diff options
author | Hans Nilsson <[email protected]> | 2018-09-06 12:55:34 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2018-09-14 11:57:56 +0200 |
commit | ff4dee51f4c6602cdbbdbad9ad0ce2068f34265d (patch) | |
tree | 299671cce582d9eafe9a32e2dbe20dcc6a29edb2 /lib/crypto | |
parent | 51dcd166c58bf371da4c85250c8d76c27b4148da (diff) | |
download | otp-ff4dee51f4c6602cdbbdbad9ad0ce2068f34265d.tar.gz otp-ff4dee51f4c6602cdbbdbad9ad0ce2068f34265d.tar.bz2 otp-ff4dee51f4c6602cdbbdbad9ad0ce2068f34265d.zip |
crypto: Add 'rsa_opts' to crypto:supports/0
Needed in future versions of the SSL application.
Diffstat (limited to 'lib/crypto')
-rw-r--r-- | lib/crypto/c_src/crypto.c | 48 | ||||
-rw-r--r-- | lib/crypto/src/crypto.erl | 11 |
2 files changed, 48 insertions, 11 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 6949df4b8e..ad84d9cd35 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -211,12 +211,17 @@ # define HAVE_ECB_IVEC_BUG #endif -#define HAVE_RSA_SSLV23_PADDING -#if defined(HAS_LIBRESSL) \ - && LIBRESSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(2,6,1) -# undef HAVE_RSA_SSLV23_PADDING +#ifdef RSA_SSLV23_PADDING +# define HAVE_RSA_SSLV23_PADDING #endif +// OpenSSL >= 1.0.2 +#ifdef RSA_PKCS1_PSS_PADDING +# define HAVE_RSA_PKCS1_PSS_PADDING +#endif + + + #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'h') \ && defined(HAVE_EC) /* If OPENSSL_NO_EC is set, there will be an error in ec.h included from engine.h @@ -1319,6 +1324,8 @@ static int algo_mac_cnt, algo_mac_fips_cnt; static ERL_NIF_TERM algo_mac[3]; /* increase when extending the list */ static int algo_curve_cnt, algo_curve_fips_cnt; static ERL_NIF_TERM algo_curve[87]; /* increase when extending the list */ +static int algo_rsa_opts_cnt, algo_rsa_opts_fips_cnt; +static ERL_NIF_TERM algo_rsa_opts[10]; /* increase when extending the list */ static void init_algorithms_types(ErlNifEnv* env) { @@ -1530,12 +1537,36 @@ static void init_algorithms_types(ErlNifEnv* env) algo_curve[algo_curve_cnt++] = enif_make_atom(env,"x448"); #endif + // Validated algorithms first + algo_rsa_opts_cnt = 0; +#ifdef HAS_EVP_PKEY_CTX +# ifdef HAVE_RSA_PKCS1_PSS_PADDING + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_pkcs1_pss_padding"); + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_pss_saltlen"); +# endif + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_mgf1_md"); +# ifdef HAVE_RSA_OAEP_MD + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_oaep_label"); + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_oaep_md"); +# endif + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"signature_md"); +#endif + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_pkcs1_padding"); + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_x931_padding"); +#ifdef HAVE_RSA_SSLV23_PADDING + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_sslv23_padding"); +#endif + algo_rsa_opts[algo_rsa_opts_cnt++] = enif_make_atom(env,"rsa_no_padding"); + algo_rsa_opts_fips_cnt = algo_rsa_opts_cnt; + + // Check that the max number of algos is updated ASSERT(algo_hash_cnt <= sizeof(algo_hash)/sizeof(ERL_NIF_TERM)); ASSERT(algo_pubkey_cnt <= sizeof(algo_pubkey)/sizeof(ERL_NIF_TERM)); ASSERT(algo_cipher_cnt <= sizeof(algo_cipher)/sizeof(ERL_NIF_TERM)); ASSERT(algo_mac_cnt <= sizeof(algo_mac)/sizeof(ERL_NIF_TERM)); ASSERT(algo_curve_cnt <= sizeof(algo_curve)/sizeof(ERL_NIF_TERM)); + ASSERT(algo_rsa_opts_cnt <= sizeof(algo_rsa_opts)/sizeof(ERL_NIF_TERM)); } static ERL_NIF_TERM algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) @@ -1547,19 +1578,22 @@ static ERL_NIF_TERM algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv int cipher_cnt = fips_mode ? algo_cipher_fips_cnt : algo_cipher_cnt; int mac_cnt = fips_mode ? algo_mac_fips_cnt : algo_mac_cnt; int curve_cnt = fips_mode ? algo_curve_fips_cnt : algo_curve_cnt; + int rsa_opts_cnt = fips_mode ? algo_rsa_opts_fips_cnt : algo_rsa_opts_cnt; #else int hash_cnt = algo_hash_cnt; int pubkey_cnt = algo_pubkey_cnt; int cipher_cnt = algo_cipher_cnt; int mac_cnt = algo_mac_cnt; int curve_cnt = algo_curve_cnt; + int rsa_opts_cnt = algo_rsa_opts_cnt; #endif - return enif_make_tuple5(env, + return enif_make_tuple6(env, enif_make_list_from_array(env, algo_hash, hash_cnt), enif_make_list_from_array(env, algo_pubkey, pubkey_cnt), enif_make_list_from_array(env, algo_cipher, cipher_cnt), enif_make_list_from_array(env, algo_mac, mac_cnt), - enif_make_list_from_array(env, algo_curve, curve_cnt) + enif_make_list_from_array(env, algo_curve, curve_cnt), + enif_make_list_from_array(env, algo_rsa_opts, rsa_opts_cnt) ); } @@ -4385,7 +4419,7 @@ static int get_pkey_sign_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF if (tpl_terms[1] == atom_rsa_pkcs1_padding) { opt->rsa_padding = RSA_PKCS1_PADDING; } else if (tpl_terms[1] == atom_rsa_pkcs1_pss_padding) { -#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,0,0) +#ifdef HAVE_RSA_PKCS1_PSS_PADDING opt->rsa_padding = RSA_PKCS1_PSS_PADDING; if (opt->rsa_mgf1_md == NULL) { opt->rsa_mgf1_md = md; diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index c64586897e..7d8f0479ee 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -319,7 +319,8 @@ stop() -> | {ciphers, Ciphers} | {public_keys, PKs} | {macs, Macs} - | {curves, Curves}, + | {curves, Curves} + | {rsa_opts, RSAopts}, Hashs :: [sha1() | sha2() | sha3() | ripemd160 | compatibility_only_hash()], Ciphers :: [stream_cipher() | block_cipher_with_iv() | block_cipher_without_iv() @@ -327,14 +328,16 @@ stop() -> ], PKs :: [rsa | dss | ecdsa | dh | ecdh | ec_gf2m], Macs :: [hmac | cmac | poly1305], - Curves :: [ec_named_curve() | edwards_curve()]. + Curves :: [ec_named_curve() | edwards_curve()], + RSAopts :: [rsa_sign_verify_opt() | rsa_opt()] . supports()-> - {Hashs, PubKeys, Ciphers, Macs, Curves} = algorithms(), + {Hashs, PubKeys, Ciphers, Macs, Curves, RsaOpts} = algorithms(), [{hashs, Hashs}, {ciphers, Ciphers}, {public_keys, PubKeys}, {macs, Macs}, - {curves, Curves} + {curves, Curves}, + {rsa_opts, RsaOpts} ]. -spec info_lib() -> [{Name,VerNum,VerStr}] when Name :: binary(), |