Deprecate Low Level Blowfish APIs

mattcaswell · mattcaswell · commit 03047e7b7f64 · 2020-01-08T11:25:25.000Z
Applications should instead use the higher level EVP APIs, e.g. EVP_Encrypt*() and EVP_Decrypt*(). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from #10740)
diff --git a/CHANGES b/CHANGES
@@ -9,6 +9,15 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) All of the low level Blowfish functions have been deprecated including:
+     BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+     BF_cfb64_encrypt, BF_ofb64_encrypt, and BF_options.
+     Use of these low level functions has been informally discouraged for a long
+     time. Instead applications should use the high level EVP APIs, e.g.
+     EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
+     equivalently named decrypt functions.
+     [Matt Caswell]
+
   *) Removed include/openssl/opensslconf.h.in and replaced it with
      include/openssl/configuration.h.in, which differs in not including
      <openssl/macros.h>.  A short header include/openssl/opensslconf.h
diff --git a/apps/speed.c b/apps/speed.c
@@ -384,7 +384,7 @@ static const OPT_PAIR doit_choices[] = {
     {"seed-cbc", D_CBC_SEED},
     {"seed", D_CBC_SEED},
 #endif
-#ifndef OPENSSL_NO_BF
+#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     {"bf-cbc", D_CBC_BF},
     {"blowfish", D_CBC_BF},
     {"bf", D_CBC_BF},
@@ -1461,7 +1461,7 @@ int speed_main(int argc, char **argv)
 #ifndef OPENSSL_NO_SEED
     SEED_KEY_SCHEDULE seed_ks;
 #endif
-#ifndef OPENSSL_NO_BF
+#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     BF_KEY bf_ks;
 #endif
 #ifndef OPENSSL_NO_CAST
@@ -1986,7 +1986,7 @@ int speed_main(int argc, char **argv)
             goto end;
         }
 #endif
-#ifndef OPENSSL_NO_BF
+#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_CBC_BF])
         BF_set_key(&bf_ks, 16, key16);
 #endif
@@ -2650,7 +2650,7 @@ int speed_main(int argc, char **argv)
         }
     }
 #endif
-#ifndef OPENSSL_NO_BF
+#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_CBC_BF]) {
         if (async_jobs > 0) {
             BIO_printf(bio_err, "Async mode is not supported with %s\n",
@@ -3502,7 +3502,7 @@ int speed_main(int argc, char **argv)
 #ifndef OPENSSL_NO_IDEA
         printf("%s ", IDEA_options());
 #endif
-#ifndef OPENSSL_NO_BF
+#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0)
         printf("%s ", BF_options());
 #endif
         printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
diff --git a/apps/version.c b/apps/version.c
@@ -140,9 +140,6 @@ int version_main(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_IDEA
         printf(" %s", IDEA_options());
-#endif
-#ifndef OPENSSL_NO_BF
-        printf(" %s", BF_options());
 #endif
         printf("\n");
     }
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/blowfish.h>
 #include "bf_local.h"
 
diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/blowfish.h>
 #include "bf_local.h"
 #include <openssl/opensslv.h>
diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/blowfish.h>
 #include "bf_local.h"
 
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/blowfish.h>
 #include "bf_local.h"
 
diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <string.h>
 #include <openssl/blowfish.h>
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #ifndef OPENSSL_NO_BF
diff --git a/doc/man3/BF_encrypt.pod b/doc/man3/BF_encrypt.pod
@@ -9,6 +9,10 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
 
  #include <openssl/blowfish.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
  void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
@@ -29,6 +33,10 @@ BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
 
 =head1 DESCRIPTION
 
+All of the functions described on this page are deprecated. Applications should
+instead use L<EVP_EncryptInit_ex(3)>, L<EVP_EncryptUpdate(3)> and
+L<EVP_EncryptFinal_ex(3)> or the equivalently named decrypt functions.
+
 This library implements the Blowfish cipher, which was invented and described
 by Counterpane (see http://www.counterpane.com/blowfish.html ).
 
@@ -107,6 +115,10 @@ functions directly.
 L<EVP_EncryptInit(3)>,
 L<des_modes(7)>
 
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h
@@ -24,40 +24,51 @@
 extern "C" {
 # endif
 
-# define BF_ENCRYPT      1
-# define BF_DECRYPT      0
+# define BF_BLOCK        8
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+
+#  define BF_ENCRYPT      1
+#  define BF_DECRYPT      0
 
 /*-
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  * ! BF_LONG has to be at least 32 bits wide.                     !
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  */
-# define BF_LONG unsigned int
+#  define BF_LONG unsigned int
 
-# define BF_ROUNDS       16
-# define BF_BLOCK        8
+#  define BF_ROUNDS       16
 
 typedef struct bf_key_st {
     BF_LONG P[BF_ROUNDS + 2];
     BF_LONG S[4 * 256];
 } BF_KEY;
 
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-
-void BF_encrypt(BF_LONG *data, const BF_KEY *key);
-void BF_decrypt(BF_LONG *data, const BF_KEY *key);
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                    const BF_KEY *key, int enc);
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                    const BF_KEY *schedule, unsigned char *ivec, int enc);
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, const BF_KEY *schedule,
-                      unsigned char *ivec, int *num, int enc);
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                      long length, const BF_KEY *schedule,
-                      unsigned char *ivec, int *num);
-const char *BF_options(void);
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
+DEPRECATEDIN_3_0(void BF_set_key(BF_KEY *key, int len,
+                                 const unsigned char *data))
+
+DEPRECATEDIN_3_0(void BF_encrypt(BF_LONG *data, const BF_KEY *key))
+DEPRECATEDIN_3_0(void BF_decrypt(BF_LONG *data, const BF_KEY *key))
+
+DEPRECATEDIN_3_0(void BF_ecb_encrypt(const unsigned char *in,
+                                     unsigned char *out, const BF_KEY *key,
+                                     int enc))
+DEPRECATEDIN_3_0(void BF_cbc_encrypt(const unsigned char *in,
+                                     unsigned char *out, long length,
+                                     const BF_KEY *schedule,
+                                     unsigned char *ivec, int enc))
+DEPRECATEDIN_3_0(void BF_cfb64_encrypt(const unsigned char *in,
+                                       unsigned char *out,
+                                       long length, const BF_KEY *schedule,
+                                       unsigned char *ivec, int *num, int enc))
+DEPRECATEDIN_3_0(void BF_ofb64_encrypt(const unsigned char *in,
+                                       unsigned char *out,
+                                       long length, const BF_KEY *schedule,
+                                       unsigned char *ivec, int *num))
+DEPRECATEDIN_3_0(const char *BF_options(void))
 
 # ifdef  __cplusplus
 }
diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c
@@ -9,6 +9,12 @@
 
 /* Dispatch functions for Blowfish cipher modes ecb, cbc, ofb, cfb */
 
+/*
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_blowfish.h"
 #include "prov/implementations.h"
 
diff --git a/providers/implementations/ciphers/cipher_blowfish_hw.c b/providers/implementations/ciphers/cipher_blowfish_hw.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
 #include "cipher_blowfish.h"
 
 static int cipher_hw_blowfish_initkey(PROV_CIPHER_CTX *ctx,
diff --git a/test/bftest.c b/test/bftest.c
@@ -8,9 +8,10 @@
  */
 
 /*
- * This has been a quickly hacked 'ideatest.c'.  When I add tests for other
- * RC2 modes, more of the code will be uncommented.
+ * BF low level APIs are deprecated for public use, but still ok for internal
+ * use.
  */
+#include "internal/deprecated.h"
 
 #include <stdio.h>
 #include <string.h>
diff --git a/test/build.info b/test/build.info
@@ -38,7 +38,7 @@ IF[{- !$disabled{tests} -}]
           rc2test rc4test rc5test \
           destest mdc2test \
           dhtest enginetest casttest \
-          bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
+          ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
           evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
           v3nametest v3ext \
           crltest danetest bad_dtls_test lhash_test sparse_array_test \
@@ -156,10 +156,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[casttest]=../include ../apps/include
   DEPEND[casttest]=../libcrypto libtestutil.a
 
-  SOURCE[bftest]=bftest.c
-  INCLUDE[bftest]=../include ../apps/include
-  DEPEND[bftest]=../libcrypto libtestutil.a
-
   SOURCE[ssltest_old]=ssltest_old.c
   INCLUDE[ssltest_old]=.. ../include ../apps/include
   DEPEND[ssltest_old]=../libcrypto ../libssl
@@ -216,10 +212,14 @@ IF[{- !$disabled{tests} -}]
 
   IF[{- !$disabled{"deprecated"}
         || (defined $config{"api"} && $config{"api"} < 30000) -}]
-    PROGRAMS{noinst}=igetest
+    PROGRAMS{noinst}=igetest bftest
     SOURCE[igetest]=igetest.c
     INCLUDE[igetest]=../include ../apps/include
     DEPEND[igetest]=../libcrypto libtestutil.a
+
+    SOURCE[bftest]=bftest.c
+    INCLUDE[bftest]=../include ../apps/include
+    DEPEND[bftest]=../libcrypto libtestutil.a
   ENDIF
 
   SOURCE[v3nametest]=v3nametest.c
diff --git a/test/recipes/05-test_bf.t b/test/recipes/05-test_bf.t
@@ -6,7 +6,17 @@
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
+use strict;
+use warnings;
 
 use OpenSSL::Test::Simple;
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+setup("test_bf");
+
+plan skip_all => "Low-level Blowfish APIs are disabled in this build"
+    if disabled("deprecated")
+       && (!defined config("api") || config("api") >= 30000);
 
 simple_test("test_bf", "bftest", "bf");
diff --git a/util/libcrypto.num b/util/libcrypto.num
