diff options
author | Sverker Eriksson <[email protected]> | 2011-09-28 11:59:22 +0200 |
---|---|---|
committer | Sverker Eriksson <[email protected]> | 2011-09-28 11:59:22 +0200 |
commit | 0843769ab9c3263b368b49b95a8b97478a82dbea (patch) | |
tree | 817ec4dd451b4ce9c8aeb50a1280ba2ef3d187b9 | |
parent | df20d15f2229fa5da1c9b7ab8b41b2d706d586f8 (diff) | |
parent | 2fa5d1e5146513f933c584c9bd444b7f03793820 (diff) | |
download | otp-0843769ab9c3263b368b49b95a8b97478a82dbea.tar.gz otp-0843769ab9c3263b368b49b95a8b97478a82dbea.tar.bz2 otp-0843769ab9c3263b368b49b95a8b97478a82dbea.zip |
Merge branch 'dev' into major
-rw-r--r-- | lib/crypto/c_src/crypto.c | 58 | ||||
-rw-r--r-- | lib/crypto/doc/src/crypto.xml | 4 | ||||
-rw-r--r-- | lib/crypto/src/crypto.erl | 2 | ||||
-rw-r--r-- | lib/crypto/test/crypto_SUITE.erl | 30 | ||||
-rw-r--r-- | lib/public_key/doc/src/public_key.xml | 2 | ||||
-rw-r--r-- | lib/public_key/src/pubkey_cert.erl | 4 | ||||
-rw-r--r-- | lib/public_key/src/public_key.appup.src | 12 | ||||
-rw-r--r-- | lib/public_key/src/public_key.erl | 10 | ||||
-rw-r--r-- | lib/public_key/test/public_key_SUITE.erl | 5 | ||||
-rw-r--r-- | lib/public_key/vsn.mk | 2 |
10 files changed, 46 insertions, 83 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 83772d9023..c781ccb302 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -43,7 +43,6 @@ #include <openssl/aes.h> #include <openssl/md5.h> #include <openssl/md4.h> -#include <openssl/md2.h> #include <openssl/sha.h> #include <openssl/bn.h> #include <openssl/objects.h> @@ -268,7 +267,6 @@ static ERL_NIF_TERM atom_true; static ERL_NIF_TERM atom_false; static ERL_NIF_TERM atom_sha; static ERL_NIF_TERM atom_md5; -static ERL_NIF_TERM atom_md2; static ERL_NIF_TERM atom_ripemd160; static ERL_NIF_TERM atom_error; static ERL_NIF_TERM atom_rsa_pkcs1_padding; @@ -339,7 +337,6 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info) atom_false = enif_make_atom(env,"false"); atom_sha = enif_make_atom(env,"sha"); atom_md5 = enif_make_atom(env,"md5"); - atom_md2 = enif_make_atom(env,"md2"); atom_ripemd160 = enif_make_atom(env,"ripemd160"); atom_error = enif_make_atom(env,"error"); atom_rsa_pkcs1_padding = enif_make_atom(env,"rsa_pkcs1_padding"); @@ -1050,28 +1047,16 @@ static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv return(i > 0) ? atom_true : atom_false; } -struct hash_def { - int type; - unsigned int m_len; - unsigned char * (*func) (const unsigned char *d, size_t n, unsigned char *md); -}; - -static const struct hash_def md2_hash_def = { NID_md2, MD2_DIGEST_LENGTH, &MD2}; -static const struct hash_def md5_hash_def = { NID_md5, MD5_DIGEST_LENGTH, &MD5}; -static const struct hash_def sha1_hash_def = { NID_sha1, SHA_DIGEST_LENGTH, &SHA1}; - static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Type, Data, Signature, Key=[E,N]) */ ErlNifBinary data_bin, sign_bin; unsigned char hmacbuf[SHA_DIGEST_LENGTH]; ERL_NIF_TERM head, tail, ret; - int i; + int i, is_sha; RSA* rsa = RSA_new(); - const struct hash_def *hash_def = NULL; - if (argv[0] == atom_sha) hash_def = &sha1_hash_def; - else if (argv[0] == atom_md5) hash_def = &md5_hash_def; - else if (argv[0] == atom_md2) hash_def = &md2_hash_def; + if (argv[0] == atom_sha) is_sha = 1; + else if (argv[0] == atom_md5) is_sha = 0; else goto badarg; if (!inspect_mpint(env, argv[1], &data_bin) @@ -1085,9 +1070,16 @@ static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv ret = enif_make_badarg(env); } else { - (void) *hash_def->func(data_bin.data+4, data_bin.size-4, hmacbuf); - i = RSA_verify(hash_def->type, hmacbuf, hash_def->m_len, - sign_bin.data+4, sign_bin.size-4, rsa); + if (is_sha) { + SHA1(data_bin.data+4, data_bin.size-4, hmacbuf); + i = RSA_verify(NID_sha1, hmacbuf, SHA_DIGEST_LENGTH, + sign_bin.data+4, sign_bin.size-4, rsa); + } + else { + MD5(data_bin.data+4, data_bin.size-4, hmacbuf); + i = RSA_verify(NID_md5, hmacbuf, MD5_DIGEST_LENGTH, + sign_bin.data+4, sign_bin.size-4, rsa); + } ret = (i==1 ? atom_true : atom_false); } RSA_free(rsa); @@ -1229,12 +1221,10 @@ static ERL_NIF_TERM rsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar unsigned char hmacbuf[SHA_DIGEST_LENGTH]; unsigned rsa_s_len; RSA *rsa = RSA_new(); - int i; - const struct hash_def *hash_def = NULL; + int i, is_sha; - if (argv[0] == atom_sha) hash_def = &sha1_hash_def; - else if (argv[0] == atom_md5) hash_def = &md5_hash_def; - else if (argv[0] == atom_md2) hash_def = &md2_hash_def; + if (argv[0] == atom_sha) is_sha = 1; + else if (argv[0] == atom_md5) is_sha = 0; else goto badarg; if (!inspect_mpint(env,argv[1],&data_bin) @@ -1250,10 +1240,18 @@ static ERL_NIF_TERM rsa_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar return enif_make_badarg(env); } enif_alloc_binary(RSA_size(rsa), &ret_bin); - (void) *hash_def->func(data_bin.data+4, data_bin.size-4, hmacbuf); - ERL_VALGRIND_ASSERT_MEM_DEFINED(hmacbuf, hash_def->m_len); - i = RSA_sign(hash_def->type, hmacbuf, hash_def->m_len, - ret_bin.data, &rsa_s_len, rsa); + if (is_sha) { + SHA1(data_bin.data+4, data_bin.size-4, hmacbuf); + ERL_VALGRIND_ASSERT_MEM_DEFINED(hmacbuf, SHA_DIGEST_LENGTH); + i = RSA_sign(NID_sha1, hmacbuf, SHA_DIGEST_LENGTH, + ret_bin.data, &rsa_s_len, rsa); + } + else { + MD5(data_bin.data+4, data_bin.size-4, hmacbuf); + ERL_VALGRIND_ASSERT_MEM_DEFINED(hmacbuf, MD5_DIGEST_LENGTH); + i = RSA_sign(NID_md5, hmacbuf,MD5_DIGEST_LENGTH, + ret_bin.data, &rsa_s_len, rsa); + } RSA_free(rsa); if (i) { ERL_VALGRIND_MAKE_MEM_DEFINED(ret_bin.data, rsa_s_len); diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index b593958264..4c20f81cae 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -795,7 +795,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]> <v>E, N, D = Mpint</v> <d>Where <c>E</c> is the public exponent, <c>N</c> is public modulus and <c>D</c> is the private exponent.</d> - <v>DigestType = md2 | md5 | sha</v> + <v>DigestType = md5 | sha</v> <d>The default <c>DigestType</c> is sha.</d> <v>Mpint = binary()</v> <v>Signature = binary()</v> @@ -817,7 +817,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]> <v>Key = [E, N]</v> <v>E, N = Mpint</v> <d>Where <c>E</c> is the public exponent and <c>N</c> is public modulus.</d> - <v>DigestType = md2 | md5 | sha</v> + <v>DigestType = md5 | sha</v> <d> The default <c>DigestType</c> is sha.</d> <v>Mpint = binary()</v> </type> diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index ddad00f4b4..c3e13d6b91 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -91,7 +91,7 @@ aes_ctr_stream_init, aes_ctr_stream_encrypt, aes_ctr_stream_decrypt, info_lib]). --type rsa_digest_type() :: 'md2' | 'md5' | 'sha'. +-type rsa_digest_type() :: 'md5' | 'sha'. -type dss_digest_type() :: 'none' | 'sha'. -type crypto_integer() :: binary() | integer(). diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 26d10d892a..486751766b 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -1083,30 +1083,16 @@ rsa_sign_test(Config) when is_list(Config) -> PrivKey = [crypto:mpint(PubEx), crypto:mpint(Mod), crypto:mpint(PrivEx)], PubKey = [crypto:mpint(PubEx), crypto:mpint(Mod)], - ?line Sig = crypto:rsa_sign(sized_binary(Msg), PrivKey), - ?line m(crypto:rsa_verify(sized_binary(Msg), sized_binary(Sig),PubKey), true), + ?line Sig1 = crypto:rsa_sign(sized_binary(Msg), PrivKey), + ?line m(crypto:rsa_verify(sized_binary(Msg), sized_binary(Sig1),PubKey), true), - ?line Sig_md2 = crypto:rsa_sign(md2, sized_binary(Msg), PrivKey), - ?line Sig_md5 = crypto:rsa_sign(md5, sized_binary(Msg), PrivKey), - ?line Sig_sha = crypto:rsa_sign(sha, sized_binary(Msg), PrivKey), - - ?line m(Sig =:= Sig_sha, true), - ?line m(Sig_md2 =:= Sig_md5, false), - ?line m(Sig_md2 =:= Sig_sha, false), - ?line m(Sig_md5 =:= Sig_sha, false), + ?line Sig2 = crypto:rsa_sign(md5, sized_binary(Msg), PrivKey), + ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig2),PubKey), true), + + ?line m(Sig1 =:= Sig2, false), + ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig1),PubKey), false), + ?line m(crypto:rsa_verify(sha, sized_binary(Msg), sized_binary(Sig1),PubKey), true), - ?line m(crypto:rsa_verify(md2, sized_binary(Msg), sized_binary(Sig_md2),PubKey), true), - ?line m(crypto:rsa_verify(md2, sized_binary(Msg), sized_binary(Sig_md5),PubKey), false), - ?line m(crypto:rsa_verify(md2, sized_binary(Msg), sized_binary(Sig_sha),PubKey), false), - - ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig_md2),PubKey), false), - ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig_md5),PubKey), true), - ?line m(crypto:rsa_verify(md5, sized_binary(Msg), sized_binary(Sig_sha),PubKey), false), - - ?line m(crypto:rsa_verify(sha, sized_binary(Msg), sized_binary(Sig_md2),PubKey), false), - ?line m(crypto:rsa_verify(sha, sized_binary(Msg), sized_binary(Sig_md5),PubKey), false), - ?line m(crypto:rsa_verify(sha, sized_binary(Msg), sized_binary(Sig_sha),PubKey), true), - ok. dsa_sign_test(doc) -> diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index b3ce49e2ca..9a3832c68b 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -79,7 +79,7 @@ <p><code> rsa_padding() = 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'</code></p> - <p><code> rsa_digest_type() = 'md2' | 'md5' | 'sha' </code></p> + <p><code> rsa_digest_type() = 'md5' | 'sha' </code></p> <p><code> dss_digest_type() = 'none' | 'sha' </code></p> diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl index 61082a1ec5..5ab9642279 100644 --- a/lib/public_key/src/pubkey_cert.erl +++ b/lib/public_key/src/pubkey_cert.erl @@ -38,7 +38,7 @@ %%==================================================================== %%-------------------------------------------------------------------- --spec verify_data(DER::binary()) -> {md2 | md5 | sha, binary(), binary()}. +-spec verify_data(DER::binary()) -> {md5 | sha, binary(), binary()}. %% %% Description: Extracts data from DerCert needed to call public_key:verify/4. %%-------------------------------------------------------------------- @@ -378,8 +378,6 @@ digest_type(?sha1WithRSAEncryption) -> sha; digest_type(?md5WithRSAEncryption) -> md5; -digest_type(?md2WithRSAEncryption) -> - md2; digest_type(?'id-dsa-with-sha1') -> sha. diff --git a/lib/public_key/src/public_key.appup.src b/lib/public_key/src/public_key.appup.src index 18fae54d18..4986801dad 100644 --- a/lib/public_key/src/public_key.appup.src +++ b/lib/public_key/src/public_key.appup.src @@ -1,12 +1,6 @@ %% -*- erlang -*- {"%VSN%", [ - {"0.12", - [ - {update, public_key, soft, soft_purge, soft_purge, []}, - {update, pubkey_cert, soft, soft_purge, soft_purge, []}, - ] - }, {"0.11", [ {update, public_key, soft, soft_purge, soft_purge, []}, @@ -41,12 +35,6 @@ } ], [ - {"0.12", - [ - {update, public_key, soft, soft_purge, soft_purge, []}, - {update, pubkey_cert, soft, soft_purge, soft_purge, []}, - ] - }, {"0.11", [ {update, public_key, soft, soft_purge, soft_purge, []}, diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 940efffcd0..33fcce2c44 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -55,7 +55,7 @@ -type rsa_padding() :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' | 'rsa_no_padding'. -type public_crypt_options() :: [{rsa_pad, rsa_padding()}]. --type rsa_digest_type() :: 'md2' | 'md5' | 'sha'. +-type rsa_digest_type() :: 'md5' | 'sha'. -type dss_digest_type() :: 'none' | 'sha'. -define(UINT32(X), X:32/unsigned-big-integer). @@ -307,8 +307,7 @@ encrypt_private(PlainText, #'RSAPrivateKey'{modulus = N, sign(PlainText, DigestType, #'RSAPrivateKey'{modulus = N, publicExponent = E, privateExponent = D}) when is_binary(PlainText), - (DigestType == md2 orelse - DigestType == md5 orelse + (DigestType == md5 orelse DigestType == sha) -> crypto:rsa_sign(DigestType, sized_binary(PlainText), [crypto:mpint(E), @@ -336,10 +335,7 @@ sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) %%-------------------------------------------------------------------- verify(PlainText, DigestType, Signature, #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) - when is_binary(PlainText), - (DigestType == md2 orelse - DigestType == md5 orelse - DigestType == sha) -> + when is_binary (PlainText), DigestType == sha; DigestType == md5 -> crypto:rsa_verify(DigestType, sized_binary(PlainText), sized_binary(Signature), diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index a9c198c581..b11e4d092a 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -537,10 +537,7 @@ rsa_sign_verify(Config) when is_list(Config) -> false = public_key:verify(Msg, sha, <<1:8, RSASign/binary>>, PublicRSA), RSASign1 = public_key:sign(Msg, md5, PrivateRSA), - true = public_key:verify(Msg, md5, RSASign1, PublicRSA), - - RSASign2 = public_key:sign(Msg, md2, PrivateRSA), - true = public_key:verify(Msg, md2, RSASign2, PublicRSA). + true = public_key:verify(Msg, md5, RSASign1, PublicRSA). %%-------------------------------------------------------------------- diff --git a/lib/public_key/vsn.mk b/lib/public_key/vsn.mk index 66ac78a65d..3c6b012152 100644 --- a/lib/public_key/vsn.mk +++ b/lib/public_key/vsn.mk @@ -1 +1 @@ -PUBLIC_KEY_VSN = 0.13 +PUBLIC_KEY_VSN = 0.12 |