From b66a481888e00a36f833308bdcf53408238511d4 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Mon, 1 Jul 2019 14:41:19 -0400
Subject: Remove DES_check_key global

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9284)
---
 CHANGES                     |  4 ++++
 crypto/des/set_key.c        | 10 +---------
 doc/man3/DES_random_key.pod |  7 ++-----
 include/openssl/des.h       |  6 +-----
 util/libcrypto.num          |  4 ++--
 util/missingcrypto.txt      |  1 -
 6 files changed, 10 insertions(+), 22 deletions(-)

diff --git a/CHANGES b/CHANGES
index f23e9b2..accaee5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,10 @@
   *) Removed NextStep support and the macro OPENSSL_UNISTD
      [Rich Salz]
 
+  *) Removed DES_check_key.  Also removed OPENSSL_IMPLEMENT_GLOBAL,
+     OPENSSL_GLOBAL_REF, OPENSSL_DECLARE_GLOBAL.
+     [Rich Salz]
+
   *) RC5_32_set_key has been changed to return an int type, with 0 indicating
      an error and 1 indicating success. In previous versions of OpenSSL this
      was a void type. If a key was set longer than the maximum possible this
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
index 4726bb2..d42cebd 100644
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -18,9 +18,6 @@
 #include <openssl/crypto.h>
 #include "des_locl.h"
 
-/* defaults to false */
-OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
-
 static const unsigned char odd_parity[256] = {
     1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
     16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
@@ -277,12 +274,7 @@ static const DES_LONG des_skb[8][64] = {
 
 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
 {
-    if (DES_check_key) {
-        return DES_set_key_checked(key, schedule);
-    } else {
-        DES_set_key_unchecked(key, schedule);
-        return 0;
-    }
+    return DES_set_key_checked(key, schedule);
 }
 
 /*-
diff --git a/doc/man3/DES_random_key.pod b/doc/man3/DES_random_key.pod
index a148000..1506923 100644
--- a/doc/man3/DES_random_key.pod
+++ b/doc/man3/DES_random_key.pod
@@ -119,11 +119,8 @@ and is not a weak or semi-weak key.  If the parity is wrong, then -1
 is returned.  If the key is a weak key, then -2 is returned.  If an
 error is returned, the key schedule is not generated.
 
-DES_set_key() works like
-DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
-otherwise like DES_set_key_unchecked().  These functions are available
-for compatibility; it is recommended to use a function that does not
-depend on a global variable.
+DES_set_key() works like DES_set_key_checked() and remains for
+backward compatibility.
 
 DES_set_odd_parity() sets the parity of the passed I<key> to odd.
 
diff --git a/include/openssl/des.h b/include/openssl/des.h
index a0f5f3c..f74412b 100644
--- a/include/openssl/des.h
+++ b/include/openssl/des.h
@@ -63,9 +63,6 @@ typedef struct DES_ks {
 # define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
         DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
 
-OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
-# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
-
 const char *DES_options(void);
 void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
                       DES_key_schedule *ks1, DES_key_schedule *ks2,
@@ -148,8 +145,7 @@ int DES_check_key_parity(const_DES_cblock *key);
 int DES_is_weak_key(const_DES_cblock *key);
 /*
  * DES_set_key (= set_key = DES_key_sched = key_sched) calls
- * DES_set_key_checked if global variable DES_check_key is set,
- * DES_set_key_unchecked otherwise.
+ * DES_set_key_unchecked
  */
 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 38ca30a..9d95dab 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2052,8 +2052,8 @@ ENGINE_unregister_RSA                   2033	3_0_0	EXIST::FUNCTION:ENGINE
 EC_GROUP_order_bits                     2034	3_0_0	EXIST::FUNCTION:EC
 d2i_CMS_bio                             2035	3_0_0	EXIST::FUNCTION:CMS
 OPENSSL_sk_num                          2036	3_0_0	EXIST::FUNCTION:
-_shadow_DES_check_key                   2037	3_0_0	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
-_shadow_DES_check_key                   2037	3_0_0	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+_shadow_DES_check_key                   2037	3_0_0	NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key                   2037	3_0_0	NOEXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
 CMS_RecipientInfo_set0_pkey             2038	3_0_0	EXIST::FUNCTION:CMS
 X509_STORE_CTX_set_default              2039	3_0_0	EXIST::FUNCTION:
 AES_wrap_key                            2040	3_0_0	EXIST::FUNCTION:
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index a7cc467..a227b10 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -1441,7 +1441,6 @@ ZINT64_it
 ZLONG_it
 ZUINT32_it
 ZUINT64_it
-_shadow_DES_check_key
 a2d_ASN1_OBJECT
 a2i_ASN1_ENUMERATED
 a2i_ASN1_INTEGER
-- 
cgit v1.1