diff options
| author | Matt Caswell <matt@openssl.org> | 2019-04-09 15:32:33 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-04-12 14:22:41 +0100 |
| commit | fd367b4ce37d8f8353deb93fd7677ca636881d81 (patch) | |
| tree | 853d01be754fb608381b4d3e4a4cc524c1fbcd87 /crypto/aes | |
| parent | 9bba2c4c97a5fc5aea9e24223eebb85a15817e74 (diff) | |
Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt()
These undocumented functions were never integrated into the EVP layer
and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised
and usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only
one is ever used. The security implications are believed to be minimal,
but this issue was never fixed for backwards compatibility reasons.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8710)
Diffstat (limited to 'crypto/aes')
| -rw-r--r-- | crypto/aes/aes_ige.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index e19922a1c4..351c173459 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -9,6 +9,10 @@ #include "internal/cryptlib.h" +#if OPENSSL_API_3 +NON_EMPTY_TRANSLATION_UNIT +#else + #include <openssl/aes.h> #include "aes_locl.h" @@ -34,6 +38,7 @@ typedef struct { /* N.B. The IV for this mode is _twice_ the block size */ +/* Use of this function is deprecated. */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, const int enc) @@ -162,6 +167,14 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, /* * Note that its effectively impossible to do biIGE in anything other * than a single pass, so no provision is made for chaining. + * + * NB: The implementation of AES_bi_ige_encrypt has a bug. It is supposed to use + * 2 AES keys, but in fact only one is ever used. This bug has been present + * since this code was first implemented. It is believed to have minimal + * security impact in practice and has therefore not been fixed for backwards + * compatibility reasons. + * + * Use of this function is deprecated. */ /* N.B. The IV for this mode is _four times_ the block size */ @@ -282,3 +295,4 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, } } } +#endif |