Use of the low level DES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10858)
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
duplicated in cbc_enc.c (without IV updating) and in des_enc.c
As pointed out by others on the openssl-dev list, des_cbc_encrypt (without
IV updating; defined in cbc_enc.c) exists only for historical reasons:
des_ncbc_encrypt should be used instead (and the caller does not have
to manually update the IV).
If des_cbc_enrypt is not needed for backwards compatibility, the
definition of des_ncbc_encrypt should be put back into des_enc.c, and
both cbc_enc.c and ncbc_enc.c can be deleted.
If des_cbc_encrypt *is* needed for backwards compatibility, its behaviour
obviously should not change (i.e., don't add IV updating).
(meaning pointer to char) to des_cblock * (meaning pointer to
array with 8 char elements), which allows the compiler to
do more typechecking. (The changed argument types were of type
des_cblock * back in SSLeay, and a lot of ugly casts were
used then to turn them into pointers to elements; but it can be
done without those casts.)
Introduce new type const_des_cblock -- before, the pointers rather
than the elements pointed to were declared const, and for
some reason gcc did not complain about this (but some other
compilers did).