Deprecate the ECDH functions.

Use of the low level ECDH functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10960)

diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index 9556a94210435d7e4671915e1f5d48f2557576b2..7aa9865d29dc17c4c5f6628f83f16a356db7fedb 100644 (file)
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDH and ECDSA low level APIs are deprecated for public use, but still ok
+ * for internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include <openssl/ec.h>
 #include <openssl/engine.h>

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 1750e43d16285f9b53890be65c6b26a4f1b81b56..d4a59b57eeeea0c570005b2e02495ab9a3f26f3d 100644 (file)
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDH and ECDSA low level APIs are deprecated for public use, but still ok
+ * for internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>

diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index 000b12a515a21eae0ed5f0eb9a368476d6434811..bc9c968655430d54e62f5f6e54e56904459ade55 100644 (file)
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * ECDH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include <openssl/core_names.h>
 #include <openssl/ec.h>

diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 3787d2f807bd739daf5c19bb9feab47750dfa3ca..81e7bd28b86d9058e6a46184c6d5813fdda0de91 100644 (file)
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1180,10 +1180,11 @@ DEPRECATEDIN_3_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
                                     const unsigned char *sinfo, size_t sinfolen,
                                     const EVP_MD *md))
 
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                     const EC_KEY *ecdh,
-                     void *(*KDF) (const void *in, size_t inlen,
-                                   void *out, size_t *outlen));
+DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen,
+                                      const EC_POINT *pub_key,
+                                      const EC_KEY *ecdh,
+                                      void *(*KDF)(const void *in, size_t inlen,
+                                                   void *out, size_t *outlen)))
 
 typedef struct ECDSA_SIG_st ECDSA_SIG;