Merge branch 'maint'

author: Raimo Niskanen <[email protected]> 2016-09-07 17:25:08 +0200
committer: Raimo Niskanen <[email protected]> 2016-09-07 17:25:08 +0200
commit: ef94653b7f20bd8e02a64a73137cf10ee738ba4e (patch)
tree: a99f7a8e2691732cef913c1bfc0933d7f1e1d074 /lib/crypto
parent: 6dcffaa4f5f617c3a368bb40688e6753270de22f (diff)
parent: 970309e0cfa8450837ace53caa13dd2301b378b6 (diff)
download: otp-ef94653b7f20bd8e02a64a73137cf10ee738ba4e.tar.gz
otp-ef94653b7f20bd8e02a64a73137cf10ee738ba4e.tar.bz2
otp-ef94653b7f20bd8e02a64a73137cf10ee738ba4e.zip
5 files changed, 94 insertions, 21 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index ce149aa96a..ac898b3e9a 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -37,7 +37,9 @@
 #include <openssl/opensslconf.h>
 
 #include <openssl/crypto.h>
+#ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
+#endif /* #ifndef OPENSSL_NO_DES */
 /* #include <openssl/idea.h> This is not supported on the openssl OTP requires */
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
@@ -465,16 +467,29 @@ struct cipher_type_t {
     const size_t key_len;      /* != 0 to also match on key_len */
 };
 
+#ifdef OPENSSL_NO_DES
+#define COND_NO_DES_PTR(Ptr) (NULL)
+#else
+#define COND_NO_DES_PTR(Ptr) (Ptr)
+#endif
+
 struct cipher_type_t cipher_types[] =
 {
     {{"rc2_cbc"}, {&EVP_rc2_cbc}},
-    {{"des_cbc"}, {&EVP_des_cbc}},
-    {{"des_cfb"}, {&EVP_des_cfb8}},
-    {{"des_ecb"}, {&EVP_des_ecb}},
-    {{"des_ede3_cbc"}, {&EVP_des_ede3_cbc}},
-    {{"des_ede3_cbf"},
+    {{"des_cbc"}, {COND_NO_DES_PTR(&EVP_des_cbc)}},
+    {{"des_cfb"}, {COND_NO_DES_PTR(&EVP_des_cfb8)}},
+    {{"des_ecb"}, {COND_NO_DES_PTR(&EVP_des_ecb)}},
+    {{"des_ede3_cbc"}, {COND_NO_DES_PTR(&EVP_des_ede3_cbc)}},
+    {{"des_ede3_cbf"}, /* Misspelled, retained */
+#ifdef HAVE_DES_ede3_cfb_encrypt
+     {COND_NO_DES_PTR(&EVP_des_ede3_cfb8)}
+#else
+     {NULL}
+#endif
+    },
+    {{"des_ede3_cfb"},
 #ifdef HAVE_DES_ede3_cfb_encrypt
-     {&EVP_des_ede3_cfb8}
+     {COND_NO_DES_PTR(&EVP_des_ede3_cfb8)}
 #else
      {NULL}
 #endif
@@ -756,7 +771,7 @@ static ERL_NIF_TERM algo_hash[8];   /* increase when extending the list */
 static int algo_pubkey_cnt;
 static ERL_NIF_TERM algo_pubkey[7]; /* increase when extending the list */
 static int algo_cipher_cnt;
-static ERL_NIF_TERM algo_cipher[21]; /* increase when extending the list */
+static ERL_NIF_TERM algo_cipher[23]; /* increase when extending the list */
 
 static void init_algorithms_types(ErlNifEnv* env)
 {
@@ -792,10 +807,13 @@ static void init_algorithms_types(ErlNifEnv* env)
     algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "srp");
 
     algo_cipher_cnt = 0;
+#ifndef OPENSSL_NO_DES
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env, "des3_cbc");
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env, "des_ede3");
 #ifdef HAVE_DES_ede3_cfb_encrypt
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env, "des3_cbf");
+    algo_cipher[algo_cipher_cnt++] = enif_make_atom(env, "des3_cfb");
+#endif
 #endif
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env, "aes_cbc");
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env, "aes_cbc128");
@@ -807,8 +825,11 @@ static void init_algorithms_types(ErlNifEnv* env)
 #ifdef HAVE_AES_IGE
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"aes_ige256");
 #endif
+#ifndef OPENSSL_NO_DES
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"des_cbc");
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"des_cfb");
+    algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"des_ecb");
+#endif
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_cbc");
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_cfb64");
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_ofb64");
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 50e3583a94..ce8bf2216a 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -139,7 +139,7 @@
      <code>stream_cipher() = rc4 | aes_ctr </code>
 
