From ec372b3bc2c54b959a1a67ccd99570247971e22e Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Thu, 28 Aug 2025 15:28:31 +0100 Subject: [PATCH 01/15] aes: cfg out ossl3 deprecated types --- openssl-sys/src/aes.rs | 3 +++ openssl-sys/src/handwritten/aes.rs | 2 ++ 2 files changed, 5 insertions(+) diff --git a/openssl-sys/src/aes.rs b/openssl-sys/src/aes.rs index ade6e842f..7fcb838ce 100644 --- a/openssl-sys/src/aes.rs +++ b/openssl-sys/src/aes.rs @@ -1,7 +1,10 @@ use libc::*; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const AES_ENCRYPT: c_int = 1; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const AES_DECRYPT: c_int = 0; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const AES_MAXNR: c_int = 14; pub const AES_BLOCK_SIZE: c_int = 16; diff --git a/openssl-sys/src/handwritten/aes.rs b/openssl-sys/src/handwritten/aes.rs index ba249362c..fea137bb3 100644 --- a/openssl-sys/src/handwritten/aes.rs +++ b/openssl-sys/src/handwritten/aes.rs @@ -1,6 +1,7 @@ use super::super::*; use libc::*; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] #[repr(C)] pub struct AES_KEY { // There is some business with AES_LONG which is there to ensure the values here are 32 bits @@ -8,6 +9,7 @@ pub struct AES_KEY { rounds: c_int, } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn AES_set_encrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int; pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int; From 98f4ca3534ef526d5d3e1be040bb343144dd2821 Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Thu, 28 Aug 2025 15:29:23 +0100 Subject: [PATCH 02/15] cmac: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/cmac.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl-sys/src/handwritten/cmac.rs b/openssl-sys/src/handwritten/cmac.rs index e44094d21..10a23260f 100644 --- a/openssl-sys/src/handwritten/cmac.rs +++ b/openssl-sys/src/handwritten/cmac.rs @@ -2,6 +2,7 @@ use libc::*; use super::super::*; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn CMAC_CTX_new() -> *mut CMAC_CTX; pub fn CMAC_CTX_free(ctx: *mut CMAC_CTX); From 2079b57abd37e88aab4ae3b2c90694a174a06c4d Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Thu, 28 Aug 2025 16:42:41 +0100 Subject: [PATCH 03/15] dh: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/dh.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl-sys/src/handwritten/dh.rs b/openssl-sys/src/handwritten/dh.rs index 326a132fd..38098876e 100644 --- a/openssl-sys/src/handwritten/dh.rs +++ b/openssl-sys/src/handwritten/dh.rs @@ -6,6 +6,7 @@ extern "C" { pub fn EVP_PKEY_CTX_set_dh_paramgen_generator(ctx: *mut EVP_PKEY_CTX, gen: c_int) -> c_int; } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn DH_new() -> *mut DH; pub fn DH_free(dh: *mut DH); From 772182400a0bea8660ce2949d7af22ff56eca609 Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Thu, 28 Aug 2025 16:43:01 +0100 Subject: [PATCH 04/15] dsa: cfg out ossl3 deprecated types --- openssl-sys/src/dsa.rs | 4 ++-- openssl-sys/src/handwritten/dsa.rs | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/dsa.rs b/openssl-sys/src/dsa.rs index aff3c6676..cd5abfec8 100644 --- a/openssl-sys/src/dsa.rs +++ b/openssl-sys/src/dsa.rs @@ -15,7 +15,7 @@ cfg_if! { ptr::null_mut(), ) } + + pub const EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: c_int = EVP_PKEY_ALG_CTRL + 1; } } - -pub const EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: c_int = EVP_PKEY_ALG_CTRL + 1; diff --git a/openssl-sys/src/handwritten/dsa.rs b/openssl-sys/src/handwritten/dsa.rs index 0d20a5da1..a6ceb0461 100644 --- a/openssl-sys/src/handwritten/dsa.rs +++ b/openssl-sys/src/handwritten/dsa.rs @@ -19,6 +19,7 @@ cfg_if! { } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn DSA_new() -> *mut DSA; pub fn DSA_free(dsa: *mut DSA); @@ -72,6 +73,9 @@ extern "C" { pub fn