From bd4fc9ce5e7fc0feab83e0452511dfdd17ae4ec8 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Tue, 28 Nov 2017 12:15:05 +0100
Subject: crypto: fix pubkey_to_privkey

---
 lib/crypto/c_src/crypto.c     | 20 +++++++++-----------
 lib/crypto/doc/src/crypto.xml |  4 ----
 lib/crypto/src/crypto.erl     | 10 +++++++++-
 3 files changed, 18 insertions(+), 16 deletions(-)

(limited to 'lib')

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index ca6917d56e..3914a48679 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -4825,9 +4825,10 @@ static ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NI
 
     } else if (argv[0] == atom_ecdsa) {
 #if defined(HAVE_EC)
-        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
-        if (ec) {
-            /* Example of result:
+        /* not yet implemented
+          EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
+          if (ec) {
+          / * Example of result:
                {
                  Curve =  {Field, Prime, Point, Order, CoFactor} =
                     { 
@@ -4841,7 +4842,7 @@ static ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NI
                       CoFactor = <<1>>
                     },
                 Key = <<151,...,62>>
-              }
+                }
               or
               { 
                 Curve =
@@ -4852,16 +4853,13 @@ static ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NI
                     },
                 Key
                }
-            */
+        * /
             EVP_PKEY_free(pkey);
-            return atom_notsup;
-        }
-#else
-        EVP_PKEY_free(pkey);
-        return atom_notsup;
+            return enif_make_list_from_array(env, ..., ...);
+        */
 #endif
     }
-
+    
     if (pkey) EVP_PKEY_free(pkey);
     return enif_make_badarg(env);
 }
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 554e9f5bc1..dbc42812a8 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -629,10 +629,6 @@
 	<p>Fetches the corresponding public key from a private key stored in an Engine.
 	The key must be of the type indicated by the Type parameter.
 	</p>	
-	<p>	  
-	  May throw exception notsup in case there is 
-	  no engine support in the underlying OpenSSL implementation.
-	</p>
       </desc>
     </func>
 
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 8e3d41c1e9..641e526537 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -1061,9 +1061,17 @@ ec_curve(X) ->
 
 
 privkey_to_pubkey(Alg, EngineMap) when Alg == rsa; Alg == dss; Alg == ecdsa ->
-    case notsup_to_error(privkey_to_pubkey_nif(Alg, format_pkey(Alg,EngineMap))) of
+    try privkey_to_pubkey_nif(Alg, format_pkey(Alg,EngineMap))
+    of
         [_|_]=L -> map_ensure_bin_as_int(L);
         X -> X
+    catch
+        error:badarg when Alg==ecdsa ->
+            {error, notsup};
+        error:badarg ->
+            {error, not_found};
+        error:notsup ->
+            {error, notsup}
     end.
             
 privkey_to_pubkey_nif(_Alg, _EngineMap) -> ?nif_stub.
-- 
cgit v1.2.3


From e3a55e0e3d9772b89bcad88e88d914ac2477d2e5 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Wed, 29 Nov 2017 12:52:17 +0100
Subject: crypto: engine_SUITE update

---
 lib/crypto/test/engine_SUITE.erl | 68 ++++++++++++++++++++++++++++------------
 1 file changed, 48 insertions(+), 20 deletions(-)

(limited to 'lib')

diff --git a/lib/crypto/test/engine_SUITE.erl b/lib/crypto/test/engine_SUITE.erl
index 5967331d8e..06cce832ac 100644
--- a/lib/crypto/test/engine_SUITE.erl
+++ b/lib/crypto/test/engine_SUITE.erl
@@ -432,65 +432,93 @@ pub_encrypt_priv_decrypt_rsa_pwd(Config) ->
 get_pub_from_priv_key_rsa(Config) ->
     Priv = #{engine => engine_ref(Config),
              key_id => key_id(Config, "rsa_private_key.pem")},
-    try crypto:privkey_to_pubkey(rsa, Priv) of
+    case crypto:privkey_to_pubkey(rsa, Priv) of
+        {error, not_found} ->
+            {fail, "Key not found"};
+        {error, notsup} ->
+            {skip, "RSA not supported"};
+        {error, Error} ->
+            {fail, {wrong_error,Error}};
         Pub ->
             ct:log("rsa Pub = ~p",[Pub]),
             sign_verify(rsa, sha, Priv, Pub)
-    catch
-        error:notsup -> {skip, "RSA not implemented"}
     end.
 
 get_pub_from_priv_key_rsa_pwd(Config) ->
     Priv = #{engine => engine_ref(Config),
              key_id => key_id(Config, "rsa_private_key_pwd.pem"),
              password => "password"},
-    try crypto:privkey_to_pubkey(rsa, Priv) of
+    case crypto:privkey_to_pubkey(rsa, Priv) of
+        {error, not_found} ->
+            {fail, "Key not found"};
+        {error, notsup} ->
+            {skip, "RSA not supported"};
+        {error, Error} ->
+            {fail, {wrong_error,Error}};
         Pub ->
             ct:log("rsa Pub = ~p",[Pub]),
             sign_verify(rsa, sha, Priv, Pub)
-    catch
-        error:notsup -> {skip, "RSA not supported"}
     end.
 
 get_pub_from_priv_key_rsa_pwd_no_pwd(Config) ->
     Priv = #{engine => engine_ref(Config),
              key_id => key_id(Config, "rsa_private_key_pwd.pem")},
-    try crypto:privkey_to_pubkey(rsa, Priv) of
-        _ -> {fail, "PWD prot pubkey fetch succeded although no pwd!"}
-    catch
-        error:badarg -> ok
+    case crypto:privkey_to_pubkey(rsa, Priv) of
+        {error, not_found} ->
+            ok;
+        {error, notsup} ->
+            {skip, "RSA not supported"};
+        {error, Error} ->
+            {fail, {wrong_error,Error}};
+        Pub -> 
+            ct:log("rsa Pub = ~p",[Pub]),
+            {fail, "PWD prot pubkey fetch succeded although no pwd!"}
     end.
 
 get_pub_from_priv_key_rsa_pwd_bad_pwd(Config) ->
     Priv = #{engine => engine_ref(Config),
              key_id => key_id(Config, "rsa_private_key_pwd.pem"),
              password => "Bad password"},
-    try crypto:privkey_to_pubkey(rsa, Priv) of
-        _ -> {fail, "PWD prot pubkey fetch succeded with bad pwd!"}
-    catch
-        error:badarg -> ok
+    case crypto:privkey_to_pubkey(rsa, Priv) of
+        {error, not_found} ->
+            ok;
+        {error, notsup} ->
+            {skip, "RSA not supported"};
+        {error, Error} ->
+            {fail, {wrong_error,Error}};
+        Pub -> 
+            ct:log("rsa Pub = ~p",[Pub]),
+            {fail, "PWD prot pubkey fetch succeded with bad pwd!"}
     end.
 
 get_pub_from_priv_key_dsa(Config) ->
     Priv = #{engine => engine_ref(Config),
              key_id => key_id(Config, "dsa_private_key.pem")},
-    try crypto:privkey_to_pubkey(dss, Priv) of
+    case crypto:privkey_to_pubkey(dss, Priv) of
+        {error, not_found} ->
+            {fail, "Key not found"};
+        {error, notsup} ->
+            {skip, "DSA not supported"};
+        {error, Error} ->
+            {fail, {wrong_error,Error}};
         Pub ->
             ct:log("dsa Pub = ~p",[Pub]),
             sign_verify(dss, sha, Priv, Pub)
-    catch
-        error:notsup -> {skip, "DSA not supported"}
     end.
 
 get_pub_from_priv_key_ecdsa(Config) ->
     Priv = #{engine => engine_ref(Config),
              key_id => key_id(Config, "ecdsa_private_key.pem")},
-    try crypto:privkey_to_pubkey(ecdsa, Priv) of
+    case crypto:privkey_to_pubkey(ecdsa, Priv) of
+        {error, not_found} ->
+            {fail, "Key not found"};
+        {error, notsup} ->
+            {skip, "ECDSA not supported"};
+        {error, Error} ->
+            {fail, {wrong_error,Error}};
         Pub ->
             ct:log("ecdsa Pub = ~p",[Pub]),
             sign_verify(ecdsa, sha, Priv, Pub)
-    catch
-        error:notsup -> {skip, "ECDSA not supported"}
     end.
     
 %%%================================================================
-- 
cgit v1.2.3