diff options
| author | Pauli <paul.dale@oracle.com> | 2020-01-28 15:14:18 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-02-04 20:02:55 +1000 |
| commit | 579422c85cf606c0ae1d4baf414010dc21da657a (patch) | |
| tree | de91afc5811afe2f3f9970afedbae4bafc0ca27b /doc | |
| parent | 5e3f9aa4e9a915f25b36bb085515d4786a253385 (diff) | |
Deprecate the ECDSA and EV_KEY_METHOD functions.
Use of the low level ECDSA and EC_KEY_METHOD functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10960)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/ECDSA_SIG_new.pod | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index 02b4a54f96..4364297e6f 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -18,6 +18,11 @@ functions const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + int ECDSA_size(const EC_KEY *eckey); int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, @@ -40,10 +45,6 @@ functions =head1 DESCRIPTION -Note: these functions provide a low level interface to ECDSA. Most -applications should use the higher level B<EVP> interface such as -L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)> instead. - B<ECDSA_SIG> is an opaque structure consisting of two BIGNUMs for the B<r> and B<s> value of an ECDSA signature (see X9.62 or FIPS 186-2). @@ -69,8 +70,13 @@ after this function has been called. See L<i2d_ECDSA_SIG(3)> and L<d2i_ECDSA_SIG(3)> for information about encoding and decoding ECDSA signatures to/from DER. +All of the functions described below are deprecated. Applications should +use the higher level B<EVP> interface such as L<EVP_DigestSignInit(3)> +or L<EVP_DigestVerifyInit(3)> instead. + ECDSA_size() returns the maximum length of a DER encoded ECDSA signature -created with the private EC key B<eckey>. +created with the private EC key B<eckey>. To obtain the actual signature +size use L<EVP_PKEY_sign(3)> with a NULL B<sig> parameter. ECDSA_sign() computes a digital signature of the B<dgstlen> bytes hash value B<dgst> using the private EC key B<eckey>. The DER encoded signatures is @@ -194,9 +200,16 @@ ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 L<EC_KEY_new(3)>, L<EVP_DigestSignInit(3)>, L<EVP_DigestVerifyInit(3)>, +L<EVP_PKEY_sign(3)> L<i2d_ECDSA_SIG(3)>, L<d2i_ECDSA_SIG(3)> +=head1 HISTORY + +The ECDSA_size(), ECDSA_sign(), ECDSA_do_sign(), ECDSA_verify(), +ECDSA_do_verify(), ECDSA_sign_setup(), ECDSA_sign_ex() and ECDSA_do_sign_ex() +functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. |