Age | Commit message (Collapse) | Author |
|
* cr/md2-With-RSA-Encryption:
Document crypto:sha_mac_96/2 to compute an SHA MAC, not MD5
Support md2WithRSAEncryption certificates in public_key
Support 'md2' hash in crypto:rsa_sign/3 and crypto:rsa_verify/4
OTP-9554
|
|
Also let it throw badarg if 'Hi' is not larger than 'Lo'.
|
|
|
|
|
|
|
|
|
|
* sverker/crypto-aes-ctr-stream/OTP-9275:
Stepping vsn for R14B03
Add true streaming AES (CTR) encryption and streaming HMAC operations
|
|
The current crypto module implementations require all of the data
being encrypted or authenticated to be in memory at one time. When
trying to encrypt or authenticate a large file (on order of GBs),
this is problematic.
The implementation of AES CTR uses the same underlying implementation
as aes_ctr_[en|de]crypt, but hands the state back to the client
after every operation.
The HMAC implementation differs from the previous implementations of
sha_mac and md5_mac. The old implementations did not utilize the
OpenSSL HMAC implementation. In order to ensure that I didn't
implement something incorrectly, I chose to use the OpenSSL HMAC
implementation directly, since it handles streaming as well. This
has the added side benefit of allowing other hash functions to be
used as desired (for instances, I added support for ripemd160
hashing).
While I haven't done this, it seems like the existing md5_mac and
sha_mac functions could either be depricated or redefined in terms
of the new hmac_ functions.
Update AES CTR and HMAC streaming with code review input
Ensure that memcpy operations in hmac operations are being size
checked properly. Rename aes_ctr_XXX_with_state to
aes_ctr_stream_XXX. Remove redundant hmac_init_[sha|md5|ripemd160]
functions. Fix documentation for hmac_final_n.
Fix possible error using negative value as a marker on an unsigned int
Now, use a separate marker and add a unit test to test specifically for
a case where HashLen is larger than the underlying resultant hash.
Revert "Fix possible error using negative value as a marker on an unsigned int"
This reverts commit 59cb177aa96444c0fd3ace6d01f7b8a70dd69cc9.
Resolve buffer overflow posibility on an unsigned int.
Change handling the marker for HashLen to use the fact that a second
parameter that has to be the the HashLen was passed. Also, ensure
that HashLen parameter is positive.
|
|
|
|
|
|
Added some checks in crypto.erl and crypto.c.
Changed ssh_bits to use strong_rand_mpint.
|
|
Also adds documentation and unit tests.
Thanks to Geoff Cant.
|
|
|
|
This change fixes a bunch of small (and a few less small) typos and
other errors in various modules that I've spotted throughout my travels.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
New variants of crypto:dss_sign and crypto:dss_verify with an extra
argument to control how the digest is calculated.
|
|
* au/crypto:
Add missing docs for crypto:md4/1
Add des_ecb_encrypt/2 and des_ecb_decrypt/2 to crypto module
OTP-8551 au/crypto
des_ecb_encrypt/2 and des_ecb_decrypt/2 has been added to the crypto
module. The crypto:md4/1 function has been documented.
|
|
|
|
|
|
|
|
environment after a number of bugs are fixed and some features
are added in the documentation build process.
- The arity calculation is updated.
- The module prefix used in the function names for bif's are
removed in the generated links so the links will look like
http://www.erlang.org/doc/man/erlang.html#append_element-2
instead of
http://www.erlang.org/doc/man/erlang.html#erlang:append_element-2
- Enhanced the menu positioning in the html documentation when a
new page is loaded.
- A number of corrections in the generation of man pages (thanks
to Sergei Golovan)
- Moved some man pages to more apropriate sections, pages in
section 4 moved to 5 and pages in 6 moved to 7.
- The legal notice is taken from the xml book file so OTP's
build process can be used for non OTP applications.
|
|
My previous patch added CFB mode. This patch adds all remaining
Blowfish modes. According to the man page
http://www.fifi.org/cgi-bin/man2html/usr/share/man/man3/blowfish.3ssl.gz
these are available in all versions of OpenSSL.
[ Squashed in elimination of signed/unsigned compiler warnings. /bg ]
|
|
|