aboutsummaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2017-07-24 14:32:59 -0400
committerNick Mathewson <nickm@torproject.org>2017-07-24 14:34:53 -0400
commit6c8c9731915a796c8a1bc11f376793459db1200f (patch)
tree2df0e14503b35d2b70e0ca4ae08d115d81ffb3db /src/common
parentdb1664e5932ae0435b23c2ca92e74f3a5c64c1f8 (diff)
downloadtor-6c8c9731915a796c8a1bc11f376793459db1200f.tar.gz
tor-6c8c9731915a796c8a1bc11f376793459db1200f.zip
Rename the hybrid_encrypt/decrypt functions; label them as dangerous
We need to keep these around for TAP and old-style hidden services, but they're obsolete, and we shouldn't encourage anyone to use them. So I've added "obsolete" to their names, and a comment explaining what the problem is. Closes ticket 23026.
Diffstat (limited to 'src/common')
-rw-r--r--src/common/crypto.c15
-rw-r--r--src/common/crypto.h4
2 files changed, 13 insertions, 6 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 875b4eeb56..c258f239a8 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1238,9 +1238,12 @@ crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
* - The beginning of the source data prefixed with a 16-byte symmetric key,
* padded and encrypted with the public key; followed by the rest of
* the source data encrypted in AES-CTR mode with the symmetric key.
+ *
+ * NOTE that this format does not authenticate the symmetrically encrypted
+ * part of the data, and SHOULD NOT BE USED for new protocols.
*/
int
-crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
+crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env,
char *to, size_t tolen,
const char *from,
size_t fromlen,
@@ -1302,10 +1305,14 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
return -1;
}
-/** Invert crypto_pk_public_hybrid_encrypt. Returns the number of bytes
- * written on success, -1 on failure. */
+/** Invert crypto_pk_obsolete_public_hybrid_encrypt. Returns the number of
+ * bytes written on success, -1 on failure.
+ *
+ * NOTE that this format does not authenticate the symmetrically encrypted
+ * part of the data, and SHOULD NOT BE USED for new protocols.
+ */
int
-crypto_pk_private_hybrid_decrypt(crypto_pk_t *env,
+crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env,
char *to,
size_t tolen,
const char *from,
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 5951321c05..cde241dd37 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -197,11 +197,11 @@ int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
-int crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, char *to,
+int crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, char *to,
size_t tolen,
const char *from, size_t fromlen,
int padding, int force);
-int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
+int crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, char *to,
size_t tolen,
const char *from, size_t fromlen,
int padding, int warnOnFailure);