[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri Jan 17 04:42:23 UTC 2020 

The branch master has been updated
       via  43becc3fe5c25d0b1f524dac825d942a59753718 (commit)
       via  a73ade6013d6f327fb5204354ff6a543678eb302 (commit)
      from  fe4309b0de64502398116f648cc7f2068e1a1537 (commit)


- Log -----------------------------------------------------------------
commit 43becc3fe5c25d0b1f524dac825d942a59753718
Author: Pauli <paul.dale at oracle.com>
Date:   Thu Jan 16 14:05:05 2020 +1000

    news: combined NEWS entry for deprecated low level cipher functions
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10820)

commit a73ade6013d6f327fb5204354ff6a543678eb302
Author: Pauli <paul.dale at oracle.com>
Date:   Mon Jan 13 13:19:00 2020 +1000

    changes: combined CHANGES entry for deprecated low level cipher functions.
    
    [skip ci]
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10820)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES | 65 ++++++++++++++++++++++++++++++++---------------------------------
 NEWS    |  2 ++
 2 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/CHANGES b/CHANGES
index d2c449c1b5..3661a4f263 100644
--- a/CHANGES
+++ b/CHANGES
@@ -37,33 +37,42 @@
      like 'EVP_DigestSignInit(...) <= 0' will continue to work undisturbed.
      [Richard Levitte]
 
-  *) All of the low level Blowfish functions have been deprecated including:
-     BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
-     BF_cfb64_encrypt, BF_ofb64_encrypt, and BF_options.
-     Use of these low level functions has been informally discouraged for a long
-     time. Instead applications should use the high level EVP APIs, e.g.
-     EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
-     equivalently named decrypt functions.
-     [Matt Caswell]
-
-  *) All of the low level CAST functions have been deprecated including:
-     CAST_set_key, CAST_ecb_encrypt, CAST_encrypt, CAST_decrypt,
-     CAST_cbc_encrypt, CAST_cfb64_encrypt and CAST_ofb64_encrypt
-     Use of these low level functions has been informally discouraged for a long
-     time. Instead applications should use the high level EVP APIs, e.g.
-     EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
-     equivalently named decrypt functions.
-     [Matt Caswell]
+  *) All of the low level cipher functions have been deprecated including:
+     AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
+     AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
+     AES_cfb1_encrypt, AES_cfb8_encrypt, AES_ofb128_encrypt,
+     AES_wrap_key, AES_unwrap_key, BF_set_key, BF_encrypt, BF_decrypt,
+     BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt,
+     BF_options, Camellia_set_key, Camellia_encrypt, Camellia_decrypt,
+     Camellia_ecb_encrypt, Camellia_cbc_encrypt, Camellia_cfb128_encrypt,
+     Camellia_cfb1_encrypt, Camellia_cfb8_encrypt, Camellia_ofb128_encrypt,
+     Camellia_ctr128_encrypt, CAST_set_key, CAST_encrypt, CAST_decrypt,
+     CAST_ecb_encrypt, CAST_cbc_encrypt, CAST_cfb64_encrypt,
+     CAST_ofb64_encrypt, DES_options, DES_encrypt1, DES_encrypt2,
+     DES_encrypt3, DES_decrypt3, DES_cbc_encrypt, DES_ncbc_encrypt,
+     DES_pcbc_encrypt, DES_xcbc_encrypt, DES_cfb_encrypt, DES_cfb64_encrypt,
+     DES_ecb_encrypt, DES_ofb_encrypt, DES_ofb64_encrypt, DES_random_key,
+     DES_set_odd_parity, DES_check_key_parity, DES_is_weak_key, DES_set_key,
+     DES_key_sched, DES_set_key_checked, DES_set_key_unchecked,
+     DES_string_to_key, DES_string_to_2keys, DES_fixup_key_parity,
+     DES_ecb2_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt,
+     DES_ede2_ofb64_encrypt, DES_ecb3_encrypt, DES_ede3_cbc_encrypt,
+     DES_ede3_cfb64_encrypt, DES_ede3_cfb_encrypt, DES_ede3_ofb64_encrypt,
+     DES_cbc_cksum, DES_quad_cksum, IDEA_encrypt, IDEA_options,
+     IDEA_ecb_encrypt, IDEA_set_encrypt_key, IDEA_set_decrypt_key,
+     IDEA_cbc_encrypt, IDEA_cfb64_encrypt, IDEA_ofb64_encrypt, RC2_set_key,
+     RC2_encrypt, RC2_decrypt, RC2_ecb_encrypt, RC2_cbc_encrypt,
+     RC2_cfb64_encrypt, RC2_ofb64_encrypt, RC4, RC4_options, RC4_set_key,
+     RC5_32_set_key, RC5_32_encrypt, RC5_32_decrypt, RC5_32_ecb_encrypt,
+     RC5_32_cbc_encrypt, RC5_32_cfb64_encrypt, RC5_32_ofb64_encrypt,
+     SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt,
+     SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt.
 
-  *) All of the low level Camelllia functions have been deprecated including:
-     Camellia_set_key, Camellia_encrypt, Camellia_decrypt, Camellia_ecb_encrypt,
-     Camellia_cbc_encrypt, Camellia_cfb128_encrypt, Camellia_cfb1_encrypt,
-     Camellia_cfb8_encrypt, Camellia_ofb128_encrypt and Camellia_ctr128_encrypt.
      Use of these low level functions has been informally discouraged for a long
      time. Instead applications should use the high level EVP APIs, e.g.
      EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
      equivalently named decrypt functions.
-     [Matt Caswell]
+     [Matt Caswell and Paul Dale]
 
   *) Removed include/openssl/opensslconf.h.in and replaced it with
      include/openssl/configuration.h.in, which differs in not including
@@ -419,17 +428,7 @@
      for scripting purposes.
      [Richard Levitte]
 
-  *) All of the low level AES functions have been deprecated including:
-     AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
-     AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
-     AES_cfb1_encrypt, AES_cfb8_encrypt, AES_ofb128_encrypt, AES_wrap_key and
-     AES_unwrap_key
-     Use of these low level functions has been informally discouraged for a long
-     time. Instead applications should use the high level EVP APIs, e.g.
-     EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
-     equivalently named decrypt functions.
-
-     The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have also been
+  *) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been
      deprecated. These undocumented functions were never integrated into the EVP
      layer and implement the AES Infinite Garble Extension (IGE) mode and AES
      Bi-directional IGE mode. These modes were never formally standardised and
diff --git a/NEWS b/NEWS
index 3dcdd9c8c5..de439d6bb1 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,8 @@
       o All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
         SHA256, SHA384, SHA512 and Whirlpool digest functions have been
         deprecated.
+      o All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
+        RC4, RC5 and SEED cipher functions have been deprecated.
 
   Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]

More information about the openssl-commits mailing list