alpine 3.6
crypto weakness #29

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

DES only supports a 56-bit keysize, which is too small given today's computers.

File Name:

libressl/src/libressl-2.5.5/crypto/evp/e_old.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 crypto weakness.

 #include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_DEPRECATED

#include <openssl/evp.h>

/* Define some deprecated functions, so older programs
   don't crash and burn too quickly.  On Windows and VMS,
   these will never be used, since functions and variables
   in shared libraries are selected by entry point location,
   not by name.  */

#ifndef OPENSSL_NO_BF
#undef EVP_bf_cfb
const EVP_CIPHER *EVP_bf_cfb(void);
const EVP_CIPHER *
EVP_bf_cfb(void)
{
	return EVP_bf_cfb64();
}
#endif

#ifndef OPENSSL_NO_DES
#undef EVP_des_cfb
const EVP_CIPHER *EVP_des_cfb(void);
const EVP_CIPHER *
EVP_des_cfb(void)
{
	return EVP_des_cfb64();
}
#undef EVP_des_ede3_cfb
const EVP_CIPHER *EVP_des_ede3_cfb(void);
const EVP_CIPHER *
EVP_des_ede3_cfb(void)
{
	return EVP_des_ede3_cfb64();
}
#undef EVP_des_ede_cfb
const EVP_CIPHER *EVP_des_ede_cfb(void);
const EVP_CIPHER *
EVP_des_ede_cfb(void)
{
	return EVP_des_ede_cfb64();
}
#endif

#ifndef OPENSSL_NO_IDEA
#undef EVP_idea_cfb
const EVP_CIPHER *EVP_idea_cfb(void);
const EVP_CIPHER * 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.