summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPauli <paul.dale@oracle.com>2020-01-14 00:15:18 +0100
committerPauli <paul.dale@oracle.com>2020-01-15 22:07:27 +0100
commitee2993abd0830ec27a2dd49e07db8d0eb5f3e579 (patch)
tree9c789bbe5b362cc30edaacac00ca8acd21c58f69
parentrc2: fix preprocessor indentation (diff)
downloadopenssl-ee2993abd0830ec27a2dd49e07db8d0eb5f3e579.tar.xz
openssl-ee2993abd0830ec27a2dd49e07db8d0eb5f3e579.zip
Deprecate the low level RC2 functions
Use of the low level RC2 functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt functions. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10834)
-rw-r--r--apps/speed.c8
-rw-r--r--crypto/evp/e_rc2.c6
-rw-r--r--crypto/rc2/rc2_cbc.c6
-rw-r--r--crypto/rc2/rc2_ecb.c6
-rw-r--r--crypto/rc2/rc2_skey.c6
-rw-r--r--crypto/rc2/rc2cfb64.c6
-rw-r--r--crypto/rc2/rc2ofb64.c6
-rw-r--r--include/openssl/rc2.h43
-rw-r--r--providers/implementations/ciphers/cipher_rc2.c6
-rw-r--r--providers/implementations/ciphers/cipher_rc2_hw.c6
-rw-r--r--test/build.info8
-rw-r--r--test/rc2test.c6
-rw-r--r--util/libcrypto.num14
13 files changed, 94 insertions, 33 deletions
diff --git a/apps/speed.c b/apps/speed.c
index ef14ad6380..ae02393dd1 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -368,7 +368,7 @@ static const OPT_PAIR doit_choices[] = {
{"aes-192-ige", D_IGE_192_AES},
{"aes-256-ige", D_IGE_256_AES},
#endif
-#ifndef OPENSSL_NO_RC2
+#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"rc2-cbc", D_CBC_RC2},
{"rc2", D_CBC_RC2},
#endif
@@ -1452,7 +1452,7 @@ int speed_main(int argc, char **argv)
#ifndef OPENSSL_NO_RC5
RC5_32_KEY rc5_ks;
#endif
-#ifndef OPENSSL_NO_RC2
+#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
RC2_KEY rc2_ks;
#endif
#ifndef OPENSSL_NO_IDEA
@@ -1977,7 +1977,7 @@ int speed_main(int argc, char **argv)
if (doit[D_RC4])
RC4_set_key(&rc4_ks, 16, key16);
#endif
-#ifndef OPENSSL_NO_RC2
+#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_RC2])
RC2_set_key(&rc2_ks, 16, key16, 128);
#endif
@@ -2604,7 +2604,7 @@ int speed_main(int argc, char **argv)
}
}
#endif
-#ifndef OPENSSL_NO_RC2
+#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_RC2]) {
if (async_jobs > 0) {
BIO_printf(bio_err, "Async mode is not supported with %s\n",
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index d2201b000a..a3c09c86a1 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c
index 58a4b3e615..acfd4fde1c 100644
--- a/crypto/rc2/rc2_cbc.c
+++ b/crypto/rc2/rc2_cbc.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/rc2.h>
#include "rc2_local.h"
diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c
index fec2c10174..da086e6598 100644
--- a/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/rc2.h>
#include "rc2_local.h"
#include <openssl/opensslv.h>
diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
index 33068d4802..542ce0f6f9 100644
--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/rc2.h>
#include "rc2_local.h"
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
index 9b85368db1..298be79d44 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/rc2.h>
#include "rc2_local.h"
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
index 4270009e51..097f8befe0 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/rc2.h>
#include "rc2_local.h"
diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h
index 0e92df3aa3..2c63c753d2 100644
--- a/include/openssl/rc2.h
+++ b/include/openssl/rc2.h
@@ -23,31 +23,38 @@
extern "C" {
# endif
-typedef unsigned int RC2_INT;
-
-# define RC2_ENCRYPT 1
-# define RC2_DECRYPT 0
-
# define RC2_BLOCK 8
# define RC2_KEY_LENGTH 16
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+typedef unsigned int RC2_INT;
+
+# define RC2_ENCRYPT 1
+# define RC2_DECRYPT 0
+
typedef struct rc2_key_st {
RC2_INT data[64];
} RC2_KEY;
+# endif
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
- RC2_KEY *key, int enc);
-void RC2_encrypt(unsigned long *data, RC2_KEY *key);
-void RC2_decrypt(unsigned long *data, RC2_KEY *key);
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC2_KEY *schedule, unsigned char *ivec,
- int *num, int enc);
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC2_KEY *schedule, unsigned char *ivec,
- int *num);
+DEPRECATEDIN_3_0(void RC2_set_key(RC2_KEY *key, int len,
+ const unsigned char *data, int bits))
+DEPRECATEDIN_3_0(void RC2_ecb_encrypt(const unsigned char *in,
+ unsigned char *out, RC2_KEY *key,
+ int enc))
+DEPRECATEDIN_3_0(void RC2_encrypt(unsigned long *data, RC2_KEY *key))
+DEPRECATEDIN_3_0(void RC2_decrypt(unsigned long *data, RC2_KEY *key))
+DEPRECATEDIN_3_0(void RC2_cbc_encrypt(const unsigned char *in,
+ unsigned char *out, long length,
+ RC2_KEY *ks, unsigned char *iv, int enc))
+DEPRECATEDIN_3_0(void RC2_cfb64_encrypt(const unsigned char *in,
+ unsigned char *out, long length,
+ RC2_KEY *schedule, unsigned char *ivec,
+ int *num, int enc))
+DEPRECATEDIN_3_0(void RC2_ofb64_encrypt(const unsigned char *in,
+ unsigned char *out, long length,
+ RC2_KEY *schedule, unsigned char *ivec,
+ int *num))
# ifdef __cplusplus
}
diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c
index 604c7ed637..c773407d85 100644
--- a/providers/implementations/ciphers/cipher_rc2.c
+++ b/providers/implementations/ciphers/cipher_rc2.c
@@ -9,6 +9,12 @@
/* Dispatch functions for RC2 cipher modes ecb, cbc, ofb, cfb */
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include "cipher_rc2.h"
#include "prov/implementations.h"
#include "prov/providercommonerr.h"
diff --git a/providers/implementations/ciphers/cipher_rc2_hw.c b/providers/implementations/ciphers/cipher_rc2_hw.c
index 83d7560d41..5f0d576c25 100644
--- a/providers/implementations/ciphers/cipher_rc2_hw.c
+++ b/providers/implementations/ciphers/cipher_rc2_hw.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include "cipher_rc2.h"
static int cipher_hw_rc2_initkey(PROV_CIPHER_CTX *ctx,
diff --git a/test/build.info b/test/build.info
index d8e390197e..9b3122b74f 100644
--- a/test/build.info
+++ b/test/build.info
@@ -119,10 +119,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[hmactest]=../include ../apps/include
DEPEND[hmactest]=../libcrypto libtestutil.a
- SOURCE[rc2test]=rc2test.c
- INCLUDE[rc2test]=../include ../apps/include
- DEPEND[rc2test]=../libcrypto libtestutil.a
-
SOURCE[rc4test]=rc4test.c
INCLUDE[rc4test]=../include ../apps/include
DEPEND[rc4test]=../libcrypto libtestutil.a
@@ -593,6 +589,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[sm4_internal_test]=.. ../include ../apps/include ../crypto/include
DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a
+ SOURCE[rc2test]=rc2test.c
+ INCLUDE[rc2test]=../include ../apps/include
+ DEPEND[rc2test]=../libcrypto.a libtestutil.a
+
SOURCE[ec_internal_test]=ec_internal_test.c
INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include ../crypto/include
DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
diff --git a/test/rc2test.c b/test/rc2test.c
index 9ebc9ecdf5..7b965094fc 100644
--- a/test/rc2test.c
+++ b/test/rc2test.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/nelem.h"
#include "testutil.h"
