| Age | Commit message (Collapse) | Author |
|---|
|
* maint:
crypto: Fix bad return/exception for unsupported cipher
crypto: Use aead functions for CHACHA20_POLY1305
|
|
Accidently f11391139c4165e8541a52d45cd1525343a83927 merged by
0a218353e4360e36bac304b6a4e0effe78d95615 changed the
return exception 'notsup' to 'badarg' for unsupported chipher names.
This changes that back.
|
|
This previously implemented cipher is a block cipher despite using chacha.
It also uses the EVP_CIPHER_CTX api which now unifies AES_GCM and AES_CCM
into one pair of encrypt and decrypt functions.
By integrating the existing chacha20_poly1305 code into aead_encrypt and
aead_decrypt we could remove two C-functions and simplify both the C-code
and the corresponding Erlang code in the CRYPTO application.
|
|
* maint:
crypto: Disable problematic RSA options in LibreSSL
|
|
|
|
* maint:
crypto: Fix no_aead test
crypto: Document AES_CCM and fix errors in User's Guide The sizes in the Algorithms chapter for aes_gcm was wrong or incomplete.
crypto: AES_CCM test case
crypto: All aes_ccm vectors (including unused) This directory contains all aes_ccm vectors. However, effort is needed to include them in the test suite so they are left for later.
crypto: Add AES_CCM crypto Will be increase interoperability of future SSL application versions.
crypto: Generalize aes_gcm_(de|en)crypt nifs
|
|
* hans/crypto/aes_ccm/OTP-15286:
crypto: Fix no_aead test
crypto: Document AES_CCM and fix errors in User's Guide The sizes in the Algorithms chapter for aes_gcm was wrong or incomplete.
crypto: AES_CCM test case
crypto: All aes_ccm vectors (including unused) This directory contains all aes_ccm vectors. However, effort is needed to include them in the test suite so they are left for later.
crypto: Add AES_CCM crypto Will be increase interoperability of future SSL application versions.
crypto: Generalize aes_gcm_(de|en)crypt nifs
|
|
* maint:
crypto: Add forgotten #ifdef MAY prevent compilation errors if the symbol is configured to not be defined in an OpenSSL version where it exists by default.
crypto: Change condition for RSA_PKCS1_PSS Trubble on a couple of cross-building machines
crypto: RSA options list disclaimer in documentation for crypto:supports/0 The final appearence of the rs_opts entry is still not completly decided.
crypto: Add 'rsa_opts' to crypto:supports/0 Needed in future versions of the SSL application.
|
|
Will be increase interoperability of future SSL application versions.
|
|
The EVP_CIPHER_CTX interface aims at enabling using the same code for many
ciphers. Since we are going to add aes_ccm which is similar to aes_gcm,
this commit is a preparation.
It creates the aead_(de|en)crypt nifs and removes the old ones.
|
|
MAY prevent compilation errors if the symbol is configured to not be defined in an OpenSSL version where it exists by default.
|
|
Trubble on a couple of cross-building machines
|
|
Needed in future versions of the SSL application.
|
|
* maint:
crypto: sha3_224 and sha3_256 errors fixed
|
|
|
|
|
|
* maint:
crypto: Fix valgrind error
|
|
|
|
* maint:
crypto: Remove 'experimental' comments for ecdh
|
|
* hans/crypto/x25519_x448/OTP-15240:
crypto: Remove 'experimental' comments for ecdh
|
|
|
|
* maint:
crypto: Let otp_test_engine only add what is needed OpenSSL_add_all_algorithms hangs on some test machines
|
|
OpenSSL_add_all_algorithms hangs on some test machines
|
|
* maint:
crypto: doc x25519 & x448
crypto: Test vectors for ecdh x25519 and x448
crypto: Remove the term 'eddh'
crypto: Enable EDDH all OpenSSL cryptolib over beta version 1.1.1-pre8
ssh: Doc updates
ssh: spec curve25519 & curve448
ssh: Fix non-conforming key generation in kex for x25519 and x448
ssh: Enable curve448-sha512 and curve25519-sha256
ssh: Remove the term 'eddh'
crypto: Disable non-working SHA3_224 and SHA3_256
crypto: doc SHA3 (hash & hmac)
crypto: Tests for SHA3
