From 25c665f745bce31cc89e9f48980c7a9683259259 Mon Sep 17 00:00:00 2001
From: Andreas Schultz <aschultz@tpip.net>
Date: Wed, 14 Sep 2016 10:05:20 +0200
Subject: Fix compilation when OpenSSL doesn't support RC4

When OpenSSL has been configured with the "no-rc4" option, the header
file rc4.h doesn't exist, and neither does the rc4 functions.
Let's handle those by checking whether OPENSSL_NO_RC4 is defined.
---
 lib/crypto/c_src/crypto.c            | 21 ++++++++++++++++++---
 lib/crypto/test/old_crypto_SUITE.erl |  6 ++++++
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 00fc81c84f..63597a5ede 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -50,7 +50,9 @@
 #include <openssl/ripemd.h>
 #include <openssl/bn.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_RC4
 #include <openssl/rc4.h>
+#endif /* OPENSSL_NO_RC4 */
 #include <openssl/rc2.h>
 #include <openssl/blowfish.h>
 #include <openssl/rand.h>
@@ -828,7 +830,9 @@ static void init_algorithms_types(ErlNifEnv* env)
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_ofb64");
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_ecb");
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"rc2_cbc");
+#ifndef OPENSSL_NO_RC4
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"rc4");
+#endif
 #if defined(HAVE_GCM)
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"aes_gcm");
 #endif
@@ -2327,6 +2331,7 @@ static ERL_NIF_TERM do_exor(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 
 static ERL_NIF_TERM rc4_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Key, Data) */
+#ifndef OPENSSL_NO_RC4
     ErlNifBinary key, data;
     RC4_KEY rc4_key;
     ERL_NIF_TERM ret;
@@ -2340,10 +2345,14 @@ static ERL_NIF_TERM rc4_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM arg
 	enif_make_new_binary(env, data.size, &ret));
     CONSUME_REDS(env,data);
     return ret;
-}   
+#else
+    return enif_raise_exception(env, atom_notsup);
+#endif
+}
 
 static ERL_NIF_TERM rc4_set_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Key) */
+#ifndef OPENSSL_NO_RC4
     ErlNifBinary key;
     ERL_NIF_TERM ret;
 
@@ -2353,11 +2362,14 @@ static ERL_NIF_TERM rc4_set_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM arg
     RC4_set_key((RC4_KEY*)enif_make_new_binary(env, sizeof(RC4_KEY), &ret),
 		key.size, key.data);        
     return ret;
+#else
+    return enif_raise_exception(env, atom_notsup);
+#endif
 }
 
 static ERL_NIF_TERM rc4_encrypt_with_state(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (State, Data) */
-
+#ifndef OPENSSL_NO_RC4
     ErlNifBinary state, data;
     RC4_KEY* rc4_key;
     ERL_NIF_TERM new_state, new_data;
@@ -2373,7 +2385,10 @@ static ERL_NIF_TERM rc4_encrypt_with_state(ErlNifEnv* env, int argc, const ERL_N
 	enif_make_new_binary(env, data.size, &new_data));
     CONSUME_REDS(env,data);
     return enif_make_tuple2(env,new_state,new_data);
-}   
+#else
+    return enif_raise_exception(env, atom_notsup);
+#endif
+}
 
 static int get_rsa_private_key(ErlNifEnv* env, ERL_NIF_TERM key, RSA *rsa)
 {
diff --git a/lib/crypto/test/old_crypto_SUITE.erl b/lib/crypto/test/old_crypto_SUITE.erl
index 4a6753b2ed..579b14b0eb 100644
--- a/lib/crypto/test/old_crypto_SUITE.erl
+++ b/lib/crypto/test/old_crypto_SUITE.erl
@@ -2117,6 +2117,9 @@ rc4_test(doc) ->
 rc4_test(suite) ->
     [];
 rc4_test(Config) when is_list(Config) ->
+    if_supported(rc4, fun rc4_test_do/0).
+
+rc4_test_do() ->
     CT1 = <<"Yo baby yo">>,
     R1 = <<118,122,68,110,157,166,141,212,139,39>>,
     K = "apaapa",
@@ -2132,6 +2135,9 @@ rc4_stream_test(doc) ->
 rc4_stream_test(suite) ->
     [];
 rc4_stream_test(Config) when is_list(Config) ->
+    if_supported(rc4, fun rc4_stream_test_do/0).
+
+rc4_stream_test_do() ->
     CT1 = <<"Yo ">>,
     CT2 = <<"baby yo">>,
     K = "apaapa",
-- 
cgit v1.2.3


From 946253795a026ba1f438554f786d01debd5cf8a7 Mon Sep 17 00:00:00 2001
From: Andreas Schultz <aschultz@tpip.net>
Date: Wed, 14 Sep 2016 15:08:23 +0200
Subject: disable RC4 in SSL when crypto doesn't support it

---
 lib/ssl/src/ssl_cipher.erl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index e935c033c7..7ed109341d 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1458,6 +1458,9 @@ is_acceptable_cipher(Cipher, Algos)
 is_acceptable_cipher(Cipher, Algos)
   when Cipher == chacha20_poly1305 ->
     proplists:get_bool(Cipher, Algos);
+is_acceptable_cipher(Cipher, Algos)
+  when Cipher == rc4_128 ->
+    proplists:get_bool(rc4, Algos);
 is_acceptable_cipher(_, _) ->
     true.
 
-- 
cgit v1.2.3