rsa: document deprecated low level functions

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11063)
2025-04-12 20:30:52 +08:00 · 2020-02-12 15:23:01 +10:00 · 2020-02-12 15:23:01 +10:00 · 4fd8a3e110
commit 4fd8a3e110
parent f6358b44f1
10 changed files with 106 additions and 0 deletions
--- a/doc/man3/RSA_check_key.pod
+++ b/doc/man3/RSA_check_key.pod
@ -8,12 +8,20 @@ RSA_check_key_ex, RSA_check_key - validate private RSA keys

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb);

 int RSA_check_key(RSA *rsa);

 =head1 DESCRIPTION

+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_public_check(3)>,
+L<EVP_PKEY_private_check(3)> and L<EVP_PKEY_pairwise_check(3)>.
+
 RSA_check_key_ex() function validates RSA keys.
 It checks that B<p> and B<q> are
 in fact prime, and that B<n = p*q>.
@ -70,6 +78,8 @@ L<ERR_get_error(3)>

 =head1 HISTORY

+All of these functions were deprecated in OpenSSL 3.0.
+
 RSA_check_key_ex() appeared after OpenSSL 1.0.2.

 =head1 COPYRIGHT
--- a/doc/man3/RSA_generate_key.pod
+++ b/doc/man3/RSA_generate_key.pod
@ -9,6 +9,10 @@ RSA_generate_multi_prime_key - generate RSA key pair

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
 int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);

@ -21,6 +25,10 @@ L<openssl_user_macros(7)>:

 =head1 DESCRIPTION

+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_keygen_init(3)> and
+L<EVP_PKEY_keygen(3)>.
+
 RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the
 B<RSA> structure provided in B<rsa>. The pseudo-random number generator must
 be seeded prior to calling RSA_generate_key_ex().
@ -95,6 +103,8 @@ L<RAND(7)>

 =head1 HISTORY

+All of these functions were deprecated in OpenSSL 3.0.
+
 RSA_generate_key() was deprecated in OpenSSL 0.9.8; use
 RSA_generate_key_ex() instead.

--- a/doc/man3/RSA_meth_new.pod
+++ b/doc/man3/RSA_meth_new.pod
@ -20,6 +20,10 @@ RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 RSA_METHOD *RSA_meth_new(const char *name, int flags);
 void RSA_meth_free(RSA_METHOD *meth);

@ -123,6 +127,9 @@ RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen

 =head1 DESCRIPTION

+All of the functions described on this page are deprecated.
+Applications should instead use the OSSL_PROVIDER APIs.
+
 The B<RSA_METHOD> type is a structure used for the provision of custom
 RSA implementations. It provides a set of functions used by OpenSSL
 for the implementation of the various RSA capabilities.
@ -244,6 +251,8 @@ L<RSA_generate_multi_prime_key(3)>

 =head1 HISTORY

+All of these functions were deprecated in OpenSSL 3.0.
+
 RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were
 added in OpenSSL 1.1.1.

--- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod
+++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod
@ -14,6 +14,10 @@ padding

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
                                  const unsigned char *f, int fl);

@ -58,6 +62,9 @@ padding

 =head1 DESCRIPTION

+All of the functions described on this page are deprecated.
+Applications should instead use the EVP PKEY APIs.
+
 The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
 decrypt, sign and verify functions. Normally they should not be called
 from application programs.
@ -148,6 +155,10 @@ L<RSA_private_decrypt(3)>,
 L<RSA_sign(3)>, L<RSA_verify(3)>,
 L<RAND(7)>

+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT

 Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
--- a/doc/man3/RSA_private_encrypt.pod
+++ b/doc/man3/RSA_private_encrypt.pod
@ -8,6 +8,10 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 int RSA_private_encrypt(int flen, unsigned char *from,
                         unsigned char *to, RSA *rsa, int padding);

@ -16,6 +20,10 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations

 =head1 DESCRIPTION

+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_encrypt_init(3)>,
+L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>.
+
 These functions handle RSA signatures at a low level.

 RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
@ -62,6 +70,10 @@ obtained by L<ERR_get_error(3)>.
 L<ERR_get_error(3)>,
 L<RSA_sign(3)>, L<RSA_verify(3)>

+=head1 HISTORY
+
+Both of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT

 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
--- a/doc/man3/RSA_public_encrypt.pod
+++ b/doc/man3/RSA_public_encrypt.pod
@ -8,6 +8,10 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 int RSA_public_encrypt(int flen, const unsigned char *from,
                        unsigned char *to, RSA *rsa, int padding);

@ -16,6 +20,10 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography

 =head1 DESCRIPTION

+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_encrypt_init(3)>,
+L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>.
+
 RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
 session key) using the public key B<rsa> and stores the ciphertext in
 B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
@ -97,6 +105,10 @@ SSL, PKCS #1 v2.0
 L<ERR_get_error(3)>, L<RAND_bytes(3)>,
 L<RSA_size(3)>

+=head1 HISTORY
+
+Both of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT

 Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
--- a/doc/man3/RSA_set_method.pod
+++ b/doc/man3/RSA_set_method.pod
@ -10,6 +10,10 @@ RSA_new_method - select RSA method

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 void RSA_set_default_method(const RSA_METHOD *meth);

 RSA_METHOD *RSA_get_default_method(void);
@ -26,6 +30,9 @@ RSA_new_method - select RSA method

 =head1 DESCRIPTION

+All of the functions described on this page are deprecated.
+Applications should instead use the OSSL_PROVIDER APIs.
+
 An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
 operations. By modifying the method, alternative implementations such as
 hardware accelerators may be used. IMPORTANT: See the NOTES section for
@ -171,6 +178,8 @@ L<RSA_new(3)>

 =head1 HISTORY

+All of these functions were deprecated in OpenSSL 3.0.
+
 The RSA_null_method(), which was a partial attempt to avoid patent issues,
 was replaced to always return NULL in OpenSSL 1.1.1.

--- a/doc/man3/RSA_sign.pod
+++ b/doc/man3/RSA_sign.pod
@ -8,6 +8,10 @@ RSA_sign, RSA_verify - RSA signatures

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
              unsigned char *sigret, unsigned int *siglen, RSA *rsa);

@ -16,6 +20,10 @@ RSA_sign, RSA_verify - RSA signatures

 =head1 DESCRIPTION

+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_sign_init(3)>, L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify_init(3)> and L<EVP_PKEY_verify(3)>.
+
 RSA_sign() signs the message digest B<m> of size B<m_len> using the
 private key B<rsa> using RSASSA-PKCS1-v1_5 as specified in RFC 3447. It
 stores the signature in B<sigret> and the signature size in B<siglen>.
@ -53,6 +61,10 @@ L<ERR_get_error(3)>,
 L<RSA_private_encrypt(3)>,
 L<RSA_public_decrypt(3)>

+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT

 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
--- a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
@ -8,6 +8,10 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
                                unsigned int m_len, unsigned char *sigret,
                                unsigned int *siglen, RSA *rsa);
@ -18,6 +22,9 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures

 =head1 DESCRIPTION

+All of the functions described on this page are deprecated.
+Applications should instead use EVP PKEY APIs.
+
 RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
 B<m_len> using the private key B<rsa> represented in DER using PKCS #1
 padding. It stores the signature in B<sigret> and the signature size
@ -55,6 +62,10 @@ L<RAND_bytes(3)>, L<RSA_sign(3)>,
 L<RSA_verify(3)>,
 L<RAND(7)>

+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT

 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
--- a/doc/man3/RSA_size.pod
+++ b/doc/man3/RSA_size.pod
@ -8,6 +8,10 @@ RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits

 #include <openssl/rsa.h>

+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
 int RSA_size(const RSA *rsa);

 int RSA_bits(const RSA *rsa);
@ -16,6 +20,10 @@ RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits

 =head1 DESCRIPTION

+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>
+and L<EVP_PKEY_security_bits(3)>.
+
 RSA_size() returns the RSA modulus size in bytes. It can be used to
 determine how much memory must be allocated for an RSA encrypted
 value.
@ -41,6 +49,8 @@ L<BN_num_bits(3)>

 =head1 HISTORY

+All of these functions were deprecated in OpenSSL 3.0.
+
 The RSA_bits() function was added in OpenSSL 1.1.0.

 =head1 COPYRIGHT