-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/cipher: deprecate NewOFB, NewCFBDecrypter and NewCFBEncrypter #69445
Comments
This proposal has been added to the active column of the proposals project |
Change https://go.dev/cl/621957 mentions this issue: |
For the purposes of FIPS certification, is it enough to simply mark these as deprecated? |
These will sit outside the boundary of the FIPS module, so for the purposes of certification they don't exist, and we don't even need to deprecate them. Now felt like a good time to deprecate them to signal that we did not put them within the FIPS module boundary and did not get them validated, and to be able to make statements like "all non-deprecated functions that NIST considers approved and not legacy are validated". |
@FiloSottile , can you write out exactly what the deprecation message would be for these, including steering people toward the right replacement? Thanks. |
Same for OFB. |
CFB and OFB are mostly unused, and not a performance target. Updates #39365 Updates #69445 Change-Id: Ice6441e4fee2112a9e72607c63e49dbc50441ba6 Reviewed-on: https://go-review.googlesource.com/c/go/+/621957 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Based on the discussion above, this proposal seems like a likely accept. The proposal is to deprecate the following functions from |
Change https://go.dev/cl/631019 mentions this issue: |
Updates #69445 Change-Id: Ie9cd13d65f1f989f24731f8b09bbc5124873549f Reviewed-on: https://go-review.googlesource.com/c/go/+/631019 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org>
No change in consensus, so accepted. 🎉 The proposal is to deprecate the following functions from |
Is there anything left to do here? As far as I can tell this is done. |
I don't think so, closing. |
Both OFB and CFB are unauthenticated encryption modes, which should be used only in very particular circumstances. They are also way less popular than the most used unauthenticated encryption mode, CTR, and our implementations are less optimized and not covered by the Go+BoringCrypto mode.
OFB mode is essentially unused (four real Debian CodeSearch hits). CFB mode is almost unused (five real Debian CodeSearch hits, a few more using other code search tools)
The CFB implementation in crypto/cipher arguably misuses the Stream interface, too. Unlike CTR or OFB that turn a block cipher into a true stream cipher by producing a keystream that is then XOR'd with the plaintext or ciphertext, CFB operates on the actual plaintext or ciphertext input. This is visible in the Encrypter / Decrypter asymmetry, and makes it impossible to XOR some zeroes to then XOR the result with the plaintext/ciphertext, which would be a reasonable expectation to have of a Stream.
We'd not be adding these if we were deciding today, we are not going to take optimizations for them, and we want to generally steer users away from them and towards authenticated modes like GCM or at least towards the more popular, more optimized, and Go+BoringCrypto covered CTR.
/cc @golang/security @golang/proposal-review
The text was updated successfully, but these errors were encountered: