Merge branch 'hans/crypto/EVP_cf8_cf128_20/OTP-16133' into maint-20

* hans/crypto/EVP_cf8_cf128_20/OTP-16133: crypto: EVPify aes_*_cfb8 and aes_*_cfb128
author: Erlang/OTP <otp@erlang.org> 2019-10-04 15:27:00 +0200
committer: Erlang/OTP <otp@erlang.org> 2019-10-04 15:27:00 +0200
commit: ab17b965bf2cd3d80d235b313e0756fc7f8bdf53 (patch)
tree: 762e36163dabba4217c1d7697153d1e1bc4b623b /lib
parent: 022e03bfd06fdfd4d96cd10a569e12dc60cc2759 (diff)
parent: d46aced63e404b3060af539421748eeaa2389e10 (diff)
download: erlang-ab17b965bf2cd3d80d235b313e0756fc7f8bdf53.tar.gz
2 files changed, 6 insertions, 86 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 6dd263adb2..e955905739 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -475,8 +475,6 @@ static ERL_NIF_TERM hmac_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
 static ERL_NIF_TERM hmac_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM cmac_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM aes_cfb_8_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM aes_cfb_128_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_ige_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_ctr_stream_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_ctr_stream_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -662,8 +660,6 @@ static ERL_NIF_TERM atom_ppbasis;
 static ERL_NIF_TERM atom_onbasis;
 #endif
 
-static ERL_NIF_TERM atom_aes_cfb8;
-static ERL_NIF_TERM atom_aes_cfb128;
 #ifdef HAVE_ECB_IVEC_BUG
 static ERL_NIF_TERM atom_aes_ecb;
 static ERL_NIF_TERM atom_des_ecb;
@@ -832,8 +828,12 @@ static struct cipher_type_t cipher_types[] =
     {{"aes_cbc"}, {&EVP_aes_256_cbc}, 32},
     {{"aes_cbc128"}, {&EVP_aes_128_cbc}},
     {{"aes_cbc256"}, {&EVP_aes_256_cbc}},
-    {{"aes_cfb8"}, {&EVP_aes_128_cfb8}},
-    {{"aes_cfb128"}, {&EVP_aes_128_cfb128}},
+    {{"aes_cfb8"}, {&EVP_aes_128_cfb8}, 16},
+    {{"aes_cfb8"}, {&EVP_aes_192_cfb8}, 24},
+    {{"aes_cfb8"}, {&EVP_aes_256_cfb8}, 32},
+    {{"aes_cfb128"}, {&EVP_aes_128_cfb128}, 16},
+    {{"aes_cfb128"}, {&EVP_aes_192_cfb128}, 24},
+    {{"aes_cfb128"}, {&EVP_aes_256_cfb128}, 32},
     {{"aes_ecb"}, {&EVP_aes_128_ecb}, 16},
     {{"aes_ecb"}, {&EVP_aes_192_ecb}, 24},
     {{"aes_ecb"}, {&EVP_aes_256_ecb}, 32},
@@ -1063,8 +1063,6 @@ static int initialize(ErlNifEnv* env, ERL_NIF_TERM load_info)
     atom_ppbasis = enif_make_atom(env,"ppbasis");
     atom_onbasis = enif_make_atom(env,"onbasis");
 #endif
-    atom_aes_cfb8 = enif_make_atom(env, "aes_cfb8");
-    atom_aes_cfb128 = enif_make_atom(env, "aes_cfb128");
 #ifdef HAVE_ECB_IVEC_BUG
     atom_aes_ecb = enif_make_atom(env, "aes_ecb");
     atom_des_ecb = enif_make_atom(env, "des_ecb");
@@ -1963,21 +1961,6 @@ static ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
         return enif_raise_exception(env, atom_notsup);
     }
 
-    if (argv[0] == atom_aes_cfb8
-        && (key.size == 24 || key.size == 32)) {
-        /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
-         * Fall back on low level API
-         */
-        return aes_cfb_8_crypt(env, argc-1, argv+1);
-    }
-    else if (argv[0] == atom_aes_cfb128
-        && (key.size == 24 || key.size == 32)) {
-        /* Why do EVP_CIPHER_CTX_set_key_length() fail on these key sizes?
-         * Fall back on low level API
-         */
-        return aes_cfb_128_crypt_nif(env, argc-1, argv+1);
-   }
-
     ivec_size  = EVP_CIPHER_iv_length(cipher);
 
 #ifdef HAVE_ECB_IVEC_BUG
@@ -2025,58 +2008,6 @@ static ERL_NIF_TERM block_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
     return ret;
 }
 
-static ERL_NIF_TERM aes_cfb_8_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
-{/* (Key, IVec, Data, IsEncrypt) */
-     ErlNifBinary key, ivec, text;
-     AES_KEY aes_key;
-     unsigned char ivec_clone[16]; /* writable copy */
-     int new_ivlen = 0;
-     ERL_NIF_TERM ret;
-
-     CHECK_NO_FIPS_MODE();
-
-     if (!enif_inspect_iolist_as_binary(env, argv[0], &key)
-         || !(key.size == 16 || key.size == 24 || key.size == 32)
-         || !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
-         || !enif_inspect_iolist_as_binary(env, argv[2], &text)) {
-         return enif_make_badarg(env);
-     }
-
-     memcpy(ivec_clone, ivec.data, 16);
-     AES_set_encrypt_key(key.data, key.size * 8, &aes_key);
-     AES_cfb8_encrypt((unsigned char *) text.data,
-                      enif_make_new_binary(env, text.size, &ret),
-                      text.size, &aes_key, ivec_clone, &new_ivlen,
-                      (argv[3] == atom_true));
-     CONSUME_REDS(env,text);
-     return ret;
-}
-
-static ERL_NIF_TERM aes_cfb_128_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
-{/* (Key, IVec, Data, IsEncrypt) */
-    ErlNifBinary key, ivec, text;
-    AES_KEY aes_key;
-    unsigned char ivec_clone[16]; /* writable copy */
-    int new_ivlen = 0;
-    ERL_NIF_TERM ret;
-
-    if (!enif_inspect_iolist_as_binary(env, argv[0], &key)
-        || !(key.size == 16 || key.size == 24 || key.size == 32)
-        || !enif_inspect_binary(env, argv[1], &ivec) || ivec.size != 16
-        || !enif_inspect_iolist_as_binary(env, argv[2], &text)) {
-        return enif_make_badarg(env);
-    }
-
-    memcpy(ivec_clone, ivec.data, 16);
-    AES_set_encrypt_key(key.data, key.size * 8, &aes_key);
-    AES_cfb128_encrypt((unsigned char *) text.data,
-                       enif_make_new_binary(env, text.size, &ret),
-                       text.size, &aes_key, ivec_clone, &new_ivlen,
-                       (argv[3] == atom_true));
-    CONSUME_REDS(env,text);
-    return ret;
-}
-
 static ERL_NIF_TERM aes_ige_crypt_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Key, IVec, Data, IsEncrypt) */
 #ifdef HAVE_AES_IGE
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index c07e937737..7a2b22bc65 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -360,17 +360,6 @@ block() ->
 block(Config) when is_list(Config) ->
     Fips = proplists:get_bool(fips, Config),
     Type = ?config(type, Config),
-    %% See comment about EVP_CIPHER_CTX_set_key_length in
-    %% block_crypt_nif in crypto.c.
-    case {Fips, Type} of
-	{true, aes_cfb8} ->
-	    throw({skip, "Cannot test aes_cfb8 in FIPS mode because of key length issue"});
-	{true, aes_cfb128} ->
-	    throw({skip, "Cannot test aes_cfb128 in FIPS mode because of key length issue"});
-	_ ->
-	    ok
-    end,
-
     Blocks = lazy_eval(proplists:get_value(block, Config)),
     lists:foreach(fun block_cipher/1, Blocks),
     lists:foreach(fun block_cipher/1, block_iolistify(Blocks)),
author	Erlang/OTP <otp@erlang.org>	2019-10-04 15:27:00 +0200
committer	Erlang/OTP <otp@erlang.org>	2019-10-04 15:27:00 +0200
commit	ab17b965bf2cd3d80d235b313e0756fc7f8bdf53 (patch)
tree	762e36163dabba4217c1d7697153d1e1bc4b623b /lib
parent	022e03bfd06fdfd4d96cd10a569e12dc60cc2759 (diff)
parent	d46aced63e404b3060af539421748eeaa2389e10 (diff)
download	erlang-ab17b965bf2cd3d80d235b313e0756fc7f8bdf53.tar.gz