From 8ffb20ce05c13f137c169ebdfd11f702da82e9eb Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 9 Jan 2020 10:37:28 +1000 Subject: [PATCH] Deprecate the low level MD4 functions. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10790) --- apps/speed.c | 6 ++--- crypto/evp/legacy_md4.c | 6 +++++ crypto/md4/build.info | 11 +++++++-- crypto/md4/md4_dgst.c | 6 +++++ crypto/md4/md4_one.c | 6 +++++ doc/man3/MD5.pod | 4 ++++ include/openssl/md4.h | 25 ++++++++++++-------- providers/implementations/digests/md4_prov.c | 6 +++++ util/libcrypto.num | 10 ++++---- 9 files changed, 60 insertions(+), 20 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 244662054c..9dcf177e01 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -335,7 +335,7 @@ static const OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MDC2 {"mdc2", D_MDC2}, #endif -#ifndef OPENSSL_NO_MD4 +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"md4", D_MD4}, #endif #ifndef OPENSSL_NO_MD5 @@ -604,7 +604,7 @@ static int EVP_Digest_MDC2_loop(void *args) } #endif -#ifndef OPENSSL_NO_MD4 +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) static int EVP_Digest_MD4_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -2268,7 +2268,7 @@ int speed_main(int argc, char **argv) } #endif -#ifndef OPENSSL_NO_MD4 +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_MD4]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum], diff --git a/crypto/evp/legacy_md4.c b/crypto/evp/legacy_md4.c index b68a59fb85..4f91a9b27a 100644 --- a/crypto/evp/legacy_md4.c +++ b/crypto/evp/legacy_md4.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD4 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "crypto/evp.h" #include "legacy_meth.h" diff --git a/crypto/md4/build.info b/crypto/md4/build.info index 20846e0dce..7b36a0421e 100644 --- a/crypto/md4/build.info +++ b/crypto/md4/build.info @@ -1,3 +1,10 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - md4_dgst.c md4_one.c + +SOURCE[../../libcrypto]=md4_dgst.c md4_one.c + +# When all deprecated symbols are removed, libcrypto doesn't export the +# MD4 functions, so we must include them directly in liblegacy.a +IF[{- $disabled{"deprecated"} + && (defined $config{"api"} && $config{"api"} >= 30000) -}] + SOURCE[../../providers/liblegacy.a]=md4_dgst.c md4_one.c +ENDIF diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c index cf95fbe622..531676a2af 100644 --- a/crypto/md4/md4_dgst.c +++ b/crypto/md4/md4_dgst.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD4 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include "md4_local.h" diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c index 0383f9bc0d..25f8eb8bba 100644 --- a/crypto/md4/md4_one.c +++ b/crypto/md4/md4_one.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD4 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/doc/man3/MD5.pod b/doc/man3/MD5.pod index ee4569f6de..8efc8240ae 100644 --- a/doc/man3/MD5.pod +++ b/doc/man3/MD5.pod @@ -22,6 +22,10 @@ L: #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); int MD4_Init(MD4_CTX *c); diff --git a/include/openssl/md4.h b/include/openssl/md4.h index 3766ce3b71..4166e41fbf 100644 --- a/include/openssl/md4.h +++ b/include/openssl/md4.h @@ -23,18 +23,21 @@ # include # ifdef __cplusplus extern "C" { -# endif +# endif + +# define MD4_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! MD4_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# define MD4_LONG unsigned int +# define MD4_LONG unsigned int -# define MD4_CBLOCK 64 -# define MD4_LBLOCK (MD4_CBLOCK/4) -# define MD4_DIGEST_LENGTH 16 +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) typedef struct MD4state_st { MD4_LONG A, B, C, D; @@ -42,12 +45,14 @@ typedef struct MD4state_st { MD4_LONG data[MD4_LBLOCK]; unsigned int num; } MD4_CTX; +# endif -int MD4_Init(MD4_CTX *c); -int MD4_Update(MD4_CTX *c, const void *data, size_t len); -int MD4_Final(unsigned char *md, MD4_CTX *c); -unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); -void MD4_Transform(MD4_CTX *c, const unsigned char *b); +DEPRECATEDIN_3_0(int MD4_Init(MD4_CTX *c)) +DEPRECATEDIN_3_0(int MD4_Update(MD4_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int MD4_Final(unsigned char *md, MD4_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MD4(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void MD4_Transform(MD4_CTX *c, const unsigned char *b)) # ifdef __cplusplus } diff --git a/providers/implementations/digests/md4_prov.c b/providers/implementations/digests/md4_prov.c index 3ce356a58f..ba77758d07 100644 --- a/providers/implementations/digests/md4_prov.c +++ b/providers/implementations/digests/md4_prov.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD4 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include "prov/digestcommon.h" diff --git a/util/libcrypto.num b/util/libcrypto.num index d3562b08fb..6cbae39617 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -421,7 +421,7 @@ EVP_MD_CTX_md 428 3_0_0 EXIST::FUNCTION: X509_REVOKED_get_ext 429 3_0_0 EXIST::FUNCTION: d2i_RSA_PSS_PARAMS 430 3_0_0 EXIST::FUNCTION:RSA USERNOTICE_free 431 3_0_0 EXIST::FUNCTION: -MD4_Transform 432 3_0_0 EXIST::FUNCTION:MD4 +MD4_Transform 432 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 EVP_CIPHER_block_size 433 3_0_0 EXIST::FUNCTION: CERTIFICATEPOLICIES_new 434 3_0_0 EXIST::FUNCTION: BIO_dump_fp 435 3_0_0 EXIST::FUNCTION:STDIO @@ -2541,7 +2541,7 @@ EC_GROUP_get_order 2594 3_0_0 EXIST::FUNCTION:EC X509_REVOKED_add1_ext_i2d 2595 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_add1_host 2596 3_0_0 EXIST::FUNCTION: i2d_PUBKEY_bio 2597 3_0_0 EXIST::FUNCTION: -MD4_Update 2598 3_0_0 EXIST::FUNCTION:MD4 +MD4_Update 2598 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 X509_STORE_CTX_set_time 2599 3_0_0 EXIST::FUNCTION: ENGINE_set_default_DH 2600 3_0_0 EXIST::FUNCTION:ENGINE X509_ocspid_print 2601 3_0_0 EXIST::FUNCTION: @@ -2591,7 +2591,7 @@ ASN1_item_dup 2646 3_0_0 EXIST::FUNCTION: GENERAL_NAMES_it 2647 3_0_0 EXIST::FUNCTION: X509_issuer_name_hash 2648 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_nonce 2649 3_0_0 EXIST::FUNCTION:TS -MD4_Init 2650 3_0_0 EXIST::FUNCTION:MD4 +MD4_Init 2650 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 X509_EXTENSION_create_by_OBJ 2651 3_0_0 EXIST::FUNCTION: EVP_aes_256_cbc_hmac_sha1 2652 3_0_0 EXIST::FUNCTION: SCT_validate 2653 3_0_0 EXIST::FUNCTION:CT @@ -3144,7 +3144,7 @@ i2d_PKCS12_SAFEBAG 3209 3_0_0 EXIST::FUNCTION: BN_rand_range 3210 3_0_0 EXIST::FUNCTION: SMIME_write_ASN1 3211 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_new 3212 3_0_0 EXIST::FUNCTION: -MD4_Final 3213 3_0_0 EXIST::FUNCTION:MD4 +MD4_Final 3213 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 EVP_PKEY_id 3214 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_get0_pkey_ctx 3215 3_0_0 EXIST::FUNCTION:CMS OCSP_REQINFO_free 3216 3_0_0 EXIST::FUNCTION:OCSP @@ -3187,7 +3187,7 @@ EVP_des_ede3_wrap 3252 3_0_0 EXIST::FUNCTION:DES GENERAL_SUBTREE_it 3253 3_0_0 EXIST::FUNCTION: EVP_read_pw_string_min 3254 3_0_0 EXIST::FUNCTION: X509_set1_notBefore 3255 3_0_0 EXIST::FUNCTION: -MD4 3256 3_0_0 EXIST::FUNCTION:MD4 +MD4 3256 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 EVP_PKEY_CTX_dup 3257 3_0_0 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3258 3_0_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE PEM_read_bio_DHparams 3259 3_0_0 EXIST::FUNCTION:DH -- 2.25.1