Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:24
erlang
2556-crypto-pkey.c-error-ERR-error-ERR-FileInfo...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 2556-crypto-pkey.c-error-ERR-error-ERR-FileInfo-Descripti.patch of Package erlang
From b70d8ad394b85e453a263b4c0d4f267fd75629b3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson <hans@erlang.org> Date: Fri, 11 Mar 2022 17:56:52 +0100 Subject: [PATCH 6/8] crypto: pkey.c error:ERR -> error:{ERR,FileInfo,Description} --- lib/crypto/c_src/pkey.c | 939 +++++++++++++++---------------- lib/crypto/doc/src/crypto.xml | 6 + lib/crypto/src/crypto.erl | 31 +- lib/crypto/test/crypto_SUITE.erl | 19 +- lib/crypto/test/engine_SUITE.erl | 2 +- 5 files changed, 470 insertions(+), 527 deletions(-) diff --git a/lib/crypto/c_src/pkey.c b/lib/crypto/c_src/pkey.c index 0423fbd470..59632d86d3 100644 --- a/lib/crypto/c_src/pkey.c +++ b/lib/crypto/c_src/pkey.c @@ -27,10 +27,6 @@ #include "engine.h" #include "rsa.h" -#define PKEY_BADARG -1 -#define PKEY_NOTSUP 0 -#define PKEY_OK 1 - typedef struct PKeyCryptOptions { const EVP_MD *rsa_mgf1_md; ErlNifBinary rsa_oaep_label; @@ -46,7 +42,11 @@ typedef struct PKeySignOptions { } PKeySignOptions; -static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM type, +static int check_pkey_algorithm_type(ErlNifEnv *env, + int alg_arg_num, ERL_NIF_TERM algorithm, + ERL_NIF_TERM *err_return); +static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, + int type_arg_num, ERL_NIF_TERM type, const EVP_MD **md, ERL_NIF_TERM *err_return); static int get_pkey_sign_digest(ErlNifEnv *env, @@ -60,9 +60,16 @@ static int get_pkey_sign_options(ErlNifEnv *env, int algorithm_arg_num, int options_arg_num, const EVP_MD *md, PKeySignOptions *opt, ERL_NIF_TERM *err_return); -static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, EVP_PKEY **pkey); -static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, - EVP_PKEY **pkey); +static int get_pkey_private_key(ErlNifEnv *env, + const ERL_NIF_TERM argv[], + int algorithm_arg_num, int key_arg_num, + EVP_PKEY **pkey, + ERL_NIF_TERM *err_return); +static int get_pkey_public_key(ErlNifEnv *env, + const ERL_NIF_TERM argv[], + int algorithm_arg_num, int key_arg_num, + EVP_PKEY **pkey, + ERL_NIF_TERM *err_return); static int get_pkey_crypt_options(ErlNifEnv *env, const ERL_NIF_TERM argv[], int algorithm_arg_num, int options_arg_num, @@ -72,7 +79,47 @@ static int get_pkey_crypt_options(ErlNifEnv *env, static size_t size_of_RSA(EVP_PKEY *pkey); #endif -static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM type, +static int check_pkey_algorithm_type(ErlNifEnv *env, + int alg_arg_num, ERL_NIF_TERM algorithm, + ERL_NIF_TERM *err_return) +{ + if ( +#ifndef HAVE_EDDSA + (algorithm == atom_eddsa) || +#endif + +#ifndef HAVE_DSA + (algorithm == atom_dss) || +#endif + +#ifndef HAVE_EC + (algorithm == atom_ecdsa) || +#endif + 0) + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, alg_arg_num, "Unsupported algorithm")); + + +#ifdef HAVE_EDDSA + if (FIPS_MODE()) + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, alg_arg_num, "Unsupported algorithm in FIPS mode")); +#endif + + if ((algorithm != atom_rsa) && + (algorithm != atom_dss) && + (algorithm != atom_ecdsa) && + (algorithm != atom_eddsa) + ) + assign_goto(*err_return, err, EXCP_BADARG_N(env, alg_arg_num, "Bad algorithm")); + + return 1; + + err: + return 0; +} + + +static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, + int type_arg_num, ERL_NIF_TERM type, const EVP_MD **md, ERL_NIF_TERM *err_return) { @@ -80,23 +127,25 @@ static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_ *md = NULL; if (type == atom_none && algorithm == atom_rsa) - return PKEY_OK; - if (algorithm == atom_eddsa) { -#ifdef HAVE_EDDSA - if (!FIPS_MODE()) return PKEY_OK; -#else - return PKEY_NOTSUP; -#endif - } + return 1; + + if (type == atom_undefined && algorithm == atom_eddsa) + return 1; + if ((digp = get_digest_type(type)) == NULL) - return PKEY_BADARG; + assign_goto(*err_return, notsup, EXCP_BADARG_N(env, type_arg_num, "Bad digest type")); + if (DIGEST_FORBIDDEN_IN_FIPS(digp)) - return PKEY_NOTSUP; + assign_goto(*err_return, notsup, EXCP_BADARG_N(env, type_arg_num, "Digest type forbidden in FIPS")); + if (digp->md.p == NULL) - return PKEY_NOTSUP; + assign_goto(*err_return, notsup, EXCP_BADARG_N(env, type_arg_num, "Digest type not supported")); *md = digp->md.p; - return PKEY_OK; + return 1; + + notsup: + return 0; } static int get_pkey_sign_digest(ErlNifEnv *env, @@ -106,7 +155,7 @@ static int get_pkey_sign_digest(ErlNifEnv *env, unsigned char **tbsp, size_t *tbslenp, ERL_NIF_TERM *err_return) { - int i, ret; + int ret; const ERL_NIF_TERM *tpl_terms; int tpl_arity; ErlNifBinary tbs_bin; @@ -120,21 +169,26 @@ static int get_pkey_sign_digest(ErlNifEnv *env, tbs = *tbsp; tbslen = *tbslenp; - if ((i = get_pkey_digest_type(env, argv[algorithm_arg_num], argv[type_arg_num], &md, err_return)) != PKEY_OK) - return i; + if (!check_pkey_algorithm_type(env, algorithm_arg_num, argv[algorithm_arg_num], err_return)) + goto err; /* An exception is present in ret */ + + if (!get_pkey_digest_type(env, argv[algorithm_arg_num], + type_arg_num, argv[type_arg_num], + &md, err_return)) + goto err; /* An exception is present in ret */ if (enif_get_tuple(env, argv[data_arg_num], &tpl_arity, &tpl_terms)) { if (tpl_arity != 2) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, data_arg_num, "Bad list")); if (tpl_terms[0] != atom_digest) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, data_arg_num, "Expected 'digest' as head")); if (!enif_inspect_iolist_as_binary(env, tpl_terms[1], &tbs_bin)) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, data_arg_num, "Bad 2nd element in list")); if (tbs_bin.size > INT_MAX) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, data_arg_num, "Too large binary")); if (md != NULL) { if ((int)tbs_bin.size != EVP_MD_size(md)) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, data_arg_num, "Bad binary size for the algorithm")); } /* We have a digest (= hashed text) in tbs_bin */ @@ -142,28 +196,28 @@ static int get_pkey_sign_digest(ErlNifEnv *env, tbslen = tbs_bin.size; } else if (md == NULL) { if (!enif_inspect_iolist_as_binary(env, argv[data_arg_num], &tbs_bin)) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, data_arg_num, "Expected a binary or a list")); /* md == NULL, that is no hashing because DigestType argument was atom_none */ tbs = tbs_bin.data; tbslen = tbs_bin.size; } else { if (!enif_inspect_iolist_as_binary(env, argv[data_arg_num], &tbs_bin)) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, data_arg_num, "Expected a binary or a list")); /* We have the cleartext in tbs_bin and the hash algo info in md */ tbs = md_value; if ((mdctx = EVP_MD_CTX_create()) == NULL) - goto