From ee2993abd0830ec27a2dd49e07db8d0eb5f3e579 Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 14 Jan 2020 09:15:18 +1000 Subject: [PATCH] Deprecate the low level RC2 functions Use of the low level RC2 functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10834) --- apps/speed.c | 8 ++-- crypto/evp/e_rc2.c | 6 +++ crypto/rc2/rc2_cbc.c | 6 +++ crypto/rc2/rc2_ecb.c | 6 +++ crypto/rc2/rc2_skey.c | 6 +++ crypto/rc2/rc2cfb64.c | 6 +++ crypto/rc2/rc2ofb64.c | 6 +++ include/openssl/rc2.h | 43 +++++++++++-------- .../implementations/ciphers/cipher_rc2.c | 6 +++ .../implementations/ciphers/cipher_rc2_hw.c | 6 +++ test/build.info | 8 ++-- test/rc2test.c | 6 +++ util/libcrypto.num | 14 +++--- 13 files changed, 94 insertions(+), 33 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index ef14ad6380..ae02393dd1 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -368,7 +368,7 @@ static const OPT_PAIR doit_choices[] = { {"aes-192-ige", D_IGE_192_AES}, {"aes-256-ige", D_IGE_256_AES}, #endif -#ifndef OPENSSL_NO_RC2 +#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"rc2-cbc", D_CBC_RC2}, {"rc2", D_CBC_RC2}, #endif @@ -1452,7 +1452,7 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_RC5 RC5_32_KEY rc5_ks; #endif -#ifndef OPENSSL_NO_RC2 +#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) RC2_KEY rc2_ks; #endif #ifndef OPENSSL_NO_IDEA @@ -1977,7 +1977,7 @@ int speed_main(int argc, char **argv) if (doit[D_RC4]) RC4_set_key(&rc4_ks, 16, key16); #endif -#ifndef OPENSSL_NO_RC2 +#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_CBC_RC2]) RC2_set_key(&rc2_ks, 16, key16, 128); #endif @@ -2604,7 +2604,7 @@ int speed_main(int argc, char **argv) } } #endif -#ifndef OPENSSL_NO_RC2 +#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_CBC_RC2]) { if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported with %s\n", diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index d2201b000a..a3c09c86a1 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c index 58a4b3e615..acfd4fde1c 100644 --- a/crypto/rc2/rc2_cbc.c +++ b/crypto/rc2/rc2_cbc.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc2_local.h" diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c index fec2c10174..da086e6598 100644 --- a/crypto/rc2/rc2_ecb.c +++ b/crypto/rc2/rc2_ecb.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc2_local.h" #include diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c index 33068d4802..542ce0f6f9 100644 --- a/crypto/rc2/rc2_skey.c +++ b/crypto/rc2/rc2_skey.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc2_local.h" diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c index 9b85368db1..298be79d44 100644 --- a/crypto/rc2/rc2cfb64.c +++ b/crypto/rc2/rc2cfb64.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc2_local.h" diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c index 4270009e51..097f8befe0 100644 --- a/crypto/rc2/rc2ofb64.c +++ b/crypto/rc2/rc2ofb64.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include #include "rc2_local.h" diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h index 0e92df3aa3..2c63c753d2 100644 --- a/include/openssl/rc2.h +++ b/include/openssl/rc2.h @@ -23,31 +23,38 @@ extern "C" { # endif -typedef unsigned int RC2_INT; - -# define RC2_ENCRYPT 1 -# define RC2_DECRYPT 0 - # define RC2_BLOCK 8 # define RC2_KEY_LENGTH 16 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + typedef struct rc2_key_st { RC2_INT data[64]; } RC2_KEY; +# endif -void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); -void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, - RC2_KEY *key, int enc); -void RC2_encrypt(unsigned long *data, RC2_KEY *key); -void RC2_decrypt(unsigned long *data, RC2_KEY *key); -void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - RC2_KEY *ks, unsigned char *iv, int enc); -void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC2_KEY *schedule, unsigned char *ivec, - int *num, int enc); -void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC2_KEY *schedule, unsigned char *ivec, - int *num); +DEPRECATEDIN_3_0(void RC2_set_key(RC2_KEY *key, int len, + const unsigned char *data, int bits)) +DEPRECATEDIN_3_0(void RC2_ecb_encrypt(const unsigned char *in, + unsigned char *out, RC2_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void RC2_encrypt(unsigned long *data, RC2_KEY *key)) +DEPRECATEDIN_3_0(void RC2_decrypt(unsigned long *data, RC2_KEY *key)) +DEPRECATEDIN_3_0(void RC2_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc)) +DEPRECATEDIN_3_0(void RC2_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc)) +DEPRECATEDIN_3_0(void RC2_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, + int *num)) # ifdef __cplusplus } diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c index 604c7ed637..c773407d85 100644 --- a/providers/implementations/ciphers/cipher_rc2.c +++ b/providers/implementations/ciphers/cipher_rc2.c @@ -9,6 +9,12 @@ /* Dispatch functions for RC2 cipher modes ecb, cbc, ofb, cfb */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "cipher_rc2.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" diff --git a/providers/implementations/ciphers/cipher_rc2_hw.c b/providers/implementations/ciphers/cipher_rc2_hw.c index 83d7560d41..5f0d576c25 100644 --- a/providers/implementations/ciphers/cipher_rc2_hw.c +++ b/providers/implementations/ciphers/cipher_rc2_hw.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "cipher_rc2.h" static int cipher_hw_rc2_initkey(PROV_CIPHER_CTX *ctx, diff --git a/test/build.info b/test/build.info index d8e390197e..9b3122b74f 100644 --- a/test/build.info +++ b/test/build.info @@ -119,10 +119,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[hmactest]=../include ../apps/include DEPEND[hmactest]=../libcrypto libtestutil.a - SOURCE[rc2test]=rc2test.c - INCLUDE[rc2test]=../include ../apps/include - DEPEND[rc2test]=../libcrypto libtestutil.a - SOURCE[rc4test]=rc4test.c INCLUDE[rc4test]=../include ../apps/include DEPEND[rc4test]=../libcrypto libtestutil.a @@ -593,6 +589,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[sm4_internal_test]=.. ../include ../apps/include ../crypto/include DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a + SOURCE[rc2test]=rc2test.c + INCLUDE[rc2test]=../include ../apps/include + DEPEND[rc2test]=../libcrypto.a libtestutil.a + SOURCE[ec_internal_test]=ec_internal_test.c INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include ../crypto/include DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/rc2test.c b/test/rc2test.c index 9ebc9ecdf5..7b965094fc 100644 --- a/test/rc2test.c +++ b/test/rc2test.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RC2 low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + #include "internal/nelem.h" #include "testutil.h" diff --git a/util/libcrypto.num b/util/libcrypto.num index 4484b361c3..827ce5eb15 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -251,7 +251,7 @@ SXNET_new 255 3_0_0 EXIST::FUNCTION: EVP_camellia_256_ctr 256 3_0_0 EXIST::FUNCTION:CAMELLIA d2i_PKCS8_PRIV_KEY_INFO 257 3_0_0 EXIST::FUNCTION: EVP_md2 259 3_0_0 EXIST::FUNCTION:MD2 -RC2_ecb_encrypt 260 3_0_0 EXIST::FUNCTION:RC2 +RC2_ecb_encrypt 260 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 ENGINE_register_DH 261 3_0_0 EXIST::FUNCTION:ENGINE ASN1_NULL_free 262 3_0_0 EXIST::FUNCTION: EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:EC @@ -604,7 +604,7 @@ X509at_get_attr 618 3_0_0 EXIST::FUNCTION: X509_PUBKEY_it 619 3_0_0 EXIST::FUNCTION: DES_ede3_ofb64_encrypt 620 3_0_0 EXIST::FUNCTION:DES EC_KEY_METHOD_get_compute_key 621 3_0_0 EXIST::FUNCTION:EC -RC2_cfb64_encrypt 622 3_0_0 EXIST::FUNCTION:RC2 +RC2_cfb64_encrypt 622 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 EVP_EncryptFinal_ex 623 3_0_0 EXIST::FUNCTION: ERR_load_RSA_strings 624 3_0_0 EXIST::FUNCTION: CRYPTO_secure_malloc_done 625 3_0_0 EXIST::FUNCTION: @@ -1029,7 +1029,7 @@ BN_GF2m_mod_exp 1055 3_0_0 EXIST::FUNCTION:EC2M OPENSSL_buf2hexstr 1056 3_0_0 EXIST::FUNCTION: DES_encrypt2 1057 3_0_0 EXIST::FUNCTION:DES DH_up_ref 1058 3_0_0 EXIST::FUNCTION:DH -RC2_ofb64_encrypt 1059 3_0_0 EXIST::FUNCTION:RC2 +RC2_ofb64_encrypt 1059 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 PKCS12_pbe_crypt 1060 3_0_0 EXIST::FUNCTION: ASIdentifiers_free 1061 3_0_0 EXIST::FUNCTION:RFC3779 X509_VERIFY_PARAM_get0 1062 3_0_0 EXIST::FUNCTION: @@ -1097,7 +1097,7 @@ PKCS8_PRIV_KEY_INFO_it 1123 3_0_0 EXIST::FUNCTION: RSA_OAEP_PARAMS_free 1124 3_0_0 EXIST::FUNCTION:RSA ASN1_item_new 1125 3_0_0 EXIST::FUNCTION: CRYPTO_cts128_encrypt 1126 3_0_0 EXIST::FUNCTION: -RC2_encrypt 1127 3_0_0 EXIST::FUNCTION:RC2 +RC2_encrypt 1127 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 PEM_write 1128 3_0_0 EXIST::FUNCTION:STDIO EVP_CIPHER_meth_get_get_asn1_params 1129 3_0_0 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 1130 3_0_0 EXIST::FUNCTION:OCSP @@ -1278,7 +1278,7 @@ UI_get_result_maxsize 1306 3_0_0 EXIST::FUNCTION: PBEPARAM_it 1307 3_0_0 EXIST::FUNCTION: TS_ACCURACY_set_seconds 1308 3_0_0 EXIST::FUNCTION:TS UI_get0_action_string 1309 3_0_0 EXIST::FUNCTION: -RC2_decrypt 1310 3_0_0 EXIST::FUNCTION:RC2 +RC2_decrypt 1310 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 OPENSSL_atexit 1311 3_0_0 EXIST::FUNCTION: CMS_add_standard_smimecap 1312 3_0_0 EXIST::FUNCTION:CMS PKCS7_add_attrib_content_type 1313 3_0_0 EXIST::FUNCTION: @@ -1557,7 +1557,7 @@ UI_get0_output_string 1591 3_0_0 EXIST::FUNCTION: ERR_get_error_line_data 1592 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 CTLOG_get0_name 1593 3_0_0 EXIST::FUNCTION:CT ASN1_TBOOLEAN_it 1594 3_0_0 EXIST::FUNCTION: -RC2_set_key 1595 3_0_0 EXIST::FUNCTION:RC2 +RC2_set_key 1595 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 X509_REVOKED_get_ext_by_NID 1596 3_0_0 EXIST::FUNCTION: RSA_padding_add_none 1597 3_0_0 EXIST::FUNCTION:RSA EVP_rc5_32_12_16_cbc 1599 3_0_0 EXIST::FUNCTION:RC5 @@ -1692,7 +1692,7 @@ CMS_unsigned_get_attr 1730 3_0_0 EXIST::FUNCTION:CMS EVP_aes_256_cbc 1731 3_0_0 EXIST::FUNCTION: X509_check_ip_asc 1732 3_0_0 EXIST::FUNCTION: PEM_write_bio_X509_AUX 1733 3_0_0 EXIST::FUNCTION: -RC2_cbc_encrypt 1734 3_0_0 EXIST::FUNCTION:RC2 +RC2_cbc_encrypt 1734 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2 TS_MSG_IMPRINT_new 1735 3_0_0 EXIST::FUNCTION:TS EVP_ENCODE_CTX_new 1736 3_0_0 EXIST::FUNCTION: BIO_f_base64 1737 3_0_0 EXIST::FUNCTION: -- 2.25.1