DSA_get0_key(d: *const DSA, pub_key: *mut *const BIGNUM, priv_key: *mut *const BIGNUM); #[cfg(any(ossl110, libressl273))] pub fn DSA_set0_key(d: *mut DSA, pub_key: *mut BIGNUM, priv_key: *mut BIGNUM) -> c_int; +} + +extern "C" { pub fn d2i_DSA_SIG( sig: *mut *mut DSA_SIG, pp: *mut *const c_uchar, From fd7012dd85eb49beada1fdd8c4a80b665d324e92 Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 10:36:31 +0100 Subject: [PATCH 05/15] ec: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/ec.rs | 116 ++++++++++++++++-------------- 1 file changed, 61 insertions(+), 55 deletions(-) diff --git a/openssl-sys/src/handwritten/ec.rs b/openssl-sys/src/handwritten/ec.rs index 1e099e0eb..6f717932b 100644 --- a/openssl-sys/src/handwritten/ec.rs +++ b/openssl-sys/src/handwritten/ec.rs @@ -14,16 +14,13 @@ pub enum point_conversion_form_t { POINT_CONVERSION_HYBRID = 6, } -#[cfg(not(libressl410))] +#[cfg(not(any(libressl410, osslconf = "OPENSSL_NO_DEPRECATED_3_0")))] pub enum EC_METHOD {} pub enum EC_GROUP {} pub enum EC_POINT {} extern "C" { - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_GF2m_simple_method() -> *const EC_METHOD; - - #[cfg(not(libressl410))] + #[cfg(not(any(libressl410, osslconf = "OPENSSL_NO_DEPRECATED_3_0")))] pub fn EC_GROUP_new(meth: *const EC_METHOD) -> *mut EC_GROUP; pub fn EC_GROUP_dup(group: *const EC_GROUP) -> *mut EC_GROUP; @@ -57,23 +54,6 @@ extern "C" { pub fn EC_GROUP_get_asn1_flag(group: *const EC_GROUP) -> c_int; - pub fn EC_GROUP_get_curve_GFp( - group: *const EC_GROUP, - p: *mut BIGNUM, - a: *mut BIGNUM, - b: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_GROUP_get_curve_GF2m( - group: *const EC_GROUP, - p: *mut BIGNUM, - a: *mut BIGNUM, - b: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - pub fn EC_GROUP_get_degree(group: *const EC_GROUP) -> c_int; #[cfg(ossl110)] @@ -127,31 +107,6 @@ extern "C" { ctx: *mut BN_CTX, ) -> c_int; - pub fn EC_POINT_get_affine_coordinates_GFp( - group: *const EC_GROUP, - p: *const EC_POINT, - x: *mut BIGNUM, - y: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - - pub fn EC_POINT_set_affine_coordinates_GFp( - group: *const EC_GROUP, - p: *mut EC_POINT, - x: *const BIGNUM, - y: *const BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - - #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] - pub fn EC_POINT_get_affine_coordinates_GF2m( - group: *const EC_GROUP, - p: *const EC_POINT, - x: *mut BIGNUM, - y: *mut BIGNUM, - ctx: *mut BN_CTX, - ) -> c_int; - pub fn EC_POINT_point2oct( group: *const EC_GROUP, p: *const EC_POINT, @@ -208,6 +163,54 @@ extern "C" { m: *const BIGNUM, ctx: *mut BN_CTX, ) -> c_int; +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +extern "C" { + #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] + pub fn EC_GF2m_simple_method() -> *const EC_METHOD; + + pub fn EC_GROUP_get_curve_GFp( + group: *const EC_GROUP, + p: *mut BIGNUM, + a: *mut BIGNUM, + b: *mut BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; + + #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] + pub fn EC_GROUP_get_curve_GF2m( + group: *const EC_GROUP, + p: *mut BIGNUM, + a: *mut BIGNUM, + b: *mut BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; + + pub fn EC_POINT_get_affine_coordinates_GFp( + group: *const EC_GROUP, + p: *const EC_POINT, + x: *mut BIGNUM, + y: *mut BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; + + pub fn EC_POINT_set_affine_coordinates_GFp( + group: *const EC_GROUP, + p: *mut EC_POINT, + x: *const BIGNUM, + y: *const BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; + + #[cfg(not(osslconf = "OPENSSL_NO_EC2M"))] + pub fn EC_POINT_get_affine_coordinates_GF2m( + group: *const EC_GROUP, + p: *const EC_POINT, + x: *mut BIGNUM, + y: *mut BIGNUM, + ctx: *mut BN_CTX, + ) -> c_int; pub fn EC_KEY_new() -> *mut EC_KEY; @@ -265,6 +268,17 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn ECDSA_SIG_set0(sig: *mut ECDSA_SIG, pr: *mut BIGNUM, ps: *mut BIGNUM) -> c_int; + pub fn d2i_ECDSA_SIG( + sig: *mut *mut ECDSA_SIG, + inp: *mut *const c_uchar, + length: c_long, + ) -> *mut ECDSA_SIG; + + pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, out: *mut *mut c_uchar) -> c_int; +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +extern "C" { pub fn ECDSA_do_sign( dgst: *const c_uchar, dgst_len: c_int, @@ -277,12 +291,4 @@ extern "C" { sig: *const ECDSA_SIG, eckey: *mut EC_KEY, ) -> c_int; - - pub fn d2i_ECDSA_SIG( - sig: *mut *mut ECDSA_SIG, - inp: *mut *const c_uchar, - length: c_long, - ) -> *mut ECDSA_SIG; - - pub fn i2d_ECDSA_SIG(sig: *const ECDSA_SIG, out: *mut *mut c_uchar) -> c_int; } From 79a083b42e747f80282778c73f235027103b038b Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 10:38:35 +0100 Subject: [PATCH 06/15] err: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/err.rs | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/openssl-sys/src/handwritten/err.rs b/openssl-sys/src/handwritten/err.rs index 5653c1d18..9ebc605cd 100644 --- a/openssl-sys/src/handwritten/err.rs +++ b/openssl-sys/src/handwritten/err.rs @@ -33,16 +33,9 @@ extern "C" { data: *mut *const c_char, flags: *mut c_int, ) -> c_ulong; - pub fn ERR_get_error_line_data( - file: *mut *const c_char, - line: *mut c_int, - data: *mut *const c_char, - flags: *mut c_int, - ) -> c_ulong; pub fn ERR_peek_last_error() -> c_ulong; pub fn ERR_clear_error(); pub fn ERR_lib_error_string(err: c_ulong) -> *const c_char; - pub fn ERR_func_error_string(err: c_ulong) -> *const c_char; pub fn ERR_reason_error_string(err: c_ulong) -> *const c_char; #[cfg(ossl110)] pub fn ERR_load_strings(lib: c_int, str: *mut ERR_STRING_DATA) -> c_int; @@ -53,3 +46,14 @@ extern "C" { pub fn ERR_get_next_error_library() -> c_int; } + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +extern "C" { + pub fn ERR_get_error_line_data( + file: *mut *const c_char, + line: *mut c_int, + data: *mut *const c_char, + flags: *mut c_int, + ) -> c_ulong; + pub fn ERR_func_error_string(err: c_ulong) -> *const c_char; +} From 79ac052415c462c55fab334aa2fcc77a60e93009 Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 13:37:52 +0100 Subject: [PATCH 07/15] evp: cfg out ossl3 deprecated types --- openssl-sys/src/evp.rs | 4 ++++ openssl-sys/src/handwritten/evp.rs | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index df4115a85..4d3fb5768 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -335,18 +335,22 @@ pub unsafe fn EVP_PKEY_CTX_set_signature_md(cxt: *mut EVP_PKEY_CTX, md: *mut EVP ) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn EVP_PKEY_assign_RSA(pkey: *mut EVP_PKEY, rsa: *mut RSA) -> c_int { EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn EVP_PKEY_assign_DSA(pkey: *mut EVP_PKEY, dsa: *mut DSA) -> c_int { EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn EVP_PKEY_assign_DH(pkey: *mut EVP_PKEY, dh: *mut DH) -> c_int { EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn EVP_PKEY_assign_EC_KEY(pkey: *mut EVP_PKEY, ec_key: *mut EC_KEY) -> c_int { EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec_key as *mut c_void) } diff --git a/openssl-sys/src/handwritten/evp.rs b/openssl-sys/src/handwritten/evp.rs index 67799a85e..9a39a49d8 100644 --- a/openssl-sys/src/handwritten/evp.rs +++ b/openssl-sys/src/handwritten/evp.rs @@ -472,6 +472,7 @@ cfg_if! { } } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] const_ptr_api! { extern "C" { pub fn EVP_PKEY_get1_RSA(k: #[const_ptr_if(libressl420)] EVP_PKEY) -> *mut RSA; @@ -480,6 +481,7 @@ const_ptr_api! { pub fn EVP_PKEY_get1_EC_KEY(k: #[const_ptr_if(libressl420)] EVP_PKEY) -> *mut EC_KEY; } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn EVP_PKEY_assign(pkey: *mut EVP_PKEY, typ: c_int, key: *mut c_void) -> c_int; @@ -488,6 +490,10 @@ extern "C" { pub fn EVP_PKEY_set1_DH(k: *mut EVP_PKEY, k: *mut DH) -> c_int; pub fn EVP_PKEY_set1_EC_KEY(k: *mut EVP_PKEY, k: *mut EC_KEY) -> c_int; + pub fn EVP_PKEY_cmp(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; +} + +extern "C" { pub fn EVP_PKEY_new() -> *mut EVP_PKEY; pub fn EVP_PKEY_free(k: *mut EVP_PKEY); #[cfg(any(ossl110, libressl270))] @@ -520,8 +526,6 @@ extern "C" { length: c_long, ) -> *mut EVP_PKEY; - #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] - pub fn EVP_PKEY_cmp(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; #[cfg(ossl300)] pub fn EVP_PKEY_eq(a: *const EVP_PKEY, b: *const EVP_PKEY) -> c_int; #[cfg(ossl300)] From c5775293666e54d5ab2de2d59c271bac3a4902c3 Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 13:39:03 +0100 Subject: [PATCH 08/15] hmac: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/hmac.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openssl-sys/src/handwritten/hmac.rs b/openssl-sys/src/handwritten/hmac.rs index b52d63fb1..99ea80a59 100644 --- a/openssl-sys/src/handwritten/hmac.rs +++ b/openssl-sys/src/handwritten/hmac.rs @@ -2,6 +2,7 @@ use libc::*; use super::super::*; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] cfg_if! { if #[cfg(any(ossl110, libressl350))] { extern "C" { @@ -16,6 +17,7 @@ cfg_if! { } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn HMAC_Init_ex( ctx: *mut HMAC_CTX, From 873d02c3754b1e77ce465ccb376640f0142bdb1a Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 13:43:03 +0100 Subject: [PATCH 09/15] pem: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/pem.rs | 167 +++++++++++++++-------------- 1 file changed, 87 insertions(+), 80 deletions(-) diff --git a/openssl-sys/src/handwritten/pem.rs b/openssl-sys/src/handwritten/pem.rs index 42997177e..099aea768 100644 --- a/openssl-sys/src/handwritten/pem.rs +++ b/openssl-sys/src/handwritten/pem.rs @@ -15,35 +15,6 @@ const_ptr_api! { pub fn PEM_write_bio_X509(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509) -> c_int; pub fn PEM_write_bio_X509_REQ(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509_REQ) -> c_int; pub fn PEM_write_bio_X509_CRL(bio: *mut BIO, x509: #[const_ptr_if(ossl300)] X509_CRL) -> c_int; - pub fn PEM_write_bio_RSAPrivateKey( - bp: *mut BIO, - rsa: #[const_ptr_if(ossl300)] RSA, - cipher: *const EVP_CIPHER, - kstr: #[const_ptr_if(ossl300)] c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: #[const_ptr_if(ossl300)] RSA) -> c_int; - pub fn PEM_write_bio_DSAPrivateKey( - bp: *mut BIO, - dsa: #[const_ptr_if(ossl300)] DSA, - cipher: *const EVP_CIPHER, - kstr: #[const_ptr_if(ossl300)] c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_ECPrivateKey( - bio: *mut BIO, - key: #[const_ptr_if(ossl300)] EC_KEY, - cipher: *const EVP_CIPHER, - kstr: #[const_ptr_if(ossl300)] c_uchar, - klen: c_int, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> c_int; - pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: #[const_ptr_if(ossl300)] DSA) -> c_int; pub fn PEM_write_bio_PrivateKey( bio: *mut BIO, pkey: #[const_ptr_if(ossl300)] EVP_PKEY, @@ -64,7 +35,6 @@ const_ptr_api! { user_data: *mut c_void, ) -> c_int; pub fn PEM_write_bio_PKCS7(bp: *mut BIO, x: #[const_ptr_if(ossl300)] PKCS7) -> c_int; - pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: #[const_ptr_if(ossl300)] EC_KEY) -> c_int; pub fn i2d_PKCS8PrivateKey_bio( bp: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY, @@ -96,56 +66,6 @@ extern "C" { callback: pem_password_cb, user_data: *mut c_void, ) -> *mut X509_CRL; - pub fn PEM_read_bio_RSAPrivateKey( - bio: *mut BIO, - rsa: *mut *mut RSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut RSA; - pub fn PEM_read_bio_RSAPublicKey( - bio: *mut BIO, - rsa: *mut *mut RSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut RSA; - pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *const RSA) -> c_int; - pub fn PEM_read_bio_RSA_PUBKEY( - bio: *mut BIO, - rsa: *mut *mut RSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut RSA; - pub fn PEM_read_bio_DSAPrivateKey( - bp: *mut BIO, - dsa: *mut *mut DSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut DSA; - pub fn PEM_read_bio_DSA_PUBKEY( - bp: *mut BIO, - dsa: *mut *mut DSA, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut DSA; - pub fn PEM_read_bio_ECPrivateKey( - bio: *mut BIO, - key: *mut *mut EC_KEY, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut EC_KEY; - pub fn PEM_read_bio_EC_PUBKEY( - bp: *mut BIO, - ec: *mut *mut EC_KEY, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut EC_KEY; - pub fn PEM_read_bio_DHparams( - bio: *mut BIO, - out: *mut *mut DH, - callback: pem_password_cb, - user_data: *mut c_void, - ) -> *mut DH; - pub fn PEM_write_bio_DHparams(bio: *mut BIO, x: *const DH) -> c_int; pub fn PEM_read_bio_PrivateKey( bio: *mut BIO, out: *mut *mut EVP_PKEY, @@ -189,3 +109,90 @@ extern "C" { #[cfg(ossl101)] pub fn PEM_write_bio_CMS(bio: *mut BIO, cms: *const CMS_ContentInfo) -> c_int; } + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +const_ptr_api! { + extern "C" { + pub fn PEM_read_bio_DHparams( + bio: *mut BIO, + out: *mut *mut DH, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut DH; + pub fn PEM_read_bio_DSAPrivateKey( + bp: *mut BIO, + dsa: *mut *mut DSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut DSA; + pub fn PEM_read_bio_DSA_PUBKEY( + bp: *mut BIO, + dsa: *mut *mut DSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut DSA; + pub fn PEM_read_bio_ECPrivateKey( + bio: *mut BIO, + key: *mut *mut EC_KEY, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut EC_KEY; + pub fn PEM_read_bio_EC_PUBKEY( + bp: *mut BIO, + ec: *mut *mut EC_KEY, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut EC_KEY; + pub fn PEM_read_bio_RSAPrivateKey( + bio: *mut BIO, + rsa: *mut *mut RSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut RSA; + pub fn PEM_read_bio_RSA_PUBKEY( + bio: *mut BIO, + rsa: *mut *mut RSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut RSA; + pub fn PEM_read_bio_RSAPublicKey( + bio: *mut BIO, + rsa: *mut *mut RSA, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut RSA; + + pub fn PEM_write_bio_DHparams(bio: *mut BIO, x: *const DH) -> c_int; + pub fn PEM_write_bio_DSAPrivateKey( + bp: *mut BIO, + dsa: #[const_ptr_if(ossl300)] DSA, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_DSA_PUBKEY(bp: *mut BIO, dsa: #[const_ptr_if(ossl300)] DSA) -> c_int; + pub fn PEM_write_bio_ECPrivateKey( + bio: *mut BIO, + key: #[const_ptr_if(ossl300)] EC_KEY, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_EC_PUBKEY(bp: *mut BIO, ec: #[const_ptr_if(ossl300)] EC_KEY) -> c_int; + pub fn PEM_write_bio_RSAPrivateKey( + bp: *mut BIO, + rsa: #[const_ptr_if(ossl300)] RSA, + cipher: *const EVP_CIPHER, + kstr: #[const_ptr_if(ossl300)] c_uchar, + klen: c_int, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> c_int; + pub fn PEM_write_bio_RSA_PUBKEY(bp: *mut BIO, rsa: #[const_ptr_if(ossl300)] RSA) -> c_int; + pub fn PEM_write_bio_RSAPublicKey(bp: *mut BIO, rsa: *const RSA) -> c_int; + } +} From e1aedcd74dea4c71892b5849f8c3a66d75fb2498 Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 13:45:40 +0100 Subject: [PATCH 10/15] rsa: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/rsa.