[erlang-patches] error in crypto application

Stefan Zegenhagen <>
Tue Jul 3 11:59:13 CEST 2012


Dear all,

here, comes a third version of the patch that
      * fixes the aes_cfb_128_crypt() function to not require the
        plaintext/cipher data to be a multiple of 16 bytes in length
      * adjusts the documentation accordingly, and
      * leaves the aes_cbc_crypt() function untouched because its
        current API in erlang requires the plaintext/cipher data to be a
        multiple of 16 bytes.


Kind regards,


--- snip ---
>From c9f86ea4a2244deeae4efd2955b329857d91e340 Mon Sep 17 00:00:00 2001
From: Stefan Zegenhagen <>
Date: Mon, 2 Jul 2012 22:00:09 +0200
Subject: [PATCH] CRYPTO: aes_cfb_128_crypt can handle arbitrary text length

The OpenSSL implementation of AES_cfb128_encrypt can handle data to
en-/decrypt with arbitrary length.

The restriction that the data length needs to be a multiple of 16 bytes
is unnecessary and breaks the SNMP application (causing decryption and
encryption errors in SNMPv3 AES-encrypted packets).
---
 lib/crypto/c_src/crypto.c     |    3 +--
 lib/crypto/doc/src/crypto.xml |   42 ++++++++++++++++++++++++++++++++++-------
 2 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 4be593e..a6a81d6 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -954,8 +954,7 @@ static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TE
 
     if (!enif_inspect_iolist_as_binary(env, argv[0], &key) || key.size != 16
 	|| !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
-	|| !enif_inspect_iolist_as_binary(env, argv[2], &text)
-	|| text.size % 16 != 0) {
+	|| !enif_inspect_iolist_as_binary(env, argv[2], &text)) {
 	return enif_make_badarg(env);
     }
 
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 19db6c9..ff939ce 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -643,16 +643,14 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
 
     <func>
       <name>aes_cfb_128_encrypt(Key, IVec, Text) -> Cipher</name>
-      <name>aes_cbc_128_encrypt(Key, IVec, Text) -> Cipher</name>
-      <fsummary>Encrypt <c>Text</c>according to AES in Cipher Feedback  mode or Cipher Block Chaining mode</fsummary>
+      <fsummary>Encrypt <c>Text</c>according to AES in Cipher Feedback mode</fsummary>
       <type>
         <v>Key = Text = iolist() | binary()</v>
         <v>IVec = Cipher = binary()</v>
       </type>
       <desc>
         <p>Encrypts <c>Text</c> according to AES in Cipher Feedback 
-          mode (CFB) or Cipher Block Chaining mode (CBC). <c>Text</c>
-          must be a multiple of 128 bits (16 bytes). <c>Key</c> is the
+          mode (CFB).<c>Key</c> is the
           AES key, and <c>IVec</c> is an arbitrary initializing vector.
           The lengths of <c>Key</c> and <c>IVec</c> must be 128 bits
           (16 bytes).</p>
@@ -660,15 +658,45 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
     </func>
     <func>
       <name>aes_cfb_128_decrypt(Key, IVec, Cipher) -> Text</name>
+      <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Feedback mode</fsummary>
+      <type>
+        <v>Key = Cipher = iolist() | binary()</v>
+        <v>IVec = Text = binary()</v>
+      </type>
+      <desc>
+        <p>Decrypts <c>Cipher</c> according to AES in Cipher Feedback Mode (CFB).
+          <c>Key</c> is the AES key, and <c>IVec</c> is an arbitrary
+          initializing vector. <c>Key</c> and <c>IVec</c> must have
+          the same values as those used when encrypting. The lengths of
+          <c>Key</c> and <c>IVec</c> must be 128 bits (16 bytes).</p>
+      </desc>
+    </func>
+    <func>
+      <name>aes_cbc_128_encrypt(Key, IVec, Text) -> Cipher</name>
+      <fsummary>Encrypt <c>Text</c>according to AES in Cipher Block Chaining mode</fsummary>
+      <type>
+        <v>Key = Text = iolist() | binary()</v>
+        <v>IVec = Cipher = binary()</v>
+      </type>
+      <desc>
+          <p>Encrypts <c>Text</c> according to AES in Cipher Block Chaining
+          mode (CBC). <c>Text</c>
+          must be a multiple of 128 bits (16 bytes). <c>Key</c> is the
+          AES key, and <c>IVec</c> is an arbitrary initializing vector.
+          The lengths of <c>Key</c> and <c>IVec</c> must be 128 bits
+          (16 bytes).</p>
+      </desc>
+    </func>
+    <func>
       <name>aes_cbc_128_decrypt(Key, IVec, Cipher) -> Text</name>
-      <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Feedback  mode or Cipher Block Chaining mode</fsummary>
+      <fsummary>Decrypt <c>Cipher</c>according to AES in Cipher Block Chaining mode</fsummary>
       <type>
         <v>Key = Cipher = iolist() | binary()</v>
         <v>IVec = Text = binary()</v>
       </type>
       <desc>
-        <p>Decrypts <c>Cipher</c> according to Cipher Feedback Mode (CFB)
-          or Cipher Block Chaining mode (CBC).
+          <p>Decrypts <c>Cipher</c> according to AES in Cipher Block
+          Chaining mode (CBC).
           <c>Key</c> is the AES key, and <c>IVec</c> is an arbitrary
           initializing vector. <c>Key</c> and <c>IVec</c> must have
           the same values as those used when encrypting. <c>Cipher</c>
-- 
1.7.9.5



-- 
Dr. Stefan Zegenhagen

arcutronix GmbH
Garbsener Landstr. 10
30419 Hannover
Germany

Tel:   +49 511 277-2734
Fax:   +49 511 277-2709
Email: 
Web:   www.arcutronix.com

*Synchronize the Ethernet*

General Managers: Dipl. Ing. Juergen Schroeder, Dr. Josef Gfrerer -
Legal Form: GmbH, Registered office: Hannover, HRB 202442, Amtsgericht
Hannover; Ust-Id: DE257551767.

Please consider the environment before printing this message.



More information about the erlang-patches mailing list