Hi,

Various places in the source say that old des support is going to
be removed before 1.0.  I think it's time to move forward.

I think we have 2 options:
- Completly drop the old des support, including des_old.h
- Drop the libdes compatibility, so that it's only compatible
  with older openssl versions, and people can still use the des_*
  versions.

The second option would be removing the des_old.c, des_old2.c
files, and change des_old.h to remove the libdes compatibility.

I think the attached patch removes most of it, but maybe more
can/should be removed?

We could also change des.h to not default to
OPENSSL_ENABLE_OLD_DES_SUPPORT.


Kurt

Index: crypto/des/Makefile
===================================================================
RCS file: /home/kurt/openssl/cvs/openssl-cvs/openssl/crypto/des/Makefile,v
retrieving revision 1.8
diff -u -r1.8 Makefile
--- crypto/des/Makefile 4 Feb 2006 01:45:28 -0000       1.8
+++ crypto/des/Makefile 13 Mar 2006 21:07:37 -0000
@@ -30,7 +30,7 @@
        qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
        des_enc.c fcrypt_b.c \
        xcbc_enc.c \
-       str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+       str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c \
        read2pwd.c
 
 LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
@@ -39,7 +39,7 @@
        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
        ${DES_ENC} \
        fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \
-       ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
+       ede_cbcm_enc.o read2pwd.o
 
 SRC= $(LIBSRC)
 
@@ -157,18 +157,6 @@
 des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h
-des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-des_old.o: ../../include/openssl/ui_compat.h des_old.c
-des_old2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-des_old2.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-des_old2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-des_old2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-des_old2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-des_old2.o: ../../include/openssl/ui_compat.h des_old2.c
 ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
Index: crypto/des/des_old.h
===================================================================
RCS file: /home/kurt/openssl/cvs/openssl-cvs/openssl/crypto/des/des_old.h,v
retrieving revision 1.22
diff -u -r1.22 des_old.h
--- crypto/des/des_old.h        7 Aug 2005 22:21:40 -0000       1.22
+++ crypto/des/des_old.h        13 Mar 2006 21:02:43 -0000
@@ -3,26 +3,10 @@
 /* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
  *
  * The function names in here are deprecated and are only present to
- * provide an interface compatible with openssl 0.9.6 and older as
- * well as libdes.  OpenSSL now provides functions where "des_" has
- * been replaced with "DES_" in the names, to make it possible to
- * make incompatible changes that are needed for C type security and
- * other stuff.
- *
- * This include files has two compatibility modes:
- *
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
- *     that is compatible with libdes and SSLeay.
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
- *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
- *
- * Note that these modes break earlier snapshots of OpenSSL, where
- * libdes compatibility was the only available mode or (later on) the
- * prefered compatibility mode.  However, after much consideration
- * (and more or less violent discussions with external parties), it
- * was concluded that OpenSSL should be compatible with earlier versions
- * of itself before anything else.  Also, in all honesty, libdes is
- * an old beast that shouldn't really be used any more.
+ * provide an interface compatible with openssl 0.9.6 and older.
+ * OpenSSL now provides functions where "des_" has been replaced
+ * with "DES_" in the names, to make it possible to make incompatible
+ * changes that are needed for C type security and other stuff.
  *
  * Please consider starting to use the DES_ functions rather than the
  * des_ ones.  The des_ functions will disappear completely before
@@ -131,7 +115,6 @@
                } ks;
        } _ossl_old_des_key_schedule[16];
 
-#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
 #define des_cblock DES_cblock
 #define const_des_cblock const_DES_cblock
 #define des_key_schedule DES_key_schedule
@@ -235,171 +218,6 @@
 
 #define des_check_key DES_check_key
 #define des_rw_mode DES_rw_mode
-#else /* libdes compatibility */
-/* Map all symbol names to _ossl_old_des_* form, so we avoid all
-   clashes with libdes */
-#define des_cblock _ossl_old_des_cblock
-#define des_key_schedule _ossl_old_des_key_schedule
-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-       _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-       _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-       
_ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-       _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
-#define des_options()\
-       _ossl_old_des_options()
-#define des_cbc_cksum(i,o,l,k,iv)\
-       _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
-#define des_cbc_encrypt(i,o,l,k,iv,e)\
-       _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_ncbc_encrypt(i,o,l,k,iv,e)\
-       _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-       _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-       _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
-#define des_ecb_encrypt(i,o,k,e)\
-       _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
-#define des_encrypt(d,k,e)\
-       _ossl_old_des_encrypt((d),(k),(e))
-#define des_encrypt2(d,k,e)\
-       _ossl_old_des_encrypt2((d),(k),(e))
-#define des_encrypt3(d,k1,k2,k3)\
-       _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
-#define des_decrypt3(d,k1,k2,k3)\
-       _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
-#define des_xwhite_in2out(k,i,o)\
-       _ossl_old_des_xwhite_in2out((k),(i),(o))
-#define des_enc_read(f,b,l,k,iv)\
-       _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
-#define des_enc_write(f,b,l,k,iv)\
-       _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
-#define des_fcrypt(b,s,r)\
-       _ossl_old_des_fcrypt((b),(s),(r))
-#define des_crypt(b,s)\
-       _ossl_old_des_crypt((b),(s))
-#if 0
-#define crypt(b,s)\
-       _ossl_old_crypt((b),(s))
-#endif
-#define des_ofb_encrypt(i,o,n,l,k,iv)\
-       _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
-#define des_pcbc_encrypt(i,o,l,k,iv,e)\
-       _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_quad_cksum(i,o,l,c,s)\
-       _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
-#define des_random_seed(k)\
-       _ossl_old_des_random_seed((k))
-#define des_random_key(r)\
-       _ossl_old_des_random_key((r))
-#define des_read_password(k,p,v) \
-       _ossl_old_des_read_password((k),(p),(v))
-#define des_read_2passwords(k1,k2,p,v) \
-       _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
-#define des_set_odd_parity(k)\
-       _ossl_old_des_set_odd_parity((k))
-#define des_is_weak_key(k)\
-       _ossl_old_des_is_weak_key((k))
-#define des_set_key(k,ks)\
-       _ossl_old_des_set_key((k),(ks))
-#define des_key_sched(k,ks)\
-       _ossl_old_des_key_sched((k),(ks))
-#define des_string_to_key(s,k)\
-       _ossl_old_des_string_to_key((s),(k))
-#define des_string_to_2keys(s,k1,k2)\
-       _ossl_old_des_string_to_2keys((s),(k1),(k2))
-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-       _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-       _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
-               
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-       des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-       des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-       des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-       des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define des_check_key DES_check_key
-#define des_rw_mode DES_rw_mode
-#endif
-
-const char *_ossl_old_des_options(void);
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock 
*input,_ossl_old_des_cblock *output,
-       _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
-       _ossl_old_des_key_schedule ks3, int enc);
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock 
*input,_ossl_old_des_cblock *output,
-       long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock 
*ivec);
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock 
*input,_ossl_old_des_cblock *output,long length,
-       _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock 
*input,_ossl_old_des_cblock *output,long length,
-       _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock 
*input,_ossl_old_des_cblock *output,long length,
-       _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
-       _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int 
numbits,
-       long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock 
*ivec,int enc);
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock 
*input,_ossl_old_des_cblock *output,
-       _ossl_old_des_key_schedule ks,int enc);
-void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int 
enc);
-void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int 
enc);
-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-       _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-       _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, 
_ossl_old_des_cblock *output, 
-       long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule 
ks2, 
-       _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-       long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule 
ks2,
-       _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, 
int enc);
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-       long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule 
ks2,
-       _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
-
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), 
_ossl_old_des_cblock (*in_white),
-       _ossl_old_des_cblock (*out_white));
-
-int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule 
sched,
-       _ossl_old_des_cblock *iv);
-int _ossl_old_des_enc_write(int fd,char *buf,int 
len,_ossl_old_des_key_schedule sched,
-       _ossl_old_des_cblock *iv);
-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
-char *_ossl_old_des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(NeXT)
-char *_ossl_old_crypt(const char *buf,const char *salt);
-#endif
-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
-       int numbits,long length,_ossl_old_des_key_schedule 
schedule,_ossl_old_des_cblock *ivec);
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock 
*input,_ossl_old_des_cblock *output,long length,
-       _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock 
*input,_ossl_old_des_cblock *output,
-       long length,int out_count,_ossl_old_des_cblock *seed);
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char 
*prompt,int verify);
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock 
*key1,_ossl_old_des_cblock *key2,
-       const char *prompt,int verify);
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule 
schedule);
-int _ossl_old_des_key_sched(_ossl_old_des_cblock 
*key,_ossl_old_des_key_schedule schedule);
-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock 
*key1,_ossl_old_des_cblock *key2);
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long 
length,
-       _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int 
*num, int enc);
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long 
length,
-       _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int 
*num);
-
-void _ossl_096_des_random_seed(des_cblock *key);
 
 /* The following definitions provide compatibility with the MIT Kerberos
  * library. The _ossl_old_des_key_schedule structure is not binary compatible. 
*/

Reply via email to