aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/c_src
AgeCommit message (Collapse)Author
2017-11-21Merge branch 'sverker/crypto/fix-valgrind-assert' into maintSverker Eriksson
2017-11-10crypto: Remove faulty valgrind assertionSverker Eriksson
2017-11-10crypto: Add privkey_to_pubkey/2 to get the public key from a priv key in an ↵Hans Nilsson
Engine Only RSA and DSA so far.
2017-11-10crypto: Remove unused 'atom_bad_engine'Hans Nilsson
2017-11-10crypto: Update the OTP test engine with pub/priv key storageHans Nilsson
2017-11-10crypto: Enable using pub/priv PKCS8 keys stored in an EngineHans Nilsson
2017-11-10[crypto] Add support for loading an alternative EngineLars Thorsen
Add support to plug in alternative implementations for some or all of the cryptographic operations supported by the OpenSSL Engine API. When configured appropriately, OpenSSL calls the engine's implementation of these operations instead of its own.
2017-11-01Merge branch 'hans/crypto/DH_generate_parameters_deprecated/OTP-14639' into ↵Hans Nilsson
maint
2017-11-01crypto: replaced deprecated DH_generate_parametersHans Nilsson
2017-11-01crypto: Remove returnvalue from void C-fnHans Nilsson
2017-10-04crypto: ifdef of EVP for old cryptolibs (< 1.0.0)Hans Nilsson
2017-10-04crypto: Added pkey_crypt_nif from PR838Hans Nilsson
Testcases for ECDSA and DSA encrypt/decrypt and some other adaptions
2017-07-12crypto: Fix compile errors for make target 'valgrind'Sverker Eriksson
introduced in 03f3ec41f5468413235e3923a542a11cfd631089
2017-07-07crypto: Fix compatibility problems with openssl 1.0.0 cryptolibHans Nilsson
2017-07-07crypto: introduced preproc symbol HAS_EVP_PKEY_CTXHans Nilsson
2017-07-07crypto: pk verify with new function from PR838Hans Nilsson
Same comment as previous commit applies.
2017-07-07crypto: pk sign with new function from PR838Hans Nilsson
The function pkey_verify_nif handles pk signing with a general approach that is enabled by EVP api in OpenSSL 1.0.0 The rejected PR838 introduced that function and lots of other stuff so far neglected. It also made some different rsa padding methods possible (included). Since the crypto code base has changed significantly, it was an overhelming work to try a git merge. Therefore this commit is a manual move of the source code from the PR into current maint. This commit concentrates to use the new function compatible with the old functions. This includes some #if:s for different versions, compatibility code for 0.9.8. Lacking: test cases, exporting the more general erlang api, documentation...
2017-07-07crypto: Made {rsa,dss,ecdsa}_{sign,verify}_nif similar and all with evp apiHans Nilsson
2017-07-07crypto: added a 'macs' entry to proplist in crypto:supports/0Hans Nilsson
2017-06-02Merge pull request #1473 from SalikhovDinislam/static_codeLukas Larsson
Make some C code static
2017-05-29Merge pull request #1462 from Vagabond/adt-fix-aes-cfb128Hans Nilsson
Fix backwards equality check in aes cfb128 function OTP-14435
2017-05-21crypto: Make internal arrays staticSalikhov Dinislam
2017-05-15Fix backwards equality check in aes cfb128 functionAndrew Thompson
2017-05-09Remove duplicate aes_gcm from a list of ciphersDaniil Fedotov
2017-05-04Update copyright yearRaimo Niskanen
2017-04-04Merge branch 'maint'Ingela Anderton Andin
Conflicts: OTP_VERSION erts/vsn.mk lib/crypto/c_src/crypto.c lib/crypto/src/crypto.erl lib/ssh/src/ssh.erl
2017-03-29Fix bug with AES CFB 128Kelly McLaughlin
Fix a bug with the use of the aes_cfb128 cipher by calling the correct underlying openssl interface function when the cipher is specified.
2017-03-29Demonstrate the bug with AES CFB 128 encryptionKelly McLaughlin
Demonstrate a bug with AES CFB 128 for certain key sizes introduced with the Erlang 19.0 release. The code in the block_crypt_nif function in the crypto.c source file incorrectly calls aes_cfb_8_crypt when the specified cipher is aes_cfb8 or aes_cfb128 and the key size is 24 or 32. The aes_cfb_8_crypt function calls the AES_cfb8_encrypt function from the openssl interface, but this is incorrect when the cipher is aes_cfb128. Unfortunately the test cases in the crypto test suite are insufficient to detect an issue like this because it exercises the encryption and decryption roundtrip using the same incorrect underlying function. The problem was observed when trying to update an application to Erlang 19 that attempted to decrypt data that was encrypted using aes_cfb128 by another source. In this commit I altered the crypto test suite to provide a demonstration of this problem.
2017-03-18Restyle crypto strong numeric generatorsGuilherme Andrade
for usage in rand
2017-03-14Support generation of strong random numbersGuilherme Andrade
2017-03-13Merge branch 'wiml/crypto/rsa-generate-key/ERL-165/PR-1299/OTP-14140'Hans Nilsson
2017-03-10Update copyright yearRickard Green
2017-03-09crypto: removed error function from PR and added error handling in crypto.erlHans Nilsson
2017-03-02crypto: Enable usage of LibreSSLHans Nilsson
2017-01-31Merge branch 'maint'Hans Nilsson
Conflicts: lib/crypto/c_src/crypto.c lib/crypto/src/crypto.erl
2017-01-27crypto: Added optional length to paramlist in generate_keyHans Nilsson
2017-01-08Add RSA key generationWim Lewis
Support RSA key generation using generate_key(rsa, {bits, e}). This depends on the currently-experimental "dirty scheduler" support because key generation is a potentially lengthy process.
2016-12-29crypto: algo_ciper was too small after cipher additionsHans Nilsson
2016-12-20crypto: Support chacha20_poly1305Yuki Ito
This commit reactivates chacha20_poly1305 and fixes the imprementation for the released OpenSSL 1.1.0 or later.
2016-12-02Support OpenSSL 1.1.0Björn Gustavsson
2016-12-02crypto.c: Disable broken code for ChaCha and Poly1305Björn Gustavsson
In June 2014, fb9d36c2c7c1 added support for the AES GCM ciphers (ChaCha/Poly1305) based on a development version of OpenSSL 1.1.0. The code is seriously broken when used with the released OpenSSL 1.1.0.
2016-11-04[crypto] Remove depricated functionsLars Thorsen
2016-10-11Merge branch 'legoscia/ssl_in_fips_mode/PR-1180/OTP-13921'Hans Nilsson
Conflicts: lib/crypto/c_src/crypto.c lib/ssl/src/ssl_cipher.erl
2016-10-05Merge branch 'master' into sverker/master/load_nif-print-init-errorSverker Eriksson
2016-10-05crypto: Return source line number from failed load/upgradeSverker Eriksson
Renamed the init function as the return semantics are changed.
2016-10-04Merge branch 'maint'Raimo Niskanen
2016-10-04Merge branch 'RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896' into maintRaimo Niskanen
* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896: disable RC4 in SSL when crypto doesn't support it Fix compilation when OpenSSL doesn't support RC4 Conflicts: lib/crypto/c_src/crypto.c
2016-09-28Rename SSL_DEFINE to SSL_FLAGSMagnus Henoch
For consistency with other applications.
2016-09-28Support using OpenSSL in FIPS modeDániel Szoboszlay
FIPS mode support needs to be enabled at compile time, by configuring Erlang/OTP with --enable-fips option. In FIPS mode the non-FIPS algorithms are disabled and raise error notsup. The supported protocols list is properly updated in FIPS mode to advertise only the enabled protocols. FIPS mode is off by default even if Erlang/OTP was built with FIPS support. It needs to be turned on at runtime. The official approach is to set the fips_mode application environment parameter of the crypto application to true. This would turn FIPS mode on when the NIF is loaded and would prevent loading the module on error. Another method is provided via the crypto:enable_fips_mode/1 function, but it is not recommended to be used in production, as it won't prevent the use of the crypto module in case of an error, and would risk OpenSSL crashing the emulator. It is very useful for test suites however that need to check both validated and non-validated functionality. This commit is based on commit 00b3a04d17a653b4abddeebd6dd8a2c38df532d0.
2016-09-22Fix compilation when OpenSSL doesn't support RC4Andreas Schultz
When OpenSSL has been configured with the "no-rc4" option, the header file rc4.h doesn't exist, and neither does the rc4 functions. Let's handle those by checking whether OPENSSL_NO_RC4 is defined.