This commit was manufactured by cvs2svn to create tag 'STATE_after_zlib'.

apps/dsaparam.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_DSA
 #include <assert.h>
 #include <stdio.h>
@@ -88,23 +82,9 @@
  * -C
  * -noout
  * -genkey
- *  #ifdef GENCB_TEST
- * -timebomb n  - interrupt keygen after <n> seconds
- *  #endif
  */
 
-#ifdef GENCB_TEST
-
-static int stop_keygen_flag = 0;
-
-void timebomb_sigalarm(int foo)
-	{
-	stop_keygen_flag = 1;
-	}
-
-#endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
 
 int MAIN(int, char **);
 
@@ -119,9 +99,6 @@ int MAIN(int argc, char **argv)
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
 	char *engine=NULL;
-#ifdef GENCB_TEST
-	int timebomb=0;
-#endif
 
 	apps_startup();
 
@@ -167,13 +144,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			engine = *(++argv);
 			}
-#ifdef GENCB_TEST
-		else if(strcmp(*argv, "-timebomb") == 0)
-			{
-			if (--argc < 1) goto bad;
-			timebomb = atoi(*(++argv));
-			}
-#endif
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
@@ -222,9 +192,6 @@ bad:
 		BIO_printf(bio_err," -genkey       generate a DSA key\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#ifdef GENCB_TEST
-		BIO_printf(bio_err," -timebomb n   interrupt keygen after <n> seconds\n");
-#endif
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -280,50 +247,10 @@ bad:
 
 	if (numbits > 0)
 		{
-		BN_GENCB cb;
-		cb.ver = 2;
-		cb.cb_2 = dsa_cb;
-		cb.arg = bio_err;
-
 		assert(need_rand);
-		dsa = DSA_new();
-		if(!dsa)
-			{
-			BIO_printf(bio_err,"Error allocating DSA object\n");
-			goto end;
-			}
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-#ifdef GENCB_TEST
-		if(timebomb > 0)
-	{
-		struct sigaction act;
-		act.sa_handler = timebomb_sigalarm;
-		act.sa_flags = 0;
-		BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
-				timebomb);
-		if(sigaction(SIGALRM, &act, NULL) != 0)
-			{
-			BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
-			goto end;
-			}
-		alarm(timebomb);
-	}
-#endif
-	        if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
-			{
-#ifdef GENCB_TEST
-			if(stop_keygen_flag)
-				{
-				BIO_printf(bio_err,"DSA key generation time-stopped\n");
-				/* This is an asked-for behaviour! */
-				ret = 0;
-				goto end;
-				}
-#endif
-			BIO_printf(bio_err,"Error, DSA key generation failed\n");
-			goto end;
-			}
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
@@ -448,7 +375,7 @@ end:
 	OPENSSL_EXIT(ret);
 	}
 
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -456,15 +383,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
+	BIO_write(arg,&c,1);
+	(void)BIO_flush(arg);
 #ifdef LINT
 	p=n;
 #endif
-#ifdef GENCB_TEST
-	if(stop_keygen_flag)
-		return 0;
-#endif
-	return 1;
 	}
 #endif

apps/gendh.c

@@ -57,12 +57,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <string.h>

apps/genrsa.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <string.h>

apps/req.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>

apps/s_server.c

@@ -114,12 +114,6 @@
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>

crypto/bn/Makefile.ssl

@@ -39,14 +39,12 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
 	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
 	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
-	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-	bn_depr.c
+	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c
 
 LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
 	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
 	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
-	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
-	bn_depr.o
+	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o
 
 SRC= $(LIBSRC)
 

crypto/bn/bn.h

@@ -287,23 +287,6 @@ typedef struct bn_recp_ctx_st
 	int flags;
 	} BN_RECP_CTX;
 
-/* Used for slow "generation" functions. */
-typedef struct bn_gencb_st BN_GENCB;
-struct bn_gencb_st
-	{
-	unsigned int ver;	/* To handle binary (in)compatibility */
-	void *arg;		/* callback-specific data */
-	union
-		{
-		/* if(ver==1) - handles old style callbacks */
-		void (*cb_1)(int, int, void *);
-		/* if(ver==2) - new callback style */
-		int (*cb_2)(int, int, BN_GENCB *);
-		};
-	};
-/* Wrapper function to make using BN_GENCB easier,  */
-int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-
 #define BN_prime_checks 0 /* default: select number of iterations
 			     based on the size of the number */
 
@@ -448,9 +431,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-
-/* Deprecated versions */
-#ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
 	const BIGNUM *add, const BIGNUM *rem,
 	void (*callback)(int,int,void *),void *cb_arg);
@@ -460,14 +440,6 @@ int	BN_is_prime(const BIGNUM *p,int nchecks,
 int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
 	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
 	int do_trial_division);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* Newer versions */
-int	BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
-		const BIGNUM *rem, BN_GENCB *cb);
-int	BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-int	BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
-		int do_trial_division, BN_GENCB *cb);
 
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);

crypto/bn/bn_depr.c

@@ -1,114 +0,0 @@
-/* crypto/bn/bn_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Support for deprecated functions goes here - static linkage will only slurp
- * this code if applications are using them directly. */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	BIGNUM *rnd=NULL;
-	int found = 0;
-
-	cb.ver = 1;
-	cb.arg = cb_arg;
-	cb.cb_1 = callback;
-
-	if (ret == NULL)
-		{
-		if ((rnd=BN_new()) == NULL) goto err;
-		}
-	else
-		rnd=ret;
-	if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
-		goto err;
-
-	/* we have a prime :-) */
-	found = 1;
-err:
-	if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
-	return(found ? rnd : NULL);
-	}
-
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
-	BN_CTX *ctx_passed, void *cb_arg)
-	{
-	BN_GENCB cb;
-	cb.ver = 1;
-	cb.arg = cb_arg;
-	cb.cb_1 = callback;
-	return BN_is_prime_ex(a, checks, ctx_passed, &cb);
-	}
-
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
-		void (*callback)(int,int,void *),
-		BN_CTX *ctx_passed, void *cb_arg,
-		int do_trial_division)
-	{
-	BN_GENCB cb;
-	cb.ver = 1;
-	cb.arg = cb_arg;
-	cb.cb_1 = callback;
-	return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
-				do_trial_division, &cb);
-	}

crypto/bn/bn_prime.c

@@ -115,11 +115,6 @@
 #include "bn_lcl.h"
 #include <openssl/rand.h>
 
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in bn_depr.c.
- * - Geoff
- */
-
 /* The quick sieve algorithm approach to weeding out primes is
  * Philip Zimmermann's, as implemented in PGP.  I have had a read of
  * his comments and implemented my own version.
@@ -134,29 +129,11 @@ static int probable_prime_dh(BIGNUM *rnd, int bits,
 static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
 	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
 
-int BN_GENCB_call(BN_GENCB *cb, int a, int b)
-	{
-	/* No callback means continue */
-	if(!cb) return 1;
-	switch(cb->ver)
-		{
-	case 1:
-		/* Deprecated-style callbacks */
-		cb->cb_1(a, b, cb->arg);
-		return 1;
-	case 2:
-		/* New-style callbacks */
-		return cb->cb_2(a, b, cb);
-	default:
-		break;
-		}
-	/* Unrecognised callback type */
-	return 0;
-	}
-
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
-	const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+	const BIGNUM *add, const BIGNUM *rem,
+	void (*callback)(int,int,void *), void *cb_arg)
 	{
+	BIGNUM *rnd=NULL;
 	BIGNUM t;
 	int found=0;
 	int i,j,c1=0;
@@ -165,34 +142,38 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
 
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
+	if (ret == NULL)
+		{
+		if ((rnd=BN_new()) == NULL) goto err;
+		}
+	else
+		rnd=ret;
 	BN_init(&t);
 loop: 
 	/* make a random number and set the top and bottom bits */
 	if (add == NULL)
 		{
-		if (!probable_prime(ret,bits)) goto err;
+		if (!probable_prime(rnd,bits)) goto err;
 		}
 	else
 		{
 		if (safe)
 			{
-			if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
+			if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
 				 goto err;
 			}
 		else
 			{
-			if (!probable_prime_dh(ret,bits,add,rem,ctx))
+			if (!probable_prime_dh(rnd,bits,add,rem,ctx))
 				goto err;
 			}
 		}
-	/* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
-	if(!BN_GENCB_call(cb, 0, c1++))
-		/* aborted */
-		goto err;
+	/* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
+	if (callback != NULL) callback(0,c1++,cb_arg);
 
 	if (!safe)
 		{
-		i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
+		i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0);
 		if (i == -1) goto err;
 		if (i == 0) goto loop;
 		}
@@ -202,38 +183,41 @@ loop:
 		 * check that (p-1)/2 is prime.
 		 * Since a prime is odd, We just
 		 * need to divide by 2 */
-		if (!BN_rshift1(&t,ret)) goto err;
+		if (!BN_rshift1(&t,rnd)) goto err;
 
 		for (i=0; i<checks; i++)
 			{
-			j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
+			j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
-			j=BN_is_prime_fasttest_ex(&t,1,ctx,0,cb);
+			j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
-			if(!BN_GENCB_call(cb, 2, c1-1))
-				goto err;
+			if (callback != NULL) callback(2,c1-1,cb_arg);
 			/* We have a safe prime test pass */
 			}
 		}
 	/* we have a prime :-) */
 	found = 1;
 err:
+	if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
 	BN_free(&t);
 	if (ctx != NULL) BN_CTX_free(ctx);
-	return found;
+	return(found ? rnd : NULL);
 	}
 
-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
+int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
+	BN_CTX *ctx_passed, void *cb_arg)
 	{
-	return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
+	return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0);
 	}
 
-int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
-		int do_trial_division, BN_GENCB *cb)
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+		void (*callback)(int,int,void *),
+		BN_CTX *ctx_passed, void *cb_arg,
+		int do_trial_division)
 	{
 	int i, j, ret = -1;
 	int k;
@@ -256,8 +240,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
 		for (i = 1; i < NUMPRIMES; i++)
 			if (BN_mod_word(a, primes[i]) == 0) 
 				return 0;
-		if(!BN_GENCB_call(cb, 1, -1))
-			goto err;
+		if (callback != NULL) callback(1, -1, cb_arg);
 		}
 
 	if (ctx_passed != NULL)
@@ -323,8 +306,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
 			ret=0;
 			goto err;
 			}
-		if(!BN_GENCB_call(cb, 1, i))
-			goto err;
+		if (callback != NULL) callback(1,i,cb_arg);
 		}
 	ret=1;
 err:

crypto/bn/bntest.c

@@ -69,12 +69,6 @@
  *
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

crypto/dh/Makefile.ssl

@@ -23,8 +23,8 @@ TEST= dhtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
-LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
 
 SRC= $(LIBSRC)
 

crypto/dh/dh.h

@@ -165,16 +165,8 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DH_set_ex_data(DH *d, int idx, void *arg);
 void *DH_get_ex_data(DH *d, int idx);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
 DH *	DH_generate_parameters(int prime_len,int generator,
 		void (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
-
 int	DH_check(const DH *dh,int *codes);
 int	DH_generate_key(DH *dh);
 int	DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);

crypto/dh/dh_check.c

@@ -104,12 +104,12 @@ int DH_check(const DH *dh, int *ret)
 	else
 		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
 
-	if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
+	if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
 		*ret|=DH_CHECK_P_NOT_PRIME;
 	else
 		{
 		if (!BN_rshift1(q,dh->p)) goto err;
-		if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
+		if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
 			*ret|=DH_CHECK_P_NOT_SAFE_PRIME;
 		}
 	ok=1;

crypto/dh/dh_depr.c

@@ -1,81 +0,0 @@
-/* crypto/dh/dh_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-/* This file contains deprecated functions as wrappers to the new ones */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-DH *DH_generate_parameters(int prime_len, int generator,
-	     void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	DH *ret=NULL;
-
-	if((ret=DH_new()) == NULL)
-		return NULL;
-
-	cb.ver = 1;
-	cb.arg = cb_arg;
-	cb.cb_1 = callback;
-
-	if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))
-		return ret;
-	DH_free(ret);
-	return NULL;
-	}

crypto/dh/dh_gen.c

@@ -56,11 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- *  - Geoff
- */
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
@@ -91,12 +86,16 @@
  * It's just as OK (and in some sense better) to use a generator of the
  * order-q subgroup.
  */
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+DH *DH_generate_parameters(int prime_len, int generator,
+	     void (*callback)(int,int,void *), void *cb_arg)
 	{
-	BIGNUM *t1,*t2;
+	BIGNUM *p=NULL,*t1,*t2;
+	DH *ret=NULL;
 	int g,ok= -1;
 	BN_CTX *ctx=NULL;
 
+	ret=DH_new();
+	if (ret == NULL) goto err;
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
 	BN_CTX_start(ctx);
@@ -104,10 +103,6 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
 	t2 = BN_CTX_get(ctx);
 	if (t1 == NULL || t2 == NULL) goto err;
 	
-	/* Make sure 'ret' has the necessary elements */
-	if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
-	if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
-	
 	if (generator <= 1)
 		{
 		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
@@ -146,8 +141,11 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
 		g=generator;
 		}
 	
-	if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
-	if(!BN_GENCB_call(cb, 3, 0)) goto err;
+	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
+	if (p == NULL) goto err;
+	if (callback != NULL) callback(3,0,cb_arg);
+	ret->p=p;
+	ret->g=BN_new();
 	if (!BN_set_word(ret->g,g)) goto err;
 	ok=1;
 err:
@@ -162,5 +160,10 @@ err:
 		BN_CTX_end(ctx);
 		BN_CTX_free(ctx);
 		}
-	return ok;
+	if (!ok && (ret != NULL))
+		{
+		DH_free(ret);
+		ret=NULL;
+		}
+	return(ret);
 	}

crypto/dh/dhtest.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

crypto/dsa/Makefile.ssl

@@ -24,9 +24,9 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
-	dsa_err.c dsa_ossl.c dsa_depr.c
+	dsa_err.c dsa_ossl.c
 LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
-	dsa_err.o dsa_ossl.o dsa_depr.o
+	dsa_err.o dsa_ossl.o
 
 SRC= $(LIBSRC)
 

crypto/dsa/dsa.h

@@ -186,20 +186,10 @@ void *DSA_get_ex_data(DSA *d, int idx);
 DSA *	d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
 DSA *	d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
 DSA * 	d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
 DSA *	DSA_generate_parameters(int bits,
 		unsigned char *seed,int seed_len,
 		int *counter_ret, unsigned long *h_ret,void
 		(*callback)(int, int, void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	DSA_generate_parameters_ex(DSA *dsa, int bits,
-		unsigned char *seed,int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
 int	DSA_generate_key(DSA *a);
 int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
 int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);

crypto/dsa/dsa_depr.c

@@ -1,104 +0,0 @@
-/* crypto/dsa/dsa_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* This file contains deprecated function(s) that are now wrappers to the new
- * version(s). */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH    EVP_sha1()
-#endif 
-
-#ifndef OPENSSL_NO_SHA
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-DSA *DSA_generate_parameters(int bits,
-		unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret,
-		void (*callback)(int, int, void *),
-		void *cb_arg)
-	{
-	BN_GENCB cb;
-	DSA *ret;
-
-	if ((ret=DSA_new()) == NULL) return NULL;
-
-	cb.ver = 1;
-	cb.arg = cb_arg;
-	cb.cb_1 = callback;
-
-	if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
-				counter_ret, h_ret, &cb))
-		return ret;
-	DSA_free(ret);
-	return NULL;
-	}
-#endif

crypto/dsa/dsa_gen.c

@@ -80,9 +80,11 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-int DSA_generate_parameters_ex(DSA *ret, int bits,
+DSA *DSA_generate_parameters(int bits,
 		unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+		int *counter_ret, unsigned long *h_ret,
+		void (*callback)(int, int, void *),
+		void *cb_arg)
 	{
 	int ok=0;
 	unsigned char seed[SHA_DIGEST_LENGTH];
@@ -96,6 +98,7 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 	int r=0;
 	BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
 	unsigned int h=2;
+	DSA *ret=NULL;
 
 	if (bits < 512) bits=512;
 	bits=(bits+63)/64*64;
@@ -111,6 +114,7 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	if ((ctx2=BN_CTX_new()) == NULL) goto err;
 	if ((ctx3=BN_CTX_new()) == NULL) goto err;
+	if ((ret=DSA_new()) == NULL) goto err;
 
 	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 
@@ -133,8 +137,7 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 			int seed_is_random;
 
 			/* step 1 */
-			if(!BN_GENCB_call(cb, 0, m++))
-				goto err;
+			if (callback != NULL) callback(0,m++,cb_arg);
 
 			if (!seed_len)
 				{
@@ -167,8 +170,7 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 			if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
 
 			/* step 4 */
-			r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx3,
-					seed_is_random, cb);
+			r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
 			if (r > 0)
 				break;
 			if (r != 0)
@@ -178,8 +180,8 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 			/* step 5 */
 			}
 
-		if(!BN_GENCB_call(cb, 2, 0)) goto err;
-		if(!BN_GENCB_call(cb, 3, 0)) goto err;
+		if (callback != NULL) callback(2,0,cb_arg);
+		if (callback != NULL) callback(3,0,cb_arg);
 
 		/* step 6 */
 		counter=0;
@@ -190,8 +192,8 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 
 		for (;;)
 			{
-			if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
-				goto err;
+			if (callback != NULL && counter != 0)
+				callback(0,counter,cb_arg);
 
 			/* step 7 */
 			BN_zero(W);
@@ -229,8 +231,7 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 			if (BN_cmp(p,test) >= 0)
 				{
 				/* step 11 */
-				r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
-						ctx3, 1, cb);
+				r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
 				if (r > 0)
 						goto end; /* found it */
 				if (r != 0)
@@ -246,8 +247,7 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 			}
 		}
 end:
-	if(!BN_GENCB_call(cb, 2, 1))
-		goto err;
+	if (callback != NULL) callback(2,1,cb_arg);
 
 	/* We now need to generate g */
 	/* Set r0=(p-1)/q */
@@ -266,16 +266,16 @@ end:
 		h++;
 		}
 
-	if(!BN_GENCB_call(cb, 3, 1))
-		goto err;
+	if (callback != NULL) callback(3,1,cb_arg);
 
 	ok=1;
 err:
-	if (ok)
+	if (!ok)
+		{
+		if (ret != NULL) DSA_free(ret);
+		}
+	else
 		{
-		if(ret->p) BN_free(ret->p);
-		if(ret->q) BN_free(ret->q);
-		if(ret->g) BN_free(ret->g);
 		ret->p=BN_dup(p);
 		ret->q=BN_dup(q);
 		ret->g=BN_dup(g);
@@ -291,6 +291,6 @@ err:
 		}
 	if (ctx3 != NULL) BN_CTX_free(ctx3);
 	if (mont != NULL) BN_MONT_CTX_free(mont);
-	return ok;
+	return(ok?ret:NULL);
 	}
 #endif

crypto/dsa/dsatest.c

@@ -56,12 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

crypto/ec/ectest.c

@@ -333,7 +333,7 @@ void prime_field_tests()
 	/* Curve P-192 (FIPS PUB 186-2, App. 6) */
 	
 	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
 	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
 	if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
 	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
@@ -377,7 +377,7 @@ void prime_field_tests()
 	/* Curve P-224 (FIPS PUB 186-2, App. 6) */
 	
 	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
 	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
 	if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
 	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
@@ -421,7 +421,7 @@ void prime_field_tests()
 	/* Curve P-256 (FIPS PUB 186-2, App. 6) */
 	
 	if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
 	if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
 	if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
 	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
@@ -467,7 +467,7 @@ void prime_field_tests()
 	
 	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
 		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
 	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
 		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
 	if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
@@ -518,7 +518,7 @@ void prime_field_tests()
 	if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
 		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
 		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
 	if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
 		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
 		"FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;

crypto/ecdsa/ecdsatest.c

@@ -69,12 +69,6 @@
  *
  */
 
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -289,7 +283,7 @@ int test_builtin(BIO *out)
 	size_t		crv_len = 0, n = 0;
 	EC_KEY		*eckey = NULL, *wrong_eckey = NULL;
 	unsigned char	digest[20], wrong_digest[20];
-	unsigned char	*signature = NULL; 
+	unsigned char	*signature; 
 	unsigned int	sig_len;
 	int		nid, ret =  0;
 	

crypto/rsa/Makefile.ssl

@@ -25,10 +25,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
 	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
-	rsa_asn1.c rsa_depr.c
+	rsa_asn1.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
 	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
-	rsa_asn1.o rsa_depr.o
+	rsa_asn1.o
 
 SRC= $(LIBSRC)
 

crypto/rsa/rsa.h

@@ -183,16 +183,8 @@ struct rsa_st
 RSA *	RSA_new(void);
 RSA *	RSA_new_method(ENGINE *engine);
 int	RSA_size(const RSA *);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
 RSA *	RSA_generate_key(int bits, unsigned long e,void
 		(*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e, BN_GENCB *cb);
-
 int	RSA_check_key(const RSA *);
 	/* next 4 return -1 on error */
 int	RSA_public_encrypt(int flen, const unsigned char *from,

crypto/rsa/rsa_chk.c

@@ -75,7 +75,7 @@ int RSA_check_key(const RSA *key)
 		}
 	
 	/* p prime? */
-	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
+	r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
 	if (r != 1)
 		{
 		ret = r;
@@ -85,7 +85,7 @@ int RSA_check_key(const RSA *key)
 		}
 	
 	/* q prime? */
-	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
+	r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
 	if (r != 1)
 		{
 		ret = r;

crypto/rsa/rsa_depr.c

@@ -1,83 +0,0 @@
-/* crypto/rsa/rsa_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NB: This file contains deprecated functions (compatibility wrappers to the
- * "new" versions). */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-RSA *RSA_generate_key(int bits, unsigned long e_value,
-	     void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	RSA *rsa;
-
-	if((rsa=RSA_new()) == NULL)
-		return 0;
-
-	cb.ver = 1;
-	cb.arg = cb_arg;
-	cb.cb_1 = callback;
-
-	if(RSA_generate_key_ex(rsa, bits, e_value, &cb))
-		return rsa;
-	RSA_free(rsa);
-	return 0;
-	}
-

crypto/rsa/rsa_gen.c

@@ -56,20 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in rsa_depr.c.
- * - Geoff
- */
-
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 
-int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb)
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+	     void (*callback)(int,int,void *), void *cb_arg)
 	{
+	RSA *rsa=NULL;
 	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
 	int bitsp,bitsq,ok= -1,n=0,i;
 	BN_CTX *ctx=NULL,*ctx2=NULL;
@@ -87,16 +83,12 @@ int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb)
 
 	bitsp=(bits+1)/2;
 	bitsq=bits-bitsp;
+	rsa=RSA_new();
+	if (rsa == NULL) goto err;
 
-	/* We need the RSA components non-NULL */
-	if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-	if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-	if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
-	if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
-	if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
-	if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
-	if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
-	if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
+	/* set e */ 
+	rsa->e=BN_new();
+	if (rsa->e == NULL) goto err;
 
 #if 1
 	/* The problem is when building with 8, 16, or 32 BN_ULONG,
@@ -113,29 +105,27 @@ int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb)
 	/* generate p and q */
 	for (;;)
 		{
-		if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
-			goto err;
+		rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
+		if (rsa->p == NULL) goto err;
 		if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
 		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
 		if (BN_is_one(r1)) break;
-		if(!BN_GENCB_call(cb, 2, n++))
-			goto err;
+		if (callback != NULL) callback(2,n++,cb_arg);
+		BN_free(rsa->p);
 		}
-	if(!BN_GENCB_call(cb, 3, 0))
-		goto err;
+	if (callback != NULL) callback(3,0,cb_arg);
 	for (;;)
 		{
-		if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
-			goto err;
+		rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
+		if (rsa->q == NULL) goto err;
 		if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
 		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
 		if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
 			break;
-		if(!BN_GENCB_call(cb, 2, n++))
-			goto err;
+		if (callback != NULL) callback(2,n++,cb_arg);
+		BN_free(rsa->q);
 		}
-	if(!BN_GENCB_call(cb, 3, 1))
-		goto err;
+	if (callback != NULL) callback(3,1,cb_arg);
 	if (BN_cmp(rsa->p,rsa->q) < 0)
 		{
 		tmp=rsa->p;
@@ -144,6 +134,8 @@ int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb)
 		}
 
 	/* calculate n */
+	rsa->n=BN_new();
+	if (rsa->n == NULL) goto err;
 	if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
 
 	/* calculate d */
@@ -194,6 +186,12 @@ err:
 	BN_CTX_free(ctx);
 	BN_CTX_free(ctx2);
 	
-	return ok;
+	if (!ok)
+		{
+		if (rsa != NULL) RSA_free(rsa);
+		return(NULL);
+		}
+	else
+		return(rsa);
 	}
 

doc/crypto/SSLeay_version.pod

@@ -1,74 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSLeay_version - retrieve version/build information about OpenSSL library
-
-=head1 SYNOPSIS
-
- #include <openssl/crypto.h>
-
- const char *SSLeay_version(int type);
-
-=head1 DESCRIPTION
-
-SSLeay_version() returns a pointer to a constant string describing the
-version of the OpenSSL library or giving information about the library
-build.
-
-The following B<type> values are supported:
-
-=over 4
-
-=item SSLEAY_VERSION
-
-The version of the OpenSSL library including the release date.
-
-=item SSLEAY_CFLAGS
-
-The compiler flags set for the compilation process in the form
-"compiler: ..."  if available or "compiler: information not available"
-otherwise.
-
-=item SSLEAY_BUILT_ON
-
-The date of the build process in the form "built on: ..." if available
-or "built on: date not available" otherwise.
-
-=item SSLEAY_PLATFORM
-
-The "Configure" target of the library build in the form "platform: ..."
-if available or "platform: information not available" otherwise.
-
-=item SSLEAY_DIR
-
-The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
-if available or "OPENSSLDIR: N/A" otherwise.
-
-=back
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item "not available"
-
-An invalid value for B<type> was given.
-
-=item Pointer to constant string
-
-Textual description.
-
-=back
-
-=head1 SEE ALSO
-
-L<crypto(3)|crypto(3)>
-
-=head1 HISTORY
-
-B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
-
-=cut

ssl/ssl.h

@@ -587,7 +587,7 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
 typedef struct ssl_comp_st
 	{
 	int id;
-	const char *name;
+	char *name;
 #ifndef OPENSSL_NO_COMP
 	COMP_METHOD *method;
 #else

ssl/ssltest.c

@@ -1580,21 +1580,9 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	if (rsa_tmp == NULL)
 		{
-		rsa_tmp = RSA_new();
-		if(!rsa_tmp)
-			{
-			BIO_printf(bio_err, "Memory error...");
-			goto end;
-			}
 		BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
 		(void)BIO_flush(bio_err);
-		if(!RSA_generate_key_ex(rsa_tmp,keylength,RSA_F4,NULL))
-			{
-			BIO_printf(bio_err, "Error generating key.", keylength);
-			RSA_free(rsa_tmp);
-			rsa_tmp = NULL;
-			}
-end:
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
 		BIO_printf(bio_err,"\n");
 		(void)BIO_flush(bio_err);
 		}