Age | Commit message (Collapse) | Author |
|
|
|
Not to be used. Uses not yet released functions in OpenSSL 1.1.1-pre8-dev
|
|
"curves" in crypto:supports returns list of actually supported ec_curves
|
|
|
|
* sverker/crypto-upgrade-bug/OTP-15088:
crypto: Robustify the do-once-initialization
crypto: Fix upgrade bug when engine support is missing
|
|
Introduce boolean 'library_initialized' that is set once
and never cleared as that is how initialization must be done.
Kept 'library_refc' as it may be interesting for debugging.
Moved the three init_*_types() functions last as those must
only be called once and there were error cases bailing out after them.
|
|
library_refc was not checked causing crash
when init_digest_types() was called a second time.
|
|
* maint:
Updated OTP version
Prepare release
ssh: Renegotiation -> renegotiate
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
crypto: get_engine_load_cmd_list excluded if no engine support
crypto: Fix compilation for LibreSSL 2.7.x
crypto: Disable test_engine if engine is disabled
crypto: disable engine if OPENSSL_NO_EC* is set If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
Conflicts:
OTP_VERSION
|
|
* hans/crypto/OPENSSL_NO_EC/OTP-15073:
crypto: Disable test_engine if engine is disabled
crypto: disable engine if OPENSSL_NO_EC* is set If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
|
|
|
|
|
|
|
|
If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
|
|
|
|
crypto:dh_generate_parameters and crypto:dh_check
|
|
Not supported in newer LibreSSL.
|
|
|
|
|
|
Fix memory leak in engine load code found by valgrind.
|
|
|
|
|
|
|
|
|
|
|
|
Engine
Only RSA and DSA so far.
|
|
|
|
|
|
|
|
Add support to plug in alternative implementations for
some or all of the cryptographic operations supported by
the OpenSSL Engine API.
When configured appropriately, OpenSSL calls the engine's
implementation of these operations instead of its own.
|
|
maint
|
|
|
|
|
|
|
|
Testcases for ECDSA and DSA encrypt/decrypt and some other adaptions
|
|
introduced in 03f3ec41f5468413235e3923a542a11cfd631089
|
|
|
|
|
|
Same comment as previous commit applies.
|
|
The function pkey_verify_nif handles pk signing with a general approach that is enabled by EVP api in OpenSSL 1.0.0
The rejected PR838 introduced that function and lots of other stuff so far neglected. It also made some different rsa padding methods possible (included).
Since the crypto code base has changed significantly, it was an overhelming work to try a git merge. Therefore this commit is a manual move of the source code from the PR into current maint.
This commit concentrates to use the new function compatible with the old functions. This includes some #if:s for different versions, compatibility code for 0.9.8.
Lacking: test cases, exporting the more general erlang api, documentation...
|
|
|
|
|
|
Make some C code static
|
|
Fix backwards equality check in aes cfb128 function
OTP-14435
|
|
|
|
|
|
|
|
|
|
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
lib/ssh/src/ssh.erl
|
|
Fix a bug with the use of the aes_cfb128 cipher by calling the correct
underlying openssl interface function when the cipher is specified.
|
|
Demonstrate a bug with AES CFB 128 for certain key sizes introduced
with the Erlang 19.0 release. The code in the block_crypt_nif function
in the crypto.c source file incorrectly calls aes_cfb_8_crypt when the
specified cipher is aes_cfb8 or aes_cfb128 and the key size is 24 or
32. The aes_cfb_8_crypt function calls the AES_cfb8_encrypt function
from the openssl interface, but this is incorrect when the cipher is
aes_cfb128.
Unfortunately the test cases in the crypto test suite are insufficient
to detect an issue like this because it exercises the encryption and
decryption roundtrip using the same incorrect underlying function. The
problem was observed when trying to update an application to Erlang 19
that attempted to decrypt data that was encrypted using aes_cfb128 by
another source. In this commit I altered the crypto test suite to
provide a demonstration of this problem.
|