[3/4] Deprecate DES encryption functions.

Message ID 20180506175153.22629-4-zackw@panix.com
State New
Headers show
Series
  • Revise crypto documentation, deprecate DES, add --disable-crypt
Related show

Commit Message

Zack Weinberg May 6, 2018, 5:51 p.m.
The functions encrypt, setkey, encrypt_r, setkey_r, cbc_crypt,
ecb_crypt, and des_setparity should not be used in new programs,
because they use the DES block cipher, which is unacceptably weak by
modern standards.  Mark all of them with __attribute_deprecated__.

cbc_crypt, ecb_crypt, and des_setparity are already compat symbols
when glibc is configured with --disable-obsolete-rpc.  I think it is
appropriate to keep encrypt, setkey, encrypt_r, and setkey_r as normal
symbols until they are formally deprecated in POSIX
(see http://austingroupbugs.net/view.php?id=1192 for the status of
that process).

DES-based authentication for Sun RPC is also insecure and should be
deprecated or even removed, but maybe that can be left as TI-RPC's
problem.

	* crypt/crypt.h: Update comments above encrypt and setkey.  Mark
	encrypt, setkey, encrypt_r, and setkey_r with __attribute_deprecated__.
        * posix/unistd.h: Update comments above encrypt.
        Mark encrypt with __attribute_deprecated__.
        * stdlib/stdlib.h: Update comments above setkey.
        Mark setkey with __attribute_deprecated__.
	* sunrpc/rpc/des_crypt.h: Add comment explaining why none of
	these functions should be used in new programs.  Mark cbc_crypt,
	ecb_crypt, and des_setparity with __attribute_deprecated__.

	* crypt/Makefile: Use -Wno-deprecated-declarations for the test
	program cert.c.
        * sunrpc/Makefile: Use -Wno-deprecated-declarations for
	auth_des.c, des_crypt.c, des_soft.c, svcauth_des.c, and xcrypt.c.
---
 NEWS                   |  8 ++++++++
 crypt/Makefile         |  3 +++
 crypt/crypt.h          | 17 +++++++++++------
 posix/unistd.h         |  8 +++++---
 stdlib/stdlib.h        |  9 +++++++--
 sunrpc/Makefile        |  9 +++++++++
 sunrpc/rpc/des_crypt.h | 11 ++++++++---
 7 files changed, 51 insertions(+), 14 deletions(-)

-- 
2.17.0

Comments

Florian Weimer May 8, 2018, 2:33 p.m. | #1
On 05/06/2018 07:51 PM, Zack Weinberg wrote:

> +* The functions 'encrypt', 'encrypt_r', 'setkey', 'setkey_r', 'cbc_crypt',

> +  'ecb_crypt', and 'des_setparity' are deprecated.  They encrypt and decrypt

> +  data with the DES block cipher, which is no longer considered secure.

> +  Also, encrypt, encrypt_r, setkey, and setkey_r require awkward pre- and

> +  post-processing of the encryption key and data to be encrypted, and

> +  encrypt and setkey are not thread-safe.  Software that still uses these

> +  functions should switch to a modern cryptography library, such as GnuTLS.


GNUTLS is no longer part of the GNU project.  You should recommend 
libgcrypt instead.

>   Changes to build and runtime requirements:

>   

>     [Add changes to build and runtime requirements here]

> diff --git a/crypt/Makefile b/crypt/Makefile

> index 303800df73..e122bcebf0 100644

> --- a/crypt/Makefile

> +++ b/crypt/Makefile

> @@ -32,6 +32,9 @@ libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \

>   

>   tests := cert md5c-test sha256c-test sha512c-test badsalttest

>   

> +# cert.c tests the deprecated setkey/encrypt interface

> +CFLAGS-cert.c = -Wno-deprecated-declarations


Okay.

>   ifeq ($(crypt-in-libc),yes)

>   routines += $(libcrypt-routines)

>   endif

> diff --git a/crypt/crypt.h b/crypt/crypt.h

> index 5da098b715..22cf13ff89 100644

> --- a/crypt/crypt.h

> +++ b/crypt/crypt.h

> @@ -32,13 +32,18 @@ __BEGIN_DECLS

>   extern char *crypt (const char *__key, const char *__salt)

>        __THROW __nonnull ((1, 2));

>   

> -/* Setup DES tables according KEY.  */

> -extern void setkey (const char *__key) __THROW __nonnull ((1));

> +/* Set the encryption key for subsequent calls to 'encrypt'.

> +   This function should not be used in new programs, because the cipher

> +   it uses is DES, which is unacceptably weak by modern standards.  */

> +extern void setkey (const char *__key)

> +     __THROW __nonnull ((1)) __attribute_deprecated__;

>   

>   /* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt

> -   block in place.  */

> +   block in place.  The key is controlled by 'setkey'.

