File 0432-crypto-Make-ed25519-x25519-available-without-ed448-x.patch of Package erlang
From 4da9a09462c31e3ddcb440cf9f6a233f8f0c251c Mon Sep 17 00:00:00 2001
From: Volker Schlecht <47375452+VlkrS@users.noreply.github.com>
Date: Tue, 3 Dec 2024 20:39:51 +0100
Subject: [PATCH] crypto: Make ed25519/x25519 available without ed448/x448
---
lib/crypto/c_src/algorithms.c | 8 ++++++--
lib/crypto/c_src/atoms.c | 32 +++++++++++++++++++------------
lib/crypto/c_src/atoms.h | 17 ++++++++++------
lib/crypto/c_src/eddsa.c | 2 ++
lib/crypto/c_src/evp.c | 6 ++++++
lib/crypto/c_src/openssl_config.h | 16 ++++++++++++++--
6 files changed, 59 insertions(+), 22 deletions(-)
diff --git a/lib/crypto/c_src/algorithms.c b/lib/crypto/c_src/algorithms.c
index e02b85b0b7..9545de5979 100644
--- a/lib/crypto/c_src/algorithms.c
+++ b/lib/crypto/c_src/algorithms.c
@@ -604,12 +604,16 @@ int init_curves(ErlNifEnv* env, int fips) {
#endif
if (!fips) {
-#ifdef HAVE_EDDSA
+#ifdef HAVE_ED25519
algo_curve[fips][cnt++] = enif_make_atom(env,"ed25519");
+#endif
+#ifdef HAVE_ED448
algo_curve[fips][cnt++] = enif_make_atom(env,"ed448");
#endif
-#ifdef HAVE_EDDH
+#ifdef HAVE_X25519
algo_curve[fips][cnt++] = enif_make_atom(env,"x25519");
+#endif
+#ifdef HAVE_X448
algo_curve[fips][cnt++] = enif_make_atom(env,"x448");
#endif
}
diff --git a/lib/crypto/c_src/atoms.c b/lib/crypto/c_src/atoms.c
index a555ce1260..2a9dfa7428 100644
--- a/lib/crypto/c_src/atoms.c
+++ b/lib/crypto/c_src/atoms.c
@@ -94,19 +94,24 @@ ERL_NIF_TERM atom_rsa;
ERL_NIF_TERM atom_dss;
ERL_NIF_TERM atom_ecdsa;
-#ifdef HAVE_EDDH
+#ifdef HAVE_X25519
ERL_NIF_TERM atom_x25519;
-ERL_NIF_TERM atom_x448;
-ERL_NIF_TERM atom_ed25519;
-ERL_NIF_TERM atom_ed448;
#endif
-ERL_NIF_TERM atom_eddsa;
-#ifdef HAVE_EDDSA
+#ifdef HAVE_ED25519
ERL_NIF_TERM atom_ed25519;
+#endif
+
+#ifdef HAVE_X448
+ERL_NIF_TERM atom_x448;
+#endif
+
+#ifdef HAVE_ED448
ERL_NIF_TERM atom_ed448;
#endif
+ERL_NIF_TERM atom_eddsa;
+
ERL_NIF_TERM atom_rsa_mgf1_md;
ERL_NIF_TERM atom_rsa_oaep_label;
ERL_NIF_TERM atom_rsa_oaep_md;
@@ -221,17 +226,20 @@ int init_atoms(ErlNifEnv *env) {
atom_dss = enif_make_atom(env,"dss");
atom_ecdsa = enif_make_atom(env,"ecdsa");
-#ifdef HAVE_EDDH
+#ifdef HAVE_X25519
atom_x25519 = enif_make_atom(env,"x25519");
- atom_x448 = enif_make_atom(env,"x448");
- atom_ed25519 = enif_make_atom(env,"ed25519");
- atom_ed448 = enif_make_atom(env,"ed448");
#endif
- atom_eddsa = enif_make_atom(env,"eddsa");
-#ifdef HAVE_EDDSA
+#ifdef HAVE_ED25519
atom_ed25519 = enif_make_atom(env,"ed25519");
+#endif
+#ifdef HAVE_X448
+ atom_x448= enif_make_atom(env,"x448");
+#endif
+#ifdef HAVE_ED448
atom_ed448 = enif_make_atom(env,"ed448");
#endif
+
+ atom_eddsa = enif_make_atom(env,"eddsa");
atom_rsa_mgf1_md = enif_make_atom(env,"rsa_mgf1_md");
atom_rsa_oaep_label = enif_make_atom(env,"rsa_oaep_label");
atom_rsa_oaep_md = enif_make_atom(env,"rsa_oaep_md");
diff --git a/lib/crypto/c_src/atoms.h b/lib/crypto/c_src/atoms.h
index 33f8a5ffaa..df0b9c00c7 100644
--- a/lib/crypto/c_src/atoms.h
+++ b/lib/crypto/c_src/atoms.h
@@ -98,19 +98,24 @@ extern ERL_NIF_TERM atom_rsa;
extern ERL_NIF_TERM atom_dss;
extern ERL_NIF_TERM atom_ecdsa;
-#ifdef HAVE_EDDH
+#ifdef HAVE_X25519
extern ERL_NIF_TERM atom_x25519;
-extern ERL_NIF_TERM atom_x448;
-extern ERL_NIF_TERM atom_ed25519;
-extern ERL_NIF_TERM atom_ed448;
#endif
-extern ERL_NIF_TERM atom_eddsa;
-#ifdef HAVE_EDDSA
+#ifdef HAVE_ED25519
extern ERL_NIF_TERM atom_ed25519;
+#endif
+
+#ifdef HAVE_X448
+extern ERL_NIF_TERM atom_x448;
+#endif
+
+#ifdef HAVE_ED448
extern ERL_NIF_TERM atom_ed448;
#endif
+extern ERL_NIF_TERM atom_eddsa;
+
extern ERL_NIF_TERM atom_rsa_mgf1_md;
extern ERL_NIF_TERM atom_rsa_oaep_label;
extern ERL_NIF_TERM atom_rsa_oaep_md;
diff --git a/lib/crypto/c_src/eddsa.c b/lib/crypto/c_src/eddsa.c
index 83fef6141b..91945496a4 100644
--- a/lib/crypto/c_src/eddsa.c
+++ b/lib/crypto/c_src/eddsa.c
@@ -40,8 +40,10 @@ int get_eddsa_key(ErlNifEnv* env, int public, ERL_NIF_TERM key, EVP_PKEY **pkey)
if (algo == atom_ed25519) {
type = EVP_PKEY_ED25519;
+#ifdef HAVE_ED448
} else if (algo == atom_ed448) {
type = EVP_PKEY_ED448;
+#endif
} else {
goto err;
}
diff --git a/lib/crypto/c_src/evp.c b/lib/crypto/c_src/evp.c
index 3a3f384a60..802ead28e3 100644
--- a/lib/crypto/c_src/evp.c
+++ b/lib/crypto/c_src/evp.c
@@ -37,8 +37,10 @@ ERL_NIF_TERM evp_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
/* Arg 0, Curve */
if (argv[0] == atom_x25519)
type = EVP_PKEY_X25519;
+#ifdef HAVE_X448
else if (argv[0] == atom_x448)
type = EVP_PKEY_X448;
+#endif
else
assign_goto(ret, bad_arg, EXCP_BADARG_N(env, 0, "Bad curve"));
@@ -122,12 +124,16 @@ ERL_NIF_TERM evp_generate_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM a
if (argv[0] == atom_x25519)
type = EVP_PKEY_X25519;
+#ifdef HAVE_X448
else if (argv[0] == atom_x448)
type = EVP_PKEY_X448;
+#endif
else if (argv[0] == atom_ed25519)
type = EVP_PKEY_ED25519;
+#ifdef HAVE_ED448
else if (argv[0] == atom_ed448)
type = EVP_PKEY_ED448;
+#endif
else
assign_goto(ret, bad_arg, EXCP_BADARG_N(env, 0, "Bad curve"));
diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h
index 9ec5f447ef..0a8af3f1aa 100644
--- a/lib/crypto/c_src/openssl_config.h
+++ b/lib/crypto/c_src/openssl_config.h
@@ -288,10 +288,12 @@
&& !defined(HAS_LIBRESSL) \
&& defined(HAVE_EC)
# ifdef HAVE_DH
-# define HAVE_EDDH
+# define HAVE_X25519
+# define HAVE_X448
# endif
# if OPENSSL_VERSION_NUMBER >= (PACKED_OPENSSL_VERSION_PLAIN(1,1,1))
-# define HAVE_EDDSA
+# define HAVE_ED25519
+# define HAVE_ED448
# endif
#endif
@@ -342,6 +344,8 @@
# if LIBRESSL_VERSION_NUMBER >= 0x3070000fL
# define HAVE_CHACHA20_POLY1305
# define HAVE_CHACHA20
+# define HAVE_ED25519
+# define HAVE_X25519
# endif
#endif
@@ -504,6 +508,14 @@ do { \
# define FIPS_MODE() 0
#endif
+#if defined(HAVE_ED448) || defined(HAVE_ED25519)
+# define HAVE_EDDSA
+#endif
+
+#if defined(HAVE_X448) || defined(HAVE_X25519)
+# define HAVE_EDDH
+#endif
+
#ifdef HAS_3_0_API
/* Set CRYPTO_DEVELOP_ERRORS to make error messages more verbose,
that is, include the error msg from cryptolib.
--
2.43.0
