diff options
| author | Filippo Valsorda <filippo@golang.org> | 2024-11-22 04:45:33 +0100 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-11-22 04:18:54 +0000 |
| commit | de76c0dff7b43a761786a9b5c75db2fb77797d62 (patch) | |
| tree | 1a48d2793fd6665409a2717e56d81f8a79c51fdb /src/crypto | |
| parent | 4b7f7cd87dfcbc17861c908b20a6101e5915ef59 (diff) | |
| download | go-de76c0dff7b43a761786a9b5c75db2fb77797d62.tar.xz | |
crypto/cipher: deprecate NewOFB, NewCFBDecrypter, and NewCFBEncrypter
Updates #69445
Change-Id: Ie9cd13d65f1f989f24731f8b09bbc5124873549f
Reviewed-on: https://go-review.googlesource.com/c/go/+/631019
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/cipher/cfb.go | 12 | ||||
| -rw-r--r-- | src/crypto/cipher/ofb.go | 6 |
2 files changed, 18 insertions, 0 deletions
diff --git a/src/crypto/cipher/cfb.go b/src/crypto/cipher/cfb.go index b9f9efa574..b493e05fe2 100644 --- a/src/crypto/cipher/cfb.go +++ b/src/crypto/cipher/cfb.go @@ -54,6 +54,12 @@ func (x *cfb) XORKeyStream(dst, src []byte) { // NewCFBEncrypter returns a [Stream] which encrypts with cipher feedback mode, // using the given [Block]. The iv must be the same length as the [Block]'s block // size. +// +// Deprecated: CFB mode is not authenticated, which generally enables active +// attacks to manipulate and recover the plaintext. It is recommended that +// applications use [AEAD] modes instead. The standard library implementation of +// CFB is also unoptimized and not validated as part of the FIPS 140-3 module. +// If an unauthenticated [Stream] mode is required, use [NewCTR] instead. func NewCFBEncrypter(block Block, iv []byte) Stream { if fips140only.Enabled { panic("crypto/cipher: use of CFB is not allowed in FIPS 140-only mode") @@ -64,6 +70,12 @@ func NewCFBEncrypter(block Block, iv []byte) Stream { // NewCFBDecrypter returns a [Stream] which decrypts with cipher feedback mode, // using the given [Block]. The iv must be the same length as the [Block]'s block // size. +// +// Deprecated: CFB mode is not authenticated, which generally enables active +// attacks to manipulate and recover the plaintext. It is recommended that +// applications use [AEAD] modes instead. The standard library implementation of +// CFB is also unoptimized and not validated as part of the FIPS 140-3 module. +// If an unauthenticated [Stream] mode is required, use [NewCTR] instead. func NewCFBDecrypter(block Block, iv []byte) Stream { if fips140only.Enabled { panic("crypto/cipher: use of CFB is not allowed in FIPS 140-only mode") diff --git a/src/crypto/cipher/ofb.go b/src/crypto/cipher/ofb.go index abdc0225c0..8db5659f7a 100644 --- a/src/crypto/cipher/ofb.go +++ b/src/crypto/cipher/ofb.go @@ -22,6 +22,12 @@ type ofb struct { // NewOFB returns a [Stream] that encrypts or decrypts using the block cipher b // in output feedback mode. The initialization vector iv's length must be equal // to b's block size. +// +// Deprecated: OFB mode is not authenticated, which generally enables active +// attacks to manipulate and recover the plaintext. It is recommended that +// applications use [AEAD] modes instead. The standard library implementation of +// OFB is also unoptimized and not validated as part of the FIPS 140-3 module. +// If an unauthenticated [Stream] mode is required, use [NewCTR] instead. func NewOFB(b Block, iv []byte) Stream { if fips140only.Enabled { panic("crypto/cipher: use of OFB is not allowed in FIPS 140-only mode") |