From: Pauli Date: Tue, 14 Jan 2020 00:33:03 +0000 (+1000) Subject: Deprecate the low level RC5 functions X-Git-Tag: openssl-3.0.0-alpha1~672 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=62c3fed0cd52316259e4e2c0e5878bcfa69b38f9;p=oweals%2Fopenssl.git Deprecate the low level RC5 functions Use of the low level RC5 functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt functions. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10834) --- diff --git a/apps/speed.c b/apps/speed.c index f567b48d2e..d741f315e2 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -372,7 +372,7 @@ static const OPT_PAIR doit_choices[] = { {"rc2-cbc", D_CBC_RC2}, {"rc2", D_CBC_RC2}, #endif -#ifndef OPENSSL_NO_RC5 +#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"rc5-cbc", D_CBC_RC5}, {"rc5", D_CBC_RC5}, #endif @@ -1449,7 +1449,7 @@ int speed_main(int argc, char **argv) EdDSA_SECONDS, SM2_SECONDS }; /* What follows are the buffers and key material. */ -#ifndef OPENSSL_NO_RC5 +#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) RC5_32_KEY rc5_ks; #endif #if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1981,7 +1981,7 @@ int speed_main(int argc, char **argv) if (doit[D_CBC_RC2]) RC2_set_key(&rc2_ks, 16, key16, 128); #endif -#ifndef OPENSSL_NO_RC5 +#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_CBC_RC5]) if (!RC5_32_set_key(&rc5_ks, 16, key16, 12)) { BIO_printf(bio_err, "Failed setting RC5 key\n"); @@ -2628,7 +2628,7 @@ int speed_main(int argc, char **argv) } } #endif -#ifndef OPENSSL_NO_RC5 +#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_CBC_RC5]) { if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported with %s\n", diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index 4783cc31ca..96066e8532 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c index 51c14fd54d..39c36b6156 100644 --- a/crypto/rc5/rc5_ecb.c +++ b/crypto/rc5/rc5_ecb.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc5_local.h" #include diff --git a/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c index c91fa99ce8..0fa80a50af 100644 --- a/crypto/rc5/rc5_enc.c +++ b/crypto/rc5/rc5_enc.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include #include "rc5_local.h" diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c index 22a5df1486..dc8617f6d5 100644 --- a/crypto/rc5/rc5_skey.c +++ b/crypto/rc5/rc5_skey.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc5_local.h" diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c index 001e1240ab..99b1753ad1 100644 --- a/crypto/rc5/rc5cfb64.c +++ b/crypto/rc5/rc5cfb64.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc5_local.h" diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c index c3ae5d8c05..7fc19fd1ed 100644 --- a/crypto/rc5/rc5ofb64.c +++ b/crypto/rc5/rc5ofb64.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc5_local.h" diff --git a/doc/man3/RC4_set_key.pod b/doc/man3/RC4_set_key.pod index 661a694479..2b314f022b 100644 --- a/doc/man3/RC4_set_key.pod +++ b/doc/man3/RC4_set_key.pod @@ -8,6 +8,10 @@ RC4_set_key, RC4 - RC4 encryption #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, @@ -15,6 +19,10 @@ RC4_set_key, RC4 - RC4 encryption =head1 DESCRIPTION +All of the functions described on this page are deprecated. Applications should +instead use L, L and +L or the equivalently named decrypt functions. + This library implements the Alleged RC4 cipher, which is described for example in I. It is believed to be compatible with RC4[TM], a proprietary cipher of RSA Security Inc. @@ -54,6 +62,10 @@ multiple encryptions using the same key stream. L +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/rc5.h b/include/openssl/rc5.h index 22bdeca237..a9c06d31d6 100644 --- a/include/openssl/rc5.h +++ b/include/openssl/rc5.h @@ -23,43 +23,50 @@ extern "C" { # endif -# define RC5_ENCRYPT 1 -# define RC5_DECRYPT 0 - -# define RC5_32_INT unsigned int - # define RC5_32_BLOCK 8 # define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + /* * This are the only values supported. Tweak the code if you want more The * most supported modes will be RC5-32/12/16 RC5-32/16/8 */ -# define RC5_8_ROUNDS 8 -# define RC5_12_ROUNDS 12 -# define RC5_16_ROUNDS 16 +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 typedef struct rc5_key_st { /* Number of rounds */ int rounds; RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; } RC5_32_KEY; +# endif -int RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, - int rounds); -void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, - RC5_32_KEY *key, int enc); -void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); -void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); -void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *ks, unsigned char *iv, - int enc); -void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *schedule, - unsigned char *ivec, int *num, int enc); -void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *schedule, - unsigned char *ivec, int *num); +DEPRECATEDIN_3_0(int RC5_32_set_key(RC5_32_KEY *key, int len, + const unsigned char *data, int rounds)) +DEPRECATEDIN_3_0(void RC5_32_ecb_encrypt(const unsigned char *in, + unsigned char *out, RC5_32_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key)) +DEPRECATEDIN_3_0(void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key)) +DEPRECATEDIN_3_0(void RC5_32_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *ks, unsigned char *iv, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num)) # ifdef __cplusplus } diff --git a/providers/implementations/ciphers/cipher_rc5.c b/providers/implementations/ciphers/cipher_rc5.c index e2e1cb6a31..d6026c48f6 100644 --- a/providers/implementations/ciphers/cipher_rc5.c +++ b/providers/implementations/ciphers/cipher_rc5.c @@ -9,6 +9,12 @@ /* Dispatch functions for RC5 cipher modes ecb, cbc, ofb, cfb */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "cipher_rc5.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" diff --git a/providers/implementations/ciphers/cipher_rc5_hw.c b/providers/implementations/ciphers/cipher_rc5_hw.c index a9a05ba32f..5d858811fc 100644 --- a/providers/implementations/ciphers/cipher_rc5_hw.c +++ b/providers/implementations/ciphers/cipher_rc5_hw.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "cipher_rc5.h" static int cipher_hw_rc5_initkey(PROV_CIPHER_CTX *ctx, diff --git a/test/build.info b/test/build.info index c5040718a2..9afbdfdbe7 100644 --- a/test/build.info +++ b/test/build.info @@ -119,10 +119,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[hmactest]=../include ../apps/include DEPEND[hmactest]=../libcrypto libtestutil.a - SOURCE[rc5test]=rc5test.c - INCLUDE[rc5test]=../include ../apps/include - DEPEND[rc5test]=../libcrypto libtestutil.a - SOURCE[destest]=destest.c INCLUDE[destest]=../include ../apps/include DEPEND[destest]=../libcrypto libtestutil.a @@ -593,6 +589,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[rc4test]=../include ../apps/include DEPEND[rc4test]=../libcrypto.a libtestutil.a + SOURCE[rc5test]=rc5test.c + INCLUDE[rc5test]=../include ../apps/include + DEPEND[rc5test]=../libcrypto.a libtestutil.a + SOURCE[ec_internal_test]=ec_internal_test.c INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include ../crypto/include DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/rc5test.c b/test/rc5test.c index 39a113e859..70f88f0915 100644 --- a/test/rc5test.c +++ b/test/rc5test.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC5 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "internal/nelem.h" diff --git a/util/libcrypto.num b/util/libcrypto.num index 926ab06eaa..049380a715 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1238,7 +1238,7 @@ HMAC_CTX_copy 1266 3_0_0 EXIST::FUNCTION: CRYPTO_gcm128_init 1267 3_0_0 EXIST::FUNCTION: i2d_X509_CINF 1268 3_0_0 EXIST::FUNCTION: X509_REVOKED_delete_ext 1269 3_0_0 EXIST::FUNCTION: -RC5_32_cfb64_encrypt 1270 3_0_0 EXIST::FUNCTION:RC5 +RC5_32_cfb64_encrypt 1270 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 TS_REQ_set_cert_req 1271 3_0_0 EXIST::FUNCTION:TS TXT_DB_get_by_index 1272 3_0_0 EXIST::FUNCTION: X509_check_ca 1273 3_0_0 EXIST::FUNCTION: @@ -1673,7 +1673,7 @@ UI_dup_verify_string 1711 3_0_0 EXIST::FUNCTION: d2i_PKCS7_bio 1712 3_0_0 EXIST::FUNCTION: ENGINE_set_default_digests 1713 3_0_0 EXIST::FUNCTION:ENGINE i2d_PublicKey 1714 3_0_0 EXIST::FUNCTION: -RC5_32_set_key 1715 3_0_0 EXIST::FUNCTION:RC5 +RC5_32_set_key 1715 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 AES_unwrap_key 1716 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_Cipher 1717 3_0_0 EXIST::FUNCTION: AES_set_decrypt_key 1718 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -1771,7 +1771,7 @@ OPENSSL_LH_delete 1812 3_0_0 EXIST::FUNCTION: TS_STATUS_INFO_dup 1813 3_0_0 EXIST::FUNCTION:TS X509v3_addr_get_range 1814 3_0_0 EXIST::FUNCTION:RFC3779 X509_EXTENSION_get_data 1815 3_0_0 EXIST::FUNCTION: -RC5_32_encrypt 1816 3_0_0 EXIST::FUNCTION:RC5 +RC5_32_encrypt 1816 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 DIST_POINT_set_dpname 1817 3_0_0 EXIST::FUNCTION: BIO_sock_info 1818 3_0_0 EXIST::FUNCTION:SOCK OPENSSL_hexstr2buf 1819 3_0_0 EXIST::FUNCTION: @@ -1946,7 +1946,7 @@ GENERAL_NAME_it 1991 3_0_0 EXIST::FUNCTION: EVP_des_ede_ecb 1992 3_0_0 EXIST::FUNCTION:DES i2d_CRL_DIST_POINTS 1993 3_0_0 EXIST::FUNCTION: PEM_write_bio_X509_REQ_NEW 1994 3_0_0 EXIST::FUNCTION: -RC5_32_ofb64_encrypt 1995 3_0_0 EXIST::FUNCTION:RC5 +RC5_32_ofb64_encrypt 1995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 i2d_PKCS7 1996 3_0_0 EXIST::FUNCTION: BN_mod_lshift_quick 1997 3_0_0 EXIST::FUNCTION: DIST_POINT_NAME_it 1998 3_0_0 EXIST::FUNCTION: @@ -2694,7 +2694,7 @@ X509_REQ_to_X509 2750 3_0_0 EXIST::FUNCTION: EVP_aes_192_wrap_pad 2751 3_0_0 EXIST::FUNCTION: PKCS7_SIGN_ENVELOPE_new 2752 3_0_0 EXIST::FUNCTION: TS_REQ_get_policy_id 2753 3_0_0 EXIST::FUNCTION:TS -RC5_32_cbc_encrypt 2754 3_0_0 EXIST::FUNCTION:RC5 +RC5_32_cbc_encrypt 2754 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 BN_is_zero 2755 3_0_0 EXIST::FUNCTION: CT_POLICY_EVAL_CTX_new 2756 3_0_0 EXIST::FUNCTION:CT NETSCAPE_SPKI_it 2757 3_0_0 EXIST::FUNCTION: @@ -2856,7 +2856,7 @@ X509_STORE_CTX_free 2917 3_0_0 EXIST::FUNCTION: AUTHORITY_KEYID_it 2918 3_0_0 EXIST::FUNCTION: X509V3_get_value_int 2919 3_0_0 EXIST::FUNCTION: ASN1_UTCTIME_set_string 2920 3_0_0 EXIST::FUNCTION: -RC5_32_decrypt 2921 3_0_0 EXIST::FUNCTION:RC5 +RC5_32_decrypt 2921 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 i2d_X509_REQ_INFO 2922 3_0_0 EXIST::FUNCTION: EVP_des_cfb1 2923 3_0_0 EXIST::FUNCTION:DES OBJ_NAME_cleanup 2924 3_0_0 EXIST::FUNCTION: @@ -3477,7 +3477,7 @@ BN_dec2bn 3549 3_0_0 EXIST::FUNCTION: CMS_decrypt 3550 3_0_0 EXIST::FUNCTION:CMS BN_mpi2bn 3551 3_0_0 EXIST::FUNCTION: EVP_aes_128_cfb128 3552 3_0_0 EXIST::FUNCTION: -RC5_32_ecb_encrypt 3554 3_0_0 EXIST::FUNCTION:RC5 +RC5_32_ecb_encrypt 3554 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5 EVP_CIPHER_meth_new 3555 3_0_0 EXIST::FUNCTION: i2d_RSA_OAEP_PARAMS 3556 3_0_0 EXIST::FUNCTION:RSA SXNET_get_id_ulong 3557 3_0_0 EXIST::FUNCTION: