Age | Commit message (Collapse) | Author |
|
SRP didn't work with smaller primes as user secret was improperly
computed.
Formula is: (B - (k * g^x)) ^ (a + (u * x)) % N
Previously, the code computed a + (u * x) % N instead of a + (u * x).
a typically is a 256 bits random number (RFC 5054 says it should be at
least 256 bits), u and x are SHA1 signatures (160 bits). So a + (u * x)
can differ from a + (u * x) % N for N primes smaller than 320 bits.
|
|
This adds the aes_cfb8 cypher type (and associated tests and
documentation) to the crypto module.
|
|
* lukas/ose/master/OTP-11334: (71 commits)
erts: Fix unix efile assert
ose: Use -O2 when building
ose: Expand OSE docs
ose: Add dummy ttsl driver
ose: Cleanup cleanup of mutex selection defines
ose: Polish mmap configure checks
ose: Add ose specific x-compile flags
ose: Updating fd_driver and spawn_driver for OSE
ose: Updating event and signal API for OSE
ose: Cleanup of mutex selection defines
win32: Compile erl_log.exe
ose: Remove uneccesary define
ose: Fix ssl configure test for osx
erts: Fix sys_msg_dispatcher assert
ose: Fix broken doc links
ose: Thread priorities configurable from lmconf
ose: Yielding the cpu is done "the OSE" way
ose: Start using ppdata for tse key
ose: Do not use spinlocks on OSE
ose: Fix support for crypto
...
Conflicts:
lib/crypto/c_src/crypto.c
|
|
To enable it you have to modify the OSESSL variable in the
ose xcomp file.
|
|
This function is needed on OSs that do not automatically
initialize the PRNG seed.
|
|
This port has support for both non-smp and smp.
It contains a new way to do io checking in which erts_poll_wait
receives the payload of the polled entity. This has implications
for all linked-in drivers.
|
|
OTP-11725
* sverk/crypto/nomem-abort:
crypto: Abort VM if out of memory
|
|
Symptom: Using an old context (that had already been passed as argument to either
hmac_upgrade or hmac_final) could cause VM crash or worse.
Reason: Only a shallow copy (memcpy) of the context was made causing
a new context to partly mutate its parent context into an inconsistent
state.
Problem: Only OpenSSL v1.0 supports deep copy of hmac context. It is thus
not possible to implement a functional interface for older OpenSSL
versions (0.9.8) which still have wide spread use.
Solution: Change hmac contexts into a mutable state using NIF resources.
Document reuse of old contexts as undefined.
Future: If a need for reusing old context variables arise, a new hmac_copy
function could be introduced that is only supported for OpenSSL v1.0.
|
|
Nice crash instead of segv or worse.
|
|
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves.
Selectively enable GF2m curves is support for them is available.
|
|
Decouple eliptic curve definition from OpenSSL and define them in
Erlang.
|
|
in mod_pow, mod_exp and generate_key(srp,...)
|
|
strrchr used on non null-terminated string.
|
|
* sverk/yb/aes_ige_crypt:
crypto: Update supports/0 for des3_cbf and aes_ige256
crypto: Throw notsup for AES IGE if openssl older than 0.9.8c
crypto: Add IGE mode for AES
OTP-11522
|
|
|
|
|
|
|
|
crypto.c:2748:9: warning: variable 'bn_prime' is used uninitialized whenever '||' condition is true [-Wsometimes-uninitialized]
if (!get_bn_from_bin(env, argv[0], &bn_verifier)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto.c:2758:6: note: uninitialized use occurs here
if (bn_prime) BN_free(bn_prime);
^~~~~~~~
crypto.c:2748:9: note: remove the '||' if its condition is always false
if (!get_bn_from_bin(env, argv[0], &bn_verifier)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
Both crypto and asn1 are supported.
|
|
|
|
The resource was not needed as it was never kept between external
crypto calls.
|
|
|
|
enif_open_resource_type() must be called even during repeated loading
of same library. Otherwise the resource type will be deallocated
when the old module instance is purged.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
and remove corresponding specific functions for srp and ecdh
but leave dh_ functions for backward compatibility.
|
|
|
|
and remove curve from the returned tuple.
|
|
|
|
|
|
as well as mpint's for backward compatibility.
|
|
for rsa, dss, and new ecdsa.
No mpint's accepted.
|
|
|
|
Conflicts:
lib/crypto/src/crypto.erl
|
|
Adjust API to better fit in with similar funtions in crypto
|
|
algorithms
add algorithms/0 function that returns a list off compiled in crypto algorithms
and make tests suites with SHA226, SHA256, SHA384 and SHA512 conditional based
on that
|
|
|
|
As a preparation for the new mod_exp_prime and in the quest to reduce
to use of the old mpint format.
|
|
* nox/enable-silent-rules/OTP-10726:
Implement ./otp_build configure --enable-silent-rules
|
|
With silent rules, the output of make is less verbose and compilation
warnings are easier to spot. Silent rules are disabled by default and
can be disabled or enabled at will by make V=0 and make V=1.
|
|
A couple of #defines were missed in my previous patch.
|
|
add ripemd160 message digest support to the crypto app,
includes some test cases.
|
|
|
|
An attempt to enable the use of openssl 0.9.7
|