From: Pauli Date: Wed, 15 Jan 2020 01:13:03 +0000 (+1000) Subject: Deprecate the low level MD5 functions. X-Git-Tag: openssl-3.0.0-alpha1~647 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=781aa7ab63eca123ecef6eef90bbf435b881976e;p=oweals%2Fopenssl.git Deprecate the low level MD5 functions. Use of the low level MD5 functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/10791) --- diff --git a/apps/speed.c b/apps/speed.c index 773bd222f2..dd07527cde 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -338,7 +338,7 @@ static const OPT_PAIR doit_choices[] = { #if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"md4", D_MD4}, #endif -#ifndef OPENSSL_NO_MD5 +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"md5", D_MD5}, {"hmac", D_HMAC}, #endif @@ -623,7 +623,7 @@ static int EVP_Digest_MD4_loop(void *args) } #endif -#ifndef OPENSSL_NO_MD5 +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) static int MD5_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -2289,7 +2289,7 @@ int speed_main(int argc, char **argv) } #endif -#ifndef OPENSSL_NO_MD5 +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_MD5]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum], diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index fa838bf4b2..d3b1dfe258 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -8,8 +8,8 @@ */ /* - * RC4 low level APIs are deprecated for public use, but still ok for internal - * use. + * MD5 and RC4 low level APIs are deprecated for public use, but still ok for + * internal use. */ #include "internal/deprecated.h" diff --git a/crypto/evp/legacy_md5.c b/crypto/evp/legacy_md5.c index 9bb1258e47..3ca5305622 100644 --- a/crypto/evp/legacy_md5.c +++ b/crypto/evp/legacy_md5.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD5 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "crypto/evp.h" #include "legacy_meth.h" diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c index 380cdf4a79..9910892af8 100644 --- a/crypto/evp/legacy_md5_sha1.c +++ b/crypto/evp/legacy_md5_sha1.c @@ -8,7 +8,7 @@ */ /* - * SHA-1 low level APIs are deprecated for public use, but still ok for + * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. The prov/md5_sha1.h include requires this, but this must * be the first include loaded. */ diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c index b594652f0d..72b641f4f8 100644 --- a/crypto/md5/md5_dgst.c +++ b/crypto/md5/md5_dgst.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD5 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "md5_local.h" #include diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c index c31760bb39..96f4f96f42 100644 --- a/crypto/md5/md5_one.c +++ b/crypto/md5/md5_one.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD5 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/crypto/md5/md5_sha1.c b/crypto/md5/md5_sha1.c index fa2ccde30f..054f634ac8 100644 --- a/crypto/md5/md5_sha1.c +++ b/crypto/md5/md5_sha1.c @@ -8,7 +8,7 @@ */ /* - * SHA-1 low level APIs are deprecated for public use, but still ok for + * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. */ #include "internal/deprecated.h" diff --git a/doc/man3/MD5.pod b/doc/man3/MD5.pod index 8efc8240ae..8d24e5ad04 100644 --- a/doc/man3/MD5.pod +++ b/doc/man3/MD5.pod @@ -35,6 +35,10 @@ L: #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); int MD5_Init(MD5_CTX *c); diff --git a/include/openssl/md5.h b/include/openssl/md5.h index 0a75b084a2..c61b3d94c8 100644 --- a/include/openssl/md5.h +++ b/include/openssl/md5.h @@ -19,22 +19,24 @@ # include # ifndef OPENSSL_NO_MD5 -# include -# include -# ifdef __cplusplus +# include +# include +# ifdef __cplusplus extern "C" { -# endif +# endif + +# define MD5_DIGEST_LENGTH 16 +# if !defined(OPENSSL_NO_DEPRECATED_3_0) /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! MD5_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define MD5_LONG unsigned int +# define MD5_LONG unsigned int -# define MD5_CBLOCK 64 -# define MD5_LBLOCK (MD5_CBLOCK/4) -# define MD5_DIGEST_LENGTH 16 +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) typedef struct MD5state_st { MD5_LONG A, B, C, D; @@ -42,15 +44,18 @@ typedef struct MD5state_st { MD5_LONG data[MD5_LBLOCK]; unsigned int num; } MD5_CTX; +# endif -int MD5_Init(MD5_CTX *c); -int MD5_Update(MD5_CTX *c, const void *data, size_t len); -int MD5_Final(unsigned char *md, MD5_CTX *c); -unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); -void MD5_Transform(MD5_CTX *c, const unsigned char *b); -# ifdef __cplusplus +DEPRECATEDIN_3_0(int MD5_Init(MD5_CTX *c)) +DEPRECATEDIN_3_0(int MD5_Update(MD5_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int MD5_Final(unsigned char *md, MD5_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MD5(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void MD5_Transform(MD5_CTX *c, const unsigned char *b)) + +# ifdef __cplusplus } -# endif +# endif # endif #endif diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c index 876c81d34d..55bdfe7384 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -10,8 +10,8 @@ /* Dispatch functions for RC4_HMAC_MD5 cipher */ /* - * RC4 low level APIs are deprecated for public use, but still ok for internal - * use. + * MD5 and RC4 low level APIs are deprecated for public use, but still ok for + * internal use. */ #include "internal/deprecated.h" diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c index 767a1e3e6b..253bb54faf 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c @@ -10,8 +10,8 @@ /* RC4_HMAC_MD5 cipher implementation */ /* - * RC4 low level APIs are deprecated for public use, but still ok for internal - * use. + * MD5 and RC4 low level APIs are deprecated for public use, but still ok for + * internal use. */ #include "internal/deprecated.h" diff --git a/providers/implementations/digests/md5_prov.c b/providers/implementations/digests/md5_prov.c index 7b92b6139c..73071cdd95 100644 --- a/providers/implementations/digests/md5_prov.c +++ b/providers/implementations/digests/md5_prov.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD5 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include "prov/digestcommon.h" diff --git a/providers/implementations/digests/md5_sha1_prov.c b/providers/implementations/digests/md5_sha1_prov.c index cd6eab6b09..4d87e2fec6 100644 --- a/providers/implementations/digests/md5_sha1_prov.c +++ b/providers/implementations/digests/md5_sha1_prov.c @@ -8,7 +8,7 @@ */ /* - * SHA-1 low level APIs are deprecated for public use, but still ok for + * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. */ #include "internal/deprecated.h" diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 20a2aa3599..888ff3c2f6 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -8,7 +8,7 @@ */ /* - * SHA-1 low level APIs are deprecated for public use, but still ok for + * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for * internal use. */ #include "internal/deprecated.h" diff --git a/util/libcrypto.num b/util/libcrypto.num index ede0a40e8b..7ae99d1f6c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1001,7 +1001,7 @@ i2d_PKCS8PrivateKey_nid_bio 1026 3_0_0 EXIST::FUNCTION: ERR_put_error 1027 3_0_0 NOEXIST::FUNCTION: ERR_add_error_data 1028 3_0_0 EXIST::FUNCTION: X509_ALGORS_it 1029 3_0_0 EXIST::FUNCTION: -MD5_Update 1030 3_0_0 EXIST::FUNCTION:MD5 +MD5_Update 1030 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 X509_policy_check 1031 3_0_0 EXIST::FUNCTION: X509_CRL_METHOD_new 1032 3_0_0 EXIST::FUNCTION: ASN1_ANY_it 1033 3_0_0 EXIST::FUNCTION: @@ -1252,7 +1252,7 @@ ASN1_INTEGER_set_int64 1280 3_0_0 EXIST::FUNCTION: ASN1_TIME_free 1281 3_0_0 EXIST::FUNCTION: i2o_SCT_LIST 1282 3_0_0 EXIST::FUNCTION:CT AES_encrypt 1283 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -MD5_Init 1284 3_0_0 EXIST::FUNCTION:MD5 +MD5_Init 1284 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 UI_add_error_string 1285 3_0_0 EXIST::FUNCTION: X509_TRUST_cleanup 1286 3_0_0 EXIST::FUNCTION: PEM_read_X509 1287 3_0_0 EXIST::FUNCTION:STDIO @@ -1835,7 +1835,7 @@ RSA_verify_ASN1_OCTET_STRING 1877 3_0_0 EXIST::FUNCTION:RSA SCT_set_log_entry_type 1878 3_0_0 EXIST::FUNCTION:CT BN_new 1879 3_0_0 EXIST::FUNCTION: X509_OBJECT_retrieve_by_subject 1880 3_0_0 EXIST::FUNCTION: -MD5_Final 1881 3_0_0 EXIST::FUNCTION:MD5 +MD5_Final 1881 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 X509_STORE_set_verify_cb 1882 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_print 1883 3_0_0 EXIST::FUNCTION:OCSP CMS_add1_crl 1884 3_0_0 EXIST::FUNCTION:CMS @@ -1876,7 +1876,7 @@ CMS_SignedData_init 1920 3_0_0 EXIST::FUNCTION:CMS X509_REQ_free 1921 3_0_0 EXIST::FUNCTION: ASN1_INTEGER_set 1922 3_0_0 EXIST::FUNCTION: EVP_DecodeFinal 1923 3_0_0 EXIST::FUNCTION: -MD5_Transform 1925 3_0_0 EXIST::FUNCTION:MD5 +MD5_Transform 1925 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 SRP_create_verifier_BN 1926 3_0_0 EXIST::FUNCTION:SRP ENGINE_register_all_EC 1927 3_0_0 EXIST::FUNCTION:ENGINE EVP_camellia_128_ofb 1928 3_0_0 EXIST::FUNCTION:CAMELLIA @@ -3003,7 +3003,7 @@ EVP_des_ede_cfb64 3067 3_0_0 EXIST::FUNCTION:DES d2i_RSAPrivateKey 3068 3_0_0 EXIST::FUNCTION:RSA ERR_load_BN_strings 3069 3_0_0 EXIST::FUNCTION: BF_encrypt 3070 3_0_0 EXIST::FUNCTION:BF,DEPRECATEDIN_3_0 -MD5 3071 3_0_0 EXIST::FUNCTION:MD5 +MD5 3071 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD5 BN_GF2m_arr2poly 3072 3_0_0 EXIST::FUNCTION:EC2M EVP_PKEY_meth_get_ctrl 3073 3_0_0 EXIST::FUNCTION: i2d_X509_REQ_bio 3074 3_0_0 EXIST::FUNCTION: