From: Filippo Valsorda <filippo@golang.org>
Date: Sun, 7 Sep 2025 13:36:10 +0000 (+0200)
Subject: crypto/ecdsa: deprecate direct use of big.Int fields in keys
X-Git-Tag: go1.26rc1~930
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=645ee44492;p=gostls13.git

crypto/ecdsa: deprecate direct use of big.Int fields in keys

Updates #63963

Change-Id: I6a6a69645e625cde1ac1c6abf698a5fd3d52b4cf
Reviewed-on: https://go-review.googlesource.com/c/go/+/701516
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---

diff --git a/api/next/63963.txt b/api/next/63963.txt
new file mode 100644
index 0000000000..c1aaae5044
--- /dev/null
+++ b/api/next/63963.txt
@@ -0,0 +1,3 @@
+pkg crypto/ecdsa, type PrivateKey struct, D //deprecated #63963
+pkg crypto/ecdsa, type PublicKey struct, X //deprecated #63963
+pkg crypto/ecdsa, type PublicKey struct, Y //deprecated #63963
diff --git a/doc/next/6-stdlib/99-minor/crypto/ecdsa/63963.md b/doc/next/6-stdlib/99-minor/crypto/ecdsa/63963.md
new file mode 100644
index 0000000000..81efc00bb5
--- /dev/null
+++ b/doc/next/6-stdlib/99-minor/crypto/ecdsa/63963.md
@@ -0,0 +1 @@
+The `big.Int` fields of [PublicKey] and [PrivateKey] are now deprecated.
diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index 340edbbaba..54fbecb576 100644
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -44,15 +44,13 @@ type PublicKey struct {
 
 	// X, Y are the coordinates of the public key point.
 	//
-	// Modifying the raw coordinates can produce invalid keys, and may
+	// Deprecated: modifying the raw coordinates can produce invalid keys, and may
 	// invalidate internal optimizations; moreover, [big.Int] methods are not
 	// suitable for operating on cryptographic values. To encode and decode
 	// PublicKey values, use [PublicKey.Bytes] and [ParseUncompressedPublicKey]
 	// or [crypto/x509.MarshalPKIXPublicKey] and [crypto/x509.ParsePKIXPublicKey].
 	// For ECDH, use [crypto/ecdh]. For lower-level elliptic curve operations,
 	// use a third-party module like filippo.io/nistec.
-	//
-	// These fields will be deprecated in Go 1.26.
 	X, Y *big.Int
 }
 
@@ -171,14 +169,12 @@ type PrivateKey struct {
 
 	// D is the private scalar value.
 	//
-	// Modifying the raw value can produce invalid keys, and may
+	// Deprecated: modifying the raw value can produce invalid keys, and may
 	// invalidate internal optimizations; moreover, [big.Int] methods are not
 	// suitable for operating on cryptographic values. To encode and decode
 	// PrivateKey values, use [PrivateKey.Bytes] and [ParseRawPrivateKey] or
 	// [crypto/x509.MarshalPKCS8PrivateKey] and [crypto/x509.ParsePKCS8PrivateKey].
 	// For ECDH, use [crypto/ecdh].
-	//
-	// This field will be deprecated in Go 1.26.
 	D *big.Int
 }