diff options
author | Sverker Eriksson <[email protected]> | 2014-02-12 15:05:52 +0100 |
---|---|---|
committer | Sverker Eriksson <[email protected]> | 2014-02-12 15:05:52 +0100 |
commit | 651b949d85f847318ece301b64c099ad7959e9d0 (patch) | |
tree | ee454d37c1ddddfa72247f7530a37da52a14c0d3 /lib/crypto/doc | |
parent | 4082c3d1ad3d0e8bb85706c5f3b2bde97bb43fcb (diff) | |
download | otp-651b949d85f847318ece301b64c099ad7959e9d0.tar.gz otp-651b949d85f847318ece301b64c099ad7959e9d0.tar.bz2 otp-651b949d85f847318ece301b64c099ad7959e9d0.zip |
crypto: Fix bug when using old hmac context
Symptom: Using an old context (that had already been passed as argument to either
hmac_upgrade or hmac_final) could cause VM crash or worse.
Reason: Only a shallow copy (memcpy) of the context was made causing
a new context to partly mutate its parent context into an inconsistent
state.
Problem: Only OpenSSL v1.0 supports deep copy of hmac context. It is thus
not possible to implement a functional interface for older OpenSSL
versions (0.9.8) which still have wide spread use.
Solution: Change hmac contexts into a mutable state using NIF resources.
Document reuse of old contexts as undefined.
Future: If a need for reusing old context variables arise, a new hmac_copy
function could be introduced that is only supported for OpenSSL v1.0.
Diffstat (limited to 'lib/crypto/doc')
-rw-r--r-- | lib/crypto/doc/src/crypto.xml | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 40f829e704..c95827c371 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>1999</year><year>2013</year> + <year>1999</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -366,7 +366,11 @@ or to one of the functions <seealso marker="#hmac_final-1">hmac_final</seealso> and <seealso marker="#hmac_final_n-2">hmac_final_n</seealso> </p> - + <warning><p>Do not use a <c>Context</c> as argument in more than one + call to hmac_update or hmac_final. The semantics of reusing old contexts + in any way is undefined and could even crash the VM in earlier releases. + The reason for this limitation is a lack of support in the underlying + OpenSSL API.</p></warning> </desc> </func> |