diff options
47 files changed, 880 insertions, 455 deletions
@@ -18,6 +18,45 @@ use the pkeyparam, pkey and genpkey programs. [Paul Dale] + *) All of the low level RSA functions have been deprecated including: + + RSA_new_method, RSA_bits, RSA_size, RSA_security_bits, + RSA_get0_pss_params, RSA_get_version, RSA_get0_engine, + RSA_generate_key_ex, RSA_generate_multi_prime_key, + RSA_X931_derive_ex, RSA_X931_generate_key_ex, RSA_check_key, + RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt, + RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method, + RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method, + RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify, + RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING, + RSA_blinding_on, RSA_blinding_off, RSA_setup_blinding, + RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, + RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, + PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, + RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, + RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, + RSA_padding_add_none, RSA_padding_check_none, RSA_padding_add_X931, + RSA_padding_check_X931, RSA_X931_hash_id, RSA_verify_PKCS1_PSS, + RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1, + RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data, + RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, + RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, + RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_get_pub_enc, + RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, + RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, + RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, + RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, + RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, + RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, + RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, + RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen. + + Use of these low level functions has been informally discouraged for a long + time. Instead applications should use L<EVP_PKEY_encrypt_init(3)>, + L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and + L<EVP_PKEY_decrypt(3)>. + [Paul Dale] + *) X509 certificates signed using SHA1 are no longer allowed at security level 1 and above. In TLS/SSL the default security level is 1. It can be set either diff --git a/apps/build.info b/apps/build.info index ad3ef74ad4..1b931c8ac1 100644 --- a/apps/build.info +++ b/apps/build.info @@ -14,9 +14,9 @@ $OPENSSLSRC=\ openssl.c progs.c \ asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c \ ec.c ecparam.c enc.c engine.c errstr.c \ - genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \ - pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \ - rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ + genpkey.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \ + pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \ + s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c \ list.c info.c provider.c fipsinstall.c @@ -32,7 +32,7 @@ IF[{- !$disabled{apps} -}] ENDIF IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c + SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c rsa.c rsautl.c genrsa.c ENDIF SCRIPTS{misc}=CA.pl diff --git a/apps/genrsa.c b/apps/genrsa.c index 96fb23aaf5..c45fe19b12 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/progs.c b/apps/progs.c index c4fb1790e6..3492c93e25 100644 --- a/apps/progs.c +++ b/apps/progs.c @@ -49,8 +49,8 @@ FUNCTION functions[] = { {FT_general, "gendsa", gendsa_main, gendsa_options, "genpkey"}, #endif {FT_general, "genpkey", genpkey_main, genpkey_options, NULL}, -#ifndef OPENSSL_NO_RSA - {FT_general, "genrsa", genrsa_main, genrsa_options, NULL}, +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "genrsa", genrsa_main, genrsa_options, "genpkey"}, #endif {FT_general, "help", help_main, help_options, NULL}, {FT_general, "info", info_main, info_options, NULL}, @@ -75,9 +75,11 @@ FUNCTION functions[] = { {FT_general, "rand", rand_main, rand_options, NULL}, {FT_general, "rehash", rehash_main, rehash_options, NULL}, {FT_general, "req", req_main, req_options, NULL}, - {FT_general, "rsa", rsa_main, rsa_options, NULL}, -#ifndef OPENSSL_NO_RSA - {FT_general, "rsautl", rsautl_main, rsautl_options, NULL}, +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "rsa", rsa_main, rsa_options, "pkey"}, +#endif +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {FT_general, "rsautl", rsautl_main, rsautl_options, "pkeyutl"}, #endif #ifndef OPENSSL_NO_SOCK {FT_general, "s_client", s_client_main, s_client_options, NULL}, diff --git a/apps/progs.pl b/apps/progs.pl index b4ff4b7d55..1d8c305713 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -92,12 +92,13 @@ EOF my %cmd_disabler = ( ciphers => "sock", - genrsa => "rsa", - rsautl => "rsa", gendh => "dh", pkcs12 => "des", ); my %cmd_deprecated = ( + rsa => [ "3_0", "pkey", "rsa" ], + genrsa => [ "3_0", "genpkey", "rsa" ], + rsautl => [ "3_0", "pkeyutl", "rsa" ], dhparam => [ "3_0", "pkeyparam", "dh" ], dsaparam => [ "3_0", "pkeyparam", "dsa" ], dsa => [ "3_0", "pkey", "dsa" ], diff --git a/apps/rsa.c b/apps/rsa.c index 82b34e7ca3..7d03a862a0 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/rsautl.c b/apps/rsautl.c index 99f1c44007..7bb9096bcd 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use the deprecated RSA low level calls */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_RSA NON_EMPTY_TRANSLATION_UNIT diff --git a/apps/speed.c b/apps/speed.c index 0e94e7cae6..13285d6355 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -94,7 +94,7 @@ #ifndef OPENSSL_NO_CAST # include <openssl/cast.h> #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) # include <openssl/rsa.h> # include "./testrsa.h" #endif @@ -416,7 +416,7 @@ static const OPT_PAIR dsa_choices[DSA_NUM] = { static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) enum { R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680, R_RSA_15360, RSA_NUM @@ -542,7 +542,7 @@ typedef struct loopargs_st { unsigned char *key; unsigned int siglen; size_t sigsize; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) RSA *rsa_key[RSA_NUM]; #endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1021,7 +1021,7 @@ static int EVP_CMAC_loop(void *args) } #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ static int RSA_sign_loop(void *args) @@ -1503,7 +1503,7 @@ int speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0) CAMELLIA_KEY camellia_ks[3]; #endif -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static const struct { const unsigned char *data; unsigned int length; @@ -1707,8 +1707,10 @@ int speed_main(int argc, char **argv) goto end; break; case OPT_PRIMES: +#ifndef OPENSSL_NO_DEPRECATED_3_0 if (!opt_int(opt_arg(), &primes)) goto end; +#endif break; case OPT_SECONDS: seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa @@ -1746,7 +1748,7 @@ int speed_main(int argc, char **argv) doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1; continue; } -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (strcmp(algo, "openssl") == 0) /* just for compatibility */ continue; if (strncmp(algo, "rsa", 3) == 0) { @@ -1909,7 +1911,7 @@ int speed_main(int argc, char **argv) if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC] && !doit[D_EVP_CMAC]) { memset(doit, 1, sizeof(doit)); doit[D_EVP] = doit[D_EVP_HMAC] = doit[D_EVP_CMAC] = 0; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) memset(rsa_doit, 1, sizeof(rsa_doit)); #endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1933,7 +1935,7 @@ int speed_main(int argc, char **argv) "You have chosen to measure elapsed time " "instead of user CPU time.\n"); -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (i = 0; i < loopargs_len; i++) { if (primes > RSA_DEFAULT_PRIME_NUM) { /* for multi-prime RSA, skip this */ @@ -2103,7 +2105,7 @@ int speed_main(int argc, char **argv) c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1; } -# ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) rsa_c[R_RSA_512][0] = count / 2000; rsa_c[R_RSA_512][1] = count / 400; for (i = 1; i < RSA_NUM; i++) { @@ -2859,7 +2861,7 @@ int speed_main(int argc, char **argv) if (RAND_bytes(loopargs[i].buf, 36) <= 0) goto end; -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (testnum = 0; testnum < RSA_NUM; testnum++) { int st = 0; if (!rsa_doit[testnum]) @@ -3564,7 +3566,7 @@ int speed_main(int argc, char **argv) } printf("\n"); } -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) testnum = 1; for (k = 0; k < RSA_NUM; k++) { if (!rsa_doit[k]) @@ -3691,7 +3693,7 @@ int speed_main(int argc, char **argv) OPENSSL_free(loopargs[i].buf_malloc); OPENSSL_free(loopargs[i].buf2_malloc); -#ifndef OPENSSL_NO_RSA +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (k = 0; k < RSA_NUM; k++) RSA_free(loopargs[i].rsa_key[k]); #endif @@ -3887,7 +3889,9 @@ static int do_multi(int multi, int size_num) sstrsep(&p, sep); for (j = 0; j < size_num; ++j) results[alg][j] += atof(sstrsep(&p, sep)); - } else if (strncmp(buf, "+F2:", 4) == 0) { + } +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) + else if (strncmp(buf, "+F2:", 4) == 0) { int k; double d; @@ -3901,6 +3905,7 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); rsa_results[k][1] += d; } +#endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) else if (strncmp(buf, "+F3:", 4) == 0) { int k; diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index d1d8b0b59e..9a6f271000 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/rsa.h> diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index 4c169857c2..349eabde4c 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/rsa.h> diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index a94cb54b5e..71aa435bd7 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/asn1t.h> diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index e6b81253fa..8798bd52d6 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 6ba0010c77..e6b700bc0d 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <openssl/bn.h> #include <openssl/err.h> #include "crypto/rsa.h" diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index 6abee298c6..83cae46103 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include <openssl/crypto.h> #include "internal/cryptlib.h" diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index ed63262645..8ba6e8c2ee 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -12,6 +12,12 @@ * "new" versions). */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_DEPRECATED_0_9_8 NON_EMPTY_TRANSLATION_UNIT diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index cb2abff6a1..5778bdada5 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -13,6 +13,12 @@ * Geoff */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include <time.h> #include "internal/cryptlib.h" diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index d6c5da752b..c43c9fdd48 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include <openssl/crypto.h> #include <openssl/core_names.h> diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c index a2a0426ee4..6bbe21814e 100644 --- a/crypto/rsa/rsa_meth.c +++ b/crypto/rsa/rsa_meth.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <string.h> #include "rsa_local.h" #include <openssl/err.h> diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c index 833ab94028..5298ca7328 100644 --- a/crypto/rsa/rsa_none.c +++ b/crypto/rsa/rsa_none.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/cryptlib.h" #include <openssl/bn.h> #include <openssl/rsa.h> diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index d1150f09a8..23fb8f9f2b 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -20,6 +20,12 @@ * one-wayness. For the RSA function, this is an equivalent notion. */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/constant_time.h" #include <stdio.h> diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 6332a5a411..4b54aa86fe 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/cryptlib.h" #include "crypto/bn.h" #include "rsa_local.h" diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index eedc558e3f..33391c4fcb 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/constant_time.h" #include <stdio.h> diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 34cbba658e..174271874a 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include "internal/constant_time.h" #include <stdio.h> diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c index 5e4c098a16..1e52e9e3e6 100644 --- a/crypto/rsa/rsa_prn.c +++ b/crypto/rsa/rsa_prn.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/rsa.h> diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 15014ef4b1..054fca9fd1 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c index 7041535cc0..e7041ca2ae 100644 --- a/crypto/rsa/rsa_saos.c +++ b/crypto/rsa/rsa_saos.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 6479d12684..31b8ed11fa 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 99e541881d..48731dfb90 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c index 3caafb699f..7a1503752f 100644 --- a/crypto/rsa/rsa_x931.c +++ b/crypto/rsa/rsa_x931.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 1f6042a3d2..7b65133ec8 100644 --- a/crypto/rs |