Deprecate the ECDH functions.

Use of the low level ECDH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10960)
2025-02-17 14:32:04 +08:00 · 2020-01-28 12:38:47 +10:00 · 2020-01-28 12:38:47 +10:00 · 5e3f9aa4e9
commit 5e3f9aa4e9
parent ee8db22e27
4 changed files with 23 additions and 4 deletions
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@ -7,6 +7,12 @@
 * https://www.openssl.org/source/license.html
 */

+/*
+ * ECDH and ECDSA low level APIs are deprecated for public use, but still ok
+ * for internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include <openssl/ec.h>
 #include <openssl/engine.h>
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@ -7,6 +7,12 @@
 * https://www.openssl.org/source/license.html
 */

+/*
+ * ECDH and ECDSA low level APIs are deprecated for public use, but still ok
+ * for internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@ -7,6 +7,12 @@
 * https://www.openssl.org/source/license.html
 */

+/*
+ * ECDH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include <openssl/core_names.h>
 #include <openssl/ec.h>
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@ -1180,10 +1180,11 @@ DEPRECATEDIN_3_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
                                    const unsigned char *sinfo, size_t sinfolen,
                                    const EVP_MD *md))

-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                     const EC_KEY *ecdh,
-                     void *(*KDF) (const void *in, size_t inlen,
-                                   void *out, size_t *outlen));
+DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen,
+                                      const EC_POINT *pub_key,
+                                      const EC_KEY *ecdh,
+                                      void *(*KDF)(const void *in, size_t inlen,
+                                                   void *out, size_t *outlen)))

 typedef struct ECDSA_SIG_st ECDSA_SIG;