[openssl] master update
Matt Caswell
matt at openssl.org
Mon Jan 13 13:48:59 UTC 2020
The branch master has been updated
via 0ae5d4d6f8a0cd17fb9beb5876827f311c1b350c (commit)
from 291850b473ef5d83ac7d90bdcd7f68d186515348 (commit)
- Log -----------------------------------------------------------------
commit 0ae5d4d6f8a0cd17fb9beb5876827f311c1b350c
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jan 2 16:15:26 2020 +0000
Deprecate the Low Level CAST APIs
Applications should instead use the higher level EVP APIs, e.g.
EVP_Encrypt*() and EVP_Decrypt*().
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10742)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 9 ++++
apps/speed.c | 8 +--
crypto/cast/c_cfb64.c | 6 +++
crypto/cast/c_ecb.c | 6 +++
crypto/cast/c_enc.c | 6 +++
crypto/cast/c_ofb64.c | 6 +++
crypto/cast/c_skey.c | 6 +++
crypto/evp/e_cast.c | 6 +++
include/openssl/cast.h | 57 ++++++++++++++--------
providers/implementations/ciphers/cipher_cast5.c | 6 +++
.../implementations/ciphers/cipher_cast5_hw.c | 6 +++
test/build.info | 13 ++---
test/casttest.c | 6 +++
test/recipes/05-test_cast.t | 11 +++++
util/libcrypto.num | 14 +++---
15 files changed, 130 insertions(+), 36 deletions(-)
diff --git a/CHANGES b/CHANGES
index e47c8ab968..215fd13b60 100644
--- a/CHANGES
+++ b/CHANGES
@@ -18,6 +18,15 @@
equivalently named decrypt functions.
[Matt Caswell]
+ *) All of the low level CAST functions have been deprecated including:
+ CAST_set_key, CAST_ecb_encrypt, CAST_encrypt, CAST_decrypt,
+ CAST_cbc_encrypt, CAST_cfb64_encrypt and CAST_ofb64_encrypt
+ Use of these low level functions has been informally discouraged for a long
+ time. Instead applications should use the high level EVP APIs, e.g.
+ EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
+ equivalently named decrypt functions.
+ [Matt Caswell]
+
*) All of the low level Camelllia functions have been deprecated including:
Camellia_set_key, Camellia_encrypt, Camellia_decrypt, Camellia_ecb_encrypt,
Camellia_cbc_encrypt, Camellia_cfb128_encrypt, Camellia_cfb1_encrypt,
diff --git a/apps/speed.c b/apps/speed.c
index bb57da9c85..67bf650ec2 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -389,7 +389,7 @@ static const OPT_PAIR doit_choices[] = {
{"blowfish", D_CBC_BF},
{"bf", D_CBC_BF},
#endif
-#ifndef OPENSSL_NO_CAST
+#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{"cast-cbc", D_CBC_CAST},
{"cast", D_CBC_CAST},
{"cast5", D_CBC_CAST},
@@ -1464,7 +1464,7 @@ int speed_main(int argc, char **argv)
#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
BF_KEY bf_ks;
#endif
-#ifndef OPENSSL_NO_CAST
+#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0)
CAST_KEY cast_ks;
#endif
static const unsigned char key16[16] = {
@@ -1992,7 +1992,7 @@ int speed_main(int argc, char **argv)
if (doit[D_CBC_BF])
BF_set_key(&bf_ks, 16, key16);
#endif
-#ifndef OPENSSL_NO_CAST
+#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_CAST])
CAST_set_key(&cast_ks, 16, key16);
#endif
@@ -2672,7 +2672,7 @@ int speed_main(int argc, char **argv)
}
}
#endif
-#ifndef OPENSSL_NO_CAST
+#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (doit[D_CBC_CAST]) {
if (async_jobs > 0) {
BIO_printf(bio_err, "Async mode is not supported with %s\n",
diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
