File 8731-crypto-ECDSA-ECDH-curve-as-a-2-tuple-.old-def.-Name-.patch of Package erlang
From 3b24f8259a10a756dae4f3a90be53c9c2f00dcb1 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Tue, 29 Mar 2022 13:55:06 +0200
Subject: [PATCH 1/2] crypto: ECDSA/ECDH curve as a 2-tuple {{..old def..},
Name} from erl to nif
To enable EC selection by name that is a requirement for FIPS
in OpenSSL 3.0
---
lib/crypto/c_src/ec.c | 15 +++++++++++++--
lib/crypto/c_src/ecdh.c | 2 +-
lib/crypto/src/crypto.erl | 16 ++++++++++------
3 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/lib/crypto/c_src/ec.c b/lib/crypto/c_src/ec.c
index f14768d134..124582c4f8 100644
--- a/lib/crypto/c_src/ec.c
+++ b/lib/crypto/c_src/ec.c
@@ -35,6 +35,8 @@ int get_curve_definition(ErlNifEnv* env, ERL_NIF_TERM *ret, ERL_NIF_TERM def,
const ERL_NIF_TERM *field;
int f_arity = -1;
BIGNUM *p = NULL;
+ int arity = -1;
+ const ERL_NIF_TERM* curve_tuple;
/* Here are two random curve definition examples, one prime_field and
one characteristic_two_field. Both are from the crypto/src/crypto_ec_curves.erl.
@@ -66,8 +68,12 @@ int get_curve_definition(ErlNifEnv* env, ERL_NIF_TERM *ret, ERL_NIF_TERM def,
};
*/
+ /* Separate the curve definition from the curve name */
+ if (!enif_get_tuple(env, def, &arity, &curve_tuple) || (arity != 2))
+ assign_goto(*ret, err, EXCP_ERROR(env, "Tuple arity 2 expected."));
+
/* {Field, Prime, Point, Order, CoFactor} = CurveDef */
- if (!enif_get_tuple(env, def, &c_arity, &curve) ||
+ if (!enif_get_tuple(env, curve_tuple[0], &c_arity, &curve) ||
c_arity != 5)
assign_goto(*ret, err, EXCP_ERROR_N(env, 1, "Bad curve def. Expect 5-tuple."));
@@ -792,6 +798,8 @@ int get_ec_key_sz(ErlNifEnv* env,
BIGNUM *priv_key = NULL;
EC_POINT *pub_key = NULL;
EC_GROUP *group = NULL;
+ int arity = -1;
+ const ERL_NIF_TERM* curve_tuple;
if (priv != atom_undefined) {
if (!get_bn_from_bin(env, priv, &priv_key))
@@ -802,7 +810,10 @@ int get_ec_key_sz(ErlNifEnv* env,
goto err;
}
- if ((key = ec_key_new(env, curve, size)) == NULL)
+ if (!enif_get_tuple(env, curve, &arity, &curve_tuple) || (arity != 2))
+ goto err;
+
+ if ((key = ec_key_new(env, curve_tuple[0], size)) == NULL)
goto err;
if ((group = EC_GROUP_dup(EC_KEY_get0_group(key))) == NULL)
diff --git a/lib/crypto/c_src/ecdh.c b/lib/crypto/c_src/ecdh.c
index 96c57f18e7..7509d9cb84 100644
--- a/lib/crypto/c_src/ecdh.c
+++ b/lib/crypto/c_src/ecdh.c
@@ -34,7 +34,7 @@ ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM a
# include "bn.h"
ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
-/* (OtherPublicKey, Curve, My) */
+/* (OtherPublicKey, {CurveDef,CurveName}, My) */
{
ERL_NIF_TERM ret = atom_undefined;
ErlNifBinary ret_bin;
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 7fef4351f6..e4b68da8a6 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -2314,17 +2314,21 @@ term_to_nif_curve({A, B, Seed}) ->
{ensure_int_as_bin(A), ensure_int_as_bin(B), Seed}.
nif_curve_params({PrimeField, Curve, BasePoint, Order, CoFactor}) ->
- {term_to_nif_prime(PrimeField),
- term_to_nif_curve(Curve),
- ensure_int_as_bin(BasePoint),
- ensure_int_as_bin(Order),
- ensure_int_as_bin(CoFactor)};
+ {
+ {term_to_nif_prime(PrimeField),
+ term_to_nif_curve(Curve),
+ ensure_int_as_bin(BasePoint),
+ ensure_int_as_bin(Order),
+ ensure_int_as_bin(CoFactor)
+ },
+ undefined %% The curve name
+ };
nif_curve_params(Curve) when is_atom(Curve) ->
%% named curve
case Curve of
x448 -> {evp,Curve};
x25519 -> {evp,Curve};
- _ -> crypto_ec_curves:curve(Curve)
+ _ -> {crypto_ec_curves:curve(Curve), Curve}
end.
--
2.35.3
