Age | Commit message (Collapse) | Author |
|
|
|
OpenSSL has deprecated the function RAND_pseudo_bytes used by
crypto:rand_bytes/1, so this function is now deprecated in OTP too.
rand_bytes/3 also used this function, but was not documented
so we can remove it right away.
This commit also removes the fallback in generate_key to use
rand_bytes/1 if strong_rand_bytes/1 throws low entropy.
This is a potential incompatibility but we think it is desirable
as crypto should provide cryptographically secure functions.
|
|
|
|
* henrik/update-copyrightyear:
update copyright-year
|
|
by not repeating calls to get static EVP_MD and EVP_CIPHER objects.
Also compressed the structs with unions
for better caching during search.
|
|
and not badarg.
|
|
This commit enables AES-GCM encryption/decryption to change its tag
length between 1 to 16 bytes.
|
|
|
|
|
|
The FIPS-enabled OpenSSL on RHEL disallows the use of < 256 bit prime
fields (like secp128r1 or secp160k1), and the EC_GROUP_new_cuve_GFp
call would return a NULL pointer for such fields. Not checking for
this failure could result in a segfault in the NIF code.
|
|
|
|
OTP-13207
* sverk/crypto/aes-ecb-192-bit:
crypto: Support 192-bit keys for AES ECB
|
|
|
|
OTP-13206
* sverk/crypto/aes-cbc-192-bit:
crypto: Support 192-bit keys for AES CBC
|
|
and deprecate aes_cbc128 and aes_cbc256 in favor of aes_cbc.
This commit is pr 832 squashed, rebased and made work on master
https://github.com/erlang/otp/pull/832/commits
|
|
|
|
for the EVP_CIPHER_CTX.
|
|
This enables the use of hardware acceleration on newer Intel CPUs (AES-NI).
|
|
that make EVP_CIPHER_iv_length() return non-zero value.
Seems to be fixed in 0.9.8m.
|
|
|
|
causing OpenSSL 0.9.8h to crash with
evp_enc.c(282): OpenSSL internal error, assertion failed: inl > 0
|
|
Using the generic EVP_* API makes it possible to unify
algorithm-specific nif functions to a single generic
function. Effectively the same change that took place on the Erlang
API in R16B01 is now applied to the C code.
The old implementation using the low-level API is kept
for compiling against old OpenSSL,
as parts of the EVP API were introduced in OpenSSL 1.0.0.
There are various minor improvements as well:
- supported algorithms are now provided by the nif code (not a mix of
the C and Erlang code)
- remove unnecessary variables and macro definitions
Most of the changes in this commit comes from Dániel Szoboszlay
https://github.com/dszoboszlay/otp/commit/07f7056f955b324df4ace
which is part of his 'fips' branch.
Now also rebased on master branch.
|
|
The OSE port is no longer supported and this commit removed it
and any changes related to it. The things that were general
improvements have been left in the code.
|
|
|
|
that could cause VM crash on faulty input.
|
|
Use a stack allocated context and EVP_CIPHER_CTX_init/cleanup
instead of dynamic EVP_CIPHER_CTX_new/free that does not exist in older
0.9.8 versions.
|
|
|
|
Despite the confusion caused by the name, aes_cfb_8_crypt and
aes_cfb_128_crypt can use key lengths of 128, 192, or 256. The integer
in the function name refers to the block size for CFB mode. Change
the aes_cfb_8_crypt and aes_cfb_128_crypt functions to accept and use
keys of length 128, 192, or 256. Also augment the existing testing for
these functions using the NIST test vectors for the additional key
lengths to ensure the changes function properly.
|
|
* andreaTP/added-aes-ecb-to-crypto/OTP-12403:
aligned implementation following last specs
finally fixed docs
fixed incorrect tag
proposal of documentation
fixes and tests
add aes ecb to crypto library
|
|
OTP-12394
* RoadRunnr/crypto-ecc-gen-key:
[crypto] enhance generate_key for ECC keys
|
|
|
|
This enables the use of hardware acceleration for AES crypto
on newer Intel CPUs (AES-NI), among other platforms.
|
|
enhance generate_key to calculate ECC public keys from private keys
|
|
|
|
to prevent strange memory corruption crashes due to
mismatch between header and library versions.
|
|
|
|
|
|
* sverk/crypto-ec-mem-leak/OTP-11999:
crypto: Fix memory leak of EC "keys" and "points"
crypto: Fix crypto for debug and valgrind
|
|
|
|
without relying on opt-version has been built.
Removed ASSERT to make crypto_callback.debug.so work without
dynamic linking to libcrypto.so.
|
|
* pguyot/fix_srp:
Fix bug in SRP implementation
|
|
sign(dss,) and compute_key(dh,)
|
|
The context was never deallocated.
|
|
SRP didn't work with smaller primes as user secret was improperly
computed.
Formula is: (B - (k * g^x)) ^ (a + (u * x)) % N
Previously, the code computed a + (u * x) % N instead of a + (u * x).
a typically is a 256 bits random number (RFC 5054 says it should be at
least 256 bits), u and x are SHA1 signatures (160 bits). So a + (u * x)
can differ from a + (u * x) % N for N primes smaller than 320 bits.
|
|
This adds the aes_cfb8 cypher type (and associated tests and
documentation) to the crypto module.
|
|
* lukas/ose/master/OTP-11334: (71 commits)
erts: Fix unix efile assert
ose: Use -O2 when building
ose: Expand OSE docs
ose: Add dummy ttsl driver
ose: Cleanup cleanup of mutex selection defines
ose: Polish mmap configure checks
ose: Add ose specific x-compile flags
ose: Updating fd_driver and spawn_driver for OSE
ose: Updating event and signal API for OSE
ose: Cleanup of mutex selection defines
win32: Compile erl_log.exe
ose: Remove uneccesary define
ose: Fix ssl configure test for osx
erts: Fix sys_msg_dispatcher assert
ose: Fix broken doc links
ose: Thread priorities configurable from lmconf
ose: Yielding the cpu is done "the OSE" way
ose: Start using ppdata for tse key
ose: Do not use spinlocks on OSE
ose: Fix support for crypto
...
Conflicts:
lib/crypto/c_src/crypto.c
|
|
To enable it you have to modify the OSESSL variable in the
ose xcomp file.
|
|
This function is needed on OSs that do not automatically
initialize the PRNG seed.
|
|
Symptom: Using an old context (that had already been passed as argument to either
hmac_upgrade or hmac_final) could cause VM crash or worse.
Reason: Only a shallow copy (memcpy) of the context was made causing
a new context to partly mutate its parent context into an inconsistent
state.
Problem: Only OpenSSL v1.0 supports deep copy of hmac context. It is thus
not possible to implement a functional interface for older OpenSSL
versions (0.9.8) which still have wide spread use.
Solution: Change hmac contexts into a mutable state using NIF resources.
Document reuse of old contexts as undefined.
Future: If a need for reusing old context variables arise, a new hmac_copy
function could be introduced that is only supported for OpenSSL v1.0.
|
|
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves.
Selectively enable GF2m curves is support for them is available.
|