From 33ee9ae059ac6f0ce1871da96116c6d582ec524b Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 9 Jan 2020 11:18:58 +1000 Subject: [PATCH] Deprecate the low level MDC2 functions. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10790) --- apps/speed.c | 6 +++--- crypto/evp/legacy_mdc2.c | 6 ++++++ crypto/mdc2/build.info | 11 +++++++++-- crypto/mdc2/mdc2_one.c | 6 ++++++ crypto/mdc2/mdc2dgst.c | 6 ++++++ doc/man3/MDC2_Init.pod | 12 ++++++++++++ include/openssl/mdc2.h | 16 +++++++++++----- providers/implementations/digests/mdc2_prov.c | 6 ++++++ test/build.info | 14 +++++++------- test/mdc2_internal_test.c | 6 ++++++ test/mdc2test.c | 6 ++++++ util/libcrypto.num | 8 ++++---- 12 files changed, 82 insertions(+), 21 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 9dcf177e01..8d3b91aaa1 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -332,7 +332,7 @@ static const OPT_PAIR doit_choices[] = { #if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"md2", D_MD2}, #endif -#ifndef OPENSSL_NO_MDC2 +#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"mdc2", D_MDC2}, #endif #if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -587,7 +587,7 @@ static int EVP_Digest_MD2_loop(void *args) } #endif -#ifndef OPENSSL_NO_MDC2 +#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) static int EVP_Digest_MDC2_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -2253,7 +2253,7 @@ int speed_main(int argc, char **argv) } } #endif -#ifndef OPENSSL_NO_MDC2 +#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_MDC2]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum], diff --git a/crypto/evp/legacy_mdc2.c b/crypto/evp/legacy_mdc2.c index 9144a5715c..9499db78e5 100644 --- a/crypto/evp/legacy_mdc2.c +++ b/crypto/evp/legacy_mdc2.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MDC2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "crypto/evp.h" #include "legacy_meth.h" diff --git a/crypto/mdc2/build.info b/crypto/mdc2/build.info index 8fe6878d60..54df262514 100644 --- a/crypto/mdc2/build.info +++ b/crypto/mdc2/build.info @@ -1,3 +1,10 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - mdc2dgst.c mdc2_one.c + +SOURCE[../../libcrypto]=mdc2dgst.c mdc2_one.c + +# When all deprecated symbols are removed, libcrypto doesn't export the +# MDC2 functions, so we must include them directly in liblegacy.a +IF[{- $disabled{"deprecated"} + && (defined $config{"api"} && $config{"api"} >= 30000) -}] + SOURCE[../../providers/liblegacy.a]=mdc2dgst.c mdc2_one.c +ENDIF diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c index 7b80bac50e..c8bfdcc9d6 100644 --- a/crypto/mdc2/mdc2_one.c +++ b/crypto/mdc2/mdc2_one.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 46142f11d2..8893be16e4 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/doc/man3/MDC2_Init.pod b/doc/man3/MDC2_Init.pod index 4ffbf931c0..1427759d3f 100644 --- a/doc/man3/MDC2_Init.pod +++ b/doc/man3/MDC2_Init.pod @@ -8,6 +8,10 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md); @@ -18,6 +22,10 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use L, L +and L. + MDC2 is a method to construct hash functions with 128 bit output from block ciphers. These functions are an implementation of MDC2 with DES. @@ -56,6 +64,10 @@ ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher. L +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h index b524f66a47..06ab411c8f 100644 --- a/include/openssl/mdc2.h +++ b/include/openssl/mdc2.h @@ -25,20 +25,26 @@ extern "C" { # endif -# define MDC2_BLOCK 8 # define MDC2_DIGEST_LENGTH 16 +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define MDC2_BLOCK 8 + typedef struct mdc2_ctx_st { unsigned int num; unsigned char data[MDC2_BLOCK]; DES_cblock h, hh; unsigned int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; +# endif -int MDC2_Init(MDC2_CTX *c); -int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); -int MDC2_Final(unsigned char *md, MDC2_CTX *c); -unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); +DEPRECATEDIN_3_0(int MDC2_Init(MDC2_CTX *c)) +DEPRECATEDIN_3_0(int MDC2_Update(MDC2_CTX *c, const unsigned char *data, + size_t len)) +DEPRECATEDIN_3_0(int MDC2_Final(unsigned char *md, MDC2_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MDC2(const unsigned char *d, size_t n, + unsigned char *md)) # ifdef __cplusplus } diff --git a/providers/implementations/digests/mdc2_prov.c b/providers/implementations/digests/mdc2_prov.c index 4a7d3a43ab..c3e19af9e1 100644 --- a/providers/implementations/digests/mdc2_prov.c +++ b/providers/implementations/digests/mdc2_prov.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MDC2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/test/build.info b/test/build.info index 1d59dd9bb6..de618b51d9 100644 --- a/test/build.info +++ b/test/build.info @@ -624,15 +624,15 @@ IF[{- !$disabled{tests} -}] SOURCE[keymgmt_internal_test]=keymgmt_internal_test.c INCLUDE[keymgmt_internal_test]=.. ../include ../apps/include DEPEND[keymgmt_internal_test]=../libcrypto.a libtestutil.a - ENDIF - IF[{- !$disabled{mdc2} -}] - PROGRAMS{noinst}=mdc2_internal_test - ENDIF + IF[{- !$disabled{mdc2} -}] + PROGRAMS{noinst}=mdc2_internal_test + ENDIF - SOURCE[mdc2_internal_test]=mdc2_internal_test.c - INCLUDE[mdc2_internal_test]=.. ../include ../apps/include - DEPEND[mdc2_internal_test]=../libcrypto libtestutil.a + SOURCE[mdc2_internal_test]=mdc2_internal_test.c + INCLUDE[mdc2_internal_test]=.. ../include ../apps/include + DEPEND[mdc2_internal_test]=../libcrypto.a libtestutil.a + ENDIF PROGRAMS{noinst}=asn1_time_test SOURCE[asn1_time_test]=asn1_time_test.c diff --git a/test/mdc2_internal_test.c b/test/mdc2_internal_test.c index 38b5f34957..0e32331f24 100644 --- a/test/mdc2_internal_test.c +++ b/test/mdc2_internal_test.c @@ -9,6 +9,12 @@ /* Internal tests for the mdc2 module */ +/* + * MDC2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include diff --git a/test/mdc2test.c b/test/mdc2test.c index f8c492297e..25cf5a7317 100644 --- a/test/mdc2test.c +++ b/test/mdc2test.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MDC2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/util/libcrypto.num b/util/libcrypto.num index 6cbae39617..7884305a4d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -237,7 +237,7 @@ SEED_set_key 241 3_0_0 EXIST::FUNCTION:SEED EC_KEY_clear_flags 242 3_0_0 EXIST::FUNCTION:EC CMS_RecipientInfo_ktri_get0_algs 243 3_0_0 EXIST::FUNCTION:CMS i2d_EC_PUBKEY 244 3_0_0 EXIST::FUNCTION:EC -MDC2 245 3_0_0 EXIST::FUNCTION:MDC2 +MDC2 245 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 BN_clear_free 246 3_0_0 EXIST::FUNCTION: ENGINE_get_pkey_asn1_meths 247 3_0_0 EXIST::FUNCTION:ENGINE DSO_merge 248 3_0_0 EXIST::FUNCTION: @@ -1112,7 +1112,7 @@ X509_set_issuer_name 1138 3_0_0 EXIST::FUNCTION: RSA_new 1139 3_0_0 EXIST::FUNCTION:RSA ASN1_STRING_set_by_NID 1140 3_0_0 EXIST::FUNCTION: PEM_write_bio_PKCS7 1141 3_0_0 EXIST::FUNCTION: -MDC2_Final 1142 3_0_0 EXIST::FUNCTION:MDC2 +MDC2_Final 1142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 SMIME_crlf_copy 1143 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 1144 3_0_0 EXIST::FUNCTION:OCSP OCSP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION:OCSP @@ -1184,7 +1184,7 @@ X509_policy_tree_free 1210 3_0_0 EXIST::FUNCTION: EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:EC X509_it 1212 3_0_0 EXIST::FUNCTION: d2i_PROXY_POLICY 1213 3_0_0 EXIST::FUNCTION: -MDC2_Update 1214 3_0_0 EXIST::FUNCTION:MDC2 +MDC2_Update 1214 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 EC_KEY_new_by_curve_name 1215 3_0_0 EXIST::FUNCTION:EC X509_CRL_free 1216 3_0_0 EXIST::FUNCTION: i2d_PKCS7_SIGN_ENVELOPE 1217 3_0_0 EXIST::FUNCTION: @@ -2025,7 +2025,7 @@ BIO_new_CMS 2071 3_0_0 EXIST::FUNCTION:CMS i2d_ASN1_ENUMERATED 2072 3_0_0 EXIST::FUNCTION: PEM_read_DSAparams 2073 3_0_0 EXIST::FUNCTION:DSA,STDIO TS_TST_INFO_set_ordering 2074 3_0_0 EXIST::FUNCTION:TS -MDC2_Init 2075 3_0_0 EXIST::FUNCTION:MDC2 +MDC2_Init 2075 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 i2o_SCT 2076 3_0_0 EXIST::FUNCTION:CT d2i_TS_STATUS_INFO 2077 3_0_0 EXIST::FUNCTION:TS ERR_error_string_n 2078 3_0_0 EXIST::FUNCTION: