Deprecate the low level IDEA functions.
authorPauli <paul.dale@oracle.com>
Mon, 13 Jan 2020 03:02:45 +0000 (13:02 +1000)
committerPauli <paul.dale@oracle.com>
Sun, 19 Jan 2020 00:38:49 +0000 (10:38 +1000)
Use of the low level IDEA functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10819)

14 files changed:
apps/speed.c
apps/version.c
crypto/evp/e_idea.c
crypto/idea/i_cbc.c
crypto/idea/i_cfb64.c
crypto/idea/i_ecb.c
crypto/idea/i_ofb64.c
crypto/idea/i_skey.c
include/openssl/idea.h
providers/implementations/ciphers/cipher_idea.c
providers/implementations/ciphers/cipher_idea_hw.c
test/build.info
test/ideatest.c
util/libcrypto.num

index dd07527..4883fe0 100644 (file)
@@ -378,7 +378,7 @@ static const OPT_PAIR doit_choices[] = {
     {"rc5-cbc", D_CBC_RC5},
     {"rc5", D_CBC_RC5},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     {"idea-cbc", D_CBC_IDEA},
     {"idea", D_CBC_IDEA},
 #endif
@@ -1459,7 +1459,7 @@ int speed_main(int argc, char **argv)
 #if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     RC2_KEY rc2_ks;
 #endif
-#ifndef OPENSSL_NO_IDEA
+#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     IDEA_KEY_SCHEDULE idea_ks;
 #endif
 #if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@@ -1969,7 +1969,7 @@ int speed_main(int argc, char **argv)
         Camellia_set_key(key32, 256, &camellia_ks[2]);
     }
 #endif
-#ifndef OPENSSL_NO_IDEA
+#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_CBC_IDEA])
         IDEA_set_encrypt_key(key16, &idea_ks);
 #endif
@@ -2571,7 +2571,7 @@ int speed_main(int argc, char **argv)
         }
     }
 #endif
-#ifndef OPENSSL_NO_IDEA
+#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_CBC_IDEA]) {
         if (async_jobs > 0) {
             BIO_printf(bio_err, "Async mode is not supported with %s\n",
@@ -3507,7 +3507,7 @@ int speed_main(int argc, char **argv)
 #ifndef OPENSSL_NO_DEPRECATED_3_0
         printf("%s ", AES_options());
 #endif
-#ifndef OPENSSL_NO_IDEA
+#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
         printf("%s ", IDEA_options());
 #endif
 #if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
index deb9133..513bbc8 100644 (file)
 #include <openssl/evp.h>
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_MD2
-# include <openssl/md2.h>
-#endif
 #ifndef OPENSSL_NO_DES
 # include <openssl/des.h>
 #endif
-#ifndef OPENSSL_NO_IDEA
-# include <openssl/idea.h>
-#endif
-#ifndef OPENSSL_NO_BF
-# include <openssl/blowfish.h>
-#endif
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -128,9 +119,6 @@ opthelp:
         printf(" %s", BN_options());
 #ifndef OPENSSL_NO_DES
         printf(" %s", DES_options());
-#endif
-#ifndef OPENSSL_NO_IDEA
-        printf(" %s", IDEA_options());
 #endif
         printf("\n");
     }
index 8c3a554..9717020 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 
index a78841f..987ba05 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/idea.h>
 #include "idea_local.h"
 
index 45c15b9..50784f9 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/idea.h>
 #include "idea_local.h"
 
index 9fee121..74cb35a 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/idea.h>
 #include "idea_local.h"
 #include <openssl/opensslv.h>
index 517ded7..bca1999 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/idea.h>
 #include "idea_local.h"
 
index 0b0221b..36bc2c9 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/idea.h>
 #include "idea_local.h"
 
index a0a0cee..a651ee2 100644 (file)
 extern "C" {
 #  endif
 
-typedef unsigned int IDEA_INT;
-
-#  define IDEA_ENCRYPT    1
-#  define IDEA_DECRYPT    0
-
 #  define IDEA_BLOCK      8
 #  define IDEA_KEY_LENGTH 16
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+
+typedef unsigned int IDEA_INT;
+
+#   define IDEA_ENCRYPT    1
+#   define IDEA_DECRYPT    0
+
 typedef struct idea_key_st {
     IDEA_INT data[9][6];
 } IDEA_KEY_SCHEDULE;
+#endif
 
-const char *IDEA_options(void);
-void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                      IDEA_KEY_SCHEDULE *ks);
-void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                      int enc);
-void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                        int *num, int enc);
-void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-                        int *num);
-void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+DEPRECATEDIN_3_0(const char *IDEA_options(void))
+DEPRECATEDIN_3_0(void IDEA_ecb_encrypt(const unsigned char *in,
+                                       unsigned char *out,
+                                       IDEA_KEY_SCHEDULE *ks))
+DEPRECATEDIN_3_0(void IDEA_set_encrypt_key(const unsigned char *key,
+                                           IDEA_KEY_SCHEDULE *ks))
+DEPRECATEDIN_3_0(void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek,
+                                           IDEA_KEY_SCHEDULE *dk))
+DEPRECATEDIN_3_0(void IDEA_cbc_encrypt(const unsigned char *in,
+                                       unsigned char *out, long length,
+                                       IDEA_KEY_SCHEDULE *ks,
+                                       unsigned char *iv, int enc))
+DEPRECATEDIN_3_0(void IDEA_cfb64_encrypt(const unsigned char *in,
+                                         unsigned char *out, long length,
+                                         IDEA_KEY_SCHEDULE *ks,
+                                         unsigned char *iv, int *num, int enc))
+DEPRECATEDIN_3_0(void IDEA_ofb64_encrypt(const unsigned char *in,
+                                         unsigned char *out, long length,
+                                         IDEA_KEY_SCHEDULE *ks,
+                                         unsigned char *iv, int *num))
+DEPRECATEDIN_3_0(void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks))
 
 #  ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #   define idea_options          IDEA_options
index 5602655..2c08963 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 /* Dispatch functions for Idea cipher modes ecb, cbc, ofb, cfb */
 
 #include "cipher_idea.h"
index d722cc7..7718791 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_idea.h"
 
 static int cipher_hw_idea_initkey(PROV_CIPHER_CTX *ctx,
index 837dbba..cf03ce4 100644 (file)
@@ -32,7 +32,7 @@ IF[{- !$disabled{tests} -}]
           versions \
           aborttest test_test \
           sanitytest rsa_complex exdatatest bntest \
-          ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
+          ectest ecstresstest ecdsatest gmdifftest pbelutest \
           hmactest \
           destest mdc2test \
           dhtest enginetest \
@@ -110,10 +110,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[pbelutest]=../include ../apps/include
   DEPEND[pbelutest]=../libcrypto libtestutil.a
 
-  SOURCE[ideatest]=ideatest.c
-  INCLUDE[ideatest]=../include ../apps/include
-  DEPEND[ideatest]=../libcrypto libtestutil.a
-
   SOURCE[hmactest]=hmactest.c
   INCLUDE[hmactest]=../include ../apps/include
   DEPEND[hmactest]=../libcrypto libtestutil.a
@@ -505,7 +501,7 @@ IF[{- !$disabled{tests} -}]
   IF[1]
     PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \
                      tls13encryptiontest wpackettest ctype_internal_test \
-                     rdrand_sanitytest property_test \
+                     rdrand_sanitytest property_test ideatest \
                      rsa_sp800_56b_test bn_internal_test \
                      rc2test rc4test rc5test \
                      asn1_dsa_internal_test
@@ -553,6 +549,10 @@ IF[{- !$disabled{tests} -}]
     INCLUDE[tls13encryptiontest]=.. ../include ../apps/include
     DEPEND[tls13encryptiontest]=../libcrypto ../libssl.a libtestutil.a
 
+    SOURCE[ideatest]=ideatest.c
+    INCLUDE[ideatest]=../include ../apps/include
+    DEPEND[ideatest]=../libcrypto.a libtestutil.a
+
     SOURCE[wpackettest]=wpackettest.c
     INCLUDE[wpackettest]=../include ../apps/include
     DEPEND[wpackettest]=../libcrypto ../libssl.a libtestutil.a
index e572984..2ef5a49 100644 (file)
@@ -7,6 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * IDEA low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 
 #include "internal/nelem.h"
index 2d034af..c1f3978 100644 (file)
@@ -140,7 +140,7 @@ PKCS12_BAGS_new                         142 3_0_0   EXIST::FUNCTION:
 CMAC_CTX_new                            143    3_0_0   EXIST::FUNCTION:CMAC
 ASIdentifierChoice_new                  144    3_0_0   EXIST::FUNCTION:RFC3779
 EVP_PKEY_asn1_set_public                145    3_0_0   EXIST::FUNCTION:
-IDEA_set_decrypt_key                    146    3_0_0   EXIST::FUNCTION:IDEA
+IDEA_set_decrypt_key                    146    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 X509_STORE_CTX_set_flags                147    3_0_0   EXIST::FUNCTION:
 BIO_ADDR_rawmake                        148    3_0_0   EXIST::FUNCTION:SOCK
 EVP_PKEY_asn1_set_ctrl                  149    3_0_0   EXIST::FUNCTION:
@@ -642,7 +642,7 @@ PEM_SignInit                            658 3_0_0   EXIST::FUNCTION:
 EVP_CIPHER_CTX_set_key_length           659    3_0_0   EXIST::FUNCTION:
 X509_delete_ext                         660    3_0_0   EXIST::FUNCTION:
 OCSP_resp_get0_produced_at              661    3_0_0   EXIST::FUNCTION:OCSP
-IDEA_encrypt                            662    3_0_0   EXIST::FUNCTION:IDEA
+IDEA_encrypt                            662    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 CRYPTO_nistcts128_encrypt_block         663    3_0_0   EXIST::FUNCTION:
 EVP_MD_do_all                           664    3_0_0   EXIST::FUNCTION:
 EC_KEY_oct2priv                         665    3_0_0   EXIST::FUNCTION:EC
@@ -954,7 +954,7 @@ BN_is_bit_set                           978 3_0_0   EXIST::FUNCTION:
 AES_ofb128_encrypt                      979    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_STORE_add_lookup                   980    3_0_0   EXIST::FUNCTION:
 ASN1_GENERALSTRING_new                  981    3_0_0   EXIST::FUNCTION:
-IDEA_options                            982    3_0_0   EXIST::FUNCTION:IDEA
+IDEA_options                            982    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 d2i_X509_REQ                            983    3_0_0   EXIST::FUNCTION:
 i2d_TS_STATUS_INFO                      984    3_0_0   EXIST::FUNCTION:TS
 X509_PURPOSE_get_by_id                  985    3_0_0   EXIST::FUNCTION:
@@ -1844,7 +1844,7 @@ X509_STORE_CTX_set0_trusted_stack       1886      3_0_0   EXIST::FUNCTION:
 BIO_ADDR_service_string                 1887   3_0_0   EXIST::FUNCTION:SOCK
 ASN1_BOOLEAN_it                         1888   3_0_0   EXIST::FUNCTION:
 TS_RESP_CTX_set_time_cb                 1889   3_0_0   EXIST::FUNCTION:TS
-IDEA_cbc_encrypt                        1890   3_0_0   EXIST::FUNCTION:IDEA
+IDEA_cbc_encrypt                        1890   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 BN_CTX_secure_new                       1891   3_0_0   EXIST::FUNCTION:
 OCSP_ONEREQ_add_ext                     1892   3_0_0   EXIST::FUNCTION:OCSP
 CMS_uncompress                          1893   3_0_0   EXIST::FUNCTION:CMS
@@ -2448,7 +2448,7 @@ BIO_f_zlib                              2498      3_0_0   EXIST::FUNCTION:COMP,ZLIB
 AES_cfb128_encrypt                      2499   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
 ENGINE_set_EC                           2500   3_0_0   EXIST::FUNCTION:ENGINE
 d2i_ECPKParameters                      2501   3_0_0   EXIST::FUNCTION:EC
-IDEA_ofb64_encrypt                      2502   3_0_0   EXIST::FUNCTION:IDEA
+IDEA_ofb64_encrypt                      2502   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 CAST_decrypt                            2503   3_0_0   EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
 TS_STATUS_INFO_get0_failure_info        2504   3_0_0   EXIST::FUNCTION:TS
 ENGINE_unregister_pkey_meths            2506   3_0_0   EXIST::FUNCTION:ENGINE
@@ -2531,7 +2531,7 @@ ENGINE_load_ssl_client_cert             2584      3_0_0   EXIST::FUNCTION:ENGINE
 X509_STORE_CTX_set_verify_cb            2585   3_0_0   EXIST::FUNCTION:
 CRYPTO_clear_realloc                    2586   3_0_0   EXIST::FUNCTION:
 OPENSSL_strnlen                         2587   3_0_0   EXIST::FUNCTION:
-IDEA_ecb_encrypt                        2588   3_0_0   EXIST::FUNCTION:IDEA
+IDEA_ecb_encrypt                        2588   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 ASN1_STRING_set_default_mask            2589   3_0_0   EXIST::FUNCTION:
 TS_VERIFY_CTX_add_flags                 2590   3_0_0   EXIST::FUNCTION:TS
 FIPS_mode                               2591   3_0_0   EXIST::FUNCTION:
@@ -3102,7 +3102,7 @@ a2i_ASN1_INTEGER                        3166      3_0_0   EXIST::FUNCTION:
 OCSP_sendreq_bio                        3167   3_0_0   EXIST::FUNCTION:OCSP
 PKCS12_SAFEBAG_create_crl               3168   3_0_0   EXIST::FUNCTION:
 d2i_X509_NAME                           3169   3_0_0   EXIST::FUNCTION:
-IDEA_cfb64_encrypt                      3170   3_0_0   EXIST::FUNCTION:IDEA
+IDEA_cfb64_encrypt                      3170   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 BN_mod_sub                              3171   3_0_0   EXIST::FUNCTION:
 ASN1_NULL_new                           3172   3_0_0   EXIST::FUNCTION:
 HMAC_Init                               3173   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_1_1_0
@@ -3129,7 +3129,7 @@ OCSP_request_verify                     3194      3_0_0   EXIST::FUNCTION:OCSP
 CRYPTO_THREAD_run_once                  3195   3_0_0   EXIST::FUNCTION:
 TS_REQ_print_bio                        3196   3_0_0   EXIST::FUNCTION:TS
 SCT_get_version                         3197   3_0_0   EXIST::FUNCTION:CT
-IDEA_set_encrypt_key                    3198   3_0_0   EXIST::FUNCTION:IDEA
+IDEA_set_encrypt_key                    3198   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 ENGINE_get_DH                           3199   3_0_0   EXIST::FUNCTION:ENGINE
 i2d_ASIdentifierChoice                  3200   3_0_0   EXIST::FUNCTION:RFC3779
 SRP_Calc_A                              3201   3_0_0   EXIST::FUNCTION:SRP