openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Deprecate the low level RC5 functions 

Use of the low level RC5 functions has been informally discouraged for a long
time.  We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)
This commit is contained in:
Pauli 2020-01-14 10:33:03 +10:00
parent 26aae51347
commit 62c3fed0cd
14 changed files with 111 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/speed.c
View File

@ -372,7 +372,7 @@ static const OPT_PAIR doit_choices[] = {
{"rc2-cbc", D_CBC_RC2},
{"rc2", D_CBC_RC2},
#endif
#ifndef OPENSSL_NO_RC5
#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"rc5-cbc", D_CBC_RC5},
{"rc5", D_CBC_RC5},
#endif
@ -1449,7 +1449,7 @@ int speed_main(int argc, char **argv)
EdDSA_SECONDS, SM2_SECONDS };
/* What follows are the buffers and key material. */
#ifndef OPENSSL_NO_RC5
#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
RC5_32_KEY rc5_ks;
#endif
#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@ -1981,7 +1981,7 @@ int speed_main(int argc, char **argv)
if (doit[D_CBC_RC2])
RC2_set_key(&rc2_ks, 16, key16, 128);
#endif
#ifndef OPENSSL_NO_RC5
#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_RC5])
if (!RC5_32_set_key(&rc5_ks, 16, key16, 12)) {
BIO_printf(bio_err, "Failed setting RC5 key\n");
@ -2628,7 +2628,7 @@ int speed_main(int argc, char **argv)
}
}
#endif
#ifndef OPENSSL_NO_RC5
#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_RC5]) {
if (async_jobs > 0) {
BIO_printf(bio_err, "Async mode is not supported with %s\n",

6
crypto/evp/e_rc5.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"

6
crypto/rc5/rc5_ecb.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <openssl/rc5.h>
#include "rc5_local.h"
#include <openssl/opensslv.h>

6
crypto/rc5/rc5_enc.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <openssl/rc5.h>
#include "rc5_local.h"

6
crypto/rc5/rc5_skey.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <openssl/rc5.h>
#include "rc5_local.h"

6
crypto/rc5/rc5cfb64.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <openssl/rc5.h>
#include "rc5_local.h"

6
crypto/rc5/rc5ofb64.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <openssl/rc5.h>
#include "rc5_local.h"

12
doc/man3/RC4_set_key.pod
View File

@ -8,6 +8,10 @@ RC4_set_key, RC4 - RC4 encryption
#include <openssl/rc4.h>
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
@ -15,6 +19,10 @@ RC4_set_key, RC4 - RC4 encryption
=head1 DESCRIPTION
All of the functions described on this page are deprecated. Applications should
instead use L<EVP_EncryptInit_ex(3)>, L<EVP_EncryptUpdate(3)> and
L<EVP_EncryptFinal_ex(3)> or the equivalently named decrypt functions.
This library implements the Alleged RC4 cipher, which is described for
example in I<Applied Cryptography>. It is believed to be compatible
with RC4[TM], a proprietary cipher of RSA Security Inc.
@ -54,6 +62,10 @@ multiple encryptions using the same key stream.
L<EVP_EncryptInit(3)>
=head1 HISTORY
All of these functions were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

53
include/openssl/rc5.h
View File

@ -23,43 +23,50 @@
extern "C" {
# endif
# define RC5_ENCRYPT 1
# define RC5_DECRYPT 0
# define RC5_32_INT unsigned int
# define RC5_32_BLOCK 8
# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define RC5_ENCRYPT 1
# define RC5_DECRYPT 0
# define RC5_32_INT unsigned int
/*
* This are the only values supported. Tweak the code if you want more The
* most supported modes will be RC5-32/12/16 RC5-32/16/8
*/
# define RC5_8_ROUNDS 8
# define RC5_12_ROUNDS 12
# define RC5_16_ROUNDS 16
# define RC5_8_ROUNDS 8
# define RC5_12_ROUNDS 12
# define RC5_16_ROUNDS 16
typedef struct rc5_key_st {
/* Number of rounds */
int rounds;
RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)];
} RC5_32_KEY;
# endif
int RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
int rounds);
void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
RC5_32_KEY *key, int enc);
void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key);
void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key);
void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
long length, RC5_32_KEY *ks, unsigned char *iv,
int enc);
void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, RC5_32_KEY *schedule,
unsigned char *ivec, int *num, int enc);
void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, RC5_32_KEY *schedule,
unsigned char *ivec, int *num);
DEPRECATEDIN_3_0(int RC5_32_set_key(RC5_32_KEY *key, int len,
const unsigned char *data, int rounds))
DEPRECATEDIN_3_0(void RC5_32_ecb_encrypt(const unsigned char *in,
unsigned char *out, RC5_32_KEY *key,
int enc))
DEPRECATEDIN_3_0(void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key))
DEPRECATEDIN_3_0(void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key))
DEPRECATEDIN_3_0(void RC5_32_cbc_encrypt(const unsigned char *in,
unsigned char *out, long length,
RC5_32_KEY *ks, unsigned char *iv,
int enc))
DEPRECATEDIN_3_0(void RC5_32_cfb64_encrypt(const unsigned char *in,
unsigned char *out, long length,
RC5_32_KEY *schedule,
unsigned char *ivec, int *num,
int enc))
DEPRECATEDIN_3_0(void RC5_32_ofb64_encrypt(const unsigned char *in,
unsigned char *out, long length,
RC5_32_KEY *schedule,
unsigned char *ivec, int *num))
# ifdef __cplusplus
}

6
providers/implementations/ciphers/cipher_rc5.c
View File

@ -9,6 +9,12 @@
/* Dispatch functions for RC5 cipher modes ecb, cbc, ofb, cfb */
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include "cipher_rc5.h"
#include "prov/implementations.h"
#include "prov/providercommonerr.h"

6
providers/implementations/ciphers/cipher_rc5_hw.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include "cipher_rc5.h"
static int cipher_hw_rc5_initkey(PROV_CIPHER_CTX *ctx,

8
test/build.info
View File

@ -119,10 +119,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[hmactest]=../include ../apps/include
DEPEND[hmactest]=../libcrypto libtestutil.a
SOURCE[rc5test]=rc5test.c
INCLUDE[rc5test]=../include ../apps/include
DEPEND[rc5test]=../libcrypto libtestutil.a
SOURCE[destest]=destest.c
INCLUDE[destest]=../include ../apps/include
DEPEND[destest]=../libcrypto libtestutil.a
@ -593,6 +589,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[rc4test]=../include ../apps/include
DEPEND[rc4test]=../libcrypto.a libtestutil.a
SOURCE[rc5test]=rc5test.c
INCLUDE[rc5test]=../include ../apps/include
DEPEND[rc5test]=../libcrypto.a libtestutil.a
SOURCE[ec_internal_test]=ec_internal_test.c
INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include ../crypto/include
DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a

6
test/rc5test.c
View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RC5 low level APIs are deprecated for public use, but still ok for internal
* use.
*/
#include "internal/deprecated.h"
#include <string.h>
#include "internal/nelem.h"

14
util/libcrypto.num
View File

@ -1238,7 +1238,7 @@ HMAC_CTX_copy 1266 3_0_0 EXIST::FUNCTION:
CRYPTO_gcm128_init 1267 3_0_0 EXIST::FUNCTION:
i2d_X509_CINF 1268 3_0_0 EXIST::FUNCTION:
X509_REVOKED_delete_ext 1269 3_0_0 EXIST::FUNCTION:
RC5_32_cfb64_encrypt 1270 3_0_0 EXIST::FUNCTION:RC5
RC5_32_cfb64_encrypt 1270 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
TS_REQ_set_cert_req 1271 3_0_0 EXIST::FUNCTION:TS
TXT_DB_get_by_index 1272 3_0_0 EXIST::FUNCTION:
X509_check_ca 1273 3_0_0 EXIST::FUNCTION:
@ -1673,7 +1673,7 @@ UI_dup_verify_string 1711 3_0_0 EXIST::FUNCTION:
d2i_PKCS7_bio 1712 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_digests 1713 3_0_0 EXIST::FUNCTION:ENGINE
i2d_PublicKey 1714 3_0_0 EXIST::FUNCTION:
RC5_32_set_key 1715 3_0_0 EXIST::FUNCTION:RC5
RC5_32_set_key 1715 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
AES_unwrap_key 1716 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_Cipher 1717 3_0_0 EXIST::FUNCTION:
AES_set_decrypt_key 1718 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
@ -1771,7 +1771,7 @@ OPENSSL_LH_delete 1812 3_0_0 EXIST::FUNCTION:
TS_STATUS_INFO_dup 1813 3_0_0 EXIST::FUNCTION:TS
X509v3_addr_get_range 1814 3_0_0 EXIST::FUNCTION:RFC3779
X509_EXTENSION_get_data 1815 3_0_0 EXIST::FUNCTION:
RC5_32_encrypt 1816 3_0_0 EXIST::FUNCTION:RC5
RC5_32_encrypt 1816 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
DIST_POINT_set_dpname 1817 3_0_0 EXIST::FUNCTION:
BIO_sock_info 1818 3_0_0 EXIST::FUNCTION:SOCK
OPENSSL_hexstr2buf 1819 3_0_0 EXIST::FUNCTION:
@ -1946,7 +1946,7 @@ GENERAL_NAME_it 1991 3_0_0 EXIST::FUNCTION:
EVP_des_ede_ecb 1992 3_0_0 EXIST::FUNCTION:DES
i2d_CRL_DIST_POINTS 1993 3_0_0 EXIST::FUNCTION:
PEM_write_bio_X509_REQ_NEW 1994 3_0_0 EXIST::FUNCTION:
RC5_32_ofb64_encrypt 1995 3_0_0 EXIST::FUNCTION:RC5
RC5_32_ofb64_encrypt 1995 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
i2d_PKCS7 1996 3_0_0 EXIST::FUNCTION:
BN_mod_lshift_quick 1997 3_0_0 EXIST::FUNCTION:
DIST_POINT_NAME_it 1998 3_0_0 EXIST::FUNCTION:
@ -2694,7 +2694,7 @@ X509_REQ_to_X509 2750 3_0_0 EXIST::FUNCTION:
EVP_aes_192_wrap_pad 2751 3_0_0 EXIST::FUNCTION:
PKCS7_SIGN_ENVELOPE_new 2752 3_0_0 EXIST::FUNCTION:
TS_REQ_get_policy_id 2753 3_0_0 EXIST::FUNCTION:TS
RC5_32_cbc_encrypt 2754 3_0_0 EXIST::FUNCTION:RC5
RC5_32_cbc_encrypt 2754 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
BN_is_zero 2755 3_0_0 EXIST::FUNCTION:
CT_POLICY_EVAL_CTX_new 2756 3_0_0 EXIST::FUNCTION:CT
NETSCAPE_SPKI_it 2757 3_0_0 EXIST::FUNCTION:
@ -2856,7 +2856,7 @@ X509_STORE_CTX_free 2917 3_0_0 EXIST::FUNCTION:
AUTHORITY_KEYID_it 2918 3_0_0 EXIST::FUNCTION:
X509V3_get_value_int 2919 3_0_0 EXIST::FUNCTION:
ASN1_UTCTIME_set_string 2920 3_0_0 EXIST::FUNCTION:
RC5_32_decrypt 2921 3_0_0 EXIST::FUNCTION:RC5
RC5_32_decrypt 2921 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
i2d_X509_REQ_INFO 2922 3_0_0 EXIST::FUNCTION:
EVP_des_cfb1 2923 3_0_0 EXIST::FUNCTION:DES
OBJ_NAME_cleanup 2924 3_0_0 EXIST::FUNCTION:
@ -3477,7 +3477,7 @@ BN_dec2bn 3549 3_0_0 EXIST::FUNCTION:
CMS_decrypt 3550 3_0_0 EXIST::FUNCTION:CMS
BN_mpi2bn 3551 3_0_0 EXIST::FUNCTION:
EVP_aes_128_cfb128 3552 3_0_0 EXIST::FUNCTION:
RC5_32_ecb_encrypt 3554 3_0_0 EXIST::FUNCTION:RC5
RC5_32_ecb_encrypt 3554 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
EVP_CIPHER_meth_new 3555 3_0_0 EXIST::FUNCTION:
i2d_RSA_OAEP_PARAMS 3556 3_0_0 EXIST::FUNCTION:RSA
SXNET_get_id_ulong 3557 3_0_0 EXIST::FUNCTION: