Deprecate the low level DSA functions.

Use of the low level DSA functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)

37 files changed, 360 insertions, 109 deletions

diff --git a/CHANGES b/CHANGES
index 72201c3f69..535269d0a8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -21,6 +21,32 @@
      options of the apps.
      [Kurt Roeckx]
 
+  *) The command line utilities dhparam, dsa, gendsa and dsaparam have been
+     deprecated.  Instead use the pkeyparam, pkey, genpkey and pkeyparam
+     programs respectively.
+     [Paul Dale]
+
+  *) All of the low level DSA functions have been deprecated including:
+
+     DSA_do_sign, DSA_do_verify, DSA_OpenSSL, DSA_set_default_method,
+     DSA_get_default_method, DSA_set_method, DSA_get_method, DSA_new_method,
+     DSA_sign_setup, DSA_sign, DSA_verify, DSA_get_ex_new_index,
+     DSA_set_ex_data, DSA_get_ex_data, DSA_generate_parameters_ex,
+     DSA_generate_key, DSA_meth_new, DSA_get0_engine, DSA_meth_free,
+     DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags,
+     DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data,
+     DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup,
+     DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify,
+     DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp,
+     DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init,
+     DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
+     DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
+
+     Use of these low level functions has been informally discouraged for a long
+     time.  Instead applications should use L<EVP_DigestSignInit_ex(3)>,
+     L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
+     [Paul Dale]
+
   *) Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
      automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC.
      This means that applications don't have to look at the curve NID and
diff --git a/apps/dsa.c b/apps/dsa.c
index f0c9fc1c52..8ba9305030 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -81,6 +81,7 @@ int dsa_main(int argc, char **argv)
     int pvk_encr = 2;
 # endif
     int private = 0;
+    EVP_PKEY *pkey = NULL;
 
     prog = opt_init(argc, argv, dsa_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -160,19 +161,14 @@ int dsa_main(int argc, char **argv)
     }
 
     BIO_printf(bio_err, "read DSA key\n");
-    {
-        EVP_PKEY *pkey;
+    if (pubin)
+        pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+    else
+        pkey = load_key(infile, informat, 1, passin, e, "Private Key");
 
-        if (pubin)
-            pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
-        else
-            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+    if (pkey != NULL)
+        dsa = EVP_PKEY_get1_DSA(pkey);
 
-        if (pkey != NULL) {
-            dsa = EVP_PKEY_get1_DSA(pkey);
-            EVP_PKEY_free(pkey);
-        }
-    }
     if (dsa == NULL) {
         BIO_printf(bio_err, "unable to load Key\n");
         ERR_print_errors(bio_err);
@@ -185,7 +181,7 @@ int dsa_main(int argc, char **argv)
 
     if (text) {
         assert(pubin || private);
-        if (!DSA_print(out, dsa, 0)) {
+        if (!EVP_PKEY_print_private(out, pkey, 0, NULL)) {
             perror(outfile);
             ERR_print_errors(bio_err);
             goto end;
@@ -261,6 +257,7 @@ int dsa_main(int argc, char **argv)
     }
     ret = 0;
  end:
+    EVP_PKEY_free(pkey);
     BIO_free_all(out);
     DSA_free(dsa);
     release_engine(e);
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 4b26ec0400..8688bb677e 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
index 8195dda881..b14668823d 100644
--- a/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 38935fd9e2..3b163bbe4e 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index a68928497e..9715a75d0d 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index ba1cbad2ae..5586b6a6c3 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include "dsa_local.h"
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index 2b363e2642..5c8f9af2b9 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -13,6 +13,12 @@
  */
 
 /*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+/*
  * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
  * 180-1)
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index aa6b84c091..ac5907c4f8 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/opensslconf.h>
 #include <stdio.h>
 #include "internal/cryptlib.h"
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index e0a3c82570..00e7213b97 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <time.h>
 #include "internal/cryptlib.h"
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 334ee747dd..11f09891b2 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c
index 226ea34085..0a46002bd6 100644
--- a/crypto/dsa/dsa_meth.c
+++ b/crypto/dsa/dsa_meth.c
@@ -19,6 +19,7 @@
 #include <string.h>
 #include <openssl/err.h>
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 DSA_METHOD *DSA_meth_new(const char *name, int flags)
 {
     DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam));
@@ -222,3 +223,4 @@ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
     dsam->dsa_keygen = keygen;
     return 1;
 }
+#endif
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 91cb83396d..6ff22e8c87 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include "crypto/bn.h"
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 0ab5372bac..008a607bc6 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c
index 4bc4b0d11c..65edf63d41 100644
--- a/crypto/dsa/dsa_prn.c
+++ b/crypto/dsa/dsa_prn.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index d3e8cfa1ff..1ee9272ced 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/bn.h>
 #include "internal/cryptlib.h"
 #include "dsa_local.h"
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index cf4412b5e1..329c07ad79 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include "internal/cryptlib.h"
 #include "dsa_local.h"
 
