openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Deprecate the low level IDEA functions. 

Use of the low level IDEA functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10819)
This commit is contained in:
Pauli 2020-01-13 13:02:45 +10:00
parent 621f74b3e3
commit da2d32f6db
14 changed files with 111 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/speed.c
View File

@ -378,7 +378,7 @@ static const OPT_PAIR doit_choices[] = {
{"rc5-cbc", D_CBC_RC5},
{"rc5", D_CBC_RC5},
#endif
#ifndef OPENSSL_NO_IDEA
#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"idea-cbc", D_CBC_IDEA},
{"idea", D_CBC_IDEA},
#endif
@ -1459,7 +1459,7 @@ int speed_main(int argc, char **argv)
#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
RC2_KEY rc2_ks;
#endif
#ifndef OPENSSL_NO_IDEA
#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
IDEA_KEY_SCHEDULE idea_ks;
#endif
#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@ -1969,7 +1969,7 @@ int speed_main(int argc, char **argv)
Camellia_set_key(key32, 256, &camellia_ks[2]);
}
#endif
#ifndef OPENSSL_NO_IDEA
#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_IDEA])
IDEA_set_encrypt_key(key16, &idea_ks);
#endif
@ -2571,7 +2571,7 @@ int speed_main(int argc, char **argv)
}
}
#endif
#ifndef OPENSSL_NO_IDEA
#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_IDEA]) {
if (async_jobs > 0) {
BIO_printf(bio_err, "Async mode is not supported with %s\n",
@ -3507,7 +3507,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_DEPRECATED_3_0
printf("%s ", AES_options());
#endif
#ifndef OPENSSL_NO_IDEA
#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
printf("%s ", IDEA_options());
#endif
#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)

12
apps/version.c
View File

@ -15,18 +15,9 @@
#include <openssl/evp.h>
#include <openssl/crypto.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_MD2
# include <openssl/md2.h>
#endif
#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
#endif
#ifndef OPENSSL_NO_IDEA
# include <openssl/idea.h>
#endif
#ifndef OPENSSL_NO_BF
# include <openssl/blowfish.h>
#endif
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@ -128,9 +119,6 @@ opthelp:
printf(" %s", BN_options());
#ifndef OPENSSL_NO_DES
printf(" %s", DES_options());
#endif
#ifndef OPENSSL_NO_IDEA
printf(" %s", IDEA_options());
#endif
printf("\n");
}

7
crypto/evp/e_idea.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"

7
crypto/idea/i_cbc.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <openssl/idea.h>
#include "idea_local.h"

7
crypto/idea/i_cfb64.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <openssl/idea.h>
#include "idea_local.h"

7
crypto/idea/i_ecb.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <openssl/idea.h>
#include "idea_local.h"
#include <openssl/opensslv.h>

7
crypto/idea/i_ofb64.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <openssl/idea.h>
#include "idea_local.h"

7
crypto/idea/i_skey.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <openssl/idea.h>
#include "idea_local.h"

49
include/openssl/idea.h
View File

@ -23,33 +23,42 @@
extern "C" {
# endif
typedef unsigned int IDEA_INT;
# define IDEA_ENCRYPT 1
# define IDEA_DECRYPT 0
# define IDEA_BLOCK 8
# define IDEA_KEY_LENGTH 16
# ifndef OPENSSL_NO_DEPRECATED_3_0
typedef unsigned int IDEA_INT;
# define IDEA_ENCRYPT 1
# define IDEA_DECRYPT 0
typedef struct idea_key_st {
IDEA_INT data[9][6];
} IDEA_KEY_SCHEDULE;
#endif
const char *IDEA_options(void);
void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
IDEA_KEY_SCHEDULE *ks);
void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
int enc);
void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
int *num, int enc);
void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
int *num);
void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
DEPRECATEDIN_3_0(const char *IDEA_options(void))
DEPRECATEDIN_3_0(void IDEA_ecb_encrypt(const unsigned char *in,
unsigned char *out,
IDEA_KEY_SCHEDULE *ks))
DEPRECATEDIN_3_0(void IDEA_set_encrypt_key(const unsigned char *key,
IDEA_KEY_SCHEDULE *ks))
DEPRECATEDIN_3_0(void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek,
IDEA_KEY_SCHEDULE *dk))
DEPRECATEDIN_3_0(void IDEA_cbc_encrypt(const unsigned char *in,
unsigned char *out, long length,
IDEA_KEY_SCHEDULE *ks,
unsigned char *iv, int enc))
DEPRECATEDIN_3_0(void IDEA_cfb64_encrypt(const unsigned char *in,
unsigned char *out, long length,
IDEA_KEY_SCHEDULE *ks,
unsigned char *iv, int *num, int enc))
DEPRECATEDIN_3_0(void IDEA_ofb64_encrypt(const unsigned char *in,
unsigned char *out, long length,
IDEA_KEY_SCHEDULE *ks,
unsigned char *iv, int *num))
DEPRECATEDIN_3_0(void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks))
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define idea_options IDEA_options

7
providers/implementations/ciphers/cipher_idea.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
/* Dispatch functions for Idea cipher modes ecb, cbc, ofb, cfb */
#include "cipher_idea.h"

7
providers/implementations/ciphers/cipher_idea_hw.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include "cipher_idea.h"
static int cipher_hw_idea_initkey(PROV_CIPHER_CTX *ctx,

12
test/build.info
View File

@ -32,7 +32,7 @@ IF[{- !$disabled{tests} -}]
versions \
aborttest test_test \
sanitytest rsa_complex exdatatest bntest \
ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
ectest ecstresstest ecdsatest gmdifftest pbelutest \
hmactest \
destest mdc2test \
dhtest enginetest \
@ -110,10 +110,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[pbelutest]=../include ../apps/include
DEPEND[pbelutest]=../libcrypto libtestutil.a
SOURCE[ideatest]=ideatest.c
INCLUDE[ideatest]=../include ../apps/include
DEPEND[ideatest]=../libcrypto libtestutil.a
SOURCE[hmactest]=hmactest.c
INCLUDE[hmactest]=../include ../apps/include
DEPEND[hmactest]=../libcrypto libtestutil.a
@ -505,7 +501,7 @@ IF[{- !$disabled{tests} -}]
IF[1]
PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \
tls13encryptiontest wpackettest ctype_internal_test \
rdrand_sanitytest property_test \
rdrand_sanitytest property_test ideatest \
rsa_sp800_56b_test bn_internal_test \
rc2test rc4test rc5test \
asn1_dsa_internal_test
@ -553,6 +549,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[tls13encryptiontest]=.. ../include ../apps/include
DEPEND[tls13encryptiontest]=../libcrypto ../libssl.a libtestutil.a
SOURCE[ideatest]=ideatest.c
INCLUDE[ideatest]=../include ../apps/include
DEPEND[ideatest]=../libcrypto.a libtestutil.a
SOURCE[wpackettest]=wpackettest.c
INCLUDE[wpackettest]=../include ../apps/include
DEPEND[wpackettest]=../libcrypto ../libssl.a libtestutil.a

7
test/ideatest.c
View File

@ -7,6 +7,13 @@
* https://www.openssl.org/source/license.html
*/
/*
* IDEA low level APIs are deprecated for public use, but still ok for internal
* use where we're using them to implement the higher level EVP interface, as is
* the case here.
*/
#include "internal/deprecated.h"
#include <string.h>
#include "internal/nelem.h"

16
util/libcrypto.num
View File

@ -140,7 +140,7 @@ PKCS12_BAGS_new 142 3_0_0 EXIST::FUNCTION:
CMAC_CTX_new 143 3_0_0 EXIST::FUNCTION:CMAC
ASIdentifierChoice_new 144 3_0_0 EXIST::FUNCTION:RFC3779
EVP_PKEY_asn1_set_public 145 3_0_0 EXIST::FUNCTION:
IDEA_set_decrypt_key 146 3_0_0 EXIST::FUNCTION:IDEA
IDEA_set_decrypt_key 146 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
X509_STORE_CTX_set_flags 147 3_0_0 EXIST::FUNCTION:
BIO_ADDR_rawmake 148 3_0_0 EXIST::FUNCTION:SOCK
EVP_PKEY_asn1_set_ctrl 149 3_0_0 EXIST::FUNCTION:
@ -642,7 +642,7 @@ PEM_SignInit 658 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_set_key_length 659 3_0_0 EXIST::FUNCTION:
X509_delete_ext 660 3_0_0 EXIST::FUNCTION:
OCSP_resp_get0_produced_at 661 3_0_0 EXIST::FUNCTION:OCSP
IDEA_encrypt 662 3_0_0 EXIST::FUNCTION:IDEA
IDEA_encrypt 662 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
CRYPTO_nistcts128_encrypt_block 663 3_0_0 EXIST::FUNCTION:
EVP_MD_do_all 664 3_0_0 EXIST::FUNCTION:
EC_KEY_oct2priv 665 3_0_0 EXIST::FUNCTION:EC
@ -954,7 +954,7 @@ BN_is_bit_set 978 3_0_0 EXIST::FUNCTION:
AES_ofb128_encrypt 979 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_STORE_add_lookup 980 3_0_0 EXIST::FUNCTION:
ASN1_GENERALSTRING_new 981 3_0_0 EXIST::FUNCTION:
IDEA_options 982 3_0_0 EXIST::FUNCTION:IDEA
IDEA_options 982 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
d2i_X509_REQ 983 3_0_0 EXIST::FUNCTION:
i2d_TS_STATUS_INFO 984 3_0_0 EXIST::FUNCTION:TS
X509_PURPOSE_get_by_id 985 3_0_0 EXIST::FUNCTION:
@ -1844,7 +1844,7 @@ X509_STORE_CTX_set0_trusted_stack 1886 3_0_0 EXIST::FUNCTION:
BIO_ADDR_service_string 1887 3_0_0 EXIST::FUNCTION:SOCK
ASN1_BOOLEAN_it 1888 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_time_cb 1889 3_0_0 EXIST::FUNCTION:TS
IDEA_cbc_encrypt 1890 3_0_0 EXIST::FUNCTION:IDEA
IDEA_cbc_encrypt 1890 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
BN_CTX_secure_new 1891 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_add_ext 1892 3_0_0 EXIST::FUNCTION:OCSP
CMS_uncompress 1893 3_0_0 EXIST::FUNCTION:CMS
@ -2448,7 +2448,7 @@ BIO_f_zlib 2498 3_0_0 EXIST::FUNCTION:COMP,ZLIB
AES_cfb128_encrypt 2499 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ENGINE_set_EC 2500 3_0_0 EXIST::FUNCTION:ENGINE
d2i_ECPKParameters 2501 3_0_0 EXIST::FUNCTION:EC
IDEA_ofb64_encrypt 2502 3_0_0 EXIST::FUNCTION:IDEA
IDEA_ofb64_encrypt 2502 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
CAST_decrypt 2503 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
TS_STATUS_INFO_get0_failure_info 2504 3_0_0 EXIST::FUNCTION:TS
ENGINE_unregister_pkey_meths 2506 3_0_0 EXIST::FUNCTION:ENGINE
@ -2531,7 +2531,7 @@ ENGINE_load_ssl_client_cert 2584 3_0_0 EXIST::FUNCTION:ENGINE
X509_STORE_CTX_set_verify_cb 2585 3_0_0 EXIST::FUNCTION:
CRYPTO_clear_realloc 2586 3_0_0 EXIST::FUNCTION:
OPENSSL_strnlen 2587 3_0_0 EXIST::FUNCTION:
IDEA_ecb_encrypt 2588 3_0_0 EXIST::FUNCTION:IDEA
IDEA_ecb_encrypt 2588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
ASN1_STRING_set_default_mask 2589 3_0_0 EXIST::FUNCTION:
TS_VERIFY_CTX_add_flags 2590 3_0_0 EXIST::FUNCTION:TS
FIPS_mode 2591 3_0_0 EXIST::FUNCTION:
@ -3102,7 +3102,7 @@ a2i_ASN1_INTEGER 3166 3_0_0 EXIST::FUNCTION:
OCSP_sendreq_bio 3167 3_0_0 EXIST::FUNCTION:OCSP
PKCS12_SAFEBAG_create_crl 3168 3_0_0 EXIST::FUNCTION:
d2i_X509_NAME 3169 3_0_0 EXIST::FUNCTION:
IDEA_cfb64_encrypt 3170 3_0_0 EXIST::FUNCTION:IDEA
IDEA_cfb64_encrypt 3170 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
BN_mod_sub 3171 3_0_0 EXIST::FUNCTION:
ASN1_NULL_new 3172 3_0_0 EXIST::FUNCTION:
HMAC_Init 3173 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
@ -3129,7 +3129,7 @@ OCSP_request_verify 3194 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_THREAD_run_once 3195 3_0_0 EXIST::FUNCTION:
TS_REQ_print_bio 3196 3_0_0 EXIST::FUNCTION:TS
SCT_get_version 3197 3_0_0 EXIST::FUNCTION:CT
IDEA_set_encrypt_key 3198 3_0_0 EXIST::FUNCTION:IDEA
IDEA_set_encrypt_key 3198 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
ENGINE_get_DH 3199 3_0_0 EXIST::FUNCTION:ENGINE
i2d_ASIdentifierChoice 3200 3_0_0 EXIST::FUNCTION:RFC3779
SRP_Calc_A 3201 3_0_0 EXIST::FUNCTION:SRP