Deprecate the low level RC5 functions
authorPauli <paul.dale@oracle.com>
Tue, 14 Jan 2020 00:33:03 +0000 (10:33 +1000)
committerPauli <paul.dale@oracle.com>
Wed, 15 Jan 2020 21:07:27 +0000 (07:07 +1000)
Use of the low level RC5 functions has been informally discouraged for a long
time.  We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

14 files changed:
apps/speed.c
crypto/evp/e_rc5.c
crypto/rc5/rc5_ecb.c
crypto/rc5/rc5_enc.c
crypto/rc5/rc5_skey.c
crypto/rc5/rc5cfb64.c
crypto/rc5/rc5ofb64.c
doc/man3/RC4_set_key.pod
include/openssl/rc5.h
providers/implementations/ciphers/cipher_rc5.c
providers/implementations/ciphers/cipher_rc5_hw.c
test/build.info
test/rc5test.c
util/libcrypto.num

index f567b48..d741f31 100644 (file)
@@ -372,7 +372,7 @@ static const OPT_PAIR doit_choices[] = {
     {"rc2-cbc", D_CBC_RC2},
     {"rc2", D_CBC_RC2},
 #endif
-#ifndef OPENSSL_NO_RC5
+#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     {"rc5-cbc", D_CBC_RC5},
     {"rc5", D_CBC_RC5},
 #endif
@@ -1449,7 +1449,7 @@ int speed_main(int argc, char **argv)
                                     EdDSA_SECONDS, SM2_SECONDS };
 
     /* What follows are the buffers and key material. */
-#ifndef OPENSSL_NO_RC5
+#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     RC5_32_KEY rc5_ks;
 #endif
 #if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@@ -1981,7 +1981,7 @@ int speed_main(int argc, char **argv)
     if (doit[D_CBC_RC2])
         RC2_set_key(&rc2_ks, 16, key16, 128);
 #endif
-#ifndef OPENSSL_NO_RC5
+#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_CBC_RC5])
         if (!RC5_32_set_key(&rc5_ks, 16, key16, 12)) {
             BIO_printf(bio_err, "Failed setting RC5 key\n");
@@ -2628,7 +2628,7 @@ int speed_main(int argc, char **argv)
         }
     }
 #endif
-#ifndef OPENSSL_NO_RC5
+#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_CBC_RC5]) {
         if (async_jobs > 0) {
             BIO_printf(bio_err, "Async mode is not supported with %s\n",
index 4783cc3..96066e8 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 
index 51c14fd..39c36b6 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc5.h>
 #include "rc5_local.h"
 #include <openssl/opensslv.h>
index c91fa99..0fa80a5 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <openssl/rc5.h>
 #include "rc5_local.h"
index 22a5df1..dc8617f 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc5.h>
 #include "rc5_local.h"
 
index 001e124..99b1753 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc5.h>
 #include "rc5_local.h"
 
index c3ae5d8..7fc19fd 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc5.h>
 #include "rc5_local.h"
 
index 661a694..2b314f0 100644 (file)
@@ -8,6 +8,10 @@ RC4_set_key, RC4 - RC4 encryption
 
  #include <openssl/rc4.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 
  void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
@@ -15,6 +19,10 @@ RC4_set_key, RC4 - RC4 encryption
 
 =head1 DESCRIPTION
 
+All of the functions described on this page are deprecated. Applications should
+instead use L<EVP_EncryptInit_ex(3)>, L<EVP_EncryptUpdate(3)> and
+L<EVP_EncryptFinal_ex(3)> or the equivalently named decrypt functions.
+
 This library implements the Alleged RC4 cipher, which is described for
 example in I<Applied Cryptography>.  It is believed to be compatible
 with RC4[TM], a proprietary cipher of RSA Security Inc.
@@ -54,6 +62,10 @@ multiple encryptions using the same key stream.
 
 L<EVP_EncryptInit(3)>
 
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
index 22bdeca..a9c06d3 100644 (file)
 extern "C" {
 #  endif
 
-#  define RC5_ENCRYPT     1
-#  define RC5_DECRYPT     0
-
-#  define RC5_32_INT unsigned int
-
 #  define RC5_32_BLOCK            8
 #  define RC5_32_KEY_LENGTH       16/* This is a default, max is 255 */
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+#   define RC5_ENCRYPT     1
+#   define RC5_DECRYPT     0
+
+#   define RC5_32_INT unsigned int
+
 /*
  * This are the only values supported.  Tweak the code if you want more The
  * most supported modes will be RC5-32/12/16 RC5-32/16/8
  */
-#  define RC5_8_ROUNDS    8
-#  define RC5_12_ROUNDS   12
-#  define RC5_16_ROUNDS   16
+#   define RC5_8_ROUNDS    8
+#   define RC5_12_ROUNDS   12
+#   define RC5_16_ROUNDS   16
 
 typedef struct rc5_key_st {
     /* Number of rounds */
     int rounds;
     RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)];
 } RC5_32_KEY;
+#  endif
 
-int RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
-                   int rounds);
-void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                        RC5_32_KEY *key, int enc);
-void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key);
-void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key);
-void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, RC5_32_KEY *ks, unsigned char *iv,
-                        int enc);
-void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                          long length, RC5_32_KEY *schedule,
-                          unsigned char *ivec, int *num, int enc);
-void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                          long length, RC5_32_KEY *schedule,
-                          unsigned char *ivec, int *num);
+DEPRECATEDIN_3_0(int RC5_32_set_key(RC5_32_KEY *key, int len,
+                                    const unsigned char *data, int rounds))
+DEPRECATEDIN_3_0(void RC5_32_ecb_encrypt(const unsigned char *in,
+                                         unsigned char *out, RC5_32_KEY *key,
+                                         int enc))
+DEPRECATEDIN_3_0(void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key))
+DEPRECATEDIN_3_0(void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key))
+DEPRECATEDIN_3_0(void RC5_32_cbc_encrypt(const unsigned char *in,
+                                         unsigned char *out, long length,
+                                         RC5_32_KEY *ks, unsigned char *iv,
+                                         int enc))
+DEPRECATEDIN_3_0(void RC5_32_cfb64_encrypt(const unsigned char *in,
+                                           unsigned char *out, long length,
+                                           RC5_32_KEY *schedule,
+                                           unsigned char *ivec, int *num,
+                                           int enc))
+DEPRECATEDIN_3_0(void RC5_32_ofb64_encrypt(const unsigned char *in,
+                                           unsigned char *out, long length,
+                                           RC5_32_KEY *schedule,
+                                           unsigned char *ivec, int *num))
 
 #  ifdef  __cplusplus
 }
index e2e1cb6..d6026c4 100644 (file)
@@ -9,6 +9,12 @@
 
 /* Dispatch functions for RC5 cipher modes ecb, cbc, ofb, cfb */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_rc5.h"
 #include "prov/implementations.h"
 #include "prov/providercommonerr.h"
index a9a05ba..5d85881 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_rc5.h"
 
 static int cipher_hw_rc5_initkey(PROV_CIPHER_CTX *ctx,
index c504071..9afbdfd 100644 (file)
@@ -119,10 +119,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[hmactest]=../include ../apps/include
   DEPEND[hmactest]=../libcrypto libtestutil.a
 
-  SOURCE[rc5test]=rc5test.c
-  INCLUDE[rc5test]=../include ../apps/include
-  DEPEND[rc5test]=../libcrypto libtestutil.a
-
   SOURCE[destest]=destest.c
   INCLUDE[destest]=../include ../apps/include
   DEPEND[destest]=../libcrypto libtestutil.a
@@ -593,6 +589,10 @@ IF[{- !$disabled{tests} -}]
     INCLUDE[rc4test]=../include ../apps/include
     DEPEND[rc4test]=../libcrypto.a libtestutil.a
 
+    SOURCE[rc5test]=rc5test.c
+    INCLUDE[rc5test]=../include ../apps/include
+    DEPEND[rc5test]=../libcrypto.a libtestutil.a
+
     SOURCE[ec_internal_test]=ec_internal_test.c
     INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include ../crypto/include
     DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
index 39a113e..70f88f0 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC5 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 
 #include "internal/nelem.h"
index 926ab06..049380a 100644 (file)
@@ -1238,7 +1238,7 @@ HMAC_CTX_copy                           1266      3_0_0   EXIST::FUNCTION:
 CRYPTO_gcm128_init                      1267   3_0_0   EXIST::FUNCTION:
 i2d_X509_CINF                           1268   3_0_0   EXIST::FUNCTION:
 X509_REVOKED_delete_ext                 1269   3_0_0   EXIST::FUNCTION:
-RC5_32_cfb64_encrypt                    1270   3_0_0   EXIST::FUNCTION:RC5
+RC5_32_cfb64_encrypt                    1270   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
 TS_REQ_set_cert_req                     1271   3_0_0   EXIST::FUNCTION:TS
 TXT_DB_get_by_index                     1272   3_0_0   EXIST::FUNCTION:
 X509_check_ca                           1273   3_0_0   EXIST::FUNCTION:
@@ -1673,7 +1673,7 @@ UI_dup_verify_string                    1711      3_0_0   EXIST::FUNCTION:
 d2i_PKCS7_bio                           1712   3_0_0   EXIST::FUNCTION:
 ENGINE_set_default_digests              1713   3_0_0   EXIST::FUNCTION:ENGINE
 i2d_PublicKey                           1714   3_0_0   EXIST::FUNCTION:
-RC5_32_set_key                          1715   3_0_0   EXIST::FUNCTION:RC5
+RC5_32_set_key                          1715   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
 AES_unwrap_key                          1716   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_Cipher                              1717   3_0_0   EXIST::FUNCTION:
 AES_set_decrypt_key                     1718   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -1771,7 +1771,7 @@ OPENSSL_LH_delete                       1812      3_0_0   EXIST::FUNCTION:
 TS_STATUS_INFO_dup                      1813   3_0_0   EXIST::FUNCTION:TS
 X509v3_addr_get_range                   1814   3_0_0   EXIST::FUNCTION:RFC3779
 X509_EXTENSION_get_data                 1815   3_0_0   EXIST::FUNCTION:
-RC5_32_encrypt                          1816   3_0_0   EXIST::FUNCTION:RC5
+RC5_32_encrypt                          1816   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
 DIST_POINT_set_dpname                   1817   3_0_0   EXIST::FUNCTION:
 BIO_sock_info                           1818   3_0_0   EXIST::FUNCTION:SOCK
 OPENSSL_hexstr2buf                      1819   3_0_0   EXIST::FUNCTION:
@@ -1946,7 +1946,7 @@ GENERAL_NAME_it                         1991      3_0_0   EXIST::FUNCTION:
 EVP_des_ede_ecb                         1992   3_0_0   EXIST::FUNCTION:DES
 i2d_CRL_DIST_POINTS                     1993   3_0_0   EXIST::FUNCTION:
 PEM_write_bio_X509_REQ_NEW              1994   3_0_0   EXIST::FUNCTION:
-RC5_32_ofb64_encrypt                    1995   3_0_0   EXIST::FUNCTION:RC5
+RC5_32_ofb64_encrypt                    1995   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
 i2d_PKCS7                               1996   3_0_0   EXIST::FUNCTION:
 BN_mod_lshift_quick                     1997   3_0_0   EXIST::FUNCTION:
 DIST_POINT_NAME_it                      1998   3_0_0   EXIST::FUNCTION:
@@ -2694,7 +2694,7 @@ X509_REQ_to_X509                        2750      3_0_0   EXIST::FUNCTION:
 EVP_aes_192_wrap_pad                    2751   3_0_0   EXIST::FUNCTION:
 PKCS7_SIGN_ENVELOPE_new                 2752   3_0_0   EXIST::FUNCTION:
 TS_REQ_get_policy_id                    2753   3_0_0   EXIST::FUNCTION:TS
-RC5_32_cbc_encrypt                      2754   3_0_0   EXIST::FUNCTION:RC5
+RC5_32_cbc_encrypt                      2754   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
 BN_is_zero                              2755   3_0_0   EXIST::FUNCTION:
 CT_POLICY_EVAL_CTX_new                  2756   3_0_0   EXIST::FUNCTION:CT
 NETSCAPE_SPKI_it                        2757   3_0_0   EXIST::FUNCTION:
@@ -2856,7 +2856,7 @@ X509_STORE_CTX_free                     2917      3_0_0   EXIST::FUNCTION:
 AUTHORITY_KEYID_it                      2918   3_0_0   EXIST::FUNCTION:
 X509V3_get_value_int                    2919   3_0_0   EXIST::FUNCTION:
 ASN1_UTCTIME_set_string                 2920   3_0_0   EXIST::FUNCTION:
-RC5_32_decrypt                          2921   3_0_0   EXIST::FUNCTION:RC5
+RC5_32_decrypt                          2921   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
 i2d_X509_REQ_INFO                       2922   3_0_0   EXIST::FUNCTION:
 EVP_des_cfb1                            2923   3_0_0   EXIST::FUNCTION:DES
 OBJ_NAME_cleanup                        2924   3_0_0   EXIST::FUNCTION:
@@ -3477,7 +3477,7 @@ BN_dec2bn                               3549      3_0_0   EXIST::FUNCTION:
 CMS_decrypt                             3550   3_0_0   EXIST::FUNCTION:CMS
 BN_mpi2bn                               3551   3_0_0   EXIST::FUNCTION:
 EVP_aes_128_cfb128                      3552   3_0_0   EXIST::FUNCTION:
-RC5_32_ecb_encrypt                      3554   3_0_0   EXIST::FUNCTION:RC5
+RC5_32_ecb_encrypt                      3554   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC5
 EVP_CIPHER_meth_new                     3555   3_0_0   EXIST::FUNCTION:
 i2d_RSA_OAEP_PARAMS                     3556   3_0_0   EXIST::FUNCTION:RSA
 SXNET_get_id_ulong                      3557   3_0_0   EXIST::FUNCTION: