diff options
author | Bodo Möller <bodo@openssl.org> | 1999-03-29 16:07:36 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 1999-03-29 16:07:36 +0000 |
commit | 7c0f3d09b32ee1882ee309b660e82bc3077f42db (patch) | |
tree | b6d46c0c481df241af41fdc5d9d97383157d31f5 /crypto/des | |
parent | 67d5ac039f2ceb9a260a6aaf96707c1fc90640d3 (diff) | |
download | openssl-7c0f3d09b32ee1882ee309b660e82bc3077f42db.tar.gz |
Added comments to des_enc_{read,write} functions warning about their
cryptographic weakness (IV reuse).
Diffstat (limited to 'crypto/des')
-rw-r--r-- | crypto/des/enc_read.c | 19 | ||||
-rw-r--r-- | crypto/des/enc_writ.c | 14 |
2 files changed, 33 insertions, 0 deletions
diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c index 265e9ca36f..3e5ac09875 100644 --- a/crypto/des/enc_read.c +++ b/crypto/des/enc_read.c @@ -65,6 +65,25 @@ /*extern int errno;*/ int des_rw_mode=DES_PCBC_MODE; + +/* + * WARNINGS: + * + * - The data format used by des_enc_write() and des_enc_read() + * has a cryptographic weakness: When asked to write more + * than MAXWRITE bytes, des_enc_write will split the data + * into several chunks that are all encrypted + * using the same IV. So don't use these functions unless you + * are sure you know what you do (in which case you might + * not want to use them anyway). + * + * - This code cannot handle non-blocking sockets. + * + * - This function uses an internal state and thus cannot be + * used on multiple files. + */ + + int des_enc_read(fd, buf, len, sched, iv) int fd; char *buf; diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c index 96537ef584..d40dc273c0 100644 --- a/crypto/des/enc_writ.c +++ b/crypto/des/enc_writ.c @@ -62,6 +62,20 @@ #include "cryptlib.h" #include "des_locl.h" +/* + * WARNINGS: + * + * - The data format used by des_enc_write() and des_enc_read() + * has a cryptographic weakness: When asked to write more + * than MAXWRITE bytes, des_enc_write will split the data + * into several chunks that are all encrypted + * using the same IV. So don't use these functions unless you + * are sure you know what you do (in which case you might + * not want to use them anyway). + * + * - This code cannot handle non-blocking sockets. + */ + int des_enc_write(fd, buf, len, sched, iv) int fd; const char *buf; |