aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSverker Eriksson <[email protected]>2011-09-28 11:49:47 +0200
committerSverker Eriksson <[email protected]>2011-09-28 11:49:47 +0200
commit2fa5d1e5146513f933c584c9bd444b7f03793820 (patch)
tree42bbdbdef3dd595609d7a75a1c85a757c7a2368e
parentb83073436a39553da458b19ef572ded9cd051611 (diff)
parenta474b24b6121ef411a3a3bda3e50cd69b5fbec17 (diff)
downloadotp-2fa5d1e5146513f933c584c9bd444b7f03793820.tar.gz
otp-2fa5d1e5146513f933c584c9bd444b7f03793820.tar.bz2
otp-2fa5d1e5146513f933c584c9bd444b7f03793820.zip
Merge branch 'sverker/revert-md2-With-RSA-Encryption' into dev
* sverker/revert-md2-With-RSA-Encryption: Revert "Prepare for release" Revert "Support md2WithRSAEncryption certificates in public_key" Revert "Support 'md2' hash in crypto:rsa_sign/3 and crypto:rsa_verify/4"
-rw-r--r--lib/crypto/c_src/crypto.c58
-rw-r--r--lib/crypto/doc/src/crypto.xml4
-rw-r--r--lib/crypto/src/crypto.erl2
-rw-r--r--lib/crypto/test/crypto_SUITE.erl30
-rw-r--r--lib/public_key/doc/src/public_key.xml2
-rw-r--r--lib/public_key/src/pubkey_cert.erl4
-rw-r--r--lib/public_key/src/public_key.appup.src12
-rw-r--r--lib/public_key/src/public_key.erl10
-rw-r--r--lib/public_key/test/public_key_SUITE.erl5
-rw-r--r--lib/public_key/vsn.mk2
10 files changed, 46 insertions, 83 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 83772d9023..c781ccb302 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -43,7 +43,6 @@
#include <openssl/aes.h>
#include <openssl/md5.h>
#include <openssl/md4.h>
-#include <openssl/md2.h>
#include <openssl/sha.h>
#include <openssl/bn.h>
#include <openssl/objects.h>
@@ -268,7 +267,6 @@ static ERL_NIF_TERM atom_true;
static ERL_NIF_TERM atom_false;
static ERL_NIF_TERM atom_sha;
static ERL_NIF_TERM atom_md5;
-static ERL_NIF_TERM atom_md2;
static ERL_NIF_TERM atom_ripemd160;
static ERL_NIF_TERM atom_error;
static ERL_NIF_TERM atom_rsa_pkcs1_padding;
@@ -339,7 +337,6 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
atom_false = enif_make_atom(env,"false");
atom_sha = enif_make_atom(env,"sha");
atom_md5 = enif_make_atom(env,"md5");
- atom_md2 = enif_make_atom(env,"md2");
atom_ripemd160 = enif_make_atom(env,"ripemd160");
atom_error = enif_make_atom(env,"error");
atom_rsa_pkcs1_padding = enif_make_atom(env,"rsa_pkcs1_padding");
@@ -1050,28 +1047,16 @@ static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv
return(i > 0) ? atom_true : atom_false;
}
-struct hash_def {
- int type;
- unsigned int m_len;
- unsigned char * (*func) (const unsigned char *d, size_t n, unsigned char *md);
-};
-
-static const struct hash_def md2_hash_def = { NID_md2, MD2_DIGEST_LENGTH, &MD2};
-static const struct hash_def md5_hash_def = { NID_md5, MD5_DIGEST_LENGTH, &MD5};
-static const struct hash_def sha1_hash_def = { NID_sha1, SHA_DIGEST_LENGTH, &SHA1};
-
static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (Type, Data, Signature, Key=[E,N]) */
ErlNifBinary data_bin, sign_bin;
unsigned char hmacbuf[SHA_DIGEST_LENGTH];
ERL_NIF_TERM head, tail, ret;
- int i;
+ int i, is_sha;
RSA* rsa = RSA_new();
- const struct hash_def *hash_def = NULL;
- if (argv[0] == atom_sha) hash_def = &sha1_hash_def;
- else if (argv[0] == atom_md5) hash_def = &md5_hash_def;
- else if (argv[0] == atom_md2) hash_def = &md2_hash_def;
+ if (argv[0] == atom_sha) is_sha = 1;
+ else if (argv[0] == atom_md5) is_sha = 0;
else goto badarg;
if (!inspect_mpint(env, argv[1], &data_bin)
@@ -1085,9 +1070,16 @@ static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv
ret = enif_make_badarg(env);
}
else {
- (void) *hash_def->func(data_bin.data+4, data_bin.size-4, hmacbuf);
- i = RSA_verify(hash_def->type, hmacbuf, hash_def->m_len,
- sign_bin.data+4, sign_bin.size-4, rsa);
+ if (is_sha) {
+ SHA1(data_bin.data+4, data_bin.size-4, hmacbuf);
+ i = RSA_verify(NID_sha1, hmacbuf, SHA_DIGEST_LENGTH,
+ sign_bin.data+4, sign_bin.size-4, rsa);
+ }
+ else {
+ MD5(data_bin.data+4, data_bin.size-4, hmacbuf);
+ i = RSA_verify(NID_md5, hmacbuf, MD5_DIGEST_LENGTH,
+ sign_bin.data+4, sign_bin.size-4, rsa);
+ }
ret = (i==1 ? atom_true : atom_false);
}
RSA_free(rsa);
@@ -1229,12 +1221,10 @@ static ERL_NIF_TERM rsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
unsigned char hmacbuf[SHA_DIGEST_LENGTH];
unsigned rsa_s_len;
RSA *rsa = RSA_new();
- int i;
- const struct hash_def *hash_def = NULL;
+ int i, is_sha;
- if (argv[0] == atom_sha) hash_def = &sha1_hash_def;
- else if (argv[0] == atom_md5) hash_def = &md5_hash_def;
- else if (argv[0] == atom_md2) hash_def = &md2_hash_def;
+ if (argv[0] == atom_sha) is_sha = 1;
+ else if (argv[0] == atom_md5) is_sha = 0;
else goto badarg;
if (!inspect_mpint(env,argv[1],&data_bin)
@@ -1250,10 +1240,18 @@ static ERL_NIF_TERM rsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
return enif_make_badarg(env);
}
enif_alloc_binary(RSA_size(rsa), &ret_bin);
- (void) *hash_def->func(data_bin.data+4, data_bin.size-4, hmacbuf);
- ERL_VALGRIND_ASSERT_MEM_DEFINED(hmacbuf, hash_def->m_len);
- i = RSA_sign(hash_def->type, hmacbuf, hash_def->m_len,
- ret_bin.data, &rsa_s_len, rsa);
+ if (is_sha) {
+ SHA1(data_bin.data+4, data_bin.size-4, hmacbuf);
+ ERL_VALGRIND_ASSERT_MEM_DEFINED(hmacbuf, SHA_DIGEST_LENGTH);
+ i = RSA_sign(NID_sha1, hmacbuf, SHA_DIGEST_LENGTH,
+ ret_bin.data, &rsa_s_len, rsa);
+ }
+ else {
+ MD5(data_bin.data+4, data_bin.size-4, hmacbuf);
+ ERL_VALGRIND_ASSERT_MEM_DEFINED(hmacbuf, MD5_DIGEST_LENGTH);
+ i = RSA_sign(NID_md5, hmacbuf,MD5_DIGEST_LENGTH,
+ ret_bin.data, &rsa_s_len, rsa);
+ }
RSA_free(rsa);
if (i) {
ERL_VALGRIND_MAKE_MEM_DEFINED(ret_bin.data, rsa_s_len);
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index b593958264..4c20f81cae 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -795,7 +795,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
<v>E, N, D = Mpint</v>
<d>Where <c>E</c> is the public exponent, <c>N</c> is public modulus and
<c>D</c> is the private exponent.</d>
- <v>DigestType = md2 | md5 | sha</v>
+ <v>DigestType = md5 | sha</v>
<d>The default <c>DigestType</c> is sha.</d>
<v>Mpint = binary()</v>
<v>Signature = binary()</v>
@@ -817,7 +817,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
<v>Key = [E, N]</v>
<v>E, N = Mpint</v>
<d>Where <c>E</c> is the public exponent and <c>N</c> is public modulus.</d>
- <v>DigestType = md2 | md5 | sha</v>
+ <v>DigestType = md5 | sha</v>
<d> The default <c>DigestType</c> is sha.</d>
<v>Mpint = binary()</v>
</type>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index ddad00f4b4..c3e13d6b91 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -91,7 +91,7 @@
aes_ctr_stream_init, aes_ctr_stream_encrypt, aes_ctr_stream_decrypt,
info_lib]).
--type rsa_digest_type() :: 'md2' | 'md5' | 'sha'.
+-type rsa_digest_type() :: 'md5' | 'sha'.
-type dss_digest_type() :: 'none' | 'sha'.
-type crypto_integer() :: binary() | integer().
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 26d10d892a..486751766b 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1083,30 +1083,16 @@ rsa_sign_test(Config) when is_list(Config) ->
PrivKey = [crypto:mpint(PubEx), crypto:mpint(Mod), crypto:mpint(PrivEx)],
PubKey = [crypto:mpint(PubEx), crypto:mpint(Mod)],
- ?line Sig = crypto:rsa_sign(sized_binary(Msg), PrivKey),
- ?line m(crypto:rsa_verify(sized_binary(Msg), sized_binary(Sig),PubKey), true),
+ ?line Sig1 = crypto:rsa_sign(sized_binary(Msg), PrivKey),
+ ?line m(crypto:rsa_verify(sized_binary(Msg), sized_binary(Sig1),PubKey), true),
- ?line Sig_md2 = crypto:rsa_sign(md2, sized_binary(Msg), PrivKey),
- ?line Sig_md5 = crypto:rsa_sign(md5, sized_binary(Msg), PrivKey),
- ?line Sig_sha = crypto:rsa_sign(sha, sized_binary(Msg), PrivKey),
-
- ?line m(Sig =:= Sig_sha, true),
- ?line m(Sig_md2 =:= Sig_md5, false),
- ?line m(Sig_md2 =:= Sig_sha, false),
- ?line m(Sig_md5 =:= Sig_sha, false),
+ ?line Sig2 = crypto:rsa_sign(md5, sized_binary(Msg), PrivKey),
+ ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig2),PubKey), true),
+
+ ?line m(Sig1 =:= Sig2, false),
+ ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig1),PubKey), false),
+ ?line m(crypto:rsa_verify(sha, sized_binary(Msg), sized_binary(Sig1),PubKey), true),
- ?line m(crypto:rsa_verify(md2, sized_binary(Msg), sized_binary(Sig_md2),PubKey), true),
- ?line m(crypto:rsa_verify(md2, sized_binary(Msg), sized_binary(Sig_md5),PubKey), false),
- ?line m(crypto:rsa_verify(md2, sized_binary(Msg), sized_binary(Sig_sha),PubKey), false),
-
- ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig_md2),PubKey), false),
- ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig_md5),PubKey), true),
- ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig_sha),PubKey), false),
-
- ?line m(crypto:rsa_verify(sha, sized_binary(Msg), sized_binary(Sig_md2),PubKey), false),
- ?line m(crypto:rsa_verify(sha, sized_binary(Msg), sized_binary(Sig_md5),PubKey), false),
- ?line m(crypto:rsa_verify(sha, sized_binary(Msg), sized_binary(Sig_sha),PubKey), true),
-
ok.
dsa_sign_test(doc) ->
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index b3ce49e2ca..9a3832c68b 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -79,7 +79,7 @@
<p><code> rsa_padding() = 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding'
| 'rsa_no_padding'</code></p>
- <p><code> rsa_digest_type() = 'md2' | 'md5' | 'sha' </code></p>
+ <p><code> rsa_digest_type() = 'md5' | 'sha' </code></p>
<p><code> dss_digest_type() = 'none' | 'sha' </code></p>
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 61082a1ec5..5ab9642279 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -38,7 +38,7 @@
%%====================================================================
%%--------------------------------------------------------------------
--spec verify_data(DER::binary()) -> {md2 | md5 | sha, binary(), binary()}.
+-spec verify_data(DER::binary()) -> {md5 | sha, binary(), binary()}.
%%
%% Description: Extracts data from DerCert needed to call public_key:verify/4.
%%--------------------------------------------------------------------
@@ -378,8 +378,6 @@ digest_type(?sha1WithRSAEncryption) ->
sha;
digest_type(?md5WithRSAEncryption) ->
md5;
-digest_type(?md2WithRSAEncryption) ->
- md2;
digest_type(?'id-dsa-with-sha1') ->
sha.
diff --git a/lib/public_key/src/public_key.appup.src b/lib/public_key/src/public_key.appup.src
index 18fae54d18..4986801dad 100644
--- a/lib/public_key/src/public_key.appup.src
+++ b/lib/public_key/src/public_key.appup.src
@@ -1,12 +1,6 @@
%% -*- erlang -*-
{"%VSN%",
[
- {"0.12",
- [
- {update, public_key, soft, soft_purge, soft_purge, []},
- {update, pubkey_cert, soft, soft_purge, soft_purge, []},
- ]
- },
{"0.11",
[
{update, public_key, soft, soft_purge, soft_purge, []},
@@ -41,12 +35,6 @@
}
],
[
- {"0.12",
- [
- {update, public_key, soft, soft_purge, soft_purge, []},
- {update, pubkey_cert, soft, soft_purge, soft_purge, []},
- ]
- },
{"0.11",
[
{update, public_key, soft, soft_purge, soft_purge, []},
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 940efffcd0..33fcce2c44 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -55,7 +55,7 @@
-type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding'
| 'rsa_no_padding'.
-type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
--type rsa_digest_type() :: 'md2' | 'md5' | 'sha'.
+-type rsa_digest_type() :: 'md5' | 'sha'.
-type dss_digest_type() :: 'none' | 'sha'.
-define(UINT32(X), X:32/unsigned-big-integer).
@@ -307,8 +307,7 @@ encrypt_private(PlainText, #'RSAPrivateKey'{modulus = N,
sign(PlainText, DigestType, #'RSAPrivateKey'{modulus = N, publicExponent = E,
privateExponent = D})
when is_binary(PlainText),
- (DigestType == md2 orelse
- DigestType == md5 orelse
+ (DigestType == md5 orelse
DigestType == sha) ->
crypto:rsa_sign(DigestType, sized_binary(PlainText), [crypto:mpint(E),
@@ -336,10 +335,7 @@ sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
%%--------------------------------------------------------------------
verify(PlainText, DigestType, Signature,
#'RSAPublicKey'{modulus = Mod, publicExponent = Exp})
- when is_binary(PlainText),
- (DigestType == md2 orelse
- DigestType == md5 orelse
- DigestType == sha) ->
+ when is_binary (PlainText), DigestType == sha; DigestType == md5 ->
crypto:rsa_verify(DigestType,
sized_binary(PlainText),
sized_binary(Signature),
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index a9c198c581..b11e4d092a 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -537,10 +537,7 @@ rsa_sign_verify(Config) when is_list(Config) ->
false = public_key:verify(Msg, sha, <<1:8, RSASign/binary>>, PublicRSA),
RSASign1 = public_key:sign(Msg, md5, PrivateRSA),
- true = public_key:verify(Msg, md5, RSASign1, PublicRSA),
-
- RSASign2 = public_key:sign(Msg, md2, PrivateRSA),
- true = public_key:verify(Msg, md2, RSASign2, PublicRSA).
+ true = public_key:verify(Msg, md5, RSASign1, PublicRSA).
%%--------------------------------------------------------------------
diff --git a/lib/public_key/vsn.mk b/lib/public_key/vsn.mk
index 66ac78a65d..3c6b012152 100644
--- a/lib/public_key/vsn.mk
+++ b/lib/public_key/vsn.mk
@@ -1 +1 @@
-PUBLIC_KEY_VSN = 0.13
+PUBLIC_KEY_VSN = 0.12