diff options
| author | Matt Caswell <matt@openssl.org> | 2019-04-09 15:32:33 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-04-12 14:22:41 +0100 |
| commit | fd367b4ce37d8f8353deb93fd7677ca636881d81 (patch) | |
| tree | 853d01be754fb608381b4d3e4a4cc524c1fbcd87 /CHANGES | |
| parent | 9bba2c4c97a5fc5aea9e24223eebb85a15817e74 (diff) | |
Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt()
These undocumented functions were never integrated into the EVP layer
and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised
and usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only
one is ever used. The security implications are believed to be minimal,
but this issue was never fixed for backwards compatibility reasons.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8710)
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -9,6 +9,17 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been + deprecated. These undocumented functions were never integrated into the EVP + layer and implement the AES Infinite Garble Extension (IGE) mode and AES + Bi-directional IGE mode. These modes were never formally standardised and + usage of these functions is believed to be very small. In particular + AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one + is ever used. The security implications are believed to be minimal, but + this issue was never fixed for backwards compatibility reasons. New code + should not use these modes. + [Matt Caswell] + *) Add prediction resistance to the DRBG reseeding process. [Paul Dale] |