[grisbi-devel] src/plugins/openssl/openssl.c utilise DES qui est déprécié
Ludovic Rousseau
ludovic.rousseau at gmail.com
Mon Jun 27 10:51:14 CEST 2022
Bonjour,
Le plugin de chiffrement src/plugins/openssl/openssl.c utilise
l'algorithme DES qui est déprécié depuis OpenSSL 3.0 et qui génère des
warnings:
openssl.c: In function 'encrypt_v2':
openssl.c:111:5: error: 'DES_string_to_key' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
111 | DES_string_to_key ( password, &key );
| ^~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:193:28: note: declared here
193 | OSSL_DEPRECATEDIN_3_0 void DES_string_to_key(const char *str,
DES_cblock *key);
| ^~~~~~~~~~~~~~~~~
openssl.c:112:5: error: 'DES_set_key_unchecked' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
112 | DES_set_key_unchecked ( &key, &sched );
| ^~~~~~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:192:6: note: declared here
192 | void DES_set_key_unchecked(const_DES_cblock *key,
DES_key_schedule *schedule);
| ^~~~~~~~~~~~~~~~~~~~~
openssl.c:113:5: error: 'DES_set_odd_parity' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
113 | DES_set_odd_parity ( &key );
| ^~~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:176:28: note: declared here
176 | OSSL_DEPRECATEDIN_3_0 void DES_set_odd_parity(DES_cblock *key);
| ^~~~~~~~~~~~~~~~~~
openssl.c:115:5: error: 'DES_cbc_encrypt' is deprecated: Since OpenSSL
3.0 [-Werror=deprecated-declarations]
115 | DES_cbc_encrypt ( (guchar *) to_encrypt_content,
| ^~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:89:6: note: declared here
89 | void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
| ^~~~~~~~~~~~~~~
openssl.c: In function 'decrypt_v2':
openssl.c:145:5: error: 'DES_string_to_key' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
145 | DES_string_to_key ( password, &key );
| ^~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:193:28: note: declared here
193 | OSSL_DEPRECATEDIN_3_0 void DES_string_to_key(const char *str,
DES_cblock *key);
| ^~~~~~~~~~~~~~~~~
openssl.c:146:5: error: 'DES_set_key_unchecked' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
146 | DES_set_key_unchecked( &key, &sched );
| ^~~~~~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:192:6: note: declared here
192 | void DES_set_key_unchecked(const_DES_cblock *key,
DES_key_schedule *schedule);
| ^~~~~~~~~~~~~~~~~~~~~
openssl.c:147:5: error: 'DES_set_odd_parity' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
147 | DES_set_odd_parity ( &key );
| ^~~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:176:28: note: declared here
176 | OSSL_DEPRECATEDIN_3_0 void DES_set_odd_parity(DES_cblock *key);
| ^~~~~~~~~~~~~~~~~~
openssl.c:149:5: error: 'DES_cbc_encrypt' is deprecated: Since OpenSSL
3.0 [-Werror=deprecated-declarations]
149 | DES_cbc_encrypt ( (guchar *) (* file_content + V2_MARKER_SIZE),
| ^~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:89:6: note: declared here
89 | void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
| ^~~~~~~~~~~~~~~
openssl.c: In function 'decrypt_v1':
openssl.c:193:5: error: 'DES_string_to_key' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
193 | DES_string_to_key ( password, &key );
| ^~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:193:28: note: declared here
193 | OSSL_DEPRECATEDIN_3_0 void DES_string_to_key(const char *str,
DES_cblock *key);
| ^~~~~~~~~~~~~~~~~
openssl.c:194:5: error: 'DES_set_key_unchecked' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
194 | DES_set_key_unchecked( &key, &sched );
| ^~~~~~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:192:6: note: declared here
192 | void DES_set_key_unchecked(const_DES_cblock *key,
DES_key_schedule *schedule);
| ^~~~~~~~~~~~~~~~~~~~~
openssl.c:195:5: error: 'DES_set_odd_parity' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
195 | DES_set_odd_parity ( &key );
| ^~~~~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:176:28: note: declared here
176 | OSSL_DEPRECATEDIN_3_0 void DES_set_odd_parity(DES_cblock *key);
| ^~~~~~~~~~~~~~~~~~
openssl.c:200:5: error: 'DES_cbc_encrypt' is deprecated: Since OpenSSL
3.0 [-Werror=deprecated-declarations]
200 | DES_cbc_encrypt ( (guchar *) (* file_content + V1_MARKER_SIZE),
| ^~~~~~~~~~~~~~~
In file included from openssl.c:32:
/usr/include/openssl/des.h:89:6: note: declared here
89 | void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
| ^~~~~~~~~~~~~~~
Je propose de remplacer l'algorithme DES par AES. Et donc passer à la
version 3 du format de chiffrement de Grisbi.
Il faudra conserver le déchiffrement en DES (v1 et V2) pendant aussi
longtemps que possible pour pouvoir lire les "vieux" fichiers .gsb
chiffrés.
Mais le chiffrement devrait utiliser AES maintenant.
La migration du format V2 (DES) à V3 (AES) serait transparente pour un
utilisateur.
Sauf dans le cas ou il sauvegarde un fichier avec (le futur) Grisbi
2.2 (avec AES) et qu'il veut ensuite le relire avec Grisbi 2.0 (DES).
Ça ne fonctionnera pas.
Des commentaires ou avis ?
Merci
--
Dr. Ludovic Rousseau
More information about the devel
mailing list