From patchwork Sun May 6 17:51:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zack Weinberg X-Patchwork-Id: 909346 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-92075-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=panix.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="pnmFJ7Yp"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40fCxd4gWTz9s27 for ; Mon, 7 May 2018 03:52:05 +1000 (AEST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; q=dns; s= default; b=dz4Ve11qQmzOeA83Y6Uno1f6r2N9uoYQM0QvlSSnUeiGb0bll3jXi VvKqb3HeucBi4760lf6/rZteI/deiHQ0tI9zdQGZlq40iXgc+7/c9jVa1sZuSoPx Jy0GZdDKjJXpU3HOdMSVem0JUvz0wvTgfiESpcRVVYpdQMClyPeKxY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; s=default; bh=KT0qfpt6K26GOUK3KU/EjDwivtI=; b=pnmFJ7YpsU/s9rF4dXjJhFUDQhug wIOq0B3vd9IRy92XgEJDeZ2WU1d4ddNJ7hOJcnHjBak3EqP3xwutv5bbaJwm6wAv yZUeBU2cyMi4egbEPoBUMTT4jrs21ZjkJBNN7ehu5tB/7jMX0LoByxXLQf3X1GMV XZqIKtWnWBw3JeA= Received: (qmail 81002 invoked by alias); 6 May 2018 17:51:58 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 80993 invoked by uid 89); 6 May 2018 17:51:58 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, SPF_PASS autolearn=ham version=3.3.2 spammy=book, Secure, odd, DES X-HELO: mailbackend.panix.com From: Zack Weinberg To: libc-alpha@sourceware.org Cc: carlos@redhat.com, fweimer@redhat.com, rj@2c3t.io Subject: [PATCH 3/4] Deprecate DES encryption functions. Date: Sun, 6 May 2018 13:51:52 -0400 Message-Id: <20180506175153.22629-4-zackw@panix.com> In-Reply-To: <20180506175153.22629-1-zackw@panix.com> References: <20180506175153.22629-1-zackw@panix.com> MIME-Version: 1.0 The functions encrypt, setkey, encrypt_r, setkey_r, cbc_crypt, ecb_crypt, and des_setparity should not be used in new programs, because they use the DES block cipher, which is unacceptably weak by modern standards. Mark all of them with __attribute_deprecated__. cbc_crypt, ecb_crypt, and des_setparity are already compat symbols when glibc is configured with --disable-obsolete-rpc. I think it is appropriate to keep encrypt, setkey, encrypt_r, and setkey_r as normal symbols until they are formally deprecated in POSIX (see http://austingroupbugs.net/view.php?id=1192 for the status of that process). DES-based authentication for Sun RPC is also insecure and should be deprecated or even removed, but maybe that can be left as TI-RPC's problem. * crypt/crypt.h: Update comments above encrypt and setkey. Mark encrypt, setkey, encrypt_r, and setkey_r with __attribute_deprecated__. * posix/unistd.h: Update comments above encrypt. Mark encrypt with __attribute_deprecated__. * stdlib/stdlib.h: Update comments above setkey. Mark setkey with __attribute_deprecated__. * sunrpc/rpc/des_crypt.h: Add comment explaining why none of these functions should be used in new programs. Mark cbc_crypt, ecb_crypt, and des_setparity with __attribute_deprecated__. * crypt/Makefile: Use -Wno-deprecated-declarations for the test program cert.c. * sunrpc/Makefile: Use -Wno-deprecated-declarations for auth_des.c, des_crypt.c, des_soft.c, svcauth_des.c, and xcrypt.c. --- NEWS | 8 ++++++++ crypt/Makefile | 3 +++ crypt/crypt.h | 17 +++++++++++------ posix/unistd.h | 8 +++++--- stdlib/stdlib.h | 9 +++++++-- sunrpc/Makefile | 9 +++++++++ sunrpc/rpc/des_crypt.h | 11 ++++++++--- 7 files changed, 51 insertions(+), 14 deletions(-) diff --git a/NEWS b/NEWS index 5155c86318..2fe2da8b59 100644 --- a/NEWS +++ b/NEWS @@ -63,6 +63,14 @@ Deprecated and removed features, and other changes affecting compatibility: binaries; the headers and have been removed. This function has been deprecated in favor of fstatfs and statfs. +* The functions 'encrypt', 'encrypt_r', 'setkey', 'setkey_r', 'cbc_crypt', + 'ecb_crypt', and 'des_setparity' are deprecated. They encrypt and decrypt + data with the DES block cipher, which is no longer considered secure. + Also, encrypt, encrypt_r, setkey, and setkey_r require awkward pre- and + post-processing of the encryption key and data to be encrypted, and + encrypt and setkey are not thread-safe. Software that still uses these + functions should switch to a modern cryptography library, such as GnuTLS. + Changes to build and runtime requirements: [Add changes to build and runtime requirements here] diff --git a/crypt/Makefile b/crypt/Makefile index 303800df73..e122bcebf0 100644 --- a/crypt/Makefile +++ b/crypt/Makefile @@ -32,6 +32,9 @@ libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \ tests := cert md5c-test sha256c-test sha512c-test badsalttest +# cert.c tests the deprecated setkey/encrypt interface +CFLAGS-cert.c = -Wno-deprecated-declarations + ifeq ($(crypt-in-libc),yes) routines += $(libcrypt-routines) endif diff --git a/crypt/crypt.h b/crypt/crypt.h index 5da098b715..22cf13ff89 100644 --- a/crypt/crypt.h +++ b/crypt/crypt.h @@ -32,13 +32,18 @@ __BEGIN_DECLS extern char *crypt (const char *__key, const char *__salt) __THROW __nonnull ((1, 2)); -/* Setup DES tables according KEY. */ -extern void setkey (const char *__key) __THROW __nonnull ((1)); +/* Set the encryption key for subsequent calls to 'encrypt'. + This function should not be used in new programs, because the cipher + it uses is DES, which is unacceptably weak by modern standards. */ +extern void setkey (const char *__key) + __THROW __nonnull ((1)) __attribute_deprecated__; /* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt - block in place. */ + block in place. The key is controlled by 'setkey'. + This function should not be used in new programs, because the cipher + it uses is DES, which is unacceptably weak by modern standards. */ extern void encrypt (char *__glibc_block, int __edflag) - __THROW __nonnull ((1)); + __THROW __nonnull ((1)) __attribute_deprecated__; #ifdef __USE_GNU /* Reentrant versions of the functions above. The additional argument @@ -63,11 +68,11 @@ extern char *crypt_r (const char *__key, const char *__salt, extern void setkey_r (const char *__key, struct crypt_data * __restrict __data) - __THROW __nonnull ((1, 2)); + __THROW __nonnull ((1, 2)) __attribute_deprecated__; extern void encrypt_r (char *__glibc_block, int __edflag, struct crypt_data * __restrict __data) - __THROW __nonnull ((1, 3)); + __THROW __nonnull ((1, 3)) __attribute_deprecated__; #endif __END_DECLS diff --git a/posix/unistd.h b/posix/unistd.h index 4d149f9945..5d4e07f6c8 100644 --- a/posix/unistd.h +++ b/posix/unistd.h @@ -1127,10 +1127,12 @@ extern char *crypt (const char *__key, const char *__salt) __THROW __nonnull ((1, 2)); /* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt - block in place. */ -extern void encrypt (char *__glibc_block, int __edflag) - __THROW __nonnull ((1)); + block in place. The key is controlled by 'setkey', in stdlib.h. + This function should not be used in new programs, because the cipher + it uses is DES, which is unacceptably weak by modern standards. */ +extern void encrypt (char *__glibc_block, int __edflag) + __THROW __nonnull ((1)) __attribute_deprecated__; /* Swab pairs bytes in the first N bytes of the area pointed to by FROM and copy the result to TO. The value of TO must not be in the diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h index 6b1ead31e0..5b104bcc51 100644 --- a/stdlib/stdlib.h +++ b/stdlib/stdlib.h @@ -959,8 +959,13 @@ extern int getsubopt (char **__restrict __optionp, #ifdef __USE_XOPEN -/* Setup DES tables according KEY. */ -extern void setkey (const char *__key) __THROW __nonnull ((1)); +/* Set the encryption key for subsequent calls to 'encrypt', which is + declared in unistd.h. + + This function should not be used in new programs, because the cipher + it uses is DES, which is unacceptably weak by modern standards. */ +extern void setkey (const char *__key) + __THROW __nonnull ((1)) __attribute_deprecated__; #endif diff --git a/sunrpc/Makefile b/sunrpc/Makefile index 8f2a3c8213..07fb90de6b 100644 --- a/sunrpc/Makefile +++ b/sunrpc/Makefile @@ -156,6 +156,15 @@ CFLAGS-pmap_rmt.c += -fexceptions CFLAGS-clnt_perr.c += -fexceptions CFLAGS-openchild.c += -fexceptions +# These files implement Secure RPC authentication using DES, which is +# no longer secure and has had some of the associated functions tagged +# __attribute_deprecated__. +CFLAGS-auth_des.c += -Wno-deprecated-declarations +CFLAGS-des_crypt.c += -Wno-deprecated-declarations +CFLAGS-des_soft.c += -Wno-deprecated-declarations +CFLAGS-svcauth_des.c += -Wno-deprecated-declarations +CFLAGS-xcrypt.c += -Wno-deprecated-declarations + sunrpc-CPPFLAGS = -D_RPC_THREAD_SAFE_ CPPFLAGS += $(sunrpc-CPPFLAGS) BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS) diff --git a/sunrpc/rpc/des_crypt.h b/sunrpc/rpc/des_crypt.h index 77cca3cbed..85875afa11 100644 --- a/sunrpc/rpc/des_crypt.h +++ b/sunrpc/rpc/des_crypt.h @@ -70,6 +70,10 @@ __BEGIN_DECLS * DESERR_NOHWDEVICE is returned if DES_HW was specified but * there was no hardware to do it on (the data will still be * encrypted though, in software). + * + * None of the functions in this header should be used in new programs, + * because the cipher they use is DES, which is unacceptably weak by + * modern standards. */ @@ -77,19 +81,20 @@ __BEGIN_DECLS * Cipher Block Chaining mode */ extern int cbc_crypt (char *__key, char *__buf, unsigned __len, - unsigned __mode, char *__ivec) __THROW; + unsigned __mode, char *__ivec) + __THROW __attribute_deprecated__; /* * Electronic Code Book mode */ extern int ecb_crypt (char *__key, char *__buf, unsigned __len, - unsigned __mode) __THROW; + unsigned __mode) __THROW __attribute_deprecated__; /* * Set des parity for a key. * DES parity is odd and in the low bit of each byte */ -extern void des_setparity (char *__key) __THROW; +extern void des_setparity (char *__key) __THROW __attribute_deprecated__; __END_DECLS