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 4484b361c3..827ce5eb15 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -251,7 +251,7 @@ SXNET_new 255 3_0_0 EXIST::FUNCTION:
EVP_camellia_256_ctr 256 3_0_0 EXIST::FUNCTION:CAMELLIA
d2i_PKCS8_PRIV_KEY_INFO 257 3_0_0 EXIST::FUNCTION:
EVP_md2 259 3_0_0 EXIST::FUNCTION:MD2
-RC2_ecb_encrypt 260 3_0_0 EXIST::FUNCTION:RC2
+RC2_ecb_encrypt 260 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
ENGINE_register_DH 261 3_0_0 EXIST::FUNCTION:ENGINE
ASN1_NULL_free 262 3_0_0 EXIST::FUNCTION:
EC_KEY_copy 263 3_0_0 EXIST::FUNCTION:EC
@@ -604,7 +604,7 @@ X509at_get_attr 618 3_0_0 EXIST::FUNCTION:
X509_PUBKEY_it 619 3_0_0 EXIST::FUNCTION:
DES_ede3_ofb64_encrypt 620 3_0_0 EXIST::FUNCTION:DES
EC_KEY_METHOD_get_compute_key 621 3_0_0 EXIST::FUNCTION:EC
-RC2_cfb64_encrypt 622 3_0_0 EXIST::FUNCTION:RC2
+RC2_cfb64_encrypt 622 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
EVP_EncryptFinal_ex 623 3_0_0 EXIST::FUNCTION:
ERR_load_RSA_strings 624 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_malloc_done 625 3_0_0 EXIST::FUNCTION:
@@ -1029,7 +1029,7 @@ BN_GF2m_mod_exp 1055 3_0_0 EXIST::FUNCTION:EC2M
OPENSSL_buf2hexstr 1056 3_0_0 EXIST::FUNCTION:
DES_encrypt2 1057 3_0_0 EXIST::FUNCTION:DES
DH_up_ref 1058 3_0_0 EXIST::FUNCTION:DH
-RC2_ofb64_encrypt 1059 3_0_0 EXIST::FUNCTION:RC2
+RC2_ofb64_encrypt 1059 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
PKCS12_pbe_crypt 1060 3_0_0 EXIST::FUNCTION:
ASIdentifiers_free 1061 3_0_0 EXIST::FUNCTION:RFC3779
X509_VERIFY_PARAM_get0 1062 3_0_0 EXIST::FUNCTION:
@@ -1097,7 +1097,7 @@ PKCS8_PRIV_KEY_INFO_it 1123 3_0_0 EXIST::FUNCTION:
RSA_OAEP_PARAMS_free 1124 3_0_0 EXIST::FUNCTION:RSA
ASN1_item_new 1125 3_0_0 EXIST::FUNCTION:
CRYPTO_cts128_encrypt 1126 3_0_0 EXIST::FUNCTION:
-RC2_encrypt 1127 3_0_0 EXIST::FUNCTION:RC2
+RC2_encrypt 1127 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
PEM_write 1128 3_0_0 EXIST::FUNCTION:STDIO
EVP_CIPHER_meth_get_get_asn1_params 1129 3_0_0 EXIST::FUNCTION:
i2d_OCSP_RESPBYTES 1130 3_0_0 EXIST::FUNCTION:OCSP
@@ -1278,7 +1278,7 @@ UI_get_result_maxsize 1306 3_0_0 EXIST::FUNCTION:
PBEPARAM_it 1307 3_0_0 EXIST::FUNCTION:
TS_ACCURACY_set_seconds 1308 3_0_0 EXIST::FUNCTION:TS
UI_get0_action_string 1309 3_0_0 EXIST::FUNCTION:
-RC2_decrypt 1310 3_0_0 EXIST::FUNCTION:RC2
+RC2_decrypt 1310 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
OPENSSL_atexit 1311 3_0_0 EXIST::FUNCTION:
CMS_add_standard_smimecap 1312 3_0_0 EXIST::FUNCTION:CMS
PKCS7_add_attrib_content_type 1313 3_0_0 EXIST::FUNCTION:
@@ -1557,7 +1557,7 @@ UI_get0_output_string 1591 3_0_0 EXIST::FUNCTION:
ERR_get_error_line_data 1592 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
CTLOG_get0_name 1593 3_0_0 EXIST::FUNCTION:CT
ASN1_TBOOLEAN_it 1594 3_0_0 EXIST::FUNCTION:
-RC2_set_key 1595 3_0_0 EXIST::FUNCTION:RC2
+RC2_set_key 1595 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
X509_REVOKED_get_ext_by_NID 1596 3_0_0 EXIST::FUNCTION:
RSA_padding_add_none 1597 3_0_0 EXIST::FUNCTION:RSA
EVP_rc5_32_12_16_cbc 1599 3_0_0 EXIST::FUNCTION:RC5
@@ -1692,7 +1692,7 @@ CMS_unsigned_get_attr 1730 3_0_0 EXIST::FUNCTION:CMS
EVP_aes_256_cbc 1731 3_0_0 EXIST::FUNCTION:
X509_check_ip_asc 1732 3_0_0 EXIST::FUNCTION:
PEM_write_bio_X509_AUX 1733 3_0_0 EXIST::FUNCTION:
-RC2_cbc_encrypt 1734 3_0_0 EXIST::FUNCTION:RC2
+RC2_cbc_encrypt 1734 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
TS_MSG_IMPRINT_new 1735 3_0_0 EXIST::FUNCTION:TS
EVP_ENCODE_CTX_new 1736 3_0_0 EXIST::FUNCTION:
BIO_f_base64 1737 3_0_0 EXIST::FUNCTION: