| Age | Commit message (Collapse) | Author |
|---|
|
* maint:
ssh: Doc updates
ssh: some benchmarking of [email protected]
ssh: -spec
ssh: Add [email protected] cipher
crypto: doc poly1305
crypto: doc chacha20
crypto: Error in test case
crypto: chacha20 test case
crypto: poly1305 test case
crypto: -spec
crypto: chacha20 cipher
crypto: Mac POLY1305 if >=OpenSSL 1.1.1-pre8
|
|
|
|
|
|
* maint:
Updated OTP version
Prepare release
Updated the engine load functionality
Clean up bag index tables
|
|
* maint-20:
Updated OTP version
Prepare release
Updated the engine load functionality
Clean up bag index tables
Conflicts:
OTP_VERSION
lib/crypto/c_src/crypto.c
lib/crypto/doc/src/notes.xml
lib/crypto/vsn.mk
lib/mnesia/doc/src/notes.xml
lib/mnesia/vsn.mk
otp_versions.table
|
|
* rickard/crypto-configure/OTP-15129:
Move configuration of crypto to crypto application from erts
|
|
In order to be able to handle runtime library path in crypto
also DED parts was broken out into a macro.
|
|
- engine_load/3/4 can be called multiple times for same engine
if it allows it (eg doesn't contain global data)
- ensure_engine_loaded/2/3 is new functions that guarantees that the engine
is just loaded once by adding it to OpenSSL internal engine list and check that
before loading.
- ensure_engine_unloaded/1/2 is new functions that is used to unload engines loaded with
ensure_engine_loaded (remove it from OpenSSL internal engine list and then unload).
- new utility functions engine_by_id/1, engine_add/1, engine_remove/1,
engine_get_id/1 and engine_get_name/1
|
|
|
|
* hans/crypto/rsa_opts/ERL-675/PR1899/OTP-15212:
crypto: Added tests for rsa opts from PR838
Fixes ERL-675
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
crypto: Fix crash in compute_key(ecdh, ...) on badarg
Relax add_table_copy restriction
Fixed #Ref ordering bug
Test #Ref ordering in lists and ets
Do NOT disc_load from ram_copies when master_node is set
ssl: Make sure that a correct cipher suite is selected
ssl: Correct handling of empty server SNI extension
|
|
When term2point was passed a non-binary argument, `my_ecpoint`
would be left uninitialized and the cleanup code would free a
garbage pointer.
|
|
RSA options rsa_mgf1_md, rsa_oaep_md, and rsa_oaep_label do not work.
PR #838, which reimplemented various parts of the crypto application to use
OpenSSL EVP APIs was merged manually. During the manual merge the macro
define for HAVE_RSA_OAEP_MD was lost. The result being that setting
rsa_mgf1_md and rsa_oaep_md for any other value than sha causes the nif to
return not_sup.
Support for configurable MGF1 digests and OAEP labels is available in
OpenSSL version 1.1.0, a cursory look at libressl does not seem to reveal
support, so it is not added in this PR.
The defective functionality has been returned by defining HAVE_RSA_OAEP_MD
alongside HAVE_CHACHA20_POLY1305, i.e. OpenSSL >= 1.1.0 and NOT libressl.
|
|
|
|
According to valgrind, there is a memory leak. When fixing that there is a core-dump instead.
Since generate_key is the part that is important for the quality of the key we keep the old
compute_key part to avoid memory leakage.
|
|
Re-structure dh_compute_key_nif and dh_generate_key_nif to see variable scoping and alloc/dealloc pairs better
|
|
|
|
Not to be used. Uses not yet released functions in OpenSSL 1.1.1-pre8-dev
|
|
"curves" in crypto:supports returns list of actually supported ec_curves
|
|
|
|
* sverker/crypto-upgrade-bug/OTP-15088:
crypto: Robustify the do-once-initialization
crypto: Fix upgrade bug when engine support is missing
|
|
Introduce boolean 'library_initialized' that is set once
and never cleared as that is how initialization must be done.
Kept 'library_refc' as it may be interesting for debugging.
Moved the three init_*_types() functions last as those must
only be called once and there were error cases bailing out after them.
|
|
library_refc was not checked causing crash
when init_digest_types() was called a second time.
|
|
* maint:
Updated OTP version
Prepare release
ssh: Renegotiation -> renegotiate
ssh: Fix DH group exchange server bug for PuTTY and others following draft-draft-00 from 2001 and not the rfc4419
crypto: get_engine_load_cmd_list excluded if no engine support
crypto: Fix compilation for LibreSSL 2.7.x
crypto: Disable test_engine if engine is disabled
crypto: disable engine if OPENSSL_NO_EC* is set If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
Conflicts:
OTP_VERSION
|
|
* hans/crypto/OPENSSL_NO_EC/OTP-15073:
crypto: Disable test_engine if engine is disabled
crypto: disable engine if OPENSSL_NO_EC* is set If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
|
|
|
|
|
|
|
|
If that flag is set, and openssl/engine.h is included, there will be an erro further down in files included by engine.h
|
|
|
|
crypto:dh_generate_parameters and crypto:dh_check
|
|
Not supported in newer LibreSSL.
|
|
|
|
|
|
Fix memory leak in engine load code found by valgrind.
|
|
|
|
|
|
|
|
|
|
|
|
Engine
Only RSA and DSA so far.
|
|
|
|
|
|
|
|
Add support to plug in alternative implementations for
some or all of the cryptographic operations supported by
the OpenSSL Engine API.
When configured appropriately, OpenSSL calls the engine's
implementation of these operations instead of its own.
|
|
maint
|
|
|
|
|
|
|
|
Testcases for ECDSA and DSA encrypt/decrypt and some other adaptions
|
