Age | Commit message (Collapse) | Author |
|
|
|
* hans/crypto/SHA3/OTP-15153:
crypto: Disable non-working SHA3_224 and SHA3_256
crypto: doc SHA3 (hash & hmac)
crypto: Tests for SHA3
crypto: SHA3 hash on OpenSSL-1.1.1
|
|
|
|
|
|
|
|
|
|
* maint-20:
Updated OTP version
Prepare release
Updated the engine load functionality
Clean up bag index tables
Conflicts:
OTP_VERSION
lib/crypto/c_src/crypto.c
lib/crypto/doc/src/notes.xml
lib/crypto/vsn.mk
lib/mnesia/doc/src/notes.xml
lib/mnesia/vsn.mk
otp_versions.table
|
|
- engine_load/3/4 can be called multiple times for same engine
if it allows it (eg doesn't contain global data)
- ensure_engine_loaded/2/3 is new functions that guarantees that the engine
is just loaded once by adding it to OpenSSL internal engine list and check that
before loading.
- ensure_engine_unloaded/1/2 is new functions that is used to unload engines loaded with
ensure_engine_loaded (remove it from OpenSSL internal engine list and then unload).
- new utility functions engine_by_id/1, engine_add/1, engine_remove/1,
engine_get_id/1 and engine_get_name/1
|
|
|
|
|
|
Not to be used. Uses not yet released functions in OpenSSL 1.1.1-pre8-dev
|
|
|
|
"curves" in crypto:supports returns list of actually supported ec_curves
|
|
to only suggest missing OpenSSL if dlopen fails (load_failed).
|
|
crypto:dh_generate_parameters and crypto:dh_check
|
|
|
|
|
|
* maint:
crypto: engine_SUITE update
crypto: fix pubkey_to_privkey
|
|
|
|
|
|
|
|
|
|
Engine
Only RSA and DSA so far.
|
|
|
|
|
|
|
|
|
|
Add support to plug in alternative implementations for
some or all of the cryptographic operations supported by
the OpenSSL Engine API.
When configured appropriately, OpenSSL calls the engine's
implementation of these operations instead of its own.
|
|
Rand plugin for cached strong crypto bytes
OTP-13370
|
|
Testcases for ECDSA and DSA encrypt/decrypt and some other adaptions
|
|
|
|
|
|
|
|
|
|
Same comment as previous commit applies.
|
|
The function pkey_verify_nif handles pk signing with a general approach that is enabled by EVP api in OpenSSL 1.0.0
The rejected PR838 introduced that function and lots of other stuff so far neglected. It also made some different rsa padding methods possible (included).
Since the crypto code base has changed significantly, it was an overhelming work to try a git merge. Therefore this commit is a manual move of the source code from the PR into current maint.
This commit concentrates to use the new function compatible with the old functions. This includes some #if:s for different versions, compatibility code for 0.9.8.
Lacking: test cases, exporting the more general erlang api, documentation...
|
|
|
|
|
|
Implement Xoroshiro116+ as 'exrop' with fixes.
Deprecate all old algorithms but reincarnate 'exs1024' as 'exs1024s'
and 'exsplus' as 'exsp' with fixes.
Fixes:
* Avoid skew for uniform integers caused by using a simple 'rem'
operation for range confinement. Correctness requires retry
with new random value for an unfortunate first value.
* Implement a correct algorithm that collects enough random
bits for ranges larger than the generator's precision.
* Fix uniform density for floats by acquiring 53 bits
then multiplying with 2.0^(-53) which produces floats
on the form N * 2.0^(-53).
|
|
* g-andrade/strong-random-numbers/PR-1367/OTP-14317:
Clean up documentation and test cases
Attempt faster approach to strong random floats
Allow for crypto upgrades when using rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
fixup! Support cryptographically strong rand plugin
No longer expose strong_rand_(range|float)
Support cryptographically strong rand plugin
Restyle crypto strong numeric generators for usage in rand
Support generation of strong random numbers
|
|
This is a poor man's solution that allows to build and test the
system with all files compiled to native code simply by setting
the ERL_COMPILER_OPTS environment variable. Better solutions,
like automatically setting the no_native option whenever the
compiler sees an on_load attribute, obviously exist but require
more time to implement.
|
|
|
|
|
|
rand module should be used if not cryptographically strong is required.
If cryptographically strong is required, new cryptographically strong
functions should be added to crypto.
|
|
|
|
|
|
for usage in rand
|
|
|
|
|
|
|