Deprecate the ECDSA and EV_KEY_METHOD functions.

Use of the low level ECDSA and EC_KEY_METHOD functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10960)

40 files changed, 442 insertions, 186 deletions

diff --git a/CHANGES b/CHANGES
index 9eb778a004..1750162a10 100644
--- a/CHANGES
+++ b/CHANGES
@@ -22,6 +22,30 @@
      However, code that does the latter will still work as before.
      [Richard Levitte]
 
+  *) Deprecated low level ECDH and ECDSA functions.  These include:
+
+     ECDH_compute_key, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify,
+     ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify and
+     ECDSA_size.
+
+     Use of these low level functions has been informally discouraged for a long
+     time.  Instead applications should use the EVP_PKEY_derive(3),
+     EVP_DigestSign(3) and EVP_DigestVerify(3) functions.
+     [Paul Dale]
+
+  *) Deprecated the EC_KEY_METHOD functions.  These include:
+
+     EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
+     EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
+     EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
+     EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
+     EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign and
+     EC_KEY_METHOD_get_verify.
+
+     Instead applications and extension writers should use the OSSL_PROVIDER
+     APIs.
+     [Paul Dale]
+
   *) Deprecated EVP_PKEY_decrypt_old(), please use EVP_PKEY_decrypt_init()
      and EVP_PKEY_decrypt() instead.
      Deprecated EVP_PKEY_encrypt_old(), please use EVP_PKEY_encrypt_init()
@@ -60,21 +84,21 @@
   *) All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
      SHA384, SHA512 and Whirlpool digest functions have been deprecated.
      These include:
-         MD2, MD2_options, MD2_Init, MD2_Update, MD2_Final, MD4, MD4_Init,
-         MD4_Update, MD4_Final, MD4_Transform, MD5, MD5_Init, MD5_Update,
-         MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
-         RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
-         RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final,
-         SHA1_Transform, SHA224_Init, SHA224_Update, SHA224_Final,
-         SHA224_Transform, SHA256_Init, SHA256_Update, SHA256_Final,
-         SHA256_Transform, SHA384, SHA384_Init, SHA384_Update, SHA384_Final,
-         SHA512, SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
-         WHIRLPOOL, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_BitUpdate
-         and WHIRLPOOL_Final.
 
-     Use of these low level functions has been informally discouraged for a long
-     time.  Instead applications should instead use the EVP_DigestInit_ex,
-     EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions.
+     MD2, MD2_options, MD2_Init, MD2_Update, MD2_Final, MD4, MD4_Init,
+     MD4_Update, MD4_Final, MD4_Transform, MD5, MD5_Init, MD5_Update,
+     MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
+     RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
+     RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform,
+     SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform, SHA256_Init,
+     SHA256_Update, SHA256_Final, SHA256_Transform, SHA384, SHA384_Init,
+     SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
+     SHA512_Final, SHA512_Transform, WHIRLPOOL, WHIRLPOOL_Init,
+     WHIRLPOOL_Update, WHIRLPOOL_BitUpdate and WHIRLPOOL_Final.
+
+     Use of these low level functions has been informally discouraged
+     for a long time.  Applications should use the EVP_DigestInit_ex(3),
+     EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions instead.
      [Paul Dale]
 
   *) Corrected the documentation of the return values from the EVP_DigestSign*
@@ -87,6 +111,7 @@
      [Richard Levitte]
 
   *) All of the low level cipher functions have been deprecated including:
+
      AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
      AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
      AES_cfb1_encrypt, AES_cfb8_encrypt, AES_ofb128_encrypt,
@@ -117,10 +142,10 @@
      SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt,
      SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt.
 
-     Use of these low level functions has been informally discouraged for a long
-     time. Instead applications should use the high level EVP APIs, e.g.
+     Use of these low level functions has been informally discouraged for
+     a long time. Applications should use the high level EVP APIs, e.g.
      EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
-     equivalently named decrypt functions.
+     equivalently named decrypt functions instead.
      [Matt Caswell and Paul Dale]
 
   *) Removed include/openssl/opensslconf.h.in and replaced it with
diff --git a/apps/speed.c b/apps/speed.c
index d2afebb2c6..17f2cf3924 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1110,6 +1110,7 @@ static int DSA_verify_loop(void *args)
 #endif
 
 #ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 static long ecdsa_c[ECDSA_NUM][2];
 static int ECDSA_sign_loop(void *args)
 {
@@ -1150,6 +1151,7 @@ static int ECDSA_verify_loop(void *args)
     }
     return count;
 }
+# endif
 
 /* ******************************************************************** */
 static long ecdh_c[EC_NUM][1];
@@ -3020,6 +3022,7 @@ int speed_main(int argc, char **argv)
 #endif                          /* OPENSSL_NO_DSA */
 
 #ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
         int st = 1;
 
@@ -3102,6 +3105,7 @@ int speed_main(int argc, char **argv)
             }
         }
     }
+# endif
 
     for (testnum = 0; testnum < EC_NUM; testnum++) {
         int ecdh_checks = 1;
@@ -3398,7 +3402,7 @@ int speed_main(int argc, char **argv)
             st = 0; /* set back to zero */
             /* attach it sooner to rely on main final cleanup */
             loopargs[i].sm2_pkey[testnum] = sm2_pkey;
-            loopargs[i].sigsize = ECDSA_size(EVP_PKEY_get0_EC_KEY(sm2_pkey));
+            loopargs[i].sigsize = EVP_PKEY_size(sm2_pkey);
 
             sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
             sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
@@ -3406,6 +3410,7 @@ int speed_main(int argc, char **argv)
                 EVP_PKEY_CTX_free(sm2_vfy_pctx);
                 break;
             }
+
             /* attach them directly to respective ctx */
             EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx);
             EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx);
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c
index a512aeb237..6672f5d249 100644
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include "ec_local.h"
 #include <openssl/evp.h>
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 1f92680f7b..38218f64c1 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/err.h>
 
 #include "ec_local.h"
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index 21ce6e12d3..593f543e1a 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/err.h>
 
 #include "crypto/bn.h"
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index f38ab103ab..d2c8c399de 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDH and ECDSA low level APIs are deprecated for public use, but still ok
+ * for internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 0567f2ab06..f61d8860a4 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include "ec_local.h"
 #include <openssl/err.h>
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index f8723aab47..bb39177d64 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include "ec_local.h"
 #include <openssl/err.h>
 
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 2639b1b547..5951615ec2 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include "ec_local.h"
 #include <openssl/err.h>
diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c
index 0fdd5f672c..030c299070 100644
--- a/crypto/ec/ec_cvt.c
+++ b/crypto/ec/ec_cvt.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/err.h>
 #include "crypto/bn.h"
 #include "ec_local.h"
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 2ae5a654c3..a0cd5b9bda 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include "internal/cryptlib.h"
 #include <string.h>
 #include "ec_local.h"
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 168cf72973..078d8b35fa 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 
 #include <openssl/err.h>
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 2f2e66c679..17aacf877b 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include <openssl/err.h>
 
diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c
index 041c442b62..ba2de89656 100644
--- a/crypto/ec/ec_oct.c
+++ b/crypto/ec/ec_oct.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 
 #include <openssl/err.h>
diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c
index c76d7034a2..e3fd17d59e 100644
--- a/crypto/ec/ec_print.c
+++ b/crypto/ec/ec_print.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include "ec_local.h"
diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
index 30b8837187..89761a9fdd 100644
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include <limits.h>
 
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
index 8de22ba910..e9291b17a6 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
diff --git a/crypto/ec/ecdsa_sign.c b/crypto/ec/ecdsa_sign.c
index 7d0215b326..d602008164 100644
--- a/crypto/ec/ecdsa_sign.c
+++ b/crypto/ec/ecdsa_sign.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/ec.h>
 #include "ec_local.h"
 #include <openssl/err.h>
diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c
index 60f4af0426..255c4eeea2 100644
--- a/crypto/ec/ecdsa_vrf.c
+++ b/crypto/ec/ecdsa_vrf.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/ec.h>
 #include "ec_local.h"
 #include <openssl/err.h>
diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c
index 44b6635361..a81f79029c 100644
--- a/crypto/ec/ecp_mont.c
+++ b/crypto/ec/ecp_mont.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/err.h>
 
 #include "ec_local.h"
diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c
index 3b5666d15c..e5aad5890e 100644
--- a/crypto/ec/ecp_nist.c
+++ b/crypto/ec/ecp_nist.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <limits.h>
 
 #include <openssl/err.h>
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index 6777d32244..f52e55b7ed 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -24,6 +24,12 @@
  */
 
 /*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+/*
  * A 64-bit implementation of the NIST P-224 elliptic curve point multiplication
  *
  * Inspired by Daniel J. Bernstein's public domain nistp224 implementation
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
index 954263c960..d9c98c83ad 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -24,6 +24,12 @@
  */
 
 /*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+/*
  * A 64-bit implementation of the NIST P-256 elliptic curve point multiplication
  *
  * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 78a98c7187..d09553fec8 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -24,6 +24,12 @@
  */
 
 /*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+/*
  * A 64-bit implementation of the NIST P-521 elliptic curve point multiplication
  *
  * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c
index 98e0b72d10..d3739a108c 100644
--- a/crypto/ec/ecp_nistputil.c
+++ b/crypto/ec/ecp_nistputil.c
@@ -23,6 +23,12 @@
  *  limitations under the License.
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/opensslconf.h>
 #ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
 NON_EMPTY_TRANSLATION_UNIT
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 1609c4bbf7..d9709da4f4 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -18,6 +18,12 @@
  *                          256 Bit Primes"
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 
 #include "internal/cryptlib.h"
diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c
index e6bc153f51..1455f9c16c 100644
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index e06177ee14..005ab1ec65 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 4e3c630bd2..525fcd343f 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index 102f02651a..934c957d8b 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -9,6 +9,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include "crypto/sm2.h"
 #include "crypto/sm2err.h"
 #include "crypto/ec.h" /* ecdh_KDF_X9_63() */
diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
index 1068b7b901..681a0ab130 100644
--- a/crypto/sm2/sm2_pmeth.c
+++ b/crypto/sm2/sm2_pmeth.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/ec.h>
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 9af26e69f0..5a5f098558 100644
--- a/