aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2019-03-19 13:26:04 +0100
committerHans Nilsson <[email protected]>2019-03-21 14:46:30 +0100
commit2bd5ed8f2ec254e637605d0a8bc081fc88faf1ed (patch)
tree5f5e165fb36f8148af1fd818059be4aa6a4d942a
parent949ddf13286ebe10a40f2010d94d238650f6562b (diff)
downloadotp-2bd5ed8f2ec254e637605d0a8bc081fc88faf1ed.tar.gz
otp-2bd5ed8f2ec254e637605d0a8bc081fc88faf1ed.tar.bz2
otp-2bd5ed8f2ec254e637605d0a8bc081fc88faf1ed.zip
crypto: Handle additional OPENSSL_NO_* flags
OPENSSL_NO_MD4 OPENSSL_NO_MD5 OPENSSL_NO_RC2 OPENSSL_NO_RC4 OPENSSL_NO_RMD160 OPENSSL_NO_CMAC OPENSSL_NO_CHACHA
-rw-r--r--lib/crypto/c_src/algorithms.c6
-rw-r--r--lib/crypto/c_src/api_ng.c3
-rw-r--r--lib/crypto/c_src/cipher.c4
-rw-r--r--lib/crypto/c_src/digest.c37
-rw-r--r--lib/crypto/c_src/hash.c32
-rw-r--r--lib/crypto/c_src/openssl_config.h37
6 files changed, 105 insertions, 14 deletions
diff --git a/lib/crypto/c_src/algorithms.c b/lib/crypto/c_src/algorithms.c
index 06cd109fc1..1d45ed9df2 100644
--- a/lib/crypto/c_src/algorithms.c
+++ b/lib/crypto/c_src/algorithms.c
@@ -68,9 +68,15 @@ void init_algorithms_types(ErlNifEnv* env)
// Non-validated algorithms follow
algo_hash_fips_cnt = algo_hash_cnt;
+#ifdef HAVE_MD4
algo_hash[algo_hash_cnt++] = enif_make_atom(env, "md4");
+#endif
+#ifdef HAVE_MD5
algo_hash[algo_hash_cnt++] = enif_make_atom(env, "md5");
+#endif
+#ifdef HAVE_RIPEMD160
algo_hash[algo_hash_cnt++] = enif_make_atom(env, "ripemd160");
+#endif
algo_pubkey_cnt = 0;
algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "rsa");
diff --git a/lib/crypto/c_src/api_ng.c b/lib/crypto/c_src/api_ng.c
index 6a833a0984..781bdd5627 100644
--- a/lib/crypto/c_src/api_ng.c
+++ b/lib/crypto/c_src/api_ng.c
@@ -207,7 +207,7 @@ static int get_init_args(ErlNifEnv* env,
goto err;
}
-
+#ifdef HAVE_RC2
if (EVP_CIPHER_type((*cipherp)->cipher.p) == NID_rc2_cbc) {
if (key_bin.size > INT_MAX / 8) {
*return_term = EXCP_BADARG(env, "To large rc2_cbc key");
@@ -218,6 +218,7 @@ static int get_init_args(ErlNifEnv* env,
goto err;
}
}
+#endif
if (ivec_arg == atom_undefined || ivec_len == 0)
{
diff --git a/lib/crypto/c_src/cipher.c b/lib/crypto/c_src/cipher.c
index 5c57898c50..9d60254a3c 100644
--- a/lib/crypto/c_src/cipher.c
+++ b/lib/crypto/c_src/cipher.c
@@ -28,12 +28,12 @@
static struct cipher_type_t cipher_types[] =
{
-#ifndef OPENSSL_NO_RC2
+#ifdef HAVE_RC2
{{"rc2_cbc"}, {&EVP_rc2_cbc}, 0, NO_FIPS_CIPHER},
#else
{{"rc2_cbc"}, {NULL}, 0, NO_FIPS_CIPHER},
#endif
-#ifndef OPENSSL_NO_RC4
+#ifdef HAVE_RC4
{{"rc4"}, {&EVP_rc4}, 0, NO_FIPS_CIPHER},
#else
{{"rc4"}, {NULL}, 0, NO_FIPS_CIPHER},
diff --git a/lib/crypto/c_src/digest.c b/lib/crypto/c_src/digest.c
index fec286c000..c987a664d5 100644
--- a/lib/crypto/c_src/digest.c
+++ b/lib/crypto/c_src/digest.c
@@ -22,10 +22,32 @@
static struct digest_type_t digest_types[] =
{
- {{"md4"}, {&EVP_md4}},
- {{"md5"}, {&EVP_md5}},
- {{"ripemd160"}, {&EVP_ripemd160}},
+ {{"md4"},
+#ifdef HAVE_MD4
+ {&EVP_md4}
+#else
+ {NULL}
+#endif
+ },
+
+ {{"md5"},
+#ifdef HAVE_MD5
+ {&EVP_md5}
+#else
+ {NULL}
+#endif
+ },
+
+ {{"ripemd160"},
+#ifdef HAVE_RIPEMD160
+ {&EVP_ripemd160}
+#else
+ {NULL}
+#endif
+ },
+
{{"sha"}, {&EVP_sha1}},
+
{{"sha224"},
#ifdef HAVE_SHA224
{&EVP_sha224}
@@ -33,6 +55,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha256"},
#ifdef HAVE_SHA256
{&EVP_sha256}
@@ -40,6 +63,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha384"},
#ifdef HAVE_SHA384
{&EVP_sha384}
@@ -47,6 +71,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha512"},
#ifdef HAVE_SHA512
{&EVP_sha512}
@@ -54,6 +79,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha3_224"},
#ifdef HAVE_SHA3_224
{&EVP_sha3_224}
@@ -61,6 +87,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha3_256"},
#ifdef HAVE_SHA3_256
{&EVP_sha3_256}
@@ -68,6 +95,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha3_384"},
#ifdef HAVE_SHA3_384
{&EVP_sha3_384}
@@ -75,6 +103,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"sha3_512"},
#ifdef HAVE_SHA3_512
{&EVP_sha3_512}
@@ -82,6 +111,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"blake2b"},
#ifdef HAVE_BLAKE2
{&EVP_blake2b512}
@@ -89,6 +119,7 @@ static struct digest_type_t digest_types[] =
{NULL}
#endif
},
+
{{"blake2s"},
#ifdef HAVE_BLAKE2
{&EVP_blake2s256}
diff --git a/lib/crypto/c_src/hash.c b/lib/crypto/c_src/hash.c
index 0a9f64acef..329b9b64e5 100644
--- a/lib/crypto/c_src/hash.c
+++ b/lib/crypto/c_src/hash.c
@@ -21,9 +21,15 @@
#include "hash.h"
#include "digest.h"
-#define MD5_CTX_LEN (sizeof(MD5_CTX))
-#define MD4_CTX_LEN (sizeof(MD4_CTX))
-#define RIPEMD160_CTX_LEN (sizeof(RIPEMD160_CTX))
+#ifdef HAVE_MD5
+# define MD5_CTX_LEN (sizeof(MD5_CTX))
+#endif
+#ifdef HAVE_MD4
+# define MD4_CTX_LEN (sizeof(MD4_CTX))
+#endif
+#ifdef HAVE_RIPEMD160
+# define RIPEMD160_CTX_LEN (sizeof(RIPEMD160_CTX))
+#endif
#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,0,0)
struct evp_md_ctx {
@@ -261,18 +267,24 @@ ERL_NIF_TERM hash_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
switch (EVP_MD_type(digp->md.p))
{
+#ifdef HAVE_MD4
case NID_md4:
ctx_size = MD4_CTX_LEN;
ctx_init = (init_fun)(&MD4_Init);
break;
+#endif
+#ifdef HAVE_MD5
case NID_md5:
ctx_size = MD5_CTX_LEN;
ctx_init = (init_fun)(&MD5_Init);
break;
+#endif
+#ifdef HAVE_RIPEMD160
case NID_ripemd160:
ctx_size = RIPEMD160_CTX_LEN;
ctx_init = (init_fun)(&RIPEMD160_Init);
break;
+#endif
case NID_sha1:
ctx_size = sizeof(SHA_CTX);
