| Age | Commit message (Collapse) | Author |
|---|
|
* hans/crypto/rsa_opts/ERL-675/PR1899/OTP-15212:
crypto: Added tests for rsa opts from PR838
Fixes ERL-675
|
|
Just testing to use rsa_pkcs1_oaep_padding, rsa_x931_padding and rsa_sslv23_padding to see that it does not core dum
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
crypto: Fix crash in compute_key(ecdh, ...) on badarg
Relax add_table_copy restriction
Fixed #Ref ordering bug
Test #Ref ordering in lists and ets
Do NOT disc_load from ram_copies when master_node is set
ssl: Make sure that a correct cipher suite is selected
ssl: Correct handling of empty server SNI extension
|
|
When term2point was passed a non-binary argument, `my_ecpoint`
would be left uninitialized and the cleanup code would free a
garbage pointer.
|
|
|
|
Skip the test cases in the engine_SUITE on a specific ssl version
used on one test machine.
|
|
This quadruple is from a failing test when trying to EVP-ify the dh functions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add support to plug in alternative implementations for
some or all of the cryptographic operations supported by
the OpenSSL Engine API.
When configured appropriately, OpenSSL calls the engine's
implementation of these operations instead of its own.
|
|
ECDSA and DSA (DSS) public/private encryption/decryption does not work
|
|
Testcases for ECDSA and DSA encrypt/decrypt and some other adaptions
|
|
|
|
In OpenSSL version >= 1.0.1 the hash algos sha, sha224, sha256, sha384 and sha512 are supported.
In 1.0.0 sha, sha224 and sha256 are supported
In 0.9.8 sha is supported
|
|
|
|
|
|
|
|
|
|
crypto: replace AES test vectors with validation data from NIST CAVP program
OTP-14436
|
|
|
|
It turns out that the excessive memory usage is cause by the
test framework printing all the test vectors into the log output.
A similar proplem was already diagnosed for long_msg/0. The root
cause was not mentioned in the SUITE, but the same fix applies
to the CAPV test vector data.
Switch all CAPV data to lazy evaluation and have the test itself
read the data.
|
|
|
|
|
|
NIST's Cryptographic Algorithm Validation Program provides
validation testing of FIPS-approved and NIST-recommended
cryptographic algorithms.
Instead of hard coding a limited set of test vectors, use
their comprehensive validation set to test AES cipher modes.
|
|
Fix for problem introduced with OTP-14140
|
|
|
|
|
|
for usage in rand
|
|
|
|
If the underlying library is in FIPS mode, it'll refuse to generate
keys shorter than 2048 bits.
|
|
Support RSA key generation using generate_key(rsa, {bits, e}). This depends
on the currently-experimental "dirty scheduler" support because key
generation is a potentially lengthy process.
|
|
This commit reactivates chacha20_poly1305 and fixes the imprementation
for the released OpenSSL 1.1.0 or later.
|
|
|
|
Conflicts:
lib/crypto/c_src/crypto.c
lib/ssl/src/ssl_cipher.erl
|
|
|
|
* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896:
disable RC4 in SSL when crypto doesn't support it
Fix compilation when OpenSSL doesn't support RC4
Conflicts:
lib/crypto/c_src/crypto.c
|
|
In one of the test cases, the IV is 8 bytes. In FIPS mode, the minimum
allowed IV length is 12 bytes, so let's skip that test case.
|
|
block_crypt_nif does some sanity tests on its arguments before trying
to initialise the cipher. This made some of the tests in crypto_SUITE
fail, since they were expecting notsup, not badarg. Fix this by
passing the same test data as for the positive tests.
|
|
Even if Erlang/OTP has been built with --enable-fips, it's possible
that the OpenSSL library we're linked to doesn't support FIPS mode.
In that case, it will fail to enable it at run time. Let's handle
that in crypto_SUITE, by skipping the tests instead of failing.
|
|
Every algorithm is now tested in both FIPS and non-FIPS modes (when
crypto is compiled with FIPS support). In FIPS mode non-FIPS
algorithms are disabled and the tests verify that they crash with
notsup error as expected.
In FIPS mode RSA and EC algorithms don't work if the key sizes are
below a minimum required value - which happened to be the case with
most keys used in the tests. These tests were changed to use longer
keys (even in non-FIPS mode for simplicity).
Conflicts:
lib/crypto/test/crypto_SUITE.erl
|
|
When OpenSSL has been configured with the "no-rc4" option, the header
file rc4.h doesn't exist, and neither does the rc4 functions.
Let's handle those by checking whether OPENSSL_NO_RC4 is defined.
|
|
When OpenSSL has been configured with the "no-rc2" option, the header
file rc2.h doesn't exist, and neither does the function EVP_rc2_cbc.
Let's handle those by checking whether OPENSSL_NO_RC2 is defined.
Also update pbe_SUITE, which uses RC2-CBC in one of the tests.
|
|
|
|
|
|
Also correct algo_cipher[] size since it was one to small.
|
