diff options
author | Sverker Eriksson <[email protected]> | 2015-12-01 15:05:49 +0100 |
---|---|---|
committer | Sverker Eriksson <[email protected]> | 2015-12-01 15:05:49 +0100 |
commit | 162d8cdb1ee5efc990abe62a55f8cbff94e48351 (patch) | |
tree | 23c3c6d1fa6b4f4d07bb1f51f4077ddeda94af71 | |
parent | 929e12e6ed27f03cf91a6310bb996b87bc00e9b5 (diff) | |
download | otp-162d8cdb1ee5efc990abe62a55f8cbff94e48351.tar.gz otp-162d8cdb1ee5efc990abe62a55f8cbff94e48351.tar.bz2 otp-162d8cdb1ee5efc990abe62a55f8cbff94e48351.zip |
crypto: Avoid bug in OpenSSL-0.9.8 for ECB ciphers
that make EVP_CIPHER_iv_length() return non-zero value.
Seems to be fixed in 0.9.8m.
-rw-r--r-- | lib/crypto/c_src/crypto.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 18aa8f19ed..bb2771163d 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -99,6 +99,10 @@ # define HAVE_CHACHA20_POLY1305 #endif +#if OPENSSL_VERSION_NUMBER <= 0x009080cfL +# define HAVE_ECB_IVEC_BUG +#endif + #if defined(HAVE_EC) #include <openssl/ec.h> #include <openssl/ecdh.h> @@ -358,6 +362,11 @@ static ERL_NIF_TERM atom_onbasis; static ERL_NIF_TERM atom_aes_cfb8; static ERL_NIF_TERM atom_aes_cfb128; +#ifdef HAVE_ECB_IVEC_BUG +static ERL_NIF_TERM atom_aes_ecb; +static ERL_NIF_TERM atom_des_ecb; +static ERL_NIF_TERM atom_blowfish_ecb; +#endif static ErlNifResourceType* hmac_context_rtype; struct hmac_context @@ -613,6 +622,11 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info) #endif atom_aes_cfb8 = enif_make_atom(env, "aes_cfb8"); atom_aes_cfb128 = enif_make_atom(env, "aes_cfb128"); +#ifdef HAVE_ECB_IVEC_BUG + atom_aes_ecb = enif_make_atom(env, "aes_ecb"); + atom_des_ecb = enif_make_atom(env, "des_ecb"); + atom_blowfish_ecb = enif_make_atom(env, "blowfish_ecb"); +#endif init_digest_types(env); init_cipher_types(env); @@ -1319,6 +1333,12 @@ static ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM cipher = cipherp->cipher_func(); ivec_size = EVP_CIPHER_iv_length(cipher); +#ifdef HAVE_ECB_IVEC_BUG + if (argv[0] == atom_aes_ecb || argv[0] == atom_blowfish_ecb || + argv[0] == atom_des_ecb) + ivec_size = 0; /* 0.9.8l returns faulty ivec_size */ +#endif + if (text.size % EVP_CIPHER_block_size(cipher) != 0 || (ivec_size == 0 ? argc != 4 : (argc != 5 || |