Age | Commit message (Collapse) | Author |
|
|
|
Not to be used. Uses not yet released functions in OpenSSL 1.1.1-pre8-dev
|
|
|
|
"curves" in crypto:supports returns list of actually supported ec_curves
|
|
to only suggest missing OpenSSL if dlopen fails (load_failed).
|
|
crypto:dh_generate_parameters and crypto:dh_check
|
|
|
|
|
|
* maint:
crypto: engine_SUITE update
crypto: fix pubkey_to_privkey
|
|
|
|
|
|
|
|
|
|
Engine
Only RSA and DSA so far.
|
|
|
|
|
|
|
|
|
|
Add support to plug in alternative implementations for
some or all of the cryptographic operations supported by
the OpenSSL Engine API.
When configured appropriately, OpenSSL calls the engine's
implementation of these operations instead of its own.
|
|
Rand plugin for cached strong crypto bytes
OTP-13370
|
|
Testcases for ECDSA and DSA encrypt/decrypt and some other adaptions
|
|
|
|
|
|
|
|
|
|
Same comment as previous commit applies.
|
|
The function pkey_verify_nif handles pk signing with a general approach that is enabled by EVP api in OpenSSL 1.0.0
The rejected PR838 introduced that function and lots of other stuff so far neglected. It also made some different rsa padding methods possible (included).
Since the crypto code base has changed significantly, it was an overhelming work to try a git merge. Therefore this commit is a manual move of the source code from the PR into current maint.
This commit concentrates to use the new function compatible with the old functions. This includes some #if:s for different versions, compatibility code for 0.9.8.
Lacking: test cases, exporting the more general erlang api, documentation...
|
|
|
|
|
|
Implement Xoroshiro116+ as 'exrop' with fixes.
Deprecate all old algorithms but reincarnate 'exs1024' as 'exs1024s'
and 'exsplus' as 'exsp' with fixes.
Fixes:
* Avoid skew for uniform integers caused by using a simple 'rem'
operation for range confinement. Correctness requires retry
with new random value for an unfortunate first value.
* Implement a correct algorithm that collects enough random
bits for ranges larger than the generator's precision.
* Fix uniform density for floats by acquiring 53 bits
then multiplying with 2.0^(-53) which produces floats
on the form N * 2.0^(-53).
|
|
* g-andrade/strong-random-numbers/PR-1367/OTP-14317:
Clean up documentation and test cases
Attempt faster approach to strong random floats
Allow for crypto upgrades when using rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
No longer expose strong_rand_(range|float)
Support cryptographically strong rand plugin
Restyle crypto strong numeric generators for usage in rand
Support generation of strong random numbers
|
|
This is a poor man's solution that allows to build and test the
system with all files compiled to native code simply by setting
the ERL_COMPILER_OPTS environment variable. Better solutions,
like automatically setting the no_native option whenever the
compiler sees an on_load attribute, obviously exist but require
more time to implement.
|
|
|
|
|
|
rand module should be used if not cryptographically strong is required.
If cryptographically strong is required, new cryptographically strong
functions should be added to crypto.
|
|
|
|
|
|
for usage in rand
|
|
|
|
|
|
|
|
Conflicts:
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
|
|
|
|
|
|
Fix https://bugs.erlang.org/browse/ERL-336.
|
|
Support RSA key generation using generate_key(rsa, {bits, e}). This depends
on the currently-experimental "dirty scheduler" support because key
generation is a potentially lengthy process.
|
|
|
|
FIPS mode support needs to be enabled at compile time, by configuring
Erlang/OTP with --enable-fips option. In FIPS mode the non-FIPS
algorithms are disabled and raise error notsup.
The supported protocols list is properly updated in FIPS mode to
advertise only the enabled protocols.
FIPS mode is off by default even if Erlang/OTP was built with FIPS
support. It needs to be turned on at runtime.
The official approach is to set the fips_mode application environment
parameter of the crypto application to true. This would turn FIPS mode
on when the NIF is loaded and would prevent loading the module on
error.
Another method is provided via the crypto:enable_fips_mode/1
function, but it is not recommended to be used in production, as it
won't prevent the use of the crypto module in case of an error, and
would risk OpenSSL crashing the emulator. It is very useful for test
suites however that need to check both validated and non-validated
functionality.
This commit is based on commit
00b3a04d17a653b4abddeebd6dd8a2c38df532d0.
|
|
Make all calls to erlang:error/2 specify the actual argument list of
the function. This ensures that the stacktrace contains the correct
arity of the function where the error occurred.
|
|
|