Deprecate the low level AES functions

Use of the low level AES functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10580)
author: Matt Caswell <matt@openssl.org> 2019-12-05 17:09:49 +0000
committer: Matt Caswell <matt@openssl.org> 2020-01-06 15:09:57 +0000
commit: c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4 (patch)
tree: 181157c82b41fb40f46ada0f30d33468df50aefb /Configure
parent: 2852c672a8ecb02a74d0adeeb93c661b7d2d7511 (diff)
download: openssl-new-c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/Configure b/Configure
index 7ebde1314a..8ee0fbdb25 100755
--- a/Configure
+++ b/Configure
@@ -559,6 +559,11 @@ my @disable_cascades = (
     "legacy"                 => [ "md2" ],
 
     "cmp"               => [ "crmf" ],
+
+    # Padlock engine uses low-level AES APIs which are deprecated
+    sub { $disabled{"deprecated"}
+          && (!defined $config{"api"} || $config{"api"} >= 30000) }
+          => [ "padlockeng" ]
     );
 
 # Avoid protocol support holes.  Also disable all versions below N, if version
author	Matt Caswell <matt@openssl.org>	2019-12-05 17:09:49 +0000
committer	Matt Caswell <matt@openssl.org>	2020-01-06 15:09:57 +0000
commit	c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4 (patch)
tree	181157c82b41fb40f46ada0f30d33468df50aefb /Configure
parent	2852c672a8ecb02a74d0adeeb93c661b7d2d7511 (diff)
download	openssl-new-c72fa2554f5adc03bcc3c6e4ebcd1929e70efed4.tar.gz