[boringssl-sys] Expose `AES`, `MD5`, and `RC4` functions.
This change exposes `AES`, `MD5`, and `RC4` functions by introducing a
non-postfixed group in the symbol whitelist and executing `bindgen.sh`,
which was missed in fxr/411201. Rust `bindgen` has also been pinned to
version 0.54.0 and used to regenerate bindings.
Both MD5 and RC4 are known to be insecure. These APIs are exposed by
Mundane and used to implement legacy protocols. Mundane annotates all
insecure crypto APIs as deprecated and prefixes all items with
"insecure". Moreover, insecure APIs are exposed in a module that is only
built when a specific feature flag is used. See Mundane's `insecure`
module documentation for more:
https://docs.rs/mundane/0.4.3/mundane/insecure/index.html
AES is a secure cipher, but non-AE modes of AES are dangerous and easily
misused. In particular, non-AE modes do not authenticate ciphertext.
Mundane plans to expose secure modes of AES like AES-GCM and, until it
can expose known insecure AES APIs like RFC 3394 key wrapping, these
will be wrapped directly by crates that implement legacy protocols. See
KMS for example:
https://fuchsia.googlesource.com/fuchsia/+/refs/heads/master/src/security/kms
Change-Id: I0ea096ec95c660901b83704d8a4dfd3ec85b7530
Reviewed-on: https://fuchsia-review.googlesource.com/c/third_party/boringssl/+/411782
Reviewed-by: Aaron Green <aarongreen@google.com>
Reviewed-by: Drew Fisher <zarvox@google.com>
Reviewed-by: Darren Krahn <dkrahn@google.com>
Commit-Queue: Sean Olson <seanolson@google.com>
2 files changed
