diff options
| author | Matt Caswell <matt@openssl.org> | 2021-02-25 16:27:46 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-03-08 15:11:31 +0000 |
| commit | 8e53d94d9971bb29a303dd2295f2f169b1c9a35e (patch) | |
| tree | ea9e8f74ceb1b5d9674fdb6a7b23dcc493304189 /CHANGES.md | |
| parent | b574c6a9ac96825b4f19c5e835273bf176174af8 (diff) | |
Ensure the various legacy key EVP_PKEY getters/setters are deprecated
Most of these were already deprecated but a few have been missed. This
commit corrects that.
Fixes #14303
Fixes #14317
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/CHANGES.md b/CHANGES.md index 33a335e689..b9ce4e8657 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -22,6 +22,17 @@ OpenSSL 3.0 ----------- ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + + * A number of functions handling low level keys or engines were deprecated + including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(), + EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and + EVP_PKEY_get0_siphash(). Applications using engines should instead use + providers. Applications getting or setting low level keys in an EVP_PKEY + should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively + use EVP_PKEY_fromdata() or EVP_PKEY_get_params(). + + *Matt Caswell* + * Deprecated obsolete EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() functions. They are not needed and require returning octet ptr parameters from providers that @@ -35,6 +46,7 @@ OpenSSL 3.0 be used instead via EVP_RAND(3). *Paul Dale* + * The SRP APIs have been deprecated. The old APIs do not work via providers, and there is no EVP interface to them. Unfortunately there is no replacement for these APIs at this time. @@ -492,12 +504,6 @@ OpenSSL 3.0 *Kurt Roeckx* - * EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(), and - EVP_PKEY_get0_EC_KEY() can now handle EVP_PKEYs with provider side - internal keys, if they correspond to one of those built in types. - - *Richard Levitte* - * Added EVP_PKEY_set_type_by_keymgmt(), to initialise an EVP_PKEY to contain a provider side internal key. @@ -667,7 +673,7 @@ OpenSSL 3.0 `EVP_PKEY_set1_DH()` are also deprecated. Applications should instead either read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs. - Or load an EVP_PKEY directly from DH data using `EVP_PKEY_fromdata()`. + Or load an EVP_PKEY directly from DH data using `EVP_PKEY_fromdata()`. *Paul Dale and Matt Caswell* @@ -695,6 +701,13 @@ OpenSSL 3.0 time. Instead applications should use L<EVP_DigestSignInit_ex(3)>, L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>. + Finaly functions that assign or obtain DH objects from an EVP_PKEY such as + `EVP_PKEY_assign_DSA()`, `EVP_PKEY_get0_DSA()`, `EVP_PKEY_get1_DSA()`, and + `EVP_PKEY_set1_DSA()` are also deprecated. + Applications should instead either read or write an + EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs. + Or load an EVP_PKEY directly from DSA data using `EVP_PKEY_fromdata()`. + *Paul Dale* * Reworked the treatment of EC EVP_PKEYs with the SM2 curve to |