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 76b4df1dc3..98e0704347 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index ba98371d46..d4b069d326 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/bio.h>
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 919769ae4f..6c8eb2a919 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 95bd4da3f5..7f9de421f1 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -12,6 +12,12 @@
  * and PRIVATEKEYBLOB).
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include "internal/cryptlib.h"
 #include <openssl/pem.h>
 #include <openssl/rand.h>
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index a583813b58..c4d2806ea1 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
diff --git a/doc/man3/DSA_meth_new.pod b/doc/man3/DSA_meth_new.pod
index c5e6ccd052..1e23c0e694 100644
--- a/doc/man3/DSA_meth_new.pod
+++ b/doc/man3/DSA_meth_new.pod
@@ -16,6 +16,10 @@ DSA_meth_set_keygen - Routines to build up DSA methods
 
  #include <openssl/dsa.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  DSA_METHOD *DSA_meth_new(const char *name, int flags);
 
  void DSA_meth_free(DSA_METHOD *dsam);
@@ -86,6 +90,10 @@ DSA_meth_set_keygen - Routines to build up DSA methods
 
 =head1 DESCRIPTION
 
+All of the functions described on this page are deprecated.
+Applications and extension implementations should instead use the
+OSSL_PROVIDER APIs.
+
 The B<DSA_METHOD> type is a structure used for the provision of custom DSA
 implementations. It provides a set of functions used by OpenSSL for the
 implementation of the various DSA capabilities.
@@ -200,11 +208,13 @@ L<DSA_sign(3)>, L<DSA_size(3)>, L<DSA_get0_pqg(3)>
 
 =head1 HISTORY
 
+The functions described here were deprecated in OpenSSL 3.0.
+
 The functions described here were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod
index e74b32580f..473ab985ff 100644
--- a/doc/man3/DSA_size.pod
+++ b/doc/man3/DSA_size.pod
@@ -8,12 +8,20 @@ DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or secu
 
  #include <openssl/dsa.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  int DSA_size(const DSA *dsa);
  int DSA_bits(const DSA *dsa);
  int DSA_security_bits(const DSA *dsa);
 
 =head1 DESCRIPTION
 
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_bits(3)>,
+L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+
 DSA_size() returns the maximum size of an ASN.1 encoded DSA signature
 for key B<dsa> in bytes. It can be used to determine how much memory must
 be allocated for a DSA signature.
@@ -34,8 +42,15 @@ DSA_bits() returns the number of bits in the key.
 
 =head1 SEE ALSO
 
+L<EVP_PKEY_bits(3)>,
+L<EVP_PKEY_security_bits(3)>,
+L<EVP_PKEY_size(3)>,
 L<DSA_new(3)>, L<DSA_sign(3)>
 
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/RSA_print.pod b/doc/man3/RSA_print.pod
index a0904b66b0..8318b5528b 100644
--- a/doc/man3/RSA_print.pod
+++ b/doc/man3/RSA_print.pod
@@ -10,11 +10,19 @@ DHparams_print, DHparams_print_fp - print cryptographic parameters
 
  #include <openssl/rsa.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  int RSA_print(BIO *bp, RSA *x, int offset);
  int RSA_print_fp(FILE *fp, RSA *x, int offset);
 
  #include <openssl/dsa.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  int DSAparams_print(BIO *bp, DSA *x);
  int DSAparams_print_fp(FILE *fp, DSA *x);
  int DSA_print(BIO *bp, DSA *x, int offset);
@@ -22,11 +30,19 @@ DHparams_print, DHparams_print_fp - print cryptographic parameters
 
  #include <openssl/dh.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  int DHparams_print(BIO *bp, DH *x);
  int DHparams_print_fp(FILE *fp, DH *x);
 
 =head1 DESCRIPTION
 
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_print_params(3)> and
+L<EVP_PKEY_print_private(3)>.
+
 A human-readable hexadecimal output of the components of the RSA
 key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
 
@@ -38,7 +54,13 @@ These functions return 1 on success, 0 on error.
 
