5 files changed, 87 insertions, 9 deletions

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 3020cadc56..e55a03d26a 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -507,6 +507,15 @@ static int init_ose_crypto() {
 #endif
 
 #ifdef HAVE_DYNAMIC_CRYPTO_LIB
+
+# if defined(DEBUG)
+static char crypto_callback_name[] = "crypto_callback.debug";
+# elif defined(VALGRIND)
+static char crypto_callback_name[] = "crypto_callback.valgrind";
+# else
+static char crypto_callback_name[] = "crypto_callback";
+# endif
+
 static int change_basename(ErlNifBinary* bin, char* buf, int bufsz, const char* newfile)
 {
     int i;
@@ -613,7 +622,7 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info)
 #ifdef HAVE_DYNAMIC_CRYPTO_LIB
     {
 	void* handle;
-	if (!change_basename(&lib_bin, lib_buf, sizeof(lib_buf), "crypto_callback")) {
+	if (!change_basename(&lib_bin, lib_buf, sizeof(lib_buf), crypto_callback_name)) {
 	    return 0;
 	}
 	if (!(handle = enif_dlopen(lib_buf, &error_handler, NULL))) {
@@ -1384,6 +1393,7 @@ static ERL_NIF_TERM hmac_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[
     ErlNifBinary key;
     struct hmac_context* obj;
     const EVP_MD *md;
+    ERL_NIF_TERM ret;
     
     CHECK_OSE_CRYPTO();
 
@@ -1415,7 +1425,9 @@ static ERL_NIF_TERM hmac_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[
     HMAC_CTX_init(&obj->ctx);
     HMAC_Init(&obj->ctx, key.data, key.size, md);
 
-    return enif_make_resource(env, obj);
+    ret = enif_make_resource(env, obj);
+    enif_release_resource(obj);
+    return ret;
 }
 
 static ERL_NIF_TERM hmac_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
@@ -2506,6 +2518,7 @@ static ERL_NIF_TERM dss_sign_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
 	return enif_make_binary(env, &ret_bin);
     }
     else {
+	enif_release_binary(&ret_bin);
 	return atom_error;
     }
 }
@@ -2768,6 +2781,7 @@ static ERL_NIF_TERM dh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_T
 	    ret = enif_make_binary(env, &ret_bin);
 	}
 	else {
+	    enif_release_binary(&ret_bin);
 	    ret = atom_error;
 	}
     }
@@ -2892,8 +2906,8 @@ static ERL_NIF_TERM srp_user_secret_nif(ErlNifEnv* env, int argc, const ERL_NIF_
 
     /* a + (u * x) */
     bn_exp2 = BN_new();
-    BN_mod_mul(bn_result, bn_u, bn_exponent, bn_prime, bn_ctx);
-    BN_mod_add(bn_exp2, bn_a, bn_result, bn_prime, bn_ctx);
+    BN_mul(bn_result, bn_u, bn_exponent, bn_ctx);
+    BN_add(bn_exp2, bn_a, bn_result);
 
     /* (B - (k * g^x)) ^ (a + (u * x)) % N */
     BN_mod_exp(bn_result, bn_base, bn_exp2, bn_prime, bn_ctx);
@@ -3239,6 +3253,7 @@ out:
     if (bn_order) BN_free(bn_order);
     if (cofactor) BN_free(cofactor);
     if (group) EC_GROUP_free(group);
+    if (point) EC_POINT_free(point);
 
     return key;
 }
@@ -3401,8 +3416,11 @@ static ERL_NIF_TERM ec_key_generate(ErlNifEnv* env, int argc, const ERL_NIF_TERM
 	EC_KEY_free(key);
 	return enif_make_tuple2(env, pub_key, priv_key);
     }
-    else
+    else {
+	if (key)
+	    EC_KEY_free(key);
 	return enif_make_badarg(env);
+    }
 #else
     return atom_notsup;
 #endif
diff --git a/lib/crypto/c_src/crypto_callback.c b/lib/crypto/c_src/crypto_callback.c
index a08dcec463..b4c175ae43 100644
--- a/lib/crypto/c_src/crypto_callback.c
+++ b/lib/crypto/c_src/crypto_callback.c
@@ -107,8 +107,6 @@ static INLINE void locking(int mode, ErlNifRWLock* lock)
 
 static void locking_function(int mode, int n, const char *file, int line)
 {
-    ASSERT(n>=0 && n<CRYPTO_num_locks());
-
     locking(mode, lock_vec[n]);
 }
 
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 34f2e3c469..1bd2034b93 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -30,6 +30,42 @@
   </header>
   <p>This document describes the changes made to the Crypto application.</p>
 
+<section><title>Crypto 3.4</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix memory leak in <c>crypto:hmac_init/upgrade/final</c>
+	    functions for all data and in <c>crypto:hmac/3/4</c> for
+	    data larger than 20000 bytes. Bug exists since OTP 17.0.</p>
+          <p>
+	    Own Id: OTP-11953</p>
+        </item>
+        <item>
+          <p>
+	    Fix memory leak in <c>crypto</c> for elliptic curve.</p>
+          <p>
+	    Own Id: OTP-11999</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Add <c>aes_cfb8</c> cypher to <c>crypto:block_encrypt</c>
+	    and <c>block_decrypt</c>.</p>
+          <p>
+	    Own Id: OTP-11911</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Crypto 3.3</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 479c947029..03aa3964a5 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -690,7 +690,7 @@ group_config(ecdsa = Type, Config) ->
     SignVerify = [{Type, sha, Public, Private, Msg}],
     [{sign_verify, SignVerify} | Config];
 group_config(srp, Config) ->
-    GenerateCompute = [srp3(), srp6(), srp6a()],
+    GenerateCompute = [srp3(), srp6(), srp6a(), srp6a_smaller_prime()],
     [{generate_compute, GenerateCompute} | Config];
 group_config(ecdh, Config) ->
     Compute = ecdh(),
@@ -1496,6 +1496,32 @@ srp6() ->
     ClientPublic = crypto:mod_pow(Generator, ClientPrivate, Prime),
     srp(ClientPrivate, Generator, Prime, Version, Verifier, ServerPublic, ServerPrivate, UserPassHash, Scrambler, SessionKey).
 
+
+srp6a_smaller_prime() ->
+    Username = <<"alice">>,
+    Password = <<"password123">>,
+    Salt = <<"mystrongsalt">>,
+    Prime = hexstr2bin("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7"),
+    Generator = <<7>>,
+    Version = '6a',
+    Scrambler = hexstr2bin("18DE4A002AD05EF464B19AE2B6929F9B1319C7AA"),
+    Verifier = hexstr2bin("867401D5DE10964768184EAF246B322760C847604075FA66A4423907"
+			  "8428BCA5"),
+    ClientPrivate = hexstr2bin("C49F832EE8D67ECF9E7F2785EB0622D8B3FE2344C00F96E1AEF4103C"
+			  "A44D51F9"),
+    ServerPrivate = hexstr2bin("6C78CCEAAEC15E69068A87795B2A20ED7B45CFC5A254EBE2F17F144A"
+			  "4D99DB18"),
+    ClientPublic = hexstr2bin("2452A57166BBBF690DB77539BAF9C57CD1ED99D5AA15ED925AD9B5C3"
+			  "64BBEDFF"),
+    ServerPublic = hexstr2bin("2C0464DE84B91E4963A3546CAC0EFE55F31F49208C3F0AD7EE55F444"
+			  "8F38BA7F"),
+
+    SessionKey = hexstr2bin("65581B2302580BD26F522A5A421CF969B9CCBCE4051196B034A2A9D22065D848"),
+    UserPassHash = crypto:hash(sha, [Salt, crypto:hash(sha, [Username, <<$:>>, Password])]),
+    Verifier = crypto:mod_pow(Generator, UserPassHash, Prime), 
+    ClientPublic = crypto:mod_pow(Generator, ClientPrivate, Prime),
+    srp(ClientPrivate, Generator, Prime, Version, Verifier, ServerPublic, ServerPrivate, UserPassHash, Scrambler, SessionKey).
+
 srp6a() ->
     Username = <<"alice">>,
     Password = <<"password123">>,
diff --git a/lib/crypto/vsn.mk b/lib/crypto/vsn.mk
index a2bd6f851a..b2bb1d7dfb 100644
--- a/lib/crypto/vsn.mk
+++ b/lib/crypto/vsn.mk
@@ -1 +1 @@
-CRYPTO_VSN = 3.3
+CRYPTO_VSN = 3.4