[erlang-patches] error in crypto application
Stefan Zegenhagen
stefan.zegenhagen@REDACTED
Mon Jul 2 15:03:14 CEST 2012
Dear Sverker,
here comes an updated version of the patch that extends the previous
version by the following:
- fix the same issue for aes_cbc_*_{en|de}crypt
- fix the documentation
I didn't find any relevant test case in the test suite that would deal
with input data of arbitrary length. Unfortunately, I'm insufficiently
familiar with eunit to feel fit to create a new test case. I hope the
patch can get accepted nevertheless.
Kind regards,
--- snip ---
>From c97b647babc0b5e0a0645c9b929c8af7dd8a1061 Mon Sep 17 00:00:00 2001
From: Stefan Zegenhagen <stefan.zegenhagen@REDACTED>
Date: Thu, 28 Jun 2012 10:50:40 +0200
Subject: [PATCH] CRYPTO: aes_cfb_128_crypt can handle arbitrary text length
The OpenSSL implementation of AES_cfb128_encrypt can handle data to
en-/decrypt with arbitrary length.
The restriction that the data length needs to be a multiple of 16 bytes
is unnecessary and breaks the SNMP application (causing decryption and
encryption errors in SNMPv3 AES-encrypted packets).
Fix the same issue for aes_cbc_{128|256}_{en|de}crypt, the OpenSSL
version of which can also handle arbitrary text lengths.
---
lib/crypto/c_src/crypto.c | 6 ++----
lib/crypto/doc/src/crypto.xml | 6 ++----
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 4be593e..0d19d59 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -954,8 +954,7 @@ static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TE
if (!enif_inspect_iolist_as_binary(env, argv[0], &key) || key.size != 16
|| !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
- || !enif_inspect_iolist_as_binary(env, argv[2], &text)
- || text.size % 16 != 0) {
+ || !enif_inspect_iolist_as_binary(env, argv[2], &text) ) {
return enif_make_badarg(env);
}
@@ -1340,8 +1339,7 @@ static ERL_NIF_TERM aes_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM a
|| (key_bin.size != 16 && key_bin.size != 32)
|| !enif_inspect_binary(env, argv[1], &ivec_bin)
|| ivec_bin.size != 16
- || !enif_inspect_iolist_as_binary(env, argv[2], &data_bin)
- || data_bin.size % 16 != 0) {
+ || !enif_inspect_iolist_as_binary(env, argv[2], &data_bin)) {
return enif_make_badarg(env);
}
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 19db6c9..06aa213 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -651,8 +651,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
</type>
<desc>
<p>Encrypts <c>Text</c> according to AES in Cipher Feedback
- mode (CFB) or Cipher Block Chaining mode (CBC). <c>Text</c>
- must be a multiple of 128 bits (16 bytes). <c>Key</c> is the
+ mode (CFB) or Cipher Block Chaining mode (CBC). <c>Key</c> is the
AES key, and <c>IVec</c> is an arbitrary initializing vector.
The lengths of <c>Key</c> and <c>IVec</c> must be 128 bits
(16 bytes).</p>
@@ -671,8 +670,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
or Cipher Block Chaining mode (CBC).
<c>Key</c> is the AES key, and <c>IVec</c> is an arbitrary
initializing vector. <c>Key</c> and <c>IVec</c> must have
- the same values as those used when encrypting. <c>Cipher</c>
- must be a multiple of 128 bits (16 bytes). The lengths of
+ the same values as those used when encrypting. The lengths of
<c>Key</c> and <c>IVec</c> must be 128 bits (16 bytes).</p>
</desc>
</func>
--
1.7.9.5
--
Dr. Stefan Zegenhagen
arcutronix GmbH
Garbsener Landstr. 10
30419 Hannover
Germany
Tel: +49 511 277-2734
Fax: +49 511 277-2709
Email: stefan.zegenhagen@REDACTED
Web: www.arcutronix.com
*Synchronize the Ethernet*
General Managers: Dipl. Ing. Juergen Schroeder, Dr. Josef Gfrerer -
Legal Form: GmbH, Registered office: Hannover, HRB 202442, Amtsgericht
Hannover; Ust-Id: DE257551767.
Please consider the environment before printing this message.
More information about the erlang-patches
mailing list