summaryrefslogtreecommitdiff
path: root/crypt
diff options
context:
space:
mode:
authorZack Weinberg <zackw@panix.com>2018-06-29 16:53:18 +0200
committerFlorian Weimer <fweimer@redhat.com>2018-06-29 16:53:18 +0200
commitb10a0accee709a5efff2fadf0b0bbb79ff0ad759 (patch)
tree27796fe83ec5f82a8f36a36afa169fe6dddf8b27 /crypt
parentmalloc: Update heap dumping/undumping comments [BZ #23351] (diff)
downloadglibc-b10a0accee709a5efff2fadf0b0bbb79ff0ad759.tar.gz
glibc-b10a0accee709a5efff2fadf0b0bbb79ff0ad759.tar.bz2
glibc-b10a0accee709a5efff2fadf0b0bbb79ff0ad759.zip
Disallow use of DES encryption functions in new programs.
The functions encrypt, setkey, encrypt_r, setkey_r, cbc_crypt, ecb_crypt, and des_setparity should not be used in new programs, because they use the DES block cipher, which is unacceptably weak by modern standards. Demote all of them to compatibility symbols, and remove their prototypes from installed headers. cbc_crypt, ecb_crypt, and des_setparity were already compat symbols when glibc was configured with --disable-obsolete-rpc. POSIX requires encrypt and setkey to be available when _XOPEN_CRYPT is defined, so this change also removes the definition of X_OPEN_CRYPT from <unistd.h>. The entire "DES Encryption" section is dropped from the manual, as is the mention of AUTH_DES and FIPS 140-2 in the introduction to crypt.texi. The documentation of 'memfrob' cross-referenced the DES Encryption section, which is replaced by a hyperlink to libgcrypt, and while I was in there I spruced up the actual documentation of 'memfrob' and 'strfry' a little. It's still fairly jokey, because those functions _are_ jokes, but they do also have real use cases, so people trying to use them for real should have all the information they need. DES-based authentication for Sun RPC is also insecure and should be deprecated or even removed, but maybe that can be left as TI-RPC's problem.
Diffstat (limited to 'crypt')
-rw-r--r--crypt/cert.c26
-rw-r--r--crypt/crypt-entry.c15
-rw-r--r--crypt/crypt.h18
-rw-r--r--crypt/crypt_util.c9
4 files changed, 39 insertions, 29 deletions
diff --git a/crypt/cert.c b/crypt/cert.c
index 80029e9078..e070ca398d 100644
--- a/crypt/cert.c
+++ b/crypt/cert.c
@@ -10,6 +10,22 @@
#include <stdlib.h>
#include "crypt.h"
+/* This file tests the deprecated setkey/encrypt interface. */
+#include <shlib-compat.h>
+#if TEST_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
+
+#define libcrypt_version_reference(symbol, version) \
+ _libcrypt_version_reference (symbol, VERSION_libcrypt_##version)
+#define _libcrypt_version_reference(symbol, version) \
+ __libcrypt_version_reference (symbol, version)
+#define __libcrypt_version_reference(symbol, version) \
+ __asm__ (".symver " #symbol ", " #symbol "@" #version)
+
+extern void setkey (const char *);
+extern void encrypt (const char *, int);
+libcrypt_version_reference (setkey, GLIBC_2_0);
+libcrypt_version_reference (encrypt, GLIBC_2_0);
+
int totfails = 0;
int main (int argc, char *argv[]);
@@ -104,3 +120,13 @@ put8 (char *cp)
printf("%02x", t);
}
}
+
+#else /* encrypt and setkey are not available. */
+
+int
+main (void)
+{
+ return 77; /* UNSUPPORTED */
+}
+
+#endif
diff --git a/crypt/crypt-entry.c b/crypt/crypt-entry.c
index 58691fb384..4e95f74878 100644
--- a/crypt/crypt-entry.c
+++ b/crypt/crypt-entry.c
@@ -35,6 +35,7 @@
#endif
#include "crypt-private.h"
+#include <shlib-compat.h>
/* Prototypes for local functions. */
#ifndef __GNU_LIBRARY__
@@ -176,17 +177,7 @@ crypt (const char *key, const char *salt)
return __crypt_r (key, salt, &_ufc_foobar);
}
-
-/*
- * To make fcrypt users happy.
- * They don't need to call init_des.
- */
-#ifdef _LIBC
+#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
weak_alias (crypt, fcrypt)
-#else
-char *
-__fcrypt (const char *key, const char *salt)
-{
- return crypt (key, salt);
-}
+compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0);
#endif
diff --git a/crypt/crypt.h b/crypt/crypt.h
index 5da098b715..3cb18de14d 100644
--- a/crypt/crypt.h
+++ b/crypt/crypt.h
@@ -32,16 +32,8 @@ __BEGIN_DECLS
extern char *crypt (const char *__key, const char *__salt)
__THROW __nonnull ((1, 2));
-/* Setup DES tables according KEY. */
-extern void setkey (const char *__key) __THROW __nonnull ((1));
-
-/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
- block in place. */
-extern void encrypt (char *__glibc_block, int __edflag)
- __THROW __nonnull ((1));
-
#ifdef __USE_GNU
-/* Reentrant versions of the functions above. The additional argument
+/* Reentrant version of 'crypt'. The additional argument
points to a structure where the results are placed in. */
struct crypt_data
{
@@ -60,14 +52,6 @@ struct crypt_data
extern char *crypt_r (const char *__key, const char *__salt,
struct crypt_data * __restrict __data)
__THROW __nonnull ((1, 2, 3));
-
-extern void setkey_r (const char *__key,
- struct crypt_data * __restrict __data)
- __THROW __nonnull ((1, 2));
-
-extern void encrypt_r (char *__glibc_block, int __edflag,
- struct crypt_data * __restrict __data)
- __THROW __nonnull ((1, 3));
#endif
__END_DECLS
diff --git a/crypt/crypt_util.c b/crypt/crypt_util.c
index 4958918770..fbfc783751 100644
--- a/crypt/crypt_util.c
+++ b/crypt/crypt_util.c
@@ -34,6 +34,7 @@
#endif
#include "crypt-private.h"
+#include <shlib-compat.h>
/* Prototypes for local functions. */
#ifndef __GNU_LIBRARY__
@@ -150,6 +151,7 @@ static const int sbox[8][4][16]= {
}
};
+#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
/*
* This is the initial
* permutation matrix
@@ -160,6 +162,7 @@ static const int initial_perm[64] = {
57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
};
+#endif
/*
* This is the final
@@ -785,6 +788,7 @@ _ufc_output_conversion_r (ufc_long v1, ufc_long v2, const char *salt,
__data->crypt_3_buf[13] = 0;
}
+#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
/*
* UNIX encrypt function. Takes a bitvector
@@ -885,12 +889,14 @@ __encrypt_r (char *__block, int __edflag,
}
}
weak_alias (__encrypt_r, encrypt_r)
+compat_symbol (libcrypt, encrypt_r, encrypt_r, GLIBC_2_0);
void
encrypt (char *__block, int __edflag)
{
__encrypt_r(__block, __edflag, &_ufc_foobar);
}
+compat_symbol (libcrypt, encrypt, encrypt, GLIBC_2_0);
/*
@@ -915,12 +921,15 @@ __setkey_r (const char *__key, struct crypt_data * __restrict __data)
_ufc_mk_keytab_r((char *) ktab, __data);
}
weak_alias (__setkey_r, setkey_r)
+compat_symbol (libcrypt, setkey_r, setkey_r, GLIBC_2_0);
void
setkey (const char *__key)
{
__setkey_r(__key, &_ufc_foobar);
}
+compat_symbol (libcrypt, setkey, setkey, GLIBC_2_0);
+#endif /* SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) */
void
__b64_from_24bit (char **cp, int *buflen,