From 4fd8a3e110ee901bc013dc816a6be4d8d1d7b718 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 12 Feb 2020 15:23:01 +1000 Subject: [PATCH] rsa: document deprecated low level functions Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11063) --- doc/man3/RSA_check_key.pod | 10 ++++++++++ doc/man3/RSA_generate_key.pod | 10 ++++++++++ doc/man3/RSA_meth_new.pod | 9 +++++++++ doc/man3/RSA_padding_add_PKCS1_type_1.pod | 11 +++++++++++ doc/man3/RSA_private_encrypt.pod | 12 ++++++++++++ doc/man3/RSA_public_encrypt.pod | 12 ++++++++++++ doc/man3/RSA_set_method.pod | 9 +++++++++ doc/man3/RSA_sign.pod | 12 ++++++++++++ doc/man3/RSA_sign_ASN1_OCTET_STRING.pod | 11 +++++++++++ doc/man3/RSA_size.pod | 10 ++++++++++ 10 files changed, 106 insertions(+) diff --git a/doc/man3/RSA_check_key.pod b/doc/man3/RSA_check_key.pod index fb7bd235a6..137ec7eb68 100644 --- a/doc/man3/RSA_check_key.pod +++ b/doc/man3/RSA_check_key.pod @@ -8,12 +8,20 @@ RSA_check_key_ex, RSA_check_key - validate private RSA keys #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); int RSA_check_key(RSA *rsa); =head1 DESCRIPTION +Both of the functions described on this page are deprecated. +Applications should instead use L, +L and L. + RSA_check_key_ex() function validates RSA keys. It checks that B

and B are in fact prime, and that B. @@ -70,6 +78,8 @@ L =head1 HISTORY +All of these functions were deprecated in OpenSSL 3.0. + RSA_check_key_ex() appeared after OpenSSL 1.0.2. =head1 COPYRIGHT diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod index 9d8b4228f0..110880f9a0 100644 --- a/doc/man3/RSA_generate_key.pod +++ b/doc/man3/RSA_generate_key.pod @@ -9,6 +9,10 @@ RSA_generate_multi_prime_key - generate RSA key pair #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); @@ -21,6 +25,10 @@ L: =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use L and +L. + RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the B structure provided in B. The pseudo-random number generator must be seeded prior to calling RSA_generate_key_ex(). @@ -95,6 +103,8 @@ L =head1 HISTORY +All of these functions were deprecated in OpenSSL 3.0. + RSA_generate_key() was deprecated in OpenSSL 0.9.8; use RSA_generate_key_ex() instead. diff --git a/doc/man3/RSA_meth_new.pod b/doc/man3/RSA_meth_new.pod index 100c64cbce..a6a5f4738b 100644 --- a/doc/man3/RSA_meth_new.pod +++ b/doc/man3/RSA_meth_new.pod @@ -20,6 +20,10 @@ RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + RSA_METHOD *RSA_meth_new(const char *name, int flags); void RSA_meth_free(RSA_METHOD *meth); @@ -123,6 +127,9 @@ RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs. + The B type is a structure used for the provision of custom RSA implementations. It provides a set of functions used by OpenSSL for the implementation of the various RSA capabilities. @@ -244,6 +251,8 @@ L =head1 HISTORY +All of these functions were deprecated in OpenSSL 3.0. + RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were added in OpenSSL 1.1.1. diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod index 6e679bba0f..0a7b5c3a20 100644 --- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -14,6 +14,10 @@ padding #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, const unsigned char *f, int fl); @@ -58,6 +62,9 @@ padding =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use the EVP PKEY APIs. + The RSA_padding_xxx_xxx() functions are called from the RSA encrypt, decrypt, sign and verify functions. Normally they should not be called from application programs. @@ -148,6 +155,10 @@ L, L, L, L +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod index 2df8bce564..6589bb62e4 100644 --- a/doc/man3/RSA_private_encrypt.pod +++ b/doc/man3/RSA_private_encrypt.pod @@ -8,6 +8,10 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding); @@ -16,6 +20,10 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations =head1 DESCRIPTION +Both of the functions described on this page are deprecated. +Applications should instead use L, +L, L and L. + These functions handle RSA signatures at a low level. RSA_private_encrypt() signs the B bytes at B (usually a @@ -62,6 +70,10 @@ obtained by L. L, L, L +=head1 HISTORY + +Both of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod index 09f26ebc07..dbd4c555bf 100644 --- a/doc/man3/RSA_public_encrypt.pod +++ b/doc/man3/RSA_public_encrypt.pod @@ -8,6 +8,10 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); @@ -16,6 +20,10 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography =head1 DESCRIPTION +Both of the functions described on this page are deprecated. +Applications should instead use L, +L, L and L. + RSA_public_encrypt() encrypts the B bytes at B (usually a session key) using the public key B and stores the ciphertext in B. B must point to RSA_size(B) bytes of memory. @@ -97,6 +105,10 @@ SSL, PKCS #1 v2.0 L, L, L +=head1 HISTORY + +Both of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod index 77af35f246..72963780a0 100644 --- a/doc/man3/RSA_set_method.pod +++ b/doc/man3/RSA_set_method.pod @@ -10,6 +10,10 @@ RSA_new_method - select RSA method #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + void RSA_set_default_method(const RSA_METHOD *meth); RSA_METHOD *RSA_get_default_method(void); @@ -26,6 +30,9 @@ RSA_new_method - select RSA method =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs. + An B specifies the functions that OpenSSL uses for RSA operations. By modifying the method, alternative implementations such as hardware accelerators may be used. IMPORTANT: See the NOTES section for @@ -171,6 +178,8 @@ L =head1 HISTORY +All of these functions were deprecated in OpenSSL 3.0. + The RSA_null_method(), which was a partial attempt to avoid patent issues, was replaced to always return NULL in OpenSSL 1.1.1. diff --git a/doc/man3/RSA_sign.pod b/doc/man3/RSA_sign.pod index a459f2b74f..2cc50a6f1a 100644 --- a/doc/man3/RSA_sign.pod +++ b/doc/man3/RSA_sign.pod @@ -8,6 +8,10 @@ RSA_sign, RSA_verify - RSA signatures #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + int RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa); @@ -16,6 +20,10 @@ RSA_sign, RSA_verify - RSA signatures =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use L, L, +L and L. + RSA_sign() signs the message digest B of size B using the private key B using RSASSA-PKCS1-v1_5 as specified in RFC 3447. It stores the signature in B and the signature size in B. @@ -53,6 +61,10 @@ L, L, L +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod index 27e7cdf6b8..7a156866f8 100644 --- a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod +++ b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod @@ -8,6 +8,10 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa); @@ -18,6 +22,9 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use EVP PKEY APIs. + RSA_sign_ASN1_OCTET_STRING() signs the octet string B of size B using the private key B represented in DER using PKCS #1 padding. It stores the signature in B and the signature size @@ -55,6 +62,10 @@ L, L, L, L +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod index ccc11ba7ab..15db17c299 100644 --- a/doc/man3/RSA_size.pod +++ b/doc/man3/RSA_size.pod @@ -8,6 +8,10 @@ RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + int RSA_size(const RSA *rsa); int RSA_bits(const RSA *rsa); @@ -16,6 +20,10 @@ RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use L, L +and L. + RSA_size() returns the RSA modulus size in bytes. It can be used to determine how much memory must be allocated for an RSA encrypted value. @@ -41,6 +49,8 @@ L =head1 HISTORY +All of these functions were deprecated in OpenSSL 3.0. + The RSA_bits() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -- 2.34.1