diff options
author | Pauli <paul.dale@oracle.com> | 2020-02-12 15:03:51 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-02-20 18:58:40 +1000 |
commit | c5f8713443c8d606ff149b12c478cd6162f2a7ac (patch) | |
tree | 536ea6ba3fdf7e0f4e80ef2b50f8f979cfb730a2 /CHANGES | |
parent | b9f733c2846329ca6ee6b906b2291e31c0c14183 (diff) | |
download | openssl-new-c5f8713443c8d606ff149b12c478cd6162f2a7ac.tar.gz |
Deprecate the low level RSA functions.
Use of the low level RSA functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 39 |
1 files changed, 39 insertions, 0 deletions
@@ -18,6 +18,45 @@ use the pkeyparam, pkey and genpkey programs. [Paul Dale] + *) All of the low level RSA functions have been deprecated including: + + RSA_new_method, RSA_bits, RSA_size, RSA_security_bits, + RSA_get0_pss_params, RSA_get_version, RSA_get0_engine, + RSA_generate_key_ex, RSA_generate_multi_prime_key, + RSA_X931_derive_ex, RSA_X931_generate_key_ex, RSA_check_key, + RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt, + RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method, + RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method, + RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify, + RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING, + RSA_blinding_on, RSA_blinding_off, RSA_setup_blinding, + RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, + RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, + PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, + RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, + RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, + RSA_padding_add_none, RSA_padding_check_none, RSA_padding_add_X931, + RSA_padding_check_X931, RSA_X931_hash_id, RSA_verify_PKCS1_PSS, + RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1, + RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data, + RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, + RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, + RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_get_pub_enc, + RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, + RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, + RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, + RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, + RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, + RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, + RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, + RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen. + + Use of these low level functions has been informally discouraged for a long + time. Instead applications should use L<EVP_PKEY_encrypt_init(3)>, + L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and + L<EVP_PKEY_decrypt(3)>. + [Paul Dale] + *) X509 certificates signed using SHA1 are no longer allowed at security level 1 and above. In TLS/SSL the default security level is 1. It can be set either |