[GitHub] vanzin commented on a change in pull request #91: run time support is added for openssl 1.0 and 1.1 for UNIX

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] vanzin commented on a change in pull request #91: run time support is added for openssl 1.0 and 1.1 for UNIX

GitBox
vanzin commented on a change in pull request #91: run time support is added for openssl 1.0 and 1.1 for UNIX
URL: https://github.com/apache/commons-crypto/pull/91#discussion_r255250233
 
 

 ##########
 File path: src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c
 ##########
 @@ -432,25 +481,70 @@ JNIEXPORT jlong JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_init
 static int check_update_max_output_len(EVP_CIPHER_CTX *context, int input_len,
     int max_output_len)
 {
+#ifdef WINDOWS
   if (context->flags & EVP_CIPH_NO_PADDING) {
     if (max_output_len >= input_len) {
-      return 1;
+   return 1;
     }
     return 0;
   } else {
     int b = context->cipher->block_size;
     if (context->encrypt) {
-      if (max_output_len >= input_len + b - 1) {
+     if (max_output_len >= input_len + b - 1) {
+      return 1;
+     }
+    } else {
+     if (max_output_len >= input_len + b) {
+      return 1;
+     }
+    }
+    return 0;
+  }
+#endif
+#ifdef UNIX
+  if(openssl_1) {
+     if (EVP_CIPHER_CTX_test_flags(context, EVP_CIPH_NO_PADDING)){
+       if (max_output_len >= input_len) {
         return 1;
       }
+      return 0;
     } else {
-      if (max_output_len >= input_len + b) {
-        return 1;
+      int b = EVP_CIPHER_CTX_block_size(context);
+      if (dlsym_EVP_CIPHER_CTX_encrypting(context)) {
+        if (max_output_len >= input_len + b - 1) {
+          return 1;
+        }
+      } else {
+        if (max_output_len >= input_len + b) {
+          return 1;
+        }
       }
-    }
-
-    return 0;
+      return 0;
+   }
+  }
+  if (openssl_0) {
+  if (context->flags & EVP_CIPH_NO_PADDING) {
+    if (max_output_len >= input_len) {
+      return 1;
+    }
+    return 0;
+  } else {
+    int b = context->cipher->block_size;
+    if (context->encrypt) {
 
 Review comment:
   In #92, Alex mentions having problems with `->encrypt` in OpenSSL 1.1.
   
   Does this mean your patch would require compiling the code with OpenSSL 1.0?
   
   I think it would be easier to allow either. I made a suggestion in the other PR about how to avoid using `->encrypt`.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[hidden email]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]