index 1ae13bc3d8..805a51d450 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/cast.h>
#include "cast_local.h"
diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c
index 2b841ac919..cbd044366d 100644
--- a/crypto/cast/c_ecb.c
+++ b/crypto/cast/c_ecb.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/cast.h>
#include "cast_local.h"
#include <openssl/opensslv.h>
diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c
index 7e2461dfca..ede9f2e815 100644
--- a/crypto/cast/c_enc.c
+++ b/crypto/cast/c_enc.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/cast.h>
#include "cast_local.h"
diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
index bc598d4d1b..6aaa7edfc8 100644
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/cast.h>
#include "cast_local.h"
diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c
index c21ecdf89c..d516e10ee3 100644
--- a/crypto/cast/c_skey.c
+++ b/crypto/cast/c_skey.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <openssl/cast.h>
#include "cast_local.h"
#include "cast_s.h"
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index 4b06717b72..5703f7fa49 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include "internal/cryptlib.h"
diff --git a/include/openssl/cast.h b/include/openssl/cast.h
index 5f81217d14..f338d411cf 100644
--- a/include/openssl/cast.h
+++ b/include/openssl/cast.h
@@ -23,33 +23,52 @@
extern "C" {
# endif
-# define CAST_ENCRYPT 1
-# define CAST_DECRYPT 0
-
-# define CAST_LONG unsigned int
-
# define CAST_BLOCK 8
# define CAST_KEY_LENGTH 16
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+
+# define CAST_ENCRYPT 1
+# define CAST_DECRYPT 0
+
+# define CAST_LONG unsigned int
+
typedef struct cast_key_st {
CAST_LONG data[32];
int short_key; /* Use reduced rounds for short key */
} CAST_KEY;
-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const CAST_KEY *key, int enc);
-void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
- long length, const CAST_KEY *ks, unsigned char *iv,
- int enc);
-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, const CAST_KEY *schedule,
- unsigned char *ivec, int *num, int enc);
-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, const CAST_KEY *schedule,
- unsigned char *ivec, int *num);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
+DEPRECATEDIN_3_0(void CAST_set_key(CAST_KEY *key, int len,
+ const unsigned char *data))
+DEPRECATEDIN_3_0(void CAST_ecb_encrypt(const unsigned char *in,
+ unsigned char *out,
+ const CAST_KEY *key,
+ int enc))
+DEPRECATEDIN_3_0(void CAST_encrypt(CAST_LONG *data,
+ const CAST_KEY *key))
+DEPRECATEDIN_3_0(void CAST_decrypt(CAST_LONG *data,
+ const CAST_KEY *key))
+DEPRECATEDIN_3_0(void CAST_cbc_encrypt(const unsigned char *in,
+ unsigned char *out,
+ long length,
+ const CAST_KEY *ks,
+ unsigned char *iv,
+ int enc))
+DEPRECATEDIN_3_0(void CAST_cfb64_encrypt(const unsigned char *in,
+ unsigned char *out,
+ long length,
+ const CAST_KEY *schedule,
+ unsigned char *ivec,
+ int *num,
+ int enc))
+DEPRECATEDIN_3_0(void CAST_ofb64_encrypt(const unsigned char *in,
+ unsigned char *out,
+ long length,
+ const CAST_KEY *schedule,
+ unsigned char *ivec,
+ int *num))
# ifdef __cplusplus
}
diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c
index 473a7f02b9..24cb59d103 100644
--- a/providers/implementations/ciphers/cipher_cast5.c
+++ b/providers/implementations/ciphers/cipher_cast5.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
/* Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb */
#include "cipher_cast.h"
diff --git a/providers/implementations/ciphers/cipher_cast5_hw.c b/providers/implementations/ciphers/cipher_cast5_hw.c
index 227e90d7a7..beeeb593f0 100644
--- a/providers/implementations/ciphers/cipher_cast5_hw.c
+++ b/providers/implementations/ciphers/cipher_cast5_hw.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "cipher_cast.h"
static int cipher_hw_cast5_initkey(PROV_CIPHER_CTX *ctx,
diff --git a/test/build.info b/test/build.info
index de618b51d9..c54b7bc5a4 100644
--- a/test/build.info
+++ b/test/build.info
@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
hmactest \
rc2test rc4test rc5test \
destest mdc2test \
- dhtest enginetest casttest \
+ dhtest enginetest \
ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
v3nametest v3ext \
@@ -152,10 +152,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[enginetest]=../include ../apps/include
DEPEND[enginetest]=../libcrypto libtestutil.a
- SOURCE[casttest]=casttest.c
- INCLUDE[casttest]=../include ../apps/include
- DEPEND[casttest]=../libcrypto libtestutil.a
-
SOURCE[ssltest_old]=ssltest_old.c
INCLUDE[ssltest_old]=.. ../include ../apps/include
DEPEND[ssltest_old]=../libcrypto ../libssl
@@ -212,7 +208,8 @@ IF[{- !$disabled{tests} -}]
IF[{- !$disabled{"deprecated"}
|| (defined $config{"api"} && $config{"api"} < 30000) -}]
- PROGRAMS{noinst}=igetest bftest
+ PROGRAMS{noinst}=igetest bftest casttest
+
SOURCE[igetest]=igetest.c
INCLUDE[igetest]=../include ../apps/include
DEPEND[igetest]=../libcrypto libtestutil.a
@@ -220,6 +217,10 @@ IF[{- !$disabled{tests} -}]
SOURCE[bftest]=bftest.c
INCLUDE[bftest]=../include ../apps/include
DEPEND[bftest]=../libcrypto libtestutil.a
+
+ SOURCE[casttest]=casttest.c
+ INCLUDE[casttest]=../include ../apps/include
+ DEPEND[casttest]=../libcrypto libtestutil.a
ENDIF
SOURCE[v3nametest]=v3nametest.c
diff --git a/test/casttest.c b/test/casttest.c
index 0d7595cc99..09435bde45 100644
--- a/test/casttest.c
+++ b/test/casttest.c
@@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * CAST low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
diff --git a/test/recipes/05-test_cast.t b/test/recipes/05-test_cast.t
index b8b88d075e..b1b909db7a 100644
--- a/test/recipes/05-test_cast.t
+++ b/test/recipes/05-test_cast.t
@@ -7,6 +7,17 @@
# https://www.openssl.org/source/license.html
+use strict;
+use warnings;
+
use OpenSSL::Test::Simple;
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+setup("test_cast");
+
+plan skip_all => "Low-level CAST APIs are disabled in this build"
+ if disabled("deprecated")
+ && (!defined config("api") || config("api") >= 30000);
simple_test("test_cast", "casttest", "cast");
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 5092f5dab8..d18e1a3ebb 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -712,7 +712,7 @@ DSA_sign_setup 730 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
OPENSSL_sk_new_null 731 3_0_0 EXIST::FUNCTION:
PEM_read_PKCS8 732 3_0_0 EXIST::FUNCTION:STDIO
BN_mod_sqr 733 3_0_0 EXIST::FUNCTION:
-CAST_ofb64_encrypt 734 3_0_0 EXIST::FUNCTION:CAST
