# Remove MD2, MD4: some functions need to be stubbed # Deprecate DES, RC2, RC4, and MD5 # Patch developed in-house. Solaris-specific; not suitable for upstream. --- openssl-1.x/crypto/des/des.h Thu Feb 25 07:42:06 2016 +++ openssl-1.x/crypto/des/des.h.new Thu Feb 25 08:37:40 2016 @@ -132,24 +132,38 @@ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, int enc); + +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +/* Mark DES functions deprecated */ +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, long length, DES_key_schedule *schedule, const_DES_cblock *ivec); /* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ -void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, +DEPRECATED void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc); -void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +DEPRECATED void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc); -void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +DEPRECATED void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, DES_cblock *ivec, const_DES_cblock *inw, const_DES_cblock *outw, int enc); -void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, +DEPRECATED void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc); -void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +DEPRECATED void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks, int enc); /* @@ -204,19 +218,19 @@ DES_cblock *out_white); # endif -int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, +DEPRECATED int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, DES_cblock *iv); -int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, +DEPRECATED int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, DES_cblock *iv); -char *DES_fcrypt(const char *buf, const char *salt, char *ret); -char *DES_crypt(const char *buf, const char *salt); -void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, +DEPRECATED char *DES_fcrypt(const char *buf, const char *salt, char *ret); +DEPRECATED char *DES_crypt(const char *buf, const char *salt); +DEPRECATED void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, long length, DES_key_schedule *schedule, DES_cblock *ivec); -void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +DEPRECATED void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc); -DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +DEPRECATED DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], long length, int out_count, DES_cblock *seed); int DES_random_key(DES_cblock *ret); void DES_set_odd_parity(DES_cblock *key); @@ -237,10 +251,10 @@ # endif void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); -void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +DEPRECATED void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *schedule, DES_cblock *ivec, int *num, int enc); -void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +DEPRECATED void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *schedule, DES_cblock *ivec, int *num); --- openssl-1.x/crypto/md5/md5.h Thu Feb 25 07:42:06 2016 +++ openssl-1.x/crypto/md5/md5.h.new Thu Feb 25 08:39:36 2016 @@ -104,14 +104,28 @@ unsigned int num; } MD5_CTX; + +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +/* Mark MD5 functions deprecated */ +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + # ifdef OPENSSL_FIPS int private_MD5_Init(MD5_CTX *c); # endif -int MD5_Init(MD5_CTX *c); -int MD5_Update(MD5_CTX *c, const void *data, size_t len); -int MD5_Final(unsigned char *md, MD5_CTX *c); -unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); -void MD5_Transform(MD5_CTX *c, const unsigned char *b); +DEPRECATED int MD5_Init(MD5_CTX *c); +DEPRECATED int MD5_Update(MD5_CTX *c, const void *data, size_t len); +DEPRECATED int MD5_Final(unsigned char *md, MD5_CTX *c); +DEPRECATED unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +DEPRECATED void MD5_Transform(MD5_CTX *c, const unsigned char *b); #ifdef __cplusplus } #endif --- openssl-1.x/crypto/rc4/rc4.h Thu Feb 25 07:42:06 2016 +++ openssl-1.x/crypto/rc4/rc4.h.new Thu Feb 25 08:38:33 2016 @@ -75,10 +75,23 @@ RC4_INT data[256]; } RC4_KEY; -const char *RC4_options(void); -void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +/* Mark RC4 functions deprecated */ +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + +DEPRECATED const char *RC4_options(void); +DEPRECATED void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +DEPRECATED void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +DEPRECATED void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); #ifdef __cplusplus --- openssl-1.x/crypto/pem/pem.h Fri Sep 11 00:42:09 2015 +++ openssl-1.x/crypto/pem/pem.h.new Thu Feb 25 08:47:04 2016 @@ -520,9 +520,24 @@ EVP_PKEY *b2i_PublicKey_bio(BIO *in); int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); + + +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +/* Mark RC4 functions deprecated */ +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + # ifndef OPENSSL_NO_RC4 -EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); -int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, +DEPRECATED EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +DEPRECATED int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u); # endif --- openssl-1.x/crypto/rsa/rsa.h Fri Sep 11 00:42:09 2015 +++ openssl-1.x/crypto/rsa/rsa.h.new Thu Feb 25 08:47:08 2016 @@ -387,18 +387,31 @@ int RSA_print(BIO *bp, const RSA *r, int offset); # endif + +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +/* Mark RC4 functions deprecated */ +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + # ifndef OPENSSL_NO_RC4 -int i2d_RSA_NET(const RSA *a, unsigned char **pp, +DEPRECATED int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb) (char *buf, int len, const char *prompt, int verify), int sgckey); -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, +DEPRECATED RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb) (char *buf, int len, const char *prompt, int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, +DEPRECATED int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb) (char *buf, int len, const char *prompt, int verify)); -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, +DEPRECATED RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb) (char *buf, int len, const char *prompt, int verify)); # endif --- openssl-1.x/crypto/x509/x509.h Fri Sep 11 00:42:09 2015 +++ openssl-1.x/crypto/x509/x509.h.new Thu Feb 25 08:47:12 2016 @@ -970,9 +970,22 @@ int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +/* Mark MD5 functions deprecated */ +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + # ifndef OPENSSL_NO_MD5 -unsigned long X509_issuer_name_hash_old(X509 *a); -unsigned long X509_subject_name_hash_old(X509 *x); +DEPRECATED unsigned long X509_issuer_name_hash_old(X509 *a); +DEPRECATED unsigned long X509_subject_name_hash_old(X509 *x); # endif int X509_cmp(const X509 *a, const X509 *b); $ diff -ru e_rc2.c e_rc2.c.new --- a/crypto/rc2/rc2.h.orig Thu Apr 14 12:23:50 2016 +++ b/crypto/rc2/rc2.h Thu Apr 14 12:27:16 2016 @@ -82,17 +82,32 @@ void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); # endif -void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); -void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, + + +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +/* Mark RC2 functions deprecated */ +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + +DEPRECATED void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); +DEPRECATED void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *key, int enc); -void RC2_encrypt(unsigned long *data, RC2_KEY *key); -void RC2_decrypt(unsigned long *data, RC2_KEY *key); -void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +DEPRECATED void RC2_encrypt(unsigned long *data, RC2_KEY *key); +DEPRECATED void RC2_decrypt(unsigned long *data, RC2_KEY *key); +DEPRECATED void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *ks, unsigned char *iv, int enc); -void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +DEPRECATED void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *schedule, unsigned char *ivec, int *num, int enc); -void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +DEPRECATED void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *schedule, unsigned char *ivec, int *num); --- old/crypto/md4/md4.h Thu Apr 21 09:34:15 2016 +++ new/crypto/md4/md4.h Thu Apr 21 09:36:51 2016 @@ -104,14 +104,30 @@ unsigned int num; } MD4_CTX; +/* + * Deprecate MD4 + */ +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + + # ifdef OPENSSL_FIPS -int private_MD4_Init(MD4_CTX *c); +DEPRECATED int private_MD4_Init(MD4_CTX *c); # endif -int MD4_Init(MD4_CTX *c); -int MD4_Update(MD4_CTX *c, const void *data, size_t len); -int MD4_Final(unsigned char *md, MD4_CTX *c); -unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); -void MD4_Transform(MD4_CTX *c, const unsigned char *b); +DEPRECATED int MD4_Init(MD4_CTX *c); +DEPRECATED int MD4_Update(MD4_CTX *c, const void *data, size_t len); +DEPRECATED int MD4_Final(unsigned char *md, MD4_CTX *c); +DEPRECATED unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); +DEPRECATED void MD4_Transform(MD4_CTX *c, const unsigned char *b); #ifdef __cplusplus } #endif --- old/crypto/evp/evp.h Tue Mar 1 05:35:53 2016 +++ new/crypto/evp/evp.h Thu Apr 21 09:35:07 2016 @@ -705,15 +705,31 @@ const unsigned char *i, int enc); # endif + +/* + * Deprecate MD4, MD5, RC2, RC4, and DES + */ +#ifndef __has_attribute +# define __has_attribute(x) 0 +#endif + +#if __has_attribute(deprecated) \ + || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ + || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) +# define DEPRECATED __attribute__((deprecated)) +#else +# define DEPRECATED +#endif + const EVP_MD *EVP_md_null(void); # ifndef OPENSSL_NO_MD2 const EVP_MD *EVP_md2(void); # endif # ifndef OPENSSL_NO_MD4 -const EVP_MD *EVP_md4(void); +DEPRECATED const EVP_MD *EVP_md4(void); # endif # ifndef OPENSSL_NO_MD5 -const EVP_MD *EVP_md5(void); +DEPRECATED const EVP_MD *EVP_md5(void); # endif # ifndef OPENSSL_NO_SHA const EVP_MD *EVP_sha(void); @@ -741,16 +757,16 @@ # endif const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ # ifndef OPENSSL_NO_DES -const EVP_CIPHER *EVP_des_ecb(void); -const EVP_CIPHER *EVP_des_ede(void); +DEPRECATED const EVP_CIPHER *EVP_des_ecb(void); +DEPRECATED const EVP_CIPHER *EVP_des_ede(void); const EVP_CIPHER *EVP_des_ede3(void); -const EVP_CIPHER *EVP_des_ede_ecb(void); +DEPRECATED const EVP_CIPHER *EVP_des_ede_ecb(void); const EVP_CIPHER *EVP_des_ede3_ecb(void); -const EVP_CIPHER *EVP_des_cfb64(void); +DEPRECATED const EVP_CIPHER *EVP_des_cfb64(void); # define EVP_des_cfb EVP_des_cfb64 -const EVP_CIPHER *EVP_des_cfb1(void); -const EVP_CIPHER *EVP_des_cfb8(void); -const EVP_CIPHER *EVP_des_ede_cfb64(void); +DEPRECATED const EVP_CIPHER *EVP_des_cfb1(void); +DEPRECATED const EVP_CIPHER *EVP_des_cfb8(void); +DEPRECATED const EVP_CIPHER *EVP_des_ede_cfb64(void); # define EVP_des_ede_cfb EVP_des_ede_cfb64 # if 0 const EVP_CIPHER *EVP_des_ede_cfb1(void); @@ -760,13 +776,13 @@ # define EVP_des_ede3_cfb EVP_des_ede3_cfb64 const EVP_CIPHER *EVP_des_ede3_cfb1(void); const EVP_CIPHER *EVP_des_ede3_cfb8(void); -const EVP_CIPHER *EVP_des_ofb(void); -const EVP_CIPHER *EVP_des_ede_ofb(void); +DEPRECATED const EVP_CIPHER *EVP_des_ofb(void); +DEPRECATED const EVP_CIPHER *EVP_des_ede_ofb(void); const EVP_CIPHER *EVP_des_ede3_ofb(void); -const EVP_CIPHER *EVP_des_cbc(void); -const EVP_CIPHER *EVP_des_ede_cbc(void); +DEPRECATED const EVP_CIPHER *EVP_des_cbc(void); +DEPRECATED const EVP_CIPHER *EVP_des_ede_cbc(void); const EVP_CIPHER *EVP_des_ede3_cbc(void); -const EVP_CIPHER *EVP_desx_cbc(void); +DEPRECATED const EVP_CIPHER *EVP_desx_cbc(void); const EVP_CIPHER *EVP_des_ede3_wrap(void); /* * This should now be supported through the dev_crypto ENGINE. But also, why @@ -782,10 +798,10 @@ # endif # endif # ifndef OPENSSL_NO_RC4 -const EVP_CIPHER *EVP_rc4(void); -const EVP_CIPHER *EVP_rc4_40(void); +DEPRECATED const EVP_CIPHER *EVP_rc4(void); +DEPRECATED const EVP_CIPHER *EVP_rc4_40(void); # ifndef OPENSSL_NO_MD5 -const EVP_CIPHER *EVP_rc4_hmac_md5(void); +DEPRECATED const EVP_CIPHER *EVP_rc4_hmac_md5(void); # endif # endif # ifndef OPENSSL_NO_IDEA @@ -796,13 +812,13 @@ const EVP_CIPHER *EVP_idea_cbc(void); # endif # ifndef OPENSSL_NO_RC2 -const EVP_CIPHER *EVP_rc2_ecb(void); -const EVP_CIPHER *EVP_rc2_cbc(void); -const EVP_CIPHER *EVP_rc2_40_cbc(void); -const EVP_CIPHER *EVP_rc2_64_cbc(void); -const EVP_CIPHER *EVP_rc2_cfb64(void); +DEPRECATED const EVP_CIPHER *EVP_rc2_ecb(void); +DEPRECATED const EVP_CIPHER *EVP_rc2_cbc(void); +DEPRECATED const EVP_CIPHER *EVP_rc2_40_cbc(void); +DEPRECATED const EVP_CIPHER *EVP_rc2_64_cbc(void); +DEPRECATED const EVP_CIPHER *EVP_rc2_cfb64(void); # define EVP_rc2_cfb EVP_rc2_cfb64 -const EVP_CIPHER *EVP_rc2_ofb(void); +DEPRECATED const EVP_CIPHER *EVP_rc2_ofb(void); # endif # ifndef OPENSSL_NO_BF const EVP_CIPHER *EVP_bf_ecb(void);