From 356674a7ceaa4c4ecb3f478d0d3b3cc682a1540c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 22 Aug 2017 08:48:03 +0200 Subject: dh params: document DH param setting functions as deprecated They are no longer useful after the RFC7919 DH parameter negotiation. Signed-off-by: Nikos Mavrogiannopoulos --- lib/anon_cred.c | 18 ++++++++++++++++++ lib/cert-session.c | 5 +++++ lib/cert.c | 8 ++++++++ lib/psk.c | 19 +++++++++++++++++++ 4 files changed, 50 insertions(+) diff --git a/lib/anon_cred.c b/lib/anon_cred.c index fbf64fb3c3..8eae54d0e3 100644 --- a/lib/anon_cred.c +++ b/lib/anon_cred.c @@ -108,6 +108,10 @@ gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t * * This function will set the Diffie-Hellman parameters for an * anonymous server to use. These parameters will be used in * Anonymous Diffie-Hellman cipher suites. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. **/ void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res, @@ -133,6 +137,10 @@ gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res, * Anonymous Diffie-Hellman cipher suites and will be selected from * the FFDHE set of RFC7919 according to the security level provided. * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -155,6 +163,11 @@ gnutls_anon_set_server_known_dh_params(gnutls_anon_server_credentials_t res, * This function will set a callback in order for the server to get * the Diffie-Hellman parameters for anonymous authentication. The * callback should return %GNUTLS_E_SUCCESS (0) on success. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * **/ void gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t @@ -171,6 +184,11 @@ gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t * This function will set a callback in order for the server to get * the Diffie-Hellman or RSA parameters for anonymous authentication. * The callback should return %GNUTLS_E_SUCCESS (0) on success. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * **/ void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res, diff --git a/lib/cert-session.c b/lib/cert-session.c index 51b249f78f..1ba55fa448 100644 --- a/lib/cert-session.c +++ b/lib/cert-session.c @@ -130,6 +130,11 @@ int gnutls_certificate_client_get_request_status(gnutls_session_t session) * This function will set a callback in order for the server to get * the Diffie-Hellman or RSA parameters for certificate * authentication. The callback should return %GNUTLS_E_SUCCESS (0) on success. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * **/ void gnutls_certificate_set_params_function(gnutls_certificate_credentials_t diff --git a/lib/cert.c b/lib/cert.c index b966dc212b..fa451da5d5 100644 --- a/lib/cert.c +++ b/lib/cert.c @@ -859,6 +859,10 @@ gnutls_certificate_verification_status_print(unsigned int status, * to the parameters are stored in the certificate handle, so you * must not deallocate the parameters before the certificate is deallocated. * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * **/ void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res, @@ -885,6 +889,10 @@ gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res, * Ephemeral Diffie-Hellman cipher suites and will be selected from * the FFDHE set of RFC7919 according to the security level provided. * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * diff --git a/lib/psk.c b/lib/psk.c index b8c27ee3e0..34083c8de7 100644 --- a/lib/psk.c +++ b/lib/psk.c @@ -371,6 +371,11 @@ const char *gnutls_psk_client_get_hint(gnutls_session_t session) * This function will set the Diffie-Hellman parameters for an * anonymous server to use. These parameters will be used in * Diffie-Hellman exchange with PSK cipher suites. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * **/ void gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res, @@ -396,6 +401,10 @@ gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res, * Ephemeral Diffie-Hellman cipher suites and will be selected from * the FFDHE set of RFC7919 according to the security level provided. * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -418,6 +427,11 @@ gnutls_psk_set_server_known_dh_params(gnutls_psk_server_credentials_t res, * This function will set a callback in order for the server to get * the Diffie-Hellman parameters for PSK authentication. The callback * should return %GNUTLS_E_SUCCESS (0) on success. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * **/ void gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t res, @@ -434,6 +448,11 @@ gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t res, * This function will set a callback in order for the server to get * the Diffie-Hellman or RSA parameters for PSK authentication. The * callback should return %GNUTLS_E_SUCCESS (0) on success. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * **/ void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res, -- cgit v1.2.1