[erlang-patches] error in crypto application

Stefan Zegenhagen stefan.zegenhagen@REDACTED
Thu Jun 28 11:00:32 CEST 2012


Dear all,

below is a patch that corrects a bug in the crypto application. The bug
has the effect that the SNMP application completely fails to process
SNMPv3 messages with AES encryption.


--- snip ---

From: Stefan Zegenhagen <stefan.zegenhagen@REDACTED>
Date: Thu, 28 Jun 2012 10:50:40 +0200
Subject: [PATCH] CRYPTO: aes_cfb_128_crypt can handle arbitrary text length

The OpenSSL implementation of AES_cfb128_encrypt can handle data to
en-/decrypt with arbitrary length.

The restriction that the data length needs to be a multiple of 16 bytes
is unnecessary and breaks the SNMP application (causing decryption and
encryption errors in SNMPv3 AES-encrypted packets).
---
 lib/crypto/c_src/crypto.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 4be593e..0df4090 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -954,8 +954,7 @@ static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TE

     if (!enif_inspect_iolist_as_binary(env, argv[0], &key) || key.size != 16
    || !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
-   || !enif_inspect_iolist_as_binary(env, argv[2], &text)
-   || text.size % 16 != 0) {
+   || !enif_inspect_iolist_as_binary(env, argv[2], &text) ) {
    return enif_make_badarg(env);
     }

-- 
1.7.9.5

-- 
Dr. Stefan Zegenhagen

arcutronix GmbH
Garbsener Landstr. 10
30419 Hannover
Germany

Tel:   +49 511 277-2734
Fax:   +49 511 277-2709
Email: stefan.zegenhagen@REDACTED
Web:   www.arcutronix.com

*Synchronize the Ethernet*

General Managers: Dipl. Ing. Juergen Schroeder, Dr. Josef Gfrerer -
Legal Form: GmbH, Registered office: Hannover, HRB 202442, Amtsgericht
Hannover; Ust-Id: DE257551767.

Please consider the environment before printing this message.




More information about the erlang-patches mailing list