diff options
author | Pauli <paul.dale@oracle.com> | 2020-01-30 07:23:39 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-02-12 08:52:41 +1000 |
commit | f41ac0eeab9d2889d44e3acf6ff1e8274d03d73e (patch) | |
tree | ba3620a537ece73983886b7449eab118e5869223 /CHANGES | |
parent | 7f6deaf68e42e979a2084989db2c32193825d1b3 (diff) | |
download | openssl-new-f41ac0eeab9d2889d44e3acf6ff1e8274d03d73e.tar.gz |
Deprecate the low level DSA functions.
Use of the low level DSA functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -21,6 +21,32 @@ options of the apps. [Kurt Roeckx] + *) The command line utilities dhparam, dsa, gendsa and dsaparam have been + deprecated. Instead use the pkeyparam, pkey, genpkey and pkeyparam + programs respectively. + [Paul Dale] + + *) All of the low level DSA functions have been deprecated including: + + DSA_do_sign, DSA_do_verify, DSA_OpenSSL, DSA_set_default_method, + DSA_get_default_method, DSA_set_method, DSA_get_method, DSA_new_method, + DSA_sign_setup, DSA_sign, DSA_verify, DSA_get_ex_new_index, + DSA_set_ex_data, DSA_get_ex_data, DSA_generate_parameters_ex, + DSA_generate_key, DSA_meth_new, DSA_get0_engine, DSA_meth_free, + DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, + DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, + DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, + DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, + DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, + DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, + DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, + DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen. + + Use of these low level functions has been informally discouraged for a long + time. Instead applications should use L<EVP_DigestSignInit_ex(3)>, + L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>. + [Paul Dale] + *) Reworked the treatment of EC EVP_PKEYs with the SM2 curve to automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC. This means that applications don't have to look at the curve NID and |