      <code>block_cipher() =  aes_cbc | aes_cfb8 | aes_cfb128 | aes_ige256 | blowfish_cbc |
-     blowfish_cfb64 | des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 | rc2_cbc </code>
+     blowfish_cfb64 | des_cbc | des_cfb | des3_cbc | des3_cfb | des_ede3 | rc2_cbc </code>
 
      <code>aead_cipher() =  aes_gcm | chacha20_poly1305 </code>
 
@@ -164,7 +164,7 @@
      </p>
      <code> cipher_algorithms() = aes_cbc | aes_cfb8 | aes_cfb128 | aes_ctr | aes_gcm |
      aes_ige256 | blowfish_cbc | blowfish_cfb64 | chacha20_poly1305 | des_cbc | des_cfb |
-     des3_cbc | des3_cbf | des_ede3 | rc2_cbc | rc4 </code>
+     des3_cbc | des3_cfb | des_ede3 | rc2_cbc | rc4 </code>
      <code> public_key_algorithms() =   rsa |dss | ecdsa | dh | ecdh | ec_gf2m</code>
      <p>Note that ec_gf2m is not strictly a public key algorithm, but a restriction on what curves are supported
      with ecdsa and ecdh.
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index ba824eb9cd..da024cf74c 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -283,7 +283,7 @@ cmac(Type, Key, Data, MacSize) ->
 %% Ecrypt/decrypt %%%
 
 -spec block_encrypt(des_cbc | des_cfb |
-                    des3_cbc | des3_cbf | des_ede3 |
+                    des3_cbc | des3_cbf | des3_cfb | des_ede3 |
                     blowfish_cbc | blowfish_cfb64 | blowfish_ofb64 |
                     aes_cbc128 | aes_cfb8 | aes_cfb128 | aes_cbc256 | aes_ige256 |
 		    aes_cbc |
@@ -310,6 +310,9 @@ block_encrypt(Type, Key0, Ivec, Data) when Type =:= des3_cbc;
 block_encrypt(des3_cbf, Key0, Ivec, Data) ->
     Key = check_des3_key(Key0),
     block_crypt_nif(des_ede3_cbf, Key, Ivec, Data, true);
+block_encrypt(des3_cfb, Key0, Ivec, Data) ->
+    Key = check_des3_key(Key0),
+    block_crypt_nif(des_ede3_cfb, Key, Ivec, Data, true);
 block_encrypt(aes_ige256, Key, Ivec, Data) ->
     aes_ige_crypt_nif(Key, Ivec, Data, true);
 block_encrypt(aes_gcm, Key, Ivec, {AAD, Data}) ->
@@ -320,7 +323,7 @@ block_encrypt(chacha20_poly1305, Key, Ivec, {AAD, Data}) ->
     chacha20_poly1305_encrypt(Key, Ivec, AAD, Data).
 
 -spec block_decrypt(des_cbc | des_cfb |
-                    des3_cbc | des3_cbf | des_ede3 |
+                    des3_cbc | des3_cbf | des3_cfb | des_ede3 |
                     blowfish_cbc | blowfish_cfb64 | blowfish_ofb64 |
                     aes_cbc128 | aes_cfb8 | aes_cfb128 | aes_cbc256 | aes_ige256 |
 		    aes_cbc |
@@ -347,6 +350,9 @@ block_decrypt(Type, Key0, Ivec, Data) when Type =:= des3_cbc;
 block_decrypt(des3_cbf, Key0, Ivec, Data) ->
     Key = check_des3_key(Key0),
     block_crypt_nif(des_ede3_cbf, Key, Ivec, Data, false);
+block_decrypt(des3_cfb, Key0, Ivec, Data) ->
+    Key = check_des3_key(Key0),
+    block_crypt_nif(des_ede3_cfb, Key, Ivec, Data, false);
 block_decrypt(aes_ige256, Key, Ivec, Data) ->
     notsup_to_error(aes_ige_crypt_nif(Key, Ivec, Data, false));
 block_decrypt(aes_gcm, Key, Ivec, {AAD, Data, Tag}) ->
@@ -870,10 +876,10 @@ des_ede3_cbc_decrypt(Key1, Key2, Key3, IVec, Data) ->
 			     binary().
 
 des3_cfb_encrypt(Key1, Key2, Key3, IVec, Data) ->
-    block_encrypt(des3_cbf, [Key1, Key2, Key3], IVec, Data).
+    block_encrypt(des3_cfb, [Key1, Key2, Key3], IVec, Data).
 
 des3_cfb_decrypt(Key1, Key2, Key3, IVec, Data) ->
-    block_decrypt(des3_cbf, [Key1, Key2, Key3], IVec, Data).
+    block_decrypt(des3_cfb, [Key1, Key2, Key3], IVec, Data).
 
