Issue #292: Fix deprecation warnings related to OpenSSL 3.0 - certmonger

certmonger

#292 Fix deprecation warnings related to OpenSSL 3.0

Opened Aug 6, 2025 by rcritten. Modified Aug 6, 2025

certmonger is still using a number of functions, mostly related to key generation, that were deprecated in 3.0 and will be removed sooner or later. Current OpenSSL uses more generic EVP_PKEY functions for key generation and manipulation.

The set of warnings to start with

scepgen-n.c:219:9: warning: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Wdepreated-declarations]
  212 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
scepgen-n.c:225:9: warning: ‘RSA_generate_key_ex’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  271 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
scepgen-n.c:229:9: warning: ‘RSA_check_key’ is deprecated: Since OpenSSL 3.0 [-deprecated-declarations]
  289 | OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *);
scepgen-n.c:245:9: warning: ‘EVP_PKEY_set1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
submit-n.c:202:9: warning: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  212 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
submit-n.c:208:9: warning: ‘RSA_generate_key_ex’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  271 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
submit-n.c:212:9: warning: ‘RSA_check_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  289 | OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *);
submit-n.c:216:9: warning: ‘EVP_PKEY_set1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
submit-n.c:220:9: warning: ‘RSA_size’ is deprecated: Since OpenSSL 3.0 [-Wdepreated-declarations]
  215 | OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa);
submit-n.c:223:9: warning: ‘RSA_public_encrypt’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
certsave-o.c:288:29: warning: ‘EVP_PKEY_cmp’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
keygen-o.c:155:17: warning: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Wdepreated-declarations]
  212 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
keygen-o.c:160:17: warning: ‘RSA_generate_key_ex’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  271 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
keygen-o.c:171:17: warning: ‘RSA_check_key’ is deprecated: Since OpenSSL 3.0 [-deprecated-declarations]
  289 | OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *);
keygen-o.c:175:17: warning: ‘EVP_PKEY_set1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
keygen-o.c:179:17: warning: ‘DSA_new’ is deprecated: Since OpenSSL 3.0 [-Wdepreated-declarations]
  130 | OSSL_DEPRECATEDIN_3_0 DSA *DSA_new(void);
keygen-o.c:184:17: warning: ‘DSA_generate_parameters_ex’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  172 | OSSL_DEPRECATEDIN_3_0 int DSA_generate_parameters_ex(DSA *dsa, int bits,
keygen-o.c:197:17: warning: ‘DSA_generate_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  179 | OSSL_DEPRECATEDIN_3_0 int DSA_generate_key(DSA *a);
keygen-o.c:201:17: warning: ‘EVP_PKEY_set1_DSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
keygen-o.c:212:17: warning: ‘EC_KEY_new_by_curve_name’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
keygen-o.c:219:33: warning: ‘EC_KEY_new_by_curve_name’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
keygen-o.c:224:33: warning: ‘EC_KEY_new_by_curve_name’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
keygen-o.c:232:17: warning: ‘EC_KEY_generate_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 1120 | OSSL_DEPRECATEDIN_3_0 int EC_KEY_generate_key(EC_KEY *key);
keygen-o.c:236:17: warning: ‘EC_KEY_set_asn1_flag’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
 1106 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
keygen-o.c:237:17: warning: ‘EVP_PKEY_set1_EC_KEY’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
local.c:310:17: warning: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  212 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
local.c:316:17: warning: ‘RSA_generate_key_ex’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  271 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
local.c:321:17: warning: ‘RSA_check_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  289 | OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *);
local.c:326:17: warning: ‘EVP_PKEY_set1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]

Metadata Update from @rcritten:
- Issue assigned to rcritten

Aug 6, 2025

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

None

Related Pull Requests

#301
#293

certmonger

#292 Fix deprecation warnings related to OpenSSL 3.0 Opened Aug 6, 2025 by rcritten. Modified Aug 6, 2025

Metadata

Related Pull Requests

#292 Fix deprecation warnings related to OpenSSL 3.0

Opened Aug 6, 2025 by rcritten. Modified Aug 6, 2025