From 62f4d2b3af590ec9ca76baca01f71c19b2e53211 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Tue, 2 Oct 2012 11:16:18 +0200
Subject: crypto: Throw notsup for DES3 CFB encryption for old openssl

An attempt to enable the use of openssl 0.9.7
---
 lib/crypto/c_src/crypto.c        | 13 ++++++++++---
 lib/crypto/doc/src/crypto.xml    |  4 ++++
 lib/crypto/src/crypto.erl        |  8 +++++++-
 lib/crypto/test/crypto_SUITE.erl |  6 ++++++
 4 files changed, 27 insertions(+), 4 deletions(-)

(limited to 'lib/crypto')

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 5dc088dcff..f789aaada0 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -69,6 +69,9 @@
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA512) && defined(NID_sha512)
 # define HAVE_SHA512
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x0090705FL
+# define HAVE_DES_ede3_cfb_encrypt
+#endif
 
 #ifdef VALGRIND
     #  include <valgrind/memcheck.h>
@@ -173,7 +176,7 @@ static ERL_NIF_TERM des_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM a
 static ERL_NIF_TERM des_cfb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM des_ecb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM des_ede3_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM des_ede3_cfb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM des_ede3_cfb_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_ctr_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -281,7 +284,7 @@ static ErlNifFunc nif_funcs[] = {
     {"des_cfb_crypt", 4, des_cfb_crypt},
     {"des_ecb_crypt", 3, des_ecb_crypt},
     {"des_ede3_cbc_crypt", 6, des_ede3_cbc_crypt},
-    {"des_ede3_cfb_crypt", 6, des_ede3_cfb_crypt},
+    {"des_ede3_cfb_crypt_nif", 6, des_ede3_cfb_crypt_nif},
     {"aes_cfb_128_crypt", 4, aes_cfb_128_crypt},
     {"aes_ctr_encrypt", 3, aes_ctr_encrypt},
     {"aes_ctr_decrypt", 3, aes_ctr_encrypt},
@@ -1218,8 +1221,9 @@ static ERL_NIF_TERM des_ede3_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_T
     return ret;
 }
 
-static ERL_NIF_TERM des_ede3_cfb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM des_ede3_cfb_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Key1, Key2, Key3, IVec, Text/Cipher, IsEncrypt) */
+#ifdef HAVE_DES_ede3_cfb_encrypt
     ErlNifBinary key1, key2, key3, ivec, text;
     DES_key_schedule schedule1, schedule2, schedule3;
     DES_cblock ivec_clone; /* writable copy */
@@ -1241,6 +1245,9 @@ static ERL_NIF_TERM des_ede3_cfb_crypt(ErlNifEnv* env, int argc, const ERL_NIF_T
 			 8, text.size, &schedule1, &schedule2, &schedule3,
 			 &ivec_clone, (argv[5] == atom_true));
     return ret;
+#else
+    return atom_notsup;
+#endif
 }
 
 static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 4dcd6fc4ea..06338e8432 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -548,6 +548,8 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
           keys, and <c>IVec</c> is an arbitrary initializing
           vector. The lengths of each of <c>Key1</c>, <c>Key2</c>,
           <c>Key3</c> and <c>IVec</c> must be 64 bits (8 bytes).</p>
+	<p>May throw exception <c>notsup</c> for old OpenSSL
+	  versions (0.9.7) that does not support this encryption mode.</p>
       </desc>
     </func>
     <func>
@@ -565,6 +567,8 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
           and <c>IVec</c> must have the same values as those used when
           encrypting.  The lengths of <c>Key1</c>, <c>Key2</c>,
           <c>Key3</c>, and <c>IVec</c> must be 64 bits (8 bytes).</p>
+	<p>May throw exception <c>notsup</c> for old OpenSSL
+	  versions (0.9.7) that does not support this encryption mode.</p>
       </desc>
     </func>
 
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 21f507f153..729ce95a7a 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -626,7 +626,13 @@ des3_cfb_decrypt(Key1, Key2, Key3, IVec, Data) ->
 des_ede3_cfb_decrypt(Key1, Key2, Key3, IVec, Data) ->
     des_ede3_cfb_crypt(Key1, Key2, Key3, IVec, Data, false).
 
-des_ede3_cfb_crypt(_Key1, _Key2, _Key3, _IVec, _Data, _IsEncrypt) -> ?nif_stub.
+des_ede3_cfb_crypt(Key1, Key2, Key3, IVec, Data, IsEncrypt) ->
+    case des_ede3_cfb_crypt_nif(Key1,Key2,Key3,IVec,Data,IsEncrypt) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+
+des_ede3_cfb_crypt_nif(_Key1, _Key2, _Key3, _IVec, _Data, _IsEncrypt) -> ?nif_stub.
 
 %%
 %% Blowfish
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 7ac693f371..ee5e411407 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -996,6 +996,12 @@ des3_cfb(doc) ->
 des3_cfb(suite) ->
     [];
 des3_cfb(Config) when is_list(Config) ->
+    case openssl_version() of
+	V when V < 16#90705F -> {skipped,"OpenSSL version too old"};
+	_ -> des3_cfb_do()
+    end.
+
+des3_cfb_do() ->
     ?line Key1 = hexstr2bin("0123456789abcdef"),
     ?line Key2 = hexstr2bin("fedcba9876543210"),
     ?line Key3 = hexstr2bin("0f2d4b6987a5c3e1"),
-- 
cgit v1.2.3