From 7f572e958b13041056f377a62d3219633cfb1e8a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 2 Dec 2015 13:57:04 +0000 Subject: Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte --- doc/crypto/EVP_DigestInit.pod | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'doc') diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 1616309728..cfb9e1410e 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -7,7 +7,7 @@ EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, -EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss1, EVP_mdc2, +EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -50,7 +50,6 @@ EVP digest routines const EVP_MD *EVP_md2(void); const EVP_MD *EVP_md5(void); const EVP_MD *EVP_sha1(void); - const EVP_MD *EVP_dss1(void); const EVP_MD *EVP_mdc2(void); const EVP_MD *EVP_ripemd160(void); @@ -137,11 +136,6 @@ EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 and RIPEMD160 digest algorithms respectively. -EVP_dss1() returns B an structure the SHA1 digest -algorithm but using DSS (DSA) for the signature algorithm. Note: there is -no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are -however retained for compatibility. - EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it returns is of zero length. @@ -164,7 +158,7 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and EVP_MD_CTX_block_size() return the digest or block size in bytes. EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), -EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the +EVP_mdc2() and EVP_ripemd160() return pointers to the corresponding EVP_MD structures. EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() @@ -261,7 +255,7 @@ L =head1 HISTORY The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now EVP_sha1() can be used with RSA and DSA; there is no need to -use EVP_dss1() any more. +later, so now EVP_sha1() can be used with RSA and DSA. The legacy EVP_dss1() +was removed in OpenSSL 1.1.0 =cut -- cgit v1.2.3