Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt()

[openssl.git] / crypto / aes / aes_ige.c

diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
index e19922a1c47ce357ab1b50b33d555ec79e056561..351c1734593886f8494fbcb74435dea5d5d9f9f0 100644 (file)
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -9,6 +9,10 @@
 
 #include "internal/cryptlib.h"
 
+#if OPENSSL_API_3
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
@@ -34,6 +38,7 @@ typedef struct {
 
 /* N.B. The IV for this mode is _twice_ the block size */
 
+/*  Use of this function is deprecated. */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, const int enc)
@@ -162,6 +167,14 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 /*
  * Note that its effectively impossible to do biIGE in anything other
  * than a single pass, so no provision is made for chaining.
+ *
+ * NB: The implementation of AES_bi_ige_encrypt has a bug. It is supposed to use
+ * 2 AES keys, but in fact only one is ever used. This bug has been present
+ * since this code was first implemented. It is believed to have minimal
+ * security impact in practice and has therefore not been fixed for backwards
+ * compatibility reasons.
+ *
+ * Use of this function is deprecated.
  */
 
 /* N.B. The IV for this mode is _four times_ the block size */
@@ -282,3 +295,4 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
         }
     }
 }
+#endif