 %%
 %% Blowfish
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index c445b465c7..f0811c3e4f 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -50,6 +50,7 @@ all() ->
      {group, des_cfb},
      {group, des3_cbc},
      {group, des3_cbf},
+     {group, des3_cfb},
      {group, des_ede3},
      {group, blowfish_cbc},
      {group, blowfish_ecb},
@@ -94,6 +95,7 @@ groups() ->
      {des3_cbc,[], [block]},
      {des_ede3,[], [block]},
      {des3_cbf,[], [block]},
+     {des3_cfb,[], [block]},
      {rc2_cbc,[], [block]},
      {aes_cbc128,[], [block, cmac]},
      {aes_cfb8,[], [block]},
@@ -413,11 +415,8 @@ block_cipher({Type, Key, IV, PlainText, CipherText}) ->
 	    ct:fail({{crypto, block_decrypt, [Type, Key, IV, CipherText]}, {expected, Plain}, {got, Other1}})
     end.
 
-block_cipher_increment({Type, Key, IV, PlainTexts}) when Type == des_cbc;
-							 Type == des3_cbc;
-							 Type == aes_cbc; 
-							 Type == des_cbf
-							 ->
+block_cipher_increment({Type, Key, IV, PlainTexts})
+  when Type == des_cbc; Type == aes_cbc; Type == des3_cbc ->
     block_cipher_increment(Type, Key, IV, IV, PlainTexts, iolist_to_binary(PlainTexts), []);
 block_cipher_increment({Type, Key, IV, PlainTexts, _CipherText}) when Type == aes_cbc ->
     Plain = iolist_to_binary(PlainTexts),
@@ -621,6 +620,8 @@ do_block_iolistify({des3_cbc = Type, Key, IV, PlainText}) ->
     {Type, Key, IV, des_iolistify(PlainText)};
 do_block_iolistify({des3_cbf = Type, Key, IV, PlainText}) ->
     {Type, Key, IV, des_iolistify(PlainText)};
+do_block_iolistify({des3_cfb = Type, Key, IV, PlainText}) ->
+    {Type, Key, IV, des_iolistify(PlainText)};
 do_block_iolistify({des_ede3 = Type, Key, IV, PlainText}) ->
     {Type, Key, IV, des_iolistify(PlainText)};
 do_block_iolistify({Type, Key, PlainText}) ->
@@ -831,6 +832,9 @@ group_config(des3_cbc, Config) ->
 group_config(des3_cbf, Config) ->
     Block = des3_cbf(),
     [{block, Block} | Config];
+group_config(des3_cfb, Config) ->
+    Block = des3_cfb(),
+    [{block, Block} | Config];
 group_config(des_ede3, Config) ->
     Block = des_ede3(),
     [{block, Block} | Config];
@@ -1234,7 +1238,16 @@ des_ede3() ->
 
 des3_cbf() ->
     [{des3_cbf,
-     [hexstr2bin("0123456789abcdef"), 
+     [hexstr2bin("0123456789abcdef"),
+      hexstr2bin("fedcba9876543210"),
+      hexstr2bin("0f2d4b6987a5c3e1")],
+     hexstr2bin("1234567890abcdef"),
+     <<"Now is the time for all ">>
+     }].
+
+des3_cfb() ->
+    [{des3_cfb,
+     [hexstr2bin("0123456789abcdef"),
       hexstr2bin("fedcba9876543210"),
       hexstr2bin("0f2d4b6987a5c3e1")],
      hexstr2bin("1234567890abcdef"),
diff --git a/lib/crypto/test/old_crypto_SUITE.erl b/lib/crypto/test/old_crypto_SUITE.erl
index 0d97290d10..4a6753b2ed 100644
--- a/lib/crypto/test/old_crypto_SUITE.erl
+++ b/lib/crypto/test/old_crypto_SUITE.erl
@@ -58,6 +58,7 @@
 	 des_cfb_iter/1,
 	 des_ecb/1,
 	 des3_cbc/1,
+	 des3_cbf/1,
 	 des3_cfb/1,
 	 rc2_cbc/1,
 	 aes_cfb/1,
@@ -102,7 +103,7 @@ groups() ->
        hmac_rfc2202, hmac_rfc4231_sha224, hmac_rfc4231_sha256,
        hmac_rfc4231_sha384, hmac_rfc4231_sha512,
        des_cbc, aes_cfb, aes_cbc,
-       des_cfb, des_cfb_iter, des3_cbc, des3_cfb, rc2_cbc,
+       des_cfb, des_cfb_iter, des3_cbc, des3_cbf, des3_cfb, rc2_cbc,
        aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_ecb,
        rand_uniform_test, strong_rand_test,
        rsa_verify_test, dsa_verify_test, rsa_sign_test,
@@ -969,6 +970,9 @@ des_cbc(doc) ->
 des_cbc(suite) ->
     [];
 des_cbc(Config) when is_list(Config) ->
+    if_supported(des_cbc, fun des_cbc_do/0).
+
+des_cbc_do() ->
     ?line Key =  hexstr2bin("0123456789abcdef"),
     ?line IVec = hexstr2bin("1234567890abcdef"),
     ?line Plain = "Now is the time for all ",
@@ -992,6 +996,9 @@ des_cbc_iter(doc) ->
 des_cbc_iter(suite) ->
     [];
 des_cbc_iter(Config) when is_list(Config) ->
+    if_supported(des_cbc, fun des_cbc_iter_do/0).
+
+des_cbc_iter_do() ->
     ?line Key =  hexstr2bin("0123456789abcdef"),
     ?line IVec = hexstr2bin("1234567890abcdef"),
     ?line Plain1 = "Now is the time ",
@@ -1011,6 +1018,9 @@ des_cfb(doc) ->
 des_cfb(suite) ->
     [];
 des_cfb(Config) when is_list(Config) ->
+    if_supported(des_cfb, fun des_cfb_do/0).
+
+des_cfb_do() ->
     ?line Key =  hexstr2bin("0123456789abcdef"),
     ?line IVec = hexstr2bin("1234567890abcdef"),
     ?line Plain = "Now is the",
@@ -1027,6 +1037,9 @@ des_cfb_iter(doc) ->
 des_cfb_iter(suite) ->
     [];
 des_cfb_iter(Config) when is_list(Config) ->
+    if_supported(des_cfb, fun des_cfb_iter_do/0).
+
+des_cfb_iter_do() ->
     ?line Key =  hexstr2bin("0123456789abcdef"),
     ?line IVec = hexstr2bin("1234567890abcdef"),
     ?line Plain1 = "Now i",
@@ -1045,6 +1058,9 @@ des_ecb(doc) ->
 des_ecb(suite) ->
     [];
 des_ecb(Config) when is_list(Config) ->
+    if_supported(des_ecb, fun des_ecb_do/0).
+
+des_ecb_do() ->
     ?line Key =  hexstr2bin("0123456789abcdef"),
     ?line Cipher1 = crypto:des_ecb_encrypt(Key, "Now is t"),
     ?line m(Cipher1, hexstr2bin("3fa40e8a984d4815")),
@@ -1081,6 +1097,9 @@ des3_cbc(doc) ->
 des3_cbc(suite) ->
     [];
 des3_cbc(Config) when is_list(Config) ->
+    if_supported(des3_cbc, fun des3_cbc_do/0).
+
+des3_cbc_do() ->
     ?line Key1 = hexstr2bin("0123456789abcdef"),
     ?line Key2 = hexstr2bin("fedcba9876543210"),
     ?line Key3 = hexstr2bin("0f2d4b6987a5c3e1"),
@@ -1112,6 +1131,19 @@ des3_cbc(Config) when is_list(Config) ->
 
 %%
 %%
+des3_cbf(doc) ->
+    "Encrypt and decrypt according to CFB 3DES, and check the result.";
+des3_cbf(suite) ->
+    [];
+des3_cbf(Config) when is_list(Config) ->
+    case openssl_version() of
+	V when V < 16#90705F -> {skipped,"OpenSSL version too old"};
+	_ ->
+	    if_supported(des3_cbf, fun des3_cfb_do/0)
+    end.
+
+%%
+%%
 des3_cfb(doc) ->
     "Encrypt and decrypt according to CFB 3DES, and check the result.";
 des3_cfb(suite) ->
@@ -1119,7 +1151,8 @@ des3_cfb(suite) ->
 des3_cfb(Config) when is_list(Config) ->
     case openssl_version() of
 	V when V < 16#90705F -> {skipped,"OpenSSL version too old"};
-	_ -> des3_cfb_do()
+	_ ->
+	    if_supported(des3_cfb, fun des3_cfb_do/0)
     end.
 
 des3_cfb_do() ->
author	Raimo Niskanen <[email protected]>	2016-09-07 17:25:08 +0200
committer	Raimo Niskanen <[email protected]>	2016-09-07 17:25:08 +0200
commit	ef94653b7f20bd8e02a64a73137cf10ee738ba4e (patch)
tree	a99f7a8e2691732cef913c1bfc0933d7f1e1d074 /lib/crypto
parent	6dcffaa4f5f617c3a368bb40688e6753270de22f (diff)
parent	970309e0cfa8450837ace53caa13dd2301b378b6 (diff)
download	otp-ef94653b7f20bd8e02a64a73137cf10ee738ba4e.tar.gz otp-ef94653b7f20bd8e02a64a73137cf10ee738ba4e.tar.bz2 otp-ef94653b7f20bd8e02a64a73137cf10ee738ba4e.zip