diff options
| author | Hans Nilsson <[email protected]> | 2019-01-31 10:27:23 +0100 |
|---|---|---|
| committer | Hans Nilsson <[email protected]> | 2019-02-25 10:01:24 +0100 |
| commit | c7cab680b80ef9220832151ed2c8c23a5d590b8b (patch) | |
| tree | c197e1682ecdea385f93b5bbeee540e444b84e06 /lib/crypto/c_src/block.c | |
| parent | b3dbf45fdbe8c584c89b5e061f6e9a28a5d3ea86 (diff) | |
| download | otp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.tar.gz otp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.tar.bz2 otp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.zip | |
crypto: New experimental api
The new files api_ng.h and api_ng.c implements an api using EVP.
The api is not by any mean new, except for the crypto application
in Erlang/OTP.
The aims at using the block api in a stream manor, that is
1) call crypto_init/4
2..N) call crypto_update/{2,3}
The purpose is to simplify and hopefully optimize the SSL and SSH
applications.
By keeping the crypto state in C in an enif_resource the costful state
copying in SSL and SSH is reduced with 1-2 per message sent or received.
Changes in other files are for adaptation like FIPS etc since many
functions uses the central get_cipher_type() function.
Diffstat (limited to 'lib/crypto/c_src/block.c')
| -rw-r--r-- | lib/crypto/c_src/block.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/lib/crypto/c_src/block.c b/lib/crypto/c_src/block.c index d88ee8dba7..0a4fd72623 100644 --- a/lib/crypto/c_src/block.c +++ b/lib/crypto/c_src/block.c @@ -24,7 +24,7 @@ ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Type, Key, Ivec, Text, IsEncrypt) or (Type, Key, Text, IsEncrypt) */ - struct cipher_type_t *cipherp = NULL; + const struct cipher_type_t *cipherp; const EVP_CIPHER *cipher; ErlNifBinary key, ivec, text; EVP_CIPHER_CTX *ctx = NULL; @@ -41,36 +41,42 @@ ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[] goto bad_arg; if ((cipherp = get_cipher_type(argv[0], key.size)) == NULL) goto bad_arg; + if (cipherp->flags & (NON_EVP_CIPHER | AEAD_CIPHER)) + goto bad_arg; if (!enif_inspect_iolist_as_binary(env, argv[argc - 2], &text)) goto bad_arg; if (text.size > INT_MAX) goto bad_arg; + if (FORBIDDEN_IN_FIPS(cipherp)) + return enif_raise_exception(env, atom_notsup); if ((cipher = cipherp->cipher.p) == NULL) return enif_raise_exception(env, atom_notsup); - if (argv[0] == atom_aes_cfb8 - && (key.size == 24 || key.size == 32)) { - /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes? - * Fall back on low level API - */ - return aes_cfb_8_crypt(env, argc-1, argv+1); + if (cipherp->flags & AES_CFBx) { + if (argv[0] == atom_aes_cfb8 + && (key.size == 24 || key.size == 32)) { + /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes? + * Fall back on low level API + */ + return aes_cfb_8_crypt(env, argc-1, argv+1); + } + else if (argv[0] == atom_aes_cfb128 + && (key.size == 24 || key.size == 32)) { + /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes? + * Fall back on low level API + */ + return aes_cfb_128_crypt_nif(env, argc-1, argv+1); + } } - else if (argv[0] == atom_aes_cfb128 - && (key.size == 24 || key.size == 32)) { - /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes? - * Fall back on low level API - */ - return aes_cfb_128_crypt_nif(env, argc-1, argv+1); - } ivec_size = EVP_CIPHER_iv_length(cipher); #ifdef HAVE_ECB_IVEC_BUG - if (argv[0] == atom_aes_ecb || argv[0] == atom_blowfish_ecb || - argv[0] == atom_des_ecb) - ivec_size = 0; /* 0.9.8l returns faulty ivec_size */ + if (cipherp->flags & ECB_BUG_0_9_8L) + ivec_size = 0; /* 0.9.8l returns faulty ivec_size */ #endif + if (ivec_size < 0) goto bad_arg; |