aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2019-04-08 14:33:12 +0200
committerHans Nilsson <[email protected]>2019-04-10 10:38:10 +0200
commit39e7ecc0b3c5cbe529093f126189eadbf83d3a80 (patch)
tree88b0d95bde8a633c6fbb57b7dcc3f2f4a6faee6a
parentf088a25bebcb74668dac21dc3b686fc2bea4502e (diff)
downloadotp-39e7ecc0b3c5cbe529093f126189eadbf83d3a80.tar.gz
otp-39e7ecc0b3c5cbe529093f126189eadbf83d3a80.tar.bz2
otp-39e7ecc0b3c5cbe529093f126189eadbf83d3a80.zip
crypto: Obey compile flags for no DSA, BF, DES, DH
-rw-r--r--lib/crypto/c_src/algorithms.c4
-rw-r--r--lib/crypto/c_src/cipher.c13
-rw-r--r--lib/crypto/c_src/dh.c8
-rw-r--r--lib/crypto/c_src/dss.c4
-rw-r--r--lib/crypto/c_src/dss.h2
-rw-r--r--lib/crypto/c_src/openssl_config.h19
-rw-r--r--lib/crypto/c_src/pkey.c31
-rw-r--r--lib/crypto/src/crypto.erl17
-rw-r--r--lib/crypto/test/engine_SUITE.erl30
9 files changed, 116 insertions, 12 deletions
diff --git a/lib/crypto/c_src/algorithms.c b/lib/crypto/c_src/algorithms.c
index 1d45ed9df2..20707c0531 100644
--- a/lib/crypto/c_src/algorithms.c
+++ b/lib/crypto/c_src/algorithms.c
@@ -80,8 +80,12 @@ void init_algorithms_types(ErlNifEnv* env)
algo_pubkey_cnt = 0;
algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "rsa");
+#ifdef HAVE_DSA
algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "dss");
+#endif
+#ifdef HAVE_DH
algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "dh");
+#endif
#if defined(HAVE_EC)
#if !defined(OPENSSL_NO_EC2M)
algo_pubkey[algo_pubkey_cnt++] = enif_make_atom(env, "ec_gf2m");
diff --git a/lib/crypto/c_src/cipher.c b/lib/crypto/c_src/cipher.c
index 13de3562e8..8f0c93c5db 100644
--- a/lib/crypto/c_src/cipher.c
+++ b/lib/crypto/c_src/cipher.c
@@ -20,10 +20,10 @@
#include "cipher.h"
-#ifdef OPENSSL_NO_DES
-#define COND_NO_DES_PTR(Ptr) (NULL)
-#else
+#ifdef HAVE_DES
#define COND_NO_DES_PTR(Ptr) (Ptr)
+#else
+#define COND_NO_DES_PTR(Ptr) (NULL)
#endif
static struct cipher_type_t cipher_types[] =
@@ -50,10 +50,17 @@ static struct cipher_type_t cipher_types[] =
{{"des_ede3_cfb"}, {NULL}, 0, 0},
#endif
+#ifdef HAVE_BF
{{"blowfish_cbc"}, {&EVP_bf_cbc}, 0, NO_FIPS_CIPHER},
{{"blowfish_cfb64"}, {&EVP_bf_cfb64}, 0, NO_FIPS_CIPHER},
{{"blowfish_ofb64"}, {&EVP_bf_ofb}, 0, NO_FIPS_CIPHER},
{{"blowfish_ecb"}, {&EVP_bf_ecb}, 0, NO_FIPS_CIPHER | ECB_BUG_0_9_8L},
+#else
+ {{"blowfish_cbc"}, {NULL}, 0, 0},
+ {{"blowfish_cfb64"}, {NULL}, 0, 0},
+ {{"blowfish_ofb64"}, {NULL}, 0, 0},
+ {{"blowfish_ecb"}, {NULL}, 0, 0},
+#endif
{{"aes_cbc"}, {&EVP_aes_128_cbc}, 16, 0},
{{"aes_cbc"}, {&EVP_aes_192_cbc}, 24, 0},
diff --git a/lib/crypto/c_src/dh.c b/lib/crypto/c_src/dh.c
index 38eb534d99..13a2336f25 100644
--- a/lib/crypto/c_src/dh.c
+++ b/lib/crypto/c_src/dh.c
@@ -23,6 +23,7 @@
ERL_NIF_TERM dh_generate_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (PrivKey|undefined, DHParams=[P,G], Mpint, Len|0) */
+#ifdef HAVE_DH
DH *dh_params = NULL;
unsigned int mpint; /* 0 or 4 */
ERL_NIF_TERM head, tail;
@@ -187,10 +188,14 @@ ERL_NIF_TERM dh_generate_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
#endif
return ret;
+#else
+ return enif_raise_exception(env, atom_notsup);
+#endif
}
ERL_NIF_TERM dh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (OthersPublicKey, MyPrivateKey, DHParams=[P,G]) */
+#ifdef HAVE_DH
BIGNUM *other_pub_key = NULL;
BIGNUM *dh_p = NULL;
BIGNUM *dh_g = NULL;
@@ -291,4 +296,7 @@ ERL_NIF_TERM dh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM arg
DH_free(dh_priv);
return ret;
+#else
+ return enif_raise_exception(env, atom_notsup);
+#endif
}
diff --git a/lib/crypto/c_src/dss.c b/lib/crypto/c_src/dss.c
index 9bf8eb3ce0..63268f0f2b 100644
--- a/lib/crypto/c_src/dss.c
+++ b/lib/crypto/c_src/dss.c
@@ -21,6 +21,8 @@
#include "dss.h"
#include "bn.h"
+#ifdef HAVE_DSA
+
int get_dss_private_key(ErlNifEnv* env, ERL_NIF_TERM key, DSA *dsa)
{
/* key=[P,Q,G,KEY] */
@@ -142,3 +144,5 @@ int get_dss_public_key(ErlNifEnv* env, ERL_NIF_TERM key, DSA *dsa)
BN_free(dsa_y);
return 0;
}
+
+#endif
diff --git a/lib/crypto/c_src/dss.h b/lib/crypto/c_src/dss.h
index 3275657e98..07e28ca7c5 100644
--- a/lib/crypto/c_src/dss.h
+++ b/lib/crypto/c_src/dss.h
@@ -23,7 +23,9 @@
#include "common.h"
+#ifdef HAVE_DSA
int get_dss_private_key(ErlNifEnv* env, ERL_NIF_TERM key, DSA *dsa);
int get_dss_public_key(ErlNifEnv* env, ERL_NIF_TERM key, DSA *dsa);
+#endif
#endif /* E_DSS_H__ */
diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h
index f926f8af13..339eb5b8f4 100644
--- a/lib/crypto/c_src/openssl_config.h
+++ b/lib/crypto/c_src/openssl_config.h
@@ -25,9 +25,8 @@
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
-#ifndef OPENSSL_NO_DES
#include <openssl/des.h>
-#endif /* #ifndef OPENSSL_NO_DES */
+
/* #include <openssl/idea.h> This is not supported on the openssl OTP requires */
#include <openssl/dsa.h>
#include <openssl/rsa.h>
@@ -166,6 +165,22 @@
# define HAVE_BLAKE2
#endif
+#ifndef OPENSSL_NO_BF
+# define HAVE_BF
+#endif
+
+#ifndef OPENSSL_NO_DES
+# define HAVE_DES
+#endif
+
+#ifndef OPENSSL_NO_DH
+# define HAVE_DH
+#endif
+
+#ifndef OPENSSL_NO_DSA
+# define HAVE_DSA
+#endif
+
#ifndef OPENSSL_NO_MD4
# define HAVE_MD4
#endif
diff --git a/lib/crypto/c_src/pkey.c b/lib/crypto/c_src/pkey.c
index 638bb588fa..a1e2677b34 100644
--- a/lib/crypto/c_src/pkey.c
+++ b/lib/crypto/c_src/pkey.c
@@ -254,7 +254,9 @@ static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_
{
EVP_PKEY *result = NULL;
RSA *rsa = NULL;
+#ifdef HAVE_DSA
DSA *dsa = NULL;
+#endif
#if defined(HAVE_EC)
EC_KEY *ec = NULL;
#endif
@@ -327,6 +329,7 @@ static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_
return PKEY_NOTSUP;
#endif
} else if (algorithm == atom_dss) {
+#ifdef HAVE_DSA
if ((dsa = DSA_new()) == NULL)
goto err;
if (!get_dss_private_key(env, key, dsa))
@@ -340,9 +343,9 @@ static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_
dsa = NULL;
} else {
+#endif
return PKEY_BADARG;
}
-
goto done;
err:
@@ -357,8 +360,10 @@ static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_
enif_free(id);
if (rsa)
RSA_free(rsa);
+#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
+#endif
#ifdef HAVE_EC
if (ec)
EC_KEY_free(ec);
@@ -377,7 +382,9 @@ static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_T
{
EVP_PKEY *result = NULL;
RSA *rsa = NULL;
+#ifdef HAVE_DSA
DSA *dsa = NULL;
+#endif
#if defined(HAVE_EC)
EC_KEY *ec = NULL;
#endif
@@ -449,6 +456,7 @@ static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_T
return PKEY_NOTSUP;
#endif
} else if (algorithm == atom_dss) {
+#ifdef HAVE_DSA
if ((dsa = DSA_new()) == NULL)
goto err;
@@ -461,7 +469,9 @@ static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_T
goto err;
/* On success, result owns dsa */
dsa = NULL;
-
+#else
+ return PKEY_NOTSUP;
+#endif
} else {
return PKEY_BADARG;
}
@@ -480,8 +490,10 @@ static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_T
enif_free(id);
if (rsa)
RSA_free(rsa);
+#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
+#endif
#ifdef HAVE_EC
if (ec)
EC_KEY_free(ec);
@@ -518,7 +530,9 @@ ERL_NIF_TERM pkey_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
unsigned char *tbs; /* data to be signed */
size_t tbslen;
RSA *rsa = NULL;
+#ifdef HAVE_DSA
DSA *dsa = NULL;
+#endif
#if defined(HAVE_EC)
EC_KEY *ec = NULL;
#endif
@@ -706,8 +720,10 @@ enif_get_atom(env,argv[1],buf,1024,ERL_NIF_LATIN1); printf("hash=%s ",buf);
enif_release_binary(&sig_bin);
if (rsa)
RSA_free(rsa);
+#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
+#endif
#ifdef HAVE_EC
if (ec)
EC_KEY_free(ec);
@@ -744,7 +760,9 @@ ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]
size_t tbslen;
ERL_NIF_TERM ret;
RSA *rsa = NULL;
+#ifdef HAVE_DSA
DSA *dsa = NULL;
+#endif
#ifdef HAVE_EC
EC_KEY *ec = NULL;
#endif
@@ -890,8 +908,10 @@ ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]
EVP_PKEY_free(pkey);
if (rsa)
RSA_free(rsa);
+#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
+#endif
#ifdef HAVE_EC
if (ec)
EC_KEY_free(ec);
@@ -1358,7 +1378,9 @@ ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
ERL_NIF_TERM ret;
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
+#ifdef HAVE_DSA
DSA *dsa = NULL;
+#endif
ERL_NIF_TERM result[8];
ASSERT(argc == 2);
@@ -1383,6 +1405,7 @@ ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
ret = enif_make_list_from_array(env, result, 2);
+#ifdef HAVE_DSA
} else if (argv[0] == atom_dss) {
const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
@@ -1402,7 +1425,7 @@ ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
goto err;
ret = enif_make_list_from_array(env, result, 4);
-
+#endif
} else if (argv[0] == atom_ecdsa) {
#if defined(HAVE_EC)
/* not yet implemented
@@ -1452,8 +1475,10 @@ ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM
done:
if (rsa)
RSA_free(rsa);
+#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
+#endif
if (pkey)
EVP_PKEY_free(pkey);
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 04b2f62266..a99ab2faea 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -1058,8 +1058,21 @@ ng_crypto_one_time_nif(_Cipher, _Key, _IVec, _Data, _EncryptFlg) -> ?nif_stub.
%%%----------------------------------------------------------------
%%% Cipher aliases
%%%
-prepend_cipher_aliases(L) ->
- [des3_cbc, des_ede3, des_ede3_cbf, des3_cbf, des3_cfb, aes_cbc128, aes_cbc256 | L].
+prepend_cipher_aliases(L0) ->
+ L =
+ case lists:member(des_ede3_cbc, L0) of
+ true ->
+ [des3_cbc, des_ede3, des_ede3_cbf, des3_cbf, des3_cfb | L0];
+ false ->
+ L0
+ end,
+ case lists:member(aes_128_cbc, L0) of
+ true ->
+ [aes_cbc128, aes_cbc256 | L];
+ false ->
+ L
+ end.
+
%%%---- des_ede3_cbc
alias(des3_cbc) -> des_ede3_cbc;
diff --git a/lib/crypto/test/engine_SUITE.erl b/lib/crypto/test/engine_SUITE.erl
index 3416fbd78d..41cd132734 100644
--- a/lib/crypto/test/engine_SUITE.erl
+++ b/lib/crypto/test/engine_SUITE.erl
@@ -148,8 +148,21 @@ end_per_group(_, Config) ->
end.
%%--------------------------------------------------------------------
-init_per_testcase(_Case, Config) ->
- Config.
+init_per_testcase(Case, Config) ->
+ case string:tokens(atom_to_list(Case),"_") of
+ ["sign","verify",Type|_] ->
+ skip_if_unsup(list_to_atom(Type), Config);
+
+ ["priv","encrypt","pub","decrypt",Type|_] ->
+ skip_if_unsup(list_to_atom(Type), Config);
+
+ ["get","pub","from","priv","key",Type|_] ->
+ skip_if_unsup(list_to_atom(Type), Config);
+
+ _ ->
+ Config
+ end.
+
end_per_testcase(_Case, _Config) ->
ok.
@@ -851,6 +864,19 @@ get_pub_from_priv_key_ecdsa(Config) ->
%%%================================================================
%%% Help for engine_stored_pub_priv_keys* test cases
%%%
+skip_if_unsup(Type, Config) ->
+ case pkey_supported(Type) of
+ false ->
+ {skip, "Unsupported in this cryptolib"};
+ true ->
+ Config
+ end.
+
+
+pkey_supported(Type) ->
+ lists:member(Type, proplists:get_value(public_keys, crypto:supports(), [])).
+
+
load_storage_engine(Config) ->
load_storage_engine(Config, []).