Deprecate the low level AES functions

Use of the low level AES functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10580)
author: Matt Caswell <matt@openssl.org> 2019-12-05 18:09:49 +0100
committer: Matt Caswell <matt@openssl.org> 2020-01-06 16:09:57 +0100
commit: c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4 (patch)
tree: 181157c82b41fb40f46ada0f30d33468df50aefb /Configure
parent: Don't use the low level AES key wrap APIs in CMS (diff)
download: openssl-c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4.tar.xz
openssl-c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Configure b/Configure
index 7ebde1314a..8ee0fbdb25 100755
--- a/Configure
+++ b/Configure
@@ -559,6 +559,11 @@ my @disable_cascades = (
     "legacy"                 => [ "md2" ],
 
     "cmp"               => [ "crmf" ],
+
+    # Padlock engine uses low-level AES APIs which are deprecated
+    sub { $disabled{"deprecated"}
+          && (!defined $config{"api"} || $config{"api"} >= 30000) }
+          => [ "padlockeng" ]
     );
 
 # Avoid protocol support holes.  Also disable all versions below N, if version
author	Matt Caswell <matt@openssl.org>	2019-12-05 18:09:49 +0100
committer	Matt Caswell <matt@openssl.org>	2020-01-06 16:09:57 +0100
commit	c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4 (patch)
tree	181157c82b41fb40f46ada0f30d33468df50aefb /Configure
parent	Don't use the low level AES key wrap APIs in CMS (diff)
download	openssl-c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4.tar.xz openssl-c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4.zip