diff options
author | Matt Caswell <matt@openssl.org> | 2019-12-05 17:09:49 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-01-06 15:09:57 +0000 |
commit | c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4 (patch) | |
tree | 181157c82b41fb40f46ada0f30d33468df50aefb /providers | |
parent | 2852c672a8ecb02a74d0adeeb93c661b7d2d7511 (diff) |
Deprecate the low level AES functions
Use of the low level AES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)
Diffstat (limited to 'providers')
14 files changed, 90 insertions, 0 deletions
diff --git a/providers/implementations/ciphers/cipher_aes.c b/providers/implementations/ciphers/cipher_aes.c index 561377a27b..2d42f1d8ff 100644 --- a/providers/implementations/ciphers/cipher_aes.c +++ b/providers/implementations/ciphers/cipher_aes.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * AES low level APIs are deprecated for public use, but still ok for internal + * use where we're using them to implement the higher level EVP interface, as is + * the case here. + */ +#include "internal/deprecated.h" + /* Dispatch functions for AES cipher modes ecb, cbc, ofb, cfb, ctr */ #include "cipher_aes.h" diff --git a/providers/implementations/ciphers/cipher_aes_ccm.c b/providers/implementations/ciphers/cipher_aes_ccm.c index c800d1284d..ad7f14bf85 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm.c +++ b/providers/implementations/ciphers/cipher_aes_ccm.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * AES low level APIs are deprecated for public use, but still ok for internal + * use where we're using them to implement the higher level EVP interface, as is + * the case here. + */ +#include "internal/deprecated.h" + /* Dispatch functions for AES CCM mode */ #include "cipher_aes_ccm.h" diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw.c b/providers/implementations/ciphers/cipher_aes_ccm_hw.c index 5f4accdb54..f4410ca755 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ccm_hw.c @@ -9,6 +9,12 @@ /* AES CCM mode */ +/* + * This file uses the low level AES functions (which are deprecated for + * non-internal use) in order to implement provider AES ciphers. + */ +#include "internal/deprecated.h" + #include "cipher_aes_ccm.h" #define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c index bb0b8debc0..3f3d923a56 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm.c +++ b/providers/implementations/ciphers/cipher_aes_gcm.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * AES low level APIs are deprecated for public use, but still ok for internal + * use where we're using them to implement the higher level EVP interface, as is + * the case here. + */ +#include "internal/deprecated.h" + /* Dispatch functions for AES GCM mode */ #include "cipher_aes_gcm.h" diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_hw.c index 08ee34ef1e..0eb799451d 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c +++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c @@ -9,6 +9,12 @@ /* Dispatch functions for AES GCM mode */ +/* + * This file uses the low level AES functions (which are deprecated for + * non-internal use) in order to implement provider AES ciphers. + */ +#include "internal/deprecated.h" + #include "cipher_aes_gcm.h" static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, diff --git a/providers/implementations/ciphers/cipher_aes_hw.c b/providers/implementations/ciphers/cipher_aes_hw.c index e9a7c31f98..835e0b968b 100644 --- a/providers/implementations/ciphers/cipher_aes_hw.c +++ b/providers/implementations/ciphers/cipher_aes_hw.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * This file uses the low level AES functions (which are deprecated for + * non-internal use) in order to implement provider AES ciphers. + */ +#include "internal/deprecated.h" + #include "cipher_aes.h" #include "prov/providercommonerr.h" diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index 03ec70b949..2f85604a87 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * AES low level APIs are deprecated for public use, but still ok for internal + * use where we're using them to implement the higher level EVP interface, as is + * the case here. + */ +#include "internal/deprecated.h" + #include "cipher_aes_ocb.h" #include "prov/providercommonerr.h" #include "prov/ciphercommon_aead.h" diff --git a/providers/implementations/ciphers/cipher_aes_ocb_hw.c b/providers/implementations/ciphers/cipher_aes_ocb_hw.c index 49f387b5ba..75622cda78 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * This file uses the low level AES functions (which are deprecated for + * non-internal use) in order to implement provider AES ciphers. + */ +#include "internal/deprecated.h" + #include "cipher_aes_ocb.h" #define OCB_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c index ada6b27435..8ba26ffd9c 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.c +++ b/providers/implementations/ciphers/cipher_aes_siv.c @@ -9,6 +9,12 @@ /* Dispatch functions for AES SIV mode */ +/* + * This file uses the low level AES functions (which are deprecated for + * non-internal use) in order to implement provider AES ciphers. + */ +#include "internal/deprecated.h" + #include "cipher_aes_siv.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" diff --git a/providers/implementations/ciphers/cipher_aes_siv_hw.c b/providers/implementations/ciphers/cipher_aes_siv_hw.c index b8fbc61a63..17cdf76579 100644 --- a/providers/implementations/ciphers/cipher_aes_siv_hw.c +++ b/providers/implementations/ciphers/cipher_aes_siv_hw.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * This file uses the low level AES functions (which are deprecated for + * non-internal use) in order to implement provider AES ciphers. + */ +#include "internal/deprecated.h" + #include "cipher_aes_siv.h" static int aes_siv_initkey(void *vctx, const unsigned char *key, size_t keylen) diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index 5dedde748a..0de2a5f651 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * This file uses the low level AES functions (which are deprecated for + * non-internal use) in order to implement provider AES ciphers. + */ +#include "internal/deprecated.h" + #include "cipher_aes.h" #include "prov/providercommonerr.h" #include "prov/implementations.h" diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c index eefb6a0d4b..1da73c16e3 100644 --- a/providers/implementations/ciphers/cipher_aes_xts.c +++ b/providers/implementations/ciphers/cipher_aes_xts.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * AES low level APIs are deprecated for public use, but still ok for internal + * use where we're using them to implement the higher level EVP interface, as is + * the case here. + */ +#include "internal/deprecated.h" + #include "cipher_aes_xts.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" diff --git a/providers/implementations/ciphers/cipher_aes_xts_fips.c b/providers/implementations/ciphers/cipher_aes_xts_fips.c index c99d6ed2f4..d3a4f25e8f 100644 --- a/providers/implementations/ciphers/cipher_aes_xts_fips.c +++ b/providers/implementations/ciphers/cipher_aes_xts_fips.c @@ -7,6 +7,13 @@ * https://www.openssl.org/source/license.html */ +/* + * AES low level APIs are deprecated for public use, but still ok for internal + * use where we're using them to implement the higher level EVP interface, as is + * the case here. + */ +#include "internal/deprecated.h" + #include "cipher_aes_xts.h" #ifdef FIPS_MODE diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c index b9472b266e..d66a02367d 100644 --- a/providers/implementations/ciphers/cipher_aes_xts_hw.c +++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * This file uses the low level AES functions (which are deprecated for + * non-internal use) in order to implement provider AES ciphers. + */ +#include "internal/deprecated.h" + #include "cipher_aes_xts.h" #define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ |