Deprecate the low level RC4 functions
authorPauli <paul.dale@oracle.com>
Mon, 13 Jan 2020 23:38:09 +0000 (09:38 +1000)
committerPauli <paul.dale@oracle.com>
Wed, 15 Jan 2020 21:07:27 +0000 (07:07 +1000)
Use of the low level RC4 functions has been informally discouraged for a long
time.  We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

15 files changed:
apps/speed.c
apps/version.c
crypto/engine/eng_openssl.c
crypto/evp/e_rc4.c
crypto/evp/e_rc4_hmac_md5.c
crypto/rc4/rc4_enc.c
crypto/rc4/rc4_skey.c
include/openssl/rc4.h
providers/implementations/ciphers/cipher_rc4.c
providers/implementations/ciphers/cipher_rc4_hmac_md5.c
providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
providers/implementations/ciphers/cipher_rc4_hw.c
test/build.info
test/rc4test.c
util/libcrypto.num

index ae02393..f567b48 100644 (file)
@@ -353,7 +353,7 @@ static const OPT_PAIR doit_choices[] = {
     {"rmd160", D_RMD160},
     {"ripemd160", D_RMD160},
 #endif
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     {"rc4", D_RC4},
 #endif
 #ifndef OPENSSL_NO_DES
@@ -712,7 +712,7 @@ static int EVP_Digest_RMD160_loop(void *args)
 }
 #endif
 
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 static RC4_KEY rc4_ks;
 static int RC4_loop(void *args)
 {
@@ -1973,7 +1973,7 @@ int speed_main(int argc, char **argv)
     if (doit[D_CBC_SEED])
         SEED_set_key(key16, &seed_ks);
 #endif
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_RC4])
         RC4_set_key(&rc4_ks, 16, key16);
 #endif
@@ -2379,7 +2379,7 @@ int speed_main(int argc, char **argv)
         }
     }
 #endif
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_RC4]) {
         for (testnum = 0; testnum < size_num; testnum++) {
             print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum],
@@ -3492,7 +3492,7 @@ int speed_main(int argc, char **argv)
 #if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
         printf("%s ", MD2_options());
 #endif
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0)
         printf("%s ", RC4_options());
 #endif
 #ifndef OPENSSL_NO_DES
index 09d903d..deb9133 100644 (file)
@@ -18,9 +18,6 @@
 #ifndef OPENSSL_NO_MD2
 # include <openssl/md2.h>
 #endif
-#ifndef OPENSSL_NO_RC4
-# include <openssl/rc4.h>
-#endif
 #ifndef OPENSSL_NO_DES
 # include <openssl/des.h>
 #endif
@@ -129,9 +126,6 @@ opthelp:
     if (options) {
         printf("options: ");
         printf(" %s", BN_options());
-#ifndef OPENSSL_NO_RC4
-        printf(" %s", RC4_options());
-#endif
 #ifndef OPENSSL_NO_DES
         printf(" %s", DES_options());
 #endif
index b5c0878..704268a 100644 (file)
@@ -8,6 +8,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
index 092d6cf..f75e2d7 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 
index f016821..fa838bf 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <internal/cryptlib.h>
 #include <openssl/opensslconf.h>
 
index c4753d9..8479091 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc4.h>
 #include "rc4_local.h"
 
index 42c4a20..e9d60ca 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc4.h>
 #include "rc4_local.h"
 #include <openssl/opensslv.h>
index 22c7686..98ba8d8 100644 (file)
 extern "C" {
 #  endif
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef struct rc4_key_st {
     RC4_INT x, y;
     RC4_INT data[256];
 } RC4_KEY;
+#  endif
 
-const char *RC4_options(void);
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
-         unsigned char *outdata);
+DEPRECATEDIN_3_0(const char *RC4_options(void))
+DEPRECATEDIN_3_0(void RC4_set_key(RC4_KEY *key, int len,
+                                  const unsigned char *data))
+DEPRECATEDIN_3_0(void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+                          unsigned char *outdata))
 
 #  ifdef  __cplusplus
 }
index baf34f7..5e61128 100644 (file)
@@ -9,6 +9,12 @@
 
 /* Dispatch functions for RC4 ciphers */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_rc4.h"
 #include "prov/implementations.h"
 
index e7736bb..876c81d 100644 (file)
@@ -9,6 +9,12 @@
 
 /* Dispatch functions for RC4_HMAC_MD5 cipher */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_rc4_hmac_md5.h"
 #include "prov/implementations.h"
 #include "prov/providercommonerr.h"
index d3098b1..767a1e3 100644 (file)
@@ -9,6 +9,12 @@
 
 /* RC4_HMAC_MD5 cipher implementation */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_rc4_hmac_md5.h"
 
 #define NO_PAYLOAD_LENGTH ((size_t)-1)
index 503a618..865b0aa 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_rc4.h"
 
 static int cipher_hw_rc4_initkey(PROV_CIPHER_CTX *ctx,
index 9b3122b..c504071 100644 (file)
@@ -119,10 +119,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[hmactest]=../include ../apps/include
   DEPEND[hmactest]=../libcrypto libtestutil.a
 
-  SOURCE[rc4test]=rc4test.c
-  INCLUDE[rc4test]=../include ../apps/include
-  DEPEND[rc4test]=../libcrypto libtestutil.a
-
   SOURCE[rc5test]=rc5test.c
   INCLUDE[rc5test]=../include ../apps/include
   DEPEND[rc5test]=../libcrypto libtestutil.a
@@ -593,6 +589,10 @@ IF[{- !$disabled{tests} -}]
     INCLUDE[rc2test]=../include ../apps/include
     DEPEND[rc2test]=../libcrypto.a libtestutil.a
 
+    SOURCE[rc4test]=rc4test.c
+    INCLUDE[rc4test]=../include ../apps/include
+    DEPEND[rc4test]=../libcrypto.a libtestutil.a
+
     SOURCE[ec_internal_test]=ec_internal_test.c
     INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include ../crypto/include
     DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
index 34ec2e0..ed0bef5 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC4 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 
 #include "internal/nelem.h"
index 827ce5e..926ab06 100644 (file)
@@ -341,7 +341,7 @@ OPENSSL_sk_sort                         346 3_0_0   EXIST::FUNCTION:
 CTLOG_STORE_load_file                   347    3_0_0   EXIST::FUNCTION:CT
 ASN1_SEQUENCE_it                        348    3_0_0   EXIST::FUNCTION:
 TS_RESP_CTX_get_tst_info                349    3_0_0   EXIST::FUNCTION:TS
-RC4                                     350    3_0_0   EXIST::FUNCTION:RC4
+RC4                                     350    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4
 PKCS7_stream                            352    3_0_0   EXIST::FUNCTION:
 i2t_ASN1_OBJECT                         353    3_0_0   EXIST::FUNCTION:
 EC_GROUP_get0_generator                 354    3_0_0   EXIST::FUNCTION:EC
@@ -778,7 +778,7 @@ PKCS7_dataInit                          797 3_0_0   EXIST::FUNCTION:
 EVP_PKEY_CTX_set_app_data               798    3_0_0   EXIST::FUNCTION:
 a2i_GENERAL_NAME                        799    3_0_0   EXIST::FUNCTION:
 SXNETID_new                             800    3_0_0   EXIST::FUNCTION:
-RC4_options                             801    3_0_0   EXIST::FUNCTION:RC4
+RC4_options                             801    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4
 BIO_f_null                              802    3_0_0   EXIST::FUNCTION:
 EC_GROUP_set_curve_name                 803    3_0_0   EXIST::FUNCTION:EC
 d2i_PBE2PARAM                           804    3_0_0   EXIST::FUNCTION:
@@ -2960,7 +2960,7 @@ ASN1_TYPE_unpack_sequence               3024      3_0_0   EXIST::FUNCTION:
 X509_CRL_sign_ctx                       3025   3_0_0   EXIST::FUNCTION:
 X509_STORE_add_crl                      3026   3_0_0   EXIST::FUNCTION:
 PEM_write_RSAPrivateKey                 3027   3_0_0   EXIST::FUNCTION:RSA,STDIO
-RC4_set_key                             3028   3_0_0   EXIST::FUNCTION:RC4
+RC4_set_key                             3028   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC4
 EVP_CIPHER_CTX_cipher                   3029   3_0_0   EXIST::FUNCTION:
 PEM_write_bio_PKCS8PrivateKey_nid       3030   3_0_0   EXIST::FUNCTION:
 BN_MONT_CTX_new                         3031   3_0_0   EXIST::FUNCTION: