From 162d8cdb1ee5efc990abe62a55f8cbff94e48351 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Tue, 1 Dec 2015 15:05:49 +0100
Subject: crypto: Avoid bug in OpenSSL-0.9.8 for ECB ciphers

that make EVP_CIPHER_iv_length() return non-zero value.

Seems to be fixed in 0.9.8m.
---
 lib/crypto/c_src/crypto.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'lib/crypto')

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 18aa8f19ed..bb2771163d 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -99,6 +99,10 @@
 # define HAVE_CHACHA20_POLY1305
 #endif
 
+#if OPENSSL_VERSION_NUMBER <= 0x009080cfL
+# define HAVE_ECB_IVEC_BUG
+#endif
+
 #if defined(HAVE_EC)
 #include <openssl/ec.h>
 #include <openssl/ecdh.h>
@@ -358,6 +362,11 @@ static ERL_NIF_TERM atom_onbasis;
 
 static ERL_NIF_TERM atom_aes_cfb8;
 static ERL_NIF_TERM atom_aes_cfb128;
+#ifdef HAVE_ECB_IVEC_BUG
+static ERL_NIF_TERM atom_aes_ecb;
+static ERL_NIF_TERM atom_des_ecb;
+static ERL_NIF_TERM atom_blowfish_ecb;
+#endif
 
 static ErlNifResourceType* hmac_context_rtype;
 struct hmac_context
@@ -613,6 +622,11 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info)
 #endif
     atom_aes_cfb8 = enif_make_atom(env, "aes_cfb8");
     atom_aes_cfb128 = enif_make_atom(env, "aes_cfb128");
+#ifdef HAVE_ECB_IVEC_BUG
+    atom_aes_ecb = enif_make_atom(env, "aes_ecb");
+    atom_des_ecb = enif_make_atom(env, "des_ecb");
+    atom_blowfish_ecb = enif_make_atom(env, "blowfish_ecb");
+#endif
 
     init_digest_types(env);
     init_cipher_types(env);
@@ -1319,6 +1333,12 @@ static ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
     cipher = cipherp->cipher_func();
     ivec_size  = EVP_CIPHER_iv_length(cipher);
 
+#ifdef HAVE_ECB_IVEC_BUG
+    if (argv[0] == atom_aes_ecb || argv[0] == atom_blowfish_ecb ||
+	argv[0] == atom_des_ecb)
+	ivec_size = 0; /* 0.9.8l returns faulty ivec_size */
+#endif
+
     if (text.size % EVP_CIPHER_block_size(cipher) != 0 ||
         (ivec_size == 0 ? argc != 4
                       : (argc != 5 ||
-- 
cgit v1.2.3