diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-07-24 14:32:59 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-07-24 14:34:53 -0400 |
| commit | 6c8c9731915a796c8a1bc11f376793459db1200f (patch) | |
| tree | 2df0e14503b35d2b70e0ca4ae08d115d81ffb3db /src/common | |
| parent | db1664e5932ae0435b23c2ca92e74f3a5c64c1f8 (diff) | |
| download | tor-6c8c9731915a796c8a1bc11f376793459db1200f.tar.gz tor-6c8c9731915a796c8a1bc11f376793459db1200f.zip | |
Rename the hybrid_encrypt/decrypt functions; label them as dangerous
We need to keep these around for TAP and old-style hidden services,
but they're obsolete, and we shouldn't encourage anyone to use them.
So I've added "obsolete" to their names, and a comment explaining
what the problem is.
Closes ticket 23026.
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/crypto.c | 15 | ||||
| -rw-r--r-- | src/common/crypto.h | 4 |
2 files changed, 13 insertions, 6 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 875b4eeb56..c258f239a8 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1238,9 +1238,12 @@ crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen, * - The beginning of the source data prefixed with a 16-byte symmetric key, * padded and encrypted with the public key; followed by the rest of * the source data encrypted in AES-CTR mode with the symmetric key. + * + * NOTE that this format does not authenticate the symmetrically encrypted + * part of the data, and SHOULD NOT BE USED for new protocols. */ int -crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, +crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, @@ -1302,10 +1305,14 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, return -1; } -/** Invert crypto_pk_public_hybrid_encrypt. Returns the number of bytes - * written on success, -1 on failure. */ +/** Invert crypto_pk_obsolete_public_hybrid_encrypt. Returns the number of + * bytes written on success, -1 on failure. + * + * NOTE that this format does not authenticate the symmetrically encrypted + * part of the data, and SHOULD NOT BE USED for new protocols. + */ int -crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, +crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, char *to, size_t tolen, const char *from, diff --git a/src/common/crypto.h b/src/common/crypto.h index 5951321c05..cde241dd37 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -197,11 +197,11 @@ int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen); int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen); -int crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, char *to, +int crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int force); -int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to, +int crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int warnOnFailure); |