err; + assign_goto(*err_return, err, EXCP_ERROR(env, "Can't create MD_CTX")); /* Looks well, now hash the plain text into a digest according to md */ if (EVP_DigestInit_ex(mdctx, md, NULL) != 1) - goto err; + assign_goto(*err_return, err, EXCP_ERROR(env, "Can't create EVP_DigestInit_ex")); if (EVP_DigestUpdate(mdctx, tbs_bin.data, tbs_bin.size) != 1) - goto err; + assign_goto(*err_return, err, EXCP_ERROR(env, "Can't create EVP_DigestUpdate")); if (EVP_DigestFinal_ex(mdctx, tbs, &tbsleni) != 1) - goto err; + assign_goto(*err_return, err, EXCP_ERROR(env, "Can't create EVP_DigestFinal_ex")); tbslen = (size_t)tbsleni; } @@ -172,13 +226,11 @@ static int get_pkey_sign_digest(ErlNifEnv *env, *tbsp = tbs; *tbslenp = tbslen; - ret = PKEY_OK; + ret = 1; goto done; - bad_arg: err: - ret = PKEY_BADARG; - + ret = 0; done: if (mdctx) EVP_MD_CTX_destroy(mdctx); @@ -197,7 +249,7 @@ static int get_pkey_sign_options(ErlNifEnv *env, const EVP_MD *opt_md; if (!enif_is_list(env, argv[options_arg_num])) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Expected a list")); /* defaults */ if (argv[algorithm_arg_num] == atom_rsa) { @@ -211,25 +263,26 @@ static int get_pkey_sign_options(ErlNifEnv *env, } if (enif_is_empty_list(env, argv[options_arg_num])) - return PKEY_OK; + return 1; if (argv[algorithm_arg_num] != atom_rsa) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Only RSA supports Options")); tail = argv[options_arg_num]; while (enif_get_list_cell(env, tail, &head, &tail)) { - if (!enif_get_tuple(env, head, &tpl_arity, &tpl_terms)) - goto bad_arg; - if (tpl_arity != 2) - goto bad_arg; - - if (tpl_terms[0] == atom_rsa_mgf1_md && enif_is_atom(env, tpl_terms[1])) { - int result; - - result = get_pkey_digest_type(env, argv[algorithm_arg_num], tpl_terms[1], &opt_md, err_return); - if (result != PKEY_OK) - return result; - + if (!enif_get_tuple(env, head, &tpl_arity, &tpl_terms) || + (tpl_arity != 2)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Expects only two-tuples in the list")); + + if (tpl_terms[0] == atom_rsa_mgf1_md) { + if (!enif_is_atom(env, tpl_terms[1])) + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Atom expected as argument to option rsa_mgf1_md")); + + if (!get_pkey_digest_type(env, argv[algorithm_arg_num], + options_arg_num, tpl_terms[1], + &opt_md, err_return)) + goto err; /* An exception is present in ret */ + opt->rsa_mgf1_md = opt_md; } else if (tpl_terms[0] == atom_rsa_padding) { @@ -242,7 +295,7 @@ static int get_pkey_sign_options(ErlNifEnv *env, if (opt->rsa_mgf1_md == NULL) opt->rsa_mgf1_md = md; #else - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, options_arg_num, "rsa_pkcs1_pss_padding not supported")); #endif } else if (tpl_terms[1] == atom_rsa_x931_padding) { @@ -252,157 +305,163 @@ static int get_pkey_sign_options(ErlNifEnv *env, opt->rsa_padding = RSA_NO_PADDING; } else { - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Bad value in option rsa_padding")); } } else if (tpl_terms[0] == atom_rsa_pss_saltlen) { - if (!enif_get_int(env, tpl_terms[1], &(opt->rsa_pss_saltlen))) - goto bad_arg; - if (opt->rsa_pss_saltlen < -2) - goto bad_arg; + if (!enif_get_int(env, tpl_terms[1], &(opt->rsa_pss_saltlen)) || + (opt->rsa_pss_saltlen < -2) ) + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Bad value in option rsa_pss_saltlen")); } else { - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Bad option")); } } - return PKEY_OK; + return 1; - bad_arg: - return PKEY_BADARG; + err: + return 0; } -static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, EVP_PKEY **pkey) +static int get_pkey_private_key(ErlNifEnv *env, + const ERL_NIF_TERM argv[], + int algorithm_arg_num, int key_arg_num, + EVP_PKEY **pkey, + ERL_NIF_TERM *err_return) { char *id = NULL; char *password = NULL; + int ret; - if (enif_is_map(env, key)) { + if (enif_is_map(env, argv[key_arg_num])) { #ifdef HAS_ENGINE_SUPPORT /* Use key stored in engine */ ENGINE *e; - if (!get_engine_and_key_id(env, key, &id, &e)) - goto err; + if (!get_engine_and_key_id(env, argv[key_arg_num], &id, &e)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get engine and/or key id")); - password = get_key_password(env, key); + password = get_key_password(env, argv[key_arg_num]); *pkey = ENGINE_load_private_key(e, id, NULL, password); - + if (!*pkey) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get private key from engine")); #else - return PKEY_BADARG; + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "No engine support")); #endif - } else if (algorithm == atom_rsa) { - if (!get_rsa_private_key(env, key, pkey)) - goto err; + } else if (argv[algorithm_arg_num] == atom_rsa) { + if (!get_rsa_private_key(env, argv[key_arg_num], pkey)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get RSA private key")); - } else if (algorithm == atom_ecdsa) { + } else if (argv[algorithm_arg_num] == atom_ecdsa) { #if defined(HAVE_EC) - if (!get_ec_private_key(env, key, pkey)) - goto err; + if (!get_ec_private_key(env, argv[key_arg_num], pkey)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get ECDSA private key")); #else - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, algorithm_arg_num, "ECDSA not supported")); #endif - } else if (algorithm == atom_eddsa) { + } else if (argv[algorithm_arg_num] == atom_eddsa) { #ifdef HAVE_EDDSA - if (FIPS_MODE()) - return PKEY_NOTSUP; - if (!get_eddsa_key(env, 0, key, pkey)) - goto err; + if (!FIPS_MODE()) { + if (!get_eddsa_key(env, 0, argv[key_arg_num], pkey)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get EDDSA private key")); + } else + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, algorithm_arg_num, "EDDSA not supported in FIPS mode")); #else - return PKEY_NOTSUP; -#endif + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, algorithm_arg_num, "EDDSA not supported")); +#endif - } else if (algorithm == atom_dss) { + } else if (argv[algorithm_arg_num] == atom_dss) { #ifdef HAVE_DSA - if (!get_dss_private_key(env, key, pkey)) - goto err; + if (!get_dss_private_key(env, argv[key_arg_num], pkey)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get DSA private key")); #else - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, algorithm_arg_num, "DSA not supported")); #endif } else - return PKEY_BADARG; - + assign_goto(*err_return, err, EXCP_BADARG_N(env, algorithm_arg_num, "Bad algorithm")); - free_and_return: + ret = 1; + done: if (password) enif_free(password); if (id) enif_free(id); - if (*pkey == NULL) { - return PKEY_BADARG; - } else { - *pkey = *pkey; - return PKEY_OK; - } + return ret; err: if (*pkey) EVP_PKEY_free(*pkey); *pkey = NULL; - goto free_and_return; + ret = 0; + goto done; } -static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, - EVP_PKEY **pkey) +static int get_pkey_public_key(ErlNifEnv *env, + const