 =head1 SEE ALSO
 
-L<BN_bn2bin(3)>
+ L<EVP_PKEY_print_params(3)>,
+ L<EVP_PKEY_print_private(3)>,
+ L<BN_bn2bin(3)>
+
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 0dbccb0698..846bb8fa3d 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -334,9 +334,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 #endif
 #ifndef OPENSSL_NO_DSA
     DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);
-    DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print);
-    DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print);
-    DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print);
+    DO_TEST_NO_PRINT(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey);
+    DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey);
+    DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams);
 #endif
     DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
 #ifndef OPENSSL_NO_EC
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 0fd63cc64a..5fe87bee1a 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -39,7 +39,6 @@ extern "C" {
 
 #  define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
 
-#  define DSA_FLAG_CACHE_MONT_P   0x01
 #  ifndef OPENSSL_NO_DEPRECATED_1_1_0
 /*
  * Does nothing. Previously this switched off constant time behaviour.
@@ -47,6 +46,9 @@ extern "C" {
 #   define DSA_FLAG_NO_EXP_CONSTTIME       0x00
 #  endif
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+#   define DSA_FLAG_CACHE_MONT_P   0x01
+
 /*
  * If this flag is set the DSA method is FIPS compliant and can be used in
  * FIPS mode. This is set in the validated module method. If an application
@@ -54,7 +56,7 @@ extern "C" {
  * result is compliant.
  */
 
-#  define DSA_FLAG_FIPS_METHOD                    0x0400
+#   define DSA_FLAG_FIPS_METHOD                    0x0400
 
 /*
  * If this flag is set the operations normally disabled in FIPS mode are
@@ -62,8 +64,9 @@ extern "C" {
  * usage is compliant.
  */
 
-#  define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
-#  define DSA_FLAG_FIPS_CHECKED                   0x0800
+#   define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
+#   define DSA_FLAG_FIPS_CHECKED                   0x0800
+#  endif    /* OPENSSL_NO_DEPRECATED_3_0 */
 
 /* Already defined in ossl_typ.h */
 /* typedef struct dsa_st DSA; */
@@ -71,12 +74,16 @@ extern "C" {
 
 typedef struct DSA_SIG_st DSA_SIG;
 
+/*
+ * TODO(3.0): consider removing the ASN.1 encoding and decoding when
+ * deserialisation is completed elsewhere.
+ */
 #  define d2i_DSAparams_fp(fp, x) \
         (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
                            (char *(*)())d2i_DSAparams, (fp), \
                            (unsigned char **)(x))
 #  define i2d_DSAparams_fp(fp, x) \
-        ASN1_i2d_fp(i2d_DSAparams,(fp), (unsigned char *)(x))
+        ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x))
 #  define d2i_DSAparams_bio(bp, x) \
         ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x)
 #  define i2d_DSAparams_bio(bp, x) \
@@ -89,35 +96,41 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA_SIG, DSA_SIG)
 void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
 int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
 
-DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-                  DSA_SIG *sig, DSA *dsa);
+DEPRECATEDIN_3_0(DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen,
+                                      DSA *dsa))
+DEPRECATEDIN_3_0(int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                                   DSA_SIG *sig, DSA *dsa))
 
-const DSA_METHOD *DSA_OpenSSL(void);
+DEPRECATEDIN_3_0(const DSA_METHOD *DSA_OpenSSL(void))
 
-void DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_method(void);
-int DSA_set_method(DSA *dsa, const DSA_METHOD *);
-const DSA_METHOD *DSA_get_method(DSA *d);
+DEPRECATEDIN_3_0(void DSA_set_default_method(const DSA_METHOD *))
+DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_default_method(void))
+DEPRECATEDIN_3_0(int DSA_set_method(DSA *dsa, const DSA_METHOD *))
+DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_method(DSA *d))
 
 DSA *DSA_new(void);
-DSA *DSA_new_method(ENGINE *engine);
+DEPRECATEDIN_3_0(DSA *DSA_new_method(ENGINE *engine))
 void DSA_free(DSA *r);
 /* "up" the DSA object's reference count */
 int DSA_up_ref(DSA *r);
-int DSA_size(const DSA *);
-int DSA_bits(const DSA *d);
-int DSA_security_bits(const DSA *d);
+DEPRECATEDIN_3_0(int DSA_size(const DSA *))
+DEPRECATEDIN_3_0(int DSA_bits(const DSA *d))
+DEPRECATEDIN_3_0(int DSA_security_bits(const DSA *d))
         /* next 4 return -1 on error */
-DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
-int DSA_sign(int type, const unsigned char *dgst, int dlen,
-             unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-               const unsigned