+CAST_ofb64_encrypt 734 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
TXT_DB_write 735 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_get1_ext_d2i 736 3_0_0 EXIST::FUNCTION:OCSP
CMS_unsigned_add1_attr_by_NID 737 3_0_0 EXIST::FUNCTION:CMS
@@ -1684,7 +1684,7 @@ EVP_PKEY_type 1722 3_0_0 EXIST::FUNCTION:
ENGINE_ctrl 1723 3_0_0 EXIST::FUNCTION:ENGINE
EVP_cast5_ecb 1724 3_0_0 EXIST::FUNCTION:CAST
BIO_nwrite0 1725 3_0_0 EXIST::FUNCTION:
-CAST_encrypt 1726 3_0_0 EXIST::FUNCTION:CAST
+CAST_encrypt 1726 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
a2d_ASN1_OBJECT 1727 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_delete_ext 1728 3_0_0 EXIST::FUNCTION:OCSP
UI_method_get_reader 1729 3_0_0 EXIST::FUNCTION:
@@ -2068,7 +2068,7 @@ X509_REQ_set_version 2113 3_0_0 EXIST::FUNCTION:
d2i_ASN1_GENERALSTRING 2114 3_0_0 EXIST::FUNCTION:
i2d_ASIdentifiers 2115 3_0_0 EXIST::FUNCTION:RFC3779
X509V3_EXT_cleanup 2116 3_0_0 EXIST::FUNCTION:
-CAST_ecb_encrypt 2117 3_0_0 EXIST::FUNCTION:CAST
+CAST_ecb_encrypt 2117 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
BIO_s_file 2118 3_0_0 EXIST::FUNCTION:
RSA_X931_derive_ex 2119 3_0_0 EXIST::FUNCTION:RSA
EVP_PKEY_decrypt_init 2120 3_0_0 EXIST::FUNCTION:
@@ -2449,7 +2449,7 @@ AES_cfb128_encrypt 2499 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_
ENGINE_set_EC 2500 3_0_0 EXIST::FUNCTION:ENGINE
d2i_ECPKParameters 2501 3_0_0 EXIST::FUNCTION:EC
IDEA_ofb64_encrypt 2502 3_0_0 EXIST::FUNCTION:IDEA
-CAST_decrypt 2503 3_0_0 EXIST::FUNCTION:CAST
+CAST_decrypt 2503 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
TS_STATUS_INFO_get0_failure_info 2504 3_0_0 EXIST::FUNCTION:TS
ENGINE_unregister_pkey_meths 2506 3_0_0 EXIST::FUNCTION:ENGINE
DISPLAYTEXT_new 2507 3_0_0 EXIST::FUNCTION:
@@ -2862,7 +2862,7 @@ EVP_des_cfb1 2923 3_0_0 EXIST::FUNCTION:DES
OBJ_NAME_cleanup 2924 3_0_0 EXIST::FUNCTION:
OCSP_BASICRESP_get1_ext_d2i 2925 3_0_0 EXIST::FUNCTION:OCSP
DES_cfb64_encrypt 2926 3_0_0 EXIST::FUNCTION:DES
-CAST_cfb64_encrypt 2927 3_0_0 EXIST::FUNCTION:CAST
+CAST_cfb64_encrypt 2927 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
EVP_PKEY_asn1_set_param 2928 3_0_0 EXIST::FUNCTION:
BN_RECP_CTX_free 2929 3_0_0 EXIST::FUNCTION:
BN_with_flags 2930 3_0_0 EXIST::FUNCTION:
@@ -2979,7 +2979,7 @@ PKCS12_item_pack_safebag 3043 3_0_0 EXIST::FUNCTION:
i2d_OCSP_RESPDATA 3044 3_0_0 EXIST::FUNCTION:OCSP
i2d_X509_PUBKEY 3045 3_0_0 EXIST::FUNCTION:
EVP_DecryptUpdate 3046 3_0_0 EXIST::FUNCTION:
-CAST_cbc_encrypt 3047 3_0_0 EXIST::FUNCTION:CAST
+CAST_cbc_encrypt 3047 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
BN_BLINDING_invert 3048 3_0_0 EXIST::FUNCTION:
SHA512_Update 3049 3_0_0 EXIST::FUNCTION:
ESS_ISSUER_SERIAL_new 3050 3_0_0 EXIST::FUNCTION:
@@ -3588,7 +3588,7 @@ TS_X509_ALGOR_print_bio 3666 3_0_0 EXIST::FUNCTION:TS
d2i_PKCS7_ENVELOPE 3667 3_0_0 EXIST::FUNCTION:
ESS_CERT_ID_new 3669 3_0_0 EXIST::FUNCTION:
EC_POINT_invert 3670 3_0_0 EXIST::FUNCTION:EC
-CAST_set_key 3671 3_0_0 EXIST::FUNCTION:CAST
+CAST_set_key 3671 3_0_0 EXIST::FUNCTION:CAST,DEPRECATEDIN_3_0
ENGINE_get_pkey_meth 3672 3_0_0 EXIST::FUNCTION:ENGINE
BIO_ADDRINFO_free 3673 3_0_0 EXIST::FUNCTION:SOCK
DES_ede3_cbc_encrypt 3674 3_0_0 EXIST::FUNCTION:DES
More information about the openssl-commits
mailing list