diff options
author | Matt Caswell <matt@openssl.org> | 2019-04-09 15:32:33 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-04-12 14:22:41 +0100 |
commit | fd367b4ce37d8f8353deb93fd7677ca636881d81 (patch) | |
tree | 853d01be754fb608381b4d3e4a4cc524c1fbcd87 /apps | |
parent | 9bba2c4c97a5fc5aea9e24223eebb85a15817e74 (diff) |
Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt()
These undocumented functions were never integrated into the EVP layer
and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised
and usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only
one is ever used. The security implications are believed to be minimal,
but this issue was never fixed for backwards compatibility reasons.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8710)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/speed.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/apps/speed.c b/apps/speed.c index e9ed8b54f7..72826f821c 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -166,10 +166,12 @@ static int DES_ede3_cbc_encrypt_loop(void *args); #endif static int AES_cbc_128_encrypt_loop(void *args); static int AES_cbc_192_encrypt_loop(void *args); -static int AES_ige_128_encrypt_loop(void *args); static int AES_cbc_256_encrypt_loop(void *args); +#if !OPENSSL_API_3 +static int AES_ige_128_encrypt_loop(void *args); static int AES_ige_192_encrypt_loop(void *args); static int AES_ige_256_encrypt_loop(void *args); +#endif static int CRYPTO_gcm128_aad_loop(void *args); static int RAND_bytes_loop(void *args); static int EVP_Update_loop(void *args); @@ -428,9 +430,11 @@ static const OPT_PAIR doit_choices[] = { {"aes-128-cbc", D_CBC_128_AES}, {"aes-192-cbc", D_CBC_192_AES}, {"aes-256-cbc", D_CBC_256_AES}, +#if !OPENSSL_API_3 {"aes-128-ige", D_IGE_128_AES}, {"aes-192-ige", D_IGE_192_AES}, {"aes-256-ige", D_IGE_256_AES}, +#endif #ifndef OPENSSL_NO_RC2 {"rc2-cbc", D_CBC_RC2}, {"rc2", D_CBC_RC2}, @@ -869,6 +873,7 @@ static int AES_cbc_256_encrypt_loop(void *args) return count; } +#if !OPENSSL_API_3 static int AES_ige_128_encrypt_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -904,6 +909,7 @@ static int AES_ige_256_encrypt_loop(void *args) (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT); return count; } +#endif static int CRYPTO_gcm128_aad_loop(void *args) { @@ -2429,6 +2435,7 @@ int speed_main(int argc, char **argv) } } +#if !OPENSSL_API_3 if (doit[D_IGE_128_AES]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum], @@ -2462,6 +2469,7 @@ int speed_main(int argc, char **argv) print_result(D_IGE_256_AES, testnum, count, d); } } +#endif if (doit[D_GHASH]) { for (i = 0; i < loopargs_len; i++) { loopargs[i].gcm_ctx = |