as well as words of caution.
[Richard Levitte]
+ *) All of the low level CMAC functions have been deprecated including:
+ CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_free, CMAC_CTX_get0_cipher_ctx,
+ CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
+ Use of these low level functions has been informally discouraged for a long
+ time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
+ L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+ and L<EVP_MAC_final(3)>.
+ [Paul Dale]
+
*) All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
SHA384, SHA512 and Whirlpool digest functions have been deprecated.
These include:
SHA512, SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
WHIRLPOOL, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_BitUpdate
and WHIRLPOOL_Final.
+
Use of these low level functions has been informally discouraged for a long
time. Instead applications should instead use the EVP_DigestInit_ex,
EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions.
OPT_SECTION("Selection"),
{"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
{"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
-#ifndef OPENSSL_NO_CMAC
+#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
#endif
{"decrypt", OPT_DECRYPT, '-',
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
-#ifndef OPENSSL_NO_CMAC
+#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
CMAC_CTX *cmac_ctx;
#endif
GCM128_CONTEXT *gcm_ctx;
return count;
}
-#ifndef OPENSSL_NO_CMAC
+#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static const EVP_CIPHER *evp_cmac_cipher = NULL;
static char *evp_cmac_name = NULL;
doit[D_EVP_HMAC] = 1;
break;
case OPT_CMAC:
-#ifndef OPENSSL_NO_CMAC
+#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
evp_cmac_cipher = EVP_get_cipherbyname(opt_arg());
if (evp_cmac_cipher == NULL) {
BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
}
}
-#ifndef OPENSSL_NO_CMAC
+#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_EVP_CMAC] && evp_cmac_cipher != NULL) {
const char *cipher_name = OBJ_nid2ln(EVP_CIPHER_type(evp_cmac_cipher));
#endif
}
OPENSSL_free(evp_hmac_name);
-#ifndef OPENSSL_NO_CMAC
+#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
OPENSSL_free(evp_cmac_name);
#endif
* https://www.openssl.org/source/license.html
*/
+/*
+ * CMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
* https://www.openssl.org/source/license.html
*/
+/*
+ * CMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
# include <openssl/evp.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/* Opaque */
typedef struct CMAC_CTX_st CMAC_CTX;
+# endif
-CMAC_CTX *CMAC_CTX_new(void);
-void CMAC_CTX_cleanup(CMAC_CTX *ctx);
-void CMAC_CTX_free(CMAC_CTX *ctx);
-EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
-int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
-
-int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
- const EVP_CIPHER *cipher, ENGINE *impl);
-int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
-int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
-int CMAC_resume(CMAC_CTX *ctx);
+DEPRECATEDIN_3_0(CMAC_CTX *CMAC_CTX_new(void))
+DEPRECATEDIN_3_0(void CMAC_CTX_cleanup(CMAC_CTX *ctx))
+DEPRECATEDIN_3_0(void CMAC_CTX_free(CMAC_CTX *ctx))
+DEPRECATEDIN_3_0(EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx))
+DEPRECATEDIN_3_0(int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in))
+
+DEPRECATEDIN_3_0(int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+ const EVP_CIPHER *cipher, ENGINE *impl))
+DEPRECATEDIN_3_0(int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen))
+DEPRECATEDIN_3_0(int CMAC_Final(CMAC_CTX *ctx, unsigned char *out,
+ size_t *poutlen))
+DEPRECATEDIN_3_0(int CMAC_resume(CMAC_CTX *ctx))
# ifdef __cplusplus
}
* https://www.openssl.org/source/license.html
*/
+/*
+ * CMAC low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
X509_STORE_new 140 3_0_0 EXIST::FUNCTION:
ASN1_TYPE_free 141 3_0_0 EXIST::FUNCTION:
PKCS12_BAGS_new 142 3_0_0 EXIST::FUNCTION:
-CMAC_CTX_new 143 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_CTX_new 143 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
ASIdentifierChoice_new 144 3_0_0 EXIST::FUNCTION:RFC3779
EVP_PKEY_asn1_set_public 145 3_0_0 EXIST::FUNCTION:
IDEA_set_decrypt_key 146 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
d2i_X509 574 3_0_0 EXIST::FUNCTION:
a2i_ASN1_STRING 575 3_0_0 EXIST::FUNCTION:
EC_GROUP_get_mont_data 576 3_0_0 EXIST::FUNCTION:EC
-CMAC_CTX_copy 577 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_CTX_copy 577 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
EVP_camellia_128_cfb128 579 3_0_0 EXIST::FUNCTION:CAMELLIA
DH_compute_key_padded 580 3_0_0 EXIST::FUNCTION:DH
ERR_load_CONF_strings 581 3_0_0 EXIST::FUNCTION:
ASN1_buf_print 1746 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_hex2ctrl 1747 3_0_0 EXIST::FUNCTION:
PEM_write_bio_PKCS8PrivateKey 1748 3_0_0 EXIST::FUNCTION:
-CMAC_Update 1749 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_Update 1749 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
d2i_ASN1_UTCTIME 1750 3_0_0 EXIST::FUNCTION:
OPENSSL_sk_insert 1751 3_0_0 EXIST::FUNCTION:
DSO_up_ref 1752 3_0_0 EXIST::FUNCTION:
X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION:
i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA
d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION:
-CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OBJ_find_sigid_algs 2173 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS
X509v3_delete_ext 2200 3_0_0 EXIST::FUNCTION:
ASN1_STRING_set0 2201 3_0_0 EXIST::FUNCTION:
BN_GF2m_add 2202 3_0_0 EXIST::FUNCTION:EC2M
-CMAC_resume 2203 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_resume 2203 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
TS_ACCURACY_set_millis 2204 3_0_0 EXIST::FUNCTION:TS
X509V3_EXT_conf 2205 3_0_0 EXIST::FUNCTION:
i2d_DHxparams 2206 3_0_0 EXIST::FUNCTION:DH
ASN1_GENERALIZEDTIME_adj 3148 3_0_0 EXIST::FUNCTION:
ECDSA_verify 3149 3_0_0 EXIST::FUNCTION:EC
EVP_camellia_256_cfb128 3150 3_0_0 EXIST::FUNCTION:CAMELLIA
-CMAC_Init 3151 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_Init 3151 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
OCSP_basic_add1_status 3152 3_0_0 EXIST::FUNCTION:OCSP
X509_CRL_get0_by_cert 3153 3_0_0 EXIST::FUNCTION:
TS_TST_INFO_set_tsa 3154 3_0_0 EXIST::FUNCTION:TS
EVP_PKEY_save_parameters 3475 3_0_0 EXIST::FUNCTION:
SCT_set_source 3476 3_0_0 EXIST::FUNCTION:CT
DES_set_odd_parity 3477 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
-CMAC_CTX_free 3478 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_CTX_free 3478 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
d2i_ESS_ISSUER_SERIAL 3479 3_0_0 EXIST::FUNCTION:
HMAC_CTX_set_flags 3480 3_0_0 EXIST::FUNCTION:
d2i_PKCS8_bio 3481 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_get_ext_count 3482 3_0_0 EXIST::FUNCTION:OCSP
PEM_read_bio_PKCS8_PRIV_KEY_INFO 3483 3_0_0 EXIST::FUNCTION:
i2d_OCSP_BASICRESP 3484 3_0_0 EXIST::FUNCTION:OCSP
-CMAC_Final 3485 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_Final 3485 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
X509V3_EXT_add_alias 3486 3_0_0 EXIST::FUNCTION:
BN_get_params 3487 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8
PKCS5_pbkdf2_set 3488 3_0_0 EXIST::FUNCTION:
X509_REVOKED_get0_serialNumber 3720 3_0_0 EXIST::FUNCTION:
X509_VERIFY_PARAM_free 3721 3_0_0 EXIST::FUNCTION:
ASN1_TYPE_new 3722 3_0_0 EXIST::FUNCTION:
-CMAC_CTX_cleanup 3723 3_0_0 EXIST::FUNCTION:CMAC
+CMAC_CTX_cleanup 3723 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
i2d_PKCS7_NDEF 3724 3_0_0 EXIST::FUNCTION:
OPENSSL_sk_pop_free 3725 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_policy_tree 3726 3_0_0 EXIST::FUNCTION: