aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSverker Eriksson <[email protected]>2015-12-01 15:05:49 +0100
committerSverker Eriksson <[email protected]>2015-12-01 15:05:49 +0100
commit162d8cdb1ee5efc990abe62a55f8cbff94e48351 (patch)
tree23c3c6d1fa6b4f4d07bb1f51f4077ddeda94af71
parent929e12e6ed27f03cf91a6310bb996b87bc00e9b5 (diff)
downloadotp-162d8cdb1ee5efc990abe62a55f8cbff94e48351.tar.gz
otp-162d8cdb1ee5efc990abe62a55f8cbff94e48351.tar.bz2
otp-162d8cdb1ee5efc990abe62a55f8cbff94e48351.zip
crypto: Avoid bug in OpenSSL-0.9.8 for ECB ciphers
that make EVP_CIPHER_iv_length() return non-zero value. Seems to be fixed in 0.9.8m.
-rw-r--r--lib/crypto/c_src/crypto.c20
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 18aa8f19ed..bb2771163d 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -99,6 +99,10 @@
# define HAVE_CHACHA20_POLY1305
#endif
+#if OPENSSL_VERSION_NUMBER <= 0x009080cfL
+# define HAVE_ECB_IVEC_BUG
+#endif
+
#if defined(HAVE_EC)
#include <openssl/ec.h>
#include <openssl/ecdh.h>
@@ -358,6 +362,11 @@ static ERL_NIF_TERM atom_onbasis;
static ERL_NIF_TERM atom_aes_cfb8;
static ERL_NIF_TERM atom_aes_cfb128;
+#ifdef HAVE_ECB_IVEC_BUG
+static ERL_NIF_TERM atom_aes_ecb;
+static ERL_NIF_TERM atom_des_ecb;
+static ERL_NIF_TERM atom_blowfish_ecb;
+#endif
static ErlNifResourceType* hmac_context_rtype;
struct hmac_context
@@ -613,6 +622,11 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info)
#endif
atom_aes_cfb8 = enif_make_atom(env, "aes_cfb8");
atom_aes_cfb128 = enif_make_atom(env, "aes_cfb128");
+#ifdef HAVE_ECB_IVEC_BUG
+ atom_aes_ecb = enif_make_atom(env, "aes_ecb");
+ atom_des_ecb = enif_make_atom(env, "des_ecb");
+ atom_blowfish_ecb = enif_make_atom(env, "blowfish_ecb");
+#endif
init_digest_types(env);
init_cipher_types(env);
@@ -1319,6 +1333,12 @@ static ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
cipher = cipherp->cipher_func();
ivec_size = EVP_CIPHER_iv_length(cipher);
+#ifdef HAVE_ECB_IVEC_BUG
+ if (argv[0] == atom_aes_ecb || argv[0] == atom_blowfish_ecb ||
+ argv[0] == atom_des_ecb)
+ ivec_size = 0; /* 0.9.8l returns faulty ivec_size */
+#endif
+
if (text.size % EVP_CIPHER_block_size(cipher) != 0 ||
(ivec_size == 0 ? argc != 4
: (argc != 5 ||