Age | Commit message (Collapse) | Author |
|
|
|
|
|
* ia/ssl/tls1.1and1.2: (46 commits)
ssl: Clean up of code thanks to dialyzer
ssl: Test suite adjustments
ssl & public_key: Prepare for release
ssl: Use crypto:strong_rand_bytes if possible
ssl & public_key: Add use of more "sha-rsa oids"
ssl: Fix inet header option to behave as in inet
ssl: TLS 1.2: fix hash and signature handling
ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash combinations
ssl: Add Signature Algorithms hello extension from TLS 1.2
ssl: Fix rizzo tests to run as intended
ssl: TLS-1.1 and TLS-1.2 support should not be default until R16
ssl: Signture type bug
ssl: Add crypto support check (TLS 1.2 require sha256 support)
ssl: Dialyzer fixes
ssl: IDEA cipher is deprecated by TLS 1.2
ssl: Run relevant tests for all SSL/TLS versions
ssl: Add TLS version switches to openssl tests
ssl: Enable TLS 1.2
ssl: Enable mac_hash for TLS 1.2
ssl: Implement TLS 1.2 signature support
...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Replace _hash functions with {digest,_} argument
to existing sign/verify functions.
|
|
|
|
Remove the need for padding up to 16-byte multiple.
|
|
OTP-10106
OTP-10107
|
|
by using extra redundant information as part of the key
that will speed things up for OpenSSL.
Affects rsa_sign, rsa_private_encrypt and rsa_private_decrypt.
|
|
crypto only uses libcrypto.
Superfluous dependency introduced in R14B04 by 52230a417ad0057.
|
|
|
|
No test and doc
|
|
|
|
* pg/des-cfb-functions:
[crypto] Remove swedish characters from test code
[crypto] Add DES and Triple DES cipher feedback (CFB) mode functions
OTP-9640
|
|
|
|
|
|
This reverts commit 82897cc8f399fab832148711b586215c9a3f7af1.
|
|
Conflicts:
erts/aclocal.m4
erts/include/internal/ethread_header_config.h.in
|
|
* cr/md2-With-RSA-Encryption:
Document crypto:sha_mac_96/2 to compute an SHA MAC, not MD5
Support md2WithRSAEncryption certificates in public_key
Support 'md2' hash in crypto:rsa_sign/3 and crypto:rsa_verify/4
OTP-9554
|
|
|
|
|
|
|
|
Create directories first, not within implicit rules. If two
'install' instances runs at the same time attempting to create
a directory, one of them may fail with an "File exists" error.
I tried to use order-only prerequisites to create the directories,
but run into two problems: First, order-only prerequisites are
only implemented in Make 3.80 and later. Second, on a computer
running Solaris/Intel 2.8 (with Make 3.80), order-only prerequisites
seemed to work like ordinary prerequisites, causing targets to
be re-built if the timestamp for the directory changed.
Therefore, using a shell command to run mkdir seems to be the
more portable solution.
|
|
|
|
* sverker/crypto-aes-ctr-stream/OTP-9275:
Stepping vsn for R14B03
Add true streaming AES (CTR) encryption and streaming HMAC operations
|
|
The current crypto module implementations require all of the data
being encrypted or authenticated to be in memory at one time. When
trying to encrypt or authenticate a large file (on order of GBs),
this is problematic.
The implementation of AES CTR uses the same underlying implementation
as aes_ctr_[en|de]crypt, but hands the state back to the client
after every operation.
The HMAC implementation differs from the previous implementations of
sha_mac and md5_mac. The old implementations did not utilize the
OpenSSL HMAC implementation. In order to ensure that I didn't
implement something incorrectly, I chose to use the OpenSSL HMAC
implementation directly, since it handles streaming as well. This
has the added side benefit of allowing other hash functions to be
used as desired (for instances, I added support for ripemd160
hashing).
While I haven't done this, it seems like the existing md5_mac and
sha_mac functions could either be depricated or redefined in terms
of the new hmac_ functions.
Update AES CTR and HMAC streaming with code review input
Ensure that memcpy operations in hmac operations are being size
checked properly. Rename aes_ctr_XXX_with_state to
aes_ctr_stream_XXX. Remove redundant hmac_init_[sha|md5|ripemd160]
functions. Fix documentation for hmac_final_n.
Fix possible error using negative value as a marker on an unsigned int
Now, use a separate marker and add a unit test to test specifically for
a case where HashLen is larger than the underlying resultant hash.
Revert "Fix possible error using negative value as a marker on an unsigned int"
This reverts commit 59cb177aa96444c0fd3ace6d01f7b8a70dd69cc9.
Resolve buffer overflow posibility on an unsigned int.
Change handling the marker for HashLen to use the fact that a second
parameter that has to be the the HashLen was passed. Also, ensure
that HashLen parameter is positive.
|
|
|
|
Added some checks in crypto.erl and crypto.c.
Changed ssh_bits to use strong_rand_mpint.
|
|
Also adds documentation and unit tests.
Thanks to Geoff Cant.
|
|
|
|
|
|
|
|
|
|
The NIF library for crypto can now be built for valgrind
and/or debug as separate NIF libraries that will be
automatically loaded if the runtime system has been built
with a matching build type.
|
|
|
|
|
|
New variants of crypto:dss_sign and crypto:dss_verify with an extra
argument to control how the digest is calculated.
|
|
New NIF features:
Send messages from a NIF, or from thread created by NIF, to any local
process (enif_send)
Store terms between NIF calls (enif_alloc_env, enif_make_copy)
Create binary terms with user defined memory management
(enif_make_resource_binary)
|
|
crypto application changed to use NIFs instead of driver.
|
|
* au/crypto:
Add missing docs for crypto:md4/1
Add des_ecb_encrypt/2 and des_ecb_decrypt/2 to crypto module
OTP-8551 au/crypto
des_ecb_encrypt/2 and des_ecb_decrypt/2 has been added to the crypto
module. The crypto:md4/1 function has been documented.
|
|
|
|
* kr/crypto_makefile:
Fix Makefile permission problem of crypto library on FreeBSD Erlang/OTP building
|
|
This patch changes INSTALL_PROGRAM to INSTALL_DATA for the Makefile at
lib/crypto/priv/obj, which discontinues the building procedure of Erlang/OTP
on FreeBSD. Originally posted by Giacomo Olgeni as a part of FreeBSD port
patch files.
See
http://www.erlang.org/cgi-bin/ezmlm-cgi?3:mss:335:200811:hijljjocpmpkhgkhfkdl
for the detailed analysis.
|
|
improvements.
Most notable:
Lots of cross compilation improvements. The old cross compilation
support was more or less non-existing as well as broken. Please,
note that the cross compilation support should still be
considered as experimental. Also note that old cross compilation
configurations cannot be used without modifications. For more
information on cross compiling Erlang/OTP see the
$ERL_TOP/xcomp/README file.
Support for staged install using <url
href="http://www.gnu.org/prep/standards/html_node/DESTDIR.html">D
ESTDIR</url>. The old broken INSTALL_PREFIX has also been fixed.
For more information see the $ERL_TOP/README file.
Documentation of the release target of the top Makefile. For more
information see the $ERL_TOP/README file.
make install now by default creates relative symbolic links
instead of absolute ones. For more information see the
$ERL_TOP/README file.
$ERL_TOP/configure --help=recursive now works and prints help for
all applications with configure scripts.
Doing make install, or make release directly after make all no
longer triggers miscellaneous rebuilds.
Existing bootstrap system is now used when doing make install, or
make release without a preceding make all.
The crypto and ssl applications use the same runtime library path
when dynamically linking against libssl.so and libcrypto.so. The
runtime library search path has also been extended.
The configure scripts of erl_interface and odbc now search for
thread libraries and thread library quirks the same way as erts
do.
The configure script of the odbc application now also looks for
odbc libraries in lib64 and lib/64 directories when building on a
64-bit system.
The config.h.in file in the erl_interface application is now
automatically generated in instead of statically updated which
reduces the risk of configure tests without any effect.
|
|
My previous patch added CFB mode. This patch adds all remaining
Blowfish modes. According to the man page
http://www.fifi.org/cgi-bin/man2html/usr/share/man/man3/blowfish.3ssl.gz
these are available in all versions of OpenSSL.
[ Squashed in elimination of signed/unsigned compiler warnings. /bg ]
|