diff options
author | Pauli <paul.dale@oracle.com> | 2020-01-16 13:50:03 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-01-25 09:30:59 +1000 |
commit | c6fec81b88131d08c1022504ccf6effa95497afb (patch) | |
tree | 8f9875a9f3a83fa13c6404faa8b7fa71f2c1f6f6 /apps/passwd.c | |
parent | f6edde4f06d2cadaf0949399e5df0b6f6a5b3598 (diff) |
Deprecate the low level DES functions.
Use of the low level DES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10858)
Diffstat (limited to 'apps/passwd.c')
-rw-r--r-- | apps/passwd.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/apps/passwd.c b/apps/passwd.c index c17bfd839c..4626eeb249 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ +/* We need to use some deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <string.h> #include "apps.h" @@ -16,7 +19,7 @@ #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/rand.h> -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) # include <openssl/des.h> #endif #include <openssl/md5.h> @@ -82,7 +85,7 @@ const OPTIONS passwd_options[] = { {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, {"1", OPT_1, '-', "MD5-based password algorithm"}, {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, #endif @@ -168,7 +171,7 @@ int passwd_main(int argc, char **argv) mode = passwd_aixmd5; break; case OPT_CRYPT: -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (mode != passwd_unset) goto opthelp; mode = passwd_crypt; @@ -205,7 +208,7 @@ int passwd_main(int argc, char **argv) mode = passwd_crypt; } -#ifdef OPENSSL_NO_DES +#if defined(OPENSSL_NO_DES) || defined(OPENSSL_NO_DEPRECATED_3_0) if (mode == passwd_crypt) goto opthelp; #endif @@ -798,7 +801,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, size_t saltlen = 0; size_t i; -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (mode == passwd_crypt) saltlen = 2; #endif /* !OPENSSL_NO_DES */ @@ -841,7 +844,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, assert(strlen(passwd) <= pw_maxlen); /* now compute password hash */ -#ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (mode == passwd_crypt) hash = DES_crypt(passwd, *salt_p); #endif |