Browse Source

Deprecate the low level AES functions

Use of the low level AES functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)
master
Matt Caswell 3 years ago
parent
commit
c72fa2554f
36 changed files with 327 additions and 72 deletions
  1. +11
    -1
      CHANGES
  2. +5
    -0
      Configure
  3. +15
    -5
      apps/speed.c
  4. +7
    -0
      crypto/aes/aes_cbc.c
  5. +6
    -0
      crypto/aes/aes_cfb.c
  6. +7
    -0
      crypto/aes/aes_core.c
  7. +6
    -0
      crypto/aes/aes_ecb.c
  8. +6
    -0
      crypto/aes/aes_ige.c
  9. +5
    -3
      crypto/aes/aes_misc.c
  10. +6
    -0
      crypto/aes/aes_ofb.c
  11. +6
    -0
      crypto/aes/aes_wrap.c
  12. +6
    -0
      crypto/evp/e_aes.c
  13. +7
    -0
      crypto/evp/e_aes_cbc_hmac_sha1.c
  14. +7
    -0
      crypto/evp/e_aes_cbc_hmac_sha256.c
  15. +6
    -0
      engines/e_padlock.c
  16. +29
    -0
      include/internal/deprecated.h
  17. +61
    -46
      include/openssl/aes.h
  18. +3
    -0
      include/openssl/macros.h
  19. +7
    -0
      providers/implementations/ciphers/cipher_aes.c
  20. +7
    -0
      providers/implementations/ciphers/cipher_aes_ccm.c
  21. +6
    -0
      providers/implementations/ciphers/cipher_aes_ccm_hw.c
  22. +7
    -0
      providers/implementations/ciphers/cipher_aes_gcm.c
  23. +6
    -0
      providers/implementations/ciphers/cipher_aes_gcm_hw.c
  24. +6
    -0
      providers/implementations/ciphers/cipher_aes_hw.c
  25. +7
    -0
      providers/implementations/ciphers/cipher_aes_ocb.c
  26. +6
    -0
      providers/implementations/ciphers/cipher_aes_ocb_hw.c
  27. +6
    -0
      providers/implementations/ciphers/cipher_aes_siv.c
  28. +6
    -0
      providers/implementations/ciphers/cipher_aes_siv_hw.c
  29. +6
    -0
      providers/implementations/ciphers/cipher_aes_wrp.c
  30. +7
    -0
      providers/implementations/ciphers/cipher_aes_xts.c
  31. +7
    -0
      providers/implementations/ciphers/cipher_aes_xts_fips.c
  32. +6
    -0
      providers/implementations/ciphers/cipher_aes_xts_hw.c
  33. +8
    -4
      test/build.info
  34. +6
    -0
      test/modes_internal_test.c
  35. +11
    -0
      test/recipes/90-test_ige.t
  36. +13
    -13
      util/libcrypto.num

+ 11
- 1
CHANGES View File

@ -363,7 +363,17 @@
for scripting purposes.
[Richard Levitte]
*) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been
*) All of the low level AES functions have been deprecated including:
AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
AES_cfb1_encrypt, AES_cfb8_encrypt, AES_ofb128_encrypt, AES_wrap_key and
AES_unwrap_key
Use of these low level functions has been informally discouraged for a long
time. Instead applications should use the high level EVP APIs, e.g.
EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
equivalently named decrypt functions.
The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have also been
deprecated. These undocumented functions were never integrated into the EVP
layer and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised and


+ 5
- 0
Configure View File

@ -559,6 +559,11 @@ my @disable_cascades = (
"legacy" => [ "md2" ],
"cmp" => [ "crmf" ],
# Padlock engine uses low-level AES APIs which are deprecated
sub { $disabled{"deprecated"}
&& (!defined $config{"api"} || $config{"api"} >= 30000) }
=> [ "padlockeng" ]
);
# Avoid protocol support holes. Also disable all versions below N, if version