crypto: SHA3 hash on OpenSSL-1.1.1
|
|
* hans/crypto/x25519_x448/OTP-15240:
crypto: doc x25519 & x448
crypto: Test vectors for ecdh x25519 and x448
crypto: Remove the term 'eddh'
crypto: Enable EDDH all OpenSSL cryptolib over beta version 1.1.1-pre8
|
|
* hans/crypto/SHA3/OTP-15153:
crypto: Disable non-working SHA3_224 and SHA3_256
crypto: doc SHA3 (hash & hmac)
crypto: Tests for SHA3
crypto: SHA3 hash on OpenSSL-1.1.1
|
|
* maint:
ssh: Doc updates
ssh: some benchmarking of [email protected]
ssh: -spec
ssh: Add [email protected] cipher
crypto: doc poly1305
crypto: doc chacha20
crypto: Error in test case
crypto: chacha20 test case
crypto: poly1305 test case
crypto: -spec
crypto: chacha20 cipher
crypto: Mac POLY1305 if >=OpenSSL 1.1.1-pre8
|
|
|
|
|
|
|
|
crypto:hash/2,
crypto:hash_init/1, crypto:hash_update/2, crypto:hash_final/1
|
|
|
|
|
|
* maint:
Updated OTP version
Prepare release
Updated the engine load functionality
Clean up bag index tables
|
|
* maint-20:
Updated OTP version
Prepare release
Updated the engine load functionality
Clean up bag index tables
Conflicts:
OTP_VERSION
lib/crypto/c_src/crypto.c
lib/crypto/doc/src/notes.xml
lib/crypto/vsn.mk
lib/mnesia/doc/src/notes.xml
lib/mnesia/vsn.mk
otp_versions.table
|
|
* rickard/crypto-configure/OTP-15129:
Move configuration of crypto to crypto application from erts
|
|
In order to be able to handle runtime library path in crypto
also DED parts was broken out into a macro.
|
|
- engine_load/3/4 can be called multiple times for same engine
if it allows it (eg doesn't contain global data)
- ensure_engine_loaded/2/3 is new functions that guarantees that the engine
is just loaded once by adding it to OpenSSL internal engine list and check that
before loading.
- ensure_engine_unloaded/1/2 is new functions that is used to unload engines loaded with
ensure_engine_loaded (remove it from OpenSSL internal engine list and then unload).
- new utility functions engine_by_id/1, engine_add/1, engine_remove/1,
engine_get_id/1 and engine_get_name/1
|
|
|
|
* hans/crypto/rsa_opts/ERL-675/PR1899/OTP-15212:
crypto: Added tests for rsa opts from PR838
Fixes ERL-675
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
crypto: Fix crash in compute_key(ecdh, ...) on badarg
Relax add_table_copy restriction
Fixed #Ref ordering bug
Test #Ref ordering in lists and ets
Do NOT disc_load from ram_copies when master_node is set
ssl: Make sure that a correct cipher suite is selected
ssl: Correct handling of empty server SNI extension
|
|
When term2point was passed a non-binary argument, `my_ecpoint`
would be left uninitialized and the cleanup code would free a
garbage pointer.
|
|
RSA options rsa_mgf1_md, rsa_oaep_md, and rsa_oaep_label do not work.
PR #838, which reimplemented various parts of the crypto application to use
OpenSSL EVP APIs was merged manually. During the manual merge the macro
define for HAVE_RSA_OAEP_MD was lost. The result being that setting
rsa_mgf1_md and rsa_oaep_md for any other value than sha causes the nif to
return not_sup.
Support for configurable MGF1 digests and OAEP labels is available in
OpenSSL version 1.1.0, a cursory look at libressl does not seem to reveal
support, so it is not added in this PR.
The defective functionality has been returned by defining HAVE_RSA_OAEP_MD
alongside HAVE_CHACHA20_POLY1305, i.e. OpenSSL >= 1.1.0 and NOT libressl.
|
|
|
|
According to valgrind, there is a memory leak. When fixing that there is a core-dump instead.
Since generate_key is the part that is important for the quality of the key we keep the old
compute_key part to avoid memory leakage.
|
|
Re-structure dh_compute_key_nif and dh_generate_key_nif to see variable scoping and alloc/dealloc pairs better
|
|
|
|
Not to be used. Uses not yet released functions in OpenSSL 1.1.1-pre8-dev
|
|
"curves" in crypto:supports returns list of actually supported ec_curves
|
|
|