ERL_NIF_TERM argv[], + int algorithm_arg_num, int key_arg_num, + EVP_PKEY **pkey, + ERL_NIF_TERM *err_return) { char *id = NULL; char *password = NULL; + int ret; - if (enif_is_map(env, key)) { + if (enif_is_map(env, argv[key_arg_num])) { #ifdef HAS_ENGINE_SUPPORT /* Use key stored in engine */ ENGINE *e; - if (!get_engine_and_key_id(env, key, &id, &e)) - goto err; + if (!get_engine_and_key_id(env, argv[key_arg_num], &id, &e)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get engine and/or key id")); - password = get_key_password(env, key); + password = get_key_password(env, argv[key_arg_num]); *pkey = ENGINE_load_public_key(e, id, NULL, password); + if (!pkey) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get public key from engine")); #else - return PKEY_BADARG; + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "No engine support")); #endif - } else if (algorithm == atom_rsa) { - if (!get_rsa_public_key(env, key, pkey)) - goto err; - } else if (algorithm == atom_ecdsa) { + } else if (argv[algorithm_arg_num] == atom_rsa) { + if (!get_rsa_public_key(env, argv[key_arg_num], pkey)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get RSA public key")); + + } else if (argv[algorithm_arg_num] == atom_ecdsa) { #if defined(HAVE_EC) - if (!get_ec_public_key(env, key, pkey)) - goto err; + if (!get_ec_public_key(env, argv[key_arg_num], pkey)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get ECDSA public key")); #else - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, algorithm_arg_num, "ECDSA not supported")); #endif - } else if (algorithm == atom_eddsa) { + + } else if (argv[algorithm_arg_num] == atom_eddsa) { #ifdef HAVE_EDDSA if (!FIPS_MODE()) { - if (!get_eddsa_key(env, 1, key, pkey)) - goto err; - } + if (!get_eddsa_key(env, 1, argv[key_arg_num], pkey)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get EDDSA public key")); + } else + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, algorithm_arg_num, "EDDSA not supported in FIPS mode")); #else - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, algorithm_arg_num, "EDDSA not supported")); #endif - } else if (algorithm == atom_dss) { + + } else if (argv[algorithm_arg_num] == atom_dss) { #ifdef HAVE_DSA - if (!get_dss_public_key(env, key, pkey)) - goto err; + if (!get_dss_public_key(env, argv[key_arg_num], pkey)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, key_arg_num, "Couldn't get DSA public key")); #else - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, algorithm_arg_num, "DSA not supported")); #endif - } else { - return PKEY_BADARG; - } - - goto done; + } else + assign_goto(*err_return, err, EXCP_BADARG_N(env, algorithm_arg_num, "Bad algorithm")); - err: - if (*pkey) - EVP_PKEY_free(*pkey); - *pkey = NULL; + ret = 1; done: if (password) @@ -410,16 +469,18 @@ static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_T if (id) enif_free(id); - if (*pkey == NULL) - return PKEY_BADARG; - else - return PKEY_OK; + return ret; + err: + if (*pkey) + EVP_PKEY_free(*pkey); + *pkey = NULL; + ret = 0; + goto done; } ERL_NIF_TERM pkey_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) {/* (Algorithm, Type, Data|{digest,Digest}, Key|#{}, Options) */ - int i; int sig_bin_alloc = 0; ERL_NIF_TERM ret = atom_undefined; const EVP_MD *md = NULL; @@ -446,61 +507,47 @@ ERL_NIF_TERM pkey_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) #ifndef HAS_ENGINE_SUPPORT if (enif_is_map(env, argv[3])) - return atom_notsup; + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "No engine support")); #endif - i = get_pkey_sign_digest(env, argv, 0, 1, 2, md_value, &md, &tbs, &tbslen, &ret); - switch (i) { - case PKEY_OK: - break; - case PKEY_NOTSUP: - goto notsup; - default: - goto bad_arg; - } + if (!get_pkey_sign_digest(env, argv, 0, 1, 2, md_value, &md, &tbs, &tbslen, &ret)) + goto err; /* An exception is present in ret */ - i = get_pkey_sign_options(env, argv, 0, 4, md, &sig_opt, &ret); - switch (i) { - case PKEY_OK: - break; - case PKEY_NOTSUP: - goto notsup; - default: - goto bad_arg; - } + if (!get_pkey_sign_options(env, argv, 0, 4, md, &sig_opt, &ret)) + goto err; /* An exception is present in ret */ #ifdef HAS_EVP_PKEY_CTX { /* EVP_MD_CTX */ - if (get_pkey_private_key(env, argv[0], argv[3], &pkey) != PKEY_OK) - goto bad_arg; + if (!get_pkey_private_key(env, argv, 0, 3, &pkey, &ret)) + goto err; /* An exception is present in ret */ if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate new EVP_PKEY_CTX")); if (argv[0] != atom_eddsa) { if (EVP_PKEY_sign_init(ctx) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_sign_init")); if (md != NULL) { if (EVP_PKEY_CTX_set_signature_md(ctx, md) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_CTX_set_signature_md")); } } if (argv[0] == atom_rsa) { if (EVP_PKEY_CTX_set_rsa_padding(ctx, sig_opt.rsa_padding) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_CTX_set_rsa_padding")); # ifdef HAVE_RSA_PKCS1_PSS_PADDING if (sig_opt.rsa_padding == RSA_PKCS1_PSS_PADDING) { if (sig_opt.rsa_mgf1_md != NULL) { # ifdef HAVE_RSA_MGF1_MD if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sig_opt.rsa_mgf1_md) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_CTX_set_rsa_mgf1_md")); # else - goto notsup; + assign_goto(ret, err, EXCP_NOTSUP_N(env, 4, "rsa_mgf1_md unavailable with this cryptolib")); # endif } if (sig_opt.rsa_pss_saltlen > -2) { if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sig_opt.rsa_pss_saltlen) != 1) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 4, "Bad rsa_pss_saltlen")); } } # endif @@ -511,65 +558,58 @@ ERL_NIF_TERM pkey_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) if (!FIPS_MODE()) { EVP_MD_CTX *mdctx = NULL; if ((mdctx = EVP_MD_CTX_new()) == NULL) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_MD_CTX_new")); if (EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_DigestSignInit")); if (EVP_DigestSign(mdctx, NULL, &siglen, tbs, tbslen) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_DigestSign")); if (!enif_alloc_binary(siglen, &sig_bin)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); sig_bin_alloc = 1; if (EVP_DigestSign(mdctx, sig_bin.data, &siglen, tbs, tbslen) != 1) { if (mdctx) EVP_MD_CTX_free(mdctx); - goto bad_key; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_DigestSign")); } if (mdctx) EVP_MD_CTX_free(mdctx); } else # endif - goto notsup; + assign_goto(ret, err, EXCP_NOTSUP_N(env, 0, "eddsa not supported")); + } else { + +# ifndef HAVE_DSA + if (argv[0] == atom_dss) assign_goto(ret, err, EXCP_NOTSUP_N(env, 0, "dsa not supported")); } else { +# endif if (EVP_PKEY_sign(ctx, NULL, &siglen, tbs, tbslen) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_sign")); + if (!enif_alloc_binary(siglen, &sig_bin)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); sig_bin_alloc = 1; if (md != NULL) { ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, EVP_MD_size(md)); } if (EVP_PKEY_sign(ctx, sig_bin.data, &siglen, tbs, tbslen) != 1) - goto bad_key; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_sign")); } ERL_VALGRIND_MAKE_MEM_DEFINED(sig_bin.data, siglen); if (siglen != sig_bin.size) { if (!enif_realloc_binary(&sig_bin, siglen)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't reallocate binary")); ERL_VALGRIND_ASSERT_MEM_DEFINED(sig_bin.data, siglen); } + ret = enif_make_binary(env, &sig_bin); sig_bin_alloc = 0; - goto done; - - bad_key: - ret = atom_error; - goto done; - notsup: - ret = atom_notsup; - goto done; - - bad_arg: err: - ret = enif_make_badarg(env); - goto done; - - done: if (sig_bin_alloc) enif_release_binary(&sig_bin); if (ctx) @@ -582,85 +622,73 @@ ERL_NIF_TERM pkey_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) #else /* Old interface - before EVP_PKEY_CTX */ { - if (get_pkey_private_key(env, argv[0], argv[3], &pkey) != PKEY_OK) - goto bad_arg; + if (!get_pkey_private_key(env, argv, 0, 3, &pkey, &ret)) + goto err; /* An exception is present in ret */ if (argv[0] == atom_rsa) { if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "Not an RSA private key")); if ((len = RSA_size(rsa)) < 0) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "Bad RSA private key length")); if (!enif_alloc_binary((size_t)len, &sig_bin)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); sig_bin_alloc = 1; if ((len = EVP_MD_size(md)) < 0) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't get md length")); ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len); if (RSA_sign(md->type, tbs, (unsigned int)len, sig_bin.data, &siglen, rsa) != 1) - goto bad_key; + assign_goto(ret, err, EXCP_ERROR(env, "Can't sign")); + } else if (argv[0] == atom_dss) { if ((dsa = EVP_PKEY_get1_DSA(pkey)) == NULL) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "Not an DSA private key")); if ((len = DSA_size(dsa)) < 0) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "Bad DSA private key length")); if (!enif_alloc_binary((size_t)len, &sig_bin)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); sig_bin_alloc = 1; if ((len = EVP_MD_size(md)) < 0) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't get md length")); ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len); if (DSA_sign(md->type, tbs, len, sig_bin.data, &siglen, dsa) != 1) - goto bad_key; + assign_goto(ret, err, EXCP_ERROR(env, "Can't sign")); } else if (argv[0] == atom_ecdsa) { # if defined(HAVE_EC) if ((ec = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "Not an ECDSA private key")); if ((len = ECDSA_size(ec)) < 0) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't get size")); if (!enif_alloc_binary((size_t)len, &sig_bin)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); sig_bin_alloc = 1; len = EVP_MD_size(md); ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len); if (ECDSA_sign(md->type, tbs, len, sig_bin.data, &siglen, ec) != 1) - goto bad_key; + assign_goto(ret, err, EXCP_ERROR(env, "Can't sign")); # else - goto notsup; + assign_goto(ret, notsup, EXCP_NOTSUP_N(env, 0, "ecdsa not supported")); # endif /* HAVE_EC */ } else { - goto bad_arg; + assign_goto(ret, notsup, EXCP_BADARG_N(env, 0, "Unknown algorithm")); } ERL_VALGRIND_MAKE_MEM_DEFINED(sig_bin.data, siglen); if (siglen != sig_bin.size) { if (!enif_realloc_binary(&sig_bin, siglen)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't re-allocate binary")); ERL_VALGRIND_ASSERT_MEM_DEFINED(sig_bin.data, siglen); } ret = enif_make_binary(env, &sig_bin); sig_bin_alloc = 0; - goto done; - - bad_key: - ret = atom_error; - goto done; notsup: - ret = atom_notsup; - goto done; - - bad_arg: err: - ret = enif_make_badarg(env); - goto done; - - done: if (sig_bin_alloc) enif_release_binary(&sig_bin); if (rsa) @@ -690,7 +718,6 @@ ERL_NIF_TERM pkey_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) {/* (Algorithm, Type, Data|{digest,Digest}, Signature, Key, Options) */ - int i; int result; const EVP_MD *md = NULL; unsigned char md_value[EVP_MAX_MD_SIZE]; @@ -715,68 +742,56 @@ ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[] #ifndef HAS_ENGINE_SUPPORT - if (enif_is_map(env, argv[4])) - return atom_notsup; + if (enif_is_map(env, argv[3])) + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "No engine support")); #endif - if (!enif_inspect_binary(env, argv[3], &sig_bin)) - return enif_make_badarg(env); - - i = get_pkey_sign_digest(env, argv, 0, 1, 2, md_value, &md, &tbs, &tbslen, &ret); - switch (i) { - case PKEY_OK: - break; - case PKEY_NOTSUP: - goto notsup; - default: - goto bad_arg; - } + if (!get_pkey_sign_digest(env, argv, 0, 1, 2, md_value, &md, &tbs, &tbslen, &ret)) + goto err; /* An exception is present in ret */ - i = get_pkey_sign_options(env, argv, 0, 5, md, &sig_opt, &ret); - switch (i) { - case PKEY_OK: - break; - case PKEY_NOTSUP: - goto notsup; - default: - goto bad_arg; - } + if (!get_pkey_sign_options(env, argv, 0, 5, md, &sig_opt, &ret)) + goto err; /* An exception is present in ret */ + + if (!enif_inspect_binary(env, argv[3], &sig_bin)) + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "Expected a binary")); #ifdef HAS_EVP_PKEY_CTX /* EVP_PKEY_CTX */ { - if (get_pkey_public_key(env, argv[0], argv[4], &pkey) != PKEY_OK) - goto bad_arg; + if (!get_pkey_public_key(env, argv, 0, 4, &pkey, &ret)) + goto err; /* An exception is present in ret */ if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate new EVP_PKEY_CTX")); if (argv[0] != atom_eddsa) { if (EVP_PKEY_verify_init(ctx) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_sign_init")); if (md != NULL) { if (EVP_PKEY_CTX_set_signature_md(ctx, md) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_CTX_set_signature_md")); } } if (argv[0] == atom_rsa) { if (EVP_PKEY_CTX_set_rsa_padding(ctx, sig_opt.rsa_padding) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_CTX_set_rsa_padding")); +# ifdef HAVE_RSA_PKCS1_PSS_PADDING if (sig_opt.rsa_padding == RSA_PKCS1_PSS_PADDING) { if (sig_opt.rsa_mgf1_md != NULL) { -# ifdef HAVE_RSA_MGF1_MD +# ifdef HAVE_RSA_MGF1_MD if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sig_opt.rsa_mgf1_md) != 1) - goto err; -# else - goto notsup; -# endif + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_CTX_set_rsa_mgf1_md")); +# else + assign_goto(ret, err, EXCP_NOTSUP_N(env, 5, "rsa_mgf1_md unavailable with this cryptolib")); +# endif } if (sig_opt.rsa_pss_saltlen > -2) { if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sig_opt.rsa_pss_saltlen) != 1) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 5, "Bad rsa_pss_saltlen")); } } +# endif } if (argv[0] == atom_eddsa) { @@ -784,10 +799,10 @@ ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[] EVP_MD_CTX *mdctx = NULL; if (!FIPS_MODE()) { if ((mdctx = EVP_MD_CTX_new()) == NULL) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_MD_CTX_new")); if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_DigestVerifyInit")); result = EVP_DigestVerify(mdctx, sig_bin.data, sig_bin.size, tbs, tbslen); if (mdctx) @@ -795,7 +810,7 @@ ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[] } else # endif /* HAVE_EDDSA */ - goto notsup; + assign_goto(ret, err, EXCP_NOTSUP_N(env, 0, "eddsa not supported")); } else { /* RSA or DSS */ if (md != NULL) { @@ -803,18 +818,10 @@ ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[] } result = EVP_PKEY_verify(ctx, sig_bin.data, sig_bin.size, tbs, tbslen); } + ret = (result == 1 ? atom_true : atom_false); - goto done; - bad_arg: err: - ret = enif_make_badarg(env); - goto done; - - notsup: - ret = atom_notsup; - - done: if (ctx) EVP_PKEY_CTX_free(ctx); if (pkey) @@ -826,42 +833,31 @@ ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[] #else /* Old interface - before EVP_PKEY_CTX */ { - if (get_pkey_public_key(env, argv[0], argv[4], &pkey) != PKEY_OK) - goto bad_arg; + if (!get_pkey_public_key(env, argv, 0, 4, &pkey, &ret)) + goto err; /* An exception is present in ret */ - if (tbslen > INT_MAX) - goto bad_arg; - if (sig_bin.size > INT_MAX) - goto bad_arg; if (argv[0] == atom_rsa) { if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 4, "Not an RSA public key")); result = RSA_verify(md->type, tbs, (unsigned int)tbslen, sig_bin.data, (unsigned int)sig_bin.size, rsa); } else if (argv[0] == atom_dss) { if ((dsa = EVP_PKEY_get1_DSA(pkey)) == NULL) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 4, "Not an DSA public key")); result = DSA_verify(0, tbs, (int)tbslen, sig_bin.data, (int)sig_bin.size, dsa); } else if (argv[0] == atom_ecdsa) { # if defined(HAVE_EC) if ((ec = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 4, "Not an ECDSA private key")); result = ECDSA_verify(EVP_MD_type(md), tbs, (int)tbslen, sig_bin.data, (int)sig_bin.size, ec); # else - goto notsup; + assign_goto(ret, err, EXCP_NOTSUP_N(env, 0, "ecdsa not supported")); # endif /* HAVE_EC */ } else { - goto bad_arg; + assign_goto(ret, err, EXCP_BADARG_N(env, 0, "Unknown algorithm")); } ret = (result == 1 ? atom_true : atom_false); - goto done; - bad_arg: err: - ret = enif_make_badarg(env); - goto done; - notsup: - ret = atom_notsup; - done: if (rsa) RSA_free(rsa); # ifdef HAVE_DSA @@ -894,7 +890,7 @@ static int get_pkey_crypt_options(ErlNifEnv *env, const EVP_MD *opt_md; if (!enif_is_list(env, argv[options_arg_num])) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Expected a list")); /* defaults */ if (argv[algorithm_arg_num] == atom_rsa) { @@ -914,17 +910,16 @@ static int get_pkey_crypt_options(ErlNifEnv *env, } if (enif_is_empty_list(env, argv[options_arg_num])) - return PKEY_OK; + return 1; /* There are no options to fetch. Return OK */ if (argv[algorithm_arg_num] != atom_rsa) - goto bad_arg; + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Only RSA supports Options")); tail = argv[options_arg_num]; while (enif_get_list_cell(env, tail, &head, &tail)) { - if (!enif_get_tuple(env, head, &tpl_arity, &tpl_terms)) - goto bad_arg; - if (tpl_arity != 2) - goto bad_arg; + if (!enif_get_tuple(env, head, &tpl_arity, &tpl_terms) || + (tpl_arity != 2)) + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Expect only two-tuples in the list")); if (tpl_terms[0] == atom_rsa_padding || tpl_terms[0] == atom_rsa_pad /* Compatibility */ @@ -948,59 +943,62 @@ static int get_pkey_crypt_options(ErlNifEnv *env, } else if (tpl_terms[1] == atom_rsa_no_padding) { opt->rsa_padding = RSA_NO_PADDING; - } else { - goto bad_arg; - } + } else + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Bad padding type in option rsa_padding")); + + } else if (tpl_terms[0] == atom_signature_md) { + if (!enif_is_atom(env, tpl_terms[1])) + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Atom expected as argument to option signature_md")); + + if (!get_pkey_digest_type(env, argv[algorithm_arg_num], + options_arg_num, tpl_terms[1], + &opt_md, err_return)) + goto err; /* An exception is present in ret */ - } else if (tpl_terms[0] == atom_signature_md && enif_is_atom(env, tpl_terms[1])) { - int i; - i = get_pkey_digest_type(env, argv[algorithm_arg_num], tpl_terms[1], &opt_md, err_return); - if (i != PKEY_OK) { - return i; - } opt->signature_md = opt_md; - } else if (tpl_terms[0] == atom_rsa_mgf1_md && enif_is_atom(env, tpl_terms[1])) { - int i; + } else if (tpl_terms[0] == atom_rsa_mgf1_md) { + if (!enif_is_atom(env, tpl_terms[1])) + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Atom expected as argument to option rsa_mgf1_md")); #ifndef HAVE_RSA_MGF1_MD if (tpl_terms[1] != atom_sha) - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Only 'sha' is supported in option rsa_mgf1_md")); #endif - i = get_pkey_digest_type(env, argv[algorithm_arg_num], tpl_terms[1], &opt_md, err_return); - if (i != PKEY_OK) { - return i; - } + if (!get_pkey_digest_type(env, argv[algorithm_arg_num], + options_arg_num, tpl_terms[1], + &opt_md, err_return)) + goto err; /* An exception is present in ret */ opt->rsa_mgf1_md = opt_md; - } else if (tpl_terms[0] == atom_rsa_oaep_label - && enif_inspect_binary(env, tpl_terms[1], &(opt->rsa_oaep_label))) { + } else if (tpl_terms[0] == atom_rsa_oaep_label) { #ifdef HAVE_RSA_OAEP_MD + if (!enif_inspect_binary(env, tpl_terms[1], &(opt->rsa_oaep_label))) + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Binary expected for option rsa_oaep_label")); continue; #else - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, options_arg_num, "Option rsa_oaep_label is not supported")); #endif - } else if (tpl_terms[0] == atom_rsa_oaep_md && enif_is_atom(env, tpl_terms[1])) { - int i; + } else if (tpl_terms[0] == atom_rsa_oaep_md) { + if (!enif_is_atom(env, tpl_terms[1])) + assign_goto(*err_return, err, EXCP_NOTSUP_N(env, options_arg_num, "Atom expected as argument to option rsa_oaep_md")); #ifndef HAVE_RSA_OAEP_MD if (tpl_terms[1] != atom_sha) - return PKEY_NOTSUP; + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Only 'sha' is supported in option rsa_oaep_md")); #endif - i = get_pkey_digest_type(env, argv[algorithm_arg_num], tpl_terms[1], &opt_md, err_return); - if (i != PKEY_OK) { - return i; - } + if (!get_pkey_digest_type(env, argv[algorithm_arg_num], + options_arg_num, tpl_terms[1], + &opt_md, err_return)) + goto err; /* An exception is present in ret */ opt->rsa_oaep_md = opt_md; - - } else { - goto bad_arg; - } + } else + assign_goto(*err_return, err, EXCP_BADARG_N(env, options_arg_num, "Unknown option")) } - return PKEY_OK; + return 1; - bad_arg: - return PKEY_BADARG; + err: + return 0; } #ifdef HAVE_RSA_SSLV23_PADDING @@ -1023,7 +1021,6 @@ static size_t size_of_RSA(EVP_PKEY *pkey) { ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) {/* (Algorithm, Data, PublKey=[E,N]|[E,N,D]|[E,N,D,P1,P2,E1,E2,C], Options, IsPrivate, IsEncrypt) */ ERL_NIF_TERM ret = atom_undefined; - int i; int result = 0; int tmp_bin_alloc = 0; int out_bin_alloc = 0; @@ -1041,74 +1038,61 @@ ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) size_t tmplen; #endif int is_private, is_encrypt; - int algo_init = 0; unsigned char *label_copy = NULL; - ASSERT(argc == 6); - is_private = (argv[4] == atom_true); is_encrypt = (argv[5] == atom_true); -/* char algo[1024]; */ + if (!check_pkey_algorithm_type(env, 0, argv[0], &ret)) + goto err; /* An exception is present in ret */ + + if (!enif_inspect_binary(env, argv[1], &in_bin)) + assign_goto(ret, err, EXCP_BADARG_N(env, 1, "Binary expected")); #ifndef HAS_ENGINE_SUPPORT if (enif_is_map(env, argv[2])) - return atom_notsup; + assign_goto(ret, err, EXCP_BADARG_N(env, 2, "No engine support")); #endif - if (!enif_inspect_binary(env, argv[1], &in_bin)) - goto bad_arg; - - i = get_pkey_crypt_options(env, argv, 0, 3, &crypt_opt, &ret); - switch (i) { - case PKEY_OK: - break; - case PKEY_NOTSUP: - goto notsup; - default: - goto bad_arg; - } - if (is_private) { - if (get_pkey_private_key(env, argv[0], argv[2], &pkey) != PKEY_OK) - goto bad_arg; + if (!get_pkey_private_key(env, argv, 0, 2, &pkey, &ret)) + goto err; /* An exception is present in ret */ } else { - if (get_pkey_public_key(env, argv[0], argv[2], &pkey) != PKEY_OK) - goto bad_arg; + if (!get_pkey_public_key(env, argv, 0, 2, &pkey, &ret)) + goto err; /* An exception is present in ret */ } + if (!get_pkey_crypt_options(env, argv, 0, 3, &crypt_opt, &ret)) + goto err; /* An exception is present in ret */ + #ifdef HAS_EVP_PKEY_CTX - if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) - goto err; + { + int algo_init = 0; -/* enif_get_atom(env,argv[0],algo,1024,ERL_NIF_LATIN1); */ + if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate new EVP_PKEY_CTX")); - if (is_private) { - if (is_encrypt) { - /* private encrypt */ - if ((algo_init = EVP_PKEY_sign_init(ctx)) != 1) - goto bad_arg; - } else { - /* private decrypt */ - if ((algo_init = EVP_PKEY_decrypt_init(ctx)) != 1) - goto bad_arg; - } - } else { - if (is_encrypt) { - /* public encrypt */ - if ((algo_init = EVP_PKEY_encrypt_init(ctx)) != 1) - goto bad_arg; - } else { - /* public decrypt */ - if ((algo_init = EVP_PKEY_verify_recover_init(ctx)) != 1) - goto bad_arg; - } + if (is_private) { + if (is_encrypt) + algo_init = EVP_PKEY_sign_init(ctx); + else + algo_init = EVP_PKEY_decrypt_init(ctx); + + } else { + if (is_encrypt) + algo_init = EVP_PKEY_encrypt_init(ctx); + else + algo_init = EVP_PKEY_verify_recover_init(ctx); + } + + if (algo_init != 1) + assign_goto(ret, err, EXCP_NOTSUP(env, "Can't initiate encrypt/decrypt")); } if (argv[0] == atom_rsa) { if (crypt_opt.signature_md != NULL) { if (EVP_PKEY_CTX_set_signature_md(ctx, crypt_opt.signature_md) != 1) - goto bad_arg; + assign_goto(ret, err, EXCP_ERROR(env, "Can't EVP_PKEY_CTX_set_signature_md")); } # ifdef HAVE_RSA_SSLV23_PADDING @@ -1116,40 +1100,38 @@ ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) if (is_encrypt) { tmplen = size_of_RSA(pkey); if (tmplen < 1 || tmplen > INT_MAX) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 2, "RSA key of wrong size")); if (!enif_alloc_binary(tmplen, &tmp_bin)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); tmp_bin_alloc = 1; if (in_bin.size > INT_MAX) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 1, "Binary too large")); if (!RSA_padding_add_SSLv23(tmp_bin.data, (int)tmplen, in_bin.data, (int)in_bin.size)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Couldn't RSA_padding_add_SSLv23")); in_bin = tmp_bin; } if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Couldn't set RSA_NO_PADDING")); } else # endif - { if (EVP_PKEY_CTX_set_rsa_padding(ctx, crypt_opt.rsa_padding) != 1) - goto err; - } + assign_goto(ret, err, EXCP_ERROR(env, "Couldn't set rsa padding")); # ifdef HAVE_RSA_OAEP_MD if (crypt_opt.rsa_padding == RSA_PKCS1_OAEP_PADDING) { if (crypt_opt.rsa_oaep_md != NULL) { if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, crypt_opt.rsa_oaep_md) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Couldn't EVP_PKEY_CTX_set_rsa_oaep_md")); } if (crypt_opt.rsa_mgf1_md != NULL) { if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, crypt_opt.rsa_mgf1_md) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Couldn't EVP_PKEY_CTX_set_rsa_mgf1_md")); } if (crypt_opt.rsa_oaep_label.data != NULL && crypt_opt.rsa_oaep_label.size > 0) { if (crypt_opt.rsa_oaep_label.size > INT_MAX) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "RSA oep label too large")); if ((label_copy = OPENSSL_malloc(crypt_opt.rsa_oaep_label.size)) == NULL) goto err; @@ -1158,7 +1140,7 @@ ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, (int)crypt_opt.rsa_oaep_label.size) != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Couldn't set RSA oaep label")); /* On success, label_copy is owned by ctx */ label_copy = NULL; } @@ -1166,105 +1148,77 @@ ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) # endif } - if (is_private) { - if (is_encrypt) { - /* private_encrypt */ - result = EVP_PKEY_sign(ctx, NULL, &outlen, in_bin.data, in_bin.size); - } else { - /* private_decrypt */ - result = EVP_PKEY_decrypt(ctx, NULL, &outlen, in_bin.data, in_bin.size); - } - } else { - if (is_encrypt) { - /* public_encrypt */ - result = EVP_PKEY_encrypt(ctx, NULL, &outlen, in_bin.data, in_bin.size); - } else { - /* public_decrypt */ - result = EVP_PKEY_verify_recover(ctx, NULL, &outlen, in_bin.data, in_bin.size); - } - } - + /* Get the size of the result */ + if (is_private) + result = + is_encrypt ? EVP_PKEY_sign(ctx, NULL, &outlen, in_bin.data, in_bin.size) + : EVP_PKEY_decrypt(ctx, NULL, &outlen, in_bin.data, in_bin.size); + else + result = + is_encrypt ? EVP_PKEY_encrypt(ctx, NULL, &outlen, in_bin.data, in_bin.size) + : EVP_PKEY_verify_recover(ctx, NULL, &outlen, in_bin.data, in_bin.size); + + /* Check */ if (result != 1) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Couldn't get size of result")); + /* Allocate */ if (!enif_alloc_binary(outlen, &out_bin)) - goto err; - out_bin_alloc = 1; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); - if (is_private) { - if (is_encrypt) { - /* private_encrypt */ - result = EVP_PKEY_sign(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); - } else { - /* private_decrypt */ - result = EVP_PKEY_decrypt(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); - } - } else { - if (is_encrypt) { - /* public_encrypt */ - result = EVP_PKEY_encrypt(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); - } else { - /* public_decrypt */ - result = EVP_PKEY_verify_recover(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); - } - } + out_bin_alloc = 1; /* Flag de-allocation */ + + /* Get the result into the newly allocated binary */ + if (is_private) + result = + is_encrypt ? EVP_PKEY_sign(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size) + : EVP_PKEY_decrypt(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); + else + result= + is_encrypt ? EVP_PKEY_encrypt(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size) + : EVP_PKEY_verify_recover(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); + + if (result != 1) + assign_goto(ret, err, EXCP_ERROR(env, "Couldn't get the result")); #else - /* Non-EVP cryptolib. Only support RSA */ + /* Non-EVP cryptolib. Only supports RSA */ - if (argv[0] != atom_rsa) { - algo_init = -2; /* exitcode: notsup */ - goto bad_arg; - } + if (argv[0] != atom_rsa) + assign_goto(ret, err, EXCP_NOTSUP_N(env, 0, "Only RSA is supported")); if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 2, "Not RSA key")); if ((len = RSA_size(rsa)) < 0) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 3, "Bad RSA key length")); if (!enif_alloc_binary((size_t)len, &out_bin)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); out_bin_alloc = 1; if (in_bin.size > INT_MAX) - goto err; - if (is_private) { - if (is_encrypt) { - /* non-evp rsa private encrypt */ - ERL_VALGRIND_ASSERT_MEM_DEFINED(in_bin.data,in_bin.size); - result = RSA_private_encrypt((int)in_bin.size, in_bin.data, - out_bin.data, rsa, crypt_opt.rsa_padding); - if (result > 0) { - ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); - } - } else { - /* non-evp rsa private decrypt */ - result = RSA_private_decrypt((int)in_bin.size, in_bin.data, - out_bin.data, rsa, crypt_opt.rsa_padding); - if (result > 0) { - ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); - if (!enif_realloc_binary(&out_bin, (size_t)result)) - goto err; - } - } - } else { - if (is_encrypt) { - /* non-evp rsa public encrypt */ - ERL_VALGRIND_ASSERT_MEM_DEFINED(in_bin.data,in_bin.size); - result = RSA_public_encrypt((int)in_bin.size, in_bin.data, - out_bin.data, rsa, crypt_opt.rsa_padding); - if (result > 0) { - ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); - } - } else { - /* non-evp rsa public decrypt */ - result = RSA_public_decrypt((int)in_bin.size, in_bin.data, - out_bin.data, rsa, crypt_opt.rsa_padding); - if (result > 0) { - ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); - if (!enif_realloc_binary(&out_bin, (size_t)result)) - goto err; - } - } + assign_goto(ret, err, EXCP_BADARG_N(env, 1, "Bad indata length")); + + if (is_encrypt) { + ERL_VALGRIND_ASSERT_MEM_DEFINED(in_bin.data,in_bin.size); + } + + if (is_private) + result = + is_encrypt ? RSA_private_encrypt((int)in_bin.size, in_bin.data, + out_bin.data, rsa, crypt_opt.rsa_padding) + : RSA_private_decrypt((int)in_bin.size, in_bin.data, + out_bin.data, rsa, crypt_opt.rsa_padding); + else + result = + is_encrypt ? RSA_public_encrypt((int)in_bin.size, in_bin.data, + out_bin.data, rsa, crypt_opt.rsa_padding) + : RSA_public_decrypt((int)in_bin.size, in_bin.data, + out_bin.data, rsa, crypt_opt.rsa_padding); + if (result > 0) { + ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); + if (!is_encrypt && + !enif_realloc_binary(&out_bin, (size_t)result)) + assign_goto(ret, err, EXCP_ERROR(env, "Can't re-allocate binary")); } outlen = (size_t)result; @@ -1277,12 +1231,12 @@ ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) tmplen = size_of_RSA(pkey); if (tmplen < 1 || tmplen > INT_MAX) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 2, "RSA key of wrong size")); if (!enif_alloc_binary(tmplen, &tmp_bin)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't allocate binary")); tmp_bin_alloc = 1; if (out_bin.size > INT_MAX) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Result too large")); p = out_bin.data; p++; @@ -1303,28 +1257,16 @@ ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, outlen); if (outlen != out_bin.size) { if (!enif_realloc_binary(&out_bin, outlen)) - goto err; + assign_goto(ret, err, EXCP_ERROR(env, "Can't re-allocate binary")); ERL_VALGRIND_ASSERT_MEM_DEFINED(out_bin.data, outlen); } ret = enif_make_binary(env, &out_bin); out_bin_alloc = 0; } else { - ret = atom_error; + assign_goto(ret, err, EXCP_ERROR(env, "RSA encrypt/decrypt failed")); } - goto done; - notsup: - ret = atom_notsup; - goto done; - - bad_arg: err: - if (algo_init == -2) - ret = atom_notsup; - else - ret = enif_make_badarg(env); - - done: if (out_bin_alloc) enif_release_binary(&out_bin); if (tmp_bin_alloc) @@ -1344,7 +1286,7 @@ ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) OPENSSL_free(label_copy); return ret; -} + } ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) { /* (Algorithm, PrivKey | KeyMap) */ @@ -1353,17 +1295,20 @@ ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM ASSERT(argc == 2); - if (get_pkey_private_key(env, argv[0], argv[1], &pkey) != PKEY_OK) // handles engine - goto bad_arg; + if (!check_pkey_algorithm_type(env, 0, argv[0], &ret)) + goto err; /* An exception is present in ret */ + + if (!get_pkey_private_key(env, argv, 0, 1, &pkey, &ret)) // handles engine + goto err; /* An exception is present in ret */ if (argv[0] == atom_rsa) { if (!rsa_privkey_to_pubkey(env, pkey, &ret)) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 1, "Couldn't get RSA public key from private key")); #ifdef HAVE_DSA } else if (argv[0] == atom_dss) { if (!dss_privkey_to_pubkey(env, pkey, &ret)) - goto err; + assign_goto(ret, err, EXCP_BADARG_N(env, 1, "Couldn't get DSA public key from private key")); #endif } else if (argv[0] == atom_ecdsa) { #if defined(HAVE_EC) @@ -1400,18 +1345,12 @@ ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM return enif_make_list_from_array(env, ..., ...); */ #endif - goto bad_arg; + assign_goto(ret, err, EXCP_NOTSUP_N(env, 0, "ECDSA not implemented")); } else { - goto bad_arg; + ret = EXCP_BADARG_N(env, 0, "Bad algorithm"); } - goto done; - - bad_arg: err: - ret = enif_make_badarg(env); - - done: if (pkey) EVP_PKEY_free(pkey); diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 9ee2653c0c..d1876d6063 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -1253,6 +1253,7 @@ end <name name="private_decrypt" arity="4" since="OTP R16B01"/> <fsummary>Decrypts CipherText using the private Key.</fsummary> <desc> + <p>Uses the <seeerl marker="#error_3tup">3-tuple style</seeerl> for error handling.</p> <p>Decrypts the <c>CipherText</c>, encrypted with <seemfa marker="#public_encrypt/4">public_encrypt/4</seemfa> (or equivalent function) using the <c>PrivateKey</c>, and returns the @@ -1267,6 +1268,7 @@ end <name name="private_encrypt" arity="4" since="OTP R16B01"/> <fsummary>Encrypts PlainText using the private Key.</fsummary> <desc> + <p>Uses the <seeerl marker="#error_3tup">3-tuple style</seeerl> for error handling.</p> <p>Encrypts the <c>PlainText</c> using the <c>PrivateKey</c> and returns the ciphertext. This is a low level signature operation used for instance by older versions of the SSL protocol. See @@ -1280,6 +1282,7 @@ end <name name="public_decrypt" arity="4" since="OTP R16B01"/> <fsummary>Decrypts CipherText using the public Key.</fsummary> <desc> + <p>Uses the <seeerl marker="#error_3tup">3-tuple style</seeerl> for error handling.</p> <p>Decrypts the <c>CipherText</c>, encrypted with <seemfa marker="#private_encrypt/4">private_encrypt/4</seemfa>(or equivalent function) using the <c>PrivateKey</c>, and returns the @@ -1294,6 +1297,7 @@ end <name name="public_encrypt" arity="4" since="OTP R16B01"/> <fsummary>Encrypts PlainText using the public Key.</fsummary> <desc> + <p>Uses the <seeerl marker="#error_3tup">3-tuple style</seeerl> for error handling.</p> <p>Encrypts the <c>PlainText</c> (message digest) using the <c>PublicKey</c> and returns the <c>CipherText</c>. This is a low level signature operation used for instance by older versions of the SSL protocol. See also <seemfa @@ -1630,6 +1634,7 @@ FloatValue = rand:uniform(). % again <name name="sign" arity="5" since="OTP 20.1"/> <fsummary> Create digital signature.</fsummary> <desc> + <p>Uses the <seeerl marker="#error_3tup">3-tuple style</seeerl> for error handling.</p> <p>Creates a digital signature.</p> <p>The msg is either the binary "cleartext" data to be signed or it is the hashed value of "cleartext" i.e. the @@ -1645,6 +1650,7 @@ FloatValue = rand:uniform(). % again <name name="verify" arity="6" since="OTP 20.1"/> <fsummary>Verifies a digital signature.</fsummary> <desc> + <p>Uses the <seeerl marker="#error_3tup">3-tuple style</seeerl> for error handling.</p> <p>Verifies a digital signature</p> <p>The msg is either the binary "cleartext" data to be signed or it is the hashed value of "cleartext" i.e. the diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index bffaacb043..fdf2cdfbf9 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -1424,11 +1424,9 @@ sign(Algorithm, Type, Data, Key) -> sign(Algorithm0, Type0, Data, Key, Options) -> {Algorithm, Type} = sign_verify_compatibility(Algorithm0, Type0, Data), - case pkey_sign_nif(Algorithm, Type, Data, format_pkey(Algorithm, Key), Options) of - error -> erlang:error(badkey, [Algorithm, Type, Data, Key, Options]); - notsup -> erlang:error(notsup); - Signature -> Signature - end. + ?nif_call(pkey_sign_nif(Algorithm, Type, Data, format_pkey(Algorithm, Key), Options), + {1, 2, 3, 4, 5}, + [Algorithm0, Type0, Data, Key, Options]). pkey_sign_nif(_Algorithm, _Type, _Digest, _Key, _Options) -> ?nif_stub. @@ -1473,10 +1471,9 @@ verify(Algorithm, Type, Data, Signature, Key) -> verify(Algorithm0, Type0, Data, Signature, Key, Options) -> {Algorithm, Type} = sign_verify_compatibility(Algorithm0, Type0, Data), - case pkey_verify_nif(Algorithm, Type, Data, Signature, format_pkey(Algorithm, Key), Options) of - notsup -> erlang:error(notsup); - Boolean -> Boolean - end. + ?nif_call(pkey_verify_nif(Algorithm, Type, Data, Signature, format_pkey(Algorithm, Key), Options), + {1,2,3,4,5}, + [Algorithm0, Type0, Data, Signature, Key, Options]). pkey_verify_nif(_Algorithm, _Type, _Data, _Signature, _Key, _Options) -> ?nif_stub. @@ -1562,12 +1559,7 @@ pkey_crypt(rsa, Text, Key, Padding, PubPriv, EncDec) when is_atom(Padding) -> pkey_crypt(rsa, Text, Key, [{rsa_padding, Padding}], PubPriv, EncDec); pkey_crypt(Alg, Text, Key, Options, PubPriv, EncDec) -> - case pkey_crypt_nif(Alg, Text, format_pkey(Alg,Key), Options, PubPriv, EncDec) of - error when EncDec==true -> erlang:error(encrypt_failed, [Alg, Text, Key, Options]); - error when EncDec==false -> erlang:error(decrypt_failed, [Alg, Text, Key, Options]); - notsup -> erlang:error(notsup); - Out -> Out - end. + ?nif_call(pkey_crypt_nif(Alg, Text, format_pkey(Alg,Key), Options, PubPriv, EncDec)). pkey_crypt_nif(_Algorithm, _In, _Key, _Options, _IsPrivate, _IsEncrypt) -> ?nif_stub. @@ -2305,16 +2297,15 @@ ec_curve(X) -> EnginePrivateKeyRef :: engine_key_ref(), PublicKey :: rsa_public() | dss_public() . privkey_to_pubkey(Alg, EngineMap) when Alg == rsa; Alg == dss; Alg == ecdsa -> - try privkey_to_pubkey_nif(Alg, format_pkey(Alg,EngineMap)) - of + try ?nif_call(privkey_to_pubkey_nif(Alg, format_pkey(Alg,EngineMap))) of [_|_]=L -> map_ensure_bin_as_int(L); X -> X catch - error:badarg when Alg==ecdsa -> + error:{badarg,_,_} when Alg==ecdsa -> {error, notsup}; - error:badarg -> + error:{badarg,_,_} -> {error, not_found}; - error:notsup -> + error:{notsup,_,_} -> {error, notsup} end. diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 0329ed992a..15ab9e735a 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -1584,6 +1584,13 @@ do_sign_verify({Type, Hash, Public, Private, Msg, Options}) -> ct:log("notsup but OK in old cryptolib crypto:sign(~p, ~p, ..., ..., ..., ~p)", [Type,Hash,Options]), true; + error:{notsup,_,_} when NotSupLow == true, + is_integer(LibVer), + LibVer < 16#10001000 -> + %% Those opts where introduced in 1.0.1 + ct:log("notsup but OK in old cryptolib crypto:sign(~p, ~p, ..., ..., ..., ~p)", + [Type,Hash,Options]), + true; C:E -> ct:log("~p:~p crypto:sign(~p, ~p, ..., ..., ..., ~p)", [C,E,Type,Hash,Options]), ct:fail({{crypto, sign_verify, [LibVer, Type, Hash, Msg, Public, Options]}}) @@ -4353,15 +4360,15 @@ bad_mac_name(_Config) -> bad_sign_name(_Config) -> ?chk_api_name(crypto:sign(rsa, foobar, "nothing", <<1:1024>>), - error:badarg), + error:{badarg, {"pkey.c",_}, "Bad digest type"}), ?chk_api_name(crypto:sign(foobar, sha, "nothing", <<1:1024>>), - error:badarg). + error:{badarg, {"pkey.c",_}, "Bad algorithm"}). bad_verify_name(_Config) -> - ?chk_api_name(crypto:verify(rsa, foobar, "nothing","nothing", <<1:1024>>), - error:badarg), - ?chk_api_name(crypto:verify(foobar, sha, "nothing", "nothing", <<1:1024>>), - error:badarg). + ?chk_api_name(crypto:verify(rsa, foobar, "nothing", <<"nothing">>, <<1:1024>>), + error:{badarg,{"pkey.c",_},"Bad digest type"}), + ?chk_api_name(crypto:verify(foobar, sha, "nothing", <<"nothing">>, <<1:1024>>), + error:{badarg, {"pkey.c",_}, "Bad algorithm"}). %%%---------------------------------------------------------------- diff --git a/lib/crypto/test/engine_SUITE.erl b/lib/crypto/test/engine_SUITE.erl index cab519fdb9..91ed00cbab 100644 --- a/lib/crypto/test/engine_SUITE.erl +++ b/lib/crypto/test/engine_SUITE.erl @@ -833,7 +833,7 @@ sign_verify_rsa_pwd_bad_pwd(Config) -> try sign_verify(rsa, sha, Priv, Pub) of _ -> {fail, "PWD prot pubkey sign succeeded with no pwd!"} catch - error:badarg -> ok + error:{badarg,_,_} -> ok end. priv_encrypt_pub_decrypt_rsa(Config) -> -- 2.34.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
