Deprecate the low level RC2 functions
authorPauli <paul.dale@oracle.com>
Mon, 13 Jan 2020 23:15:18 +0000 (09:15 +1000)
committerPauli <paul.dale@oracle.com>
Wed, 15 Jan 2020 21:07:27 +0000 (07:07 +1000)
Use of the low level RC2 functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10834)

13 files changed:
apps/speed.c
crypto/evp/e_rc2.c
crypto/rc2/rc2_cbc.c
crypto/rc2/rc2_ecb.c
crypto/rc2/rc2_skey.c
crypto/rc2/rc2cfb64.c
crypto/rc2/rc2ofb64.c
include/openssl/rc2.h
providers/implementations/ciphers/cipher_rc2.c
providers/implementations/ciphers/cipher_rc2_hw.c
test/build.info
test/rc2test.c
util/libcrypto.num

index ef14ad6..ae02393 100644 (file)
@@ -368,7 +368,7 @@ static const OPT_PAIR doit_choices[] = {
     {"aes-192-ige", D_IGE_192_AES},
     {"aes-256-ige", D_IGE_256_AES},
 #endif
-#ifndef OPENSSL_NO_RC2
+#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     {"rc2-cbc", D_CBC_RC2},
     {"rc2", D_CBC_RC2},
 #endif
@@ -1452,7 +1452,7 @@ int speed_main(int argc, char **argv)
 #ifndef OPENSSL_NO_RC5
     RC5_32_KEY rc5_ks;
 #endif
-#ifndef OPENSSL_NO_RC2
+#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     RC2_KEY rc2_ks;
 #endif
 #ifndef OPENSSL_NO_IDEA
@@ -1977,7 +1977,7 @@ int speed_main(int argc, char **argv)
     if (doit[D_RC4])
         RC4_set_key(&rc4_ks, 16, key16);
 #endif
-#ifndef OPENSSL_NO_RC2
+#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_CBC_RC2])
         RC2_set_key(&rc2_ks, 16, key16, 128);
 #endif
@@ -2604,7 +2604,7 @@ int speed_main(int argc, char **argv)
         }
     }
 #endif
-#ifndef OPENSSL_NO_RC2
+#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_CBC_RC2]) {
         if (async_jobs > 0) {
             BIO_printf(bio_err, "Async mode is not supported with %s\n",
index d2201b0..a3c09c8 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 
index 58a4b3e..acfd4fd 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc2.h>
 #include "rc2_local.h"
 
index fec2c10..da086e6 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc2.h>
 #include "rc2_local.h"
 #include <openssl/opensslv.h>
index 33068d4..542ce0f 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc2.h>
 #include "rc2_local.h"
 
index 9b85368..298be79 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc2.h>
 #include "rc2_local.h"
 
index 4270009..097f8be 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/rc2.h>
 #include "rc2_local.h"
 
index 0e92df3..2c63c75 100644 (file)
 extern "C" {
 #  endif
 
-typedef unsigned int RC2_INT;
-
-#  define RC2_ENCRYPT     1
-#  define RC2_DECRYPT     0
-
 #  define RC2_BLOCK       8
 #  define RC2_KEY_LENGTH  16
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+typedef unsigned int RC2_INT;
+
+#   define RC2_ENCRYPT     1
+#   define RC2_DECRYPT     0
+
 typedef struct rc2_key_st {
     RC2_INT data[64];
 } RC2_KEY;
+#  endif
 
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                     RC2_KEY *key, int enc);
-void RC2_encrypt(unsigned long *data, RC2_KEY *key);
-void RC2_decrypt(unsigned long *data, RC2_KEY *key);
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                     RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, RC2_KEY *schedule, unsigned char *ivec,
-                       int *num, int enc);
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                       long length, RC2_KEY *schedule, unsigned char *ivec,
-                       int *num);
+DEPRECATEDIN_3_0(void RC2_set_key(RC2_KEY *key, int len,
+                                  const unsigned char *data, int bits))
+DEPRECATEDIN_3_0(void RC2_ecb_encrypt(const unsigned char *in,
+                                      unsigned char *out, RC2_KEY *key,
+                                      int enc))
+DEPRECATEDIN_3_0(void RC2_encrypt(unsigned long *data, RC2_KEY *key))
+DEPRECATEDIN_3_0(void RC2_decrypt(unsigned long *data, RC2_KEY *key))
+DEPRECATEDIN_3_0(void RC2_cbc_encrypt(const unsigned char *in,
+                                      unsigned char *out, long length,
+                                      RC2_KEY *ks, unsigned char *iv, int enc))
+DEPRECATEDIN_3_0(void RC2_cfb64_encrypt(const unsigned char *in,
+                                        unsigned char *out, long length,
+                                        RC2_KEY *schedule, unsigned char *ivec,
+                                        int *num, int enc))
+DEPRECATEDIN_3_0(void RC2_ofb64_encrypt(const unsigned char *in,
+                                        unsigned char *out, long length,
+                                        RC2_KEY *schedule, unsigned char *ivec,
+                                        int *num))
 
 #  ifdef  __cplusplus
 }
index 604c7ed..c773407 100644 (file)
@@ -9,6 +9,12 @@
 
 /* Dispatch functions for RC2 cipher modes ecb, cbc, ofb, cfb */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_rc2.h"
 #include "prov/implementations.h"
 #include "prov/providercommonerr.h"
index 83d7560..5f0d576 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_rc2.h"
 
 static int cipher_hw_rc2_initkey(PROV_CIPHER_CTX *ctx,
index d8e3901..9b3122b 100644 (file)
@@ -119,10 +119,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[hmactest]=../include ../apps/include
   DEPEND[hmactest]=../libcrypto libtestutil.a
 
-  SOURCE[rc2test]=rc2test.c
-  INCLUDE[rc2test]=../include ../apps/include
-  DEPEND[rc2test]=../libcrypto libtestutil.a
-
   SOURCE[rc4test]=rc4test.c
   INCLUDE[rc4test]=../include ../apps/include
   DEPEND[rc4test]=../libcrypto libtestutil.a
@@ -593,6 +589,10 @@ IF[{- !$disabled{tests} -}]
     INCLUDE[sm4_internal_test]=.. ../include ../apps/include ../crypto/include
     DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a
 
+    SOURCE[rc2test]=rc2test.c
+    INCLUDE[rc2test]=../include ../apps/include
+    DEPEND[rc2test]=../libcrypto.a libtestutil.a
+
     SOURCE[ec_internal_test]=ec_internal_test.c
     INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include ../crypto/include
     DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
index 9ebc9ec..7b96509 100644 (file)
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RC2 low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "internal/nelem.h"
 #include "testutil.h"
 
