Deprecate the low level MDC2 functions.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10790)

12 files changed, 82 insertions, 21 deletions

diff --git a/apps/speed.c b/apps/speed.c
index 9dcf177e01..8d3b91aaa1 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -332,7 +332,7 @@ static const OPT_PAIR doit_choices[] = {
 #if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     {"md2", D_MD2},
 #endif
-#ifndef OPENSSL_NO_MDC2
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     {"mdc2", D_MDC2},
 #endif
 #if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@@ -587,7 +587,7 @@ static int EVP_Digest_MD2_loop(void *args)
 }
 #endif
 
-#ifndef OPENSSL_NO_MDC2
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 static int EVP_Digest_MDC2_loop(void *args)
 {
     loopargs_t *tempargs = *(loopargs_t **) args;
@@ -2253,7 +2253,7 @@ int speed_main(int argc, char **argv)
         }
     }
 #endif
-#ifndef OPENSSL_NO_MDC2
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     if (doit[D_MDC2]) {
         for (testnum = 0; testnum < size_num; testnum++) {
             print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
diff --git a/crypto/evp/legacy_mdc2.c b/crypto/evp/legacy_mdc2.c
index 9144a5715c..9499db78e5 100644
--- a/crypto/evp/legacy_mdc2.c
+++ b/crypto/evp/legacy_mdc2.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * MDC2 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/mdc2.h>
 #include "crypto/evp.h"
 #include "legacy_meth.h"
diff --git a/crypto/mdc2/build.info b/crypto/mdc2/build.info
index 8fe6878d60..54df262514 100644
--- a/crypto/mdc2/build.info
+++ b/crypto/mdc2/build.info
@@ -1,3 +1,10 @@
 LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
-        mdc2dgst.c mdc2_one.c
+
+SOURCE[../../libcrypto]=mdc2dgst.c mdc2_one.c
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# MDC2 functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{"deprecated"}
+      && (defined $config{"api"} && $config{"api"} >= 30000) -}]
+  SOURCE[../../providers/liblegacy.a]=mdc2dgst.c mdc2_one.c
+ENDIF
diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
index 7b80bac50e..c8bfdcc9d6 100644
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * MD2 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/mdc2.h>
diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
index 46142f11d2..8893be16e4 100644
--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * MD2 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/doc/man3/MDC2_Init.pod b/doc/man3/MDC2_Init.pod
index 4ffbf931c0..1427759d3f 100644
--- a/doc/man3/MDC2_Init.pod
+++ b/doc/man3/MDC2_Init.pod
@@ -8,6 +8,10 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
 
  #include <openssl/mdc2.h>
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  unsigned char *MDC2(const unsigned char *d, unsigned long n,
                      unsigned char *md);
 
@@ -18,6 +22,10 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
 
 =head1 DESCRIPTION
 
+All of the functions described on this page are deprecated.
+Applications should instead use L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
+and L<EVP_DigestFinal_ex(3)>.
+
 MDC2 is a method to construct hash functions with 128 bit output from
 block ciphers.  These functions are an implementation of MDC2 with
 DES.
@@ -56,6 +64,10 @@ ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.
 
 L<EVP_DigestInit(3)>
 
+=head1 HISTORY
+
+All of these functions were deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h
index b524f66a47..06ab411c8f 100644
--- a/include/openssl/mdc2.h
+++ b/include/openssl/mdc2.h
@@ -25,20 +25,26 @@
 extern "C" {
 #  endif
 
-#  define MDC2_BLOCK              8
 #  define MDC2_DIGEST_LENGTH      16
 
+#  if !defined(OPENSSL_NO_DEPRECATED_3_0)
+
+#   define MDC2_BLOCK              8
+
 typedef struct mdc2_ctx_st {
     unsigned int num;
     unsigned char data[MDC2_BLOCK];
     DES_cblock h, hh;
     unsigned int pad_type;   /* either 1 or 2, default 1 */
 } MDC2_CTX;
+#  endif
 
-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
+DEPRECATEDIN_3_0(int MDC2_Init(MDC2_CTX *c))
+DEPRECATEDIN_3_0(int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+                 size_t len))
+DEPRECATEDIN_3_0(int MDC2_Final(unsigned char *md, MDC2_CTX *c))
+DEPRECATEDIN_3_0(unsigned char *MDC2(const unsigned char *d, size_t n,
+                 unsigned char *md))
 
 #  ifdef  __cplusplus
 }
diff --git a/providers/implementations/digests/mdc2_prov.c b/providers/implementations/digests/mdc2_prov.c
index 4a7d3a43ab..c3e19af9e1 100644
--- a/providers/implementations/digests/mdc2_prov.c
+++ b/providers/implementations/digests/mdc2_prov.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * MDC2 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/crypto.h>
 #include <openssl/params.h>
 #include <openssl/mdc2.h>
diff --git a/test/build.info b/test/build.info
index 1d59dd9bb6..de618b51d9 100644
--- a/test/build.info
+++ b/test/build.info
@@ -624,15 +624,15 @@ IF[{- !$disabled{tests} -}]
     SOURCE[keymgmt_internal_test]=keymgmt_internal_test.c
     INCLUDE[keymgmt_internal_test]=.. ../include ../apps/include
     DEPEND[keymgmt_internal_test]=../libcrypto.a libtestutil.a
-  ENDIF
 
-  IF[{- !$disabled{mdc2} -}]
-    PROGRAMS{noinst}=mdc2_internal_test
-  ENDIF
+    IF[{- !$disabled{mdc2} -}]
+      PROGRAMS{noinst}=mdc2_internal_test
+    ENDIF
 
-  SOURCE[mdc2_internal_test]=mdc2_internal_test.c
-  INCLUDE[mdc2_internal_test]=.. ../include ../apps/include
-  DEPEND[mdc2_internal_test]=../libcrypto libtestutil.a
+    SOURCE[mdc2_internal_test]=mdc2_internal_test.c
+    INCLUDE[mdc2_internal_test]=.. ../include ../apps/include
+    DEPEND[mdc2_internal_test]=../libcrypto.a libtestutil.a
+  ENDIF
 
   PROGRAMS{noinst}=asn1_time_test
   SOURCE[asn1_time_test]=asn1_time_test.c
diff --git a/test/mdc2_internal_test.c b/test/mdc2_internal_test.c
index 38b5f34957..0e32331f24 100644
--- a/test/mdc2_internal_test.c
+++ b/test/mdc2_internal_test.c
@@ -9,6 +9,12 @@
 
 /* Internal tests for the mdc2 module */
 
+/*
+ * MDC2 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <string.h>
 
diff --git a/test/mdc2test.c b/test/mdc2test.c
index f8c492297e..25cf5a7317 100644
--- a/test/mdc2test.c
+++ b/test/mdc2test.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * MDC2 low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <string.h>
 #include <openssl/provider.h>
 #include <openssl/params.h>
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 6cbae39617..7884305a4d 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -237,7 +237,7 @@ SEED_set_key                            241	3_0_0	EXIST::FUNCTION:SEED
 EC_KEY_clear_flags                      242	3_0_0	EXIST::FUNCTION:EC
 CMS_RecipientInfo_ktri_get0_algs        243	3_0_0	EXIST::FUNCTION:CMS
 i2d_EC_PUBKEY                           244	3_0_0	EXIST::FUNCTION:EC
-MDC2                                    245	3_0_0	EXIST::FUNCTION:MDC2
+MDC2                                    245	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
 BN_clear_free                           246	3_0_0	EXIST::FUNCTION:
 ENGINE_get_pkey_asn1_meths              247	3_0_0	EXIST::FUNCTION:ENGINE
 DSO_merge                               248	3_0_0	EXIST::FUNCTION:
@@ -1112,7 +1112,7 @@ X509_set_issuer_name                    1138	3_0_0	EXIST::FUNCTION:
 RSA_new                                 1139	3_0_0	EXIST::FUNCTION:RSA
 ASN1_STRING_set_by_NID                  1140	3_0_0	EXIST::FUNCTION:
 PEM_write_bio_PKCS7                     1141	3_0_0	EXIST::FUNCTION:
-MDC2_Final                              1142	3_0_0	EXIST::FUNCTION:MDC2
+MDC2_Final                              1142	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
 SMIME_crlf_copy                         1143	3_0_0	EXIST::FUNCTION:
 OCSP_REQUEST_get_ext_count              1144	3_0_0	EXIST::FUNCTION:OCSP
 OCSP_REQ_CTX_new                        1145	3_0_0	EXIST::FUNCTION:OCSP
@@ -1184,7 +1184,7 @@ X509_policy_tree_free                   1210	3_0_0	EXIST::FUNCTION:
 EC_GFp_simple_method                    1211	3_0_0	EXIST::FUNCTION:EC
 X509_it                                 1212	3_0_0	EXIST::FUNCTION:
 d2i_PROXY_POLICY                        1213	3_0_0	EXIST::FUNCTION:
-MDC2_Update                             1214	3_0_0	EXIST::FUNCTION:MDC2
+MDC2_Update                             1214	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
 EC_KEY_new_by_curve_name                1215	3_0_0	EXIST::FUNCTION:EC
 X509_CRL_free                           1216	3_0_0	EXIST::FUNCTION:
 i2d_PKCS7_SIGN_ENVELOPE                 1217	3_0_0	EXIST::FUNCTION:
@@ -2025,7 +2025,7 @@ BIO_new_CMS                             2071	3_0_0	EXIST::FUNCTION:CMS
 i2d_ASN1_ENUMERATED                     2072	3_0_0	EXIST::FUNCTION:
 PEM_read_DSAparams                      2073	3_0_0	EXIST::FUNCTION:DSA,STDIO
 TS_TST_INFO_set_ordering                2074	3_0_0	EXIST::FUNCTION:TS
-MDC2_Init                               2075	3_0_0	EXIST::FUNCTION:MDC2
+MDC2_Init                               2075	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
 i2o_SCT                                 2076	3_0_0	EXIST::FUNCTION:CT
 d2i_TS_STATUS_INFO                      2077	3_0_0	EXIST::FUNCTION:TS
 ERR_error_string_n                      2078	3_0_0	EXIST::FUNCTION: