST::FUNCTION:
 BN_BLINDING_get_flags                   2456	3_0_0	EXIST::FUNCTION:
 X509_EXTENSION_get_critical             2457	3_0_0	EXIST::FUNCTION:
 DSA_set_default_method                  2458	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
-PEM_write_bio_DHxparams                 2459	3_0_0	EXIST::FUNCTION:DH
+PEM_write_bio_DHxparams                 2459	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 DSA_set_ex_data                         2460	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
 BIO_s_datagram_sctp                     2461	3_0_0	EXIST::FUNCTION:DGRAM,SCTP
 SXNET_add_id_asc                        2462	3_0_0	EXIST::FUNCTION:
@@ -3190,7 +3190,7 @@ X509_set1_notBefore                     3255	3_0_0	EXIST::FUNCTION:
 MD4                                     3256	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4
 EVP_PKEY_CTX_dup                        3257	3_0_0	EXIST::FUNCTION:
 ENGINE_setup_bsd_cryptodev              3258	3_0_0	EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE
-PEM_read_bio_DHparams                   3259	3_0_0	EXIST::FUNCTION:DH
+PEM_read_bio_DHparams                   3259	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 CMS_SharedInfo_encode                   3260	3_0_0	EXIST::FUNCTION:CMS
 ASN1_OBJECT_create                      3261	3_0_0	EXIST::FUNCTION:
 i2d_ECParameters                        3262	3_0_0	EXIST::FUNCTION:EC
@@ -3684,7 +3684,7 @@ ASN1_TIME_print                         3763	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get0_peerkey               3764	3_0_0	EXIST::FUNCTION:
 BN_mod_lshift1                          3765	3_0_0	EXIST::FUNCTION:
 BIO_ADDRINFO_family                     3766	3_0_0	EXIST::FUNCTION:SOCK
-PEM_write_DHxparams                     3767	3_0_0	EXIST::FUNCTION:DH,STDIO
+PEM_write_DHxparams                     3767	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH,STDIO
 BN_mod_exp2_mont                        3768	3_0_0	EXIST::FUNCTION:
 ASN1_PRINTABLE_free                     3769	3_0_0	EXIST::FUNCTION:
 PKCS7_ATTR_SIGN_it                      3771	3_0_0	EXIST::FUNCTION:
-- 
cgit v1.2.1