[erlang-patches] error in crypto application

Stefan Zegenhagen <>
Mon Jul 2 15:03:14 CEST 2012


Dear Sverker,

here comes an updated version of the patch that extends the previous
version by the following:
 - fix the same issue for aes_cbc_*_{en|de}crypt
 - fix the documentation

I didn't find any relevant test case in the test suite that would deal
with input data of arbitrary length. Unfortunately, I'm insufficiently
familiar with eunit to feel fit to create a new test case. I hope the
patch can get accepted nevertheless.


Kind regards,


--- snip ---

>From c97b647babc0b5e0a0645c9b929c8af7dd8a1061 Mon Sep 17 00:00:00 2001
From: Stefan Zegenhagen <>
Date: Thu, 28 Jun 2012 10:50:40 +0200
Subject: [PATCH] CRYPTO: aes_cfb_128_crypt can handle arbitrary text length

The OpenSSL implementation of AES_cfb128_encrypt can handle data to
en-/decrypt with arbitrary length.

The restriction that the data length needs to be a multiple of 16 bytes
is unnecessary and breaks the SNMP application (causing decryption and
encryption errors in SNMPv3 AES-encrypted packets).

Fix the same issue for aes_cbc_{128|256}_{en|de}crypt, the OpenSSL
version of which can also handle arbitrary text lengths.
---
 lib/crypto/c_src/crypto.c     |    6 ++----
 lib/crypto/doc/src/crypto.xml |    6 ++----
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 4be593e..0d19d59 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -954,8 +954,7 @@ static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TE
 
     if (!enif_inspect_iolist_as_binary(env, argv[0], &key) || key.size != 16
 	|| !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
-	|| !enif_inspect_iolist_as_binary(env, argv[2], &text)
-	|| text.size % 16 != 0) {
+	|| !enif_inspect_iolist_as_binary(env, argv[2], &text) ) {
 	return enif_make_badarg(env);
     }
 
@@ -1340,8 +1339,7 @@ static ERL_NIF_TERM aes_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM a
 	|| (key_bin.size != 16 && key_bin.size != 32)
 	|| !enif_inspect_binary(env, argv[1], &ivec_bin)
 	|| ivec_bin.size != 16
-	|| !enif_inspect_iolist_as_binary(env, argv[2], &data_bin)
-	|| data_bin.size % 16 != 0) {
+	|| !enif_inspect_iolist_as_binary(env, argv[2], &data_bin)) {
 
 	return enif_make_badarg(env);
     }
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 19db6c9..06aa213 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -651,8 +651,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
       </type>
       <desc>
         <p>Encrypts <c>Text</c> according to AES in Cipher Feedback 
-          mode (CFB) or Cipher Block Chaining mode (CBC). <c>Text</c>
-          must be a multiple of 128 bits (16 bytes). <c>Key</c> is the
+          mode (CFB) or Cipher Block Chaining mode (CBC). <c>Key</c> is the
           AES key, and <c>IVec</c> is an arbitrary initializing vector.
           The lengths of <c>Key</c> and <c>IVec</c> must be 128 bits
           (16 bytes).</p>
@@ -671,8 +670,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
           or Cipher Block Chaining mode (CBC).
           <c>Key</c> is the AES key, and <c>IVec</c> is an arbitrary
           initializing vector. <c>Key</c> and <c>IVec</c> must have
-          the same values as those used when encrypting. <c>Cipher</c>
-          must be a multiple of 128 bits (16 bytes).  The lengths of
+          the same values as those used when encrypting. The lengths of
           <c>Key</c> and <c>IVec</c> must be 128 bits (16 bytes).</p>
       </desc>
     </func>
-- 
1.7.9.5


-- 
Dr. Stefan Zegenhagen

arcutronix GmbH
Garbsener Landstr. 10
30419 Hannover
Germany

Tel:   +49 511 277-2734
Fax:   +49 511 277-2709
Email: 
Web:   www.arcutronix.com

*Synchronize the Ethernet*

General Managers: Dipl. Ing. Juergen Schroeder, Dr. Josef Gfrerer -
Legal Form: GmbH, Registered office: Hannover, HRB 202442, Amtsgericht
Hannover; Ust-Id: DE257551767.

Please consider the environment before printing this message.



More information about the erlang-patches mailing list