Deprecate the low level Diffie-Hellman functions.

[thirdparty/openssl.git] / doc / man3 / DH_generate_key.pod

diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index babc91fef1859ee0845392f74fc45663a3f862cc..35fcc020b020cb1118d2246e4ffcf2308b49bd5a 100644 (file)
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -8,12 +8,20 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
 
  #include <openssl/dh.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  int DH_generate_key(DH *dh);
 
  int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
 
 =head1 DESCRIPTION
 
+Both of the functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_derive_init(3)>
+and L<EVP_PKEY_derive(3)>.
+
 DH_generate_key() performs the first step of a Diffie-Hellman key
 exchange by generating private and public DH values. By calling
 DH_compute_key(), these are combined with the other party's public
@@ -40,8 +48,13 @@ The error codes can be obtained by L<ERR_get_error(3)>.
 
 =head1 SEE ALSO
 
+L<EVP_PKEY_derive(3)>,
 L<DH_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<DH_size(3)>
 
+=head1 HISTORY
+
+Both of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.