ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0

8 files changed, 83 insertions, 38 deletions

diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index cac8f6ef28..b4e471111a 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -142,21 +142,16 @@
 
      <p><code>des3_key() = [binary(), binary(), binary()] </code> Each key part is 64 bits (in CBC mode only 8 bits are used)</p>
 
-     <p><code> message_digest_algorithms() =  md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 </code> md4 is aslo supported for hash_init/1 and hash/2.
+     <p><code>digest_type() =  md5 | sha | sha224 | sha256 | sha384 | sha512</code></p>
+     <p><code> hash_algorithms() =  md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 </code> md4 is aslo supported for hash_init/1 and hash/2.
      Note that both md4 and md5 are recommended only for compatibility with existing applications.
      </p>
+     <p><code> cipher_algorithms() =  des | des3 | aes | blowfish | rc2 | rc4 </code> </p>
+     <p><code> public_key_algorithms() =   rsa |dss | ecdsa | dh | ecdh </code> </p>
+     
  </section>
 
   <funcs>
-    <func>
-      <name>algorithms() -> [message_digest_algorithms() | md4 | ec]</name>
-      <fsummary>Provide a list of available crypto algorithms.</fsummary>
-      <desc>
-        <p> Can be used to determine if the crypto library has support for elliptic curve (ec) and
-	which message digest algorithms that are supported.</p>
-      </desc>
-    </func>
-
       <func>
       <name>block_encrypt(Type, Key, Ivec, PlainText) -> CipherText</name>
       <fsummary>Encrypt <c>PlainText</c>according to <c>Type</c> block cipher</fsummary>
@@ -665,6 +660,22 @@
       </desc>
     </func>
 
+   <func>
+      <name>supports() -> AlgorithmList </name>
+      <fsummary>Provide a list of available crypto algorithms.</fsummary>
+      <type>
+      <v> AlgorithmList =  [{hashs, [hash_algorithms()]},
+                            {ciphers, [cipher_algorithms()]},
+			    {public_keys, [public_key_algorithms()]}
+      </v>
+      </type>
+      <desc>
+        <p> Can be used to determine which crypto algorithms that are supported
+	by the underlying OpenSSL library</p>
+      </desc>
+    </func>
+
+    
   <func>
       <name>verify(Algorithm, DigestType, Msg, Signature, Key) -> boolean()</name>
       <fsummary>Verifies a digital signature.</fsummary>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index dde53b1217..8c61084f3e 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -21,7 +21,7 @@
 
 -module(crypto).
 
--export([start/0, stop/0, info_lib/0, algorithms/0, version/0, binary_to_integer/1]).
+-export([start/0, stop/0, info_lib/0, supports/0, version/0, binary_to_integer/1]).
 -export([hash/2, hash_init/1, hash_update/2, hash_final/1]).
 -export([sign/4, verify/5]).
 -export([generate_key/2, generate_key/3, compute_key/4]).
@@ -218,7 +218,7 @@
 		    des_cbc_ivec, des_cfb_ivec,
 		    info,
 		    %%
-		    info_lib, algorithms]).
+		    info_lib, supports]).
 
 -type mpint() :: binary().
 -type rsa_digest_type() :: 'md5' | 'sha' | 'sha224' | 'sha256' | 'sha384' | 'sha512'.
@@ -306,6 +306,22 @@ info_lib() -> ?nif_stub.
 
 algorithms() -> ?nif_stub.
 
+supports()->
+    Algs = algorithms(),
+    PubKeyAlgs = 
+	case lists:member(ec, Algs) of
+	    true ->
+		{public_keys, [rsa, dss, ecdsa, dh, ecdh]};
+	    false ->
+		{public_keys, [rsa, dss, dh]}
+	end,
+    [{hashs, Algs -- [ec]},
+     {ciphers, [des_cbc, des_cfb,  des3_cbc, des3_cbf, des_ede3, blowfish_cbc,
+		blowfish_cfb64, aes_cbc128, aes_cfb128, aes_cbc256, rc2_cbc, aes_ctr, rc4
+	       ]},
+     PubKeyAlgs
+    ].
+
 %% Crypto app version history:
 %% (no version): Driver implementation
 %% 2.0         : NIF implementation, requires OTP R14
@@ -756,10 +772,12 @@ block_decrypt(des_ecb, Key, Data) ->
 block_decrypt(blowfish_ecb, Key, Data) ->
     blowfish_ecb_decrypt(Key, Data).
 
--spec next_iv(des_cbc | aes_cbc, Data::iodata()) -> binary().
+-spec next_iv(des_cbc | des3_cbc | aes_cbc, Data::iodata()) -> binary().
 
 next_iv(des_cbc, Data) ->
     des_cbc_ivec(Data);
+next_iv(des3_cbc, Data) ->
+    des_cbc_ivec(Data);
 next_iv(aes_cbc, Data) ->
     aes_cbc_ivec(Data).
 
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index eddb6b83f9..57f5696d3c 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -2334,7 +2334,11 @@ openssl_version() ->
     end.
 
 if_supported(Algorithm, Fun) ->
-    case proplists:get_bool(Algorithm, crypto:algorithms()) of
+    [{hashs, Hashs},
+     {ciphers, Ciphers},
+     {public_keys, Pubkeys}]
+	= crypto:supports(),
+    case proplists:get_bool(Algorithm, Hashs ++ Ciphers ++ Pubkeys) of
 	true ->
 	    Fun();
 	_ ->
diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl
index 8cdf0aaae3..c490493e13 100644
--- a/lib/public_key/test/pkits_SUITE.erl
+++ b/lib/public_key/test/pkits_SUITE.erl
@@ -758,7 +758,9 @@ warning(Format, Args, File0, Line) ->
     io:format("~s(~p): Warning "++Format, [File,Line|Args]).
 
 crypto_support_check(Config) ->
-    case proplists:get_bool(sha256, crypto:algorithms()) of
+    CryptoSupport = crypto:supports(),
+    Hashs = proplists:get_value(hashs, CryptoSupport),
+    case proplists:get_bool(sha256, Hashs) of
 	true ->
 	    Config;
 	false ->
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index dc413d6dfc..898b421dff 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1024,30 +1024,32 @@ filter(DerCert, Ciphers) ->
 %% Description: filter suites for algorithms
 %%-------------------------------------------------------------------
 filter_suites(Suites = [{_,_,_}|_]) ->
-    Algos = crypto:algorithms(),
+    Algos = crypto:supports(),
     lists:filter(fun({KeyExchange, Cipher, Hash}) ->
-			 is_acceptable_keyexchange(KeyExchange, Algos) andalso
-			     is_acceptable_cipher(Cipher, Algos) andalso
-			     is_acceptable_hash(Hash, Algos)
+			 is_acceptable_keyexchange(KeyExchange,  proplists:get_value(public_keys, Algos)) andalso
+			     is_acceptable_cipher(Cipher,  proplists:get_value(ciphers, Algos)) andalso
+			     is_acceptable_hash(Hash,  proplists:get_value(hashs, Algos))
 		 end, Suites);
 
 filter_suites(Suites = [{_,_,_,_}|_]) ->
-    Algos = crypto:algorithms(),
+    Algos = crypto:supports(),
+    Hashs =  proplists:get_value(hashs, Algos),
     lists:filter(fun({KeyExchange, Cipher, Hash, Prf}) ->
-			 is_acceptable_keyexchange(KeyExchange, Algos) andalso
-			     is_acceptable_cipher(Cipher, Algos) andalso
-			     is_acceptable_hash(Hash, Algos) andalso
-			     is_acceptable_prf(Prf, Algos)
+			 is_acceptable_keyexchange(KeyExchange, proplists:get_value(public_keys, Algos)) andalso
+			     is_acceptable_cipher(Cipher, proplists:get_value(ciphers, Algos)) andalso
+			     is_acceptable_hash(Hash, Hashs) andalso
+			     is_acceptable_prf(Prf, Hashs)
 		 end, Suites);
 
 filter_suites(Suites) ->
-    Algos = crypto:algorithms(),
+    Algos = crypto:supports(),
+    Hashs =  proplists:get_value(hashs, Algos),
     lists:filter(fun(Suite) ->
 			 {KeyExchange, Cipher, Hash, Prf} = ssl_cipher:suite_definition(Suite),
-			 is_acceptable_keyexchange(KeyExchange, Algos) andalso
-			     is_acceptable_cipher(Cipher, Algos) andalso
-			     is_acceptable_hash(Hash, Algos) andalso
-			     is_acceptable_prf(Prf, Algos)
+			 is_acceptable_keyexchange(KeyExchange, proplists:get_value(public_keys, Algos)) andalso
+			     is_acceptable_cipher(Cipher,  proplists:get_value(ciphers, Algos)) andalso
+			     is_acceptable_hash(Hash, Hashs) andalso
+			     is_acceptable_prf(Prf, Hashs)
 		 end, Suites).
 
 is_acceptable_keyexchange(KeyExchange, Algos)
@@ -1056,7 +1058,7 @@ is_acceptable_keyexchange(KeyExchange, Algos)
        KeyExchange == ecdh_rsa;
        KeyExchange == ecdhe_rsa;
        KeyExchange == ecdh_anon ->
-    proplists:get_bool(ec, Algos);
+    proplists:get_bool(ecdh, Algos);
 is_acceptable_keyexchange(_, _) ->
     true.
 
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index e358cbe9bb..24ea86311f 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -840,7 +840,8 @@ select_next_protocol(Protocols, NextProtocolSelector) ->
     end.
 
 default_ecc_extensions(Version) ->
-    case proplists:get_bool(ec, crypto:algorithms()) of
+    CryptoSupport = proplists:get_value(public_keys, crypto:supports()),
+    case proplists:get_bool(ecdh, CryptoSupport) of
 	true ->
 	    EcPointFormats = #ec_point_formats{ec_point_format_list = [?ECPOINT_UNCOMPRESSED]},
 	    EllipticCurves = #elliptic_curves{elliptic_curve_list = ssl_tls1:ecc_curves(Version)},
@@ -850,7 +851,8 @@ default_ecc_extensions(Version) ->
     end.
 
 handle_ecc_extensions(Version, EcPointFormats0, EllipticCurves0) ->
-    case proplists:get_bool(ec, crypto:algorithms()) of
+    CryptoSupport = proplists:get_value(public_keys, crypto:supports()),
+    case proplists:get_bool(ecdh, CryptoSupport) of
 	true ->
 	    EcPointFormats1 = handle_ecc_point_fmt_extension(EcPointFormats0),
 	    EllipticCurves1 = handle_ecc_curves_extension(Version, EllipticCurves0),
@@ -1767,7 +1769,8 @@ default_hash_signs() ->
 		 ?TLSEXT_SIGALG(sha),
 		 ?TLSEXT_SIGALG_DSA(sha),
 		 ?TLSEXT_SIGALG_RSA(md5)],
-    HasECC = proplists:get_bool(ec, crypto:algorithms()),
+    CryptoSupport = proplists:get_value(public_keys, crypto:supports()),
+    HasECC = proplists:get_bool(ecdsa, CryptoSupport),
     #hash_sign_algos{hash_sign_algos =
 			 lists:filter(fun({_, ecdsa}) -> HasECC;
 					 (_) -> true end, HashSigns)}.
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index 50b1b2cda9..2a3356d60f 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -712,4 +712,5 @@ mac_hash({3, N} = Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment)
 		      Length, Fragment).
 
 sufficient_tlsv1_2_crypto_support() ->
-    proplists:get_bool(sha256, crypto:algorithms()).
+    CryptoSupport = crypto:supports(),
+    proplists:get_bool(sha256, proplists:get_value(hashs, CryptoSupport)).
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index ac7cbab883..255df92d77 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -405,7 +405,8 @@ make_dsa_cert(Config) ->
      | Config].
 
 make_ecdsa_cert(Config) ->
-    case proplists:get_bool(ec, crypto:algorithms()) of
+    CryptoSupport = crypto:supports(),
+    case proplists:get_bool(ecdsa, proplists:get_value(public_keys, CryptoSupport)) of
 	    true ->
 	    {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, ec, ec, ""),
 	    {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, ec, ec, ""),
@@ -429,7 +430,8 @@ make_ecdsa_cert(Config) ->
 %%    This key exchange algorithm is the same as ECDH_ECDSA except that the
 %%    server's certificate MUST be signed with RSA rather than ECDSA.
 make_ecdh_rsa_cert(Config) ->
-    case proplists:get_bool(ec, crypto:algorithms()) of
+    CryptoSupport = crypto:supports(),
+    case proplists:get_bool(ecdh, proplists:get_value(public_keys, CryptoSupport)) of
 	true ->
 	    {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, rsa, ec, "rsa_"),
 	    {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, rsa, ec, "rsa_"),
@@ -939,9 +941,11 @@ init_tls_version(Version) ->
     ssl:start().
 
 sufficient_crypto_support('tlsv1.2') ->
-    proplists:get_bool(sha256, crypto:algorithms());
+    CryptoSupport = crypto:supports(),
+    proplists:get_bool(sha256, proplists:get_value(hashs, CryptoSupport));
 sufficient_crypto_support(ciphers_ec) ->
-    proplists:get_bool(ec, crypto:algorithms());
+    CryptoSupport = crypto:supports(),
+    proplists:get_bool(ecdh, proplists:get_value(public_keys, CryptoSupport));
 sufficient_crypto_support(_) ->
     true.