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl-sys/src/handwritten/rsa.rs b/openssl-sys/src/handwritten/rsa.rs index ec619fc57..5aca2b898 100644 --- a/openssl-sys/src/handwritten/rsa.rs +++ b/openssl-sys/src/handwritten/rsa.rs @@ -16,6 +16,7 @@ cfg_if! { } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { pub fn RSA_new() -> *mut RSA; pub fn RSA_size(k: *const RSA) -> c_int; From cc5a33090724b9f8a8c2f1fd3a77bf241b2a51bc Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 14:13:20 +0100 Subject: [PATCH 11/15] ssl: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/ssl.rs | 1 + openssl-sys/src/ssl.rs | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs index 973f14bd5..9a6ebdf18 100644 --- a/openssl-sys/src/handwritten/ssl.rs +++ b/openssl-sys/src/handwritten/ssl.rs @@ -836,6 +836,7 @@ extern "C" { pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int; } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] extern "C" { #[link_name = "SSL_CTX_set_tmp_dh_callback"] pub fn SSL_CTX_set_tmp_dh_callback__fixed_rust( diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index d2ab77e4e..407945404 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -315,7 +315,9 @@ pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11; pub const SSL_VERIFY_NONE: c_int = 0; pub const SSL_VERIFY_PEER: c_int = 1; pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const SSL_CTRL_SET_TMP_DH: c_int = 3; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4; #[cfg(any(libressl, all(ossl101, not(ossl110))))] pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8; @@ -366,18 +368,22 @@ pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131; #[cfg(ossl300)] pub const SSL_CTRL_GET_TMP_KEY: c_int = 133; +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long { SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long { SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void) } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long { SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void) } @@ -602,11 +608,13 @@ pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long { #[allow(clashing_extern_declarations)] extern "C" { + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] #[deprecated(note = "use SSL_CTX_set_tmp_dh_callback__fixed_rust instead")] pub fn SSL_CTX_set_tmp_dh_callback( ctx: *mut SSL_CTX, dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH, ); + #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] #[deprecated(note = "use SSL_set_tmp_dh_callback__fixed_rust instead")] pub fn SSL_set_tmp_dh_callback( ctx: *mut SSL, From 358cbfb51f2031b714827c7810704365306aa69e Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 14:18:02 +0100 Subject: [PATCH 12/15] x509: cfg out ossl3 deprecated types --- openssl-sys/src/handwritten/x509.rs | 12 +++++++++++- openssl-sys/src/x509_vfy.rs | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs index 0bb682764..8c56309f2 100644 --- a/openssl-sys/src/handwritten/x509.rs +++ b/openssl-sys/src/handwritten/x509.rs @@ -169,15 +169,25 @@ const_ptr_api! { pub fn i2d_PUBKEY_bio(b: *mut BIO, x: #[const_ptr_if(ossl300)] EVP_PKEY) -> c_int; pub fn i2d_PUBKEY(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; + pub fn i2d_PrivateKey(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; + } +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +const_ptr_api! { + extern "C" { pub fn i2d_RSA_PUBKEY(k: #[const_ptr_if(ossl300)] RSA, buf: *mut *mut u8) -> c_int; pub fn i2d_DSA_PUBKEY(a: #[const_ptr_if(ossl300)] DSA, pp: *mut *mut c_uchar) -> c_int; - pub fn i2d_PrivateKey(k: #[const_ptr_if(ossl300)] EVP_PKEY, buf: *mut *mut u8) -> c_int; pub fn i2d_ECPrivateKey(ec_key: #[const_ptr_if(ossl300)] EC_KEY, pp: *mut *mut c_uchar) -> c_int; pub fn i2d_EC_PUBKEY(a: #[const_ptr_if(ossl300)] EC_KEY, pp: *mut *mut c_uchar) -> c_int; } } extern "C" { pub fn d2i_PUBKEY(k: *mut *mut EVP_PKEY, buf: *mut *const u8, len: c_long) -> *mut EVP_PKEY; +} + +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] +extern "C" { pub fn d2i_RSA_PUBKEY(k: *mut *mut RSA, buf: *mut *const u8, len: c_long) -> *mut RSA; pub fn d2i_DSA_PUBKEY(k: *mut *mut DSA, pp: *mut *const c_uchar, length: c_long) -> *mut DSA; pub fn d2i_EC_PUBKEY( diff --git a/openssl-sys/src/x509_vfy.rs b/openssl-sys/src/x509_vfy.rs index 494fa22a9..a576c9a99 100644 --- a/openssl-sys/src/x509_vfy.rs +++ b/openssl-sys/src/x509_vfy.rs @@ -102,7 +102,7 @@ pub const X509_V_ERR_INVALID_CA: c_int = 79; #[cfg(not(any(ossl110, libressl370)))] pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x1; -#[cfg(any(ossl110, libressl370))] +#[cfg(all(any(ossl110, libressl370), not(osslconf = "OPENSSL_NO_DEPRECATED_3_0")))] pub const X509_V_FLAG_CB_ISSUER_CHECK: c_ulong = 0x0; pub const X509_V_FLAG_USE_CHECK_TIME: c_ulong = 0x2; pub const X509_V_FLAG_CRL_CHECK: c_ulong = 0x4; From fab4316297e9d82835c3def94579338279af200a Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 16:28:34 +0100 Subject: [PATCH 13/15] crypto: cfg out ossl3 deprecated types --- openssl-sys/src/crypto.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl-sys/src/crypto.rs b/openssl-sys/src/crypto.rs index 7eff6a847..6cfd7818d 100644 --- a/openssl-sys/src/crypto.rs +++ b/openssl-sys/src/crypto.rs @@ -131,4 +131,5 @@ cfg_if! { } } +#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))] pub const CRYPTO_LOCK: c_int = 1; From 4f9505c204ab0feb534f8aacdd8cfe3bf32ddd66 Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 16:29:57 +0100 Subject: [PATCH 14/15] systest: fix build on deprecated ossl300 --- systest/build.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systest/build.rs b/systest/build.rs index 1ee9ed231..5cfff1104 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -67,6 +67,8 @@ fn main() { .header("openssl/aes.h") .header("openssl/ocsp.h") .header("openssl/evp.h") + .header("openssl/dsa.h") + .header("openssl/rsa.h") .header("openssl/x509_vfy.h"); if let Some(version) = libressl_version { From aab4a522593a4d1880cab6f8ddb067128e008574 Mon Sep 17 00:00:00 2001 From: Huw Jones Date: Fri, 29 Aug 2025 16:46:07 +0100 Subject: [PATCH 15/15] ci: add no deprecated regression test for openssl-sys --- .github/workflows/ci.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6e4650af..5f16118aa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -230,6 +230,11 @@ jobs: library: name: libressl version: 4.1.0 + - target: x86_64-unknown-linux-gnu + bindgen: false + library: + name: openssl-no-deprecated + version: 3.5.0 name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }} runs-on: ubuntu-22.04 env: @@ -273,7 +278,7 @@ jobs: - name: Build OpenSSL run: | case "${{ matrix.library.name }}" in - "openssl") + "openssl"*) if [[ "${{ matrix.library.old }}" == "true" ]]; then url="https://www.openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz" else @@ -327,6 +332,11 @@ jobs: make make install_sw ;; + "openssl-no-deprecated") + ./Configure --prefix=$OPENSSL_DIR --libdir=lib $OS_COMPILER -fPIC -g $OS_FLAGS --api=3.0 no-deprecated no-shared + make + make install_sw + ;; "libressl") ./configure --prefix=$OPENSSL_DIR --disable-shared --with-pic make @@ -401,6 +411,7 @@ jobs: cargo run --manifest-path=systest/Cargo.toml --target ${{ matrix.target }} $features if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc') }} - name: Test openssl + if: ${{ ! endsWith(matrix.library.name, 'no-deprecated') }} run: | if [[ "${{ matrix.library.name }}" == "boringssl" && "${{ matrix.bindgen }}" != "true" ]]; then features="--features unstable_boringssl" @@ -426,4 +437,4 @@ jobs: features="$features --features openssl-sys/bindgen" fi cargo test --manifest-path=openssl-errors/Cargo.toml --target ${{ matrix.target }} $features - if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc') }} + if: ${{ !(matrix.library.name == 'boringssl' || matrix.library.name == 'aws-lc' || endsWith(matrix.library.name, 'no-deprecated')) }}