aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/c_src/block.c
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2019-01-31 10:27:23 +0100
committerHans Nilsson <[email protected]>2019-02-25 10:01:24 +0100
commitc7cab680b80ef9220832151ed2c8c23a5d590b8b (patch)
treec197e1682ecdea385f93b5bbeee540e444b84e06 /lib/crypto/c_src/block.c
parentb3dbf45fdbe8c584c89b5e061f6e9a28a5d3ea86 (diff)
downloadotp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.tar.gz
otp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.tar.bz2
otp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.zip
crypto: New experimental api
The new files api_ng.h and api_ng.c implements an api using EVP. The api is not by any mean new, except for the crypto application in Erlang/OTP. The aims at using the block api in a stream manor, that is 1) call crypto_init/4 2..N) call crypto_update/{2,3} The purpose is to simplify and hopefully optimize the SSL and SSH applications. By keeping the crypto state in C in an enif_resource the costful state copying in SSL and SSH is reduced with 1-2 per message sent or received. Changes in other files are for adaptation like FIPS etc since many functions uses the central get_cipher_type() function.
Diffstat (limited to 'lib/crypto/c_src/block.c')
-rw-r--r--lib/crypto/c_src/block.c40
1 files changed, 23 insertions, 17 deletions
diff --git a/lib/crypto/c_src/block.c b/lib/crypto/c_src/block.c
index d88ee8dba7..0a4fd72623 100644
--- a/lib/crypto/c_src/block.c
+++ b/lib/crypto/c_src/block.c
@@ -24,7 +24,7 @@
ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (Type, Key, Ivec, Text, IsEncrypt) or (Type, Key, Text, IsEncrypt) */
- struct cipher_type_t *cipherp = NULL;
+ const struct cipher_type_t *cipherp;
const EVP_CIPHER *cipher;
ErlNifBinary key, ivec, text;
EVP_CIPHER_CTX *ctx = NULL;
@@ -41,36 +41,42 @@ ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
goto bad_arg;
if ((cipherp = get_cipher_type(argv[0], key.size)) == NULL)
goto bad_arg;
+ if (cipherp->flags & (NON_EVP_CIPHER | AEAD_CIPHER))
+ goto bad_arg;
if (!enif_inspect_iolist_as_binary(env, argv[argc - 2], &text))
goto bad_arg;
if (text.size > INT_MAX)
goto bad_arg;
+ if (FORBIDDEN_IN_FIPS(cipherp))
+ return enif_raise_exception(env, atom_notsup);
if ((cipher = cipherp->cipher.p) == NULL)
return enif_raise_exception(env, atom_notsup);
- if (argv[0] == atom_aes_cfb8
- && (key.size == 24 || key.size == 32)) {
- /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
- * Fall back on low level API
- */
- return aes_cfb_8_crypt(env, argc-1, argv+1);
+ if (cipherp->flags & AES_CFBx) {
+ if (argv[0] == atom_aes_cfb8
+ && (key.size == 24 || key.size == 32)) {
+ /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
+ * Fall back on low level API
+ */
+ return aes_cfb_8_crypt(env, argc-1, argv+1);
+ }
+ else if (argv[0] == atom_aes_cfb128
+ && (key.size == 24 || key.size == 32)) {
+ /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
+ * Fall back on low level API
+ */
+ return aes_cfb_128_crypt_nif(env, argc-1, argv+1);
+ }
}
- else if (argv[0] == atom_aes_cfb128
- && (key.size == 24 || key.size == 32)) {
- /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
- * Fall back on low level API
- */
- return aes_cfb_128_crypt_nif(env, argc-1, argv+1);
- }
ivec_size = EVP_CIPHER_iv_length(cipher);
#ifdef HAVE_ECB_IVEC_BUG
- if (argv[0] == atom_aes_ecb || argv[0] == atom_blowfish_ecb ||
- argv[0] == atom_des_ecb)
- ivec_size = 0; /* 0.9.8l returns faulty ivec_size */
+ if (cipherp->flags & ECB_BUG_0_9_8L)
+ ivec_size = 0; /* 0.9.8l returns faulty ivec_size */
#endif
+
if (ivec_size < 0)
goto bad_arg;