| Age | Commit message (Collapse) | Author |
|---|
|
Add support to plug in alternative implementations for
some or all of the cryptographic operations supported by
the OpenSSL Engine API.
When configured appropriately, OpenSSL calls the engine's
implementation of these operations instead of its own.
|
|
For consistency with other applications.
|
|
FIPS mode support needs to be enabled at compile time, by configuring
Erlang/OTP with --enable-fips option. In FIPS mode the non-FIPS
algorithms are disabled and raise error notsup.
The supported protocols list is properly updated in FIPS mode to
advertise only the enabled protocols.
FIPS mode is off by default even if Erlang/OTP was built with FIPS
support. It needs to be turned on at runtime.
The official approach is to set the fips_mode application environment
parameter of the crypto application to true. This would turn FIPS mode
on when the NIF is loaded and would prevent loading the module on
error.
Another method is provided via the crypto:enable_fips_mode/1
function, but it is not recommended to be used in production, as it
won't prevent the use of the crypto module in case of an error, and
would risk OpenSSL crashing the emulator. It is very useful for test
suites however that need to check both validated and non-validated
functionality.
This commit is based on commit
00b3a04d17a653b4abddeebd6dd8a2c38df532d0.
|
|
|
|
The OSE port is no longer supported and this commit removed it
and any changes related to it. The things that were general
improvements have been left in the code.
|
|
|
|
This port has support for both non-smp and smp.
It contains a new way to do io checking in which erts_poll_wait
receives the payload of the polled entity. This has implications
for all linked-in drivers.
|
|
Both crypto and asn1 are supported.
|
|
With silent rules, the output of make is less verbose and compilation
warnings are easier to spot. Silent rules are disabled by default and
can be disabled or enabled at will by make V=0 and make V=1.
|
|
if static linking of openssl is used.
|
|
Facts:
crypto nif-lib registers callback functions that openssl uses
for memory management and thread synchronization. The callback
functions can only be set once, openssl does not allow changing the
callback functions.
Problem:
If openssl is dynamicly linked to crypto, you might get s scenario
where the crypto lib is unloaded while leaving openssl loaded
with its old pointers to the unloaded crypto code intact.
If crypto is then reloaded (by init:restart() for example), the crypto
nif-lib might get relocated at a different address. crypto calls
openssl which in turn calls the old invalid callback functions...kaboom.
Solution:
Break apart the callback functions into a separate dynamic lib that
crypto loads with dlopen. When crypto is unloaded the callback lib is
left in place to be reused if/when crypto is loaded again.
|
|
|
|
OTP-10106
OTP-10107
|
|
crypto only uses libcrypto.
Superfluous dependency introduced in R14B04 by 52230a417ad0057.
|
|
|
|
|
|
Create directories first, not within implicit rules. If two
'install' instances runs at the same time attempting to create
a directory, one of them may fail with an "File exists" error.
I tried to use order-only prerequisites to create the directories,
but run into two problems: First, order-only prerequisites are
only implemented in Make 3.80 and later. Second, on a computer
running Solaris/Intel 2.8 (with Make 3.80), order-only prerequisites
seemed to work like ordinary prerequisites, causing targets to
be re-built if the timestamp for the directory changed.
Therefore, using a shell command to run mkdir seems to be the
more portable solution.
|
|
|
|
|
|
The NIF library for crypto can now be built for valgrind
and/or debug as separate NIF libraries that will be
automatically loaded if the runtime system has been built
with a matching build type.
|
|
crypto application changed to use NIFs instead of driver.
|
|
* kr/crypto_makefile:
Fix Makefile permission problem of crypto library on FreeBSD Erlang/OTP building
|
|
This patch changes INSTALL_PROGRAM to INSTALL_DATA for the Makefile at
lib/crypto/priv/obj, which discontinues the building procedure of Erlang/OTP
on FreeBSD. Originally posted by Giacomo Olgeni as a part of FreeBSD port
patch files.
See
http://www.erlang.org/cgi-bin/ezmlm-cgi?3:mss:335:200811:hijljjocpmpkhgkhfkdl
for the detailed analysis.
|
|
improvements.
Most notable:
Lots of cross compilation improvements. The old cross compilation
support was more or less non-existing as well as broken. Please,
note that the cross compilation support should still be
considered as experimental. Also note that old cross compilation
configurations cannot be used without modifications. For more
information on cross compiling Erlang/OTP see the
$ERL_TOP/xcomp/README file.
Support for staged install using <url
href="http://www.gnu.org/prep/standards/html_node/DESTDIR.html">D
ESTDIR</url>. The old broken INSTALL_PREFIX has also been fixed.
For more information see the $ERL_TOP/README file.
Documentation of the release target of the top Makefile. For more
information see the $ERL_TOP/README file.
make install now by default creates relative symbolic links
instead of absolute ones. For more information see the
$ERL_TOP/README file.
$ERL_TOP/configure --help=recursive now works and prints help for
all applications with configure scripts.
Doing make install, or make release directly after make all no
longer triggers miscellaneous rebuilds.
Existing bootstrap system is now used when doing make install, or
make release without a preceding make all.
The crypto and ssl applications use the same runtime library path
when dynamically linking against libssl.so and libcrypto.so. The
runtime library search path has also been extended.
The configure scripts of erl_interface and odbc now search for
thread libraries and thread library quirks the same way as erts
do.
The configure script of the odbc application now also looks for
odbc libraries in lib64 and lib/64 directories when building on a
64-bit system.
The config.h.in file in the erl_interface application is now
automatically generated in instead of statically updated which
reduces the risk of configure tests without any effect.
|
|
|
