diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2019-10-18 15:54:20 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2019-10-23 00:49:46 +0300 |
commit | 4a7a4972296274463c739c658f3361ca17fb8027 (patch) | |
tree | b6f855f97d74ebcc0ff5bcab9f5f28e77ab44421 /doc | |
parent | cdf8d0db79250258c28c2b4249aedca779bab766 (diff) |
Deprecate EC_GROUP_clear_free()
There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.
See https://github.com/openssl/openssl/issues/9822
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/EC_GROUP_new.pod | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index 17284e12c0..2d85e91d19 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -32,7 +32,6 @@ objects EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) void EC_GROUP_free(EC_GROUP *group); - void EC_GROUP_clear_free(EC_GROUP *group); EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); @@ -59,6 +58,12 @@ objects size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + + void EC_GROUP_clear_free(EC_GROUP *group); + =head1 DESCRIPTION Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the @@ -129,7 +134,10 @@ that the default library context is always used. EC_GROUP_free frees the memory associated with the EC_GROUP. If B<group> is NULL nothing is done. -EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory. +EC_GROUP_clear_free is deprecated: it was meant to destroy any sensitive data +held within the EC_GROUP and then free its memory, but since all the data stored +in the EC_GROUP is public anyway, this function is unnecessary. +Its use can be safely replaced with EC_GROUP_free. If B<group> is NULL nothing is done. =head1 RETURN VALUES @@ -149,8 +157,18 @@ L<OPENSSL_CTX(3)> =head1 HISTORY +=over 2 + +=item * + EC_GROUP_new_ex and EC_GROUP_new_by_curve_name_ex were added in OpenSSL 3.0. +=item * + +EC_GROUP_clear_free() was deprecated in OpenSSL 3.0; use EC_GROUP_free() instead. + +=back + =head1 COPYRIGHT Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. |