From 6b4cf6c5759d1f1f952708ab191f563175950aa0 Mon Sep 17 00:00:00 2001 From: Magnus Henoch Date: Thu, 8 Sep 2016 15:49:13 +0100 Subject: Fix compilation when OpenSSL doesn't support RC2 When OpenSSL has been configured with the "no-rc2" option, the header file rc2.h doesn't exist, and neither does the function EVP_rc2_cbc. Let's handle those by checking whether OPENSSL_NO_RC2 is defined. Also update pbe_SUITE, which uses RC2-CBC in one of the tests. --- lib/crypto/c_src/crypto.c | 14 ++++++++++++-- lib/crypto/test/old_crypto_SUITE.erl | 4 +++- lib/public_key/test/pbe_SUITE.erl | 7 ++++++- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 00fc81c84f..c2ca990a3d 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -51,7 +51,9 @@ #include #include #include -#include +#ifndef OPENSSL_NO_RC2 + #include +#endif #include #include #include @@ -468,7 +470,13 @@ struct cipher_type_t { struct cipher_type_t cipher_types[] = { - {{"rc2_cbc"}, {&EVP_rc2_cbc}}, + {{"rc2_cbc"}, +#ifndef OPENSSL_NO_RC2 + {&EVP_rc2_cbc} +#else + {NULL} +#endif + }, {{"des_cbc"}, {COND_NO_DES_PTR(&EVP_des_cbc)}}, {{"des_cfb"}, {COND_NO_DES_PTR(&EVP_des_cfb8)}}, {{"des_ecb"}, {COND_NO_DES_PTR(&EVP_des_ecb)}}, @@ -827,7 +835,9 @@ static void init_algorithms_types(ErlNifEnv* env) algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_cfb64"); algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_ofb64"); algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_ecb"); +#ifndef OPENSSL_NO_RC2 algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"rc2_cbc"); +#endif algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"rc4"); #if defined(HAVE_GCM) algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"aes_gcm"); diff --git a/lib/crypto/test/old_crypto_SUITE.erl b/lib/crypto/test/old_crypto_SUITE.erl index 4a6753b2ed..10a3e52f29 100644 --- a/lib/crypto/test/old_crypto_SUITE.erl +++ b/lib/crypto/test/old_crypto_SUITE.erl @@ -1080,7 +1080,9 @@ rc2_cbc(doc) -> "Encrypt and decrypt according to RC2 CBC and check the result. " "Example stripped out from public_key application test"; rc2_cbc(Config) when is_list(Config) -> - + if_supported(rc2_cbc, fun rc2_cbc_do/0). + +rc2_cbc_do() -> Key = <<146,210,160,124,215,227,153,239,227,17,222,140,3,93,27,191>>, IV = <<72,91,135,182,25,42,35,210>>, diff --git a/lib/public_key/test/pbe_SUITE.erl b/lib/public_key/test/pbe_SUITE.erl index 004eaefc27..44caf479e5 100644 --- a/lib/public_key/test/pbe_SUITE.erl +++ b/lib/public_key/test/pbe_SUITE.erl @@ -219,7 +219,12 @@ pbes2() -> pbes2(Config) when is_list(Config) -> decode_encode_key_file("pbes2_des_cbc_enc_key.pem", "password", "DES-CBC", Config), decode_encode_key_file("pbes2_des_ede3_cbc_enc_key.pem", "password", "DES-EDE3-CBC", Config), - decode_encode_key_file("pbes2_rc2_cbc_enc_key.pem", "password", "RC2-CBC", Config). + case lists:member(rc2_cbc, proplists:get_value(ciphers, crypto:supports())) of + true -> + decode_encode_key_file("pbes2_rc2_cbc_enc_key.pem", "password", "RC2-CBC", Config); + false -> + ok + end. check_key_info(#'PrivateKeyInfo'{privateKeyAlgorithm = #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?rsaEncryption}, -- cgit v1.2.3 From 25c665f745bce31cc89e9f48980c7a9683259259 Mon Sep 17 00:00:00 2001 From: Andreas Schultz Date: Wed, 14 Sep 2016 10:05:20 +0200 Subject: Fix compilation when OpenSSL doesn't support RC4 When OpenSSL has been configured with the "no-rc4" option, the header file rc4.h doesn't exist, and neither does the rc4 functions. Let's handle those by checking whether OPENSSL_NO_RC4 is defined. --- lib/crypto/c_src/crypto.c | 21 ++++++++++++++++++--- lib/crypto/test/old_crypto_SUITE.erl | 6 ++++++ 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 00fc81c84f..63597a5ede 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -50,7 +50,9 @@ #include #include #include +#ifndef OPENSSL_NO_RC4 #include +#endif /* OPENSSL_NO_RC4 */ #include #include #include @@ -828,7 +830,9 @@ static void init_algorithms_types(ErlNifEnv* env) algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_ofb64"); algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"blowfish_ecb"); algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"rc2_cbc"); +#ifndef OPENSSL_NO_RC4 algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"rc4"); +#endif #if defined(HAVE_GCM) algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"aes_gcm"); #endif @@ -2327,6 +2331,7 @@ static ERL_NIF_TERM do_exor(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) static ERL_NIF_TERM rc4_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Key, Data) */ +#ifndef OPENSSL_NO_RC4 ErlNifBinary key, data; RC4_KEY rc4_key; ERL_NIF_TERM ret; @@ -2340,10 +2345,14 @@ static ERL_NIF_TERM rc4_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM arg enif_make_new_binary(env, data.size, &ret)); CONSUME_REDS(env,data); return ret; -} +#else + return enif_raise_exception(env, atom_notsup); +#endif +} static ERL_NIF_TERM rc4_set_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Key) */ +#ifndef OPENSSL_NO_RC4 ErlNifBinary key; ERL_NIF_TERM ret; @@ -2353,11 +2362,14 @@ static ERL_NIF_TERM rc4_set_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM arg RC4_set_key((RC4_KEY*)enif_make_new_binary(env, sizeof(RC4_KEY), &ret), key.size, key.data); return ret; +#else + return enif_raise_exception(env, atom_notsup); +#endif } static ERL_NIF_TERM rc4_encrypt_with_state(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (State, Data) */ - +#ifndef OPENSSL_NO_RC4 ErlNifBinary state, data; RC4_KEY* rc4_key; ERL_NIF_TERM new_state, new_data; @@ -2373,7 +2385,10 @@ static ERL_NIF_TERM rc4_encrypt_with_state(ErlNifEnv* env, int argc, const ERL_N enif_make_new_binary(env, data.size, &new_data)); CONSUME_REDS(env,data); return enif_make_tuple2(env,new_state,new_data); -} +#else + return enif_raise_exception(env, atom_notsup); +#endif +} static int get_rsa_private_key(ErlNifEnv* env, ERL_NIF_TERM key, RSA *rsa) { diff --git a/lib/crypto/test/old_crypto_SUITE.erl b/lib/crypto/test/old_crypto_SUITE.erl index 4a6753b2ed..579b14b0eb 100644 --- a/lib/crypto/test/old_crypto_SUITE.erl +++ b/lib/crypto/test/old_crypto_SUITE.erl @@ -2117,6 +2117,9 @@ rc4_test(doc) -> rc4_test(suite) -> []; rc4_test(Config) when is_list(Config) -> + if_supported(rc4, fun rc4_test_do/0). + +rc4_test_do() -> CT1 = <<"Yo baby yo">>, R1 = <<118,122,68,110,157,166,141,212,139,39>>, K = "apaapa", @@ -2132,6 +2135,9 @@ rc4_stream_test(doc) -> rc4_stream_test(suite) -> []; rc4_stream_test(Config) when is_list(Config) -> + if_supported(rc4, fun rc4_stream_test_do/0). + +rc4_stream_test_do() -> CT1 = <<"Yo ">>, CT2 = <<"baby yo">>, K = "apaapa", -- cgit v1.2.3 From 946253795a026ba1f438554f786d01debd5cf8a7 Mon Sep 17 00:00:00 2001 From: Andreas Schultz Date: Wed, 14 Sep 2016 15:08:23 +0200 Subject: disable RC4 in SSL when crypto doesn't support it --- lib/ssl/src/ssl_cipher.erl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index e935c033c7..7ed109341d 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -1458,6 +1458,9 @@ is_acceptable_cipher(Cipher, Algos) is_acceptable_cipher(Cipher, Algos) when Cipher == chacha20_poly1305 -> proplists:get_bool(Cipher, Algos); +is_acceptable_cipher(Cipher, Algos) + when Cipher == rc4_128 -> + proplists:get_bool(rc4, Algos); is_acceptable_cipher(_, _) -> true. -- cgit v1.2.3