diff options
| author | Pauli <paul.dale@oracle.com> | 2020-01-16 13:50:03 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-01-25 09:30:59 +1000 |
| commit | c6fec81b88131d08c1022504ccf6effa95497afb (patch) | |
| tree | 8f9875a9f3a83fa13c6404faa8b7fa71f2c1f6f6 /apps | |
| parent | f6edde4f06d2cadaf0949399e5df0b6f6a5b3598 (diff) | |
| download | openssl-new-c6fec81b88131d08c1022504ccf6effa95497afb.tar.gz | |
Deprecate the low level DES functions.
Use of the low level DES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10858)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/passwd.c | 15 | ||||
| -rw-r--r-- | apps/speed.c | 14 | ||||
| -rw-r--r-- | apps/version.c | 6 |
3 files changed, 16 insertions, 19 deletions
diff --git a/apps/passwd.c b/apps/passwd.c index c17bfd839c..4626eeb249 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <string.h> #include "apps.h" @@ -16,7 +19,7 @@ #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/rand.h> -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) # include <openssl/des.h> #endif #include <openssl/md5.h> @@ -82,7 +85,7 @@ const OPTIONS passwd_options[] = { {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, {"1", OPT_1, '-', "MD5-based password algorithm"}, {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, #endif @@ -168,7 +171,7 @@ int passwd_main(int argc, char **argv) mode = passwd_aixmd5; break; case OPT_CRYPT: -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (mode != passwd_unset) goto opthelp; mode = passwd_crypt; @@ -205,7 +208,7 @@ int passwd_main(int argc, char **argv) mode = passwd_crypt; } -#ifdef OPENSSL_NO_DES +#if defined(OPENSSL_NO_DES) || defined(OPENSSL_NO_DEPRECATED_3_0) if (mode == passwd_crypt) goto opthelp; #endif @@ -798,7 +801,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, size_t saltlen = 0; size_t i; -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (mode == passwd_crypt) saltlen = 2; #endif /* !OPENSSL_NO_DES */ @@ -841,7 +844,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, assert(strlen(passwd) <= pw_maxlen); /* now compute password hash */ -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (mode == passwd_crypt) hash = DES_crypt(passwd, *salt_p); #endif diff --git a/apps/speed.c b/apps/speed.c index 9c896ec6f0..86cb9ff151 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -358,7 +358,7 @@ static const OPT_PAIR doit_choices[] = { #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"rc4", D_RC4}, #endif -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"des-cbc", D_CBC_DES}, {"des-ede3", D_EDE3_DES}, #endif @@ -729,7 +729,7 @@ static int RC4_loop(void *args) } #endif -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) static unsigned char DES_iv[8]; static DES_key_schedule sch[3]; static int DES_ncbc_encrypt_loop(void *args) @@ -1722,7 +1722,7 @@ int speed_main(int argc, char **argv) doit[i] = 1; continue; } -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (strcmp(algo, "des") == 0) { doit[D_CBC_DES] = doit[D_EDE3_DES] = 1; continue; @@ -1945,7 +1945,7 @@ int speed_main(int argc, char **argv) loopargs[i].dsa_key[2] = get_dsa(2048); } #endif -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_CBC_DES] || doit[D_EDE3_DES]) { static DES_cblock keys[] = { { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 }, /* keys[0] */ @@ -2001,7 +2001,7 @@ int speed_main(int argc, char **argv) CAST_set_key(&cast_ks, 16, key16); #endif #ifndef SIGALRM -# ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) BIO_printf(bio_err, "First we calculate the approximate speed ...\n"); count = 10; do { @@ -2397,7 +2397,7 @@ int speed_main(int argc, char **argv) } } #endif -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_CBC_DES]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], @@ -3501,7 +3501,7 @@ int speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) printf("%s ", RC4_options()); #endif -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) printf("%s ", DES_options()); #endif #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/apps/version.c b/apps/version.c index 513bbc81af..83a726a814 100644 --- a/apps/version.c +++ b/apps/version.c @@ -15,9 +15,6 @@ #include <openssl/evp.h> #include <openssl/crypto.h> #include <openssl/bn.h> -#ifndef OPENSSL_NO_DES -# include <openssl/des.h> -#endif typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -117,9 +114,6 @@ opthelp: if (options) { printf("options: "); printf(" %s", BN_options()); -#ifndef OPENSSL_NO_DES - printf(" %s", DES_options()); -#endif printf("\n"); } if (cflags) |