Age | Commit message (Collapse) | Author |
|
|
|
|
|
* sverk/crypto-ec-mem-leak/OTP-11999:
crypto: Fix memory leak of EC "keys" and "points"
crypto: Fix crypto for debug and valgrind
|
|
|
|
without relying on opt-version has been built.
Removed ASSERT to make crypto_callback.debug.so work without
dynamic linking to libcrypto.so.
|
|
* pguyot/fix_srp:
Fix bug in SRP implementation
|
|
sign(dss,) and compute_key(dh,)
|
|
The context was never deallocated.
|
|
SRP didn't work with smaller primes as user secret was improperly
computed.
Formula is: (B - (k * g^x)) ^ (a + (u * x)) % N
Previously, the code computed a + (u * x) % N instead of a + (u * x).
a typically is a 256 bits random number (RFC 5054 says it should be at
least 256 bits), u and x are SHA1 signatures (160 bits). So a + (u * x)
can differ from a + (u * x) % N for N primes smaller than 320 bits.
|
|
This adds the aes_cfb8 cypher type (and associated tests and
documentation) to the crypto module.
|
|
* lukas/ose/master/OTP-11334: (71 commits)
erts: Fix unix efile assert
ose: Use -O2 when building
ose: Expand OSE docs
ose: Add dummy ttsl driver
ose: Cleanup cleanup of mutex selection defines
ose: Polish mmap configure checks
ose: Add ose specific x-compile flags
ose: Updating fd_driver and spawn_driver for OSE
ose: Updating event and signal API for OSE
ose: Cleanup of mutex selection defines
win32: Compile erl_log.exe
ose: Remove uneccesary define
ose: Fix ssl configure test for osx
erts: Fix sys_msg_dispatcher assert
ose: Fix broken doc links
ose: Thread priorities configurable from lmconf
ose: Yielding the cpu is done "the OSE" way
ose: Start using ppdata for tse key
ose: Do not use spinlocks on OSE
ose: Fix support for crypto
...
Conflicts:
lib/crypto/c_src/crypto.c
|
|
To enable it you have to modify the OSESSL variable in the
ose xcomp file.
|
|
This function is needed on OSs that do not automatically
initialize the PRNG seed.
|
|
This port has support for both non-smp and smp.
It contains a new way to do io checking in which erts_poll_wait
receives the payload of the polled entity. This has implications
for all linked-in drivers.
|
|
OTP-11725
* sverk/crypto/nomem-abort:
crypto: Abort VM if out of memory
|
|
Symptom: Using an old context (that had already been passed as argument to either
hmac_upgrade or hmac_final) could cause VM crash or worse.
Reason: Only a shallow copy (memcpy) of the context was made causing
a new context to partly mutate its parent context into an inconsistent
state.
Problem: Only OpenSSL v1.0 supports deep copy of hmac context. It is thus
not possible to implement a functional interface for older OpenSSL
versions (0.9.8) which still have wide spread use.
Solution: Change hmac contexts into a mutable state using NIF resources.
Document reuse of old contexts as undefined.
Future: If a need for reusing old context variables arise, a new hmac_copy
function could be introduced that is only supported for OpenSSL v1.0.
|
|
Nice crash instead of segv or worse.
|
|
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves.
Selectively enable GF2m curves is support for them is available.
|
|
Decouple eliptic curve definition from OpenSSL and define them in
Erlang.
|
|
in mod_pow, mod_exp and generate_key(srp,...)
|
|
strrchr used on non null-terminated string.
|
|
* sverk/yb/aes_ige_crypt:
crypto: Update supports/0 for des3_cbf and aes_ige256
crypto: Throw notsup for AES IGE if openssl older than 0.9.8c
crypto: Add IGE mode for AES
OTP-11522
|
|
|
|
|
|
|
|
crypto.c:2748:9: warning: variable 'bn_prime' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized]
if (!get_bn_from_bin(env, argv[0], &bn_verifier)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto.c:2758:6: note: uninitialized use occurs here
if (bn_prime) BN_free(bn_prime);
^~~~~~~~
crypto.c:2748:9: note: remove the '||' if its condition is always false
if (!get_bn_from_bin(env, argv[0], &bn_verifier)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
Both crypto and asn1 are supported.
|
|
|
|
The resource was not needed as it was never kept between external
crypto calls.
|
|
|
|
enif_open_resource_type() must be called even during repeated loading
of same library. Otherwise the resource type will be deallocated
when the old module instance is purged.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
and remove corresponding specific functions for srp and ecdh
but leave dh_ functions for backward compatibility.
|
|
|
|
and remove curve from the returned tuple.
|
|
|
|
|
|
as well as mpint's for backward compatibility.
|
|
for rsa, dss, and new ecdsa.
No mpint's accepted.
|
|
|
|
Conflicts:
lib/crypto/src/crypto.erl
|
|
Adjust API to better fit in with similar funtions in crypto
|
|
algorithms
add algorithms/0 function that returns a list off compiled in crypto algorithms
and make tests suites with SHA226, SHA256, SHA384 and SHA512 conditional based
on that
|