Commit f9f6d5666a for openssl.org
commit f9f6d5666ab1d24caca0972de38f97ce7175bfde
Author: Matt Caswell <matt@openssl.org>
Date: Mon Dec 15 16:18:13 2025 +0000
Remove the ability to query the internal EVP_PKEY_ASN1_METHODs
Previously there were a few functions where you could obtain a handle
on registered EVP_PKEY_ASN1_METHODs and query information about them.
We remove the capability.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
diff --git a/apps/list.c b/apps/list.c
index 5a9673180d..2edd010046 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1239,34 +1239,6 @@ static void list_type(FUNC_TYPE ft, int one)
static void list_pkey(void)
{
-#ifndef OPENSSL_NO_DEPRECATED_3_0
- int i;
-
- if (select_name == NULL && include_legacy()) {
- BIO_printf(bio_out, "Legacy:\n");
- for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
- const EVP_PKEY_ASN1_METHOD *ameth;
- int pkey_id, pkey_base_id, pkey_flags;
- const char *pinfo, *pem_str;
- ameth = EVP_PKEY_asn1_get0(i);
- EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
- &pinfo, &pem_str, ameth);
- if (pkey_flags & ASN1_PKEY_ALIAS) {
- BIO_printf(bio_out, " Name: %s\n", OBJ_nid2ln(pkey_id));
- BIO_printf(bio_out, "\tAlias for: %s\n",
- OBJ_nid2ln(pkey_base_id));
- } else {
- BIO_printf(bio_out, " Name: %s\n", pinfo);
- BIO_printf(bio_out, "\tType: %s Algorithm\n",
- pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
- BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
- if (pem_str == NULL)
- pem_str = "(none)";
- BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
- }
- }
- }
-#endif
BIO_printf(bio_out, "Provided:\n");
BIO_printf(bio_out, " Key Managers:\n");
list_keymanagers();
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 08d1ccbbca..bdba032931 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -35,13 +35,13 @@ static int ameth_cmp(const EVP_PKEY_ASN1_METHOD *const *a,
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
const EVP_PKEY_ASN1_METHOD *, ameth);
-int EVP_PKEY_asn1_get_count(void)
+int evp_pkey_asn1_get_count(void)
{
int num = OSSL_NELEM(standard_methods);
return num;
}
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
+const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_get0(int idx)
{
int num = OSSL_NELEM(standard_methods);
@@ -68,7 +68,7 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
* `type`. If pe is not NULL, the function will set *pe to NULL to indicate no
* engine is used.
*/
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
+const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int type)
{
const EVP_PKEY_ASN1_METHOD *t;
@@ -78,25 +78,18 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
break;
type = t->pkey_base_id;
}
- if (pe) {
- *pe = NULL;
- }
return t;
}
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
- const char *str, int len)
+const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find_str(const char *str, int len)
{
int i;
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
if (len == -1)
len = (int)strlen(str);
- if (pe) {
- *pe = NULL;
- }
- for (i = EVP_PKEY_asn1_get_count(); i-- > 0;) {
- ameth = EVP_PKEY_asn1_get0(i);
+ for (i = evp_pkey_asn1_get_count(); i-- > 0;) {
+ ameth = evp_pkey_asn1_get0(i);
if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue;
if ((int)strlen(ameth->pem_str) == len
@@ -106,7 +99,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
return NULL;
}
-int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
+int evp_pkey_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
int *ppkey_flags, const char **pinfo,
const char **ppem_str,
const EVP_PKEY_ASN1_METHOD *ameth)
@@ -126,7 +119,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
return 1;
}
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
+const EVP_PKEY_ASN1_METHOD *evp_pkey_get0_asn1(const EVP_PKEY *pkey)
{
return pkey->ameth;
}
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index 822656eaef..ab3d720598 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -7,17 +7,12 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * For EVP_PKEY_asn1_get0_info(), EVP_PKEY_asn1_get_count() and
- * EVP_PKEY_asn1_get0()
- */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include "internal/namemap.h"
#include "internal/tsan_assist.h"
#include "internal/hashtable.h"
#include "internal/sizes.h"
#include "crypto/context.h"
+#include "crypto/evp.h"
#define NAMEMAP_HT_BUCKETS 512
@@ -446,7 +441,7 @@ static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
int nid = 0, base_nid = 0, flags = 0;
const char *pem_name = NULL;
- EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
+ evp_pkey_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
if (nid != NID_undef) {
if ((flags & ASN1_PKEY_ALIAS) == 0) {
switch (nid) {
@@ -534,8 +529,8 @@ OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx)
int i, end;
/* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
- for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
- get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
+ for (i = 0, end = evp_pkey_asn1_get_count(); i < end; i++)
+ get_legacy_pkey_meth_names(evp_pkey_asn1_get0(i), namemap);
}
#endif
}
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 690839cffb..bafd44972b 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -7,11 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * Needed for EVP_PKEY_get0_asn1 and EVP_PKEY_asn1_get0_info
- */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
@@ -259,9 +254,9 @@ const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key)
#ifndef OPENSSL_NO_DEPRECATED_3_6
/* Otherwise fallback to legacy */
- ameth = EVP_PKEY_get0_asn1(key);
+ ameth = evp_pkey_get0_asn1(key);
if (ameth != NULL)
- EVP_PKEY_asn1_get0_info(NULL, NULL,
+ evp_pkey_asn1_get0_info(NULL, NULL,
NULL, NULL, &name, ameth);
#endif
diff --git a/crypto/evp/evp_pkey_type.c b/crypto/evp/evp_pkey_type.c
index 7d9f82d72a..cc4b824c76 100644
--- a/crypto/evp/evp_pkey_type.c
+++ b/crypto/evp/evp_pkey_type.c
@@ -65,7 +65,7 @@ int EVP_PKEY_type(int type)
int ret;
const EVP_PKEY_ASN1_METHOD *ameth;
- ameth = EVP_PKEY_asn1_find(NULL, type);
+ ameth = evp_pkey_asn1_find(type);
if (ameth)
ret = ameth->pkey_id;
else
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index df4ca9bce1..ab5ad82d08 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1517,9 +1517,9 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str,
}
#ifndef FIPS_MODULE
if (str != NULL)
- ameth = EVP_PKEY_asn1_find_str(NULL, str, len);
+ ameth = evp_pkey_asn1_find_str(str, len);
else if (type != EVP_PKEY_NONE)
- ameth = EVP_PKEY_asn1_find(NULL, type);
+ ameth = evp_pkey_asn1_find(type);
#endif
{
@@ -1704,7 +1704,7 @@ void evp_pkey_free_legacy(EVP_PKEY *x)
const EVP_PKEY_ASN1_METHOD *ameth = x->ameth;
if (ameth == NULL && x->legacy_cache_pkey.ptr != NULL)
- ameth = EVP_PKEY_asn1_find(NULL, x->type);
+ ameth = evp_pkey_asn1_find(x->type);
if (ameth != NULL) {
if (x->legacy_cache_pkey.ptr != NULL) {
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 2f7e51b16b..e842bb97b3 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -25,6 +25,7 @@
#include <openssl/pkcs12.h>
#include "crypto/asn1.h"
#include <openssl/des.h>
+#include "crypto/evp.h"
#define MIN_LENGTH 4
@@ -145,7 +146,7 @@ static int check_pem(const char *nm, const char *name)
* NB: ENGINE implementations won't contain a deprecated old
* private key decode function so don't look for them.
*/
- ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+ ameth = evp_pkey_asn1_find_str(nm, slen);
if (ameth && ameth->old_priv_decode)
return 1;
}
@@ -157,7 +158,7 @@ static int check_pem(const char *nm, const char *name)
const EVP_PKEY_ASN1_METHOD *ameth;
slen = ossl_pem_check_suffix(nm, "PARAMETERS");
if (slen > 0) {
- ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+ ameth = evp_pkey_asn1_find_str(nm, slen);
if (ameth) {
int r;
if (ameth->param_decode)
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 6542aa2a7c..8f99e45bb0 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -174,7 +174,7 @@ static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x,
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if ((slen = ossl_pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
const EVP_PKEY_ASN1_METHOD *ameth;
- ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+ ameth = evp_pkey_asn1_find_str(nm, slen);
if (ameth == NULL || ameth->old_priv_decode == NULL)
goto p8err;
ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx,
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 91351d5d78..8ccebbb4b5 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -7,11 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * because of EVP_PKEY_asn1_find deprecation
- */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
@@ -21,6 +16,7 @@
#include <openssl/x509v3.h>
#include "crypto/asn1.h"
#include "crypto/x509.h"
+#include "crypto/evp.h"
void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs)
{
@@ -307,7 +303,7 @@ int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
int pkey_nid, dig_nid;
const EVP_PKEY_ASN1_METHOD *ameth;
if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
- ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+ ameth = evp_pkey_asn1_find(pkey_nid);
if (ameth && ameth->sig_print)
return ameth->sig_print(bp, sigalg, sig, indent + 4, 0);
}
diff --git a/crypto/x509/v3_ac_tgt.c b/crypto/x509/v3_ac_tgt.c
index f0c2821e0f..05f05553b4 100644
--- a/crypto/x509/v3_ac_tgt.c
+++ b/crypto/x509/v3_ac_tgt.c
@@ -7,11 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * Needed for EVP_PKEY_asn1_find
- */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include <stdio.h>
#include <openssl/x509_acert.h>
#include <crypto/x509_acert.h>
@@ -23,6 +18,7 @@
#include "ext_dat.h"
#include "x509_local.h"
#include "crypto/asn1.h"
+#include "crypto/evp.h"
static int i2r_ISSUER_SERIAL(X509V3_EXT_METHOD *method,
OSSL_ISSUER_SERIAL *iss,
@@ -153,7 +149,7 @@ static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method,
int pkey_nid, dig_nid;
const EVP_PKEY_ASN1_METHOD *ameth;
if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
- ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+ ameth = evp_pkey_asn1_find(pkey_nid);
if (ameth && ameth->sig_print)
return ameth->sig_print(out, digalg, sig, indent + 4, 0);
}
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 10178522a0..ec795faa57 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -7,11 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-/*
- * because of EVP_PKEY_asn1_find deprecation
- */
-#include "internal/deprecated.h"
-
#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
@@ -22,6 +17,7 @@
#include <openssl/x509v3.h>
#include "crypto/asn1.h"
#include "crypto/x509.h"
+#include "crypto/evp.h"
#include "x509_local.h"
int X509_set_version(X509 *x, long version)
@@ -236,7 +232,7 @@ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
switch (mdnid) {
case NID_undef:
/* If we have one, use a custom handler for this algorithm */
- ameth = EVP_PKEY_asn1_find(NULL, pknid);
+ ameth = evp_pkey_asn1_find(pknid);
if (ameth != NULL && ameth->siginf_set != NULL
&& ameth->siginf_set(siginf, alg, sig))
break;
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index b719118bee..a787b9cc6a 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -919,4 +919,14 @@ int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp,
int ossl_md2hmacnid(int mdnid);
int ossl_hmac2mdnid(int hmac_nid);
+const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int type);
+const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find_str(const char *str, int len);
+int evp_pkey_asn1_get_count(void);
+const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_get0(int idx);
+int evp_pkey_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
+ int *ppkey_flags, const char **pinfo,
+ const char **ppem_str,
+ const EVP_PKEY_ASN1_METHOD *ameth);
+const EVP_PKEY_ASN1_METHOD *evp_pkey_get0_asn1(const EVP_PKEY *pkey);
+
#endif /* OSSL_CRYPTO_EVP_H */
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index ea8c4b0fd1..9166425642 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1513,20 +1513,6 @@ int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num);
#define ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED 0xb
#ifndef OPENSSL_NO_DEPRECATED_3_6
-OSSL_DEPRECATEDIN_3_6 int EVP_PKEY_asn1_get_count(void);
-OSSL_DEPRECATEDIN_3_6 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
-OSSL_DEPRECATEDIN_3_6
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
-OSSL_DEPRECATEDIN_3_6
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
- const char *str, int len);
-OSSL_DEPRECATEDIN_3_6
-int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
- int *ppkey_flags, const char **pinfo,
- const char **ppem_str,
- const EVP_PKEY_ASN1_METHOD *ameth);
-
-OSSL_DEPRECATEDIN_3_6 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_6 EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
const char *pem_str,
const char *info);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 5c694ca6b8..95e787300a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -273,29 +273,6 @@ static const SSL_CIPHER cipher_aliases[] = {
};
-#ifndef OPENSSL_NO_DEPRECATED_3_6
-/*
- * Search for public key algorithm with given name and return its pkey_id if
- * it is available. Otherwise return 0
- */
-static int get_optional_pkey_id(const char *pkey_name)
-{
- const EVP_PKEY_ASN1_METHOD *ameth;
- int pkey_id = 0;
- ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
- if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth) > 0)
- return pkey_id;
- return 0;
-}
-
-#else
-static int get_optional_pkey_id(const char *pkey_name)
-{
- (void)pkey_name;
- return 0;
-}
-#endif
-
int ssl_load_ciphers(SSL_CTX *ctx)
{
size_t i;
@@ -384,36 +361,33 @@ int ssl_load_ciphers(SSL_CTX *ctx)
memcpy(ctx->ssl_mac_pkey_id, default_mac_pkey_id,
sizeof(ctx->ssl_mac_pkey_id));
- ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id(SN_id_Gost28147_89_MAC);
+ ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = 0;
if (ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
else
ctx->disabled_mac_mask |= SSL_GOST89MAC;
- ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id(SN_gost_mac_12);
+ ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = 0;
if (ctx->ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
ctx->ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
else
ctx->disabled_mac_mask |= SSL_GOST89MAC12;
- ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = get_optional_pkey_id(SN_magma_mac);
+ ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX] = 0;
if (ctx->ssl_mac_pkey_id[SSL_MD_MAGMAOMAC_IDX])
ctx->ssl_mac_secret_size[SSL_MD_MAGMAOMAC_IDX] = 32;
else
ctx->disabled_mac_mask |= SSL_MAGMAOMAC;
- ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = get_optional_pkey_id(SN_kuznyechik_mac);
+ ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX] = 0;
if (ctx->ssl_mac_pkey_id[SSL_MD_KUZNYECHIKOMAC_IDX])
ctx->ssl_mac_secret_size[SSL_MD_KUZNYECHIKOMAC_IDX] = 32;
else
ctx->disabled_mac_mask |= SSL_KUZNYECHIKOMAC;
- if (!get_optional_pkey_id(SN_id_GostR3410_2001))
- ctx->disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
- if (!get_optional_pkey_id(SN_id_GostR3410_2012_256))
- ctx->disabled_auth_mask |= SSL_aGOST12;
- if (!get_optional_pkey_id(SN_id_GostR3410_2012_512))
- ctx->disabled_auth_mask |= SSL_aGOST12;
+ ctx->disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
+ ctx->disabled_auth_mask |= SSL_aGOST12;
+ ctx->disabled_auth_mask |= SSL_aGOST12;
/*
* Disable GOST key exchange if no GOST signature algs are available *
*/
diff --git a/test/build.info b/test/build.info
index c400ad0ef3..d12aa67269 100644
--- a/test/build.info
+++ b/test/build.info
@@ -55,7 +55,7 @@ IF[{- !$disabled{tests} -}]
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bio_callback_test bio_memleak_test bio_core_test bio_dgram_test param_build_test \
bioprinttest sslapitest ssl_handshake_rtt_test dtlstest sslcorrupttest \
- bio_base64_test test_base64_simdutf bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
+ bio_base64_test test_base64_simdutf bio_enc_test pkey_meth_kdf_test evp_kdf_test uitest \
cipherbytes_test threadstest_fips threadpool_test \
asn1_encode_test asn1_decode_test asn1_string_table_test asn1_stable_parse_test \
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
@@ -648,10 +648,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[bio_enc_test]=../include ../apps/include
DEPEND[bio_enc_test]=../libcrypto libtestutil.a
- SOURCE[pkey_meth_test]=pkey_meth_test.c
- INCLUDE[pkey_meth_test]=../include ../apps/include
- DEPEND[pkey_meth_test]=../libcrypto libtestutil.a
-
SOURCE[pkey_meth_kdf_test]=pkey_meth_kdf_test.c
INCLUDE[pkey_meth_kdf_test]=../include ../apps/include
DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a
diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c
index 342308c617..075e24551e 100644
--- a/test/helpers/ssl_test_ctx.c
+++ b/test/helpers/ssl_test_ctx.c
@@ -520,19 +520,10 @@ const char *ssl_max_fragment_len_name(int MFL_mode)
__owur static int parse_expected_key_type(int *ptype, const char *value)
{
int nid;
-#ifndef OPENSSL_NO_DEPRECATED_3_6
- const EVP_PKEY_ASN1_METHOD *ameth;
-#endif
if (value == NULL)
return 0;
-#ifndef OPENSSL_NO_DEPRECATED_3_6
- ameth = EVP_PKEY_asn1_find_str(NULL, value, -1);
- if (ameth != NULL)
- EVP_PKEY_asn1_get0_info(&nid, NULL, NULL, NULL, NULL, ameth);
- else
- nid = OBJ_sn2nid(value);
-#else
+
/*
* These functions map the values differently than
* EVP_PKEY_asn1_find_str (which was used before) so use this hack
@@ -551,7 +542,7 @@ __owur static int parse_expected_key_type(int *ptype, const char *value)
} else {
nid = OBJ_ln2nid(value);
}
-#endif
+
if (nid == NID_undef)
nid = OBJ_sn2nid(value);
#ifndef OPENSSL_NO_EC
diff --git a/test/pkey_meth_test.c b/test/pkey_meth_test.c
deleted file mode 100644
index 15d62e0a93..0000000000
--- a/test/pkey_meth_test.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* Internal tests for EVP_PKEY method ordering */
-
-/*
- * Because of *asn1_*
- */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/evp.h>
-#include "testutil.h"
-
-#ifndef OPENSSL_NO_DEPRECATED_3_6
-/* Test of EVP_PKEY_ASN1_METHOD ordering */
-static int test_asn1_meths(void)
-{
- int i;
- int prev = -1;
- int good = 1;
- int pkey_id;
- const EVP_PKEY_ASN1_METHOD *ameth;
-
- for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
- ameth = EVP_PKEY_asn1_get0(i);
- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
- if (pkey_id < prev)
- good = 0;
- prev = pkey_id;
- }
- if (!good) {
- TEST_error("EVP_PKEY_ASN1_METHOD table out of order");
- for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
- const char *info;
-
- ameth = EVP_PKEY_asn1_get0(i);
- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, &info, NULL, ameth);
- if (info == NULL)
- info = "<NO NAME>";
- TEST_note("%d : %s : %s", pkey_id, OBJ_nid2ln(pkey_id), info);
- }
- }
- return good;
-}
-#endif
-
-int setup_tests(void)
-{
-#ifndef OPENSSL_NO_DEPRECATED_3_6
- ADD_TEST(test_asn1_meths);
-#endif
- return 1;
-}
diff --git a/test/recipes/30-test_pkey_meth.t b/test/recipes/30-test_pkey_meth.t
deleted file mode 100644
index b34dcc77c9..0000000000
--- a/test/recipes/30-test_pkey_meth.t
+++ /dev/null
@@ -1,12 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-use OpenSSL::Test::Simple;
-
-simple_test("test_pkey_meth", "pkey_meth_test");
diff --git a/util/libcrypto.num b/util/libcrypto.num
index da161aad73..9d508f96ca 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1331,12 +1331,6 @@ EVP_PBE_find ? 4_0_0 EXIST::FUNCTION:
EVP_PBE_find_ex ? 4_0_0 EXIST::FUNCTION:
EVP_PBE_cleanup ? 4_0_0 EXIST::FUNCTION:
EVP_PBE_get ? 4_0_0 EXIST::FUNCTION:
-EVP_PKEY_asn1_get_count ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6
-EVP_PKEY_asn1_get0 ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6
-EVP_PKEY_asn1_find ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6
-EVP_PKEY_asn1_find_str ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6
-EVP_PKEY_asn1_get0_info ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6
-EVP_PKEY_get0_asn1 ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6
EVP_PKEY_asn1_new ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6
EVP_PKEY_asn1_copy ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6
EVP_PKEY_asn1_free ? 4_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_6