Merge branch 'cr/md2-With-RSA-Encryption' into dev

* cr/md2-With-RSA-Encryption:
  Document crypto:sha_mac_96/2 to compute an SHA MAC, not MD5
  Support md2WithRSAEncryption certificates in public_key
  Support 'md2' hash in crypto:rsa_sign/3 and crypto:rsa_verify/4

OTP-9554

4 files changed, 15 insertions, 6 deletions

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 9a3832c68b..b3ce49e2ca 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -79,7 +79,7 @@
     <p><code> rsa_padding() =  'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding'
     | 'rsa_no_padding'</code></p>
     
-    <p><code> rsa_digest_type()  = 'md5' | 'sha' </code></p>
+    <p><code> rsa_digest_type()  = 'md2' | 'md5' | 'sha' </code></p>
 
     <p><code> dss_digest_type()  = 'none' | 'sha' </code></p>
 
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 5ab9642279..61082a1ec5 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -38,7 +38,7 @@
 %%====================================================================
 
 %%--------------------------------------------------------------------
--spec verify_data(DER::binary()) -> {md5 | sha,  binary(), binary()}.
+-spec verify_data(DER::binary()) -> {md2 | md5 | sha,  binary(), binary()}.
 %%
 %% Description: Extracts data from DerCert needed to call public_key:verify/4.
 %%--------------------------------------------------------------------	 
@@ -378,6 +378,8 @@ digest_type(?sha1WithRSAEncryption) ->
     sha;
 digest_type(?md5WithRSAEncryption) ->
     md5;
+digest_type(?md2WithRSAEncryption) ->
+    md2;
 digest_type(?'id-dsa-with-sha1') ->
     sha.
 
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 33fcce2c44..940efffcd0 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -55,7 +55,7 @@
 -type rsa_padding()          :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' 
 			      | 'rsa_no_padding'.
 -type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
--type rsa_digest_type()      :: 'md5' | 'sha'.
+-type rsa_digest_type()      :: 'md2' | 'md5' | 'sha'.
 -type dss_digest_type()      :: 'none' | 'sha'.
 
 -define(UINT32(X), X:32/unsigned-big-integer).
@@ -307,7 +307,8 @@ encrypt_private(PlainText, #'RSAPrivateKey'{modulus = N,
 sign(PlainText, DigestType,  #'RSAPrivateKey'{modulus = N,  publicExponent = E,
 					      privateExponent = D}) 
   when is_binary(PlainText),
-       (DigestType == md5 orelse
+       (DigestType == md2 orelse
+	DigestType == md5 orelse
 	DigestType == sha) ->
     
     crypto:rsa_sign(DigestType, sized_binary(PlainText), [crypto:mpint(E),
@@ -335,7 +336,10 @@ sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
 %%--------------------------------------------------------------------
 verify(PlainText, DigestType, Signature, 
        #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) 
-  when is_binary (PlainText), DigestType == sha; DigestType == md5 ->
+  when is_binary(PlainText),
+       (DigestType == md2 orelse
+	DigestType == md5 orelse
+	DigestType == sha) ->
     crypto:rsa_verify(DigestType,
 		      sized_binary(PlainText), 
 		      sized_binary(Signature), 
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index b11e4d092a..a9c198c581 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -537,7 +537,10 @@ rsa_sign_verify(Config) when is_list(Config) ->
     false = public_key:verify(Msg, sha, <<1:8, RSASign/binary>>, PublicRSA), 
 
     RSASign1 = public_key:sign(Msg, md5, PrivateRSA),
-    true = public_key:verify(Msg, md5, RSASign1, PublicRSA).
+    true = public_key:verify(Msg, md5, RSASign1, PublicRSA),
+
+    RSASign2 = public_key:sign(Msg, md2, PrivateRSA),
+    true = public_key:verify(Msg, md2, RSASign2, PublicRSA).
     
 %%--------------------------------------------------------------------