Deprecate ECDH_KDF_X9_62()

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)

diff --git a/CHANGES b/CHANGES
index 3124db22554d0dfc4aca6522450cd7c5f18a8665..e540c9c60d43ae2efc550b6cb94d53032e40750b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.1.1 and 1.1.2 [xx XXX xxxx]
 
+  *) Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users
+     should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type).
+     [Antoine Salon]
+
   *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
      the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
      are retained for backwards compatibility.

diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index d686f9d897df1afd4af72de4fd2fe0314b40929a..c21e7880789edc2f7bc45f3094a44b0e1a11c6de 100644 (file)
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -72,6 +72,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
  * The old name for ecdh_KDF_X9_63
  * Retained for ABI compatibility
  */
+#if OPENSSL_API_COMPAT < 0x10200000L
 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
                    const unsigned char *Z, size_t Zlen,
                    const unsigned char *sinfo, size_t sinfolen,
@@ -79,3 +80,4 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
 {
     return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
 }
+#endif

diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 347cfb6d097b91347ae75135b44da1be70290c4a..747239a5a630eda438bbca8b4bc34e1048fa28c2 100644 (file)
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1112,10 +1112,10 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine);
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+DEPRECATEDIN_1_2_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
                    const unsigned char *Z, size_t Zlen,
                    const unsigned char *sinfo, size_t sinfolen,
-                   const EVP_MD *md);
+                   const EVP_MD *md))
 
 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
                      const EC_KEY *ecdh,

diff --git a/util/libcrypto.num b/util/libcrypto.num
index ecece3824fb2be895a385b323168b942df2205ed..31f8781158a7d0dda097158b3b74d8eb15c538cc 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -285,7 +285,7 @@ X509V3_EXT_get_nid                      285 1_1_0   EXIST::FUNCTION:
 BIO_s_log                               286    1_1_0   EXIST::FUNCTION:
 EC_POINT_set_to_infinity                287    1_1_0   EXIST::FUNCTION:EC
 EVP_des_ede_ofb                         288    1_1_0   EXIST::FUNCTION:DES
-ECDH_KDF_X9_62                          289    1_1_0   EXIST::FUNCTION:EC
+ECDH_KDF_X9_62                          289    1_1_0   EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC
 ASN1_UNIVERSALSTRING_to_string          290    1_1_0   EXIST::FUNCTION:
 CRYPTO_gcm128_setiv                     291    1_1_0   EXIST::FUNCTION:
 ASN1_PCTX_set_oid_flags                 292    1_1_0   EXIST::FUNCTION: