Deprecate sign() and verify() (#1256)

pyca · Oct 2, 2023 · d129af2 · d129af2
1 parent 8bfe5df
commit d129af2
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -24,6 +24,7 @@ Deprecations:
 - Deprecated ``OpenSSL.crypto.CRL``
 - Deprecated ``OpenSSL.crypto.Revoked``
 - Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl``
+- Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``
 
 Changes:
 ^^^^^^^^

diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
@@ -3149,6 +3149,15 @@ def sign(pkey: PKey, data: Union[str, bytes], digest: str) -> bytes:
     return _ffi.buffer(signature_buffer, signature_length[0])[:]
 
 
+utils.deprecated(
+    sign,
+    __name__,
+    "sign() is deprecated. Use the equivilant APIs in cryptography.",
+    DeprecationWarning,
+    name="sign",
+)
+
+
 def verify(
     cert: X509, signature: bytes, data: Union[str, bytes], digest: str
 ) -> None:
@@ -3187,6 +3196,15 @@ def verify(
         _raise_current_error()
 
 
+utils.deprecated(
+    verify,
+    __name__,
+    "verify() is deprecated. Use the equivilant APIs in cryptography.",
+    DeprecationWarning,
+    name="verify",
+)
+
+
 def dump_crl(type: int, crl: CRL) -> bytes:
     """
     Dump a certificate revocation list to a buffer.