ctx_init = (init_fun)(&SHA1_Init);
@@ -352,18 +364,24 @@ ERL_NIF_TERM hash_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]
switch (EVP_MD_type(digp->md.p))
{
+#ifdef HAVE_MD4
case NID_md4:
ctx_size = MD4_CTX_LEN;
ctx_update = (update_fun)(&MD4_Update);
break;
+#endif
+#ifdef HAVE_MD5
case NID_md5:
ctx_size = MD5_CTX_LEN;
ctx_update = (update_fun)(&MD5_Update);
break;
+#endif
+#ifdef HAVE_RIPEMD160
case NID_ripemd160:
ctx_size = RIPEMD160_CTX_LEN;
ctx_update = (update_fun)(&RIPEMD160_Update);
break;
+#endif
case NID_sha1:
ctx_size = sizeof(SHA_CTX);
ctx_update = (update_fun)(&SHA1_Update);
@@ -448,18 +466,24 @@ ERL_NIF_TERM hash_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
switch (EVP_MD_type(md))
{
+#ifdef HAVE_MD4
case NID_md4:
ctx_size = MD4_CTX_LEN;
ctx_final = (final_fun)(&MD4_Final);
break;
+#endif
+#ifdef HAVE_MD5
case NID_md5:
ctx_size = MD5_CTX_LEN;
ctx_final = (final_fun)(&MD5_Final);
break;
- case NID_ripemd160:
+#endif
+#ifdef HAVE_MD5
+ case NID_ripemd160:
ctx_size = RIPEMD160_CTX_LEN;
ctx_final = (final_fun)(&RIPEMD160_Final);
break;
+#endif
case NID_sha1:
ctx_size = sizeof(SHA_CTX);
ctx_final = (final_fun)(&SHA1_Final);
diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h
index 46868cb987..ea2c0a2cfb 100644
--- a/lib/crypto/c_src/openssl_config.h
+++ b/lib/crypto/c_src/openssl_config.h
@@ -166,6 +166,27 @@
# define HAVE_BLAKE2
#endif
+#ifndef OPENSSL_NO_MD4
+# define HAVE_MD4
+#endif
+
+#ifndef OPENSSL_NO_MD5
+# define HAVE_MD5
+#endif
+
+#ifndef OPENSSL_NO_RC2
+# define HAVE_RC2
+#endif
+
+#ifndef OPENSSL_NO_RC4
+# define HAVE_RC4
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+# define HAVE_RMD160
+#endif
+
+
#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'o') \
&& !defined(OPENSSL_NO_EC) \
&& !defined(OPENSSL_NO_ECDH) \
@@ -192,7 +213,9 @@
# define HAVE_AEAD
# define HAVE_GCM
# define HAVE_CCM
-# define HAVE_CMAC
+# ifndef OPENSSL_NO_CMAC
+# define HAVE_CMAC
+# endif
# if defined(RSA_PKCS1_OAEP_PADDING)
# define HAVE_RSA_OAEP_PADDING
# endif
@@ -204,21 +227,27 @@
#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,1,0)
# ifndef HAS_LIBRESSL
-# define HAVE_CHACHA20_POLY1305
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+# define HAVE_CHACHA20_POLY1305
+# endif
# define HAVE_RSA_OAEP_MD
# endif
#endif
#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(1,1,0,'d')
# ifndef HAS_LIBRESSL
-# define HAVE_CHACHA20
+# ifndef OPENSSL_NO_CHACHA
+# define HAVE_CHACHA20
+# endif
# endif
#endif
// OPENSSL_VERSION_NUMBER >= 1.1.1-pre8
#if OPENSSL_VERSION_NUMBER >= (PACKED_OPENSSL_VERSION_PLAIN(1,1,1)-7)
# ifndef HAS_LIBRESSL
-# define HAVE_POLY1305
+# if !defined(OPENSSL_NO_POLY1305)
+# define HAVE_POLY1305
+# endif
# endif
#endif