+ 15
- 5
apps/speed.c View File

@ -44,7 +44,9 @@
#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
#include <openssl/aes.h>
#endif
#ifndef OPENSSL_NO_CAMELLIA
# include <openssl/camellia.h>
#endif
@ -358,10 +360,10 @@ static const OPT_PAIR doit_choices[] = {
{"des-cbc", D_CBC_DES},
{"des-ede3", D_EDE3_DES},
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
{"aes-128-cbc", D_CBC_128_AES},
{"aes-192-cbc", D_CBC_192_AES},
{"aes-256-cbc", D_CBC_256_AES},
#ifndef OPENSSL_NO_DEPRECATED_3_0
{"aes-128-ige", D_IGE_128_AES},
{"aes-192-ige", D_IGE_192_AES},
{"aes-256-ige", D_IGE_256_AES},
@ -752,6 +754,8 @@ static int DES_ede3_cbc_encrypt_loop(void *args)
#define MAX_BLOCK_SIZE 128
static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
#ifndef OPENSSL_NO_DEPRECATED_3_0
static AES_KEY aes_ks1, aes_ks2, aes_ks3;
static int AES_cbc_128_encrypt_loop(void *args)
{
@ -786,7 +790,6 @@ static int AES_cbc_256_encrypt_loop(void *args)
return count;
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
static int AES_ige_128_encrypt_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **) args;
@ -822,7 +825,6 @@ static int AES_ige_256_encrypt_loop(void *args)
(size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
return count;
}
#endif
static int CRYPTO_gcm128_aad_loop(void *args)
{
@ -834,6 +836,7 @@ static int CRYPTO_gcm128_aad_loop(void *args)
CRYPTO_gcm128_aad(gcm_ctx, buf, lengths[testnum]);
return count;
}
#endif
static int RAND_bytes_loop(void *args)
{
@ -1749,10 +1752,12 @@ int speed_main(int argc, char **argv)
}
}
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (strcmp(algo, "aes") == 0) {
doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
continue;
}
#endif
#ifndef OPENSSL_NO_CAMELLIA
if (strcmp(algo, "camellia") == 0) {
doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
@ -1946,9 +1951,11 @@ int speed_main(int argc, char **argv)
DES_set_key_unchecked(&keys[2], &sch[2]);
}
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
AES_set_encrypt_key(key16, 128, &aes_ks1);
AES_set_encrypt_key(key24, 192, &aes_ks2);
AES_set_encrypt_key(key32, 256, &aes_ks3);
#endif
#ifndef OPENSSL_NO_CAMELLIA
if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) {
Camellia_set_key(key16, 128, &camellia_ks[0]);
@ -2407,6 +2414,7 @@ int speed_main(int argc, char **argv)
}
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (doit[D_CBC_128_AES]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum],
@ -2441,7 +2449,7 @@ int speed_main(int argc, char **argv)
}
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (doit[D_IGE_128_AES]) {
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum],
@ -2475,7 +2483,6 @@ int speed_main(int argc, char **argv)
print_result(D_IGE_256_AES, testnum, count, d);
}
}
#endif
if (doit[D_GHASH]) {
for (i = 0; i < loopargs_len; i++) {
loopargs[i].gcm_ctx =
@ -2495,6 +2502,7 @@ int speed_main(int argc, char **argv)
for (i = 0; i < loopargs_len; i++)
CRYPTO_gcm128_release(loopargs[i].gcm_ctx);
}
#endif /* OPENSSL_NO_DEPRECATED_3_0 */
#ifndef OPENSSL_NO_CAMELLIA
if (doit[D_CBC_128_CML]) {
if (async_jobs > 0) {
@ -3488,7 +3496,9 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_DES
printf("%s ", DES_options());
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
printf("%s ", AES_options());
#endif
#ifndef OPENSSL_NO_IDEA
printf("%s ", IDEA_options());
#endif


+ 7
- 0
crypto/aes/aes_cbc.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <openssl/aes.h>
#include <openssl/modes.h>


+ 6
- 0
crypto/aes/aes_cfb.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES_encrypt is deprecated - but we need to use it to implement these other
* deprecated APIs.
*/
#include "internal/deprecated.h"
#include <openssl/aes.h>
#include <openssl/modes.h>


+ 7
- 0
crypto/aes/aes_core.c View File

@ -36,6 +36,13 @@
/* Note: rewritten a little bit to provide error control and an OpenSSL-
compatible API */
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <assert.h>
#include <stdlib.h>


+ 6
- 0
crypto/aes/aes_ecb.c View File

@ -9,6 +9,12 @@
#include <assert.h>
/*
* AES_encrypt/AES_decrypt are deprecated - but we need to use them to implement
* AES_ecb_encrypt
*/
#include "internal/deprecated.h"
#include <openssl/aes.h>
#include "aes_local.h"


+ 6
- 0
crypto/aes/aes_ige.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES_encrypt/AES_decrypt are deprecated - but we need to use them to implement
* these functions
*/
#include "internal/deprecated.h"
#include "internal/cryptlib.h"
#ifdef OPENSSL_NO_DEPRECATED_3_0


+ 5
- 3
crypto/aes/aes_misc.c View File

@ -11,11 +11,13 @@
#include <openssl/aes.h>
#include "aes_local.h"
#ifndef OPENSSL_NO_DEPRECATED_3_0
const char *AES_options(void)
{
#ifdef FULL_UNROLL
# ifdef FULL_UNROLL
return "aes(full)";
#else
# else
return "aes(partial)";
#endif
# endif
}
#endif

+ 6
- 0
crypto/aes/aes_ofb.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES_encrypt is deprecated - but we need to use it to implement
* AES_ofb128_encrypt
*/
#include "internal/deprecated.h"
#include <openssl/aes.h>
#include <openssl/modes.h>


+ 6
- 0
crypto/aes/aes_wrap.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES_encrypt/AES_decrypt are deprecated - but we need to use them to implement
* these functions
*/
#include "internal/deprecated.h"
#include "internal/cryptlib.h"
#include <openssl/aes.h>
#include <openssl/modes.h>


+ 6
- 0
crypto/evp/e_aes.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement the EVP AES ciphers.
*/
#include "internal/deprecated.h"
#include <string.h>
#include <assert.h>
#include <openssl/opensslconf.h>


+ 7
- 0
crypto/evp/e_aes_cbc_hmac_sha1.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <string.h>
#include <openssl/opensslconf.h>


+ 7
- 0
crypto/evp/e_aes_cbc_hmac_sha256.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <string.h>
#include <openssl/opensslconf.h>


+ 6
- 0
engines/e_padlock.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement the padlock engine AES ciphers.
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include <stdio.h>
#include <string.h>


+ 29
- 0
include/internal/deprecated.h View File

@ -0,0 +1,29 @@
/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This header file should be included by internal code that needs to use APIs
* that have been deprecated for public use, but where those symbols will still
* be available internally. For example the EVP and provider code needs to use
* low level APIs that are otherwise deprecated.
*
* This header *must* be the first OpenSSL header included by a source file.
*/
#ifndef OSSL_INTERNAL_DEPRECATED_H
# define OSSL_INTERNAL_DEPRECATED_H
# include <openssl/configuration.h>
# undef OPENSSL_NO_DEPRECATED
# define OPENSSL_SUPPRESS_DEPRECATED
# include <openssl/macros.h>
#endif

+ 61
- 46
include/openssl/aes.h View File

@ -23,56 +23,69 @@
extern "C" {
# endif
# define AES_ENCRYPT 1
# define AES_DECRYPT 0
/*
* Because array size can't be a const in C, the following two are macros.
* Both sizes are in bytes.
*/
# define AES_MAXNR 14
# define AES_BLOCK_SIZE 16
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define AES_ENCRYPT 1
# define AES_DECRYPT 0
# define AES_MAXNR 14
/* This should be a hidden type, but EVP requires that the size be known */
struct aes_key_st {
# ifdef AES_LONG
# ifdef AES_LONG
unsigned long rd_key[4 * (AES_MAXNR + 1)];
# else
# else
unsigned int rd_key[4 * (AES_MAXNR + 1)];
# endif
# endif
int rounds;
};
typedef struct aes_key_st AES_KEY;
const char *AES_options(void);
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
void AES_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key);
void AES_decrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key);
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc);
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, const int enc);
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc);
void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc);
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc);
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num);
# endif
DEPRECATEDIN_3_0(const char *AES_options(void))
DEPRECATEDIN_3_0(int
AES_set_encrypt_key(const unsigned char *userKey,
const int bits, AES_KEY *key))
DEPRECATEDIN_3_0(int
AES_set_decrypt_key(const unsigned char *userKey,
const int bits, AES_KEY *key))
DEPRECATEDIN_3_0(void
AES_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key))
DEPRECATEDIN_3_0(void
AES_decrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key))
DEPRECATEDIN_3_0(void
AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc))
DEPRECATEDIN_3_0(void
AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, const int enc))
DEPRECATEDIN_3_0(void
AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num,
const int enc))
DEPRECATEDIN_3_0(void
AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc))
DEPRECATEDIN_3_0(void
AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc))
DEPRECATEDIN_3_0(void
AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num))
/* NB: the IV is _two_ blocks long */
DEPRECATEDIN_3_0(void
@ -86,12 +99,14 @@ DEPRECATEDIN_3_0(void
const AES_KEY *key2,
const unsigned char *ivec, const int enc))
int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen);
int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen);
DEPRECATEDIN_3_0(int
AES_wrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out, const unsigned char *in,
unsigned int inlen))
DEPRECATEDIN_3_0(int
AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out, const unsigned char *in,
unsigned int inlen))
# ifdef __cplusplus


+ 3
- 0
include/openssl/macros.h View File

@ -25,6 +25,9 @@
/*
* Generic deprecation macro
*
* If OPENSSL_SUPPRESS_DEPRECATED is defined, then DECLARE_DEPRECATED
* becomes a no-op
*/
# ifndef DECLARE_DEPRECATED
# define DECLARE_DEPRECATED(f) f;


+ 7
- 0
providers/implementations/ciphers/cipher_aes.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
/* Dispatch functions for AES cipher modes ecb, cbc, ofb, cfb, ctr */
#include "cipher_aes.h"


+ 7
- 0
providers/implementations/ciphers/cipher_aes_ccm.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
/* Dispatch functions for AES CCM mode */
#include "cipher_aes_ccm.h"


+ 6
- 0
providers/implementations/ciphers/cipher_aes_ccm_hw.c View File

@ -9,6 +9,12 @@
/* AES CCM mode */
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes_ccm.h"
#define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \


+ 7
- 0
providers/implementations/ciphers/cipher_aes_gcm.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
/* Dispatch functions for AES GCM mode */
#include "cipher_aes_gcm.h"


+ 6
- 0
providers/implementations/ciphers/cipher_aes_gcm_hw.c View File

@ -9,6 +9,12 @@
/* Dispatch functions for AES GCM mode */
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes_gcm.h"
static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,


+ 6
- 0
providers/implementations/ciphers/cipher_aes_hw.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes.h"
#include "prov/providercommonerr.h"


+ 7
- 0
providers/implementations/ciphers/cipher_aes_ocb.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include "cipher_aes_ocb.h"
#include "prov/providercommonerr.h"
#include "prov/ciphercommon_aead.h"


+ 6
- 0
providers/implementations/ciphers/cipher_aes_ocb_hw.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes_ocb.h"
#define OCB_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \


+ 6
- 0
providers/implementations/ciphers/cipher_aes_siv.c View File

@ -9,6 +9,12 @@
/* Dispatch functions for AES SIV mode */
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes_siv.h"
#include "prov/implementations.h"
#include "prov/providercommonerr.h"


+ 6
- 0
providers/implementations/ciphers/cipher_aes_siv_hw.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes_siv.h"
static int aes_siv_initkey(void *vctx, const unsigned char *key, size_t keylen)


+ 6
- 0
providers/implementations/ciphers/cipher_aes_wrp.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"


+ 7
- 0
providers/implementations/ciphers/cipher_aes_xts.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include "cipher_aes_xts.h"
#include "prov/implementations.h"
#include "prov/providercommonerr.h"


+ 7
- 0
providers/implementations/ciphers/cipher_aes_xts_fips.c View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* AES low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include "cipher_aes_xts.h"
#ifdef FIPS_MODE


+ 6
- 0
providers/implementations/ciphers/cipher_aes_xts_hw.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes_xts.h"
#define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \


+ 8
- 4
test/build.info View File

@ -40,7 +40,7 @@ IF[{- !$disabled{tests} -}]
dhtest enginetest casttest \
bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
igetest v3nametest v3ext \
v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
conf_include_test params_api_test params_conversion_test \
constant_time_test verify_extra_test clienthellotest \
@ -214,9 +214,13 @@ IF[{- !$disabled{tests} -}]
INCLUDE[evp_pkey_provided_test]=../include ../apps/include
DEPEND[evp_pkey_provided_test]=../libcrypto libtestutil.a
SOURCE[igetest]=igetest.c
INCLUDE[igetest]=../include ../apps/include
DEPEND[igetest]=../libcrypto libtestutil.a
IF[{- !$disabled{"deprecated"}
|| (defined $config{"api"} && $config{"api"} < 30000) -}]
PROGRAMS{noinst}=igetest
SOURCE[igetest]=igetest.c
INCLUDE[igetest]=../include ../apps/include
DEPEND[igetest]=../libcrypto libtestutil.a
ENDIF
SOURCE[v3nametest]=v3nametest.c
INCLUDE[v3nametest]=../include ../apps/include


+ 6
- 0
test/modes_internal_test.c View File

@ -9,6 +9,12 @@
/* Internal tests for the modes module */
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to test the modes code
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <string.h>


+ 11
- 0
test/recipes/90-test_ige.t View File

@ -7,6 +7,17 @@
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use OpenSSL::Test::Simple;
use OpenSSL::Test;
use OpenSSL::Test::Utils;
setup("test_ige");
plan skip_all => "AES_ige support is disabled in this build"
if disabled("deprecated")
&& (!defined config("api") || config("api") >= 30000);
simple_test("test_ige", "igetest");

+ 13
- 13
util/libcrypto.num View File

@ -745,7 +745,7 @@ PKCS7_ENC_CONTENT_free 763 3_0_0 EXIST::FUNCTION:
CMS_RecipientInfo_type 764 3_0_0 EXIST::FUNCTION:CMS
OCSP_BASICRESP_get_ext 765 3_0_0 EXIST::FUNCTION:OCSP
BN_lebin2bn 766 3_0_0 EXIST::FUNCTION:
AES_decrypt 767 3_0_0 EXIST::FUNCTION:
AES_decrypt 767 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
BIO_fd_should_retry 768 3_0_0 EXIST::FUNCTION:
ASN1_STRING_new 769 3_0_0 EXIST::FUNCTION:
ENGINE_init 770 3_0_0 EXIST::FUNCTION:ENGINE
@ -951,7 +951,7 @@ CRYPTO_THREAD_read_lock 974 3_0_0 EXIST::FUNCTION:
ASIdentifierChoice_free 975 3_0_0 EXIST::FUNCTION:RFC3779
BIO_dgram_sctp_msg_waiting 976 3_0_0 EXIST::FUNCTION:DGRAM,SCTP
BN_is_bit_set 978 3_0_0 EXIST::FUNCTION:
AES_ofb128_encrypt 979 3_0_0 EXIST::FUNCTION:
AES_ofb128_encrypt 979 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_STORE_add_lookup 980 3_0_0 EXIST::FUNCTION:
ASN1_GENERALSTRING_new 981 3_0_0 EXIST::FUNCTION:
IDEA_options 982 3_0_0 EXIST::FUNCTION:IDEA
@ -1251,7 +1251,7 @@ d2i_DIST_POINT_NAME 1279 3_0_0 EXIST::FUNCTION:
ASN1_INTEGER_set_int64 1280 3_0_0 EXIST::FUNCTION:
ASN1_TIME_free 1281 3_0_0 EXIST::FUNCTION:
i2o_SCT_LIST 1282 3_0_0 EXIST::FUNCTION:CT
AES_encrypt 1283 3_0_0 EXIST::FUNCTION:
AES_encrypt 1283 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
MD5_Init 1284 3_0_0 EXIST::FUNCTION:MD5
UI_add_error_string 1285 3_0_0 EXIST::FUNCTION:
X509_TRUST_cleanup 1286 3_0_0 EXIST::FUNCTION:
@ -1470,9 +1470,9 @@ PKCS7_dataFinal 1503 3_0_0 EXIST::FUNCTION:
SHA1_Final 1504 3_0_0 EXIST::FUNCTION:
i2a_ASN1_STRING 1505 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_rand_key 1506 3_0_0 EXIST::FUNCTION:
AES_set_encrypt_key 1507 3_0_0 EXIST::FUNCTION:
AES_set_encrypt_key 1507 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ASN1_UTCTIME_new 1508 3_0_0 EXIST::FUNCTION:
AES_cbc_encrypt 1509 3_0_0 EXIST::FUNCTION:
AES_cbc_encrypt 1509 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OCSP_RESPDATA_free 1510 3_0_0 EXIST::FUNCTION:OCSP
EVP_PKEY_asn1_find 1511 3_0_0 EXIST::FUNCTION:
d2i_ASN1_GENERALIZEDTIME 1512 3_0_0 EXIST::FUNCTION:
@ -1674,9 +1674,9 @@ d2i_PKCS7_bio 1712 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_digests 1713 3_0_0 EXIST::FUNCTION:ENGINE
i2d_PublicKey 1714 3_0_0 EXIST::FUNCTION:
RC5_32_set_key 1715 3_0_0 EXIST::FUNCTION:RC5
AES_unwrap_key 1716 3_0_0 EXIST::FUNCTION:
AES_unwrap_key 1716 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_Cipher 1717 3_0_0 EXIST::FUNCTION:
AES_set_decrypt_key 1718 3_0_0 EXIST::FUNCTION:
AES_set_decrypt_key 1718 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
BF_ofb64_encrypt 1719 3_0_0 EXIST::FUNCTION:BF
d2i_TS_TST_INFO_fp 1720 3_0_0 EXIST::FUNCTION:STDIO,TS
X509_find_by_issuer_and_serial 1721 3_0_0 EXIST::FUNCTION:
@ -1855,7 +1855,7 @@ EVP_CIPHER_CTX_copy 1898 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_allocated 1899 3_0_0 EXIST::FUNCTION:
UI_UTIL_read_pw_string 1900 3_0_0 EXIST::FUNCTION:
NOTICEREF_free 1901 3_0_0 EXIST::FUNCTION:
AES_cfb1_encrypt 1902 3_0_0 EXIST::FUNCTION:
AES_cfb1_encrypt 1902 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509v3_get_ext 1903 3_0_0 EXIST::FUNCTION:
CRYPTO_gcm128_encrypt_ctr32 1905 3_0_0 EXIST::FUNCTION:
SCT_set1_signature 1906 3_0_0 EXIST::FUNCTION:CT
@ -1990,7 +1990,7 @@ d2i_CMS_bio 2035 3_0_0 EXIST::FUNCTION:CMS
OPENSSL_sk_num 2036 3_0_0 EXIST::FUNCTION:
CMS_RecipientInfo_set0_pkey 2038 3_0_0 EXIST::FUNCTION:CMS
X509_STORE_CTX_set_default 2039 3_0_0 EXIST::FUNCTION:
AES_wrap_key 2040 3_0_0 EXIST::FUNCTION:
AES_wrap_key 2040 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_md_null 2041 3_0_0 EXIST::FUNCTION:
i2d_SCT_LIST 2042 3_0_0 EXIST::FUNCTION:CT
PKCS7_get_issuer_and_serial 2043 3_0_0 EXIST::FUNCTION:
@ -2241,7 +2241,7 @@ TS_TST_INFO_set_nonce 2288 3_0_0 EXIST::FUNCTION:TS
PEM_read_ECPrivateKey 2289 3_0_0 EXIST::FUNCTION:EC,STDIO
RSA_free 2290 3_0_0 EXIST::FUNCTION:RSA
X509_CRL_INFO_new 2291 3_0_0 EXIST::FUNCTION:
AES_cfb8_encrypt 2292 3_0_0 EXIST::FUNCTION:
AES_cfb8_encrypt 2292 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
d2i_ASN1_SEQUENCE_ANY 2293 3_0_0 EXIST::FUNCTION:
PKCS12_create 2294 3_0_0 EXIST::FUNCTION:
X509at_get_attr_count 2295 3_0_0 EXIST::FUNCTION:
@ -2445,7 +2445,7 @@ TS_STATUS_INFO_free 2495 3_0_0 EXIST::FUNCTION:TS
BN_mod_mul 2496 3_0_0 EXIST::FUNCTION:
CMS_add0_recipient_key 2497 3_0_0 EXIST::FUNCTION:CMS
BIO_f_zlib 2498 3_0_0 EXIST::FUNCTION:COMP,ZLIB
AES_cfb128_encrypt 2499 3_0_0 EXIST::FUNCTION:
AES_cfb128_encrypt 2499 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ENGINE_set_EC 2500 3_0_0 EXIST::FUNCTION:ENGINE
d2i_ECPKParameters 2501 3_0_0 EXIST::FUNCTION:EC
IDEA_ofb64_encrypt 2502 3_0_0 EXIST::FUNCTION:IDEA
@ -2644,7 +2644,7 @@ OCSP_basic_add1_cert 2700 3_0_0 EXIST::FUNCTION:OCSP
ASN1_PRINTABLESTRING_new 2701 3_0_0 EXIST::FUNCTION:
i2d_PBEPARAM 2702 3_0_0 EXIST::FUNCTION:
NETSCAPE_SPKI_new 2703 3_0_0 EXIST::FUNCTION:
AES_options 2704 3_0_0 EXIST::FUNCTION:
AES_options 2704 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
POLICYINFO_free 2705 3_0_0 EXIST::FUNCTION:
PEM_read_bio_Parameters 2706 3_0_0 EXIST::FUNCTION:
BN_abs_is_word 2707 3_0_0 EXIST::FUNCTION:
@ -3472,7 +3472,7 @@ ERR_load_OBJ_strings 3544 3_0_0 EXIST::FUNCTION:
BIO_ctrl_get_read_request 3545 3_0_0 EXIST::FUNCTION:
BN_from_montgomery 3546 3_0_0 EXIST::FUNCTION:
DSO_new 3547 3_0_0 EXIST::FUNCTION:
AES_ecb_encrypt 3548 3_0_0 EXIST::FUNCTION:
AES_ecb_encrypt 3548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
BN_dec2bn 3549 3_0_0 EXIST::FUNCTION:
CMS_decrypt 3550 3_0_0 EXIST::FUNCTION:CMS
BN_mpi2bn 3551 3_0_0 EXIST::FUNCTION:


Loading…
Cancel
Save