Deprecate the low level Diffie-Hellman functions.
Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index babc91f..35fcc02 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -8,12 +8,20 @@
#include <openssl/dh.h>
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_derive_init(3)>
+and L<EVP_PKEY_derive(3)>.
+
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
DH_compute_key(), these are combined with the other party's public
@@ -40,8 +48,13 @@
=head1 SEE ALSO
+L<EVP_PKEY_derive(3)>,
L<DH_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<DH_size(3)>
+=head1 HISTORY
+
+Both of these functions were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