> +   This function should not be used in new programs, because the cipher

> +   it uses is DES, which is unacceptably weak by modern standards.  */

>   extern void encrypt (char *__glibc_block, int __edflag)

> -     __THROW __nonnull ((1));

> +     __THROW __nonnull ((1)) __attribute_deprecated__;

>   

>   #ifdef __USE_GNU

>   /* Reentrant versions of the functions above.  The additional argument

> @@ -63,11 +68,11 @@ extern char *crypt_r (const char *__key, const char *__salt,

>   

>   extern void setkey_r (const char *__key,

>   		      struct crypt_data * __restrict __data)

> -     __THROW __nonnull ((1, 2));

> +     __THROW __nonnull ((1, 2)) __attribute_deprecated__;

>   

>   extern void encrypt_r (char *__glibc_block, int __edflag,

>   		       struct crypt_data * __restrict __data)

> -     __THROW __nonnull ((1, 3));

> +     __THROW __nonnull ((1, 3)) __attribute_deprecated__;

>   #endif


Okay.

>   __END_DECLS

> diff --git a/posix/unistd.h b/posix/unistd.h

> index 4d149f9945..5d4e07f6c8 100644

> --- a/posix/unistd.h

> +++ b/posix/unistd.h

> @@ -1127,10 +1127,12 @@ extern char *crypt (const char *__key, const char *__salt)

>        __THROW __nonnull ((1, 2));

>   

>   /* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt

> -   block in place.  */

> -extern void encrypt (char *__glibc_block, int __edflag)

> -     __THROW __nonnull ((1));

> +   block in place.  The key is controlled by 'setkey', in stdlib.h.

>   

> +   This function should not be used in new programs, because the cipher

> +   it uses is DES, which is unacceptably weak by modern standards.  */

> +extern void encrypt (char *__glibc_block, int __edflag)

> +     __THROW __nonnull ((1)) __attribute_deprecated__;


Okay.

>   

>   /* Swab pairs bytes in the first N bytes of the area pointed to by

>      FROM and copy the result to TO.  The value of TO must not be in the

> diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h

> index 6b1ead31e0..5b104bcc51 100644

> --- a/stdlib/stdlib.h

> +++ b/stdlib/stdlib.h

> @@ -959,8 +959,13 @@ extern int getsubopt (char **__restrict __optionp,

>   

>   

>   #ifdef __USE_XOPEN

> -/* Setup DES tables according KEY.  */

> -extern void setkey (const char *__key) __THROW __nonnull ((1));

> +/* Set the encryption key for subsequent calls to 'encrypt', which is

> +   declared in unistd.h.

> +

> +   This function should not be used in new programs, because the cipher

> +   it uses is DES, which is unacceptably weak by modern standards.  */

> +extern void setkey (const char *__key)

> +     __THROW __nonnull ((1)) __attribute_deprecated__;

>   #endif


Okay.

> diff --git a/sunrpc/Makefile b/sunrpc/Makefile

> index 8f2a3c8213..07fb90de6b 100644

> --- a/sunrpc/Makefile

> +++ b/sunrpc/Makefile

> @@ -156,6 +156,15 @@ CFLAGS-pmap_rmt.c += -fexceptions

>   CFLAGS-clnt_perr.c += -fexceptions

>   CFLAGS-openchild.c += -fexceptions

>   

> +# These files implement Secure RPC authentication using DES, which is

> +# no longer secure and has had some of the associated functions tagged

> +# __attribute_deprecated__.

> +CFLAGS-auth_des.c += -Wno-deprecated-declarations

> +CFLAGS-des_crypt.c += -Wno-deprecated-declarations

> +CFLAGS-des_soft.c += -Wno-deprecated-declarations

> +CFLAGS-svcauth_des.c += -Wno-deprecated-declarations

> +CFLAGS-xcrypt.c += -Wno-deprecated-declarations

> +


Okay.

>   sunrpc-CPPFLAGS = -D_RPC_THREAD_SAFE_

>   CPPFLAGS += $(sunrpc-CPPFLAGS)

>   BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)

> diff --git a/sunrpc/rpc/des_crypt.h b/sunrpc/rpc/des_crypt.h

> index 77cca3cbed..85875afa11 100644

> --- a/sunrpc/rpc/des_crypt.h

> +++ b/sunrpc/rpc/des_crypt.h

> @@ -70,6 +70,10 @@ __BEGIN_DECLS

>    * DESERR_NOHWDEVICE is returned if DES_HW was specified but

>    * there was no hardware to do it on (the data will still be

>    * encrypted though, in software).

> + *

> + * None of the functions in this header should be used in new programs,

> + * because the cipher they use is DES, which is unacceptably weak by

> + * modern standards.

>    */

>   

>   

> @@ -77,19 +81,20 @@ __BEGIN_DECLS

>    * Cipher Block Chaining mode

>    */

>   extern int cbc_crypt (char *__key, char *__buf, unsigned __len,

> -		      unsigned __mode, char *__ivec) __THROW;

> +		      unsigned __mode, char *__ivec)

> +  __THROW __attribute_deprecated__;

>   

>   /*

>    * Electronic Code Book mode

>    */

>   extern int ecb_crypt (char *__key, char *__buf, unsigned __len,

> -		      unsigned __mode) __THROW;

> +		      unsigned __mode) __THROW __attribute_deprecated__;

>   

>   /*

>    * Set des parity for a key.

>    * DES parity is odd and in the low bit of each byte

>    */

> -extern void des_setparity (char *__key) __THROW;

> +extern void des_setparity (char *__key) __THROW __attribute_deprecated__;


Okay.

Thanks,
Florian
Zack Weinberg May 8, 2018, 3:24 p.m. | #2
On Tue, May 8, 2018 at 10:33 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 05/06/2018 07:51 PM, Zack Weinberg wrote:

>

>> +* The functions 'encrypt', 'encrypt_r', 'setkey', 'setkey_r',

>> 'cbc_crypt',

>> +  'ecb_crypt', and 'des_setparity' are deprecated.  They encrypt and

>> decrypt

>> +  data with the DES block cipher, which is no longer considered secure.

>> +  Also, encrypt, encrypt_r, setkey, and setkey_r require awkward pre- and

>> +  post-processing of the encryption key and data to be encrypted, and

>> +  encrypt and setkey are not thread-safe.  Software that still uses these

>> +  functions should switch to a modern cryptography library, such as

>> GnuTLS.

>

> GNUTLS is no longer part of the GNU project.  You should recommend libgcrypt

> instead.


Thanks, I didn't know that.  Will change.  libgcrypt is also a better
suggestion because it's a cryptography library first, rather than a
TLS protocol client first.

zw

Patch

diff --git a/NEWS b/NEWS
index 5155c86318..2fe2da8b59 100644
--- a/NEWS
+++ b/NEWS
@@ -63,6 +63,14 @@  Deprecated and removed features, and other changes affecting compatibility:
   binaries; the headers <ustat.h> and <sys/ustat.h> have been removed.  This
   function has been deprecated in favor of fstatfs and statfs.
 
+* The functions 'encrypt', 'encrypt_r', 'setkey', 'setkey_r', 'cbc_crypt',
+  'ecb_crypt', and 'des_setparity' are deprecated.  They encrypt and decrypt
+  data with the DES block cipher, which is no longer considered secure.
+  Also, encrypt, encrypt_r, setkey, and setkey_r require awkward pre- and
+  post-processing of the encryption key and data to be encrypted, and
+  encrypt and setkey are not thread-safe.  Software that still uses these
+  functions should switch to a modern cryptography library, such as GnuTLS.
+
 Changes to build and runtime requirements:
 
   [Add changes to build and runtime requirements here]
diff --git a/crypt/Makefile b/crypt/Makefile
index 303800df73..e122bcebf0 100644
--- a/crypt/Makefile
+++ b/crypt/Makefile
@@ -32,6 +32,9 @@  libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \
 
 tests := cert md5c-test sha256c-test sha512c-test badsalttest
 
+# cert.c tests the deprecated setkey/encrypt interface
+CFLAGS-cert.c = -Wno-deprecated-declarations
+
 ifeq ($(crypt-in-libc),yes)
 routines += $(libcrypt-routines)
 endif
diff --git a/crypt/crypt.h b/crypt/crypt.h
index 5da098b715..22cf13ff89 100644
--- a/crypt/crypt.h
+++ b/crypt/crypt.h
@@ -32,13 +32,18 @@  __BEGIN_DECLS
 extern char *crypt (const char *__key, const char *__salt)
      __THROW __nonnull ((1, 2));
 
-/* Setup DES tables according KEY.  */
-extern void setkey (const char *__key) __THROW __nonnull ((1));
+/* Set the encryption key for subsequent calls to 'encrypt'.
+   This function should not be used in new programs, because the cipher
+   it uses is DES, which is unacceptably weak by modern standards.  */
+extern void setkey (const char *__key)
+     __THROW __nonnull ((1)) __attribute_deprecated__;
 
 /* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
-   block in place.  */
+   block in place.  The key is controlled by 'setkey'.
+   This function should not be used in new programs, because the cipher
+   it uses is DES, which is unacceptably weak by modern standards.  */
 extern void encrypt (char *__glibc_block, int __edflag)
-     __THROW __nonnull ((1));
+     __THROW __nonnull ((1)) __attribute_deprecated__;
 
 #ifdef __USE_GNU
 /* Reentrant versions of the functions above.  The additional argument
@@ -63,11 +68,11 @@  extern char *crypt_r (const char *__key, const char *__salt,
 
 extern void setkey_r (const char *__key,
 		      struct crypt_data * __restrict __data)
-     __THROW __nonnull ((1, 2));
+     __THROW __nonnull ((1, 2)) __attribute_deprecated__;
 
 extern void encrypt_r (char *__glibc_block, int __edflag,
 		       struct crypt_data * __restrict __data)
-     __THROW __nonnull ((1, 3));
+     __THROW __nonnull ((1, 3)) __attribute_deprecated__;
 #endif
 
 __END_DECLS
diff --git a/posix/unistd.h b/posix/unistd.h
index 4d149f9945..5d4e07f6c8 100644
--- a/posix/unistd.h
+++ b/posix/unistd.h
@@ -1127,10 +1127,12 @@  extern char *crypt (const char *__key, const char *__salt)
      __THROW __nonnull ((1, 2));
 
 /* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
-   block in place.  */
-extern void encrypt (char *__glibc_block, int __edflag)
-     __THROW __nonnull ((1));
+   block in place.  The key is controlled by 'setkey', in stdlib.h.
 
+   This function should not be used in new programs, because the cipher
+   it uses is DES, which is unacceptably weak by modern standards.  */
+extern void encrypt (char *__glibc_block, int __edflag)
+     __THROW __nonnull ((1)) __attribute_deprecated__;
 
 /* Swab pairs bytes in the first N bytes of the area pointed to by
    FROM and copy the result to TO.  The value of TO must not be in the
diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h
index 6b1ead31e0..5b104bcc51 100644
--- a/stdlib/stdlib.h
+++ b/stdlib/stdlib.h
@@ -959,8 +959,13 @@  extern int getsubopt (char **__restrict __optionp,
 
 
 #ifdef __USE_XOPEN
-/* Setup DES tables according KEY.  */
-extern void setkey (const char *__key) __THROW __nonnull ((1));
+/* Set the encryption key for subsequent calls to 'encrypt', which is
+   declared in unistd.h.
+
+   This function should not be used in new programs, because the cipher
+   it uses is DES, which is unacceptably weak by modern standards.  */
+extern void setkey (const char *__key)
+     __THROW __nonnull ((1)) __attribute_deprecated__;
 #endif
 
 
diff --git a/sunrpc/Makefile b/sunrpc/Makefile
index 8f2a3c8213..07fb90de6b 100644
--- a/sunrpc/Makefile
+++ b/sunrpc/Makefile
@@ -156,6 +156,15 @@  CFLAGS-pmap_rmt.c += -fexceptions
 CFLAGS-clnt_perr.c += -fexceptions
 CFLAGS-openchild.c += -fexceptions
 
+# These files implement Secure RPC authentication using DES, which is
+# no longer secure and has had some of the associated functions tagged
+# __attribute_deprecated__.
+CFLAGS-auth_des.c += -Wno-deprecated-declarations
+CFLAGS-des_crypt.c += -Wno-deprecated-declarations
+CFLAGS-des_soft.c += -Wno-deprecated-declarations
+CFLAGS-svcauth_des.c += -Wno-deprecated-declarations
+CFLAGS-xcrypt.c += -Wno-deprecated-declarations
+
 sunrpc-CPPFLAGS = -D_RPC_THREAD_SAFE_
 CPPFLAGS += $(sunrpc-CPPFLAGS)
 BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)
diff --git a/sunrpc/rpc/des_crypt.h b/sunrpc/rpc/des_crypt.h
index 77cca3cbed..85875afa11 100644
--- a/sunrpc/rpc/des_crypt.h
+++ b/sunrpc/rpc/des_crypt.h
@@ -70,6 +70,10 @@  __BEGIN_DECLS
  * DESERR_NOHWDEVICE is returned if DES_HW was specified but
  * there was no hardware to do it on (the data will still be
  * encrypted though, in software).
+ *
+ * None of the functions in this header should be used in new programs,
+ * because the cipher they use is DES, which is unacceptably weak by
+ * modern standards.
  */
 
 
@@ -77,19 +81,20 @@  __BEGIN_DECLS
  * Cipher Block Chaining mode
  */
 extern int cbc_crypt (char *__key, char *__buf, unsigned __len,
-		      unsigned __mode, char *__ivec) __THROW;
+		      unsigned __mode, char *__ivec)
+  __THROW __attribute_deprecated__;
 
 /*
  * Electronic Code Book mode
  */
 extern int ecb_crypt (char *__key, char *__buf, unsigned __len,
-		      unsigned __mode) __THROW;
+		      unsigned __mode) __THROW __attribute_deprecated__;
 
 /*
  * Set des parity for a key.
  * DES parity is odd and in the low bit of each byte
  */
-extern void des_setparity (char *__key) __THROW;
+extern void des_setparity (char *__key) __THROW __attribute_deprecated__;
 
 __END_DECLS