index 4484b36..827ce5e 100644 (file)
@@ -251,7 +251,7 @@ SXNET_new                               255 3_0_0   EXIST::FUNCTION:
 EVP_camellia_256_ctr                    256    3_0_0   EXIST::FUNCTION:CAMELLIA
 d2i_PKCS8_PRIV_KEY_INFO                 257    3_0_0   EXIST::FUNCTION:
 EVP_md2                                 259    3_0_0   EXIST::FUNCTION:MD2
-RC2_ecb_encrypt                         260    3_0_0   EXIST::FUNCTION:RC2
+RC2_ecb_encrypt                         260    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 ENGINE_register_DH                      261    3_0_0   EXIST::FUNCTION:ENGINE
 ASN1_NULL_free                          262    3_0_0   EXIST::FUNCTION:
 EC_KEY_copy                             263    3_0_0   EXIST::FUNCTION:EC
@@ -604,7 +604,7 @@ X509at_get_attr                         618 3_0_0   EXIST::FUNCTION:
 X509_PUBKEY_it                          619    3_0_0   EXIST::FUNCTION:
 DES_ede3_ofb64_encrypt                  620    3_0_0   EXIST::FUNCTION:DES
 EC_KEY_METHOD_get_compute_key           621    3_0_0   EXIST::FUNCTION:EC
-RC2_cfb64_encrypt                       622    3_0_0   EXIST::FUNCTION:RC2
+RC2_cfb64_encrypt                       622    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 EVP_EncryptFinal_ex                     623    3_0_0   EXIST::FUNCTION:
 ERR_load_RSA_strings                    624    3_0_0   EXIST::FUNCTION:
 CRYPTO_secure_malloc_done               625    3_0_0   EXIST::FUNCTION:
@@ -1029,7 +1029,7 @@ BN_GF2m_mod_exp                         1055      3_0_0   EXIST::FUNCTION:EC2M
 OPENSSL_buf2hexstr                      1056   3_0_0   EXIST::FUNCTION:
 DES_encrypt2                            1057   3_0_0   EXIST::FUNCTION:DES
 DH_up_ref                               1058   3_0_0   EXIST::FUNCTION:DH
-RC2_ofb64_encrypt                       1059   3_0_0   EXIST::FUNCTION:RC2
+RC2_ofb64_encrypt                       1059   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 PKCS12_pbe_crypt                        1060   3_0_0   EXIST::FUNCTION:
 ASIdentifiers_free                      1061   3_0_0   EXIST::FUNCTION:RFC3779
 X509_VERIFY_PARAM_get0                  1062   3_0_0   EXIST::FUNCTION:
@@ -1097,7 +1097,7 @@ PKCS8_PRIV_KEY_INFO_it                  1123      3_0_0   EXIST::FUNCTION:
 RSA_OAEP_PARAMS_free                    1124   3_0_0   EXIST::FUNCTION:RSA
 ASN1_item_new                           1125   3_0_0   EXIST::FUNCTION:
 CRYPTO_cts128_encrypt                   1126   3_0_0   EXIST::FUNCTION:
-RC2_encrypt                             1127   3_0_0   EXIST::FUNCTION:RC2
+RC2_encrypt                             1127   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 PEM_write                               1128   3_0_0   EXIST::FUNCTION:STDIO
 EVP_CIPHER_meth_get_get_asn1_params     1129   3_0_0   EXIST::FUNCTION:
 i2d_OCSP_RESPBYTES                      1130   3_0_0   EXIST::FUNCTION:OCSP
@@ -1278,7 +1278,7 @@ UI_get_result_maxsize                   1306      3_0_0   EXIST::FUNCTION:
 PBEPARAM_it                             1307   3_0_0   EXIST::FUNCTION:
 TS_ACCURACY_set_seconds                 1308   3_0_0   EXIST::FUNCTION:TS
 UI_get0_action_string                   1309   3_0_0   EXIST::FUNCTION:
-RC2_decrypt                             1310   3_0_0   EXIST::FUNCTION:RC2
+RC2_decrypt                             1310   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 OPENSSL_atexit                          1311   3_0_0   EXIST::FUNCTION:
 CMS_add_standard_smimecap               1312   3_0_0   EXIST::FUNCTION:CMS
 PKCS7_add_attrib_content_type           1313   3_0_0   EXIST::FUNCTION:
@@ -1557,7 +1557,7 @@ UI_get0_output_string                   1591      3_0_0   EXIST::FUNCTION:
 ERR_get_error_line_data                 1592   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
 CTLOG_get0_name                         1593   3_0_0   EXIST::FUNCTION:CT
 ASN1_TBOOLEAN_it                        1594   3_0_0   EXIST::FUNCTION:
-RC2_set_key                             1595   3_0_0   EXIST::FUNCTION:RC2
+RC2_set_key                             1595   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 X509_REVOKED_get_ext_by_NID             1596   3_0_0   EXIST::FUNCTION:
 RSA_padding_add_none                    1597   3_0_0   EXIST::FUNCTION:RSA
 EVP_rc5_32_12_16_cbc                    1599   3_0_0   EXIST::FUNCTION:RC5
@@ -1692,7 +1692,7 @@ CMS_unsigned_get_attr                   1730      3_0_0   EXIST::FUNCTION:CMS
 EVP_aes_256_cbc                         1731   3_0_0   EXIST::FUNCTION:
 X509_check_ip_asc                       1732   3_0_0   EXIST::FUNCTION:
 PEM_write_bio_X509_AUX                  1733   3_0_0   EXIST::FUNCTION:
-RC2_cbc_encrypt                         1734   3_0_0   EXIST::FUNCTION:RC2
+RC2_cbc_encrypt                         1734   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 TS_MSG_IMPRINT_new                      1735   3_0_0   EXIST::FUNCTION:TS
 EVP_ENCODE_CTX_new                      1736   3_0_0   EXIST::FUNCTION:
 BIO_f_base64                            1737   3_0_0   EXIST::FUNCTION: