From: Pauli Date: Mon, 13 Jan 2020 23:38:09 +0000 (+1000) Subject: Deprecate the low level RC4 functions X-Git-Tag: openssl-3.0.0-alpha1~674 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a8fca7284a98ca58804e17ade92fadd7a62056ae;p=oweals%2Fopenssl.git Deprecate the low level RC4 functions Use of the low level RC4 functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt functions. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10834) --- diff --git a/apps/speed.c b/apps/speed.c index ae02393dd1..f567b48d2e 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -353,7 +353,7 @@ static const OPT_PAIR doit_choices[] = { {"rmd160", D_RMD160}, {"ripemd160", D_RMD160}, #endif -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"rc4", D_RC4}, #endif #ifndef OPENSSL_NO_DES @@ -712,7 +712,7 @@ static int EVP_Digest_RMD160_loop(void *args) } #endif -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) static RC4_KEY rc4_ks; static int RC4_loop(void *args) { @@ -1973,7 +1973,7 @@ int speed_main(int argc, char **argv) if (doit[D_CBC_SEED]) SEED_set_key(key16, &seed_ks); #endif -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_RC4]) RC4_set_key(&rc4_ks, 16, key16); #endif @@ -2379,7 +2379,7 @@ int speed_main(int argc, char **argv) } } #endif -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_RC4]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum], @@ -3492,7 +3492,7 @@ int speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) printf("%s ", MD2_options()); #endif -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) printf("%s ", RC4_options()); #endif #ifndef OPENSSL_NO_DES diff --git a/apps/version.c b/apps/version.c index 09d903d844..deb9133855 100644 --- a/apps/version.c +++ b/apps/version.c @@ -18,9 +18,6 @@ #ifndef OPENSSL_NO_MD2 # include #endif -#ifndef OPENSSL_NO_RC4 -# include -#endif #ifndef OPENSSL_NO_DES # include #endif @@ -129,9 +126,6 @@ opthelp: if (options) { printf("options: "); printf(" %s", BN_options()); -#ifndef OPENSSL_NO_RC4 - printf(" %s", RC4_options()); -#endif #ifndef OPENSSL_NO_DES printf(" %s", DES_options()); #endif diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index b5c087830c..704268ad97 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -8,6 +8,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include #include "internal/cryptlib.h" diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index 092d6cf1db..f75e2d716e 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index f0168219f1..fa838bf4b2 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c index c4753d93e0..8479091c6c 100644 --- a/crypto/rc4/rc4_enc.c +++ b/crypto/rc4/rc4_enc.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc4_local.h" diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c index 42c4a20860..e9d60ca03a 100644 --- a/crypto/rc4/rc4_skey.c +++ b/crypto/rc4/rc4_skey.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc4_local.h" #include diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h index 22c76863e7..98ba8d8a2b 100644 --- a/include/openssl/rc4.h +++ b/include/openssl/rc4.h @@ -24,15 +24,18 @@ extern "C" { # endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct rc4_key_st { RC4_INT x, y; RC4_INT data[256]; } RC4_KEY; +# endif -const char *RC4_options(void); -void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, - unsigned char *outdata); +DEPRECATEDIN_3_0(const char *RC4_options(void)) +DEPRECATEDIN_3_0(void RC4_set_key(RC4_KEY *key, int len, + const unsigned char *data)) +DEPRECATEDIN_3_0(void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata)) # ifdef __cplusplus } diff --git a/providers/implementations/ciphers/cipher_rc4.c b/providers/implementations/ciphers/cipher_rc4.c index baf34f7b93..5e6112894f 100644 --- a/providers/implementations/ciphers/cipher_rc4.c +++ b/providers/implementations/ciphers/cipher_rc4.c @@ -9,6 +9,12 @@ /* Dispatch functions for RC4 ciphers */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "cipher_rc4.h" #include "prov/implementations.h" diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c index e7736bb0f3..876c81d34d 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -9,6 +9,12 @@ /* Dispatch functions for RC4_HMAC_MD5 cipher */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "cipher_rc4_hmac_md5.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c index d3098b1b3c..767a1e3e6b 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c @@ -9,6 +9,12 @@ /* RC4_HMAC_MD5 cipher implementation */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "cipher_rc4_hmac_md5.h" #define NO_PAYLOAD_LENGTH ((size_t)-1) diff --git a/providers/implementations/ciphers/cipher_rc4_hw.c b/providers/implementations/ciphers/cipher_rc4_hw.c index 503a618914..865b0aaedb 100644 --- a/providers/implementations/ciphers/cipher_rc4_hw.c +++ b/providers/implementations/ciphers/cipher_rc4_hw.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "cipher_rc4.h" static int cipher_hw_rc4_initkey(PROV_CIPHER_CTX *ctx, diff --git a/test/build.info b/test/build.info index 9b3122b74f..c5040718a2 100644 --- a/test/build.info +++ b/test/build.info @@ -119,10 +119,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[hmactest]=../include ../apps/include DEPEND[hmactest]=../libcrypto libtestutil.a - SOURCE[rc4test]=rc4test.c - INCLUDE[rc4test]=../include ../apps/include - DEPEND[rc4test]=../libcrypto libtestutil.a - SOURCE[rc5test]=rc5test.c INCLUDE[rc5test]=../include ../apps/include DEPEND[rc5test]=../libcrypto libtestutil.a @@ -593,6 +589,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[rc2test]=../include ../apps/include DEPEND[rc2test]=../libcrypto.a libtestutil.a + SOURCE[rc4test]=rc4test.c + INCLUDE[rc4test]=../include ../apps/include + DEPEND[rc4test]=../libcrypto.a libtestutil.a + SOURCE[ec_internal_test]=ec_internal_test.c INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include ../crypto/include DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/rc4test.c b/test/rc4test.c index 34ec2e016e..ed0bef5006 100644 --- a/test/rc4test.c +++ b/test/rc4test.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC4 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "internal/nelem.h" diff --git a/util/libcrypto.num b/util/libcrypto.num index 827ce5eb15..926ab06eaa 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -341,7 +341,7 @@ OPENSSL_sk_sort 346 3_0_0 EXIST::FUNCTION: CTLOG_STORE_load_file 347 3_0_0 EXIST::FUNCTION:CT ASN1_SEQUENCE_it 348 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_get_tst_info 349 3_0_0 EXIST::FUNCTION:TS -RC4 350 3_0_0 EXIST::FUNCTION:RC4 +RC4 350 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4 PKCS7_stream 352 3_0_0 EXIST::FUNCTION: i2t_ASN1_OBJECT 353 3_0_0 EXIST::FUNCTION: EC_GROUP_get0_generator 354 3_0_0 EXIST::FUNCTION:EC @@ -778,7 +778,7 @@ PKCS7_dataInit 797 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_app_data 798 3_0_0 EXIST::FUNCTION: a2i_GENERAL_NAME 799 3_0_0 EXIST::FUNCTION: SXNETID_new 800 3_0_0 EXIST::FUNCTION: -RC4_options 801 3_0_0 EXIST::FUNCTION:RC4 +RC4_options 801 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4 BIO_f_null 802 3_0_0 EXIST::FUNCTION: EC_GROUP_set_curve_name 803 3_0_0 EXIST::FUNCTION:EC d2i_PBE2PARAM 804 3_0_0 EXIST::FUNCTION: @@ -2960,7 +2960,7 @@ ASN1_TYPE_unpack_sequence 3024 3_0_0 EXIST::FUNCTION: X509_CRL_sign_ctx 3025 3_0_0 EXIST::FUNCTION: X509_STORE_add_crl 3026 3_0_0 EXIST::FUNCTION: PEM_write_RSAPrivateKey 3027 3_0_0 EXIST::FUNCTION:RSA,STDIO -RC4_set_key 3028 3_0_0 EXIST::FUNCTION:RC4 +RC4_set_key 3028 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4 EVP_CIPHER_CTX_cipher 3029 3_0_0 EXIST::FUNCTION: PEM_write_bio_PKCS8PrivateKey_nid 3030 3_0_0 EXIST::FUNCTION: BN_MONT_CTX_new 3031 3_0_0 EXIST::FUNCTION: