1 files changed, 23 insertions, 17 deletions

diff --git a/lib/crypto/c_src/block.c b/lib/crypto/c_src/block.c
index d88ee8dba7..0a4fd72623 100644
--- a/lib/crypto/c_src/block.c
+++ b/lib/crypto/c_src/block.c
@@ -24,7 +24,7 @@
 
 ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Type, Key, Ivec, Text, IsEncrypt) or (Type, Key, Text, IsEncrypt) */
-    struct cipher_type_t *cipherp = NULL;
+    const struct cipher_type_t *cipherp;
     const EVP_CIPHER     *cipher;
     ErlNifBinary         key, ivec, text;
     EVP_CIPHER_CTX       *ctx = NULL;
@@ -41,36 +41,42 @@ ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
         goto bad_arg;
     if ((cipherp = get_cipher_type(argv[0], key.size)) == NULL)
         goto bad_arg;
+    if (cipherp->flags & (NON_EVP_CIPHER | AEAD_CIPHER))
+        goto bad_arg;
     if (!enif_inspect_iolist_as_binary(env, argv[argc - 2], &text))
         goto bad_arg;
     if (text.size > INT_MAX)
         goto bad_arg;
 
+    if (FORBIDDEN_IN_FIPS(cipherp))
+        return enif_raise_exception(env, atom_notsup);
     if ((cipher = cipherp->cipher.p) == NULL)
         return enif_raise_exception(env, atom_notsup);
 
-    if (argv[0] == atom_aes_cfb8
-        && (key.size == 24 || key.size == 32)) {
-        /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
-         * Fall back on low level API
-         */
-        return aes_cfb_8_crypt(env, argc-1, argv+1);
+    if (cipherp->flags & AES_CFBx) {
+        if (argv[0] == atom_aes_cfb8
+            && (key.size == 24 || key.size == 32)) {
+            /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
+             * Fall back on low level API
+             */
+            return aes_cfb_8_crypt(env, argc-1, argv+1);
+        }
+        else if (argv[0] == atom_aes_cfb128
+                 && (key.size == 24 || key.size == 32)) {
+            /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
+             * Fall back on low level API
+             */
+            return aes_cfb_128_crypt_nif(env, argc-1, argv+1);
+        }
     }
-    else if (argv[0] == atom_aes_cfb128
-        && (key.size == 24 || key.size == 32)) {
-        /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
-         * Fall back on low level API
-         */
-        return aes_cfb_128_crypt_nif(env, argc-1, argv+1);
-   }
 
     ivec_size  = EVP_CIPHER_iv_length(cipher);
 
 #ifdef HAVE_ECB_IVEC_BUG
-    if (argv[0] == atom_aes_ecb || argv[0] == atom_blowfish_ecb ||
-	argv[0] == atom_des_ecb)
-	ivec_size = 0; /* 0.9.8l returns faulty ivec_size */
+    if (cipherp->flags & ECB_BUG_0_9_8L)
+        ivec_size = 0; /* 0.9.8l returns faulty ivec_size */
 #endif
+
     if (ivec_size < 0)
         goto bad_arg;