Browse Source

Deprecate EVP_PKEY_set1_tls_encodedpoint()

Also deprecate EVP_PKEY_get1_tls_encodedpoint().

The preferred alternative is EVP_PKEY_set1_encoded_public_key() and

Reviewed-by: Tomas Mraz <>
(Merged from
Matt Caswell 2 years ago
4 changed files with 48 additions and 15 deletions
  1. +10
  2. +28
  3. +8
  4. +2

+ 10
- 0 View File

@ -23,6 +23,16 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
* Deprecated EVP_PKEY_set1_tls_encodedpoint() and
EVP_PKEY_get1_tls_encodedpoint(). These functions were previously used by
libssl to set or get an encoded public key in/from an EVP_PKEY object. With
OpenSSL 3.0 these are replaced by the more generic functions
EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key().
The old versions have been converted to deprecated macros that just call the
new functions.
*Matt Caswell*
* The security callback, which can be customised by application code, supports
the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
in the "other" parameter. In most places this is what is passed. All these

+ 28
- 11
doc/man3/EVP_PKEY_set1_encoded_public_key.pod View File

@ -2,7 +2,8 @@
=head1 NAME
EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key
EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key,
EVP_PKEY_set1_tls_encodedpoint, EVP_PKEY_get1_tls_encodedpoint
- functions to set and get public key data within an EVP_PKEY
@ -14,11 +15,14 @@ EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key
size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub);
#define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \
EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen))
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
#define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \
EVP_PKEY_get1_encoded_public_key((pkey), (ppt))
int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
const unsigned char *pt, size_t ptlen);
size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt);
@ -46,6 +50,15 @@ be allocated and stored in B<*ppub>. The length of the encoded public key is
returned by the function. The application is responsible for freeing the
allocated buffer.
The macro EVP_PKEY_set1_tls_encodedpoint() is deprecated and simply calls
EVP_PKEY_set1_encoded_public_key() with all the same arguments. New applications
should use EVP_PKEY_set1_encoded_public_key() instead.
The macro EVP_PKEY_get1_tls_encodedpoint() is deprecated and simply calls
EVP_PKEY_get1_encoded_public_key() with all the same arguments. New applications
should use EVP_PKEY_get1_encoded_public_key() instead.
EVP_PKEY_set1_encoded_public_key() returns 1 for success and 0 or a negative
@ -61,7 +74,7 @@ performing a key exchange operation.
=head2 Set up a peer's EVP_PKEY ready for a key exchange operation
#include <openssl/evp.h>
int exchange(EVP_PKEY *ourkey, unsigned char *peer_pub, size_t peer_pub_len)
EVP_PKEY *peerkey = EVP_PKEY_new();
@ -72,11 +85,11 @@ performing a key exchange operation.
if (EVP_PKEY_set1_encoded_public_key(peerkey, peer_pub,
peer_pub_len) <= 0)
return 0;
/* Do the key exchange here */
return 1;
@ -104,13 +117,17 @@ performing a key exchange operation.
=head1 SEE ALSO
L<EVP_PKEY_new(3)>, L<EVP_PKEY_copy_parameters(7)>,
L<EVP_PKEY_new(3)>, L<EVP_PKEY_copy_parameters(3)>,
L<EVP_PKEY_derive_init(3)>, L<EVP_PKEY_derive(3)>,
L<EVP_PKEY-DH(7)>, L<EVP_PKEY-EC(7)>, L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>
=head1 HISTORY
These functions were added in OpenSSL 3.0.
EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key() were
added in OpenSSL 3.0.
EVP_PKEY_set1_tls_encodedpoint() and EVP_PKEY_get1_tls_encodedpoint() were
deprecated in OpenSSL 3.0.

+ 8
- 4
include/openssl/evp.h View File

@ -1280,22 +1280,26 @@ int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
char *mdname, size_t mdname_sz);
int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
* For backwards compatibility. Use EVP_PKEY_set1_encoded_public_key in
* preference
#define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \
EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen))
# define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \
EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen))
# endif
int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey,
const unsigned char *pub, size_t publen);
* For backwards compatibility. Use EVP_PKEY_get1_encoded_public_key in
* preference
#define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \
EVP_PKEY_get1_encoded_public_key((pkey), (ppt))
# define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \
EVP_PKEY_get1_encoded_public_key((pkey), (ppt))
# endif
size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub);

+ 2
- 0
util/other.syms View File

@ -601,3 +601,5 @@ OSSL_TRACE1 define
OSSL_TRACE2 define
OSSL_TRACE9 define
TS_VERIFY_CTS_set_certs define deprecated 3.0.0
EVP_PKEY_get1_tls_encodedpoint define deprecated 3.0.0
EVP_PKEY_set1_tls_encodedpoint define deprecated 3.0.0