From 58e1f3d6d4046355df272af0261179bf9999d473 Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 9 Jan 2020 10:16:21 +1000 Subject: [PATCH] Deprecate the low level MD2 functions. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10790) --- apps/speed.c | 8 ++++---- apps/version.c | 3 --- crypto/evp/legacy_md2.c | 6 ++++++ crypto/md2/build.info | 11 ++++++++-- crypto/md2/md2_dgst.c | 6 ++++++ crypto/md2/md2_one.c | 6 ++++++ doc/man3/MD5.pod | 12 +++++++++++ include/openssl/md2.h | 21 ++++++++++++-------- providers/implementations/digests/md2_prov.c | 6 ++++++ test/md2test.c | 6 ++++++ util/libcrypto.num | 10 +++++----- 11 files changed, 73 insertions(+), 22 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index a600116483..244662054c 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -329,7 +329,7 @@ static const char *names[ALGOR_NUM] = { /* list of configured algorithm (remaining), with some few alias */ static const OPT_PAIR doit_choices[] = { -#ifndef OPENSSL_NO_MD2 +#if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"md2", D_MD2}, #endif #ifndef OPENSSL_NO_MDC2 @@ -570,7 +570,7 @@ static unsigned int testnum; /* Nb of iterations to do per algorithm and key-size */ static long c[ALGOR_NUM][SIZE_NUM]; -#ifndef OPENSSL_NO_MD2 +#if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) static int EVP_Digest_MD2_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -2241,7 +2241,7 @@ int speed_main(int argc, char **argv) signal(SIGALRM, alarmed); #endif /* SIGALRM */ -#ifndef OPENSSL_NO_MD2 +#if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_MD2]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum], @@ -3487,7 +3487,7 @@ int speed_main(int argc, char **argv) printf("built on: %s\n", OpenSSL_version(OPENSSL_BUILT_ON)); printf("options:"); printf("%s ", BN_options()); -#ifndef OPENSSL_NO_MD2 +#if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) printf("%s ", MD2_options()); #endif #ifndef OPENSSL_NO_RC4 diff --git a/apps/version.c b/apps/version.c index 694013e110..09d903d844 100644 --- a/apps/version.c +++ b/apps/version.c @@ -129,9 +129,6 @@ opthelp: if (options) { printf("options: "); printf(" %s", BN_options()); -#ifndef OPENSSL_NO_MD2 - printf(" %s", MD2_options()); -#endif #ifndef OPENSSL_NO_RC4 printf(" %s", RC4_options()); #endif diff --git a/crypto/evp/legacy_md2.c b/crypto/evp/legacy_md2.c index 6d2e60539c..ec6e0a5f56 100644 --- a/crypto/evp/legacy_md2.c +++ b/crypto/evp/legacy_md2.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "crypto/evp.h" #include "legacy_meth.h" diff --git a/crypto/md2/build.info b/crypto/md2/build.info index e31948c23f..d682cfa658 100644 --- a/crypto/md2/build.info +++ b/crypto/md2/build.info @@ -1,3 +1,10 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - md2_dgst.c md2_one.c + +SOURCE[../../libcrypto]=md2_dgst.c md2_one.c + +# When all deprecated symbols are removed, libcrypto doesn't export the +# MD2 functions, so we must include them directly in liblegacy.a +IF[{- $disabled{"deprecated"} + && (defined $config{"api"} && $config{"api"} >= 30000) -}] + SOURCE[../../providers/liblegacy.a]=md2_dgst.c md2_one.c +ENDIF diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index 405600fb7e..d852489102 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c index a600802477..9b152ef7ae 100644 --- a/crypto/md2/md2_one.c +++ b/crypto/md2/md2_one.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "internal/cryptlib.h" #include diff --git a/doc/man3/MD5.pod b/doc/man3/MD5.pod index c2e49dd720..ee4569f6de 100644 --- a/doc/man3/MD5.pod +++ b/doc/man3/MD5.pod @@ -9,6 +9,10 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions #include +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); int MD2_Init(MD2_CTX *c); @@ -35,6 +39,10 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions =head1 DESCRIPTION +All of the functions described on this page are deprecated. +Applications should instead use L, L +and L. + MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output. MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest @@ -83,6 +91,10 @@ RFC 1319, RFC 1320, RFC 1321 L +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/md2.h b/include/openssl/md2.h index 6b78997561..21e24c3301 100644 --- a/include/openssl/md2.h +++ b/include/openssl/md2.h @@ -24,10 +24,13 @@ extern "C" { # endif +# define MD2_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + typedef unsigned char MD2_INT; -# define MD2_DIGEST_LENGTH 16 -# define MD2_BLOCK 16 +# define MD2_BLOCK 16 typedef struct MD2state_st { unsigned int num; @@ -35,16 +38,18 @@ typedef struct MD2state_st { MD2_INT cksm[MD2_BLOCK]; MD2_INT state[MD2_BLOCK]; } MD2_CTX; +# endif -const char *MD2_options(void); -int MD2_Init(MD2_CTX *c); -int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); -int MD2_Final(unsigned char *md, MD2_CTX *c); -unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); +DEPRECATEDIN_3_0(const char *MD2_options(void)) +DEPRECATEDIN_3_0(int MD2_Init(MD2_CTX *c)) +DEPRECATEDIN_3_0(int MD2_Update(MD2_CTX *c, const unsigned char *data, + size_t len)) +DEPRECATEDIN_3_0(int MD2_Final(unsigned char *md, MD2_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MD2(const unsigned char *d, size_t n, + unsigned char *md)) # ifdef __cplusplus } # endif # endif - #endif diff --git a/providers/implementations/digests/md2_prov.c b/providers/implementations/digests/md2_prov.c index 6e12e3c172..525d4eccb3 100644 --- a/providers/implementations/digests/md2_prov.c +++ b/providers/implementations/digests/md2_prov.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include "prov/digestcommon.h" diff --git a/test/md2test.c b/test/md2test.c index 47f55b75e3..b2dfe82035 100644 --- a/test/md2test.c +++ b/test/md2test.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * MD2 low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include diff --git a/util/libcrypto.num b/util/libcrypto.num index 57479a3b03..d3562b08fb 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2334,7 +2334,7 @@ ENGINE_get_pkey_asn1_meth_engine 2382 3_0_0 EXIST::FUNCTION:ENGINE d2i_ASN1_BMPSTRING 2383 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAG_create0_p8inf 2384 3_0_0 EXIST::FUNCTION: OBJ_cmp 2385 3_0_0 EXIST::FUNCTION: -MD2 2386 3_0_0 EXIST::FUNCTION:MD2 +MD2 2386 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 X509_PUBKEY_new 2387 3_0_0 EXIST::FUNCTION: BN_CTX_end 2388 3_0_0 EXIST::FUNCTION: BIO_get_retry_BIO 2389 3_0_0 EXIST::FUNCTION: @@ -2415,7 +2415,7 @@ OCSP_REQINFO_new 2465 3_0_0 EXIST::FUNCTION:OCSP Camellia_decrypt 2466 3_0_0 EXIST::FUNCTION:CAMELLIA X509_signature_print 2467 3_0_0 EXIST::FUNCTION: EVP_camellia_128_ecb 2468 3_0_0 EXIST::FUNCTION:CAMELLIA -MD2_Final 2469 3_0_0 EXIST::FUNCTION:MD2 +MD2_Final 2469 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 OCSP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:OCSP NETSCAPE_SPKAC_it 2471 3_0_0 EXIST::FUNCTION: ASIdOrRange_free 2472 3_0_0 EXIST::FUNCTION:RFC3779 @@ -3175,7 +3175,7 @@ i2d_PUBKEY 3240 3_0_0 EXIST::FUNCTION: ERR_load_EVP_strings 3241 3_0_0 EXIST::FUNCTION: X509_ATTRIBUTE_set1_data 3242 3_0_0 EXIST::FUNCTION: d2i_X509_fp 3243 3_0_0 EXIST::FUNCTION:STDIO -MD2_Init 3244 3_0_0 EXIST::FUNCTION:MD2 +MD2_Init 3244 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 ERR_get_error_line 3245 3_0_0 EXIST::FUNCTION: X509_CRL_get_ext_by_NID 3246 3_0_0 EXIST::FUNCTION: OPENSSL_INIT_free 3247 3_0_0 EXIST::FUNCTION: @@ -3514,7 +3514,7 @@ ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:ENGINE X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION: OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP SHA224 3592 3_0_0 EXIST::FUNCTION: -MD2_options 3593 3_0_0 EXIST::FUNCTION:MD2 +MD2_options 3593 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 X509_REQ_it 3595 3_0_0 EXIST::FUNCTION: RAND_bytes 3596 3_0_0 EXIST::FUNCTION: PKCS7_free 3597 3_0_0 EXIST::FUNCTION: @@ -3546,7 +3546,7 @@ SRP_VBASE_get1_by_user 3622 3_0_0 EXIST::FUNCTION:SRP UI_method_get_closer 3623 3_0_0 EXIST::FUNCTION: ENGINE_get_ex_data 3624 3_0_0 EXIST::FUNCTION:ENGINE BN_print_fp 3625 3_0_0 EXIST::FUNCTION:STDIO -MD2_Update 3626 3_0_0 EXIST::FUNCTION:MD2 +MD2_Update 3626 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 ENGINE_free 3628 3_0_0 EXIST::FUNCTION:ENGINE d2i_X509_ATTRIBUTE 3629 3_0_0 EXIST::FUNCTION: TS_RESP_free 3630 3_0_0 EXIST::FUNCTION:TS -- 2.39.2