[GitHub] vanzin commented on a change in pull request #91: run time support is added for openssl 1.0 and 1.1 for UNIX

Fri, 08 Feb 2019 14:07:58 -0800 

vanzin commented on a change in pull request #91: run time support is added for 
openssl 1.0 and 1.1 for UNIX
URL: https://github.com/apache/commons-crypto/pull/91#discussion_r255250233
 
 

 ##########
 File path: src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c
 ##########
 @@ -432,25 +481,70 @@ JNIEXPORT jlong JNICALL 
Java_org_apache_commons_crypto_cipher_OpenSslNative_init
 static int check_update_max_output_len(EVP_CIPHER_CTX *context, int input_len,
     int max_output_len)
 {
+#ifdef WINDOWS
   if (context->flags & EVP_CIPH_NO_PADDING) {
     if (max_output_len >= input_len) {
-      return 1;
+       return 1;
     }
     return 0;
   } else {
     int b = context->cipher->block_size;
     if (context->encrypt) {
-      if (max_output_len >= input_len + b - 1) {
+       if (max_output_len >= input_len + b - 1) {
+         return 1;
+       }
+    } else {
+       if (max_output_len >= input_len + b) {
+         return 1;
+       }
+    }
+    return 0;
+  }
+#endif
+#ifdef UNIX
+  if(openssl_1) {
+     if (EVP_CIPHER_CTX_test_flags(context, EVP_CIPH_NO_PADDING)){
+       if (max_output_len >= input_len) {
         return 1;
       }
+      return 0;
     } else {
-      if (max_output_len >= input_len + b) {
-        return 1;
+      int b = EVP_CIPHER_CTX_block_size(context);
+      if (dlsym_EVP_CIPHER_CTX_encrypting(context)) {
+        if (max_output_len >= input_len + b - 1) {
+          return 1;
+        }
+      } else {
+        if (max_output_len >= input_len + b) {
+          return 1;
+        }
       }
-    }
-
-    return 0;
+      return 0;
+   }
+  }
+  if (openssl_0) {
+         if (context->flags & EVP_CIPH_NO_PADDING) {
+           if (max_output_len >= input_len) {
+             return 1;
+           }
+           return 0;
+         } else {
+           int b = context->cipher->block_size;
+           if (context->encrypt) {
 
 Review comment:
   In #92, Alex mentions having problems with `->encrypt` in OpenSSL 1.1.
   
   Does this mean your patch would require compiling the code with OpenSSL 1.0?
   
   I think it would be easier to allow either. I made a suggestion in the other 
PR about how to avoid using `->encrypt`.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to